fixup! vault: implement bootstrap integration

hosts/template2/bootstrap.nix

@@ -109,7 +109,7 @@ in
       RemainAfterExit = true;
       ExecStart = "${bootstrap-script}/bin/nixos-bootstrap";
 
-      # Read environment variables from /run/cloud-init-env (set by cloud-init)
+      # Read environment variables from cloud-init (set by cloud-init write_files)
       EnvironmentFile = "-/run/cloud-init-env";
 
       # Logging to journald

terraform/cloud-init.tf

@@ -15,7 +15,7 @@ resource "proxmox_cloud_init_disk" "ci" {
   #cloud-config
   ssh_authorized_keys:
     - ${each.value.ssh_public_key}
-  ${each.value.flake_branch != null || each.value.vault_wrapped_token != null ? <<-FILES
+${each.value.flake_branch != null || each.value.vault_wrapped_token != null ? <<-FILES
   write_files:
     - path: /run/cloud-init-env
       content: |
@@ -28,7 +28,7 @@ resource "proxmox_cloud_init_disk" "ci" {
         VAULT_SKIP_VERIFY=1
         %{~ endif ~}
       permissions: '0600'
-  FILES
+FILES
 : ""}
   EOT
 

terraform/vms.tf

@@ -51,6 +51,7 @@ locals {
       memory    = 2048
       disk_size = "20G"
       flake_branch = "vault-bootstrap-integration"
+      vault_wrapped_token = "s.aLlvvgIX4RegyBZKwnDIplJ4"
     }
   }