diff --git a/module/alias/cargo_will/src/bin/willbe.rs b/module/alias/cargo_will/src/bin/willbe.rs index 39d2429139..c2850a237c 100644 --- a/module/alias/cargo_will/src/bin/willbe.rs +++ b/module/alias/cargo_will/src/bin/willbe.rs @@ -6,7 +6,7 @@ #[ allow( unused_imports ) ] use::willbe::*; -fn main() -> Result< (), wtools::error::untyped::Error > +fn main() -> Result< (), error::untyped::Error > { Ok( willbe::run( std::env::args().collect() )? ) } diff --git a/module/move/willbe/src/action/deploy_renew.rs b/module/move/willbe/src/action/deploy_renew.rs index 56bf766550..0f1c965332 100644 --- a/module/move/willbe/src/action/deploy_renew.rs +++ b/module/move/willbe/src/action/deploy_renew.rs @@ -47,34 +47,30 @@ mod private .file().data( include_str!( "../../template/deploy/key/pack.sh" ) ).path( "./key/pack.sh" ).end() .file().data( include_str!( "../../template/deploy/key/Readme.md" ) ).path( "./key/Readme.md" ).end() // /deploy/ + .file().data( include_str!( "../../template/deploy/deploy/redeploy.sh" ) ).path( "./deploy/redeploy.sh" ).end() + .file().data( include_str!( "../../template/deploy/deploy/cloud-init.tpl.hbs" ) ).path( "./deploy/cloud-init.tpl" ).is_template( true ).end() .file().data( include_str!( "../../template/deploy/deploy/Dockerfile" ) ).path( "./deploy/Dockerfile" ).end() .file().data( include_str!( "../../template/deploy/deploy/Readme.md" ) ).path( "./deploy/Readme.md" ).end() // /deploy/gar .file().data( include_str!( "../../template/deploy/deploy/gar/Readme.md" ) ).path( "./deploy/gar/Readme.md" ).end() - .file().data( include_str!( "../../template/deploy/deploy/gar/main.tf" ) ).path( "./deploy/gar/main.tf" ).end() + .file().data( include_str!( "../../template/deploy/deploy/gar/main.tf.hbs" ) ).path( "./deploy/gar/main.tf" ).is_template( true ).end() .file().data( include_str!( "../../template/deploy/deploy/gar/outputs.tf" ) ).path( "./deploy/gar/outputs.tf" ).end() .file().data( include_str!( "../../template/deploy/deploy/gar/variables.tf" ) ).path( "./deploy/gar/variables.tf" ).end() // /deploy/gce .file().data( include_str!( "../../template/deploy/deploy/gce/Readme.md" ) ).path( "./deploy/gce/Readme.md" ).end() - .file().data( include_str!( "../../template/deploy/deploy/gce/main.tf" ) ).path( "./deploy/gce/main.tf" ).end() - .file().data( include_str!( "../../template/deploy/deploy/gce/outputs.tf" ) ).path( "./deploy/gce/outputs.tf" ).end() + .file().data( include_str!( "../../template/deploy/deploy/gce/main.tf.hbs" ) ).path( "./deploy/gce/main.tf" ).is_template( true ).end() + .file().data( include_str!( "../../template/deploy/deploy/gce/outputs.tf.hbs" ) ).path( "./deploy/gce/outputs.tf" ).is_template( true ).end() .file().data( include_str!( "../../template/deploy/deploy/gce/variables.tf" ) ).path( "./deploy/gce/variables.tf" ).end() - // /deploy/gce/templates - .file().data( include_str!( "../../template/deploy/deploy/gce/templates/cloud-init.tpl" ) ).path( "./deploy/gce/templates/cloud-init.tpl" ).end() // /deploy/gcs .file().data( include_str!( "../../template/deploy/deploy/gcs/main.tf" ) ).path( "./deploy/gcs/main.tf" ).end() // /deploy/hetzner .file().data( include_str!( "../../template/deploy/deploy/hetzner/main.tf.hbs" ) ).path( "./deploy/hetzner/main.tf" ).is_template( true ).end() .file().data( include_str!( "../../template/deploy/deploy/hetzner/outputs.tf.hbs" ) ).path( "./deploy/hetzner/outputs.tf" ).is_template( true ).end() .file().data( include_str!( "../../template/deploy/deploy/hetzner/variables.tf" ) ).path( "./deploy/hetzner/variables.tf" ).end() - // /deploy/hetzner/templates - .file().data( include_str!( "../../template/deploy/deploy/hetzner/templates/cloud-init.tpl.hbs" ) ).path( "./deploy/hetzner/templates/cloud-init.tpl" ).end() // /deploy/aws .file().data( include_str!