terraform/README.md

# terraform

The terraform code for my small personal infrastructure.

## Resources

Currently, this will provision:
* DNS entries on Namecheap
* Alpine VPS on Linode
* OpenBSD VPS on Vultr

## Bootstrapping

This repo alone wouldn't be able to bootstrap all of its resources by itself.
If I had to start again from scratch I'd need to bootstrap some things
manually.

For instance, I use `caladan` as an http(s) proxy when applying the plans,
because `caladan` has a static IP that I can whitelist one Namecheap's and
Vultr's APIs.
My home internet does not have a static IP.
So I can't really apply the infrastructure in this repo before `caladan` is
already provisioned and configured.

So, this repo is mostly as documentation for myself and most of the time I
create resources manually and import them later to terraform.

## Wrapper scripts

I run Terrafrom through two wrapper scripts: `scripts/init.sh` and
`scripts/run_terraform`.

`scripts/init.sh` is used just to run `terraform init`. It fetches the
PostgreSQL password (from `pass`) and it passes the connection string manually
to the partially-configured pg backend.

`scripts/run_terraform` is used to run other terraform commands. It sets up the
`HTTP_PROXY` and `HTTPS_PROXY` variables to use `caladan` as a proxy. It also
fetches the secrets (from `pass`) and exports the variables for api keys and
tokens needed by the different providers.

Additionally, I also wrote a simple `Makefile` to init/plan/apply quickly.

## Backend

I use the pg backend on a PostgreSQL hosted on my NAS.

### Initializing the backend (only the first time)

Create the user (named `terraform`) and database (`terraform_backend`). The
user's password is managed with `pass`.

```sh
pass generate pg.monotremata.xyz/terraform
psql --host pg.monotremata.xyz
```

```sql
CREATE USER terraform WITH ENCRYPTED PASSWORD '****';

CREATE DATABASE terraform_backend;
GRANT ALL PRIVILEGES ON DATABASE terraform_backend TO terraform;

CREATE DATABASE terraform_lan;
GRANT ALL PRIVILEGES ON DATABASE terraform_lan TO terraform;
```
Initial commit 2022-08-18 18:08:03 +02:00			`# terraform`

updated readme 2022-08-25 09:50:11 +02:00			`The terraform code for my small personal infrastructure.`

			`## Resources`

			`Currently, this will provision:`
			`* DNS entries on Namecheap`
			`* Alpine VPS on Linode`
			`* OpenBSD VPS on Vultr`

			`## Bootstrapping`

			`This repo alone wouldn't be able to bootstrap all of its resources by itself.`
			`If I had to start again from scratch I'd need to bootstrap some things`
			`manually.`

			For instance, I use `caladan` as an http(s) proxy when applying the plans,
			because `caladan` has a static IP that I can whitelist one Namecheap's and
			`Vultr's APIs.`
			`My home internet does not have a static IP.`
			So I can't really apply the infrastructure in this repo before `caladan` is
			`already provisioned and configured.`

			`So, this repo is mostly as documentation for myself and most of the time I`
			`create resources manually and import them later to terraform.`

			`## Wrapper scripts`

better file organization 2022-08-25 10:18:32 +02:00			I run Terrafrom through two wrapper scripts: `scripts/init.sh` and
			`scripts/run_terraform`.
updated readme 2022-08-25 09:50:11 +02:00
better file organization 2022-08-25 10:18:32 +02:00			`scripts/init.sh` is used just to run `terraform init`. It fetches the
fixed typo 2022-08-25 11:48:34 +02:00			PostgreSQL password (from `pass`) and it passes the connection string manually
better file organization 2022-08-25 10:18:32 +02:00			`to the partially-configured pg backend.`
updated readme 2022-08-25 09:50:11 +02:00
better file organization 2022-08-25 10:18:32 +02:00			`scripts/run_terraform` is used to run other terraform commands. It sets up the
updated readme 2022-08-25 09:50:11 +02:00			`HTTP_PROXY` and `HTTPS_PROXY` variables to use `caladan` as a proxy. It also
			fetches the secrets (from `pass`) and exports the variables for api keys and
			`tokens needed by the different providers.`
updated readme with details about backend 2022-08-18 18:15:34 +02:00
added Makefile 2022-08-25 11:46:50 +02:00			Additionally, I also wrote a simple `Makefile` to init/plan/apply quickly.

updated readme with details about backend 2022-08-18 18:15:34 +02:00			`## Backend`

updated readme 2022-08-25 09:50:11 +02:00			`I use the pg backend on a PostgreSQL hosted on my NAS.`

			`### Initializing the backend (only the first time)`

			Create the user (named `terraform`) and database (`terraform_backend`). The
			user's password is managed with `pass`.
updated readme with details about backend 2022-08-18 18:15:34 +02:00
			```sh
			`pass generate pg.monotremata.xyz/terraform`
fixed typo 2022-08-18 18:20:37 +02:00			`psql --host pg.monotremata.xyz`
updated readme with details about backend 2022-08-18 18:15:34 +02:00			```

			```sql
			`CREATE USER terraform WITH ENCRYPTED PASSWORD '****';`
feat: added cert-manager for suricata 2023-05-29 15:10:50 +02:00
			`CREATE DATABASE terraform_backend;`
updated readme with details about backend 2022-08-18 18:15:34 +02:00			`GRANT ALL PRIVILEGES ON DATABASE terraform_backend TO terraform;`
feat: added cert-manager for suricata 2023-05-29 15:10:50 +02:00
			`CREATE DATABASE terraform_lan;`
			`GRANT ALL PRIVILEGES ON DATABASE terraform_lan TO terraform;`
updated readme with details about backend 2022-08-18 18:15:34 +02:00			```