feat(ops/secrets): Import secrets for tf-glesys
Adds the secrets and some instructions for deploying the GleSYS Terraform infrastructure. Change-Id: I1a10f9cee7648d406b3d27ef45fc74b6923cbc30 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4712 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
This commit is contained in:
parent
23693ca898
commit
df8edcb5f7
3 changed files with 21 additions and 0 deletions
20
ops/glesys/README.md
Normal file
20
ops/glesys/README.md
Normal file
|
@ -0,0 +1,20 @@
|
|||
Terraform for GleSYS
|
||||
======================
|
||||
|
||||
This contains the Terraform configuration for deploying TVL's
|
||||
infrastructure at [GleSYS](https://glesys.com). This includes object
|
||||
storage (e.g. for backups and Terraform state) and DNS.
|
||||
|
||||
Secrets are needed for applying this. The encrypted file
|
||||
`//ops/secrets/tf-glesys.age` contains `export` calls which should be
|
||||
sourced, for example via `direnv`, by users with the appropriate
|
||||
credentials.
|
||||
|
||||
An example `direnv` configuration used by tazjin is this:
|
||||
|
||||
```
|
||||
# //ops/secrets/.envrc
|
||||
source_up
|
||||
eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-glesys.age)
|
||||
watch_file $(git rev-parse --show-toplevel)/secrets/tf-glesys.age
|
||||
```
|
|
@ -30,5 +30,6 @@ in {
|
|||
"nix-cache-pub.age" = default;
|
||||
"owothia.age" = default;
|
||||
"panettone.age" = default;
|
||||
"tf-glesys.age" = default;
|
||||
"tf-keycloak.age" = default;
|
||||
}
|
||||
|
|
BIN
ops/secrets/tf-glesys.age
Normal file
BIN
ops/secrets/tf-glesys.age
Normal file
Binary file not shown.
Loading…
Reference in a new issue