Kiara Grouwstra 47d40e487f | ||
---|---|---|
lib | ||
ssh-keys | ||
.envrc | ||
.gitignore | ||
.terraform.lock.hcl | ||
.woodpecker.yml | ||
README.md | ||
config.nix | ||
flake.lock | ||
flake.nix | ||
treefmt.toml |
README.md
terraform
Contains Terraform code used to manage our infrastructure, Nix'ified for Terranix.
Prerequisites
- Nix with Flakes enabled
- Hetzner Cloud API token
- Terraform Cloud to use shared state
Usage
- Run
nix develop -c $SHELL
to enter the development environment if not usingdirenv
. - Run
tofu login app.terraform.io
to log in to the Terraform Cloud backend - Run
nix run
to apply changes. - Run
nix flake update
to update dependencies.
Authentication
Create a file terraform.tfvars
containing:
hcloud_api_token = "<HETZNER_API_KEY>"
... substituting in our actual key.
Managed state
- go to https://gitlab.com/bij1/intranet/terraform/-/terraform
- open the triple dot menu for
bij1
and selectCopy Terraform init command
- substitute in a personal access token in the shown command
- run the command locally to access the shared state
HCL to Nix
Code-styling
We try to adhere to the naming conventions and code-styling best practices defined at Terraform best practices.
Secrets
Two steps:
- Create a variable in
variables.tf
withsensitive = true
, to prevent it from appearing in the build output. - Add the desired variable to the Environment Variables.
We may want to look at something like git-crypt or a central password store.