Automate provisioning and deployment of VPS

In order to perform that I had to remove Terraform's =.tfstate= files from the
repository. Terraform does support "backends" for storing the state files, but I
settled for storing it on a separate repo (vps-state).

For now it solves the state management problem:
- it has history of states;
- all state files are GPG encrypted;
- there's no coordination however, but only the CI should perform a deploy in
order to avoid race conditions.

I had to add GPG and SSH keys to sr.ht to achieve that:
- SSH public key to my profile to authorize it to push to vps-state repo;
- SSH private key to the secret builds.sr.ht environment to enable push to the
repository from the pipeline;
- GPG public key to git-crypt to make it possible for the pipeline to unlock the
encrypted content;
- GPG private key to the secret builds.sr.ht environment to enable decrypting
git-crypt content from the pipeline.

In order to avoid divergent environment from local and CI, the ./provision.sh
script is ran through nix-shell.

1 files changed, 5 insertions, 1 deletions

diff --git a/vps.tf b/vps.tf
index b89fd76..c599f36 100644
--- a/vps.tf
+++ b/vps.tf
@@ -25,4 +25,8 @@ resource "digitalocean_droplet" "vps" {
     private_key = "${file("${path.module}/secrets/id_rsa")}"
     timeout     = "2m"
   }
-}
+
+  provisioner "remote-exec" {
+    script = "./deploy.sh"
+  }
+}
\ No newline at end of file