diff --git a/flake.nix b/flake.nix index 8d1e0be7..0406335b 100644 --- a/flake.nix +++ b/flake.nix @@ -41,7 +41,6 @@ pkgs = import nixpkgs {inherit system;}; }; ghaf-infra-shell = importExpectingSystem ./shell.nix; - terraform-shell = importExpectingSystem ./terraform/shell.nix; templateTargets = import ./hosts/templates/targets.nix {inherit nixpkgs disko;}; in { # nix fmt @@ -51,8 +50,6 @@ devShells = forEachSystem (system: { # nix develop default = ghaf-infra-shell system; - # nix develop .#terraform - terraform = terraform-shell system; }); # NixOS configuration entrypoint diff --git a/shell.nix b/shell.nix index 2fe1c976..640e510e 100644 --- a/shell.nix +++ b/shell.nix @@ -17,6 +17,7 @@ pkgs.mkShell { NIX_CONFIG = "extra-experimental-features = nix-command flakes"; nativeBuildInputs = with pkgs; [ + azure-cli git nix nixos-rebuild @@ -30,6 +31,11 @@ pkgs.mkShell { reuse sops ssh-to-age - terraform + (terraform.withPlugins (p: [ + p.azurerm + p.external + p.null + p.sops + ])) ]; } diff --git a/terraform/README.md b/terraform/README.md index 1983dfa6..094dafde 100644 --- a/terraform/README.md +++ b/terraform/README.md @@ -6,7 +6,7 @@ SPDX-License-Identifier: Apache-2.0 # Ghaf-infra: Terraform -This project uses terraform to automate the creation of infrastructure resources. The inteded usage together with NixOS configurations in the main [flake.nix](../flake.nix) is as follows: +This project uses terraform to automate the creation of infrastructure resources. The intended usage together with NixOS configurations in the main [flake.nix](../flake.nix) is as follows: - We use the terraform configuration in this directory for the inital setup of the infrastructure resources (VMs, networks, etc.) - We use the NixOS configurations in [flake.nix](../flake.nix) to [install](../README.md#install) NixOS on the VMs - We maintain the infrastructure by [deploying](../README.md#deploy) changes to the NixOS configurations via [flake.nix](../flake.nix) @@ -23,15 +23,18 @@ $ git clone https://github.com/tiiuae/ghaf-infra.git $ cd ghaf-infra ``` -All commands in this document are executed from terraform nix-shell inside the `terraform` directory. +All commands in this document are executed from nix-shell inside the `terraform` directory. -Bootstrap terraform nix-shell with the required dependencies: +Bootstrap nix-shell with the required dependencies: ```bash -$ cd terraform +# Start a nix-shell with required dependencies: $ nix-shell # Authenticate with az login: $ az login + +# Terraform comands are executed under the terraform directory: +$ cd terraform/ ``` ## Initializing Azure Storage @@ -41,14 +44,14 @@ This project stores the terraform state in a remote storage in an azure storage When starting a new infrastructure you need to initialize the terraform state storage: ```bash -$ cd azure-storage/ +$ cd azure-storage $ terraform init $ terraform apply ``` ## Terraform workflow -Following describes the intended workflow, with commands executed from the terraform nix-shell. +Following describes the intended workflow, with commands executed from the nix-shell. First, change the terraform code by modifying the relevant files in this directory. Then: diff --git a/terraform/azure-ghaf-infra.tf b/terraform/azure-ghaf-infra.tf index 510c33d3..b697b5b4 100644 --- a/terraform/azure-ghaf-infra.tf +++ b/terraform/azure-ghaf-infra.tf @@ -1,19 +1,45 @@ # SPDX-FileCopyrightText: 2023 Technology Innovation Institute (TII) # # SPDX-License-Identifier: Apache-2.0 +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + } + sops = { + source = "carlpett/sops" + } + } +} +provider "azurerm" { + features {} +} +# Sops secrets +data "sops_file" "ghaf_infra" { + source_file = "secrets.yaml" +} +# Backend for storing tfstate (see ./azure-storage) +terraform { + backend "azurerm" { + resource_group_name = "ghaf-infra-storage" + storage_account_name = "ghafinfrastatestorage" + container_name = "ghaf-infra-tfstate-container" + key = "ghaf-infra.tfstate" + } +} # Resource group resource "azurerm_resource_group" "ghaf_infra_tf_dev" { name = "ghaf-infra-tf-dev" - location = var.resource_group_location + location = "swedencentral" } -# Create VN +# Virtual Network resource "azurerm_virtual_network" "ghaf_infra_tf_vnet" { name = "ghaf-infra-tf-vnet" address_space = ["10.0.0.0/16"] - location = var.resource_group_location + location = azurerm_resource_group.ghaf_infra_tf_dev.location resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name } -# Create Subnet +# Subnet resource "azurerm_subnet" "ghaf_infra_tf_subnet" { name = "ghaf-infra-tf-subnet" resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name @@ -23,7 +49,7 @@ resource "azurerm_subnet" "ghaf_infra_tf_subnet" { # Network interface resource "azurerm_network_interface" "ghaf_infra_tf_network_interface" { name = "ghaf-infratf286-z1" - location = var.resource_group_location + location = azurerm_resource_group.ghaf_infra_tf_dev.location resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name ip_configuration { name = "my_nic_configuration" @@ -32,25 +58,25 @@ resource "azurerm_network_interface" "ghaf_infra_tf_network_interface" { public_ip_address_id = azurerm_public_ip.ghaf_infra_tf_public_ip.id } } -# Create Availability Set +# Availability