History

Vincent Ambo 7d3d3b3c8f refactor(ops/glesys): add explicit records pointing to whitby instead of setting a wildcard record (which causes really weird behaviour if you set your search domain to tvl.su/tvl.fyi, which I do), DNS records for services running on whitby are now set explicitly. Change-Id: Ia05399b62dad326942fe0efda30782ce153df99d Reviewed-on: https://cl.tvl.fyi/c/depot/+/5961 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: tazjin <tazjin@tvl.su>		2022-07-22 11:17:58 +00:00
..
.gitignore	feat(ops/glesys): Add gitignore for Terraform files	2021-12-24 18:54:44 +00:00
default.nix	refactor(ops/glesys): Use tools.checks.validateTerraform	2022-06-07 09:32:13 +00:00
dns-nixery-dev.tf	feat(ops/glesys): Import DNS records for tvl.fyi	2021-12-27 16:42:53 +00:00
dns-tvl-fyi.tf	refactor(ops/glesys): add explicit records pointing to whitby	2022-07-22 11:17:58 +00:00
dns-tvl-su.tf	refactor(ops/glesys): add explicit records pointing to whitby	2022-07-22 11:17:58 +00:00
main.tf	refactor(ops/glesys): add explicit records pointing to whitby	2022-07-22 11:17:58 +00:00
README.md	feat(ops/secrets): Import secrets for tf-glesys	2021-12-27 15:53:57 +00:00

README.md

Terraform for GleSYS

This contains the Terraform configuration for deploying TVL's infrastructure at GleSYS. This includes object storage (e.g. for backups and Terraform state) and DNS.

Secrets are needed for applying this. The encrypted file //ops/secrets/tf-glesys.age contains export calls which should be sourced, for example via direnv, by users with the appropriate credentials.

An example direnv configuration used by tazjin is this:

# //ops/secrets/.envrc
source_up
eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-glesys.age)
watch_file $(git rev-parse --show-toplevel)/secrets/tf-glesys.age