Kiara Grouwstra 1177ad0bfa | ||
---|---|---|
jobs | ||
lib | ||
ssh-keys | ||
.auto.tfvars.enc.yaml | ||
.envrc | ||
.gitignore | ||
.sops.yaml | ||
.terraform.lock.hcl | ||
.terraformignore | ||
.woodpecker.yml | ||
README.md | ||
config.nix | ||
flake.lock | ||
flake.nix | ||
justfile | ||
nomad.nix | ||
treefmt.toml |
README.md
tofu
Contains OpenTofu code used to manage our infrastructure, Nix'ified for Terranix.
Prerequisites
- Nix with Flakes enabled
- Credentials (see configuring), if not using the shared secrets:
tf_cloud_token
: Terraform Cloud token to use shared statehcloud_api_token
: Hetzner Cloud API token
Usage
Development shell
Before issuing any other commands, enter the development environment (if not using direnv
):
nix develop -c $SHELL
Commands
just -l
Handling credentials
Secrets
-
if you want to reset secrets:
- generate keypair:
just keygen
- list it in
sops
config file.sops.yaml
- generate keypair:
-
key setup: set environment variable
SOPS_AGE_KEY_FILE
orSOPS_AGE_KEY
sosops
can locate the secret key to anage
key pair that has its public key listed in.sops.yaml
, e.g. (listed in.envrc
):export SOPS_AGE_KEY_FILE=./keys.txt
-
setting Terraform Cloud credentials, either by:
- decode (as per above) to reuse the shared session
- log in to the Terraform Cloud backend:
just login
Configuring
In .auto.tfvars.json
override any OpenTofu variables, e.g.:
hcloud_location = "nbg1"