From 8114d71a4d4b81bcf5b78bd06c24a44d2e4d08a4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Torjus=20H=C3=A5kestad?= <torjus@usit.uio.no>
Date: Mon, 2 Feb 2026 23:58:17 +0100
Subject: [PATCH] fixup! vault: implement bootstrap integration

---
 hosts/template2/bootstrap.nix | 2 +-
 terraform/cloud-init.tf       | 4 ++--
 terraform/vms.tf              | 1 +
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/hosts/template2/bootstrap.nix b/hosts/template2/bootstrap.nix
index 4cc4b83..322e171 100644
--- a/hosts/template2/bootstrap.nix
+++ b/hosts/template2/bootstrap.nix
@@ -109,7 +109,7 @@ in
       RemainAfterExit = true;
       ExecStart = "${bootstrap-script}/bin/nixos-bootstrap";
 
-      # Read environment variables from /run/cloud-init-env (set by cloud-init)
+      # Read environment variables from cloud-init (set by cloud-init write_files)
       EnvironmentFile = "-/run/cloud-init-env";
 
       # Logging to journald
diff --git a/terraform/cloud-init.tf b/terraform/cloud-init.tf
index 22a74d1..4bb402c 100644
--- a/terraform/cloud-init.tf
+++ b/terraform/cloud-init.tf
@@ -15,7 +15,7 @@ resource "proxmox_cloud_init_disk" "ci" {
   #cloud-config
   ssh_authorized_keys:
     - ${each.value.ssh_public_key}
-  ${each.value.flake_branch != null || each.value.vault_wrapped_token != null ? <<-FILES
+${each.value.flake_branch != null || each.value.vault_wrapped_token != null ? <<-FILES
   write_files:
     - path: /run/cloud-init-env
       content: |
@@ -28,7 +28,7 @@ resource "proxmox_cloud_init_disk" "ci" {
         VAULT_SKIP_VERIFY=1
         %{~ endif ~}
       permissions: '0600'
-  FILES
+FILES
 : ""}
   EOT
 
diff --git a/terraform/vms.tf b/terraform/vms.tf
index 7e36834..76eb802 100644
--- a/terraform/vms.tf
+++ b/terraform/vms.tf
@@ -51,6 +51,7 @@ locals {
       memory    = 2048
       disk_size = "20G"
       flake_branch = "vault-bootstrap-integration"
+      vault_wrapped_token = "s.aLlvvgIX4RegyBZKwnDIplJ4"
     }
   }