infrastructure/main.tf

terraform {
  backend "s3" {
    bucket         = var.backend_bucket
    access_key     = var.backend_access_key
    secret_key     = var.backend_secret_key
    key            = "terraform.tfstate"
    region         = var.backend_region
    encrypt        = true
    endpoints      = {
      s3           = var.backend_endpoint
    }

    # Disable AWS-specific features
    skip_credentials_validation = true
    skip_region_validation      = true
    skip_requesting_account_id  = true
    skip_s3_checksum            = true
  }

  encryption {
    key_provider "pbkdf2" "encryption" {
      passphrase = var.passphrase
    }

    method "aes_gcm" "encryption" {
      keys = key_provider.pbkdf2.encryption
    }

    state {
      method = method.aes_gcm.encryption
      enforced = true
    }
  }
}

module "services" {
  source = "./modules/services"

  authentik_url = var.authentik_url
  authentik_token = var.authentik_token

  postgresql_host = var.postgresql_host
  postgresql_port = var.postgresql_port
  postgresql_username = var.postgresql_username
  postgresql_password = var.postgresql_password

  services = var.services
}

module "infrastructure" {
  source = "./modules/infrastructure"

  contabo_client_id = var.contabo_client_id
  contabo_client_secret = var.contabo_client_secret
  contabo_user = var.contabo_user
  contabo_pass = var.contabo_pass

  hcloud_token = var.hcloud_token

  healthchecksio_api_key = var.healthchecksio_api_key

  ovh_application_key = var.ovh_application_key
  ovh_application_secret = var.ovh_application_secret
  ovh_consumer_key = var.ovh_consumer_key

  scaleway_access_key = var.scaleway_access_key
  scaleway_secret_key = var.scaleway_secret_key
  scaleway_project_id = var.scaleway_project_id
  scaleway_organization_id = var.scaleway_organization_id

  tailscale_api_key = var.tailscale_api_key
  tailscale_tailnet = var.tailscale_tailnet

  default_ssh_key = var.default_ssh_key

  hosts = var.hosts
  services = var.services
}