Begin adding support for using opentofu through openbao secrets

2025-07-07 23:10:53 +02:00 · 2025-07-07 23:10:53 +02:00 · e61b3b06f3
commit e61b3b06f3
parent 8e31f30762
12 changed files with 551 additions and 39 deletions
--- a/nix/modules/nixos/hetzner-instance/default.nix
+++ b/nix/modules/nixos/hetzner-instance/default.nix
@ -229,12 +229,10 @@ in
      khscodes.provisioning.pre = {
        modules = modules;
        secretsSource = cfg.secretsSource;
-        variablesNeeded = [
-          "TF_VAR_cloudflare_token"
-          "TF_VAR_cloudflare_email"
-          "AWS_ACCESS_KEY_ID"
-          "AWS_SECRET_ACCESS_KEY"
-          "TF_VAR_hcloud_api_token"
+        endspoints = [
+          "aws"
+          "cloudflare"
+          "hcloud"
        ];
      };
    }
--- a/nix/modules/nixos/provisioning/default.nix
+++ b/nix/modules/nixos/provisioning/default.nix
@ -21,9 +21,17 @@ let
      description = "Where to get the secrets for the provisioning from";
      default = "vault";
    };
-    variablesNeeded = lib.mkOption {
-      type = lib.types.listOf lib.types.str;
-      description = "Needed environment variables for the provisioning";
+    endspoints = lib.mkOption {
+      type = lib.types.listOf (
+        lib.types.enum [
+          "openstack"
+          "aws"
+          "unifi"
+          "hcloud"
+          "cloudflare"
+        ]
+      );
+      description = "Needed endpoints to be used during provisioning";
      default = [ ];
    };
  };