feat: add terraform-providers targets
This commit is contained in:
33
Makefile
33
Makefile
@@ -92,6 +92,39 @@ tf-destroy: tf-init ## Terraform destroy (tear down)
|
|||||||
@[ -n "$(HCLOUD_TOKEN)" ] || (echo "HCLOUD_TOKEN empty; export SOPS_AGE_KEY or set keys.txt & fill secrets.sops.yaml" && exit 1)
|
@[ -n "$(HCLOUD_TOKEN)" ] || (echo "HCLOUD_TOKEN empty; export SOPS_AGE_KEY or set keys.txt & fill secrets.sops.yaml" && exit 1)
|
||||||
@export HCLOUD_TOKEN=$(HCLOUD_TOKEN); terraform -chdir=terraform/hetzner destroy -auto-approve -var="hcloud_token=$(HCLOUD_TOKEN)"
|
@export HCLOUD_TOKEN=$(HCLOUD_TOKEN); terraform -chdir=terraform/hetzner destroy -auto-approve -var="hcloud_token=$(HCLOUD_TOKEN)"
|
||||||
|
|
||||||
|
# --- Terraform provider/lockfile helpers ---
|
||||||
|
TF_DIR := terraform/hetzner
|
||||||
|
TF_TOKEN := $(HCLOUD_TOKEN)
|
||||||
|
LOCKFILE := $(TF_DIR)/.terraform.lock.hcl
|
||||||
|
|
||||||
|
tf-lock-commit: ## Commit the current provider lockfile
|
||||||
|
@test -f $(LOCKFILE) || (echo "❌ $(LOCKFILE) not found. Run 'make tf-init' first."; exit 1)
|
||||||
|
@git add $(LOCKFILE)
|
||||||
|
@git commit -m "chore(terraform): lock providers" || echo "ℹ No lockfile changes to commit."
|
||||||
|
|
||||||
|
tf-providers-check: ## Check if newer provider versions are available (non-destructive)
|
||||||
|
@echo "🔎 Checking for provider upgrades (lockfile readonly)…"
|
||||||
|
@if terraform -chdir=$(TF_DIR) init -upgrade -lockfile=readonly >/dev/null 2>&1; then \
|
||||||
|
echo "✔ Providers up to date (no upgrades available)."; \
|
||||||
|
else \
|
||||||
|
echo "↗ Provider upgrades likely available (readonly lockfile blocked changes)."; \
|
||||||
|
echo " Run: make tf-providers-upgrade"; \
|
||||||
|
fi
|
||||||
|
|
||||||
|
tf-providers-upgrade: ## Upgrade providers (updates .terraform.lock.hcl)
|
||||||
|
@echo "⬆️ Upgrading providers…"
|
||||||
|
@terraform -chdir=$(TF_DIR) init -upgrade
|
||||||
|
@echo "— Diff for $(LOCKFILE):"
|
||||||
|
@git --no-pager diff -- $(LOCKFILE) || true
|
||||||
|
@echo "💡 If changes look good: make tf-lock-commit"
|
||||||
|
|
||||||
|
tf-providers-upgrade-commit: tf-providers-upgrade tf-lock-commit ## Upgrade providers and commit the lockfile
|
||||||
|
|
||||||
|
tf-providers-plan: ## Plan after an upgrade (uses HCLOUD_TOKEN if set)
|
||||||
|
@echo "🧪 Planning with upgraded providers…"
|
||||||
|
@terraform -chdir=$(TF_DIR) plan $(if $(TF_TOKEN),-var="hcloud_token=$(TF_TOKEN)")
|
||||||
|
|
||||||
|
|
||||||
# ---- Ansible ----
|
# ---- Ansible ----
|
||||||
ansible-bootstrap: ## Run base bootstrap play (users, ssh, ufw, sops-agent)
|
ansible-bootstrap: ## Run base bootstrap play (users, ssh, ufw, sops-agent)
