From 6d598835cd6ddbaf83e50432bd1d5491ef266ab3 Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Sat, 31 May 2025 16:28:43 +1000
Subject: [PATCH] feat: add certbot host

---
 config/instances/ausyd1nxvm2057/config.yaml   |  7 +++
 .../instances/ausyd1nxvm2057/terragrunt.hcl   | 52 +++++++++++++++++++
 2 files changed, 59 insertions(+)
 create mode 100644 config/instances/ausyd1nxvm2057/config.yaml
 create mode 100644 config/instances/ausyd1nxvm2057/terragrunt.hcl

diff --git a/config/instances/ausyd1nxvm2057/config.yaml b/config/instances/ausyd1nxvm2057/config.yaml
new file mode 100644
index 0000000..14e62d6
--- /dev/null
+++ b/config/instances/ausyd1nxvm2057/config.yaml
@@ -0,0 +1,7 @@
+description: certbot
+cobbler_mgmt_classes:
+  - roles::infra::pki::certbot
+profiles:
+  - disk20
+  - net_com1_eth0
+  - 2core2048
diff --git a/config/instances/ausyd1nxvm2057/terragrunt.hcl b/config/instances/ausyd1nxvm2057/terragrunt.hcl
new file mode 100644
index 0000000..c3099a9
--- /dev/null
+++ b/config/instances/ausyd1nxvm2057/terragrunt.hcl
@@ -0,0 +1,52 @@
+locals {
+  node_name     = "prodnxsr0009"
+  config_common     = yamldecode(file("${get_terragrunt_dir()}/../config_common.yaml"))
+  config_specific   = yamldecode(file("${get_terragrunt_dir()}/config.yaml"))
+  config            = merge(local.config_common, local.config_specific)
+  instance_name     = basename(get_terragrunt_dir())
+}
+
+inputs = merge(
+  {
+    name = local.instance_name
+  },
+  local.config
+)
+
+include "root" {
+  path   = find_in_parent_folders("root.hcl")
+}
+
+include "instances" {
+  path   = find_in_parent_folders("instances.hcl")
+  expose = true
+  merge_strategy = "deep"
+}
+
+dependencies {
+  paths = ["${get_repo_root()}/config/nodes/${local.node_name}"]
+}
+
+terraform {
+  source = "${get_repo_root()}/modules/instance"
+}
+
+generate "incus" {
+  path      = "incus.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<-EOF
+    provider "incus" {
+      generate_client_certificates = true
+      accept_remote_certificate    = true
+
+      remote {
+        name    = "${basename(get_terragrunt_dir())}"
+        scheme  = "https"
+        address = "${yamldecode(file("${get_repo_root()}/config/nodes/${local.node_name}/config.yaml")).node_addr}"
+        port    = "${yamldecode(file("${get_repo_root()}/config/nodes/${local.node_name}/config.yaml")).node_port}"
+        token   = "${get_env("INCUS_TOKEN_${upper(local.node_name)}")}"
+        default = true
+      }
+    }
+  EOF
+}