chrisdickinson's personal infrastructure
I run a couple of HYPERTEXT PROTOCOL WEBSERVERS on the internet, amongst other things.
This repository contains terraform configuration for these sites:
The resources and configuration for the sites live in
terraform/projects/, while common
functionality will be factored out into
0. Clone this repo
git clone email@example.com:chrisdickinson/infrastructure.git
1. Install Direnv
You can follow the easy instructions here.
Once you have direnv,
cd into your checkout of this repository and type
direnv allow. This will install the following
op, the 1Password CLI
You can see how these are installed by looking at
.envrc, which is run in a subshell managed by direnv.
2. (Optionally) Configure 1Password Integration values
By default, this repo assumes you'll be logging into a personal 1Password
account (at my.1password.com), with a "Personal" vault and a secure note
You can configure different settings by setting the following environment variables:
ONEPASSWORD_DOMAIN: If you are using this in a 1Pass team context, you can provide a team subdomain here. Example:
ONEPASSWORD_DOMAIN=mygreatcompany. Defaults to
myif not set.
ONEPASSWORD_VAULT: Set this to the vault where you'd like to keep your AWS credentials. Example:
ONEPASSWORD_VAULT=Sprockets. Defaults to
ONEPASSWORD_ITEM: Set this to the name of the secure note you'd like to use. Defaults to
3. Configure 1Password CLI
If you are setting up a fresh install, you will need to run the following:
$ op signin my.1password.com <your email address>
You will be prompted for your secret 1Pass key as well as your password. If you
want to use a team domain, replace
my with your team's name. You should also
ONEPASSWORD_DOMAIN variable with your team's name in your
4. Configure credentials in 1Password
Define and export the following environment variables in a new shell.
CLOUDFLARE_EMAIL: The email associated with your Cloudflare account.
CLOUDFLARE_ZONE_ID: The zone id of your Cloudflare account.
CLOUDFLARE_TOKEN: The token granting programmatic access to your Cloudflare account.
AWS_ACCESS_KEY_ID: The public half of the AWS keypair used for managing the account.
AWS_SECRET_ACCESS_KEY: The secret half of the AWS keypair.
AWS_DEFAULT_REGION: The AWS region you wish to operate in. Defaults to
TF_VAR_site_access_key: The public half of the AWS keypair restricted to writing S3 data to a particular AWS bucket. Used in the AWS Lambda for writing items.
TF_VAR_site_secret_key: The private half of the AWS keypair.
GITHUB_USERNAME: Your GitHub username.
bin/setup-credentials. This will save a new secure note in your configured vault, replacing any existing item by the same name (defaults to
Close the shell when you are finished.
5. Source activate-credentials
In order to run Terraform, Packer, AWS CLI, or any other scripts, run
This will pull a script containing environment variables out of 1Password and source it, exporting those values to your shell. Close your shell when you're finished!
Example "upload the entire site to S3" command:
AWS_DEFAULT_REGION=us-west-2 aws s3 cp . s3://www.unbearablecomics.com/ --recursive --acl public-read
Ubuntu AMI picker for very good AMI bbs.