Set resource "azurerm_availability_set" "ghaf_infra_tf_availability_set" { name = "ghaf-infra-tf-availability-set" - location = var.resource_group_location + location = azurerm_resource_group.ghaf_infra_tf_dev.location resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name platform_fault_domain_count = 2 platform_update_domain_count = 2 } -# Create Public IPs +# Public IPs resource "azurerm_public_ip" "ghaf_infra_tf_public_ip" { name = "ghaf-infra-tf-public-ip" - location = var.resource_group_location + location = azurerm_resource_group.ghaf_infra_tf_dev.location resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name allocation_method = "Dynamic" } -# Create Network Security Group and rule +# Network Security Group and Rule resource "azurerm_network_security_group" "ghaf_infra_tf_nsg" { name = "ghaf-infra-tf-nsg" - location = var.resource_group_location + location = azurerm_resource_group.ghaf_infra_tf_dev.location resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name security_rule { name = "SSH" @@ -64,10 +90,10 @@ resource "azurerm_network_security_group" "ghaf_infra_tf_nsg" { destination_address_prefix = "*" } } -# Create Linux Virtual Machine +# Example Linux Virtual Machine resource "azurerm_linux_virtual_machine" "ghafinfra_tf" { name = "ghafinfratf" - location = var.resource_group_location + location = azurerm_resource_group.ghaf_infra_tf_dev.location resource_group_name = azurerm_resource_group.ghaf_infra_tf_dev.name availability_set_id = azurerm_availability_set.ghaf_infra_tf_availability_set.id network_interface_ids = [ @@ -86,11 +112,12 @@ resource "azurerm_linux_virtual_machine" "ghafinfra_tf" { sku = "22_04-lts-gen2" version = "latest" } - admin_username = "karim" + admin_username = data.sops_file.ghaf_infra.data["vm_admin_name"] disable_password_authentication = true admin_ssh_key { - username = "karim" - public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDe5L8iOqhNPsYz5eh9Bz/URYguG60JjMGmKG0wwLIb6Gf2M8Txzk24ESGbMR/F5RYsV1yWYOocL47ngDWQIbO6MGJ7ftUr7slWoUA/FSVwh/jsG681mRqIuJXjKM/YQhBkI9k6+eVxRfLDTs5XZfbwdm7T4aP8ZI2609VY0guXfa/F7DSE1BxN7IJMn0CWLQJanBpoYUxqyQXCUXgljMokdPjTrqAxlBluMsVTP+ZKDnjnpHcVE/hCKk5BxaU6K97OdeIOOEWXAd6uEHssomjtU7+7dhiZzjhzRPKDiSJDF9qtIw50kTHz6ZTdH8SAZmu0hsS6q8OmmDTAnt24dFJV karim@nixos" + username = data.sops_file.ghaf_infra.data["vm_admin_name"] + # Azure requires RSA keys: + # https://learn.microsoft.com/troubleshoot/azure/virtual-machines/ed25519-ssh-keys + public_key = data.sops_file.ghaf_infra.data["vm_admin_rsa_pub"] } - } \ No newline at end of file diff --git a/terraform/backend.tf b/terraform/backend.tf deleted file