updated readme

README.md

@@ -1,12 +1,51 @@
 # terraform
 
-The terraform code for my small personal infrastructure
+The terraform code for my small personal infrastructure.
+
+## Resources
+
+Currently, this will provision:
+* DNS entries on Namecheap
+* Alpine VPS on Linode
+* OpenBSD VPS on Vultr
+
+## Bootstrapping
+
+This repo alone wouldn't be able to bootstrap all of its resources by itself.
+If I had to start again from scratch I'd need to bootstrap some things
+manually.
+
+For instance, I use `caladan` as an http(s) proxy when applying the plans,
+because `caladan` has a static IP that I can whitelist one Namecheap's and
+Vultr's APIs.
+My home internet does not have a static IP.
+So I can't really apply the infrastructure in this repo before `caladan` is
+already provisioned and configured.
+
+So, this repo is mostly as documentation for myself and most of the time I
+create resources manually and import them later to terraform.
+
+## Wrapper scripts
+
+I run Terrafrom through two wrapper scripts: `init.sh` and `run_terraform`.
+
+`init.sh` is used just to run `terraform init`. It fetches the PostgreSQL
+phssword (from `pass`) and it passes the connection string manually to the
+partially-configured pg backend.
+
+`run_terraform` is used to run other terraform commands. It sets up the
+`HTTP_PROXY` and `HTTPS_PROXY` variables to use `caladan` as a proxy. It also
+fetches the secrets (from `pass`) and exports the variables for api keys and
+tokens needed by the different providers.
 
 ## Backend
 
-I use the pg backend on a PostgreSQL hosted on my NAS. Create the user (named
+I use the pg backend on a PostgreSQL hosted on my NAS.
-`terraform`) and database (`terraform_backend`) for it. The user's password is
+
-managed with `pass`.
+### Initializing the backend (only the first time)
+
+Create the user (named `terraform`) and database (`terraform_backend`). The
+user's password is managed with `pass`.
 
 ```sh
 pass generate pg.monotremata.xyz/terraform