fix sops encryption

.sops.yaml

@@ -1,7 +1,7 @@
 keys:
   - &joerg age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
 creation_rules:
-  - path_regex: targets/.*/terraform.tfstate.sops$
+  - path_regex: targets/.*/terraform.tfstate$
     key_groups:
     - age:
       - *joerg

targets/admins/apply.sh

@@ -1,16 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-rm -f .terraform.lock.hcl
-TFSTATE=$(mktemp)
-if [[ -f "terraform.tfstate.sops" ]]; then
-  sops -d terraform.tfstate.sops > "$TFSTATE"
-fi
-toplevel=$(git rev-parse --show-toplevel)
-backupdir=$toplevel/.git/terraform/$(basename "$(dirname "$0")")
-cleanup() {
-  sops -e "$TFSTATE" > terraform.tfstate.sops && rm -f "$TFSTATE"
-}
-trap "cleanup" EXIT
-terraform init -backup="$backupdir" -state-out="$TFSTATE"
-terraform apply -backup="$backupdir" -state-out="$TFSTATE"

targets/admins/terraform.tfstate

@@ -0,0 +1,20 @@
+{
+	"data": "ENC[AES256_GCM,data:C69HvY7rkUg4iVFI+J8aHWHes6sIHmScXBMxsZBlCEzUeVCx5KNvtVlCX47o6Kf7Mbj6Gsj1iSepiGoChAISd9LQhoUpI5ZJC/TBvBRjSIr945vdH/gtO1pQdM9/iCcmZNN3RK0flbsFURqlBcfxt44zv7rEvlpNIKVG+tBLiRM+ajJxTuZdxCqkw6c1Uvbaw9cNjSfYYTMj1fu+TapjNJGLDFxq9niIKv1tXAZA1nNjiNsxOm7Tq8VHqhqze4LC+AQHQciuVQGdVA4X32iK07NQKqe5Z/s4g6pJrVaHVy7mffAuZ1oPthw1aEj49V4aiCWq18KXBOlpaWMbIH442NL4i0nwP3r5Gnql5GeeV7JeFreJoSPU88ptQYSAmB0Z7yrWgh0fegDdsHX03b6QKGDOfpxPGOwQRYz5C6kvEQolSZ6zrEAqaJJcB8KHIKoJyp4q2JbVPYzh0z/HDNV+HBKtfcmxW0+nlfRSMesMEg7UwVLy3FYjZagrJhfULmLFttU8Xy4f6PBIHF2jNc+z5glViuVfB85RjK313ZkeU8s4hv1FIpl7jWnls0p+6QMRtYoDStxx5+BvLg0z2Gd15M9QnGJn/Nuxn8Nv+7Sa/TKJO2Fi74GXriumrP5bnyPKjQ4Lu5YRBXKtNO5PDBrDoUXcQ7FzaPgips8k2YFtPBbCcZ8aTQ062R/0j/qC/yzM9b7eVibU70V25vpGAtXV2BTLqcjO27Skv24Sqj6xlQHqYtjHnqpjEhE0rc+J+HwnNFVqzIfjvlrE8zDKJ+LT6vrC/ilN+axVOIFUB7ZPr7nQXMuwjV8znOxkAMqTbk58jcP+5x4Sq/QkljJW2g7/ed2WhXxhHldOkkv/q1PESYHvUtvnqrhay7BWHSvFpups2tqbmuUUCY3X31gMWYRdy9lj4mDz0zTw/EbieZEf+voIzsmN6Hr97igVqee7gBmoxfrGVxI91iN+4GodCqXE09wV0KipOSCddq5hasSj5gz9ra6oeIcxAdsU7OE/ua6s9ngg4O9sDItbHUhHFki4vp8e2UOEsk6MpCBFVx1YCvWa/5s1qVPG8E8+msNpp8YVByDhHzzMO2BwR+veTPZ8LaVVryEJye+e/bUDurqxbnwY7xb6EO0Tug79+B0KLrUUHFOvDwX0EnZDLI1rqCeL/R1MDVmxuUUrJQi3RMCkqaxR1L3a3t5wfX/3Mo9joOWVQ7ngJFNHSgQh1nOPuPaZe8jz2OrTRF4dcxqHNI3mT8uYDS3qL8DAiw3OyqWYmWK8Kq+u2CIEA1tnHmUmT1szkwkC5zX4Llhtgtm/DNVrlkUeQm9nsCtYuH5PBFTkxh3O3aUPENWa3hqg/AP0etJcivrYy+ql/dWoTCljC0nUgAXI1f+h0OvE6q9uGPkNpf0ZuA92FEzlva/G8K90WR9OTu6b8tW2BfcmLT6wtafzq5tPgO4T56quNnu1+NnSAgmjgiBtWPSqILUHGCkYY0tESiTxnJiFEMJz91BIVvTfZ3BkQ9wa8OAkPhdlskYIA4N7ms5ZwBNri96qpGfvo3PbLOsO/kwwtJAJ3wMLw0KHyP+kfcUo4JUEJJsThyGh19LGV83718jG+FfGziUfVa/uSL0tF8/HCaKXlrLS+RJj3dSWxZ97cqTQPt4lKYQ9y40PdZK4/Hl+KJOdYDNBhn5uwmaR9kbAjRUorYIRLOPcQf3CrOszmkxM9XUuRjutcEcioA4dz7onFaSTSPTi1mPgLVv1rV55TnJLlhPV7GcicJ+R6cYnuT1eOXtxRk89x51qr6sA43w4VFGcfHfTimKn+r3rI6uwSZ0iyO6SI0Lj4Qmt0dpUpT8M+R3TPOnLFiCHHafp/b9Qj50XmeTACf4QISpRLQQSOhv0jMLqhKYNv/QF3q/sYNX6wTnprNdrPaSNC5aYwfSUUBnTAwHl0e/t1b6tAeIQg+rpXV9aOxi+XLWLgPmfk1j/fXUyktUk45F5lr7PLhByi4bkAiSfog92fojI4dXYKqHTi+SebHXpDiDLl7EBmXhVHuQ2hQGtTu8CtkE2VdswjDuVOtYtPUyQnLjss9yW2bQvYgr60ULA4UVI6ghRrRpD60NadeVrXgCLEEHAA6kWFC9vdVoWpNNsonUF/afJYHtB+r6qtM5zBURJXeKYaTkU5N3H3AtuW6Cjk0HDJW1A6SqPHuqACSDXLjPfSgxNugrfeZ0BcgethvzHPjPwsO/k5wDf8Vo6QbRn9D4Ty63NK3nu7e7XibrU6uZ/huYeH6ErSK8cdnJlBzjiP2NNgMx1ssLNQZPJhj8w344xyKOZDS5kDHUnIRGsWW9IYnq31K68eYNCDy7kdTXTPJQhYN+DE2Gkz4ajdn/aU+fB8xRbFp+TEhDRpwzci7MIItF87Ic5+bmuI7KsLKEa1mZm4szuNkoZCcKFjGHhWFdwWoBp6qxQuyek78jK2ESEF4n8qmYJixv9+6G6pNsO1tBrLWQr72ZxvBbFnKC9P0jtBx2sucqkzmc3AQTiGpDjlMfPr4wSeMleG1F6wWHoaR2E41x1739+y4HUF6nUrSkCl4f78qUZjJwLqHcrUvhBLDUvzv4G9/U2GWKc5d9m2F91NQvBU3PS2eyzTWMwQCOa87v7S5kRFsSJDfqkTKFKMe6qp/oDajMfWkxC1RQZXNMkhXrMPy7ewqisNaFjIeVwt6CqLoAAbEbm1dDUJTzpA20H20K44qwvkXcrrN+Jd557XT0NrrtrvRpF/of2Ww/HC+etJt8ojqeCgsS6es3qleyLwYUsjJa23WJxyUrBM7w=,iv:Vri/cfI1/U73XZiqY+AsPEbOh1HTxCiusy736NvsnH0=,tag:1VYcrPmunR45EeK3l4pMQg==,type:str]",
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": [
+			{
+				"recipient": "age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsQ1VZejVPbnJnS1dHVW1y\nWWRKMHR3NjB1azVkRCttMytrcmgwaEZxWW5ZCm5MeGN0bFRYajlXSTVMM2haQytC\neUhXbEhwTkVjbGNxYVNHKzZ0NTFPQ0EKLS0tIDlFQzNMbXBUSUMyZ2dtSHJHWGNJ\nbUE4OEhpZDRnWEZqVGVNdEVHekQ5QzQKH7LQ/Ih6GHdqHSt0EtpYbrG+CYwyFIHF\nZ/bcRSvrBYlLs4bh5MxJbxYyUNRGGQjESDuT/bZL8HkicWYjQONu7w==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2023-07-04T15:50:45Z",
+		"mac": "ENC[AES256_GCM,data:ROEpiYvLNqMpMj4Q5Kuxp1jJ1YsdTd19VdQSI09Jhcx5qNr5cbBYcWTO/548/x6lMTCELMy1nXciYjiDTt1lwR3eisXt0B5nZUaZ9cSu/EtXHC2esrsox0R+WRpOcMDYZiA6XIaNMNd2NYL/ePM3uZTZhC3UF+aDEeKPTiTowkk=,iv:y+vQ+qsM0tV5bBQRuysvnNu0REaRrtAu7NkdkMwm8cI=,tag:OJ9t3cbTTg/tApvnnyzCLA==,type:str]",
+		"pgp": null,
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.7.3"
+	}
+}

