feat: stuff

.gitignore

@@ -259,3 +259,5 @@ override.tf.json
 terraform.rc
 
 *.key
+secrets/
+.ansible

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+  "ansible.python.interpreterPath": "/Users/max/Documents/GitHub/kubernetes-the-hard-way/.venv/bin/python"
+}

Taskfile.yml

@@ -0,0 +1,11 @@
+version: 3
+
+tasks:
+  vault: ansible-vault edit vault.yml {{.CLI_ARGS}}
+  tf:apply: ansible-playbook playbooks/provision.yml {{.CLI_ARGS}}
+  
+  enter:
+    cmd: ssh -i {{.KEY}} -p 2222 root@{{.IP}}
+    vars:
+      KEY: { sh: ansible-vault view vault.yml | yq -r ".secret.private_ssh_key_path" }
+      IP: { sh: cat dist/terraform_outputs.yml | jq -r ".server_ip.value" }

ansible.cfg

@@ -0,0 +1,13 @@
+[defaults]
+callbacks_enabled = profile_tasks
+localhost_warning = False
+vault_password_file = vault.key
+interpreter_python = /usr/bin/python3.11
+
+[inventory]
+inventory_unparsed_warning = False
+
+[ssh_connection]
+ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes -o IdentityAgent=none
+pipelining = True
+retries = 2

playbooks/provision.yml

@@ -0,0 +1,39 @@
+- name: Deploy terraform infrastructure.
+  hosts: localhost
+  gather_facts: false
+  vars_files:
+    - ../vault.yml
+  tasks:
+    - name: Reconfigure and plan.
+      community.general.terraform:
+        project_path: '../terraform'
+        state: "planned"
+        plan_file: plan.out
+        init_reconfigure: true
+        force_init: true
+        backend_config: "{{ terraform.backend }}"
+        variables: "{{ terraform.variables }}"
+        complex_vars: true
+
+    - name: Apply.
+      community.general.terraform:
+        project_path: '../terraform'
+        state: "present"
+        plan_file: plan.out
+        backend_config: "{{ terraform.backend }}"
+        variables: "{{ terraform.variables }}"
+        complex_vars: true
+      register: terraform_apply
+
+    - name: Create secret directory.
+      ansible.builtin.file:
+        path: ../secrets
+        recurse: true
+        mode: "0755"
+        state: directory
+
+    - name: Send outputs to file.
+      ansible.builtin.copy:
+        content: "{{ terraform_apply.outputs }}"
+        dest: ../secrets/terraform_outputs.yml
+        mode: '0755'

terraform/.terraform.lock.hcl

@@ -0,0 +1,23 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hetznercloud/hcloud" {
+  version     = "1.57.0"
+  constraints = "~> 1.45"
+  hashes = [
+    "h1:xpAcuja19Ts7bCpmULKdBw4dEBJhF/eL6AjM4xDBEAI=",
+    "zh:016ecc39328f34f6c0ffa413598f354824f7878c89cd031f123edb4bc8a687a2",
+    "zh:10b362dc0847200c987214b129b5f85e2f7d8ad417261a1d2dd04ab74de15603",
+    "zh:194647d9a61dca4f411f44580316b88a11095d7a99679d445f9b0f2c1ba976c4",
+    "zh:1d8aafe2ce7890696385bb3a0c3286e7ee3020416d337f59935406e4c6f91de6",
+    "zh:594585616210fb232fad4ebda2387ecd3f483931e00eff988fca83add6ce7cfc",
+    "zh:65e50be33ffb85580546f119839e1293591cc6d4db729d809931d0408b6ae408",
+    "zh:7d4ed5bd8c477ec304142e2160203a76a0d09c93d224950bda253172b2571038",
+    "zh:90a70a70a266b78c8216903e711904e6969b3957d182602b5d788602ec9ef323",
+    "zh:abb8e28e96fb8de270995873de980896b7cb53cfc550f02c50eaa42884624ba9",
+    "zh:bbf34dca2de6e105ca7204222162a0402d8e9e9a28e1de5ffbaa2c0d6270a059",
+    "zh:c1a9edb693d632dcb5c3c9ee84c97138e08eadb9354e28592efd581f68ac0385",
+    "zh:dadbf1368fae314fe8dcb99ebefbc78409f3fc0e3808cd92ea573b8eee1cae98",
+    "zh:e713e00ca27348abd18da2eeff861905e84050e3e7e008f14a0c63c70ab2ff84",
+  ]
+}

terraform/main.tf

@@ -1,15 +0,0 @@
-resource "hcloud_ssh_key" "main" {
-  name       = "my-ssh-key"
-  public_key = file("~/.ssh/id_ed25519.pub")
-}
-
-resource "hcloud_server" "jumphost" {
-  for_each = local.boxes
-  name        = each.key.name
-  image       = "debian-12"
-  server_type = "cx23"
-  public_net {
-    ipv4_enabled = true
-    ipv6_enabled = true
-  }
-}

terraform/outputs.tf

@@ -0,0 +1,3 @@
+output "name" {
+  
+}

terraform/variables.tf

@@ -1,12 +1,4 @@
 variable "hcloud_token" {
   sensitive = true
-}
-
-locals {
-  boxes = [
-    {
-      name = "jumpbox"
-      type = "cx23"
-    }
-  ]
+  type = string
 }

vault.yml

@@ -0,0 +1,23 @@
+$ANSIBLE_VAULT;1.1;AES256
+39383731646434386366666562363064623636656265366534316534363937353235663633613435
+3363323436346331643664313733396433343638306337660a366538623863656235383331613062
+37366565373161313237333066353235663932326332646230616665623863633266633038313462
+3862646439663163620a303766653136323934636566396362653533643865643461623462623732
+63313364383164386365333635636531343532663632646430656561363037303734613766313336
+61653562656530303134336231323834653062306634633463306438636635373238646137393164
+35303934633239386630346337396665303434663361376563613162393039323362613335353734
+32613231346530353435373733633863373930626466366234396636313363653766666363613336
+32313638393931306330656433356537363633393836373437363934613533396462303939643766
+62666636353032386136303036336233366534313630666436616534666130396534396261343032
+39326236326235386666343433316166663033616365383333333634383664356234343263313066
+65316161633863313235323136623861303439663863343935343064656365646438633038663761
+39636365333033313237653563323832623332333535373764633233333637333033643230366162
+38613066373730363466363963313331616131323138653334326632393239633436336461393530
+66356637323135386233323564633037633832613631373532616236646537653238613631336636
+33653437663936343039313465663465346664343962666466373362666232356237303038323164
+30333139373562316438366266653330306566313439613338363762383732646630393330623736
+33323734373638636165346531366662323562666334613562316331656562333264303534343030
+39616233323861363763663531333630613436343137386432383234376333326335363832356535
+61333939326230613064363136316232323233616465666337333133303366346639613765336362
+65353362613765376131363364616436383435373038306339663534313035353830613262613032
+3430323661613733343033663930666639626162306231626433