mode 100644 index ac85fecf..00000000 --- a/terraform/backend.tf +++ /dev/null @@ -1,13 +0,0 @@ -# SPDX-FileCopyrightText: 2023 Technology Innovation Institute (TII) -# -# SPDX-License-Identifier: Apache-2.0 - - -terraform { - backend "azurerm" { - resource_group_name = "ghaf-infra-storage" - storage_account_name = "ghafinfrastatestorage" - container_name = "ghaf-infra-tfstate-container" - key = "ghaf-infra.tfstate" - } -} diff --git a/terraform/data.tf b/terraform/data.tf deleted file mode 100644 index 717db167..00000000 --- a/terraform/data.tf +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-FileCopyrightText: 2023 Technology Innovation Institute (TII) -# -# SPDX-License-Identifier: Apache-2.0 - -data "sops_file" "ghaf-infra" { - source_file = "secrets.yaml" -} diff --git a/terraform/outputs.tf b/terraform/outputs.tf deleted file mode 100644 index 0720668f..00000000 --- a/terraform/outputs.tf +++ /dev/null @@ -1,11 +0,0 @@ -# SPDX-FileCopyrightText: 2023 Technology Innovation Institute (TII) -# -# SPDX-License-Identifier: Apache-2.0 - -output "resource_group_name" { - value = azurerm_resource_group.ghaf_infra_tf_dev.name -} - -output "resource_group_location" { - value = var.resource_group_location -} diff --git a/terraform/providers.tf b/terraform/providers.tf deleted file mode 100644 index 8f976809..00000000 --- a/terraform/providers.tf +++ /dev/null @@ -1,19 +0,0 @@ -# SPDX-FileCopyrightText: 2023 Technology Innovation Institute (TII) -# -# SPDX-License-Identifier: Apache-2.0 - -provider "azurerm" { - features {} -} - -terraform { - required_providers { - azurerm = { - source = "hashicorp/azurerm" - } - sops = { - source = "carlpett/sops" - } - } -} - diff --git a/terraform/secrets.yaml b/terraform/secrets.yaml index 2cf667d4..9b892d77 100644 --- a/terraform/secrets.yaml +++ b/terraform/secrets.yaml @@ -1,4 +1,6 @@ -unused_terraform_secret: ENC[AES256_GCM,data:Q70r0PcnvJ6d5AZiBVsbzW241R7rWxVkJ5oz0N8x,iv:a9kIO1zSfLLeN9jl1UikYsXWPE9kFY+w14Q2Rn8ykS8=,tag:vUbiBhkv6zQH5f1iGhq/pQ==,type:str] +vm_admin_name: ENC[AES256_GCM,data:AZvvL4Zgivh5,iv:tzqkASg7txch7BL7p2nVycl/0TFONt5j9dbnS2H9LNo=,tag:/1JX9O9ptuxNaPfJlInGVA==,type:str] +vm_admin_rsa_pub: ENC[AES256_GCM,data:mbqCRUZTP7e89mPKkRCl4x8tRahQWetn3kiPSPfupQSzj752mlMXruPMEPJfoO05RtVnMJWKKg1etMAknGAHu9XCEA7OpdxyldBxIlAXEReB9GwU/Pll5UaCXwEzp6PExIR77D+jHHJ22b9nnlJEUBeWL1q3UPFZTwNZnU6EcAswMzksKKKKgBO8kJP/oFYViVf5XQ4IYCfSGNt4JPoH74l8itixqqqSIda4cXOsqP/8DY+sjintHFmh7dCnzFlAwtY/01zi44iNHiNLKGX3tA8JxOwnPY4zlsYRq7JlcJ2nEu/dHhaSJWyZoO3KLbncnGSRLsD4GTTcfuppCl6vcicOYctAGeE9jAtO3ISDmNLmIGJpM++HIsFe42PJ8HTkgRv4uFTVr3BK6O04iJAIhjp4jfguxYcd5UCse3ut0XqHGA/D8NqzjLeNbdxVasXPnhjP2/DKTaTlv1gBUvTV9iEmywe+xIzvNffSSFRvG0Znd8KbpZY66Joev0SzYdo24ID6HPv6bTbK+TyyF5tT/k44TbGg5A8A6n6aAW1wdX0/PLLHGaH6i1pHcQMKXGRvcwMrkR/4sxnCCU2tfnclMZ3qILKIIdRs2otPDXNTaLFVsBUBYTlIONx2M+nNjSgWHUw4Ru0Ial03tk+5AOYPktJT7/bzDHdPaqLpdVFoDn0F+IGgnfWinWcWH/SiQCBSKqA66TMGQtv5cGNyEcjuxwhxTIctuvmM64mrYlCd+q4Ds7or28BX8WDeGYAtbNSJ9tnnNsG9FwXwXp2DwIwKGfW9fu42+/AS6u9HMAqtR8EyVsey1Z3uASgIOtKI7AsoyUJU5IhEqMNsccFpr1/1K4d6WDvrdTO5SSD8WSnEYuKKMp46frLuR5/18H3fwpN53lqVYdHZDbmmgyNjEIW//mO1U05b9J5YP14/q/2IdsmVUIMEh3jALTcYBRP8/rNrW0a30z8=,iv:3j7PvOs+FyftMHk/gK7c5bV7UurlLIzhy/gxIQk/KE4=,tag:DsL9YG8aR2wlT4NVSgf6DA==,type:str] +vm_admin_rsa_key: ENC[AES256_GCM,data:lnDBBooejrR0tpeCMw7bnEJCiX60j/EVhVZMlRH+1v1yXOwLhvnmqTVF2XQaK92T1GRj/0MqD7ntaKPbfCELrmP2iFQ/u+9JWgGs+59x1t/Ey3Fmam0vJjX/ew/LwqNbtJzaRPYj83Oh7iES+sLJHS0dkXO+YHGPWu6Ld84+HooT643vFD9nzreqpPkGUPtvrcZVY/fEKJNjXgmStU1SYRlnuBHkrCyJ3p95FSlqdmQfkU7AmHsz2wrms5/Q0XDSprY59lR6sw5FlrFERj7O9napnK0IJVZWizx5IYLSiieH2aU05dHMdfIQ5ygQJVM4XQ2QZgvCTk9UUJz7vU93eNAHs2Go7ygma6xF2xqduuJn4j/kgm9gVI+7JV451/7R0k7SW/ItGuwoCgiIhBpfZXLQZKbrVDvZK3XOI37ickzkRG4cv8+BvW+RO2HRtmjQLJA31ab2s53PLBp2xwHaUf2I4EyhR9OD2hZvQOOgw3jNFf83MZ5NJiveuIriyzZ+k5m7sIS0/Dt67F6bXvg9fpYN+j0ttAHCgGQMInQPDx2q6YDhgyFGCWgjSJM+qAhoKauaooSJEY5NVKoKE/t2OsSk8avi8QjisHEgA67Sd/oBti4/Wa9ReIaRBuPvNAvyWIdkr2yyOzud8ARlqnkysR1cbQRBOGiEAUINj61g5MmikoheXSVE0+j5wfCPUX/coMormcQgfpbMS4mGTI98aRDO6aWtRfEd2ng2V2LsQbWaEfrOpxurmhi9c9xQcsIMHJloWvdePow+zuDb/zO22s5oRT+EfvxzktyB4wi3tG2z6DONSfpQwl5p3KEB+88vaJHRKgbpcUpFGT0ITzv7V7ZbkwybHC4xeZPA6C3tIVyzCFppcfQVi7AGvGqz1g6mRvrIxGS8kWjJ/eTuqwT3pd89pFI92SoqL0s4QkRMDTNsOaolJFust/hTAEbl2p8wBxe91qaNwqlB6LxIosVWyeM4b4nYjqa898RApNTvMGz6vXYj9//Yz6hjXjplNXCQiRNAChxVu7V2AU/y50QriZsNM5ShuVhFsmzzByZ3ZiMTrOvBQoZTT4WbO4GhJQ0BScrKKBsWMcIwrIyjc5W+3QpuDw7UfOwovyBP91TB3bXSjBxz91FlUCkJN+UmqlWuNyghlCQVKF2e94itausHbnAa1JbTkMLRQ62bLClvG6Lhr6JZEYhyktD6wNwzYuLWv4VNWhasY0tnQQ9vOr/qQw4W1L9+wO1D7PM5aI7xOzDcWUCx39SXdCaQXYD+Gta9bZzhLPVtHXk7/+x/m80Hcfano2jTscOyK58uRO1G3MLqICZxAu8H+Tov+Bi9CXc2oTZe6CRsWfP/d8Ll0/KjDnIV7HCLAXYzd82sGZLSR8SiQ9b/C4LNlWkOas/wppoiQtx46NMX1hBxkkVDsZu45GWdJHztT7B0/GM6ZlslV4dWJ5uK0IRJ3jBS1EXZKuyQu5Xs2EqIeFVpYlZz+iFeohPvJeELhBKbzwn4lVFZCxcSXuN11kWn41Muh0NcytAsh2kA4RnXHp21lYRXmKQl4EMFJfPnV/wwvUrRWwNk6gTaT26lOdvGzNVbL0Nzc52eUWK+K4hvlUFe5tiWpysBxMagoY2992lxbQzUAs+7kuLWb9FuwaPe5MEmnBb9CnqgoFYLVSRvLRqjjLrdIX16JB8zPZfDfI3cEoT1DKeOUsi2fJZuaJALX8Wa6xnI51kIJU6ddGEyu6rOVsZsMOsVqZrUy0CPanFH84swPmPzlBHjjXji0MlCmpMs1SqAsx34Bf+kGIoTzLlQo0THk8DQmdRLRrGX1pwM0cxKfenQPb9TBReW07NbLB5yQsfefaMyJa5LIXJQU7C9AQXaybXaGmUL6OzmCQHTuyFGuby5gdc53VFFxbGngByzgd3OWCaC+DshUazYvREDvqR3dUTM0koMtMCaeMqDNZMmULtx60IKckOWJLnPZuwwYXC1+mcKFD9svgsTxqeqSl++MWFZiZ+h7MT8wLWKCAcfI+hR4tfnb4NgyZWB0SK0fwPyom+rJsz4H5R7d8rJ4b0DJKH4WdAaNvMa+D7uJI1Zqt9T2a47FdIIkpTCIKZzRcCX2FBAGYYAdWC39wnjVMLyLO6NC+rTetSFvYjGMB/H5uuEs2RK2WwtTQ+I2mtwQnOYCYa+CKccELzEBJo3VXhIV1KbID5gVGgseugS41mWtOiZ6GpsuKDkULZA6pUIOgk3z2mYRS2iP1qRZdMEIEq76j56libHUTEiqLexyseQ8C++Ed9Mjsy5r2u/T1RI3MxHfujYFip5hYTCctBnPHyLqPLUfnulibViMwWf/NwOXY/nNCBCIadCAjLCnUK775KKRFzwJNuqsQZehhBoBup/2ExArsemCTwo/8oDtYAj1SUEWTeQUiAleIirt6+XdpPjVKTv+/O0YivGhKF6yL0TAdvThMArbnwQFdZQbiOMU4oeA77prgQ7ZmjzNeA94esgSiLwRFLYS3X/WD89VITVnHA3WVxsiemFe45mH1m9Sh+UK2VcArAXlsFW4M1g13+YPHBmfQDMRV7MAFq4aNti0KpkYAEJ+h0FTu9/NUax6n//A3j89ukJIk8N4eOEAzTM/ivUXT+5F4cu9gCwMoFfckuCIoSmupxPDL7TtUgmT9/t7vKAlArDuGExXkbNLwdhct7O8s6ve5MYhmZz2sCfQwyUadw5PxH9qZAGnhj6RnkFNbiT0gYTxaYKOopD8NFiA/xOQMVeh9KYFXKP9GITnn2UA9pxRTnM2vVMrCXn5Djyl/dmB0BqCtP6AK9HnE1ngOPxhvvbLoH2nNl9UVUhVXb0NBL+kX3+5zdNcUzXpM1AGknhNt2bewYf4XX9cRog6zWpeBZkJRbZRxz5ZpCTLRfW1ROhcOmT0UL5lQoNxZwR9hGkucskpIo1sCO4oL4oThOrfGUdZ4tReepouKDBbPyCe3hUhQrfAHfkznMFebPnDmY/7KuBH31EQkONnznyrACPnasCk5VdGpHva+g+etlXGokQ80qYQ6YG70FKUUZ8BaSdTiXHbWBfYKDey4/70nzZX1Yu1hFl0rEz/1AYSO7+07psW7qHUMBmUu4FmJ7x/1jyMbKalGTbLyF9rIKF5yGSKpkeEO++/eHtuNo7ZQbdRPEFp45pONjCsZDKB0PEuPNu22ooCrx9b3FRd0rk0NYdubgQPOxuYt6y0VA5m02pj9XOB86R08KdppJwP0rMdvRaP7YorZ+q85QaNu7lhUyKoP88Wa0q8ndDNDptwf/fIGOlfxInaCW9z3oymCKhLhU+OkG/NAf9Bh0KBO6efFPiZkpO/PIrzepayeezySYk1btFPgQkUcIsALSD1nAP5SUHojCWllkK6f904K4zrA6FXUoH1qqKR6Z9jPgeYanroKqUXj7MwgEtm8TQwb3lV6iG9eCnRQaPb0eF/qRrP1LDIkGBozLsehv5Re6dpOZewWcSx631hyvffkiw9hbG1owJo9N5s7fL5fNg+UiMKO4LV8IO3F0wQF0ut37m19SDV9ygOlwsNl5A6PdMRtIRVk5UhrTOBLIJrR8I1HvjS/pZ5eAKMHwTcB+2YjJGVX4mb0PpiePuXzqNe/D1Cu6PW5LS0ayOEoWVJttHqmRJlCe9NPZQZG7TwsAcvmQ5NIrsuXyBhSU2FJS/IeEGgr3W+yzZPSrP0Xk+JUICCvbM7mS+I/aIl020wSacD7wcCfPDByMjjr5gs/L/ZO2fZK+QPaIVDpa+NM6tL4tljOufA1jWQTpfTQtFxOIaadgX8L7DiN5yDHilUTcZ3BYsxxmdwWTpdq1xFs8aNZwwf6u+pGe3qkBRwBE1Oh781RsEcYNKC8aizJUDvj/x8m7hcdWMHx1sQXoL2+dHxD169v1uQzCTXb4LYS8CfdH5vGb+01AdBK20qgxjtpRamU7tmFiaRgY+8a9MhXSnZFwOKSOgunq4Q5CQOH6J6wVfTDcMtSafS/wiwdp01/V6rHQhtQBrXo0HWpz/gJyDe8hUt8crxmRHD4kgwoLrmjSErRoaZPXWvmZSmwDiOsjKjIVJJJB8P1paDcvdAJQv3/g3OeN22i0m+Lm0p0HIiKkiJ8lry/2yRHOsLFPrNyGrysQ13qcKm4yMCnNDu2XU8OErXyOoEXC81g01Oy3+fGrj+nMaU4turTVWsU4x83OMtd0Z64L8LyhWBoFZ1HDpiT13eFkX6+miD8koGSEn66qNQZeI8HvcgB0I4H2YoMsyLkAQ4ityIgDH5XFcNQmz8Mv11YwbT23iZqHA21YZcerIG58VHhkv73gikBUbRLdvS2b6+BIrQoNU60HrWmXy48/LZ0kYlWPRcxZnLWmK10RXMeJqwzog4qvuJsNZxks0ug7n6Rrsm6NEuEi92AZU8qnkkUAlxfkRWBCMFOVp8jHWzbTjq5KR5jDm80eZ98HY7GAvdaSeKB9eEqGAbEPYL6s/0EhTRcI4ZNkLpfJH4riDm4Y66saAO5wyJvbQ,iv:wllL2tmJyLLTnIFcx2jGsGsC/Abf7WEsKx92r5CQuCI=,tag:1HV1J95XmrTMIUtmyOSZPA==,type:str] sops: