feat: move from terraform to opentofu. hashicorp sucks

.gitignore

@@ -10,3 +10,5 @@ data/
 .terraform.lock.hcl
 .idea/
 __pycache__/
+tf/terraform.tfvars
+tf/terraform.tfstate.backup

shells/repo.nix

@@ -8,6 +8,7 @@ with pkgs; let
   git-hooks = systemless-git-hooks pkgs.system;
   repoShell = mkShell {
     nativeBuildInputs = [
+      opentofu
       nf-build-system
       nf-update
       pkgs.lix

tf/.envrc

@@ -1,2 +1,2 @@
-sops -d ./tf.tfvars.sops > tf.tfvars
+sops -d ./terraform.tfvars.sops > terraform.tfvars
-export TF_CLI_ARGS="--var-file=tf.tfvars"
+use flake

tf/oci_servers/common.tf

@@ -4,13 +4,13 @@ locals {
     micro : "VM.Standard.E2.1.Micro",
   }
 
-  availability_domain_micro = one(
+  /*availability_domain_micro = one(
     [
       for m in data.oci_core_shapes.this :
       m.availability_domain
       if contains(m.shapes[*].name, local.shapes.micro)
     ]
-  )
+  )*/
 }
 
 variable "tenancy_ocid" {
@@ -29,6 +29,7 @@ variable "subnet_id" {
   type = any
 }
 
+/*
 data "oci_identity_availability_domains" "this" {
   compartment_id = var.tenancy_ocid
 }
@@ -40,3 +41,4 @@ data "oci_core_shapes" "this" {
 
   availability_domain = each.key
 }
+*/

tf/oci_servers/flex.tf

@@ -23,7 +23,7 @@ locals {
 }
 
 resource "oci_core_instance" "that" {
-  availability_domain = data.oci_identity_availability_domains.this.availability_domains.0.name
+  availability_domain = "dBWL:CA-TORONTO-1-AD-1" #data.oci_identity_availability_domains.this.availability_domains.0.name
   compartment_id      = var.tenancy_ocid
   shape               = local.shapes.flex
 
@@ -65,7 +65,10 @@ resource "oci_core_instance" "that" {
   }
 
   lifecycle {
-    ignore_changes = [source_details.0.source_id]
+    ignore_changes = [
+      metadata,
+      source_details.0.source_id
+    ]
   }
 }
 

tf/oci_servers/micro.tf

@@ -27,7 +27,7 @@ variable "micro_display_names" {
 resource "oci_core_instance" "this" {
   count = 2
 
-  availability_domain = local.availability_domain_micro
+  availability_domain = "dBWL:CA-TORONTO-1-AD-1"
   compartment_id      = var.tenancy_ocid
   shape               = local.shapes.micro
 
@@ -64,7 +64,10 @@ resource "oci_core_instance" "this" {
   }
 
   lifecycle {
-    ignore_changes = [source_details.0.source_id]
+    ignore_changes = [
+      metadata,
+      source_details.0.source_id
+    ]
   }
 }
 

tf/terraform.tf

@@ -1,3 +1,7 @@
+variable "passphrase" {
+  sensitive = true
+}
+
 terraform {
   required_providers {
     # Vendor: Hashicorp
@@ -23,28 +27,23 @@ terraform {
       version = "4.4.0"
     }
   }
+  encryption {
+    method "unencrypted" "migrate" {}
 
-  /*
+    key_provider "pbkdf2" "kw" {
-  # Settings for local applies
+      passphrase = var.passphrase
-  backend "remote" {
+    }
-    hostname = "app.terraform.io"
+
-    organization = "kittywitch"
+    method "aes_gcm" "kw" {
-    workspaces {
+      keys = key_provider.pbkdf2.kw
-      name = "nixfiles"
+    }
+
+    state {
+      method = method.aes_gcm.kw
+
+      fallback {
+        method = method.unencrypted.migrate
+      }
     }
   }
-  */
-
-  #/*
-  # Settings for remote applies
-  cloud {
-    organization = "kittywitch"
-    ## Required for Terraform Enterprise; Defaults to app.terraform.io for Terraform Cloud
-    hostname = "app.terraform.io"
-
-    workspaces {
-      name = "nixfiles"
-    }
-  }
-  #*/
 }