added .gitignore

.gitignore

@@ -0,0 +1,4 @@
+.direnv
+.envrc
+.terraform
+.terraform.lock.hcl

README.md

@@ -1,2 +1,20 @@
 # terraform
 
+The terraform code for my small personal infrastructure
+
+## Backend
+
+I use the pg backend on a PostgreSQL hosted on my NAS. Create the user (named
+`terraform`) and database (`terraform_backend`) for it. The user's password is
+managed with `pass`.
+
+```sh
+pass generate pg.monotremata.xyz/terraform
+psql -u pg.monotremata.xyz
+```
+
+```sql
+CREATE DATABASE terraform_backend;
+CREATE USER terraform WITH ENCRYPTED PASSWORD '****';
+GRANT ALL PRIVILEGES ON DATABASE terraform_backend TO terraform;
+```

flake.lock

@@ -0,0 +1,43 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1659877975,
+        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1660639432,
+        "narHash": "sha256-2WDiboOCfB0LhvnDVMXOAr8ZLDfm3WdO54CkoDPwN1A=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "6c6409e965a6c883677be7b9d87a95fab6c3472e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,15 @@
+{
+  description = "shell for my terraform things";
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+  inputs.flake-utils.url = "github:numtide/flake-utils";
+
+  outputs = { self, nixpkgs, flake-utils }:
+    flake-utils.lib.eachDefaultSystem (system:
+      let pkgs = nixpkgs.legacyPackages.${system};
+      in {
+        devShell = pkgs.mkShell {
+          nativeBuildInputs = [ pkgs.bashInteractive pkgs.terraform ];
+          buildInputs = [ ];
+        };
+      });
+}

init.sh

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+PG_USER=terraform
+PG_HOST=pg.monotremata.xyz
+PG_DB=terraform_backend
+PG_PORT=5432
+
+passwd=$(pass "${PG_HOST}/${PG_USER}")
+conn_str="postgres://${PG_USER}:${passwd}@${PG_HOST}:${PG_PORT}/${PG_DB}"
+
+terraform init -backend-config="conn_str=${conn_str}"

main.tf

@@ -0,0 +1,9 @@
+terraform {
+  backend "pg" {}
+  required_providers {
+    namecheap = {
+      source = "namecheap/namecheap"
+      version = ">= 2.0.0"
+    }
+  }
+}

namecheap.tf

@@ -0,0 +1,24 @@
+// https://registry.terraform.io/providers/namecheap/namecheap/latest/docs
+
+variable "caladan-ip" {
+  type = string
+  default = "139.162.137.29"
+}
+
+provider "namecheap" {
+  user_name = "gthar"
+  api_user = "gthar"
+  client_ip = var.caladan-ip
+  use_sandbox = false
+}
+
+resource "namecheap_domain_records" "monotremata-xyz" {
+  domain = "monotremata.xyz"
+  mode = "MERGE"  // maybe eventually move to OVERWRITE
+
+  record {
+    hostname = "@"
+    type = "A"
+    address = var.caladan-ip
+  }
+}

run_terraform

@@ -0,0 +1,8 @@
+#!/bin/sh
+
+export HTTP_PROXY=caladan:8888
+export HTTPS_PROXY=caladan:8888
+NAMECHEAP_API_KEY=$(pass namecheap.com/api_key)
+export NAMECHEAP_API_KEY
+
+terraform "$@"