From c58cc1e6901f5ed4103654404e3a1ae0902bcc13 Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Fri, 3 Jun 2022 22:40:40 +0000
Subject: feat(ops/buildkite): Bootstrap Buildkite Terraform configuration

In order to run this the secrets needs to be sourced, e.g.:

  eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-buildkite.age)

Change-Id: I9f6a02c0dac22f584181635861ddbb06cf849f14
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5838
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
---
 ops/buildkite/.gitignore  |  2 ++
 ops/buildkite/default.nix |  7 +++++++
 ops/buildkite/tvl.tf      | 24 ++++++++++++++++++++++++
 tools/depot-deps.nix      |  5 +++++
 4 files changed, 38 insertions(+)
 create mode 100644 ops/buildkite/.gitignore
 create mode 100644 ops/buildkite/default.nix
 create mode 100644 ops/buildkite/tvl.tf

diff --git a/ops/buildkite/.gitignore b/ops/buildkite/.gitignore
new file mode 100644
index 0000000000..41c1b33462
--- /dev/null
+++ b/ops/buildkite/.gitignore
@@ -0,0 +1,2 @@
+.envrc
+.terraform*
diff --git a/ops/buildkite/default.nix b/ops/buildkite/default.nix
new file mode 100644
index 0000000000..f085bc6d97
--- /dev/null
+++ b/ops/buildkite/default.nix
@@ -0,0 +1,7 @@
+{ depot, pkgs, ... }:
+
+depot.nix.readTree.drvTargets {
+  terraform = pkgs.terraform.withPlugins (p: [
+    p.buildkite
+  ]);
+}
diff --git a/ops/buildkite/tvl.tf b/ops/buildkite/tvl.tf
new file mode 100644
index 0000000000..752a33b092
--- /dev/null
+++ b/ops/buildkite/tvl.tf
@@ -0,0 +1,24 @@
+# Buildkite configuration for TVL.
+
+terraform {
+  required_providers {
+    buildkite = {
+      source = "buildkite/buildkite"
+    }
+  }
+
+  backend "s3" {
+    endpoint = "https://objects.dc-sto1.glesys.net"
+    bucket   = "tvl-state"
+    key      = "terraform/tvl-buildkite"
+    region   = "glesys"
+
+    skip_credentials_validation = true
+    skip_region_validation      = true
+    skip_metadata_api_check     = true
+  }
+}
+
+provider "buildkite" {
+  organization = "tvl"
+}
diff --git a/tools/depot-deps.nix b/tools/depot-deps.nix
index eabd6484c3..62f390508c 100644
--- a/tools/depot-deps.nix
+++ b/tools/depot-deps.nix
@@ -15,6 +15,11 @@ depot.nix.lazy-deps {
   rebuild-system.attr = "ops.nixos.rebuild-system";
   rink.attr = "third_party.nixpkgs.rink";
 
+  tf-buildkite = {
+    attr = "ops.buildkite.terraform";
+    cmd = "terraform";
+  };
+
   tf-glesys = {
     attr = "ops.glesys.terraform";
     cmd = "terraform";
-- 
cgit 1.4.1