targets/admins/terraform.tfstate.sops

@@ -1,20 +0,0 @@
-{
-	"data": "ENC[AES256_GCM,data:1Fhkht0WrTHNQZqgdm8HFHjoexlfyFP9aFVzQ9HM+bK3ycLeZfT21aRJg8RsPo7Y/5zds0iDTulKxDj4DO1UcLFGEg9dTduEpWFWGqS6aRoLkddWj6vuCt7jL9DebTusAItVs27M7W9kcG970NqCE+62XUqiYxInLm8IEthh4tnzBR0wRrHhkojoUk2GHNv8w3zpb9GJrofBeoJB7+lHinbNoISBBmepTMpOlZR096j147pgRqqueNllw2xWE8YWMxgRIYE4MoW5U+1kPMmZgcnMtHFz0Ft5JqtjLR2GEI5kc29es+AfERMaTMnjT3PEw9k66QzkVN7F/fgzkO5Y8wQL+9GP/FomZEszZ6UjCi5pRTh8UqWxTssyEEwihJQ4on4v3agl7RW+4NNXxKuP/paguZyOROii+cRrAjyp145UMeQ9EbIvYZxw5Kc6C+bnN/YMytvqQcklf1R5b/TTMczlaojmeCvIeqOMgfDmBqdpOtOF9LWlhK9ICAIw5wYa1hfhajy1Njva1ueRS3VEpRKCGDjDOrQIfPRP/KIIDeNbtUTn094ttbfEpRCj2heP3UweyYK55OSJalkXdxAtoK6SKxVFmkKVsUxAwxJh4c1g1DpuBSmIeSL5cDd1OD93oQWGUGTN9hnXR+Yub97yzr5OQVrGSDq98zpMzVIddIpQ6U8BT0jRhT4co/pYqPNXSFLd7mbW0CamouRrwHGm2B2nhREX64ZyH3wGVSN4BMF9oNgzGFyuj+VdEwFMFE2hjj8MP47zXcycyLqNv4TxtNuHizQkAwv9RV8WiFkEdmpd/LgJHyWrminDSCvTwykGDRvRsrS2k4uOt2QvkIKsSjFP9BEwcouhbBmN5nQgUfDwz5RHaz5nWtZ5RtgtzKaX/77WjzmdMwblh0pXgASQs2r1/pXYqTfK6Yf5waFxWMFK938yioZ6Tn86tTKoLkJCWMq5QF21qwzdxaGpeEEXU3p1MYotiDEcMf6+rDjGV3DLl6oiKvg1AHE8V7JSoxutM+unRnHGopKzzZRfWQC+ZlPZbBLZkzReAQa+5ITs6Ib+7Rr1gWBf2tvH6mpyYHnkwaKB6jX/f/96iyUrEr31NuZOTeuhVhQQAmus+ch/9cOujndKyiWx5eGQliAF6Ik+ta4l86PPiZFxeE4JDCP6RWNNY1UbGCC2C/lJg80mavZOZKYQJfLf9oszgIG2i126on7uZSr/Vk38VN7E2/jNrkVBRvUfu+dIAoMkBZUwo1K7pYhdEPMecndFkaLSuPGN38vLLQJnp5f8Dlqj3HqB7/+uh43G61/LwMVshKb+V3aavBnkF9U7IMQs6bWUdHAkCbsEZEDmdECeu2h8RZap/p505c5wa7hXoY0qtT7up/0cESVt4EoHoxvttSizUofLV2yuY9/6J9Fl9gaTEWu3KD8TNZk5vKMkecgjN/FKvVAkeqUKtJWaIw3nacUo/WIUGo0L1sMiVFBdxZOqIvnqCyPMufn66psZpwyn4PCO5gRma0VbUfOh5LLsKJAF2AcpXDw6uMaOOle9IlCJo82+h/NOS+muGKMVo1+3DZzw8Q37wMVtNgHdjJA3eQviV+0x4bqzDGwFKDShDCxeCR82vq1c6iGRGpGQqIGB9oitVRQy/Q0geH7tLUoPfnbc3KSRXC0U7ukULoy5tUbU8eCgC7PfjUCgKFQjec61+UD0KK9FuAR5QtYwME7YdTR+JgBWDmYoUTGs90ihmwam0bnUZXQrpLp9ohoJgMl9PukT3ZBtdTbEnx2lNCCJ1iYb4CK+Sk+RUujxLLsHB6eVT8XF/S3QMMjRYUUui221K7rLlevnULy14kZNIUlPbbg21+Q0Dgb5kSb1