2.5 KiB
terraform
Contains Terraform code used to manage our infrastructure, Nix'ified for Terranix.
Prerequisites
Pre-commit hook
We want all our Terraform code to be well formatted and adhering to standards,
enforced by terraform fmt
. Thus there is a pre-commit hook available to
validate this. Unfortunately this cannot be enforced remotely, so there is a
one time manual step needed.
Run the following command right after cloning the repository:
./install_precommit_hook.sh
This will make sure you have the pre-commit hook installed so there is less of a chance you push something that doesn't match our standards.
Terraform
As we're using GitLab's Terraform image for our CI/CD pipeline, we'll stick to using the latest version of Terraform. Instruction on how to install Terraform can be found here: https://www.terraform.io/downloads
- Terraform Cloud to use shared state
Usage
- Run
nix develop -c $SHELL
to enter the development environment if not usingdirenv
. - Run
tofu login app.terraform.io
to log in to the Terraform Cloud backend - Run
nix run
to apply changes. - Run
nix flake update
to update dependencies.
Authentication
Create a file terraform.tfvars
containing:
... substituting in our actual key.
Managed state
- go to https://gitlab.com/bij1/intranet/terraform/-/terraform
- open the triple dot menu for
bij1
and selectCopy Terraform init command
- substitute in a personal access token in the shown command
- run the command locally to access the shared state
HCL to Nix
Code-styling
We try to adhere to the naming conventions and code-styling best practices defined at Terraform best practices.
Secrets
Two steps:
- Create a variable in
variables.tf
withsensitive = true
, to prevent it from appearing in the build output. - Add the desired variable to the Environment Variables.
We may want to look at something like git-crypt or a central password store.