From df8edcb5f7543baac51bddcd65faaac1e69989ee Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Mon, 27 Dec 2021 17:58:50 +0300
Subject: [PATCH] feat(ops/secrets): Import secrets for tf-glesys

Adds the secrets and some instructions for deploying the GleSYS
Terraform infrastructure.

Change-Id: I1a10f9cee7648d406b3d27ef45fc74b6923cbc30
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4712
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
---
 ops/glesys/README.md      |  20 ++++++++++++++++++++
 ops/secrets/secrets.nix   |   1 +
 ops/secrets/tf-glesys.age | Bin 0 -> 822 bytes
 3 files changed, 21 insertions(+)
 create mode 100644 ops/glesys/README.md
 create mode 100644 ops/secrets/tf-glesys.age

diff --git a/ops/glesys/README.md b/ops/glesys/README.md
new file mode 100644
index 000000000..00f61a936
--- /dev/null
+++ b/ops/glesys/README.md
@@ -0,0 +1,20 @@
+Terraform for GleSYS
+======================
+
+This contains the Terraform configuration for deploying TVL's
+infrastructure at [GleSYS](https://glesys.com). This includes object
+storage (e.g. for backups and Terraform state) and DNS.
+
+Secrets are needed for applying this. The encrypted file
+`//ops/secrets/tf-glesys.age` contains `export` calls which should be
+sourced, for example via `direnv`, by users with the appropriate
+credentials.
+
+An example `direnv` configuration used by tazjin is this:
+
+```
+# //ops/secrets/.envrc
+source_up
+eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-glesys.age)
+watch_file $(git rev-parse --show-toplevel)/secrets/tf-glesys.age
+```
diff --git a/ops/secrets/secrets.nix b/ops/secrets/secrets.nix
index d21db2466..11b1e1d2e 100644
--- a/ops/secrets/secrets.nix
+++ b/ops/secrets/secrets.nix
@@ -30,5 +30,6 @@ in {
   "nix-cache-pub.age" = default;
   "owothia.age" = default;
   "panettone.age" = default;
+  "tf-glesys.age" = default;
   "tf-keycloak.age" = default;
 }
diff --git a/ops/secrets/tf-glesys.age b/ops/secrets/tf-glesys.age
new file mode 100644
index 0000000000000000000000000000000000000000..53aa5e1acb0358f2f4edd958e64cfcdffb53a7d8
GIT binary patch
literal 822
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSnNiI(GDOV_QPs>Tk
zbSg0M(snQMNQo>cc8@aFcee<3PD=_%%gK&%Hx0@NC{B!w2;?daa|!eE_s!Bb&Me7D
z^v^X5%n0&!b~LO?j7W<xaP*Dvbu%~j_x7ytibS`~xxmXQJy4-M-!CsOBE7iGF)A{x
zA}8I+MB5;>$|WepIl?cc%F@t3yVS)q!^G0pz>%x8Ai&7eJSsiED#OUwA}Fue+oU|$
zFsj1O-6$Z*Gs7sy&$T2l(jweByByuN#0YQq<aC9QoZJ*=k32)Oe1p*J$fWYnqTH}@
zBlpU1Kfk2%eB(&pa-UMm#E1gpFjuZDkF<)CQp*g(<TT&N(#T-LprWwI<dDkZKrip|
zfaD~{i1eHke;-5lw0v~i{IlH)ebN=uqKrH&!Ya!QvobA``~s3wlA|I#(+Z-@12UZ}
zEpm(e%FKNYqH+xLj6%5z3UWP4Q&WQ?42#XneToAja*{Jb0zC|Z0;|%!(gR8&DheGv
zGcD5%LtR0(`PpgdrWd6q7N;th#zh%b+i-=MhniGXqy=V1mYIa7L^$RIhWG_lW=CdK
zCg&SgL>U=+<fMg1nG~B?RQQCahv@sdczO7nxushgl?0|~M|yD?gqHd``2?1Gm2>Ip
z>MCTG8bv1O1p650TV#}01>{A!_!dP}=tmX?X1E21SY{Y%7v)u^7YF+nmUE>W|B3l*
zrZ@dDL--7Rv(h#5Rafp8ymZ83+SYr{n}bbTEs|W%9}NqRT0U**^0(<KzR%y^GM6lB
z`@G?E;oq5GPs}jex;FCb{EIv6HvAAioh#^k{6USehHK(1laKG8vg{T9w{q7aJCQBh
zpKs&6^uDsXxQg|pud08$N6ciV`8x`a{<}X{?RB%+b<gIRZ?4Y1Uv=WDh1qN&pW1Lv
zm8HCT8LK~7+b8D#PCh>OproA}|Ez`gk8PfzJTb-X@#?3yzF*^$`?YyZ+aWIBJG%T0
T7dp*kCU4t(x$TqY^cR)@st+}C

literal 0
HcmV?d00001