( "../../template/deploy/deploy/aws/main.tf" ) ).path( "./deploy/aws/main.tf" ).end() .file().data( include_str!( "../../template/deploy/deploy/aws/outputs.tf" ) ).path( "./deploy/aws/outputs.tf" ).end() .file().data( include_str!( "../../template/deploy/deploy/aws/variables.tf" ) ).path( "./deploy/aws/variables.tf" ).end() - // /deploy/aws/templates - .file().data( include_str!( "../../template/deploy/deploy/aws/templates/cloud-init.tpl.hbs" ) ).path( "./deploy/aws/templates/cloud-init.tpl" ).is_template( true ).end() .form(); formed.files diff --git a/module/move/willbe/template/deploy/Makefile.hbs b/module/move/willbe/template/deploy/Makefile.hbs index 032dec83b8..7f79a8adad 100644 --- a/module/move/willbe/template/deploy/Makefile.hbs +++ b/module/move/willbe/template/deploy/Makefile.hbs @@ -207,3 +207,7 @@ state_storage_pull: state_storage_init: terraform -chdir=$(tf_dir)/gcs init terraform -chdir=$(tf_dir)/gcs apply + +# Destroys GCS Bucket for terraform states +state_storage_destroy: + terraform -chdir=$(tf_dir)/gcs destroy diff --git a/module/move/willbe/template/deploy/deploy/Dockerfile b/module/move/willbe/template/deploy/deploy/Dockerfile index c196de7aff..1fa8f2bf8b 100644 --- a/module/move/willbe/template/deploy/deploy/Dockerfile +++ b/module/move/willbe/template/deploy/deploy/Dockerfile @@ -3,7 +3,7 @@ ENV TF_VERSION=1.7.4 WORKDIR / -# Installation terraform +# Install terraform RUN apt update --allow-releaseinfo-change \ && apt install wget unzip \ && mkdir -p /usr/lib/terraform/${TF_VERSION} \ diff --git a/module/move/willbe/template/deploy/deploy/aws/main.tf b/module/move/willbe/template/deploy/deploy/aws/main.tf index 4e83260aaf..9572193a66 100644 --- a/module/move/willbe/template/deploy/deploy/aws/main.tf +++ b/module/move/willbe/template/deploy/deploy/aws/main.tf @@ -60,17 +60,16 @@ resource "aws_instance" "web" { associate_public_ip_address = true # Startup script for the instance - # Installs docker, gcloud CLI, downloads docker images and starts the container - user_data = templatefile("${path.module}/templates/cloud-init.tpl", { + # Installs docker and gcloud CLI + user_data = templatefile("${path.module}/../cloud-init.tpl", { location = "${var.REGION}" project_id = "${var.PROJECT_ID}" repo_name = "${var.REPO_NAME}" image_name = "${var.IMAGE_NAME}" service_account_creds = "${replace(data.local_sensitive_file.service_account_creds.content, "\n", "")}" - timestamp = "${timestamp()}" }) - user_data_replace_on_change = true + key_name = aws_key_pair.redeploy.key_name } # Static IP address for the instace that will persist on restarts and redeploys @@ -78,3 +77,33 @@ resource "aws_eip" "static" { instance = aws_instance.web.id domain = "vpc" } + +resource "aws_key_pair" "redeploy" { + public_key = data.local_sensitive_file.ssh_public_key.content +} + +resource "terraform_data" "redeploy" { + triggers_replace = timestamp() + + connection { + type = "ssh" + user = "ubuntu" + private_key = data.local_sensitive_file.ssh_private_key.content + host = aws_eip.static.public_ip + } + + provisioner "file" { + source = "${path.module}/../redeploy.sh" + destination = "/tmp/redeploy.sh" + } + + provisioner "remote-exec" { + inline = [ + "#!