jnsgruk / infra

Personal infrastructure code in Terraform/Docker Compose

Home Page:https://jnsgr.uk

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Personal Infrastructure

This repo contains the Infrastructure-as-Code that creates my personal infrastructure using docker-compose and terraform. It currently manages:

It also manages the following services on the droplet:

Traefik is configured to redirect all domains to HTTPS, and all certs are automatically issued from LetsEncrypt (provided the relevant DNS records are in place).

Secrets are managed using dotenv files encrypted with sops.

Getting Started

Provisioning the Infrastructure

To build the infrastructure with Terraform:

$ git clone https://github.com/jnsgruk/infra
$ cd infra
# Decrypt secrets (follow prompts)
$ ./secrets.sh decrypt
# Export the variables from the terraform env file
$ export $(grep -v "#" env/terraform.env | xargs)
# Change into the terraform directory
$ cd terraform
# Initialise Terraform
$ terraform init
# Deploy the infrastructure
$ terraform apply

Deploying Services

Once the droplet is provisioned, install docker and docker-compose, preferably using the Ansible Roles in my dotfiles/provisioning repository.

The docker-compose file relies upon a number of dotenv files, which exist in encrypted form in this repository.

# Clone the repo
$ git clone https://github.com/jnsgruk/infra
$ cd infra
# Decrypt secrets (follow prompts)
$ ./secrets.sh decrypt
# Login to the Github Packages Registry (where TOKEN.txt contains a valid Github access token)
$ cat ~/TOKEN.txt | docker login https://docker.pkg.github.com -u jnsgruk --password-stdin
# Create the infrastructure
$ docker-compose --env-file env/compose.env up -d

Adapting for your own use

Domain Config

Be sure to adjust any reference to jnsgr.uk to point to a domain that you control in the docker-compose.yml. You'll probably also want to comment out the section that hosts my website...

Env Files

If you are not me and do not have access to the encrypted dotenv files, the files should contain the following variables as a minimum:

You can source all the variables in a given .env file like so:

export $(cat env/terraform.env | sed 's/#.*//g' | xargs)

env/terraform.env

This file needs to specify two variables:

Name Required Notes
TF_VAR_do_token Yes A valid DigitalOcean API key
ARM_ACCESS_KEY Yes Access Key for a valid Azure Blob Storage account for storing Terraform state files

env/compose.env

This file needs to specify two variables:

Name Required Notes
EMAIL Yes Email address used when requesting LetsEncrypt certs
ezoic increase your site revenue

About

Personal infrastructure code in Terraform/Docker Compose

https://jnsgr.uk

License:MIT License


Languages

Language:HCL 81.5%Language:Shell 16.0%Language:Dockerfile 2.5%