terraform: store state on S3

terraform/default.nix

@@ -1,5 +1,6 @@
 {
   imports = [
     ./hydra.nix
+    ./state.nix
   ];
 }

terraform/state.nix

@@ -0,0 +1,21 @@
+{
+  # We use terraform.backend.s3 directly instead of the type-checked Terranix
+  # backend.s3 options. The latter does not support setting arbitrary s3
+  # endpoints.
+  #
+  # Note: currently requires the user to provide AWS_ACCESS_KEY_ID as well as
+  # AWS_SECRET_ACCESS_KEY in their environment variables.
+
+  terraform.backend.s3 = {
+    endpoints.s3 = "s3.delroth.net";
+    region = "garage";
+    bucket = "bagel-terraform-state";
+    key = "state";
+
+    # It's just a dump Garage server, don't try to be smart.
+    skip_credentials_validation = true;
+    skip_region_validation = true;
+    skip_requesting_account_id = true;
+    skip_metadata_api_check = true;
+  };
+}