diff --git a/Makefile b/Makefile index e8c77ad..1407141 100644 --- a/Makefile +++ b/Makefile @@ -7,7 +7,7 @@ ENVIRONMENT := production REGION := sfo3 ROOT_DIR := $(shell pwd) # TODO: automatically determine -TERRAFORM := $(ROOT_DIR)/out/terraform.linux-x86_64 +TERRAFORM := $(ROOT_DIR)/out/tofu.linux-x86_64 SOPS := $(ROOT_DIR)/out/sops.linux-x86_64 KEYS := \ 6B61ECD76088748C70590D55E90A401336C8AAA9 \ @@ -15,13 +15,13 @@ KEYS := \ 3D7C8D39E8C4DF771583D3F0A8A091FD346001CA \ F4BF5C81EC78A5DD341C91EEDC4B7D1F52E0BA4D +EXTRA_ARGS := + .DEFAULT_GOAL := .PHONY: default default: \ toolchain \ tools \ - $(patsubst %,$(KEY_DIR)/%.asc,$(KEYS)) \ - $(CACHE_DIR)/website/.well-known/openpgpkey \ apply .PHONY: @@ -76,6 +76,13 @@ infra/backend/.terraform: \ $(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\ env -C infra/backend $(TERRAFORM) init -upgrade \ ' + $(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\ + env -C infra/backend $(TERRAFORM) refresh \ + -var environment=$(ENVIRONMENT) \ + -var namespace=$(ENVIRONMENT) \ + -var region=$(REGION) \ + -state $(ENVIRONMENT).tfstate \ + ' infra/main/.terraform: | \ $(TERRAFORM) \ @@ -85,6 +92,13 @@ infra/main/.terraform: | \ env -C infra/main $(TERRAFORM) init -upgrade \ -backend-config="../../config/$(ENVIRONMENT).tfbackend" \ ' + $(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\ + env -C infra/main $(TERRAFORM) refresh \ + -var environment=$(ENVIRONMENT) \ + -var namespace=$(ENVIRONMENT) \ + -var region=$(REGION) \ + -state $(ENVIRONMENT).tfstate \ + ' infra/backend/$(ENVIRONMENT).tfstate: \ $(TERRAFORM) \ @@ -96,7 +110,7 @@ infra/backend/$(ENVIRONMENT).tfstate: \ -var environment=$(ENVIRONMENT) \ -var namespace=$(ENVIRONMENT) \ -var region=$(REGION) \ - -state ../../$@ \ + -state $@ \ ' config/$(ENVIRONMENT).tfbackend: | \ @@ -107,9 +121,17 @@ config/$(ENVIRONMENT).tfbackend: | \ $(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\ env -C infra/backend \ $(TERRAFORM) \ - output -state ../../$< \ + output -state $(ENVIRONMENT).tfstate \ > $@ \ ' + $(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\ + env -C infra/backend \ + $(TERRAFORM) refresh \ + -var environment=$(ENVIRONMENT) \ + -var namespace=$(ENVIRONMENT) \ + -var region=$(REGION) \ + -state $(ENVIRONMENT).tfstate \ + ' .PHONY: apply: \ @@ -126,7 +148,7 @@ apply: \ -var environment=$(ENVIRONMENT) \ -var namespace=$(ENVIRONMENT) \ -var region=$(REGION) \ - ' + $(EXTRA_ARGS) ' $(call maybe_encrypt_secret,infra/main/talos/talosconfig,secrets/$(ENVIRONMENT).talosconfig) $(call maybe_encrypt_secret,infra/main/talos/kubeconfig,secrets/$(ENVIRONMENT).kubeconfig) $(call maybe_encrypt_secret,infra/main/talos/controlplane.yaml,secrets/$(ENVIRONMENT).controlplane.yaml) diff --git a/config/make.env b/config/make.env index 6a5d6c9..f7f0f39 100644 --- a/config/make.env +++ b/config/make.env @@ -22,7 +22,7 @@ SOPS_REF=b6d3c9700d88e0c9348f3ec7cd2f10ce4a4b3ee1 BUSYBOX_URL=https://busybox.net/downloads/busybox-1.36.1.tar.bz2 BUSYBOX_HASH=b8cc24c9574d809e7279c3be349795c5d5ceb6fdf19ca709f80cde50e47de314 TOFU_REPO=https://github.com/opentofu/opentofu -TOFU_REF=f9d8b3ca2c0926f66757241baf81af523be73726 +TOFU_REF=5d05dba18b6e276a6262a4722fe90c13350c5428 KSOPS_REPO=https://github.com/viaduct-ai/kustomize-sops KSOPS_REF=ac33c40e1b78d9847a8d0f58473e99419be5b170 KUSTOMIZE_REPO=https://github.com/kubernetes-sigs/kustomize diff --git a/infra/main/provider.tf b/infra/main/provider.tf index 1a8e99d..afd7ad6 100644 --- a/infra/main/provider.tf +++ b/infra/main/provider.tf @@ -8,6 +8,7 @@ terraform { backend "s3" { skip_requesting_account_id = true skip_credentials_validation = true + skip_region_validation = true skip_get_ec2_platforms = true skip_metadata_api_check = true } diff --git a/src/toolchain b/src/toolchain index 23fc267..a2315fd 160000 --- a/src/toolchain +++ b/src/toolchain @@ -1 +1 @@ -Subproject commit 23fc267a9dfdda30ba4287f8234879961722bafb +Subproject commit a2315fdbc8cd0e4a654d1aa4623a53d5292b3574