Go to file
Ricard Illa 0b95db5858 feat: added cert-manager for suricata 2023-05-29 15:10:50 +02:00
lan feat: added cert-manager for suricata 2023-05-29 15:10:50 +02:00
modules feat: added cert-manager for suricata 2023-05-29 15:10:50 +02:00
remote feat: added cert-manager for suricata 2023-05-29 15:10:50 +02:00
.envrc feat: added cert-manager for suricata 2023-05-29 15:10:50 +02:00
.gitignore added Makefile 2022-08-25 11:46:50 +02:00
.woodpecker.yml feat: big refactor 2023-05-23 12:50:26 +02:00
LICENSE Initial commit 2022-08-18 18:08:03 +02:00
Makefile added Makefile 2022-08-25 11:46:50 +02:00
README.md feat: added cert-manager for suricata 2023-05-29 15:10:50 +02:00
flake.lock updated flake 2022-08-25 10:24:08 +02:00
flake.nix feat: added cert-manager for suricata 2023-05-29 15:10:50 +02:00

README.md

terraform

The terraform code for my small personal infrastructure.

Resources

Currently, this will provision:

  • DNS entries on Namecheap
  • Alpine VPS on Linode
  • OpenBSD VPS on Vultr

Bootstrapping

This repo alone wouldn't be able to bootstrap all of its resources by itself. If I had to start again from scratch I'd need to bootstrap some things manually.

For instance, I use caladan as an http(s) proxy when applying the plans, because caladan has a static IP that I can whitelist one Namecheap's and Vultr's APIs. My home internet does not have a static IP. So I can't really apply the infrastructure in this repo before caladan is already provisioned and configured.

So, this repo is mostly as documentation for myself and most of the time I create resources manually and import them later to terraform.

Wrapper scripts

I run Terrafrom through two wrapper scripts: scripts/init.sh and scripts/run_terraform.

scripts/init.sh is used just to run terraform init. It fetches the PostgreSQL password (from pass) and it passes the connection string manually to the partially-configured pg backend.

scripts/run_terraform is used to run other terraform commands. It sets up the HTTP_PROXY and HTTPS_PROXY variables to use caladan as a proxy. It also fetches the secrets (from pass) and exports the variables for api keys and tokens needed by the different providers.

Additionally, I also wrote a simple Makefile to init/plan/apply quickly.

Backend

I use the pg backend on a PostgreSQL hosted on my NAS.

Initializing the backend (only the first time)

Create the user (named terraform) and database (terraform_backend). The user's password is managed with pass.

pass generate pg.monotremata.xyz/terraform
psql --host pg.monotremata.xyz
CREATE USER terraform WITH ENCRYPTED PASSWORD '****';

CREATE DATABASE terraform_backend;
GRANT ALL PRIVILEGES ON DATABASE terraform_backend TO terraform;

CREATE DATABASE terraform_lan;
GRANT ALL PRIVILEGES ON DATABASE terraform_lan TO terraform;