zivildienst/infrastructure/modules/compute/cloudinit.tpl

#cloud-config

write_files:
  - path: /opt/cloud-init-misc-data/environment
    content: ${environment}
    owner: root:root
    permissions: '0644'
  - encoding: b64
    path: /opt/certbot.sh
    content: ${certbot_script}
    owner: root:root
    permissions: '0700'
  - encoding: b64
    path: /etc/nixos/certbot.nix
    content: ${nix_certbot}
    owner: root:root
    permissions: '0644'
  - encoding: b64
    path: /etc/nixos/configuration.nix
    content: ${nix_configuration}
    owner: root:root
    permissions: '0644'
  - encoding: b64
    path: /etc/nixos/postgresql.nix
    content: ${nix_postgresql}
    owner: root:root
    permissions: '0644'
  - encoding: b64
    path: /etc/nixos/elasticsearch.nix
    content: ${nix_elasticsearch}
    owner: root:root
    permissions: '0644'
  - encoding: b64
    path: /etc/nixos/vault.nix
    content: ${nix_vault}
    owner: root:root
    permissions: '0644'
  - encoding: b64
    path: /etc/nixos/guidelines.nix
    content: ${nix_guidelines}
    owner: root:root
    permissions: '0644'
  - path: /opt/cloud-init-misc-data/domain_name
    content: ${domain_name}
    owner: root:root
    permissions: '0644'
  - encoding: b64
    path: /opt/cloud-init-misc-data/domain_alternative_names
    content: ${domain_alternative_names}
    owner: root:root
    permissions: '0644'
  - path: /opt/cloud-init-misc-data/vault_db_password
    content: ${vault_db_password}
    owner: root:root
    permissions: '0600'
  - path: /opt/cloud-init-misc-data/hcloud_token
    content: ${hcloud_token}
    owner: root:root
    permissions: '0600'
  - path: /opt/cloud-init-misc-data/aws_access_key_id
    content: ${aws_access_key_id}
    owner: root:root
    permissions: '0600'
  - path: /opt/cloud-init-misc-data/aws_secret_access_key
    content: ${aws_secret_access_key}
    owner: root:root
    permissions: '0600'
  - path: /root/.docker/config.json
    content: |
      {
        "auths": {
            "https://registry.gitlab.com": {
                "auth": "${gitlab_password}",
                "email": "${gitlab_username}"
            }
        }
      }
    owner: root:root
    permissions: '0600'
  - path: /opt/guidelines.json
    content: |
      {
        "api": "latest",
        "web": "latest",
        "html2pdf": "latest",
        "filestore": "latest"
      }
    owner: root:root
    permissions: '0644'
  - path: /opt/cloud-init-misc-data/elasticsearch_password
    content: ${elasticsearch_password}
    owner: root:root
    permissions: '0600'
runcmd:
  - systemctl start nixos-rebuild.service