Skip to content


Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

chrisdickinson's personal infrastructure

I run a couple of HYPERTEXT PROTOCOL WEBSERVERS on the internet, amongst other things.

This repository contains terraform configuration for these sites:


The resources and configuration for the sites live in terraform/projects/, while common functionality will be factored out into terraform/modules/.


0. Clone this repo

git clone

1. Install Direnv

You can follow the easy instructions here.

Once you have direnv, cd into your checkout of this repository and type direnv allow. This will install the following prerequisites:

  • awscli
  • op, the 1Password CLI
  • packer
  • ansible
  • terraform
  • jq

You can see how these are installed by looking at .envrc, which is run in a subshell managed by direnv.

2. (Optionally) Configure 1Password Integration values

By default, this repo assumes you'll be logging into a personal 1Password account (at, with a "Personal" vault and a secure note called credentials.env.

You can configure different settings by setting the following environment variables:

  • ONEPASSWORD_DOMAIN: If you are using this in a 1Pass team context, you can provide a team subdomain here. Example: ONEPASSWORD_DOMAIN=mygreatcompany. Defaults to my if not set.
  • ONEPASSWORD_VAULT: Set this to the vault where you'd like to keep your AWS credentials. Example: ONEPASSWORD_VAULT=Sprockets. Defaults to Personal.
  • ONEPASSWORD_ITEM: Set this to the name of the secure note you'd like to use. Defaults to credentials.env.

3. Configure 1Password CLI

If you are setting up a fresh install, you will need to run the following:

$ op signin <your email address>

You will be prompted for your secret 1Pass key as well as your password. If you want to use a team domain, replace my with your team's name. You should also set a ONEPASSWORD_DOMAIN variable with your team's name in your .bash_profile.

4. Configure credentials in 1Password

Define and export the following environment variables in a new shell.

  • CLOUDFLARE_EMAIL: The email associated with your Cloudflare account.
  • CLOUDFLARE_ZONE_ID: The zone id of your Cloudflare account.
  • CLOUDFLARE_TOKEN: The token granting programmatic access to your Cloudflare account.
  • AWS_ACCESS_KEY_ID: The public half of the AWS keypair used for managing the account.
  • AWS_SECRET_ACCESS_KEY: The secret half of the AWS keypair.
  • AWS_DEFAULT_REGION: The AWS region you wish to operate in. Defaults to us-west-2.
  • TF_VAR_site_access_key: The public half of the AWS keypair restricted to writing S3 data to a particular AWS bucket. Used in the AWS Lambda for writing items.
  • TF_VAR_site_secret_key: The private half of the AWS keypair.
  • GITHUB_USERNAME: Your GitHub username.

Run bin/setup-credentials. This will save a new secure note in your configured vault, replacing any existing item by the same name (defaults to Personal vault, credentials.env.)

Close the shell when you are finished.

5. Source activate-credentials

In order to run Terraform, Packer, AWS CLI, or any other scripts, run source bin/activate-credentials.

This will pull a script containing environment variables out of 1Password and source it, exporting those values to your shell. Close your shell when you're finished!


Example "upload the entire site to S3" command:

AWS_DEFAULT_REGION=us-west-2 aws s3 cp . s3:// --recursive --acl public-read

Ubuntu AMI picker for very good AMI bbs.


personal infrastructure






No releases published


No packages published