infrastructure/main.tf

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
    hcloud = {
      source = "hetznercloud/hcloud"
      version = "~> 1.45.0"
    }
    healthchecksio = {
      source = "kristofferahl/healthchecksio"
      version = "~> 1.6.0"
    }
    ovh = {
      source = "ovh/ovh"
      version = "~> 0.48.0"
    }
    scaleway = {
      source = "scaleway/scaleway"
      version = "~> 2.43.0"
    }
    tailscale = {
      source = "tailscale/tailscale"
      version = "~> 0.16.0"
    }

    authentik = {
      source = "goauthentik/authentik"
      version = "~> 2024.8.0"
    }
    mailcow = {
      source = "l-with/mailcow"
      version = "~> 0.7.5"
    }
    postgresql = {
      source = "cyrilgdn/postgresql"
      version = "~> 1.23.0"
    }
  }

  backend "s3" {
    bucket         = var.backend_bucket
    access_key     = var.backend_access_key
    secret_key     = var.backend_secret_key
    key            = "terraform.tfstate"
    region         = var.backend_region
    encrypt        = true
    endpoints      = {
      s3           = var.backend_endpoint
    }

    # Disable AWS-specific features
    skip_credentials_validation = true
    skip_region_validation      = true
    skip_requesting_account_id  = true
    skip_s3_checksum            = true
  }

  encryption {
    key_provider "pbkdf2" "encryption" {
      passphrase = var.passphrase
    }

    method "aes_gcm" "encryption" {
      keys = key_provider.pbkdf2.encryption
    }

    state {
      method = method.aes_gcm.encryption
      enforced = true
    }
  }
}

provider "aws" {
  region     = var.aws_region
  access_key = var.aws_access_key
  secret_key = var.aws_secret_key
}

provider "hcloud" {
  token = var.hcloud_token
}

provider "healthchecksio" {
  api_key = var.healthchecksio_api_key
}

provider "ovh" {
  endpoint = "ovh-eu"
  application_key = var.ovh_application_key
  application_secret = var.ovh_application_secret
  consumer_key = var.ovh_consumer_key
}

provider "scaleway" {
  organization_id = var.scaleway_organization_id
  project_id = var.scaleway_project_id
  access_key = var.scaleway_access_key
  secret_key = var.scaleway_secret_key
  region = "nl-ams"
  zone = "nl-ams-1"
}

provider "tailscale" {
  api_key = var.tailscale_api_key
  tailnet = var.tailscale_tailnet
}

module "infrastructure" {
  source = "./modules/infrastructure"

  scaleway_project_id = var.scaleway_project_id

  default_ssh_key = var.default_ssh_key

  hosts = var.hosts
  services = var.services
  email_domains = var.email_domains
}

provider "authentik" {
  url   = var.authentik_url
  token = var.authentik_token
}

provider "mailcow" {
  host_name = var.mailcow_host_name
  api_key   = var.mailcow_api_key
}

provider "postgresql" {
  host            = var.postgresql_host
  port            = var.postgresql_port
  database        = "postgres"
  username        = var.postgresql_username
  password        = var.postgresql_password
  sslmode         = "verify-full"
  connect_timeout = 15
}

module "services" {
  source = "./modules/services"

  authentik_url = var.authentik_url

  services = var.services
}
Migrate opentofu part 2024-09-25 11:23:52 +00:00			`terraform {`
Remove provider configs from modules 2024-10-10 11:15:50 +00:00			`required_providers {`
Move aws ses dkim keys into terraform 2024-10-22 15:44:00 +00:00			`aws = {`
			`source = "hashicorp/aws"`
			`version = "~> 5.0"`
			`}`
Remove provider configs from modules 2024-10-10 11:15:50 +00:00			`hcloud = {`
			`source = "hetznercloud/hcloud"`
			`version = "~> 1.45.0"`
			`}`
			`healthchecksio = {`
			`source = "kristofferahl/healthchecksio"`
			`version = "~> 1.6.0"`
			`}`
			`ovh = {`
			`source = "ovh/ovh"`
			`version = "~> 0.48.0"`
			`}`
			`scaleway = {`
			`source = "scaleway/scaleway"`
			`version = "~> 2.43.0"`
			`}`
			`tailscale = {`
			`source = "tailscale/tailscale"`
			`version = "~> 0.16.0"`
			`}`

			`authentik = {`
			`source = "goauthentik/authentik"`
			`version = "~> 2024.8.0"`
			`}`
Add mailcow to terraform 2024-10-29 21:43:05 +00:00			`mailcow = {`
			`source = "l-with/mailcow"`
			`version = "~> 0.7.5"`
			`}`
Remove provider configs from modules 2024-10-10 11:15:50 +00:00			`postgresql = {`
			`source = "cyrilgdn/postgresql"`
			`version = "~> 1.23.0"`
			`}`
			`}`

