34 lines
1.2 KiB
HCL
34 lines
1.2 KiB
HCL
|
|
# stacks/infra/terragrunt.hcl
|
||
|
|
include "root" {
|
||
|
|
path = find_in_parent_folders()
|
||
|
|
}
|
||
|
|
|
||
|
|
# The root's `k8s_providers` generate block now declares `telmate/proxmox`
|
||
|
|
# in required_providers for every stack (harmless for non-infra stacks —
|
||
|
|
# they just don't instantiate a `provider "proxmox" {}` block).
|
||
|
|
#
|
||
|
|
# Here we add the per-stack provider config + the tfvar variable for the
|
||
|
|
# API URL. Credentials come from Vault `secret/viktor` (same pattern as
|
||
|
|
# cloudflare_provider.tf at the root). The output file name is distinct
|
||
|
|
# from `providers.tf` to avoid the same-path conflict that the old
|
||
|
|
# `generate "providers"` block silently triggered under Terragrunt v0.77.
|
||
|
|
generate "proxmox_provider" {
|
||
|
|
path = "proxmox_provider.tf"
|
||
|
|
if_exists = "overwrite_terragrunt"
|
||
|
|
contents = <<EOF
|
||
|
|
variable "proxmox_pm_api_url" { type = string }
|
||
|
|
|
||
|
|
data "vault_kv_secret_v2" "proxmox_pm" {
|
||
|
|
mount = "secret"
|
||
|
|
name = "viktor"
|
||
|
|
}
|
||
|
|
|
||
|
|
provider "proxmox" {
|
||
|
|
pm_api_url = var.proxmox_pm_api_url
|
||
|
|
pm_api_token_id = data.vault_kv_secret_v2.proxmox_pm.data["proxmox_pm_api_token_id"]
|
||
|
|
pm_api_token_secret = data.vault_kv_secret_v2.proxmox_pm.data["proxmox_pm_api_token_secret"]
|
||
|
|
pm_tls_insecure = true
|
||
|
|
}
|
||
|
|
EOF
|
||
|
|
}
|