2.4 KiB
2.4 KiB
tofu
Contains OpenTofu code used to manage our infrastructure, Nix'ified for Terranix.
Prerequisites
- Nix with Flakes enabled
- Credentials (see configuring), if not using the shared secrets:
tf_cloud_token
: Terraform Cloud token to use shared statehcloud_api_token
: Hetzner Cloud API token
Usage
Development shell
Before issuing any other commands, enter the development environment (if not using direnv
):
nix develop -c $SHELL
Handling credentials
Applying changes
nix run
Validating logic
nix run .#check
Showing the generated plan
nix run .#plan
Applying changes, approving automatically
nix run .#cd
Removing local state and derived credentials
nix run .#destroy
Running Nomad jobs locally
nix run .#local
Updating dependencies
nix flake update
Simulating a CI test
substituting <SOPS_AGE_KEY>
, run:
woodpecker-cli exec --env "SOPS_AGE_KEY=<SOPS_AGE_KEY>"
Secrets
-
if you want to reset secrets:
-
key setup: set environment variable
SOPS_AGE_KEY_FILE
orSOPS_AGE_KEY
sosops
can locate the secret key to anage
key pair that has its public key listed in.sops.yaml
, e.g.:export SOPS_AGE_KEY_FILE=./keys.txt
-
encoding secrets:
nix run .#encode
-
decoding secrets:
nix run .#decode
-
setting Terraform Cloud credentials, either by:
-
decode (as per above) to reuse the shared session
-
log in to the Terraform Cloud backend:
tofu login app.terraform.io
-
Configuring
In .auto.tfvars.json
override any OpenTofu variables, e.g.:
hcloud_location = "nbg1"