|
||||||
cd ansible && ansible-playbook playbooks/bootstrap.yaml -u admin
|
cd ansible && ansible-playbook playbooks/bootstrap.yaml -u admin
|
||||||
|
|||||||
42
terraform/hetzner/.terraform.lock.hcl
generated
Normal file
42
terraform/hetzner/.terraform.lock.hcl
generated
Normal file
@@ -0,0 +1,42 @@
|
|||||||
|
# This file is maintained automatically by "terraform init".
|
||||||
|
# Manual edits may be lost in future updates.
|
||||||
|
|
||||||
|
provider "registry.terraform.io/hashicorp/template" {
|
||||||
|
version = "2.2.0"
|
||||||
|
constraints = "~> 2.2"
|
||||||
|
hashes = [
|
||||||
|
"h1:94qn780bi1qjrbC3uQtjJh3Wkfwd5+tTtJHOb7KTg9w=",
|
||||||
|
"zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386",
|
||||||
|
"zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53",
|
||||||
|
"zh:09ba83c0625b6fe0a954da6fbd0c355ac0b7f07f86c91a2a97849140fea49603",
|
||||||
|
"zh:0e3a6c8e16f17f19010accd0844187d524580d9fdb0731f675ffcf4afba03d16",
|
||||||
|
"zh:45f2c594b6f2f34ea663704cc72048b212fe7d16fb4cfd959365fa997228a776",
|
||||||
|
"zh:77ea3e5a0446784d77114b5e851c970a3dde1e08fa6de38210b8385d7605d451",
|
||||||
|
"zh:8a154388f3708e3df5a69122a23bdfaf760a523788a5081976b3d5616f7d30ae",
|
||||||
|
"zh:992843002f2db5a11e626b3fc23dc0c87ad3729b3b3cff08e32ffb3df97edbde",
|
||||||
|
"zh:ad906f4cebd3ec5e43d5cd6dc8f4c5c9cc3b33d2243c89c5fc18f97f7277b51d",
|
||||||
|
"zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2",
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "registry.terraform.io/hetznercloud/hcloud" {
|
||||||
|
version = "1.52.0"
|
||||||
|
constraints = "~> 1.49"
|
||||||
|
hashes = [
|
||||||
|
"h1:LTjrLuC+4F1Kv4TxS9e7LVVkG8/S4QQ7X4ORblvKTbc=",
|
||||||
|
"zh:1e9bb6b6a2ea5f441638dbae2d60fbe04ff455f58a18c740b8b7913e2197d875",
|
||||||
|
"zh:29c122e404ba331cfbadacc7f1294de5a31c9dfd60bdfe3e1b402271fc8e419c",
|
||||||
|
"zh:2bd0ae2f0bb9f16b7753f59a08e57ac7230f9c471278d7882f81406b9426c8c7",
|
||||||
|
"zh:4383206971873f6b5d81580a9a36e0158924f5816ebb6206b0cf2430e4e6a609",
|
||||||
|
"zh:47e2ca1cfa18500e4952ab51dc357a0450d00a92da9ea03e452f1f3efe6bbf75",
|
||||||
|
"zh:8e9fe90e3cea29bb7892b64da737642fc22b0106402df76c228a3cbe99663278",
|
||||||
|
"zh:a2d69350a69c471ddb63bcc74e105e585319a0fc0f4d1b7f70569f6d2ece5824",
|
||||||
|
"zh:a97abcc254e21c294e2d6b0fc9068acfd63614b097dda365f1c56ea8b0fd5f6b",
|
||||||
|
"zh:aba8d72d4fe2e89c922d5446d329e5c23d00b28227b4666e6486ba18ea2ec278",
|
||||||
|
"zh:ad36c333978c2d9e4bc43dcadcbff42fe771a8c5ef53d028bcacec8287bf78a7",
|
||||||
|
"zh:cdb1e6903b9d2f0ad8845d4eb390fbe724ee2435fb045baeab38d4319e637682",
|
||||||
|
"zh:df77b08757f3f36b8aadb33d73362320174047044414325c56a87983f48b5186",
|
||||||
|
"zh:e07513d5ad387247092b5ae1c87e21a387fc51873b3f38eee616187e38b090a7",
|
||||||
|
"zh:e2be02bdc59343ff4b9e26c3b93db7680aaf3e6ed13c8c4c4b144c74c2689915",
|
||||||
|
]
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user