From df8edcb5f7543baac51bddcd65faaac1e69989ee Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Mon, 27 Dec 2021 17:58:50 +0300
Subject: [PATCH] feat(ops/secrets): Import secrets for tf-glesys

Adds the secrets and some instructions for deploying the GleSYS
Terraform infrastructure.

Change-Id: I1a10f9cee7648d406b3d27ef45fc74b6923cbc30
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4712
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
---
 ops/glesys/README.md      |  20 ++++++++++++++++++++
 ops/secrets/secrets.nix   |   1 +
 ops/secrets/tf-glesys.age | Bin 0 -> 822 bytes
 3 files changed, 21 insertions(+)
 create mode 100644 ops/glesys/README.md
 create mode 100644 ops/secrets/tf-glesys.age

diff --git a/ops/glesys/README.md b/ops/glesys/README.md
new file mode 100644
index 000000000..00f61a936
--- /dev/null
+++ b/ops/glesys/README.md
@@ -0,0 +1,20 @@
+Terraform for GleSYS
+======================
+
+This contains the Terraform configuration for deploying TVL's
+infrastructure at [GleSYS](https://glesys.com). This includes object
+storage (e.g. for backups and Terraform state) and DNS.
+
+Secrets are needed for applying this. The encrypted file
+`//ops/secrets/tf-glesys.age` contains `export` calls which should be
+sourced, for example via `direnv`, by users with the appropriate
+credentials.
+
+An example `direnv` configuration used by tazjin is this:
+
+```
+# //ops/secrets/.envrc
+source_up
+eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-glesys.age)
+watch_file $(git rev-parse --show-toplevel)/secrets/tf-glesys.age
+```
diff --git a/ops/secrets/secrets.nix b/ops/secrets/secrets.nix
index d21db2466..11b1e1d2e 100644
--- a/ops/secrets/secrets.nix
+++ b/ops/secrets/secrets.nix
@@ -30,5 +30,6 @@ in {
   "nix-cache-pub.age" = default;
   "owothia.age" = default;
   "panettone.age" = default;
+  "tf-glesys.age" = default;
   "tf-keycloak.age" = default;
 }
diff --git a/ops/secrets/tf-glesys.age b/ops/secrets/tf-glesys.age
new file mode 100644
index 0000000000000000000000000000000000000000..53aa5e1acb0358f2f4edd958e64cfcdffb53a7d8
GIT binary patch
literal 822
zcmZ9|@5|J5008iadeOkd?2Qm{kVf@z&)s&r-Hzhqp55JcyZyYM+mK+l-M+i$cH3^d
z-F{dQNKf=K1btNGp+H155S}y%M2bwK7pY-^h)*D5pz)LsVpvJ`_W27w@KM1aJ+L(|
zcBezfo_9QunZZ!Hl=6KuJ<ySS9xkSI%~zQ)H6;y8A1=5kJx6+!F1tRd<T51QB8<LZ
zSR;kZH%-A;Wl4mBZlz1}>|!Q2oSG^>#zeE(Aj)u}N`{mzvl3e?6!=CxqUFsR;nE90
zOoa|-+Y<0+Wkoh33oM{>*+Eii>V(AUNfG8pL8We@MK)W80#`ul1qC>XiRAF6?KjY{
z1uGFpB0|4zA{JMjiZb3KM&V{nl^Uc5Qf+Ij6O;{OPPQ|W`(ei$cSD4XdmPsfot(^u
zOi)xMH`lE~i<A*fgQ5v*1}g`03vPN{S!>6>NH;=3>z5^9={y6IhO=4YN92S7DMLXh
zyc^Hp#UbA31WnfzscyJRK^PJ-KK8g-fz2uwY$F}Wb;ndN7&Il=FNBOQNS0={MJn4A
z6F>uDDn*lWeOLr=r~1FfmEKANZ=m{vRQ_EB+4~OEEp*T%GQ^=gLwmYZw!}8qj7Rcf
ztT}L`ATVVaJq7hqJYssFonb39#bY&4M5dxKC(}^26R-=67}8Jk(&^MNKxEBoF*ye}
zgG8{E3hPNxMxKaft<`?oGUwSb@LT*Ogh1|}Jsa5k!Q0RDmNQszYGv1n3)`-Jiyt_1
zi&$;tKg9dhA1`)W%JBooj{gpJvUk^S6n1z^8>crW{~mgHc^NzNx%_bD>bcVCzqbD{
z-bP&d^}XC1RrN6X=lY%J&ToHm;;YX}FMsjn-LqS+t;c))<oWN}UHnJXp8e0RoSR&H
zvUc?Kd;73o>iZ7ezkXybxqKbRj=aRY-+N)_u`ToF$v@uStvY{emyUkDqg2~^_|vuT
vR+nG<M6caGdFRHXpI?0S@#?9iZy@$&dg}*QKE__ze|Gh!r3Y^w{H^#Ost+}C

literal 0
HcmV?d00001