manage terraform configuration with terranix

All the terraform configuration is managed within one state instead of
having multiple state for each components. This might not be the best
practice but it simplifies things for me.

Now, all I need to do is to run `nix run .#tf -- plan` and I can see
what will be changed for all the resources that I care about.

1 files changed, 25 insertions, 0 deletions

diff --git a/scripts/common.nix b/scripts/common.nix
index 931480c..b8ab82e 100644
--- a/scripts/common.nix
+++ b/scripts/common.nix
@@ -1,4 +1,29 @@
 { pkgs }:
 [
   (pkgs.writeScriptBin "update-deps" "nix flake update --commit-lock-file")
+
+  (pkgs.writeShellScriptBin "gcloud-auth" ''
+    set -xeuo pipefail
+    ${pkgs.google-cloud-sdk}/bin/gcloud auth print-identity-token > /dev/null 2>&1 || \
+    ${pkgs.google-cloud-sdk}/bin/gcloud auth login --quiet
+    ${pkgs.google-cloud-sdk}/bin/gcloud auth application-default print-access-token > /dev/null 2>&1 || \
+    ${pkgs.google-cloud-sdk}/bin/gcloud auth application-default login --quiet
+  '')
+
+  (pkgs.writeShellScriptBin "tf-state-setup" ''
+    set -xeuo pipefail
+    ${pkgs.google-cloud-sdk}/bin/gcloud storage buckets describe \
+      gs://fcuny-infra-tofu-state \
+      --project=fcuny-infra \
+      --quiet || \
+
+    ${pkgs.google-cloud-sdk}/bin/gcloud storage buckets create \
+      gs://fcuny-infra-tofu-state \
+      --project=fcuny-infra \
+      --uniform-bucket-level-access \
+      --public-access-prevention \
+      --location=us-west1 \
+      --default-storage-class=STANDARD \
+      --quiet
+  '')
 ]