terraform fmt

.gitea/workflows/terraform-apply.yml

@@ -1,5 +1,5 @@
 name: Gitea Actions Demo
-run-name: ${{ gitea.actor }} is testing out Gitea Actions 🚀
+run-name: ${{ gitea.actor }} is deploying with Terraform 🚀
 
 on:
   push:
@@ -15,6 +15,10 @@ jobs:
       contents: read
       pull-requests: write
 
+    env:
+      TF_VAR_TS_AUTHKEY: ${{ secrets.TAILSCALE_KEY }}
+      TF_VAR_ssh_key: ${{ secrets.SSH_PUBLIC_KEY }}
+
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -33,7 +37,6 @@ jobs:
         working-directory: terraform
         run: terraform init
 
-
       - name: Terraform Plan
         working-directory: terraform
         run: terraform plan

.gitea/workflows/terraform-destroy.yml

@@ -0,0 +1,41 @@
+name: Gitea Destroy Terraform
+run-name: ${{ gitea.actor }} triggered a Terraform Destroy 🧨
+
+on:
+  workflow_dispatch: # Manual trigger
+
+jobs:
+  destroy:
+    name: "Terraform Destroy"
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      pull-requests: write
+
+    env:
+      TF_VAR_TS_AUTHKEY: ${{ secrets.TAILSCALE_KEY }}
+      TF_VAR_ssh_key: ${{ secrets.SSH_PUBLIC_KEY }}
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Terraform
+        uses: hashicorp/setup-terraform@v2
+        with:
+          terraform_version: 1.6.6
+
+      - name: Inject sensitive secrets
+        working-directory: terraform
+        run: |
+          echo 'proxmox_password = "${{ secrets.PROXMOX_PASSWORD }}"' >> terraform.tfvars
+
+      - name: Terraform Init
+        working-directory: terraform
+        run: terraform init
+
+      - name: Terraform Destroy
+        working-directory: terraform
+        run: terraform destroy -auto-approve
+

.gitea/workflows/terraform-plan.yml

@@ -16,6 +16,12 @@ jobs:
       contents: read
       pull-requests: write
 
+    env:
+      TF_VAR_TAILSCALE_KEY: ${{ secrets.TAILSCALE_KEY }}
+      TF_VAR_TS_AUTHKEY: ${{ secrets.TAILSCALE_KEY }}
+      TF_VAR_ssh_key: ${{ secrets.SSH_PUBLIC_KEY }}
+
+
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4

terraform/cloud-init.tf

@@ -7,10 +7,11 @@ data "template_file" "cloud_init_alpaca" {
     ssh_key    = var.ssh_key
     hostname   = "alpaca-${count.index + 1}"
     domain     = "home.arpa"
-    tailscale_key = var.tailscale_key
+    TS_AUTHKEY = var.TS_AUTHKEY
   }
 }
 
+
 resource "local_file" "cloud_init_alpaca" {
   count    = var.alpaca_vm_count
   content  = data.template_file.cloud_init_alpaca[count.index].rendered
@@ -41,10 +42,11 @@ data "template_file" "cloud_init_llama" {
     ssh_key    = var.ssh_key
     hostname   = "llama-${count.index + 1}"
     domain     = "home.arpa"
-    tailscale_key = var.tailscale_key
+    TS_AUTHKEY = var.TS_AUTHKEY
   }
 }
 
+
 resource "local_file" "cloud_init_llama" {
   count    = var.llama_vm_count
   content  = data.template_file.cloud_init_llama[count.index].rendered

terraform/variables.tf

@@ -74,11 +74,12 @@ variable "llama_vm_count" {
   description = "How many Llama VMs to create"
 }
 
-variable "tailscale_key" {
+variable "TS_AUTHKEY" {
   type        = string
-  description = "Tailscale auth key"
+  description = "Tailscale auth key used in cloud-init"
 }
 
+
 variable "ssh_key" {
   type        = string
   description = "Public SSH key used by cloud-init"