mirrors/khuedoan-homelab
1
0
Fork 0
mirror of https://github.com/khuedoan/homelab.git synced 2024-12-22 20:14:32 +07:00
Code Issues Packages Projects Releases Wiki Activity
c55b98186d
khuedoan-homelab/external
History
Khue Doan c55b98186d refactor(external): split Cloudflare into multiple files
2021-12-25 02:06:05 +07:00
..
.gitignore fix(external): fix wrong provider name for B2 2021-12-09 01:23:04 +07:00
backblaze.tf refactor: move all external charts back to system 2021-12-21 01:14:24 +07:00
cert_manager.tf refactor(external): split Cloudflare into multiple files 2021-12-25 02:06:05 +07:00
cloudflare.tf refactor(external): split Cloudflare into multiple files 2021-12-25 02:06:05 +07:00
cloudflared.tf refactor(external): split Cloudflare into multiple files 2021-12-25 02:06:05 +07:00
external_dns.tf refactor(external): split Cloudflare into multiple files 2021-12-25 02:06:05 +07:00
Makefile build(external): add plan target 2021-12-23 00:18:09 +07:00
README.md docs: update external layer instruction 2021-12-12 11:55:16 +07:00
secrets.yml feat(external): initial playbook to create secrets for pipelines 2021-12-24 20:05:59 +07:00
versions.tf style(external): format 2021-12-24 15:15:21 +07:00

README.md

External resources

WIP documents

These resources are optional, the homelab still works without them but will lack some features like trusted certificates and offsite backup

Although I try to keep the amount of external resources to the minimum, there's still need for a few of them. Below is a list of external resources and why we need them.

  • Terraform Cloud:
    • Workspace to store the state for external resources
  • Cloudflare:
    • DNS
    • DNS-01 challenge for Let's Encrypt
    • Tunnel to public services to the internet without port-forwarding
  • Backblaze:
    • B2 storage with S3 compatible API for offsite backup

This layer will deploy resources that require external dependencies using the following provisioners:

  • Terraform:
    • Create external resources
    • Add external secrets to namespaces
    • Create an ApplicationSet
  • ArgoCD (via the ApplicationSet created by Terraform):
    • Deploy Helm charts in the subdirectories

Prerequisites

Create Terraform workspace

TODO

Create Cloudflare API token

https://dash.cloudflare.com/profile/api-tokens

Terraform API token summary:

This API token will affect the below accounts and zones, along with their respective permissions

└── Khue Doan - Argo Tunnel:Edit, Account Settings:Read
    └── khuedoan.com - Zone:Read, DNS:Edit

Client IP Address Filtering

└── Is in - 117.xxx.xxx.xxx, 2402:xxx:xxx:xxx:xxx:xxx:xxx:xxx

Create Backblaze API key

https://secure.backblaze.com/app_keys.htm

Name of Key: Homelab
Allow access to Bucket(s): All
Type of Access: Read and Write

Deploy

Export environment variables for API keys:

export CLOUDFLARE_API_TOKEN=xxx
export B2_APPLICATION_KEY_ID=xxx
export B2_APPLICATION_KEY=xxx

Apply Terraform:

make