From d9fa6a96ff24505a415e83c68e3688f647fc7ed5 Mon Sep 17 00:00:00 2001
From: Jeremy Dormitzer <jeremydormitzer@lola.com>
Date: Thu, 3 Dec 2020 13:35:17 -0500
Subject: [PATCH] Initial commit: set up DigitalOcean Terraform backend

---
 .gitignore                  |  4 ++++
 README.md                   | 23 +++++++++++++++++++++++
 mgmt/do-spaces/main.tf      | 14 ++++++++++++++
 mgmt/do-spaces/terraform.tf | 21 +++++++++++++++++++++
 mgmt/do-spaces/variables.tf | 11 +++++++++++
 tf-init.sh                  | 10 ++++++++++
 6 files changed, 83 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 README.md
 create mode 100644 mgmt/do-spaces/main.tf
 create mode 100644 mgmt/do-spaces/terraform.tf
 create mode 100644 mgmt/do-spaces/variables.tf
 create mode 100755 tf-init.sh

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..4c66078
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+/.envrc
+/backend-config.tf
+*/**/.terraform
+*.tfstate*
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..5dab4ad
--- /dev/null
+++ b/README.md
@@ -0,0 +1,23 @@
+# My personal infrastructure-as-code
+
+This repository contains the configuration files and scripts to support the infrastructure I use for personal projects.
+
+## Terraform environment variables and config
+Terraform state is stored in a DigitalOcean Spaces bucket. In order to access the bucket, the Terraform backend configuration needs the `access_key` and `secret_key` variables set. These variables are the DigitalOcean Spaces access key and secret key, respectively, which are generated from the DigitalOcean Spaces UI. I'm passing them to Terraform via the `-backend-config` `terraform init` option. I create a file `backend-config.tf` in the root directory containing the necessary variables:
+
+```terraform
+access_key = "xxxxxxxxxxxxxxxxxxxx"
+secret_key = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+```
+
+Then run `terraform init -backend-config=backend-config.tf` when I need to run any Terraform commands. This operation is encapsulated in the `tf-init.sh` script.
+
+The Terraform scripts also require some environment variables set:
+
+```bash
+export TF_VAR_do_token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+export TF_VAR_spaces_access_id=xxxxxxxxxxxxxxxxxxxx
+export TF_VAR_spaces_secret_key=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+```
+
+The `do_token` is the DigitalOcean API token, generated from the DigitalOcean API console UI, and the `spaces_access_id` and `spaces_secret_key` are the same Spaces configuration values as above. I'm setting these variables via [`direnv`](https://direnv.net/) with a `.envrc` file at the repository root.
diff --git a/mgmt/do-spaces/main.tf b/mgmt/do-spaces/main.tf
new file mode 100644
index 0000000..f80b430
--- /dev/null
+++ b/mgmt/do-spaces/main.tf
@@ -0,0 +1,14 @@
+provider "digitalocean" {
+  token             = var.do_token
+  spaces_access_id  = var.spaces_access_id
+  spaces_secret_key = var.spaces_secret_key
+}
+
+resource "digitalocean_spaces_bucket" "jdormit_tf_state" {
+  name   = "jdormit-tf-state"
+  region = "nyc3"
+
+  lifecycle {
+    prevent_destroy = true
+  }
+}
diff --git a/mgmt/do-spaces/terraform.tf b/mgmt/do-spaces/terraform.tf
new file mode 100644
index 0000000..456f995
--- /dev/null
+++ b/mgmt/do-spaces/terraform.tf
@@ -0,0 +1,21 @@
+terraform {
+  required_providers {
+    digitalocean = {
+      source  = "digitalocean/digitalocean"
+      version = "~> 2.3.0"
+    }
+  }
+
+  # This DO Spaces bucket is created via main.tf, so to bootstrap this
+  # module comment out the following backend configuration, run
+  # Terraform, then uncomment it and run terraform init again
+  backend "s3" {
+    skip_credentials_validation = true
+    skip_metadata_api_check     = true
+    # Need to specify an AWS region to stop Terraform complaining
+    region                      = "us-east-1"
+    endpoint                    = "nyc3.digitaloceanspaces.com"
+    bucket                      = "jdormit-tf-state"
+    key                         = "mgmt/do-spaces.tfstate"
+  }
+}
diff --git a/mgmt/do-spaces/variables.tf b/mgmt/do-spaces/variables.tf
new file mode 100644
index 0000000..1b3748a
--- /dev/null
+++ b/mgmt/do-spaces/variables.tf
@@ -0,0 +1,11 @@
+variable "do_token" {
+  type = string
+}
+
+variable "spaces_access_id" {
+  type = string
+}
+
+variable "spaces_secret_key" {
+  type = string
+}
diff --git a/tf-init.sh b/tf-init.sh
new file mode 100755
index 0000000..10282c9
--- /dev/null
+++ b/tf-init.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+BACKEND_FILE="$(dirname $0)/backend-config.tf"
+
+if [ -f "$BACKEND_FILE" ]; then
+    terraform init -backend-config="$BACKEND_FILE"
+else
+    echo "Could not find $BACKEND_FILE"
+    exit 1
+fi