mirror of
https://github.com/khuedoan/homelab.git
synced 2024-12-22 20:04:32 +07:00
81f0a94574
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [cloudflare](https://registry.terraform.io/providers/cloudflare/cloudflare) ([source](https://github.com/cloudflare/terraform-provider-cloudflare)) | required_provider | minor | `~> 3.7.0` -> `~> 3.8.0` | | [dendrite](https://github.com/locmai/charts) | | patch | `0.0.1` -> `0.0.2` | | [renovate](https://github.com/renovatebot/helm-charts) | | minor | `31.62.0` -> `31.63.2` | ⚠️ Release Notes retrieval for this PR were skipped because no github.com credentials were available. If you are self-hosted, please see [this instruction](https://github.com/renovatebot/renovate/blob/master/docs/usage/examples/self-hosting.md#githubcom-token-for-release-notes). --- 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox. --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). Reviewed-on: https://git.khuedoan.com/ops/homelab/pulls/2 Co-authored-by: Renovate Bot <bot@renovateapp.com> Co-committed-by: Renovate Bot <bot@renovateapp.com> |
||
|---|---|---|
| .. | ||
| .gitignore | ||
| backblaze.tf | ||
| cert_manager.tf | ||
| cloudflare.tf | ||
| cloudflared.tf | ||
| external_dns.tf | ||
| Makefile | ||
| namespaces.yml | ||
| README.md | ||
| tekton.tf | ||
| terraform.tfvars.j2 | ||
| tfvars.yml | ||
| variables.tf | ||
| versions.tf | ||
External resources
WIP documents
These resources are optional, the homelab still works without them but will lack some features like trusted certificates and offsite backup
Although I try to keep the amount of external resources to the minimum, there's still need for a few of them. Below is a list of external resources and why we need them (also see some alternatives below).
- Terraform Cloud:
- Workspace to store the state for external resources
- Cloudflare:
- DNS
- DNS-01 challenge for Let's Encrypt
- Tunnel to public services to the internet without port-forwarding
- Backblaze:
- B2 storage with S3 compatible API for offsite backup
This layer will:
- Create external resources
- Add external secrets to namespaces
Prerequisites
Create Terraform workspace
TODO
Create Cloudflare API token
https://dash.cloudflare.com/profile/api-tokens
Terraform API token summary:
This API token will affect the below accounts and zones, along with their respective permissions
└── Khue Doan - Argo Tunnel:Edit, Account Settings:Read
└── khuedoan.com - Zone:Read, DNS:Edit
Client IP Address Filtering
└── Is in - 117.xxx.xxx.xxx, 2402:xxx:xxx:xxx:xxx:xxx:xxx:xxx
Create Backblaze API key
https://secure.backblaze.com/app_keys.htm
Name of Key: Homelab
Allow access to Bucket(s): All
Type of Access: Read and Write
Deploy
Apply Terraform (you will be prompted to login to Terraform Cloud and enter API keys from the previous steps):
make
Alternatives
- Terraform Cloud: any other Terraform backends
- Cloudflare Tunnel: you can build a small VPS in the cloud and route traffic via it using Wireguard and HAProxy.
- Backblaze B2: any S3 compatible object storage, such as S3 Glacier, Minio...