Set SSH keys in cloud init (#10)

Fetch public SSH keys from GitHub for a list of users and sets them in
the VMs via cloud-init

terraform/main.tf

@@ -11,4 +11,6 @@ module "supernode" {
   prefix_ipv4_id          = data.netbox_prefix.primary_ipv4.id
   prefix_ipv6_id          = netbox_available_prefix.domain_ipv6.id
   loopback_prefix_ipv6_id = netbox_prefix.loopback_ipv6.id
+
+  vm_ssh_keys = local.ssh_keys
 }

terraform/modules/supernode/variables.tf

@@ -53,3 +53,8 @@ variable "vm_resource_pool" {
   description = "Proxmox pool to create VM in"
   default     = "Supernodes2.0"
 }
+
+variable "vm_ssh_keys" {
+  type        = list(string)
+  description = "Public keys to grant access to"
+}

terraform/modules/supernode/vm.tf

@@ -41,12 +41,14 @@ resource "proxmox_vm_qemu" "supernode" {
   agent     = 1
   os_type   = "cloud-init"
   ipconfig0 = "ip=dhcp,ip6=${netbox_available_ip_address.management_ipv6.ip_address}"
+  ciuser    = "admin"
+  sshkeys   = join("\n", var.vm_ssh_keys)
 
   define_connection_info = false
 
   lifecycle {
     ignore_changes = [
-      define_connection_info
+      define_connection_info,
     ]
   }
 }

terraform/ssh.tf

@@ -0,0 +1,8 @@
+data "http" "github_keys" {
+  for_each = toset(var.ssh_github_users)
+  url      = "https://github.com/${each.key}.keys"
+}
+
+locals {
+  ssh_keys = flatten([for name, resp in data.http.github_keys : split("\n", chomp(resp.response_body))])
+}

terraform/variables.tf

@@ -27,3 +27,9 @@ variable "primary_prefix_ipv6" {
   description = "Prefix to issue primary IPv6 addresses from"
   default     = "2001:678:b7c::/48"
 }
+
+variable "ssh_github_users" {
+  type        = list(string)
+  description = "Users to gather SSH public keys from GitHub for"
+  default     = ["mraerino", "nomaster"]
+}