WpcJ6AjTmg1GzxWvr6WhGDe8PDyQzsbpgPtYZdjXGqxY5vWSTszrUVJA9K+hSTgEQdP338PC/3YScLzyr1gV0FvYJVjIlAlcVVDp54CuuVaNJPFZ1sWFgcKKyeDRVTlDr64o7wpOP5P9Tl5/PtVxnPpu3nMIbnWuS9CBWarHLAdiLPc6DdImTuhk8vHDPQZfRGpG5EeI4XTqguFbmRztWsneWC8mQ5R3GfladKOdx/B/+uBIYKEdw6RQD5IWw4uyPIeLDHIKhXMue48B6mUpY6kVw1Qy2gEXkFo5dx5pWl3k+k4DD+K2umxh+pf4rrJEZodXCCYZPnQFTjumV5oQiWCUD20xUvSMWR+KT1oDZfGpjgPzAVRhNpgoWHIlJsAfVOnQbO17Nshsa/oQiGOvuSBrnnAp3hvYIJvn8hFSqxuKCkoQAWEN15MjI9KuqLdRliurRBYfPNlLtplI1/gDuKOuHncwVNMJxQzpVSJTqnTb6cJzfgBZx5/3c7yf+mxG9OJSa0XRrOlYawq5OeJEivoSr3ZYLdFm0O34EgtMlxpqsQm7AovFfeplfExZGjgl0Gv/u9tVW+yL6HJ3dTunb3oePjnnFbYRPqZ+SnqQPRX82U4yRLI2MCjfCsywZE88w0LNNPSNIC04+/zJ6hqF7HiQ4HWlSj6+lztTmgrjz8mpKJgHqaxFEqTqsFn6ulNiiX3ClzE1zhiMVgyC3fcaHPEbLbN6NLf9kP2SM+/ALVRm1iBt3vFsj8FHsimec4Z/CQIGgwlqX4HStn0nrLDfodK7bG/QcoGqhSKvw7e0UO6HiFKr6KuNLXOJB2bgo+7/ZJC4dAmRo8QwCnK4TWCe8l1lYsAnT0Fed0V16RNpjHU53efXUqx5uESDjTL7xxsWF5K9UbzJvNMaJk08aWkIGNqRaaANv8oWWWhQ,iv:MB5og2s7N+cTxZMRdSPtpBwTNeTMoEYnzalIHylYsyI=,tag:/NTdmINyoFot/beul8C9GA==,type:str]",
-	"sops": {
-		"kms": null,
-		"gcp_kms": null,
-		"azure_kv": null,
-		"hc_vault": null,
-		"age": [
-			{
-				"recipient": "age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtYmYvczZrNHEzeTVvaXRH\nbEJGb1lZL2xrMTBOdGlyc0l3RnpHWU1YZTI0CkNEYy9EVEFITFVGOE5Mc2dsZktV\nM2tacVc3RGlqeHlsL2RuMGZQYUtscmsKLS0tIHFGVWRBNGpyNkptV0FRcHpMV1Jk\nSCs4c1lFaFU3WkcrWkQzcktKRkJCdVkKneJko1lw5CkORymxfibErFRb8fJEQl2E\naPNlUCAknCrb+raWClkbXFY1MSCcxrkFV+tx69O8hLaTlGUPnmGAeQ==\n-----END AGE ENCRYPTED FILE-----\n"
-			}
-		],
-		"lastmodified": "2023-07-04T15:15:37Z",
-		"mac": "ENC[AES256_GCM,data:VMnIZxSc8QKp8s69gCvteTKkrlXP7/AkWamtnbd6SFCbhubpKoY88gyXv9QHLKwqclkKHyz3U9GsnvnEb3OUb8RX21l8bVPwB98OiLcBgd54KlizVVmz8fUDjjQf41PzuSs5LI0QoVKypfphtLjRViptBDPmCDYWk4Q1jEjARgs=,iv:BUgslpHCBnSnBSWUC62U0b0hqIC6l8RPKOeExXHhMgM=,tag:px/qDIZuycqn5NnDJa73ZA==,type:str]",
-		"pgp": null,
-		"unencrypted_suffix": "_unencrypted",
-		"version": "3.7.3"
-	}
-}