kms: [] gcp_kms: [] @@ -23,8 +25,8 @@ sops: MVlPN0hucU9Pc0MxMjdQSy9zVWRMVUkKjKq1583tMPfGLe9f6NW0lIaE71Q2cHRz ez/Nwl0IAAPJkmuK6dlf4jfDy2WwasV5zpKmQhDeKG5trrTD82fY+w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-11-01T14:44:23Z" - mac: ENC[AES256_GCM,data:ly41P7M5fSN7bCBn+aEPvl+q6zyNLk4Wox/rpryitwQGgWpm1Ie/OZUp65Ag7oeUs5jR3J7sqYeuzsHLCBm3YT3VENxjgdV5tZ9kxDFU8DF1mwQrIwnNTJLEx9AC65nNdbAdIUn/1fsP7Wf4+g5xu2nVRTp0FtDCWd6tTBfZbZ4=,iv:60zJbpwPLZcL2/MhXH3c8ir9kEGHpKBO5YSOKY5xi4k=,tag:lXK2qzMrna1lukLSTccAqw==,type:str] + lastmodified: "2023-11-07T10:30:23Z" + mac: ENC[AES256_GCM,data:FljnbBZO4U3OlwxdHbL6WICo4p8LfkVXGtoFSeOfsqGfXGSrRZC3hetKMtM0z26K1ubJRKmFnEzosQqccHn+e2xgMfIp28t4edZo+engbOiiMgU2DO9eHkG3FwZJt4ue3WxDG40rzQ4OvcNpOrUqDpFBbo8/wbKy3a9S7BibqO0=,iv:pWTE5tpnORHigHvCoeQ1hJrzQW5a9TzW+Ah1wZNn67s=,tag:3kihD1YCfcEZMx1xw/pFWQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/terraform/shell.nix b/terraform/shell.nix deleted file mode 100644 index 8d56a27e..00000000 --- a/terraform/shell.nix +++ /dev/null @@ -1,28 +0,0 @@ -# SPDX-FileCopyrightText: 2023 Technology Innovation Institute (TII) -# -# SPDX-License-Identifier: Apache-2.0 -{ - pkgs ? - # If pkgs is not defined, instanciate nixpkgs from locked commit - let - lock = (builtins.fromJSON (builtins.readFile ../flake.lock)).nodes.nixpkgs.locked; - nixpkgs = fetchTarball { - url = "https://github.com/nixos/nixpkgs/archive/${lock.rev}.tar.gz"; - sha256 = lock.narHash; - }; - in - import nixpkgs {overlays = [];}, - ... -}: -pkgs.mkShell { - packages = [ - pkgs.sops - pkgs.azure-cli - (pkgs.terraform.withPlugins (p: [ - p.azurerm - p.external - p.null - p.sops - ])) - ]; -} diff --git a/terraform/variables.tf b/terraform/variables.tf deleted file mode 100644 index 0f408c7b..00000000 --- a/terraform/variables.tf +++ /dev/null @@ -1,31 +0,0 @@ -# SPDX-FileCopyrightText: 2023 Technology Innovation Institute (TII) -# -# SPDX-License-Identifier: Apache-2.0 - -variable "resource_group_location" { - type = string - default = "swedencentral" - description = "Location of the resource group." -} - - -variable "resourcegroup" { - description = "The Azure Resource Group Name within your Subscription in which this resource will be created." - default = "ghaf-infra-swe" -} - -variable "resource_group_name_prefix" { - type = string - default = "rg" - description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription." -} - -variable "location" { - description = "Location for resources" - default = "eastus" -} - -variable "subnet_address_prefix" { - description = "Address prefix for subnet" - default = "10.0.1.0/24" -} \ No newline at end of file