From 00ae60fb076462ac086ff0c578259317a47cac06 Mon Sep 17 00:00:00 2001
From: Lander Van den Bulcke <landervandenbulcke@gmail.com>
Date: Tue, 14 Jan 2025 08:59:51 +0100
Subject: [PATCH] feat: add backup bucket

Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>
---
 .terraform.lock.hcl | 56 +++++++++++----------------------------------
 buckets.tf          | 35 ++++++++++++++++++++++++++++
 providers.tf        |  6 +++++
 3 files changed, 54 insertions(+), 43 deletions(-)

diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
index 61f5761..78fd75d 100644
--- a/.terraform.lock.hcl
+++ b/.terraform.lock.hcl
@@ -1,6 +1,19 @@
 # This file is maintained automatically by "tofu init".
 # Manual edits may be lost in future updates.
 
+provider "registry.opentofu.org/backblaze/b2" {
+  version     = "0.10.0"
+  constraints = "0.10.0"
+  hashes = [
+    "h1:e4sWNH6KEXlb7SXKSq3DRuY9StJG6ezZYZqrzLzgO/0=",
+    "zh:03d4ec22a8a47dfc4e1beccd261f37b22113646d246853195fe5d8cb6febf90c",
+    "zh:08c9ea953b3dcb01aeebd372b9bd2c1a6c1f0b996125bde03c094bc5e75fb55b",
+    "zh:4f8589276b11f00feb511bd500e2f02abe41371ce2ab74507dd53a7e1110e944",
+    "zh:8bfcdb1b1cfaa20fa0f717758fca38290e6bd5ff6499ad196dd2f68f95aeab18",
+    "zh:dfac030714a098956d6df3bf6277d08c19b5b037cd7ec30821ec2edb0de49328",
+  ]
+}
+
 provider "registry.opentofu.org/cloudflare/cloudflare" {
   version     = "5.0.0-rc1"
   constraints = "5.0.0-rc1"
@@ -23,49 +36,6 @@ provider "registry.opentofu.org/cloudflare/cloudflare" {
   ]
 }
 
