Go to file
Ricard Illa 7c4e13dbf7
updated flake
2022-08-25 10:24:08 +02:00
scripts better file organization 2022-08-25 10:18:32 +02:00
tf better file organization 2022-08-25 10:18:32 +02:00
.gitignore added .gitignore 2022-08-18 18:17:38 +02:00
.woodpecker.yml better file organization 2022-08-25 10:18:32 +02:00
LICENSE Initial commit 2022-08-18 18:08:03 +02:00
README.md better file organization 2022-08-25 10:18:32 +02:00
flake.lock updated flake 2022-08-25 10:24:08 +02:00
flake.nix linode-cli on nix shell 2022-08-25 08:49:37 +02:00

README.md

terraform

The terraform code for my small personal infrastructure.

Resources

Currently, this will provision:

  • DNS entries on Namecheap
  • Alpine VPS on Linode
  • OpenBSD VPS on Vultr

Bootstrapping

This repo alone wouldn't be able to bootstrap all of its resources by itself. If I had to start again from scratch I'd need to bootstrap some things manually.

For instance, I use caladan as an http(s) proxy when applying the plans, because caladan has a static IP that I can whitelist one Namecheap's and Vultr's APIs. My home internet does not have a static IP. So I can't really apply the infrastructure in this repo before caladan is already provisioned and configured.

So, this repo is mostly as documentation for myself and most of the time I create resources manually and import them later to terraform.

Wrapper scripts

I run Terrafrom through two wrapper scripts: scripts/init.sh and scripts/run_terraform.

scripts/init.sh is used just to run terraform init. It fetches the PostgreSQL phssword (from pass) and it passes the connection string manually to the partially-configured pg backend.

scripts/run_terraform is used to run other terraform commands. It sets up the HTTP_PROXY and HTTPS_PROXY variables to use caladan as a proxy. It also fetches the secrets (from pass) and exports the variables for api keys and tokens needed by the different providers.

Backend

I use the pg backend on a PostgreSQL hosted on my NAS.

Initializing the backend (only the first time)

Create the user (named terraform) and database (terraform_backend). The user's password is managed with pass.

pass generate pg.monotremata.xyz/terraform
psql --host pg.monotremata.xyz
CREATE DATABASE terraform_backend;
CREATE USER terraform WITH ENCRYPTED PASSWORD '****';
GRANT ALL PRIVILEGES ON DATABASE terraform_backend TO terraform;