From f83e36ca1aab723276193eb29a47bd9d59abb1df Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Mon, 7 Jul 2025 16:04:59 -0700
Subject: add scripts related to terraform

---
 nix/scripts/common.nix | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

(limited to 'nix/scripts/common.nix')

diff --git a/nix/scripts/common.nix b/nix/scripts/common.nix
index 931480c..6aa73c2 100644
--- a/nix/scripts/common.nix
+++ b/nix/scripts/common.nix
@@ -1,4 +1,42 @@
 { pkgs }:
 [
   (pkgs.writeScriptBin "update-deps" "nix flake update --commit-lock-file")
+
+  (pkgs.writeShellScriptBin "gcloud-auth" ''
+    set -xeuo pipefail
+    ${pkgs.google-cloud-sdk}/bin/gcloud auth print-identity-token > /dev/null 2>&1 || \
+    ${pkgs.google-cloud-sdk}/bin/gcloud auth login --quiet
+    ${pkgs.google-cloud-sdk}/bin/gcloud auth application-default print-access-token > /dev/null 2>&1 || \
+    ${pkgs.google-cloud-sdk}/bin/gcloud auth application-default login --quiet
+  '')
+
+  (pkgs.writeShellScriptBin "tofu-apply" ''
+    set -xeuo pipefail
+    ${pkgs.google-cloud-sdk}/bin/gcloud storage buckets describe \
+      gs://fcuny-infra-tofu-state \
+      --project=fcuny-infra \
+      --quiet || \
+    ${pkgs.google-cloud-sdk}/bin/gcloud storage buckets create \
+      gs://fcuny-infra-tofu-state \
+      --project=fcuny-infra \
+      --uniform-bucket-level-access \
+      --public-access-prevention \
+      --location=us-west1 \
+      --default-storage-class=STANDARD \
+      --quiet
+
+    TMPDIR=$(mktemp -d)
+    trap 'rm -rf "$TMPDIR"' EXIT
+
+    ${pkgs.coreutils}/bin/install -Dm 0644 ${
+      import ../tofu/backups.nix {
+        inherit
+          pkgs
+          ;
+      }
+    } "$TMPDIR/backups/backups.tf.json"
+
+    ${pkgs.opentofu}/bin/tofu -chdir="$TMPDIR/backups" init
+    ${pkgs.opentofu}/bin/tofu -chdir="$TMPDIR/backups" apply -auto-approve
+  '')
 ]
-- 
cgit v1.2.3