terraform/README.md

67 lines
2.0 KiB
Markdown
Raw Permalink Normal View History

2022-08-18 18:08:03 +02:00
# terraform
2022-08-25 09:50:11 +02:00
The terraform code for my small personal infrastructure.
## Resources
Currently, this will provision:
* DNS entries on Namecheap
* Alpine VPS on Linode
* OpenBSD VPS on Vultr
## Bootstrapping
This repo alone wouldn't be able to bootstrap all of its resources by itself.
If I had to start again from scratch I'd need to bootstrap some things
manually.
For instance, I use `caladan` as an http(s) proxy when applying the plans,
because `caladan` has a static IP that I can whitelist one Namecheap's and
Vultr's APIs.
My home internet does not have a static IP.
So I can't really apply the infrastructure in this repo before `caladan` is
already provisioned and configured.
So, this repo is mostly as documentation for myself and most of the time I
create resources manually and import them later to terraform.
## Wrapper scripts
2022-08-25 10:18:32 +02:00
I run Terrafrom through two wrapper scripts: `scripts/init.sh` and
`scripts/run_terraform`.
2022-08-25 09:50:11 +02:00
2022-08-25 10:18:32 +02:00
`scripts/init.sh` is used just to run `terraform init`. It fetches the
2022-08-25 11:48:34 +02:00
PostgreSQL password (from `pass`) and it passes the connection string manually
2022-08-25 10:18:32 +02:00
to the partially-configured pg backend.
2022-08-25 09:50:11 +02:00
2022-08-25 10:18:32 +02:00
`scripts/run_terraform` is used to run other terraform commands. It sets up the
2022-08-25 09:50:11 +02:00
`HTTP_PROXY` and `HTTPS_PROXY` variables to use `caladan` as a proxy. It also
fetches the secrets (from `pass`) and exports the variables for api keys and
tokens needed by the different providers.
2022-08-25 11:46:50 +02:00
Additionally, I also wrote a simple `Makefile` to init/plan/apply quickly.
## Backend
2022-08-25 09:50:11 +02:00
I use the pg backend on a PostgreSQL hosted on my NAS.
### Initializing the backend (only the first time)
Create the user (named `terraform`) and database (`terraform_backend`). The
user's password is managed with `pass`.
```sh
pass generate pg.monotremata.xyz/terraform
2022-08-18 18:20:37 +02:00
psql --host pg.monotremata.xyz
```
```sql
CREATE USER terraform WITH ENCRYPTED PASSWORD '****';
2023-05-29 15:10:50 +02:00
CREATE DATABASE terraform_backend;
GRANT ALL PRIVILEGES ON DATABASE terraform_backend TO terraform;
2023-05-29 15:10:50 +02:00
CREATE DATABASE terraform_lan;
GRANT ALL PRIVILEGES ON DATABASE terraform_lan TO terraform;
```