From 5059142d91be4c003c552e683a33ae4e47b94caf Mon Sep 17 00:00:00 2001
From: Jakob Odersky <jakob@odersky.com>
Date: Fri, 14 Dec 2018 00:25:29 -0800
Subject: Use pass data sources to store tokens

---
 terraform/deploy  |  3 ---
 terraform/main.tf | 23 +++++++++++++++--------
 2 files changed, 15 insertions(+), 11 deletions(-)
 delete mode 100755 terraform/deploy

diff --git a/terraform/deploy b/terraform/deploy
deleted file mode 100755
index a7fdf57..0000000
--- a/terraform/deploy
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/bash
-
-terraform apply -var-file=<(pass infra/terraform)
diff --git a/terraform/main.tf b/terraform/main.tf
index 6f9124c..6a76155 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -1,18 +1,18 @@
-variable "secret_hcloud_token" {
-  type = "string"
+data "pass_password" "secret_hcloud_token" {
+  path = "infra/hcloud-token"
 }
 
-variable "secret_cloudflare_token" {
-  type = "string"
+data "pass_password" "secret_cloudflare_token" {
+  path = "infra/cloudflare-token"
 }
 
 provider "hcloud" {
-  token = "${var.secret_hcloud_token}"
+  token = "${data.pass_password.secret_hcloud_token.password}"
 }
 
 provider "cloudflare" {
   email = "jakob@odersky.com"
-  token = "${var.secret_cloudflare_token}"
+  token = "${data.pass_password.secret_cloudflare_token.password}"
 }
 
 provider "acme" {
@@ -51,7 +51,7 @@ resource "acme_certificate" "certificate" {
 
     config {
       CLOUDFLARE_EMAIL   = "jakob@odersky.com"
-      CLOUDFLARE_API_KEY = "${var.secret_cloudflare_token}"
+      CLOUDFLARE_API_KEY = "${data.pass_password.secret_cloudflare_token.password}"
     }
   }
 }
@@ -130,6 +130,13 @@ resource "cloudflare_record" "record_git" {
   type   = "CNAME"
 }
 
+resource "cloudflare_record" "record_dl" {
+  domain = "crashbox.io"
+  name   = "dl"
+  value  = "${cloudflare_record.peter_a.hostname}"
+  type   = "CNAME"
+}
+
 resource "cloudflare_record" "record_a" {
   domain = "crashbox.io"
   name   = "@"
@@ -153,7 +160,7 @@ resource "cloudflare_record" "record_keybase" {
 
 module "email" {
   source                  = "./modules/email"
-  secret_cloudflare_token = "${var.secret_cloudflare_token}"
+  secret_cloudflare_token = "${data.pass_password.secret_cloudflare_token.password}"
   server_ipv4             = "${hcloud_server.peter.ipv4_address}"
   server_ipv6             = "${hcloud_server.peter.ipv6_address}1"
   server_id               = "${hcloud_server.peter.id}"
-- 
cgit v1.2.3