spearman/configuration.nix Secret

## configuration.nix
{ modulesPath, lib, pkgs, config, ... }: {
  imports = [
    "${modulesPath}/virtualisation/amazon-image.nix"
    ./git-server.nix
  ];
  ec2.hvm = true;

  environment.systemPackages = with pkgs; [
    git
    neofetch
    vim
  ];
}

## git-server.nix
{ config, lib, pkgs, ... }:
{
  config = {
    #users.mutableUsers = false;
    users.users.git = {
      description = "git user";
      isNormalUser = true;
      createHome = true;
      shell = "${pkgs.git}/bin/git-shell";
      openssh.authorizedKeys.keys = [
        "..."
      ];
    };
  };
}

## main.tf
provider "aws" {
  # credentials provided in `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`
  region = "ca-central-1"   # canada
}

# hashicorp/http provider
data "http" "myip" {
  url = "http://ipv4.icanhazip.com"
}

# ec2 security group
resource "aws_security_group" "mysecuritygroup" {
  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = [ "${chomp (data.http.myip.body)}/32" ]
  }
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

# hashicorp/tls provider
resource "tls_private_key" "mystatekey" {
  algorithm = "RSA"
}

# hashicorp/local provider
resource "local_file" "mymachinekey" {
  sensitive_content = tls_private_key.mystatekey.private_key_pem
  filename          = "${path.module}/mymachinekey.pem"
  file_permission   = 0600
}

# ec2 key pair
resource "aws_key_pair" "myawskey" {
  key_name   = "terraform-generated-${sha256(tls_private_key.mystatekey.public_key_openssh)}"
  public_key = tls_private_key.mystatekey.public_key_openssh
}

# ec2 instance
resource "aws_instance" "myinstance" {
  # nixos 21.11.333823
  #ami             = "ami-0e67089f898e74443"  # canada
  # nixos 21.05.740
  #ami             = "ami-065c13e1d52d60b33"  # canada
  # nixos 20.09.2016
  ami             = "ami-020c24c6c607e7ac7"  # canada
  instance_type   = "t2.micro"
  security_groups = [ aws_security_group.mysecuritygroup.name ]
  key_name        = aws_key_pair.myawskey.key_name
}

resource "local_file" "myinstanceip" {
  filename = "myinstanceip.txt"
  content = tostring (aws_instance.myinstance.public_ip)
}

module "deploy_nixos" {
  source = "git::https://github.com/tweag/terraform-nixos.git//deploy_nixos?ref=646cacb12439ca477c05315a7bfd49e9832bc4e3"
  nixos_config = "${path.module}/../nixos/configuration.nix"
  target_host = aws_instance.myinstance.public_ip
  ssh_private_key = tls_private_key.mystatekey.private_key_pem
  ssh_agent = false
}
	{ modulesPath, lib, pkgs, config, ... }: {
	imports = [
	"${modulesPath}/virtualisation/amazon-image.nix"
	./git-server.nix
	];
	ec2.hvm = true;

	environment.systemPackages = with pkgs; [
	git
	neofetch
	vim
	];
	}
	{ config, lib, pkgs, ... }:
	{
	config = {
	#users.mutableUsers = false;
	users.users.git = {
	description = "git user";
	isNormalUser = true;
	createHome = true;
	shell = "${pkgs.git}/bin/git-shell";
	openssh.authorizedKeys.keys = [
	"..."
	];
	};
	};
	}
	provider "aws" {
	# credentials provided in `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`
	region = "ca-central-1" # canada
	}

	# hashicorp/http provider
	data "http" "myip" {
	url = "http://ipv4.icanhazip.com"
	}

	# ec2 security group
	resource "aws_security_group" "mysecuritygroup" {
	ingress {
	from_port = 22
	to_port = 22
	protocol = "tcp"
	cidr_blocks = [ "${chomp (data.http.myip.body)}/32" ]
	}
	egress {
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	}
	}

	# hashicorp/tls provider
	resource "tls_private_key" "mystatekey" {
	algorithm = "RSA"
	}

	# hashicorp/local provider
	resource "local_file" "mymachinekey" {
	sensitive_content = tls_private_key.mystatekey.private_key_pem
	filename = "${path.module}/mymachinekey.pem"
	file_permission = 0600
	}

	# ec2 key pair
	resource "aws_key_pair" "myawskey" {
	key_name = "terraform-generated-${sha256(tls_private_key.mystatekey.public_key_openssh)}"
	public_key = tls_private_key.mystatekey.public_key_openssh
	}

	# ec2 instance
	resource "aws_instance" "myinstance" {
	# nixos 21.11.333823
	#ami = "ami-0e67089f898e74443" # canada
	# nixos 21.05.740
	#ami = "ami-065c13e1d52d60b33" # canada
	# nixos 20.09.2016
	ami = "ami-020c24c6c607e7ac7" # canada
	instance_type = "t2.micro"
	security_groups = [ aws_security_group.mysecuritygroup.name ]
	key_name = aws_key_pair.myawskey.key_name
	}

	resource "local_file" "myinstanceip" {
	filename = "myinstanceip.txt"
	content = tostring (aws_instance.myinstance.public_ip)
	}

	module "deploy_nixos" {
	source = "git::https://github.com/tweag/terraform-nixos.git//deploy_nixos?ref=646cacb12439ca477c05315a7bfd49e9832bc4e3"
	nixos_config = "${path.module}/../nixos/configuration.nix"
	target_host = aws_instance.myinstance.public_ip
	ssh_private_key = tls_private_key.mystatekey.private_key_pem
	ssh_agent = false
	}