Skip to content

chrisdickinson/infrastructure

master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
bin
 
 
 
 
 
 
 
 
 
 

chrisdickinson's personal infrastructure

I run a couple of HYPERTEXT PROTOCOL WEBSERVERS on the internet, amongst other things.

This repository contains terraform configuration for these sites:

  • neversaw.us
  • unbearablecomics.com
  • modules.guide
  • didact.us

The resources and configuration for the sites live in terraform/projects/, while common functionality will be factored out into terraform/modules/.

Setup

0. Clone this repo

git clone git@github.com:chrisdickinson/infrastructure.git


1. Install Direnv

You can follow the easy instructions here.

Once you have direnv, cd into your checkout of this repository and type direnv allow. This will install the following prerequisites:

  • awscli
  • op, the 1Password CLI
  • packer
  • ansible
  • terraform
  • jq

You can see how these are installed by looking at .envrc, which is run in a subshell managed by direnv.


2. (Optionally) Configure 1Password Integration values

By default, this repo assumes you'll be logging into a personal 1Password account (at my.1password.com), with a "Personal" vault and a secure note called credentials.env.

You can configure different settings by setting the following environment variables:

  • ONEPASSWORD_DOMAIN: If you are using this in a 1Pass team context, you can provide a team subdomain here. Example: ONEPASSWORD_DOMAIN=mygreatcompany. Defaults to my if not set.
  • ONEPASSWORD_VAULT: Set this to the vault where you'd like to keep your AWS credentials. Example: ONEPASSWORD_VAULT=Sprockets. Defaults to Personal.
  • ONEPASSWORD_ITEM: Set this to the name of the secure note you'd like to use. Defaults to credentials.env.

3. Configure 1Password CLI

If you are setting up a fresh install, you will need to run the following:

$ op signin my.1password.com <your email address>

You will be prompted for your secret 1Pass key as well as your password. If you want to use a team domain, replace my with your team's name. You should also set a ONEPASSWORD_DOMAIN variable with your team's name in your .bash_profile.


4. Configure credentials in 1Password

Define and export the following environment variables in a new shell.

  • CLOUDFLARE_EMAIL: The email associated with your Cloudflare account.
  • CLOUDFLARE_ZONE_ID: The zone id of your Cloudflare account.
  • CLOUDFLARE_TOKEN: The token granting programmatic access to your Cloudflare account.
  • AWS_ACCESS_KEY_ID: The public half of the AWS keypair used for managing the account.
  • AWS_SECRET_ACCESS_KEY: The secret half of the AWS keypair.
  • AWS_DEFAULT_REGION: The AWS region you wish to operate in. Defaults to us-west-2.
  • TF_VAR_site_access_key: The public half of the AWS keypair restricted to writing S3 data to a particular AWS bucket. Used in the AWS Lambda for writing items.
  • TF_VAR_site_secret_key: The private half of the AWS keypair.
  • GITHUB_USERNAME: Your GitHub username.

Run bin/setup-credentials. This will save a new secure note in your configured vault, replacing any existing item by the same name (defaults to Personal vault, credentials.env.)

Close the shell when you are finished.


5. Source activate-credentials

In order to run Terraform, Packer, AWS CLI, or any other scripts, run source bin/activate-credentials.

This will pull a script containing environment variables out of 1Password and source it, exporting those values to your shell. Close your shell when you're finished!


Notes

Example "upload the entire site to S3" command:

AWS_DEFAULT_REGION=us-west-2 aws s3 cp . s3://www.unbearablecomics.com/ --recursive --acl public-read

Ubuntu AMI picker for very good AMI bbs.

About

personal infrastructure

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published