feat(ops/buildkite): Bootstrap Buildkite Terraform configuration

In order to run this the secrets needs to be sourced, e.g.:

  eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-buildkite.age)

Change-Id: I9f6a02c0dac22f584181635861ddbb06cf849f14
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5838
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
This commit is contained in:
Vincent Ambo 2022-06-03 22:40:40 +00:00 committed by tazjin
parent 4288cf961e
commit c58cc1e690
4 changed files with 38 additions and 0 deletions

2
ops/buildkite/.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
.envrc
.terraform*

View file

@ -0,0 +1,7 @@
{ depot, pkgs, ... }:
depot.nix.readTree.drvTargets {
terraform = pkgs.terraform.withPlugins (p: [
p.buildkite
]);
}

24
ops/buildkite/tvl.tf Normal file
View file

@ -0,0 +1,24 @@
# Buildkite configuration for TVL.
terraform {
required_providers {
buildkite = {
source = "buildkite/buildkite"
}
}
backend "s3" {
endpoint = "https://objects.dc-sto1.glesys.net"
bucket = "tvl-state"
key = "terraform/tvl-buildkite"
region = "glesys"
skip_credentials_validation = true
skip_region_validation = true
skip_metadata_api_check = true
}
}
provider "buildkite" {
organization = "tvl"
}

View file

@ -15,6 +15,11 @@ depot.nix.lazy-deps {
rebuild-system.attr = "ops.nixos.rebuild-system";
rink.attr = "third_party.nixpkgs.rink";
tf-buildkite = {
attr = "ops.buildkite.terraform";
cmd = "terraform";
};
tf-glesys = {
attr = "ops.glesys.terraform";
cmd = "terraform";