- HCL 93.2%
- Nix 6.8%
|
|
||
|---|---|---|
| terraform | ||
| .envrc | ||
| .gitignore | ||
| flake.lock | ||
| flake.nix | ||
| README.md | ||
spoons.technology core infrastructure
This is the "core" services, available to members to build services on top of.
Types of service
We separate the core services into "static" and "dynamic", depending on connectivity requirements. At a high-level, the goal is to run as much as we can on ephemeral infrastructure.
Static services
These have long-lived IP addresses, and valid reverse DNS to help with connectivity.
- Authentication (for Kerberos)
- DNS (so we can set up glue records)
- Mail (for IP reputation and reverse DNS)
Bootstrapping
These services are required before we can build automation, so they will need to be deployed manually initially.
Note that the bootstrap process assumes local terraform state, which will later be migrated.
Prerequisites
We use Nix flakes to manage project dependencies. The recommended workflow is to install nix, then enable direnv to automatically manage your environment.
You need access to Scaleway, and to have generated an api key via the console. Then set your credentials as environment variables:
export SCW_ACCESS_KEY=??? SCW_SECRET_KEY=???
To use Upcloud, you can pass your username and password as environment variables. However, access to the API is blocked by default. The best approach is to generate an api key, making sure to allow access from your IPs. Then set the token as an environment variable:
export UPCLOUD_TOKEN=???
To allow services to add themselves to DNS, you will need to provide Mythic Beasts API credentials. These need to be able to modify id1 and id2 .FQDN
export TF_VAR_dns_api_user=??? TF_VAR_dns_api_pass=???
Running Tofu
From the ./terraform directory, run:
tofu init
TF_VAR_environment=test tofu plan