diff --git a/.sops.yaml b/.sops.yaml
index 848879993f842fbc50943525fcd51c90c2f447b6..912dddbd06d9c2c2c305a09ffba17fd8b1671c8d 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -9,6 +9,9 @@ creation_rules:
pgp: >-
286791FB6648539775DB31B8FCB98C2A3EC6F601,
B137EE1549DFAF960DD1E2B15147025FB9F09E07
+ - path_regex: terraform/.*\.sops\.yaml
+ pgp: >-
+ 286791FB6648539775DB31B8FCB98C2A3EC6F601
- path_regex: terraform/.*\.tfvars
pgp: >-
286791FB6648539775DB31B8FCB98C2A3EC6F601
diff --git a/terraform/k8s01/.terraform.lock.hcl b/terraform/k8s01/.terraform.lock.hcl
index f4676835f495e14629a684dd1cc2a239b235cd00..cc1e0fa01497ded3c0d6b8b6fb426999111697eb 100644
--- a/terraform/k8s01/.terraform.lock.hcl
+++ b/terraform/k8s01/.terraform.lock.hcl
@@ -1,7 +1,22 @@
-# This file is maintained automatically by "terraform init".
+# This file is maintained automatically by "tofu init".
# Manual edits may be lost in future updates.
-provider "registry.terraform.io/cloudflare/cloudflare" {
+provider "registry.opentofu.org/carlpett/sops" {
+ version = "1.0.0"
+ constraints = "1.0.0"
+ hashes = [
+ "h1:tnN2Mgl0NUF3cg7a0HtGmtOhHcG+tkaT6ncOPRuA9l8=",
+ "zh:064e63ea800cd1a8e575064097bc7de6fd5faa8ad50dbb3f2f9d8a3ebc9d7b97",
+ "zh:0663900085949d2faf24c170c7cdfbf76e545797915cc331da8304144c02bf27",
+ "zh:2ff26c7e5ee356c30791a12dd8e114c6237bd873d09e52805cb30dd5d758ed23",
+ "zh:44211fa474112ad0c9fcdae03f13ec7c75cdefd3ab29979b99cb834208055593",
+ "zh:6c3ab441c12b9679ad1dcac580d1ee7782f0d94efe6da6e983435ed39335cd3f",
+ "zh:8924cc939b52382ef042dc38bde93cdf438ff0aeab5e1801fbd198f05b80cd47",
+ "zh:ebc189ce22c23b903399f71e33d465001a79d7de7f7bf115c7763fcf794f4b58",
+ ]
+}
+
+provider "registry.opentofu.org/cloudflare/cloudflare" {
version = "4.15.0"
constraints = "4.15.0"
hashes = [
@@ -24,64 +39,55 @@ provider "registry.terraform.io/cloudflare/cloudflare" {
]
}
-provider "registry.terraform.io/hashicorp/local" {
+provider "registry.opentofu.org/hashicorp/local" {
version = "2.4.0"
constraints = "2.4.0"
hashes = [
- "h1:R97FTYETo88sT2VHfMgkPU3lzCsZLunPftjSI5vfKe8=",
- "zh:53604cd29cb92538668fe09565c739358dc53ca56f9f11312b9d7de81e48fab9",
- "zh:66a46e9c508716a1c98efbf793092f03d50049fa4a83cd6b2251e9a06aca2acf",
- "zh:70a6f6a852dd83768d0778ce9817d81d4b3f073fab8fa570bff92dcb0824f732",
- "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
- "zh:82a803f2f484c8b766e2e9c32343e9c89b91997b9f8d2697f9f3837f62926b35",
- "zh:9708a4e40d6cc4b8afd1352e5186e6e1502f6ae599867c120967aebe9d90ed04",
- "zh:973f65ce0d67c585f4ec250c1e634c9b22d9c4288b484ee2a871d7fa1e317406",
- "zh:c8fa0f98f9316e4cfef082aa9b785ba16e36ff754d6aba8b456dab9500e671c6",
- "zh:cfa5342a5f5188b20db246c73ac823918c189468e1382cb3c48a9c0c08fc5bf7",
- "zh:e0e2b477c7e899c63b06b38cd8684a893d834d6d0b5e9b033cedc06dd7ffe9e2",
