From 9d32790c99af1845f41ac24ade4cad4006cc4d16 Mon Sep 17 00:00:00 2001
From: Felix Nehrke <felix@nehrke.info>
Date: Mon, 29 Sep 2025 03:27:20 +0200
Subject: [PATCH] Move terraform-state to b2

The terraform-state can be stored in backblaze b2 with some
configurations. This changes does exactly this. Note, that this requires
the special env-variables `AWS_SECRET_ACCESS_KEY` and
`AWS_ACCESS_KEY_ID` which are normally part of the AWS-setup. To be able
to use AWS and this setup in parallel I use dotenv to maintain the
variables in the special file `.envrc`.

Reference: https://andrzejgor.ski/posts/backblaze_b2_tf_state
Reference: https://www.reddit.com/r/selfhosted/comments/1iv1qir
Reference: https://direnv.net/
---
 .gitignore  |  1 +
 versions.tf | 14 ++++++++++++++
 2 files changed, 15 insertions(+)

diff --git a/.gitignore b/.gitignore
index 985c78c..efb19a1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,6 +3,7 @@ inventory.*
 README.*
 !README.adoc
 password.txt
+.envrc
 
 # Created by https://www.toptal.com/developers/gitignore/api/vim,ansible,jetbrains,terraform
 # Edit at https://www.toptal.com/developers/gitignore?templates=vim,ansible,jetbrains,terraform
diff --git a/versions.tf b/versions.tf
index 290df94..c26d3ff 100644
--- a/versions.tf
+++ b/versions.tf
@@ -1,4 +1,18 @@
 terraform {
+  backend "s3" {
+    bucket = "nemoinho-tfstate"
+    key    = "hetzner-infra/terraform.tfstate"
+    region = "eu-central-003"
+    endpoints = {
+      s3 = "https://s3.eu-central-003.backblazeb2.com"
+    }
+    skip_credentials_validation = true
+    skip_region_validation      = true
+    skip_metadata_api_check     = true
+    skip_requesting_account_id  = true
+    skip_s3_checksum            = true
+  }
+
   required_providers {
     hetznerdns = {
       source  = "timohirt/hetznerdns"