1.6 KiB
1.6 KiB
tofu
Contains OpenTofu code used to manage our infrastructure, Nix'ified for Terranix.
Prerequisites
- Nix with Flakes enabled
- Credentials (see configuring), if not using the shared secrets:
tf_cloud_token
: Terraform Cloud token to use shared statehcloud_api_token
: Hetzner Cloud API token
Usage
Development shell
Before issuing any other commands, enter the development environment (if not using direnv
):
nix develop -c $SHELL
Commands
just -l
Handling credentials
Secrets
-
if you want to reset secrets:
- generate keypair:
just keygen
- list it in
sops
config file.sops.yaml
- generate keypair:
-
key setup: set environment variable
SOPS_AGE_KEY_FILE
orSOPS_AGE_KEY
sosops
can locate the secret key to anage
key pair that has its public key listed in.sops.yaml
, e.g. (listed in.envrc
):export SOPS_AGE_KEY_FILE=./keys.txt
-
setting Terraform Cloud credentials, either by:
- decode (as per above) to reuse the shared session
- log in to the Terraform Cloud backend:
just login
Configuring
In .auto.tfvars.json
override any OpenTofu variables, e.g.:
hcloud_location = "nbg1"