This repository is a quickstart to get a single 1GB 1vCPU Droplet up and running on DigitalOcean using Terraform and Ansible. You can use it as a jumping off point to build out your infrastructure.

The setup here riffs on this really cool project that shows you how to use Terraform and Ansible to provision two DO Droplets and a Load Balancer, with Nginx installed on both servers. Check it out!

This repo is specifically designed to mirror the functionality of DO's recommended Ubuntu 18.04 server setup instructions. So it's a great starting point if you want to work with DO tutorial prerequisites!

Make sure that you enter your own information into terraform.tfvars. For this file, you'll need:

• An SSH key on your local computer that's associated with your DigitalOcean account. To get the fingerprint of this key, run: ssh-keygen -E md5 -lf ~/.ssh/id_rsa.pub | awk '{print $2}'
• A personal access token.

Here's how to use this repo.

Clone it:

$ git clone https://github.com/katjuell/do-terraform-ansible.git do_setup

Move to the directory:

$ cd do_setup

Add your SSH fingerpint and DigitalOcean access token to terraform.tfvars:

$ vi terraform.tfvars

do_token = "" #fill this in with your own information
ssh_fingerprint = "" #fill this in with your own information

If you want to change the size of the resources in terraform.tf you should feel free. Also feel free to rename your Droplet — test isn't very descriptive:

...
# create smallest droplet
resource "digitalocean_droplet" "test" {
  image    = "ubuntu-18-04-x64"
  name     = "test"
  region   = "nyc3"
  size     = "s-1vcpu-1gb"
  ssh_keys = ["${var.ssh_fingerprint}"]
}
...

In ansible.yml, you'll also want to create a username other than sammy:

...
   - name: create user 'sammy'
      user: 
          name: sammy 
          append: yes 
          state: present 
          createhome: yes 
          shell: /bin/bash

    - name: allow 'sammy' to have passwordless sudo
      lineinfile:
        dest: /etc/sudoers
        line: 'sammy ALL=(ALL) NOPASSWD: ALL'
        validate: 'visudo -cf %s'

    - name: set up authorized keys for 'sammy' user
      authorized_key: user=sammy key="{{item}}"
      with_file:
        - ~/.ssh/id_rsa.pub
...

You are ready to start!

Initialize Terraform:

$ terraform init

Test the plan for provisioning your infrastructure:

$ terraform plan

Create your server:

$ terraform apply

Run the playbook to create your user and configure your firewall with UFW:

$ ansible-playbook -i inventory ansible.yml

Your terraform.tfstate file will have your IP address; you can also get it from the DO Control Panel.

SSH into your server as your non-root user, and change your password:

$ sudo passwd sammy

You are good to go!

When you are ready to take everything down, type:

terraform destroy