-
-
Notifications
You must be signed in to change notification settings - Fork 742
/
README.md
69 lines (45 loc) · 1.83 KB
/
README.md
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# External resources
**WIP documents**
> These resources are optional, the homelab still works without them but will lack some features like trusted certificates and offsite backup
Although I try to keep the amount of external resources to the minimum, there's still need for a few of them.
Below is a list of external resources and why we need them (also see some [alternatives](#alternatives) below).
- Terraform Cloud:
- Workspace to store the state for external resources
- Cloudflare:
- DNS
- DNS-01 challenge for Let's Encrypt
- Tunnel to public services to the internet without port-forwarding
- Backblaze:
- B2 storage with S3 compatible API for offsite backup
This layer will:
- Create external resources
- Add external secrets to namespaces
## Prerequisites
### Create Terraform workspace
TODO
### Create Cloudflare API token
<https://dash.cloudflare.com/profile/api-tokens>
Terraform API token summary:
```
This API token will affect the below accounts and zones, along with their respective permissions
└── Khue Doan - Argo Tunnel:Edit, Account Settings:Read
└── khuedoan.com - Zone:Read, DNS:Edit
Client IP Address Filtering
└── Is in - 117.xxx.xxx.xxx, 2402:xxx:xxx:xxx:xxx:xxx:xxx:xxx
```
### Create Backblaze API key
<https://secure.backblaze.com/app_keys.htm>
```
Name of Key: Homelab
Allow access to Bucket(s): All
Type of Access: Read and Write
```
## Deploy
Apply Terraform (you will be prompted to login to Terraform Cloud and enter API keys from the previous steps):
```sh
make
```
## Alternatives
- Terraform Cloud: any other [Terraform backends](https://www.terraform.io/language/settings/backends)
- Cloudflare Tunnel: you can build a small VPS in the cloud and route traffic via it using Wireguard and HAProxy.
- Backblaze B2: any S3 compatible object storage, such as S3 Glacier, Minio...