feat: deploy terraform managed server to hcloud using deploy-rs

Author: justinrubek

.gitignore

@@ -1,5 +1,3 @@
-result
-.direnv
 doc/index.html
 
 # Result of bud commands
@@ -9,5 +7,13 @@ doi
 
 pkgs/_sources/.shake*
 
-# pre-commit-hooks.nix
-/.pre-commit-config.yaml
+result
+result*
+.direnv
+.pre-commit-config.yaml
+**/.terraform
+content*.tar.gz
+create_config_version.json
+generated_config.tf.json
+
+.env

deploy/default.nix

@@ -8,7 +8,7 @@ in {
   flake.deploy = {
     nodes = {
       bunky = {
-        hostname = "5.78.53.16";
+        hostname = "5.78.50.232";
         profiles.system = {
           sshUser = "admin";
           path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.bunky;

flake-parts/terraform.nix

@@ -47,10 +47,14 @@
         pushd $(git rev-parse --show-toplevel)
 
         # determine the path to the configuration
-        configurationPath=$(cat ${self'.packages.terraformConfigurationMatrix}/terraform-configuration-matrix.json | ${jq} -r '.configurations[] | select(.name == "'$configurationName'" ) | .path')
+        export configurationPath=$(cat ${self'.packages.terraformConfigurationMatrix}/terraform-configuration-matrix.json | ${jq} -r '.configurations[] | select(.name == "'$configurationName'" ) | .path')
 
         # copy the generated terraform configuration to the configuration path
+        config_file_path="$configurationPath/config.tf.json"
+        echo $config_file_path
         cp "$configurationPath/config.tf.json" ./terraform/configurations/$configurationName/config.tf.json
+        # make it writable since it is read-only in the nix store
+        chmod +w ./terraform/configurations/$configurationName/config.tf.json
 
         # execute the terraform command
         ${terraform-cli} -chdir=./terraform/configurations/$configurationName "$@"

packer/hetzner/main.pkr.hcl

@@ -4,23 +4,21 @@ variable "hcloud-token" {
     sensitive = true
 }
 
-variable "name" {
-}
-
 locals {
     build-id = "${uuidv4()}"
     build-labels = {
-        "name" = var.name
+        "name" = local.name
         "packer.io.build.time" = "{{ timestamp }}"
     }
+    name = "hetzner-base-nixos-{{ timestamp }}"
 }
 
 source "hcloud" "base" {
     server_type = "cx21"
     image = "debian-11"
     rescue = "linux64"
     location = "nbg1"
-    snapshot_name = var.name
+    snapshot_name = "hetzner-base-nixos-{{ timestamp }}"
     snapshot_labels = local.build-labels
     ssh_username = "root"
     token = var.hcloud-token
@@ -40,5 +38,4 @@ build {
     post-processor "manifest" {
         custom_data = local.build-labels
     }
-
 }

terraform/configurations/core/main.nix

@@ -0,0 +1,22 @@
+terraform {
+  cloud {
+    organization = "justinrubek"
+
+    workspaces {
+      name = "hetzner"
+    }
+  }
+
+  required_providers {
+    hcloud = {
+      source  = "hetznercloud/hcloud"
+      version = "1.36.1"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "3.4.3"
+    }
+  }
+
+  required_version = ">= 1.0"
+}

terraform/configurations/hetzner/.terraform.lock.hcl

@@ -0,0 +1,22 @@
+{...}: {
+  # configure hcloud
+  variable.hcloud_token.sensitive = true;
+  provider.hcloud.token = "\${var.hcloud_token}";
+
+  data.hcloud_image.nixos_base = {
+    id = "92487340";
+  };
+
+  resource.hcloud_server.bunky = {
+    name = "bunky";
+
+    image = "\${data.hcloud_image.nixos_base.id}";
+    server_type = "cpx11";
+    location = "hil";
+
+    public_net = {
+      ipv4_enabled = true;
+      ipv6_enabled = true;
+    };
+  };
+}