adc/terraform/readme.org

* Overview
The TF module of ~ADC~ handles a few things:
- inits machine creation in ~Bikeshed~, my local proxmox cluster
- configures DNS for my projects. 

The idea is to keep ansible for configuration and use TF for machine creation / API communication.

** Using this
- Install ~Terraform~
- Move into the directory related to what you want to work on
- ~terraform plan~
- ~terraform apply~

** State management
 Using local tf state is mostly reasonable for a personal project, but I wanted to learn TF for enterprise reasons too, so I'm using Digital Ocean Spaces as an s3 compatible storage system. This is an explicit risk!! Sensitive shit can get written to those locations and leak keys or sensitive data to others.

 See the ~Exceptions~ area under secrets for mroe info.
 
** Importing
If and when you need to import stuff from outside of Terraform, use ~terraformer~:
https://github.com/GoogleCloudPlatform/terraformer

This is how I got everything in here in the first place!

** Secrets
secrets are managed via ~pass~, mostly

*** Add secrets
1. install pass
2. pass init `your gpg id` - make sure you use the right one, jesus FUCK. you want this public key: `98D96C71214AFB7583C03F5EDC798A32AE57BA46`
 ~pass insert <your secret name>~

*** Reference secrets
~export TF_VAR_DO_PAT=$(pass <your secret name>)~

*** Exceptions (digital ocean spaces access for backend storage):
  1. Install the awscli tool.
  2. ~aws configure --profile digitalocean~
  3. Fill in the fields with your key id and secret
  4. ~export AWS_PROFILE=digitalocean~
  5. Boom.
Initial terraform commit. Create 2 different subfolders: - jowj dot net owns / will own DNS for jowj.net and its subdomains - Bikeshed owns my provisioning VMs against my proxmox cluster env_creds.sh is just a simple way to export secrets from `pass` to my local environment. 10 months ago			`* Overview`
Move to using DO:Spaces as state backend. - Update provider.tf to include details about the backend - Include AWS PROFILE export in env creds - Update readme. 10 months ago			`The TF module of ~ADC~ handles a few things:`
			`- inits machine creation in ~Bikeshed~, my local proxmox cluster`
			`- configures DNS for my projects.`
Initial terraform commit. Create 2 different subfolders: - jowj dot net owns / will own DNS for jowj.net and its subdomains - Bikeshed owns my provisioning VMs against my proxmox cluster env_creds.sh is just a simple way to export secrets from `pass` to my local environment. 10 months ago
			`The idea is to keep ansible for configuration and use TF for machine creation / API communication.`

Move to using DO:Spaces as state backend. - Update provider.tf to include details about the backend - Include AWS PROFILE export in env creds - Update readme. 10 months ago			`** Using this`
Initial terraform commit. Create 2 different subfolders: - jowj dot net owns / will own DNS for jowj.net and its subdomains - Bikeshed owns my provisioning VMs against my proxmox cluster env_creds.sh is just a simple way to export secrets from `pass` to my local environment. 10 months ago			`- Install ~Terraform~`
			`- Move into the directory related to what you want to work on`
			`- ~terraform plan~`
			`- ~terraform apply~`

Move to using DO:Spaces as state backend. - Update provider.tf to include details about the backend - Include AWS PROFILE export in env creds - Update readme. 10 months ago			`** State management`
			`Using local tf state is mostly reasonable for a personal project, but I wanted to learn TF for enterprise reasons too, so I'm using Digital Ocean Spaces as an s3 compatible storage system. This is an explicit risk!! Sensitive shit can get written to those locations and leak keys or sensitive data to others.`

			`See the ~Exceptions~ area under secrets for mroe info.`

			`** Importing`
			`If and when you need to import stuff from outside of Terraform, use ~terraformer~:`
			`https://github.com/GoogleCloudPlatform/terraformer`

			`This is how I got everything in here in the first place!`

			`** Secrets`
			`secrets are managed via ~pass~, mostly`

			`*** Add secrets`
Remember what public key you want. 5 months ago			`1. install pass`
			2. pass init `your gpg id` - make sure you use the right one, jesus FUCK. you want this public key: `98D96C71214AFB7583C03F5EDC798A32AE57BA46`
Move to using DO:Spaces as state backend. - Update provider.tf to include details about the backend - Include AWS PROFILE export in env creds - Update readme. 10 months ago			`~pass insert <your secret name>~`

			`*** Reference secrets`
			`~export TF_VAR_DO_PAT=$(pass <your secret name>)~`

			`*** Exceptions (digital ocean spaces access for backend storage):`
			`1. Install the awscli tool.`
			`2. ~aws configure --profile digitalocean~`
			`3. Fill in the fields with your key id and secret`
			`4. ~export AWS_PROFILE=digitalocean~`
			`5. Boom.`
Initial terraform commit. Create 2 different subfolders: - jowj dot net owns / will own DNS for jowj.net and its subdomains - Bikeshed owns my provisioning VMs against my proxmox cluster env_creds.sh is just a simple way to export secrets from `pass` to my local environment. 10 months ago