feat(grfn/bbbg): Production deployment r/3456

Start of a production deployment of the app with nixos+terraform, using
provisioners and null-resources to provision nixos machines a'la espes.

Change-Id: I2ddaed76d0037dadbf9fc9e2ee27e9e67a852228
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4695
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI

1 files changed, 24 insertions, 0 deletions

diff --git a/users/grfn/terraform/globals.nix b/users/grfn/terraform/globals.nix
new file mode 100644
index 000000000000..5f373c664604
--- /dev/null
+++ b/users/grfn/terraform/globals.nix
@@ -0,0 +1,24 @@
+{ pkgs, ... }:
+
+{
+  provider.aws = map (region: {
+    inherit region;
+    alias = region;
+    profile = "personal";
+  }) [
+    "us-east-1"
+    "us-east-2"
+    "us-west-2"
+  ];
+
+  data.external.cloudflare_api_key = {
+    program = [(pkgs.writeShellScript "cloudflare_api_key" ''
+      jq -n --arg api_key "$(pass cloudflare-api-key)" '{"api_key":$api_key}'
+    '')];
+  };
+
+  provider.cloudflare = {
+    email = "root@gws.fyi";
+    api_key = "\${data.external.cloudflare_api_key.result.api_key}";
+  };
+}