update: switch Terraform to NixOS template workflow

- Point clone_template to nixos-template and trim cloud-init to Nix-safe hostname/DNS only - Remove SSH/Tailscale cloud-init variables and workflow secret dependencies - Add reusable NixOS template-base config with bootloader, Tailscale, fish, and utility packages
2026-02-28 00:06:25 +00:00
parent 4247d16c24
commit e714a56980
9 changed files with 104 additions and 56 deletions
--- a/terraform/files/cloud_init_global.tpl
+++ b/terraform/files/cloud_init_global.tpl
@@ -6,42 +6,5 @@ resolv_conf:
    - 8.8.8.8
    - 1.1.1.1

-package_update: true
-package_upgrade: true
-
-# APT fails to acquire GPG keys if package dirmngr is missing
-bootcmd:
-  - [ cloud-init-per, once, dirmngr-aptupdate, apt-get, update ]
-  - [ cloud-init-per, once, dirmngr-aptinstall, apt-get, install, dirmngr, -y ]
-  - [ cloud-init-per, once, dirmngr-aptinstall, apt-get, install, gnupg2, -y ]
-
-packages:
-  - jq
-  - curl
-  - qemu-guest-agent
-
-users:
- name: stuart
-  groups: sudo
-  shell: /bin/bash
-  sudo: ['ALL=(ALL) NOPASSWD:ALL']
-  ssh_authorized_keys:
-    - ${SSH_KEY_PUBLIC}
-
 preserve_hostname: false
 fqdn: ${hostname}.${domain}
-
-#cloud-config
-# The above header must generally appear on the first line of a cloud config
-# file, but all other lines that begin with a # are optional comments.
-
-runcmd:
-  # One-command install, from https://tailscale.com/download/
-  - ['sh', '-c', 'curl -fsSL https://tailscale.com/install.sh | sh']
-  # Set sysctl settings for IP forwarding (useful when configuring an exit node)
-  - ['sh', '-c', "echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf && echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf && sudo sysctl -p /etc/sysctl.d/99-tailscale.conf" ]
-  # Generate an auth key from your Admin console
-  # https://login.tailscale.com/admin/settings/keys
-  # and replace the placeholder below
-  - ['tailscale', 'up', '--auth-key=${TS_AUTHKEY}']
-