adc/terraform
josiah 7982871e25 Add calibre to mediaserver stack.
Investigating using calibre-web insteado of the full desktop
app. hopefully this works out well with using readarr as the primary
management interface.
2024-01-01 18:47:40 -06:00
..
bikeshed Create TF for highsea deploy. 2023-12-31 23:18:46 -06:00
do_domains Add calibre to mediaserver stack. 2024-01-01 18:47:40 -06:00
env_creds.sh Move to using DO:Spaces as state backend. 2023-08-06 20:41:36 -05:00
readme.org Remember what public key you want. 2023-12-22 23:59:49 -06:00

Overview

The TF module of ADC handles a few things:

  • inits machine creation in Bikeshed, my local proxmox cluster
  • configures DNS for my projects.

The idea is to keep ansible for configuration and use TF for machine creation / API communication.

Using this

  • Install Terraform
  • Move into the directory related to what you want to work on
  • terraform plan
  • terraform apply

State management

Using local tf state is mostly reasonable for a personal project, but I wanted to learn TF for enterprise reasons too, so I'm using Digital Ocean Spaces as an s3 compatible storage system. This is an explicit risk!! Sensitive shit can get written to those locations and leak keys or sensitive data to others.

See the Exceptions area under secrets for mroe info.

Importing

If and when you need to import stuff from outside of Terraform, use terraformer: https://github.com/GoogleCloudPlatform/terraformer

This is how I got everything in here in the first place!

Secrets

secrets are managed via pass, mostly

Add secrets

  1. install pass
  2. pass init `your gpg id` - make sure you use the right one, jesus FUCK. you want this public key: `98D96C71214AFB7583C03F5EDC798A32AE57BA46`

pass insert <your secret name>

Reference secrets

export TF_VAR_DO_PAT=$(pass <your secret name>)

Exceptions (digital ocean spaces access for backend storage):

  1. Install the awscli tool.
  2. aws configure --profile digitalocean
  3. Fill in the fields with your key id and secret
  4. export AWS_PROFILE=digitalocean
  5. Boom.