My server infrastructure
The root shell is managed by direnv and the Nix flake. Terraform live environments can additionally load runtime variables from Infisical through infisical export.
Set the appropriate INFISICAL_PROJECT_ID in the root .envrc. For the deployment targets, there are additional variables that have to be set in their respective .envrc files. You may refer to existing environments under /terraform/live for setup examples.
For terraform/live/interserver-run4w4y, entering the directory loads /terraform from the configured Infisical environment when the CLI is authenticated. Ansible intentionally stays explicit; run playbooks through infisical run --env=prod --path=/ansible -- ....
I am using HCP for TF state management in terraform/live/interserver-run4w4y. Run terraform login to be able to access the state. Refer to .envrc and terragrunt.hcl files for adjusting the setup.
- Run the Consul deployment playbook.
- Run the Consul Terraform
- Run the Vault Ansible playbook
- Run the Vault Terraform
- Run the Nomad Ansible playbook
- Run the Cloudflare Terraform
- Run the Nomad Terraform