terraform

Contains Terraform code used to manage our infrastructure, Nix'ified for Terranix.

Prerequisites

• Nix with Flakes enabled
• Hetzner Cloud API token
• Terraform Cloud to use shared state

Usage

• Run nix develop -c $SHELL to enter the development environment if not using direnv.
• Run tofu login app.terraform.io to log in to the Terraform Cloud backend
• Run nix run to apply changes.
• Run nix flake update to update dependencies.

Authentication

Create a file terraform.tfvars containing:

hcloud_api_token = "<HETZNER_API_KEY>"

... substituting in our actual key.

Managed state

• go to https://gitlab.com/bij1/intranet/terraform/-/terraform
• open the triple dot menu for bij1 and select Copy Terraform init command
• substitute in a personal access token in the shown command
• run the command locally to access the shared state

HCL to Nix

Code-styling

We try to adhere to the naming conventions and code-styling best practices defined at Terraform best practices.

Secrets

Two steps:

1. Create a variable in variables.tf with sensitive = true, to prevent it from appearing in the build output.
2. Add the desired variable to the Environment Variables.

We may want to look at something like git-crypt or a central password store.