- "zh:f62d7d05ea1ee566f732505200ab38d94315a4add27947a60afa29860822d3fc",
- "zh:fa7ce69dde358e172bd719014ad637634bbdabc49363104f4fca759b4b73f2ce",
+ "h1:pWJMQ+uRtVtHg97vU2zSCuYcZTuDQ7FJz+QanfSGMXM=",
+ "zh:184d6ec1f0e77713b37f0d9cf943b1371f2aa2f44c2c5a618978e897ce3dccab",
+ "zh:2205a7955a4051c2c25e69646a60746d9416b73001491808ae5d10620f7b7ac1",
+ "zh:256ddc56457f725819dc6be62f2d0bb3b9fee40a61771317bb32353df5b5c1a0",
+ "zh:70146e603f540523f6fa2251dd52c225db5a92bda8c07fd198ed51ae2b50176b",
+ "zh:8c3f9fe12ab8843e25ff7edabc26e01df4a0e8db204e432600a4c77a95ec0535",
+ "zh:b003e421f643d14247d31dcb7f0f6470c46f772d0e15a175a555a525ce344bf2",
+ "zh:b4c8ad7c5696aeb2a52adf6047d1e01943fafa57dc123d5192542527406ffd72",
+ "zh:c3b6fbfa431f3c085621c74596ee63681a278fd433a4758f33c627e8936d5cb3",
+ "zh:d2e57b19295b326d84ca5f39b797849d901170d5509aa7558f2a6545c9ce72a9",
+ "zh:e2307421b0b380eb0e8fcee008e0af98ae30fccbfc9e9a1d24d952489e9b0df9",
]
}
-provider "registry.terraform.io/hashicorp/random" {
+provider "registry.opentofu.org/hashicorp/random" {
version = "3.5.1"
hashes = [
- "h1:VSnd9ZIPyfKHOObuQCaKfnjIHRtR7qTw19Rz8tJxm+k=",
- "zh:04e3fbd610cb52c1017d282531364b9c53ef72b6bc533acb2a90671957324a64",
- "zh:119197103301ebaf7efb91df8f0b6e0dd31e6ff943d231af35ee1831c599188d",
- "zh:4d2b219d09abf3b1bb4df93d399ed156cadd61f44ad3baf5cf2954df2fba0831",
- "zh:6130bdde527587bbe2dcaa7150363e96dbc5250ea20154176d82bc69df5d4ce3",
- "zh:6cc326cd4000f724d3086ee05587e7710f032f94fc9af35e96a386a1c6f2214f",
- "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
- "zh:b6d88e1d28cf2dfa24e9fdcc3efc77adcdc1c3c3b5c7ce503a423efbdd6de57b",
- "zh:ba74c592622ecbcef9dc2a4d81ed321c4e44cddf7da799faa324da9bf52a22b2",
- "zh:c7c5cde98fe4ef1143bd1b3ec5dc04baf0d4cc3ca2c5c7d40d17c0e9b2076865",
- "zh:dac4bad52c940cd0dfc27893507c1e92393846b024c5a9db159a93c534a3da03",
- "zh:de8febe2a2acd9ac454b844a4106ed295ae9520ef54dc8ed2faf29f12716b602",
- "zh:eab0d0495e7e711cca367f7d4df6e322e6c562fc52151ec931176115b83ed014",
+ "h1:tW+G7lgqbHUtraKHPWuotYHlME1vcAf50YvOeHQlGHg=",
+ "zh:0002dd4c79453da5bf1bb9c52172a25d042a571f6df131b7c9ced3d1f8f3eb44",
+ "zh:49b0f8c2bd5632799aa6113e0e46acaa7d008f927665a41a1f8e8559fe6d8165",
+ "zh:56df70fca236caa06d0e636c41ab71dd1ced05375f4ddcb905b0ed2105737048",
+ "zh:58e4de40540c86b9e2e2595dac1318ba057718961a467fa9727866f747693eb2",
+ "zh:5992f11c738812ccd7476d4c607cb8b76dea5aa612be491150c89957ec395ddd",
+ "zh:7ff4f0b7707b51737f684e96d85a47f0dd8be0f72a3c27b0798755d3faad15e2",
+ "zh:8e4b0972e216c9773ab525accfa36eb27c44c751b06b125ecc53f4226c91cea8",
+ "zh:d8956cc5abcd5d1173b6cc25d5d8ed2c5cc456edab2fddb774a17d45e84820cb",
+ "zh:df7f9eb93a832e66bc20cc41c57d38954f87671ec60be09fa866273adb8d9353",
+ "zh:eb583d8f03b11f0b6c535375d8ed0d29e5f7f537b5c78943856d2e8ce76482d9",
