terraform { required_providers { aws = { source = "hashicorp/aws" version = "~> 5.0" } hcloud = { source = "hetznercloud/hcloud" version = "~> 1.45.0" } healthchecksio = { source = "kristofferahl/healthchecksio" version = "~> 1.6.0" } ovh = { source = "ovh/ovh" version = "~> 0.48.0" } scaleway = { source = "scaleway/scaleway" version = "~> 2.43.0" } tailscale = { source = "tailscale/tailscale" version = "~> 0.16.0" } authentik = { source = "goauthentik/authentik" version = "~> 2024.8.0" } mailcow = { source = "l-with/mailcow" version = "~> 0.7.5" } postgresql = { source = "cyrilgdn/postgresql" version = "~> 1.23.0" } } backend "s3" { bucket = var.backend_bucket access_key = var.backend_access_key secret_key = var.backend_secret_key key = "terraform.tfstate" region = var.backend_region encrypt = true endpoints = { s3 = var.backend_endpoint } # Disable AWS-specific features skip_credentials_validation = true skip_region_validation = true skip_requesting_account_id = true skip_s3_checksum = true } encryption { key_provider "pbkdf2" "encryption" { passphrase = var.passphrase } method "aes_gcm" "encryption" { keys = key_provider.pbkdf2.encryption } state { method = method.aes_gcm.encryption enforced = true } } } provider "aws" { region = var.aws_region access_key = var.aws_access_key secret_key = var.aws_secret_key } provider "hcloud" { token = var.hcloud_token } provider "healthchecksio" { api_key = var.healthchecksio_api_key } provider "ovh" { endpoint = "ovh-eu" application_key = var.ovh_application_key application_secret = var.ovh_application_secret consumer_key = var.ovh_consumer_key } provider "scaleway" { organization_id = var.scaleway_organization_id project_id = var.scaleway_project_id access_key = var.scaleway_access_key secret_key = var.scaleway_secret_key region = "nl-ams" zone = "nl-ams-1" } provider "tailscale" { api_key = var.tailscale_api_key tailnet = var.tailscale_tailnet } module "infrastructure" { source = "./modules/infrastructure" scaleway_project_id = var.scaleway_project_id default_ssh_key = var.default_ssh_key hosts = var.hosts services = var.services email_domains = var.email_domains } provider "authentik" { url = var.authentik_url token = var.authentik_token } provider "mailcow" { host_name = var.mailcow_host_name api_key = var.mailcow_api_key } provider "postgresql" { host = var.postgresql_host port = var.postgresql_port database = "postgres" username = var.postgresql_username password = var.postgresql_password sslmode = "verify-full" connect_timeout = 15 } module "services" { source = "./modules/services" authentik_url = var.authentik_url services = var.services }