feat: regenerate talosconfig

[frezbo]

Regenerate talosconfig when it neards expiry.

Fixes: #123

[frezbo]

/m

[dhess]

#123 has just hit us, and unfortunately it appears that our Terraform provider version is out of date and doesn't include this fix. Now we have a chicken-and-egg problem — the current talosconfig baked into the Terraform state has expired, and we can't regenerate it using the new functionality included in this PR.

How would you recommend that we work around this?

[DArtagan]

@dhess, today I hit this situation as well. Was running with 0.3.4 of the siderolabs/talos terraform provider, and my talosconfig certificates expired because it had been more than a year. A terraform state show showed that there was a machine_secrets module stored inside the Terraform config (module.talos.talos_machine_secrets.main). I couldn't find an example of the secrets.yaml (mentioned by https://www.talos.dev/v1.6/talos-guides/configuration/managing-pki/#from-secrets-bundle) to try and recreate it, but it gave me hope that the data was all there. Ultimately what I did:

1. Make a backup copy of the whole terraform directory/state - just in case.
2. Update the required_providers version for siderolabs/talos in my terraform manifest to 0.6.1.
3. terraform init --upgrade
4. terraform apply --target=resource.local_sensitive_file.talosconfig # yay, verified that it's only making changes to the certificate values. This file is where I write the contents from data.talos_client_configuration.main.talos_config
5. Verify that the refreshed talos config lets me interact with the cluster again. ✔️