]
}
-provider "registry.terraform.io/hashicorp/template" {
+provider "registry.opentofu.org/hashicorp/template" {
version = "2.2.0"
constraints = "2.2.0"
hashes = [
- "h1:94qn780bi1qjrbC3uQtjJh3Wkfwd5+tTtJHOb7KTg9w=",
- "zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386",
- "zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53",
- "zh:09ba83c0625b6fe0a954da6fbd0c355ac0b7f07f86c91a2a97849140fea49603",
- "zh:0e3a6c8e16f17f19010accd0844187d524580d9fdb0731f675ffcf4afba03d16",
- "zh:45f2c594b6f2f34ea663704cc72048b212fe7d16fb4cfd959365fa997228a776",
- "zh:77ea3e5a0446784d77114b5e851c970a3dde1e08fa6de38210b8385d7605d451",
- "zh:8a154388f3708e3df5a69122a23bdfaf760a523788a5081976b3d5616f7d30ae",
- "zh:992843002f2db5a11e626b3fc23dc0c87ad3729b3b3cff08e32ffb3df97edbde",
- "zh:ad906f4cebd3ec5e43d5cd6dc8f4c5c9cc3b33d2243c89c5fc18f97f7277b51d",
- "zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2",
+ "h1:tdS0otiAtvUV8uLJWJNfcqOPo3llj7FyRzExw6X1srY=",
+ "zh:374c28bafc43cd65e578cb209efc9eee4c1cec7618f451528e928db98059e8c8",
+ "zh:6a2982e70fbc2ab2668d624c648ef2eb32243c1a1185246b03991a7a21326db9",
+ "zh:af83169c21bb13f141510a349e1f70cf7d893247a269bd71cad74dd22f1df0f5",
+ "zh:b81a5bedc91a1a81b938c393247248d6c3d1bd8ea685541f9c858908c0afb6b3",
+ "zh:de15486244af2d29d44d510d647cd6e0b1408e89952261013c572b7c9bfd744b",
]
}
-provider "registry.terraform.io/hetznercloud/hcloud" {
+provider "registry.opentofu.org/hetznercloud/hcloud" {
version = "1.42.1"
constraints = "1.42.1"
hashes = [
@@ -102,3 +108,46 @@ provider "registry.terraform.io/hetznercloud/hcloud" {
"zh:ffa9470e41fa04ac667d4d830987aeed2070767d57f2414692c2dd395a405fba",
]
}
+
+provider "registry.terraform.io/cloudflare/cloudflare" {
+ version = "4.17.0"
+ hashes = [
+ "h1:TOmmgRjCbCRpuRfnHwBiHYhAGeV4RujuPBDj5Sj3Eis=",
+ "zh:07ad710dbda99ee3254d3d1f490ae367f6b724b58f727d936fd9e5042b4b8e01",
+ "zh:2efd112d96bb9eb78ee48baf0a1b00eaeaf63bf4b7ac6319ad0848462b93db21",
+ "zh:4db0dd36850609583ad6539a4ccc5397cf9bd25aedb53d0b81f3e4e51002ba44",
+ "zh:4fb0083eedef9d30c690245502fe26999432941ef146e4f2ff58d9f529cfe7da",
+ "zh:5234c41133cb53598cf4bf5896d7c8f7770a843f72d66e3c361ea676bd1df2ce",
+ "zh:5a1cdf31301c43d4312f34e9dadd65ad9828b6addcbc34814cce3fb7026d2236",
+ "zh:5abf12e4e5894b078fbc1801fe84008a7e2ab9863922f26d144fe6e4bdadd269",
+ "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
+ "zh:8b3e43706b21e53b5ec5f5e5db902596d350fb65ef79eb72a0be6c67255f355e",
+ "zh:9b9169cb5fa6cbcce1496cfab2319179229c74739257844942912bf30a9f81f6",
+ "zh:9f999c77f27a262649d24421c10f558a91d1ec69f2f28a41167aecd5338fedb4",
+ "zh:bbdd5a851285d6e383656f124000b9e476a41bd56dc123027e72c20837cfb671",
+ "zh:e34b2685ccacbf204df7fb2a0daa7b815256cf38aeb928610614189cd459c526",
