{ tflib, lib, ... }: let inherit (lib) singleton ; inherit (tflib) tf ; in { terraform.required_providers = { hcloud.source = "hetznercloud/hcloud"; }; resource."hcloud_primary_ip"."altra_ipv4" = { name = "altra_ipv4"; datacenter = "fsn1-dc14"; type = "ipv4"; assignee_type = "server"; auto_delete = false; delete_protection = true; }; resource."hcloud_primary_ip"."altra_ipv6" = { name = "altra_ipv6"; datacenter = "fsn1-dc14"; type = "ipv6"; assignee_type = "server"; auto_delete = false; delete_protection = true; }; resource."hcloud_ssh_key"."magic_rb" = { name = "magic_rb"; public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFVkFvalffJ/SMjJGG3WPiqCqFygnWzhGUaeALBIoCsJ (none)"; }; resource."hcloud_server"."altra" = { name = "altra"; image = "debian-12"; datacenter = "fsn1-dc14"; server_type = "cax11"; public_net = { ipv4_enabled = true; ipv4 = tf "hcloud_primary_ip.altra_ipv4.id"; ipv6_enabled = false; ipv6 = tf "hcloud_primary_ip.altra_ipv6.id"; }; delete_protection = true; rebuild_protection = true; # ssh_keys = singleton (tf "hcloud_ssh_key.magic_rb.id"); }; prefab.pushApproles."altra" = { host = "10.64.0.11"; user = "main"; policies = [ # (tf "vault_policy.toothpick_consul.name") # (tf "vault_policy.toothpick_nomad.name") ]; metadata = { "ip_address" = "altra.redalder.org"; }; approlePath = tf "vault_auth_backend.approle.path"; }; }