From ed50bab459c231991a8ae23153ace4556e86e5f3 Mon Sep 17 00:00:00 2001
From: Ryan Lahfa <ryan@dgnum.eu>
Date: Thu, 10 Oct 2024 12:31:44 +0200
Subject: [PATCH] feat(infra): add S3 declarative buckets

A very simple basic support for it, which requires a S3 admin token.

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
---
 terranix/default.nix |  1 +
 terranix/s3.nix      | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+)
 create mode 100644 terranix/s3.nix

diff --git a/terranix/default.nix b/terranix/default.nix
index b6ff81e..bcf5704 100644
--- a/terranix/default.nix
+++ b/terranix/default.nix
@@ -2,5 +2,6 @@
   imports = [
     ./common.nix
     ./state.nix
+    ./s3.nix
   ];
 }
diff --git a/terranix/s3.nix b/terranix/s3.nix
new file mode 100644
index 0000000..19d456f
--- /dev/null
+++ b/terranix/s3.nix
@@ -0,0 +1,32 @@
+{ lib, ... }:
+let
+  inherit (lib) tf;
+in
+{
+  # FIXME: add a NixOS module to abstract bucket creation, etc.
+  config = {
+    terraform.required_providers.garage = {
+      version = "~> 1.0.3";
+      source = "registry.opentofu.org/RaitoBezarius/garage";
+    };
+
+    resource = {
+      secret_resource.admin-s3-token.lifecycle.prevent_destroy = true;
+      garage_bucket.monorepo-terraform-state = { };
+      garage_bucket_global_alias = {
+        monorepo-terraform-state = {
+          bucket_id = tf.ref "resource.garage_bucket.monorepo-terraform-state.id";
+          alias = "monorepo-terraform-state";
+        };
+      };
+      garage_key = { };
+      garage_bucket_key = { };
+    };
+
+    provider.garage = {
+      host = "s3.dgnum.eu";
+      scheme = "https";
+      token = tf.ref "resource.secret_resource.admin-s3-token.value";
+    };
+  };
+}