+ "zh:ecf62423fa2eeb6e930762317aa45c5cc5200347b6f79ff5aa294b4e816c1dff",
+ "zh:fa7ffabfe30f6c94f90fa78582a8b5bb4571a079b5aafa4037dc23812dc53339",
+ ]
+}
+
+provider "registry.terraform.io/hetznercloud/hcloud" {
+ version = "1.44.1"
+ hashes = [
+ "h1:Pb9pYnJaMf7tURy6sMx6d6vJX7WFOZDIMYGjlsL0vAY=",
+ "zh:156df81d2c740608b9fb7f439defbb39b89585c55dc6e62e4af928808ff67f9e",
+ "zh:32407f1df8b59afe5e35710c4acf2c8a8cbf5ea9a32126f34cb0c49ff142a047",
+ "zh:456133e16e9ebfcd89534c968a8b2a3f931bf4acb76a8165acc2242b0b73ba78",
+ "zh:6855c90399abc11e32fcdc0bf54bdedb50009c46183b926b3493fdcf48d5e39c",
+ "zh:68fe1e7e9f692a29d75a3cc199b472e8bc00c9486b299bfaf816133797207804",
+ "zh:6c62a9fe0a6de3cd4ea0591193baef00b65c838610feb369d14e36d15f9ea93e",
+ "zh:6cb1db2287cc8baec8538d9df6a44f602f61580d8df4c484625295aa622f03d1",
+ "zh:7fd577a8079da2f6e96066a8bf6bce6e36fdd36c67ac03044fd29f15eb718a6c",
+ "zh:9f94d862b827c429bf6a3eea7a65b856475cdc6da7e0d8a8edfbc09de40bed3f",
+ "zh:a6499d633a63668629a32628624137d2ef8e1ca5ef77766669470def7f4d5732",
+ "zh:b46004de824350b1b9a44cc253608d25e7cdf77d628571ece2df2fe96aacb8d7",
+ "zh:b9d8c401f8ddb829ee67bf429aac781bf5022605f4d18b041c417622746a37a1",
+ "zh:cf182e8426d7bd555a46ea4c5d75ed431edb41aa162e57f07f13d235d0e74f0d",
+ "zh:e1b777a95498489aa04231b7825cca445119f2b1988bfdcd8f0a35e0ba59d883",
+ ]
+}
diff --git a/terraform/k8s01/main.tf b/terraform/k8s01/main.tf
index 1083c0d54c58916893b0772d5e09037c7acf720a..cb181967aab4082544f67759ff668affbca96709 100644
--- a/terraform/k8s01/main.tf
+++ b/terraform/k8s01/main.tf
@@ -3,15 +3,15 @@ module "gw" {
instance_count = 1
location = var.location
name = "gw"
- dns_domain = var.dns_domain
- dns_zone_id = var.dns_zone_id
+ dns_domain = nonsensitive(data.sops_file.vars.data["cloudflare.zone.domain"])
+ dns_zone_id = nonsensitive(data.sops_file.vars.data["cloudflare.zone.id"])
dns_record_aaaa = false
image = "fedora-38"
user_data = templatefile("templates/cloud-init.tpl", {
- netbird_key = var.netbird_key,
- netbird_sshkey = var.netbird_sshkey,
- netbird_privatekey = var.netbird_privatekey,
- netbird_presharedkey = var.netbird_presharedkey
+ netbird_key = data.sops_file.vars.data["netbird.key"],
+ netbird_sshkey = data.sops_file.vars.data["netbird.sshKey"],
+ netbird_privatekey = data.sops_file.vars.data["netbird.privateKey"],
+ netbird_presharedkey = data.sops_file.vars.data["netbird.presharedKey"],
})
ssh_keys = data.hcloud_ssh_keys.all_keys.ssh_keys.*.name
server_type = "cx11"
diff --git a/terraform/k8s01/provider.tf b/terraform/k8s01/provider.tf
index eac840f084bdc6ce9d8da6a04297c9d5afa3d27e..8315011114c2a3c5c6e80944e3a99f87414f0bc6 100644
--- a/terraform/k8s01/provider.tf
+++ b/terraform/k8s01/provider.tf
@@ -1,7 +1,9 @@
provider "cloudflare" {
