2.0 KiB
terraform
The terraform code for my small personal infrastructure.
Resources
Currently, this will provision:
- DNS entries on Namecheap
- Alpine VPS on Linode
- OpenBSD VPS on Vultr
Bootstrapping
This repo alone wouldn't be able to bootstrap all of its resources by itself. If I had to start again from scratch I'd need to bootstrap some things manually.
For instance, I use caladan as an http(s) proxy when applying the plans,
because caladan has a static IP that I can whitelist one Namecheap's and
Vultr's APIs.
My home internet does not have a static IP.
So I can't really apply the infrastructure in this repo before caladan is
already provisioned and configured.
So, this repo is mostly as documentation for myself and most of the time I create resources manually and import them later to terraform.
Wrapper scripts
I run Terrafrom through two wrapper scripts: scripts/init.sh and
scripts/run_terraform.
scripts/init.sh is used just to run terraform init. It fetches the
PostgreSQL password (from pass) and it passes the connection string manually
to the partially-configured pg backend.
scripts/run_terraform is used to run other terraform commands. It sets up the
HTTP_PROXY and HTTPS_PROXY variables to use caladan as a proxy. It also
fetches the secrets (from pass) and exports the variables for api keys and
tokens needed by the different providers.
Additionally, I also wrote a simple Makefile to init/plan/apply quickly.
Backend
I use the pg backend on a PostgreSQL hosted on my NAS.
Initializing the backend (only the first time)
Create the user (named terraform) and database (terraform_backend). The
user's password is managed with pass.
pass generate pg.monotremata.xyz/terraform
psql --host pg.monotremata.xyz
CREATE USER terraform WITH ENCRYPTED PASSWORD '****';
CREATE DATABASE terraform_backend;
GRANT ALL PRIVILEGES ON DATABASE terraform_backend TO terraform;
CREATE DATABASE terraform_lan;
GRANT ALL PRIVILEGES ON DATABASE terraform_lan TO terraform;