add nix flake for development

remove secret service usage with password in home dir
replace hermes mounted dir with data disk
pin terraform libvirt provider due to SSH issue
hard-code ssh known host file

terraform/data/main.tf

@@ -0,0 +1,31 @@
+terraform {
+  backend "pg" {
+    schema_name = "hermes-data"
+  }
+
+  required_providers {
+    libvirt = {
+      source = "dmacvicar/libvirt"
+      version = "0.7.1" # https://github.com/dmacvicar/terraform-provider-libvirt/issues/1040
+    }
+  }
+}
+
+provider "libvirt" {
+  # https://libvirt.org/uri.html#libssh-and-libssh2-transport
+  uri = "qemu+ssh://root@atlas.hyp/system?known_hosts=/etc/ssh/ssh_known_hosts"
+}
+
+resource "libvirt_volume" "data" {
+  name = "hermes-data"
+  pool = "data"
+  size = 1024 * 1024
+
+  lifecycle {
+    prevent_destroy = true
+  }
+}
+
+output "data_disk_id" {
+  value = libvirt_volume.data.id
+}

terraform/main.tf

@@ -6,6 +6,7 @@ terraform {
   required_providers {
     libvirt = {
       source = "dmacvicar/libvirt"
+      version = "0.7.1" # https://github.com/dmacvicar/terraform-provider-libvirt/issues/1040
     }
     template = {
       source = "hashicorp/template"
@@ -14,7 +15,8 @@ terraform {
 }
 
 provider "libvirt" {
-  uri = "qemu+ssh://root@atlas.hyp/system"
+  # https://libvirt.org/uri.html#libssh-and-libssh2-transport
+  uri = "qemu+ssh://root@atlas.hyp/system?known_hosts=/etc/ssh/ssh_known_hosts"
 }
 
 module "vm" {
@@ -24,5 +26,8 @@ module "vm" {
   fixed_address   = "192.168.30.7/24"
   mac             = "CA:FE:C0:FF:EE:07"
   fixed_dns       = "192.168.30.1"
-  hypervisor_host = "atlas.hyp"
+  data_disk       = "/kvm/data/hermes-data"
+  insecure_password = true
+
+  #  hypervisor_host = "atlas.hyp"
 }