+ api_token = data.sops_file.vars.data["cloudflare.credentails.token"]
}
provider "hcloud" {
+ token = data.sops_file.vars.data["hetznercloud.token"]
}
provider "template" {
diff --git a/terraform/k8s01/secrets.sops.yaml b/terraform/k8s01/secrets.sops.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..33f6b7d624cd92389481f8e83f3cec94cd704bed
--- /dev/null
+++ b/terraform/k8s01/secrets.sops.yaml
@@ -0,0 +1,46 @@
+cloudflare:
+ credentails:
+ token: ENC[AES256_GCM,data:c6wanpoNm/DLiifGfOq766KLpOFdkWw2njREZEzhoIEk0fXpJwnHHw==,iv:N7yi8YcNyhsrRiVj87uLj78bdfXKZNvXlS+fLoRZcWE=,tag:+NmIgqnfCTHVtlnkg8BqJg==,type:str]
+ zone:
+ id: ENC[AES256_GCM,data:wJPUaZ5O76VxwXBOxUqbcvEOMxJfEBNTfjWad46EEgA=,iv:EVU54ugQ1BzgXKovY42q9aqJegA5SGAyOHXYeSR7Jdc=,tag:fsYRNm+gEKT0fJA0lhmJZQ==,type:str]
+ domain: ENC[AES256_GCM,data:MkCYjXikY/0GsrCo/7QoonlBB7w=,iv:/JRJsF508kES7dQ7nP4deDSUakcYtyfSWBvQwxAzqQ8=,tag:va+5rsKefOfgn/2jaybvUA==,type:str]
+netbird:
+ key: ENC[AES256_GCM,data:T9WeKHX2/3Y+EBZsgmmw2YqhYSRbi9vVUg6ZngaXIfYcyJBm,iv:X9/svbYBCgPxOPm/bmdmoPeZQ7j3Zw3bgeNVjeL51Ek=,tag:s5ENTzn3BP7jUuSvpEZMWw==,type:str]
+ presharedKey: ENC[AES256_GCM,data:yf4QzJzWzVSYsD7SvhTqLnmZC1OQoWypl85tkWIUCvb2aYJp9gl+CyJOrZM=,iv:TTFBLlprr3tTdlt/GdWuB3Po/9hgiLskPIzQgxE2y2g=,tag:RQSHzd2ntmLcdxhRS5vTRQ==,type:str]
+ privateKey: ENC[AES256_GCM,data:4dyKVdXDdQ/UGPG0PaYzXG78d5V+Ie6HF0HsGxVM+5B57jp8DUK0MwtWDz4=,iv:YCKJ5hGAJsYM3M75cWT2ccr0maxwCB4MGJpH4LFaU5s=,tag:h9gODAQdk37kryaZrr/HdA==,type:str]
+ sshKey: ENC[AES256_GCM,data:8VKsDmBPbdHGVoRbl60CjLbdtKKOArqIOhRCjJ00ckgdzbt8M6uPmqBdL/a+GBvLcTe9oCQygjHXRz/ebhslT3kTnFQzL2HSNPFReBX1yeyBdzEVnsNYoXeZ+l1WAJwiMuIvsKyQMJcplVwqxWL2jomQ1BdyOeVGMCE=,iv:qmA8qRaAh+3D7RhRLiozYFGAsm5m7WNHqEQmSy40nKM=,tag:pBwo4dcCBGpIWmyVxk4HgA==,type:str]
+gitlab:
+ token: ENC[AES256_GCM,data:C9R/m45aKdJ/uI+HnzJdZHz0ltY2S9SDUTw=,iv:UWwsEXd/iaDynPLgHWLrzB/5vYYfw1iSfBv5qGrqfHE=,tag:ZBNgDHPX5bOmPKwyCWyaOQ==,type:str]
+hetznercloud:
+ token: ENC[AES256_GCM,data:o5m4hz7Z0joRHR65a+OysWxjcjMxprkVCaOg2Nt+NYybJQuSsZPnFOeuVVufXR/PZ2OFH9lpwbOVDLYYD/lB9w==,iv:9+bC8JpRUYa6Wk2ByAVtQ9wLAlgIcqZlRKBDyTqPAgw=,tag:a486oaIlalgJS4KhuC+UVg==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age: []
+ lastmodified: "2023-10-20T23:59:36Z"
+ mac: ENC[AES256_GCM,data:KhTbT9p4caaH6BPhDDiU9As3G0SKBBIY3f3S/1t0ssq5u0xs84mw4/cTV/F8mr6z8YD+wd5+A4i2YmOr05BO/RlEuwjH5SvRUl3WA4cEUu15C/HyVkzsis5YF7CFZB1Z40x/si5Ev+S2nqGptG5MS8wbVbRsmtNoDIWDBTMvxBo=,iv:EKgpZi3qndfRKU9b3IKeXr1Oq6kdxF1CvHzme+wtZvI=,tag:ZFP2hgjTZeiveO4Tl8EfNA==,type:str]
+ pgp:
+ - created_at: "2023-10-20T23:29:29Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ wcFMA7kpg2bgzVHcAQ/+Pp1MWufxBircnS93guuCwVRfcRd40Oxhr9ozgmAF+Z5x
+ mmtCVuJ0mu7seeLPzj/ominANN4+giIckmeFJag2YfA1qZ0zAz1nr2AT3k5dT2AR