/bin/bash", + "( tail -f -n1 /var/log/deploy-init.log & ) | grep -q 'Docker configuration file updated.'", + "source /etc/environment", + "chmod +x /tmp/redeploy.sh", + "sudo /tmp/redeploy.sh" + ] + } +} diff --git a/module/move/willbe/template/deploy/deploy/aws/templates/cloud-init.tpl.hbs b/module/move/willbe/template/deploy/deploy/aws/templates/cloud-init.tpl.hbs deleted file mode 100644 index 78a74e4837..0000000000 --- a/module/move/willbe/template/deploy/deploy/aws/templates/cloud-init.tpl.hbs +++ /dev/null @@ -1,46 +0,0 @@ -#cloud-config - -write_files: -- path: /etc/systemd/system/${image_name}.service - permissions: 0644 - owner: root - content: | - [Unit] - Description=Start ${image_name} docker container. Build: ${timestamp} - Wants=network-online.target - After=network-online.target - - [Service] - Environment="HOME=/root" - ExecStart=/usr/bin/docker run --restart unless-stopped -d -p 80:80 --name=${image_name} ${location}-docker.pkg.dev/${project_id}/${repo_name}/${image_name} -- path: /root/service_account.json - permissions: 0600 - owner: root - content: | - ${service_account_creds} -- path: /root/init.sh - permissions: 0700 - owner: root - content: | - # Install docker - apt update - apt install apt-transport-https ca-certificates curl software-properties-common -y - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - - add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" - apt update - apt install docker-ce -y - # Install gcloud CLI - curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | gpg --dearmor -o /usr/share/keyrings/cloud.google.gpg - echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list - apt-get update - apt-get install -y google-cloud-cli - # Configure docker with gcloud - gcloud auth activate-service-account --key-file=/root/service_account.json - gcloud auth configure-docker ${location}-docker.pkg.dev --quiet - # Start docker container - systemctl daemon-reload - systemctl start ${image_name}.service - - -runcmd: -- nohup /root/init.sh > /var/log/{{docker_image_name}}-instance-init.log 2>&1 & diff --git a/module/move/willbe/template/deploy/deploy/aws/variables.tf b/module/move/willbe/template/deploy/deploy/aws/variables.tf index ede2b296f3..ed15e05028 100644 --- a/module/move/willbe/template/deploy/deploy/aws/variables.tf +++ b/module/move/willbe/template/deploy/deploy/aws/variables.tf @@ -22,3 +22,13 @@ variable "IMAGE_NAME" { data "local_sensitive_file" "service_account_creds" { filename = "${path.module}/../../key/service_account.json" } + +# Private key for SSH connection +data "local_sensitive_file" "ssh_private_key" { + filename = "${path.module}/../../key/rsa_ssh_key" +} + +# Public key for SSH connection +data "local_sensitive_file" "ssh_public_key" { + filename = "${path.module}/../../key/rsa_ssh_key.pub" +} diff --git a/module/move/willbe/template/deploy/deploy/hetzner/templates/cloud-init.tpl.hbs b/module/move/willbe/template/deploy/deploy/cloud-init.tpl.hbs similarity index 65% rename from module/move/willbe/template/deploy/deploy/hetzner/templates/cloud-init.tpl.hbs rename to module/move/willbe/template/deploy/deploy/cloud-init.tpl.hbs index 081db47304..ce5dcfc9e2 100644 --- a/module/move/willbe/template/deploy/deploy/hetzner/templates/cloud-init.tpl.hbs +++ b/module/move/willbe/template/deploy/deploy/cloud-init.tpl.hbs @@ -1,18 +1,6 @@ #cloud-config write_files: -- path: /etc/systemd/system/${image_name}.service - permissions: 0644 - owner: root - content: | - [Unit] - Description=Start ${image_name} docker container. Build: ${timestamp} - Wants=network-online.target - After=network-online.target - - [Service] - Environment="HOME=/root" - ExecStart=/usr/bin/docker run -d -p 80:80 --name=${image_name} ${location}-docker.pkg.dev/${project_id}/${repo_name}/${image_name} - path: /root/service_account.json permissions: 0600 owner: root @@ -22,6 +10,10 @@ write_files: permissions: 0700 owner: root content: | + # Configure env for redeploy script + echo "DOCKER_IMAGE=${location}-docker.pkg.dev/${project_id}/${repo_name}/${image_name}" >> /etc/environment + echo "DOCKER_IMAGE_NAME=${image_name}" >> /etc/environment + # Install docker apt update apt install apt-transport-https ca-certificates curl software-properties-common -y @@ -37,10 +29,7 @@ write_files: # Configure docker with gcloud gcloud auth activate-service-account --key-file=/root/service_account.json gcloud auth configure-docker ${location}-docker.pkg.dev --quiet - # Start docker container - systemctl daemon-reload - systemctl start ${image_name}.service runcmd: -- nohup /root/init.sh > /var/log/{{docker_image_name}}-instance-init.log 2>&1 & +- nohup /root/init.sh > /var/log/deploy-init.log 2>&1 & diff --git a/module/move/willbe/template/deploy/deploy/gar/main.tf b/module/move/willbe/template/deploy/deploy/gar/main.tf.hbs similarity index 82% rename from module/move/willbe/template/deploy/deploy/gar/main.tf rename to module/move/willbe/template/deploy/deploy/gar/main.tf.hbs index 77709d13e6..920cd1db1e 100644 --- a/module/move/willbe/template/deploy/deploy/gar/main.tf +++ b/module/move/willbe/template/deploy/deploy/gar/main.tf.hbs @@ -9,7 +9,7 @@ resource "google_artifact_registry_repository" "container-images-repo" { location = var.REGION project = var.PROJECT_ID repository_id = var.REPO_NAME - description = "Docker image registry for the Learn Together web-site" + description = "Docker image registry for the {{docker_image_name}} deployments" # Format of the repository. We are using Docker. format = "DOCKER" } diff --git a/module/move/willbe/template/deploy/deploy/gce/main.tf b/module/move/willbe/template/deploy/deploy/gce/main.tf.hbs similarity index 62% rename from module/move/willbe/template/deploy/deploy/gce/main.tf rename to module/move/willbe/template/deploy/deploy/gce/main.tf.hbs index 9e74a148e1..f2cb1598d0 100644 --- a/module/move/willbe/template/deploy/deploy/gce/main.tf +++ b/module/move/willbe/template/deploy/deploy/gce/main.tf.hbs @@ -1,9 +1,8 @@ locals { # Helper var for formatting docker image name - image_name = format("%s-docker.pkg.dev/%s/%s/%s", var.REGION, var.PROJECT_ID, var.REPO_NAME, var.IMAGE_NAME) + image_name = format("%s-docker.pkg.dev/%s/%s/%s", var.REGION, var.PROJECT_ID, var.REPO_NAME, var.IMAGE_NAME) # Helper var for formatting subnetwork for our instance - subnetwork = format("projects/%s/regions/%s/subnetworks/default", var.PROJECT_ID, var.REGION) - instance_name = format("ltsite-%s", formatdate("YYYYMMDDhhmmss", timestamp())) + subnetwork = format("projects/%s/regions/%s/subnetworks/default", var.PROJECT_ID, var.REGION) } # Provider for resource creation @@ -18,10 +17,10 @@ resource "google_compute_address" "default" { } # GCE instance block. -resource "google_compute_instance" "lts-container-vm" { - project = var.PROJECT_ID +resource "google_compute_instance" "{{docker_image_name}}" { + project = var.PROJECT_ID # Instance name - name = local.instance_name + name = "{{docker_image_name}}" # Instance size. e2-micro is 0.25-2 vCPU & 1GB RAM machine_type = "e2-micro" zone = var.ZONE @@ -29,12 +28,12 @@ resource "google_compute_instance" "lts-container-vm" { # Main disk options boot_disk { initialize_params { - # Disk image name. We're using Container-optimised OS (COS). - image = "projects/cos-cloud/global/images/cos-stable-109-17800-147-15" + # Disk image name. We're using Ubuntu 24.04 distro. + image = "projects/ubuntu-os-cloud/global/images/ubuntu-2404-noble-amd64-v20241004" # Disk size in GB. 10GB is allowed minimum. - size = 10 + size = 10 # Disk type. Possible values: pd-standard, pd-ssd, or pd-balanced. - type = "pd-balanced" + type = "pd-balanced" } } @@ -52,19 +51,20 @@ resource "google_compute_instance" "lts-container-vm" { metadata = { # Cloud-init startup script for configuring the instance with our docker container. user-data = "${data.cloudinit_config.conf.rendered}" + ssh-keys = "root:${data.local_sensitive_file.ssh_public_key.content}" } allow_stopping_for_update = true scheduling { # Restart on failure. - automatic_restart = true + automatic_restart = true # Describes maintenance behavior for the instance. Possible values: MIGRATE or TERMINATE. on_host_maintenance = "MIGRATE" # Configures whether to allow stopping instance at any moment for reduced cost. - preemptible = false + preemptible = false # Configures spot instance. Possible values: SPOT or STANDARD. - provisioning_model = "STANDARD" + provisioning_model = "STANDARD" } # Configues service account scopes. @@ -86,3 +86,29 @@ resource "google_compute_instance" "lts-container-vm" { # Use `https-server` for https traffic on port 443. tags = ["http-server"] } + +resource "terraform_data" "redeploy" { + triggers_replace = timestamp() + + connection { + type = "ssh" + user = "root" + private_key = data.local_sensitive_file.ssh_private_key.content + host = google_compute_instance.{{docker_image_name}}.network_interface[0].access_config[0].nat_ip + } + + provisioner "file" { + source = "${path.module}/../redeploy.sh" + destination = "/tmp/redeploy.sh" + } + + provisioner "remote-exec" { + inline = [ + "#!/bin/bash", + "( tail -f -n1 /var/log/deploy-init.log & ) | grep -q 'Docker configuration file updated.'", + "source /etc/environment", + "chmod +x /tmp/redeploy.sh", + "/tmp/redeploy.sh" + ] + } +} diff --git a/module/move/willbe/template/deploy/deploy/gce/outputs.tf b/module/move/willbe/template/deploy/deploy/gce/outputs.tf.hbs similarity index 79% rename from module/move/willbe/template/deploy/deploy/gce/outputs.tf rename to module/move/willbe/template/deploy/deploy/gce/outputs.tf.hbs index 9228e2fa83..58b076f05b 100644 --- a/module/move/willbe/template/deploy/deploy/gce/outputs.tf +++ b/module/move/willbe/template/deploy/deploy/gce/outputs.tf.hbs @@ -1,5 +1,5 @@ locals { - ip = google_compute_instance.lts-container-vm.network_interface[0].access_config[0].nat_ip + ip = google_compute_instance.{{docker_image_name}}.network_interface[0].access_config[0].nat_ip } # Output that we get after applying. diff --git a/module/move/willbe/template/deploy/deploy/gce/templates/cloud-init.tpl b/module/move/willbe/template/deploy/deploy/gce/templates/cloud-init.tpl deleted file mode 100644 index 5c465968d9..0000000000 --- a/module/move/willbe/template/deploy/deploy/gce/templates/cloud-init.tpl +++ /dev/null @@ -1,24 +0,0 @@ -#cloud-config - -users: -- name: ${image_name} - uid: 2000 - -write_files: -- path: /etc/systemd/system/${image_name}.service - permissions: 0644 - owner: root - content: | - [Unit] - Description=Start the Learn Together ${image_name} docker container - Wants=gcr-online.target - After=gcr-online.target - - [Service] - Environment="HOME=/home/${image_name}" - ExecStartPre=/usr/bin/docker-credential-gcr configure-docker --registries=${location}-docker.pkg.dev - ExecStart=/usr/bin/docker run -d -p 80:80 --name=${image_name} ${location}-docker.pkg.dev/${project_id}/${repo_name}/${image_name} - -runcmd: -- systemctl daemon-reload -- systemctl start ${image_name}.service \ No newline at end of file diff --git a/module/move/willbe/template/deploy/deploy/hetzner/main.tf.hbs b/module/move/willbe/template/deploy/deploy/hetzner/main.tf.hbs index 5611dafc2d..b75e946aab 100644 --- a/module/move/willbe/template/deploy/deploy/hetzner/main.tf.hbs +++ b/module/move/willbe/template/deploy/deploy/hetzner/main.tf.hbs @@ -14,6 +14,12 @@ provider "hcloud" { token = var.HCLOUD_TOKEN } +# Creates an SSH key used for redeploy +resource "hcloud_ssh_key" "redeploy" { + name = "{{docker_image_name}} redeploy key" + public_key = data.local_sensitive_file.ssh_public_key.content +} + # Static IP for the instance resource "hcloud_primary_ip" "primary_ip" { name = "{{docker_image_name}}-ip" @@ -36,14 +42,41 @@ resource "hcloud_server" "{{docker_image_name}}" { ipv6_enabled = false } + ssh_keys = [ hcloud_ssh_key.redeploy.name ] + # Startup script for the instance # Installs docker, gcloud CLI, downloads docker images and starts the container - user_data = templatefile("${path.module}/templates/cloud-init.tpl", { + user_data = templatefile("${path.module}/../cloud-init.tpl", { location = "${var.REGION}" project_id = "${var.PROJECT_ID}" repo_name = "${var.REPO_NAME}" image_name = "${var.IMAGE_NAME}" service_account_creds = "${replace(data.local_sensitive_file.service_account_creds.content, "\n", "")}" - timestamp = "${timestamp()}" }) } + +resource "terraform_data" "redeploy" { + triggers_replace = timestamp() + + connection { + type = "ssh" + user = "root" + private_key = data.local_sensitive_file.ssh_private_key.content + host = hcloud_primary_ip.primary_ip.ip_address + } + + provisioner "file" { + source = "${path.module}/../redeploy.sh" + destination = "/tmp/redeploy.sh" + } + + provisioner "remote-exec" { + inline = [ + "#!/bin/bash", + "( tail -f -n1 /var/log/deploy-init.log & ) | grep -q 'Docker configuration file updated.'", + "source /etc/environment", + "chmod +x /tmp/redeploy.sh", + "/tmp/redeploy.sh" + ] + } +} diff --git a/module/move/willbe/template/deploy/deploy/hetzner/variables.tf b/module/move/willbe/template/deploy/deploy/hetzner/variables.tf index 92e5e44421..4d445400eb 100644 --- a/module/move/willbe/template/deploy/deploy/hetzner/variables.tf +++ b/module/move/willbe/template/deploy/deploy/hetzner/variables.tf @@ -27,3 +27,13 @@ variable "IMAGE_NAME" { data "local_sensitive_file" "service_account_creds" { filename = "${path.module}/../../key/service_account.json" } + +# Private key for SSH connection +data "local_sensitive_file" "ssh_private_key" { + filename = "${path.module}/../../key/rsa_ssh_key" +} + +# Public key for SSH connection +data "local_sensitive_file" "ssh_public_key" { + filename = "${path.module}/../../key/rsa_ssh_key.pub" +} diff --git a/module/move/willbe/template/deploy/deploy/redeploy.sh b/module/move/willbe/template/deploy/deploy/redeploy.sh new file mode 100644 index 0000000000..48695a43e1 --- /dev/null +++ b/module/move/willbe/template/deploy/deploy/redeploy.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +docker rm -f ${DOCKER_IMAGE_NAME} +docker rmi ${DOCKER_IMAGE} +docker pull ${DOCKER_IMAGE} +docker run -d --restart unless-stopped -p 80:80 --name=${DOCKER_IMAGE_NAME} ${DOCKER_IMAGE} diff --git a/module/move/willbe/template/deploy/key/Readme.md b/module/move/willbe/template/deploy/key/Readme.md index 53c085c1cd..84fc765608 100644 --- a/module/move/willbe/template/deploy/key/Readme.md +++ b/module/move/willbe/template/deploy/key/Readme.md @@ -16,6 +16,8 @@ A list of all keys you'd need to deploy your project on different hosts. All secrets can be provided as files in current directory: - [service_account.json](./service_account.json) - default credentials for the service account to use in deployment. +- [rsa_ssh_key](./rsa_ssh_key) - SSH Private key that will be used for redeployment. +- [rsa_ssh_key.pub](./rsa_ssh_key.pub) - SSH Private key that will be used for redeployment. - [`SECRET_STATE_ARCHIVE_KEY`](./SECRET_STATE_ARCHIVE_KEY) - [📃] base64 encoded AES256 key to encrypt and decrypt .tfstate files. - [`SECRET_CSP_HETZNER`](./SECRET_CSP_HETZNER) - [📃] Hetzner token for deploying a server. - [`SECRET_AWS_ACCESS_KEY_ID`](./SECRET_AWS_ACCESS_KEY_ID) - [📃] Access Key ID from AWS Credentials. Created at the same time as the Access Key itself.