-provider "registry.opentofu.org/hashicorp/cloudflare" {
-  version = "4.50.0"
-  hashes = [
-    "h1:0qvD5ZKn2tMZ8cOjQrUSITIC9tKCZbrSaSswV9lOyiU=",
-    "zh:0ef99ed39472a94e6a0d6fa733cf0a46bce3bf66eba2873efae8846efdddc237",
-    "zh:2929cbbffcead171d45c88e4a7a59e9c013ea775dafa68b10da8db7cd04b6140",
-    "zh:462601c87118088e1a718842e367af7d8e7620598d426980a6d6b33de759865e",
-    "zh:56766eb62a74a9d88d9efb8486dd3a0c5c9db873d0a980ae9ef1e8af27d74231",
-    "zh:6b4e8810d99498a5a20a5872982a0f1354e79cfc4a7dfe7cc656f1c7eaae47d8",
-    "zh:6d65bdb4ec94b6eecc8abe26d94e2ca09262dc1e7a9934db829f418be0119920",
-    "zh:71adeaf31e41a358ec6095004062e43f56ee7d4b2504e5613ab351d511695641",
-    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
-    "zh:89761c15908ccc2cf9c50bb5cb3be45d3ad0c45fc7c608c6b95f48c0288b7160",
-    "zh:8cc5d7c5939da89cfd01f3e51c84f3576564783acea9db86bd9e32049805ed96",
-    "zh:987cff8225b1dd436cdcb4fc6228689ae7e4281de6896412a2a9a3325c49f05e",
-    "zh:991e83ebb89867d71e01a1c215ed159efb425683b0a44707be8579eb0a337f06",
-    "zh:ab8177ae2d8f5cfa90043a6f867435012cae115f6061b832a7e2462e0ae87a67",
-    "zh:d1ca34df1398f201274a6a18102975148c10ca15aa43cfc56cc9897620929509",
-    "zh:d34946f70201baf6dda03e3b294c6bbe40d95d0278e97b9f636ded94822b24ac",
-  ]
-}
-
-provider "registry.opentofu.org/hashicorp/hcloud" {
-  version = "1.49.1"
-  hashes = [
-    "h1:FKGRNHVbcfQJd8EWrb8Ze5QHkaGr8zI+ZKxBMjvOwPk=",
-    "zh:3d5f9773da4f8203cf625d04a5a0e4ff7e202684c010a801a945756140c61cde",
-    "zh:446305d492017cda91e5c15122ec16ff15bfe3ef4d3fd6bcea0cdf7742ab1b86",
-    "zh:44d4f9156ed8b4f0444bd4dc456825940be49048828565964a192286d28c9f20",
-    "zh:492ad893d2f89bb17c9beb877c8ceb4a16caf39db1a79030fefeada6c7aa217f",
-    "zh:68dc552c19ad9d209ec6018445df6e06fb77a637513a53cc66ddce1b024082be",
-    "zh:7492495ffda6f6c49ab38b539bd2eb965b1150a63fb6b191a27dec07d17601cb",
-    "zh:850fe92005981ea00db86c3e49ba5b49732fdf1f7bd5530a68f6e272847059fc",
-    "zh:8cb67f744c233acfb1d68a6c27686315439d944edf733b95f113b4aa63d86713",
-    "zh:8e13dac46e8c2497772ed1baee701b1d1c26bcc95a63b5c4566c83468f504868",
-    "zh:c44249c6a8ba931e208a334792686b5355ab2da465cadea03c1ea8e73c02db12",
-    "zh:d103125a28a85c89aea0cb0c534fe3f504416c4d4fc75c37364b9ec5f66dd77d",
-    "zh:ed8f64e826aa9bfca95b72892271678cb78411b40d7b404a52404141e05a4ab1",
-    "zh:f40efad816de00b279bd1e2cbf62c76b0e5b2da150a0764f259984b318e30945",
-    "zh:f5e912d0873bf4ecc43feba4ceccdf158048080c76d557e47f34749139fdd452",
-  ]
-}
-
 provider "registry.opentofu.org/opentofu/hcloud" {
   version     = "1.49.1"
   constraints = "~> 1.49.1"
diff --git a/buckets.tf b/buckets.tf
index f99d4c4..610fb8d 100644
--- a/buckets.tf
+++ b/buckets.tf
@@ -1,3 +1,38 @@
+# Bucket for backups
+resource "b2_bucket" "backups" {
+  bucket_name = "lvdb-backups"
+  bucket_type = "allPrivate"
+}
+
+# Application key for backups bucket
+resource "b2_application_key" "restic" {
+  bucket_id = b2_bucket.backups.id
+  key_name  = "restic"
+  capabilities = [
+    "deleteFiles",
+    "listAllBucketNames",
+    "listBuckets",
+    "listFiles",
+    "readBucketEncryption",
+    "readBucketReplications",
+    "readBuckets",
+    "readFiles",
+    "shareFiles",
+    "writeBucketEncryption",
+    "writeBucketReplications",
+    "writeFiles"
+  ]
+}
+
+output "restic_application_key" {
+  value     = b2_application_key.restic.application_key
+  sensitive = true
+}
+
+output "restic_application_key_id" {
+  value = b2_application_key.restic.application_key_id
+}
+
 # Bucket for storage of nix cache
 resource "cloudflare_r2_bucket" "attic" {
   account_id    = var.account_id
diff --git a/providers.tf b/providers.tf
index 3e634e5..dbdb771 100644
--- a/providers.tf
+++ b/providers.tf
@@ -14,6 +14,10 @@ terraform {
     }
   }
   required_providers {
+    b2 = {
+      source  = "Backblaze/b2"
+      version = "0.10.0"
+    }
     cloudflare = {
       source  = "cloudflare/cloudflare"
       version = "5.0.0-rc1"
@@ -25,6 +29,8 @@ terraform {
   }
 }
 
+provider "b2" {}
+
 provider "cloudflare" {}
 
 provider "hcloud" {}