targets/admins/tf.sh

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+rm -f .terraform.lock.hcl
+if grep -q .sops terraform.tfstate; then
+  sops -i -d terraform.tfstate || true
+fi
+cleanup() {
+  sops -i -e terraform.tfstate
+}
+trap "cleanup" EXIT
+terraform init
+terraform "$@"

targets/web01/apply.sh

@@ -1 +0,0 @@
-../admins/apply.sh

targets/web01/configuration.nix

@@ -2,7 +2,7 @@
   nixosVars = builtins.fromJSON (builtins.readFile ./nixos-vars.json);
 in {
   imports = [
-    self.nixosModules.nixos-wiki
+    self.nixosModules.web01
     self.nixosModules.hcloud
   ];
   users.users.root.openssh.authorizedKeys.keys = nixosVars.ssh_keys;

targets/web01/nixos-vars.json

@@ -0,0 +1 @@
+{"ipv6_address":"2a01:4f9:c010:ab77::1","ssh_keys":["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIb3uuMqE/xSJ7WL/XpJ6QOj4aSmh0Ga+GtmJl3CDvljGuIeGCKh7YAoqZAi051k5j6ZWowDrcWYHIOU+h0eZCesgCf+CvunlXeUz6XShVMjyZo87f2JPs2Hpb+u/ieLx4wGQvo/Zw89pOly/vqpaX9ZwyIR+U81IAVrHIhqmrTitp+2FwggtaY4FtD6WIyf1hPtrrDecX8iDhnHHuGhATr8etMLwdwQ2kIBx5BBgCoiuW7wXnLUBBVYeO3II957XP/yU82c+DjSVJtejODmRAM/3rk+B7pdF5ShRVVFyB6JJR+Qd1g8iSH+2QXLUy3NM2LN5u5p2oTjUOzoEPWZo7lykZzmIWd/5hjTW9YiHC+A8xsCxQqs87D9HK9hLA6udZ6CGkq4hG/6wFwNjSMnv30IcHZzx6IBihNGbrisrJhLxEiKWpMKYgeemhIirefXA6UxVfiwHg3gJ8BlEBsj0tl/HVARifR2y336YINEn8AsHGhwrPTBFOnBTmfA/VnP1NlWHzXCfVimP6YVvdoGCCnAwvFuJ+ZuxmZ3UzBb2TenZZOzwzV0sUzZk0D1CaSBFJUU3oZNOkDIM6z5lIZgzsyKwb38S8Vs3HYE+Dqpkfsl4yeU5ldc6DwrlVwuSIa4vVus4eWD3gDGFrx98yaqOx17pc4CC9KXk/2TjtJY5xmQ==","ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE joerg@turingmachine"]}

