Kiara Grouwstra
1177ad0bfa
|
||
|---|---|---|
| jobs | ||
| lib | ||
| ssh-keys | ||
| .auto.tfvars.enc.yaml | ||
| .envrc | ||
| .gitignore | ||
| .sops.yaml | ||
| .terraform.lock.hcl | ||
| .terraformignore | ||
| .woodpecker.yml | ||
| README.md | ||
| config.nix | ||
| flake.lock | ||
| flake.nix | ||
| justfile | ||
| nomad.nix | ||
| treefmt.toml | ||
README.md
tofu
Contains OpenTofu code used to manage our infrastructure, Nix'ified for Terranix.
Prerequisites
- Nix with Flakes enabled
- Credentials (see configuring), if not using the shared secrets:
tf_cloud_token: Terraform Cloud token to use shared statehcloud_api_token: Hetzner Cloud API token
Usage
Development shell
Before issuing any other commands, enter the development environment (if not using direnv):
nix develop -c $SHELL
Commands
just -l
Handling credentials
Secrets
-
if you want to reset secrets:
- generate keypair:
just keygen - list it in
sopsconfig file.sops.yaml
- generate keypair:
-
key setup: set environment variable
SOPS_AGE_KEY_FILEorSOPS_AGE_KEYsosopscan locate the secret key to anagekey pair that has its public key listed in.sops.yaml, e.g. (listed in.envrc):export SOPS_AGE_KEY_FILE=./keys.txt -
setting Terraform Cloud credentials, either by:
- decode (as per above) to reuse the shared session
- log in to the Terraform Cloud backend:
just login
Configuring
In .auto.tfvars.json override any OpenTofu variables, e.g.:
hcloud_location = "nbg1"