terraform: drop cloudflare

not much point in keeping cloudflare in terraform just for account members

Author: zowoq

dev/packages.nix

@@ -61,15 +61,4 @@
     ];
     doCheck = false;
   };
-  terraform-providers = prev.terraform-providers // {
-    cloudflare = (prev.terraform-providers.cloudflare.override { rev = "v4.52.0"; }).overrideAttrs (_: {
-      src = final.fetchFromGitHub {
-        owner = "cloudflare";
-        repo = "terraform-provider-cloudflare";
-        rev = "v4.52.0";
-        hash = "sha256-rgXsROzfjtUw994JH8x+j/UNMyl7E9cZ+77Fczc3uB8=";
-      };
-      vendorHash = "sha256-RULgejA/RTDHhRJRiqlgckK4Ut3GLvIE081/i6gQTjI=";
-    });
-  };
 }

dev/terraform.nix

@@ -5,7 +5,6 @@
       devShells.terraform = pkgs.mkShellNoCC { packages = [ config.packages.terraform ]; };
       packages = {
         terraform = pkgs.terraform.withPlugins (p: [
-          p.cloudflare
           p.github
           p.hydra
           p.sops

devdoc/onboarding.md

@@ -8,7 +8,6 @@
 
 - Add their email in [terraform/locals.tf](../terraform/locals.tf), this will give them access to:
 
-  - [Cloudflare](https://dash.cloudflare.com/login)
   - [Terraform Cloud](https://app.terraform.io)
 
 - Add their user to the list of `admins` in [modules/nixos/buildbot.nix](../modules/nixos/buildbot.nix).
@@ -32,6 +31,7 @@
 - They will also need to be added manually to these services:
 
   - [Cachix](https://app.cachix.org/organization/nix-community/settings)
+  - [Cloudflare](https://dash.cloudflare.com/e4a2db52c495db230973c839a0699ae1/members)
   - [GitLab](https://gitlab.com/groups/nix-community/-/group_members)
   - [Hetzner Robot](https://robot.hetzner.com/key/index)
   - [OpenCollective](https://opencollective.com/nix-community/admin/team)

terraform/cloudflare.tf

@@ -1,11 +1,6 @@
-CLOUDFLARE_API_TOKEN: ENC[AES256_GCM,data:RCXy2ccuRjpLqrbqy6Xx3ZA6XO4ZgKKyK3vrl3WgeclRelrxZxOmhA==,iv:uyiU9UC2l8nm6tCcyuDa8Psk+bf4hyi5yruc+Q0jd9s=,tag:bpHTP7nJi58fu3TxJ+jcIA==,type:str]
 HYDRA_PASSWORD: ENC[AES256_GCM,data:7o8RuTWxYY7HNbMDgl9ur0j+ehI1bf0JSA==,iv:oZ6iHGGL4xbCC54kQ+mjpYYrm3Kn2PAlhDOyX8K6VCY=,tag:hXSlJSgjQymbsriHBiMy4w==,type:str]
 TFE_TOKEN: ENC[AES256_GCM,data:OiC6uMy/ilF3v/4cI0boZh7jYkVFwyeIASukif3d6PlWkIUkPonCbXmTXOcp+tpuCg7KzJC7r/bwsSM1BlFmCjXwOs7oeRK5sfNg+a071CEZnHpkMTgdwEqU,iv:mHIn4vwLS4oTYrhDVlmGbG0yzYrhcFbizIevGDIoaAs=,tag:UhKQ8w8Hk2POnZnr7BCBTg==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
     age:
         - recipient: age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz
           enc: |
@@ -52,8 +47,7 @@ sops:
             aUhpWnU2eHdQY2NjaEZPNWNPeVlhYjgKV4lec3/DD7lrt11Cut9YRzQqnSFiRkII
             mrrs8Y0NrX7hibd5skmMXdgkPNna8EotkUHbWq1qg5qO/D+AamsSCA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-01-10T20:48:42Z"
-    mac: ENC[AES256_GCM,data:bWP5cXQMQT5NCoS8z3Z1rDIrs7ahpOFNXUhHZlHg9X/kC8MECK8/4gG8ZRTs+5MNbpN/Vm5GJkCffMHzDDwG0ltGszy6Q7k3m0eYdkHS3/I1O0s8vzdF2/2hc9794GpUj1DuiIULsQfJJ6YemmZsXpDzepzkugXvU83rmqB7Lw0=,iv:hLFJsFqI+iTxivPLE2sN0Cc/qkGyNvmisR1BXOuLazg=,tag:54czUgcOhdOdXpvT+haNOA==,type:str]
-    pgp: []
+    lastmodified: "2025-04-05T03:46:54Z"
+    mac: ENC[AES256_GCM,data:uYnv+jWxTV6BAsGevnosue6pekopPc9FcVIYjxB0rl+WobqB5M74K+zrLMhLIsQ1l9GpKIsQUZejd1TyWPCv/NSnrTGLxuxJiKcsq0R0o4rnlSQQbFPXcYefznhOZcgQjQI8Cd/kzAVOv/Wo4gHNME5ednfbh7rpvdrIqInPi+c=,iv:P4tWoNw6bvSuyLS//SFxcUy86Fh1zzK5qSsxXaTBEbI=,tag:X1V7jWjmdMVICKVxBax2NQ==,type:str]
     unencrypted_suffix: _unencrypted
-    version: 3.8.1
+    version: 3.10.1

terraform/secrets.yaml

@@ -1,8 +1,5 @@
 terraform {
   required_providers {
-    cloudflare = {
-      source = "cloudflare/cloudflare"
-    }
     github = {
       source = "integrations/github"
     }
@@ -22,10 +19,6 @@ data "sops_file" "nix-community" {
   source_file = "secrets.yaml"
 }
 
-provider "cloudflare" {
-  api_token = data.sops_file.nix-community.data["CLOUDFLARE_API_TOKEN"]
-}
-
 provider "github" {
   # admin provides their own token
   owner = "nix-community"