targets/web01/terraform.tf

@@ -5,6 +5,7 @@ terraform {
 module "web01" {
   source           = "../../terraform/web01"
   domain           = "clan.lol"
+  netlify_dns_zone = "clan.lol"
   nixos_flake_attr = "web01"
   nixos_vars_file  = "${path.module}/nixos-vars.json"
   tags = {

targets/web01/tf.sh

@@ -0,0 +1 @@
+../admins/tf.sh

terraform/admins/main.tf

@@ -3,6 +3,6 @@ resource "hcloud_ssh_key" "hcloud" {
   name       = each.key
   public_key = each.value
   labels = {
-    "wiki" = "true"
+    "web01" = "true"
   }
 }

terraform/web01/dns.tf

@@ -1,18 +1,18 @@
-resource "netlify_dns_zone" "nixos" {
+resource "netlify_dns_zone" "server" {
   site_id = ""
   name    = var.netlify_dns_zone
 }
 
-resource "netlify_dns_record" "nixos_wiki_a" {
-  zone_id  = netlify_dns_zone.nixos.id
+resource "netlify_dns_record" "server_a" {
+  zone_id  = netlify_dns_zone.server.id
   hostname = var.domain
   type     = "A"
-  value    = hcloud_server.nixos_wiki.ipv4_address
+  value    = hcloud_server.server.ipv4_address
 }
 
-resource "netlify_dns_record" "nixos_wiki_aaaa" {
-  zone_id  = netlify_dns_zone.nixos.id
+resource "netlify_dns_record" "server_aaaa" {
+  zone_id  = netlify_dns_zone.server.id
   hostname = var.domain
   type     = "AAAA"
-  value    = hcloud_server.nixos_wiki.ipv6_address
+  value    = hcloud_server.server.ipv6_address
 }

terraform/web01/main.tf

@@ -1,14 +1,14 @@
 # Record the SSH public key into Hetzner Cloud
-data "hcloud_ssh_keys" "nixos_wiki" {
-  with_selector = "wiki=true"
+data "hcloud_ssh_keys" "server" {
+  with_selector = "web01=true"
 }
 
-resource "hcloud_server" "nixos_wiki" {
+resource "hcloud_server" "server" {
   image       = "debian-10"
   keep_disk   = true
-  name        = "nixos-wiki"
+  name        = "web01"
   server_type = var.server_type
-  ssh_keys    = data.hcloud_ssh_keys.nixos_wiki.ssh_keys.*.name
+  ssh_keys    = data.hcloud_ssh_keys.server.ssh_keys.*.name
   backups     = false
   labels      = var.tags
 
@@ -26,14 +26,14 @@ module "deploy" {
   source                 = "github.com/numtide/nixos-anywhere//terraform/all-in-one"
   nixos_system_attr      = ".#nixosConfigurations.${var.nixos_flake_attr}.config.system.build.toplevel"
   nixos_partitioner_attr = ".#nixosConfigurations.${var.nixos_flake_attr}.config.system.build.diskoNoDeps"
-  target_host            = hcloud_server.nixos_wiki.ipv4_address
-  instance_id            = hcloud_server.nixos_wiki.id
+  target_host            = hcloud_server.server.ipv4_address
+  instance_id            = hcloud_server.server.id
   debug_logging          = true
 }
 
 locals {
   nixos_vars = {
-    ipv6_address = hcloud_server.nixos_wiki.ipv6_address
-    ssh_keys     = data.hcloud_ssh_keys.nixos_wiki.ssh_keys.*.public_key
+    ipv6_address = hcloud_server.server.ipv6_address
+    ssh_keys     = data.hcloud_ssh_keys.server.ssh_keys.*.public_key
   }
 }

terraform/web01/variables.tf

@@ -1,6 +1,6 @@
 variable "server_type" {
   type        = string
-  default     = "cx21"
+  default     = "cx31"
   description = "Hetzner cloud server type"
 }