From 30859b2872bb40f6f1792f8a5c40442c90e94cd6 Mon Sep 17 00:00:00 2001
From: Pierre Bourdon <delroth@gmail.com>
Date: Sun, 7 Jul 2024 18:22:41 +0200
Subject: [PATCH] terraform: store state on S3

---
 terraform/default.nix |  1 +
 terraform/state.nix   | 21 +++++++++++++++++++++
 2 files changed, 22 insertions(+)
 create mode 100644 terraform/state.nix

diff --git a/terraform/default.nix b/terraform/default.nix
index 61f5866..0c5eb87 100644
--- a/terraform/default.nix
+++ b/terraform/default.nix
@@ -1,5 +1,6 @@
 {
   imports = [
     ./hydra.nix
+    ./state.nix
   ];
 }
diff --git a/terraform/state.nix b/terraform/state.nix
new file mode 100644
index 0000000..4010d97
--- /dev/null
+++ b/terraform/state.nix
@@ -0,0 +1,21 @@
+{
+  # We use terraform.backend.s3 directly instead of the type-checked Terranix
+  # backend.s3 options. The latter does not support setting arbitrary s3
+  # endpoints.
+  #
+  # Note: currently requires the user to provide AWS_ACCESS_KEY_ID as well as
+  # AWS_SECRET_ACCESS_KEY in their environment variables.
+
+  terraform.backend.s3 = {
+    endpoints.s3 = "s3.delroth.net";
+    region = "garage";
+    bucket = "bagel-terraform-state";
+    key = "state";
+
+    # It's just a dump Garage server, don't try to be smart.
+    skip_credentials_validation = true;
+    skip_region_validation = true;
+    skip_requesting_account_id = true;
+    skip_metadata_api_check = true;
+  };
+}