Migrate opentofu part 2024-09-25 11:23:52 +00:00			`backend "s3" {`
			`bucket = var.backend_bucket`
			`access_key = var.backend_access_key`
			`secret_key = var.backend_secret_key`
			`key = "terraform.tfstate"`
			`region = var.backend_region`
			`encrypt = true`
			`endpoints = {`
			`s3 = var.backend_endpoint`
			`}`

			`# Disable AWS-specific features`
			`skip_credentials_validation = true`
			`skip_region_validation = true`
			`skip_requesting_account_id = true`
			`skip_s3_checksum = true`
			`}`
Add opentofu encryption 2024-10-09 19:31:38 +00:00
			`encryption {`
			`key_provider "pbkdf2" "encryption" {`
			`passphrase = var.passphrase`
			`}`

			`method "aes_gcm" "encryption" {`
			`keys = key_provider.pbkdf2.encryption`
			`}`

			`state {`
			`method = method.aes_gcm.encryption`
			`enforced = true`
			`}`
			`}`
Migrate opentofu part 2024-09-25 11:23:52 +00:00			`}`

Move aws ses dkim keys into terraform 2024-10-22 15:44:00 +00:00			`provider "aws" {`
			`region = var.aws_region`
			`access_key = var.aws_access_key`
			`secret_key = var.aws_secret_key`
			`}`

Remove provider configs from modules 2024-10-10 11:15:50 +00:00			`provider "hcloud" {`
			`token = var.hcloud_token`
			`}`
Migrate opentofu part 2024-09-25 11:23:52 +00:00
Remove provider configs from modules 2024-10-10 11:15:50 +00:00			`provider "healthchecksio" {`
			`api_key = var.healthchecksio_api_key`
			`}`
Migrate opentofu part 2024-09-25 11:23:52 +00:00
Remove provider configs from modules 2024-10-10 11:15:50 +00:00			`provider "ovh" {`
			`endpoint = "ovh-eu"`
			`application_key = var.ovh_application_key`
			`application_secret = var.ovh_application_secret`
			`consumer_key = var.ovh_consumer_key`
			`}`

			`provider "scaleway" {`
			`organization_id = var.scaleway_organization_id`
			`project_id = var.scaleway_project_id`
			`access_key = var.scaleway_access_key`
			`secret_key = var.scaleway_secret_key`
			`region = "nl-ams"`
			`zone = "nl-ams-1"`
			`}`

			`provider "tailscale" {`
			`api_key = var.tailscale_api_key`
			`tailnet = var.tailscale_tailnet`
Add postgresql provider 2024-09-27 23:59:53 +00:00			`}`

Move terraform files into modules 2024-09-29 23:22:03 +00:00			`module "infrastructure" {`
			`source = "./modules/infrastructure"`
Migrate opentofu part 2024-09-25 11:23:52 +00:00
Remove provider configs from modules 2024-10-10 11:15:50 +00:00			`scaleway_project_id = var.scaleway_project_id`
Add contabo provider 2024-09-30 18:00:24 +00:00
Remove provider configs from modules 2024-10-10 11:15:50 +00:00			`default_ssh_key = var.default_ssh_key`

			`hosts = var.hosts`
			`services = var.services`
Move aws ses dkim keys into terraform 2024-10-22 15:44:00 +00:00			`email_domains = var.email_domains`
Remove provider configs from modules 2024-10-10 11:15:50 +00:00			`}`
Add authentik to opentofu 2024-09-28 12:14:09 +00:00
Remove provider configs from modules 2024-10-10 11:15:50 +00:00			`provider "authentik" {`
			`url = var.authentik_url`
			`token = var.authentik_token`
			`}`
Add healthchecksio provider and refactor ip-for-host collection 2024-10-06 15:08:25 +00:00
Add mailcow to terraform 2024-10-29 21:43:05 +00:00			`provider "mailcow" {`
			`host_name = var.mailcow_host_name`
			`api_key = var.mailcow_api_key`
			`}`

Remove provider configs from modules 2024-10-10 11:15:50 +00:00			`provider "postgresql" {`
			`host = var.postgresql_host`
			`port = var.postgresql_port`
			`database = "postgres"`
			`username = var.postgresql_username`
			`password = var.postgresql_password`
			`sslmode = "verify-full"`
			`connect_timeout = 15`
			`}`
Add authentik to opentofu 2024-09-28 12:14:09 +00:00
Remove provider configs from modules 2024-10-10 11:15:50 +00:00			`module "services" {`
			`source = "./modules/services"`
Move terraform files into modules 2024-09-29 23:22:03 +00:00
Remove provider configs from modules 2024-10-10 11:15:50 +00:00			`authentik_url = var.authentik_url`
Move terraform files into modules 2024-09-29 23:22:03 +00:00
			`services = var.services`
			`}`