+ fyklyz5l7gPbY/kvyBCdvkrqywi44cB8WwqRTcUc6yGDYG5whP/lmZjGugcbfnI6
+ JFGa3cwZNXqHtyn5pIa1cuV+C7tdd8kDDWUwNmoA71vyIl6112MYFM79DFAU1pMQ
+ 7JAHVpR8xYqZnIwnlN02QuUMuJJcpECpgpxMw2eVqRIlSon22TMvW+XEYurT00Kp
+ 8BGVM9C7k9BkqYqPczMAjUTJAZgLqQneymAJa5A5h2FrcYBtDrW8J9CIXikn9c1b
+ yHmIV87SYw2ixpCMxnbr28UzqOcPnq7eMLyYC6xzAM2PZZ3BE9p8rJAEfryGbGBx
+ HiGQLF/ss8lCBpiH0SmLnjpDQm1b7jlDhh93MHNgwCStII7EPwLKeCobSITTck0w
+ n/XkKxlk8hy6zsrQilVUegv28fn1rJsndhUr+A2YU5aoznAlYhNBVJxrO66F5vWw
+ ecJA7KP6jAoBIOUDmkmFWumyOAu67PAtxStvuHxDvXWDGN27ysix09SHpy+U2Gx6
+ Q0bxOhRhmMSWl+tcPGRvAMg872h5SDY5hCZMLhgBMX9jVuv4TQhB253pTwNZDgbS
+ UQFmclsDbvosm0ig0/CgBmdg8jG4lummNRFNOS1uXuyJHmHugPi+Q5T9T0d25CAd
+ e4vR6qRa7j8sp5SuRcoEAuFiHaX+2DpyZ5zamGwFd5admQ==
+ =GTgU
+ -----END PGP MESSAGE-----
+ fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
+ unencrypted_suffix: _unencrypted
+ version: 3.7.3
diff --git a/terraform/k8s01/secrets.tf b/terraform/k8s01/secrets.tf
new file mode 100644
index 0000000000000000000000000000000000000000..a3a7d395141a4871a98f0f0651ba8a6de783a7ae
--- /dev/null
+++ b/terraform/k8s01/secrets.tf
@@ -0,0 +1,3 @@
+data "sops_file" "vars" {
+ source_file = "secrets.sops.yaml"
+}
\ No newline at end of file
diff --git a/terraform/k8s01/variables.tf b/terraform/k8s01/variables.tf
index 174a6572552c508d6fe171e7ad6345fc38604d57..4569aca32389a162c9b97f5be2dec1ab94b1f4a7 100644
--- a/terraform/k8s01/variables.tf
+++ b/terraform/k8s01/variables.tf
@@ -1,13 +1,3 @@
-variable "dns_domain" {
- type = string
- description = "Name of the Cloudflare domain"
-}
-
-variable "dns_zone_id" {
- type = string
- description = "Zone ID of the Cloudflare domain"
-}
-
variable "network_cidr" {
type = string
description = "CIDR for the network"
@@ -24,29 +14,4 @@ variable "location" {
type = string
description = "Region"
default = "nbg1"
-}
-
-
-variable "netbird_key" {
- type = string
- description = "NetBird activation key"
- sensitive = true
-}
-
-variable "netbird_privatekey" {
- type = string
- description = "NetBird private key for keeping the netbird identity"
- sensitive = true
-}
-
-variable "netbird_presharedkey" {
- type = string
- description = "NetBird preshared key, to limit trust of netbird infrastructure"
- sensitive = true
-}
-
-variable "netbird_sshkey" {
- type = string
- description = "NetBird ssh key, because it seems to be needed."
- sensitive = true
}
\ No newline at end of file
diff --git a/terraform/versions.tf b/terraform/versions.tf
index 87ef545b3bce8bb5ca09d86f2eb53cd688620f62..d6083eb55560412c5478bc0bc52d0c0c3fe0921c 100644
--- a/terraform/versions.tf
+++ b/terraform/versions.tf
@@ -16,6 +16,10 @@ terraform {
source = "hashicorp/local"
version = "2.4.0"
}
+ sops = {
+ source = "carlpett/sops"
+ version = "1.0.0"
+ }
}
required_version = ">= 0.14"
}