Repository containing the infrastructure-as-code (IaC) for my personal stack. It uses Terrafrom to provision cloud resources on Digital Ocean, and Pyinfra to configure those resources. Networking is managed through Tailscale.
What's included?
- TransIP domains and DNS entries
- Reverse proxy to NAS
- Tailscale ACLs
- S3 bucket for Terraform state
- Digital Ocean account
- Tailscale account and Tailnet
- Create an S3 compatible bucket (e.g., using Tigris)
- Create an access key and add the credentials to
terraform/backend.tfvars - From the
terraformdirectory, runterraform init -backend-config=backend.tfvars
- Create an access token on TransIP
- Create a personal access token (PAT) on Digital Ocean (DO)
- Install the DO CLI:
brew instal doctl - Add an SSH key to your DO account and copy the public key to
config/id_rsa.pub - Retrieve the SSH key ID with
doctl compute ssh-key list - Set the appropriate environment variables in
config/.envand source them; take a look at.config/.env.examplefor an example. - From the
terraformdirectory, deploy withterraform apply
- Create a Tailscale auth
key. Apply the following
settings:
- Reusable:
True - Ephemeral:
True - Tags:
tag:reverse-proxy
- Reusable:
- Add the auth key to
config/.envand source it. - Navigate to
pyinfraand create a new virtual environment:python3 -m venv .venv - Activate the virtual environment:
source .venv/bin/activate - Install the requirements:
pip install -r requirements.txt - Only for first-time deployments:
yes | pyinfra inventory.py 0-bootstrap.py --ssh-user root - For the first and all subsequent deployments:
pyinfra inventory.py 1-base.pyandpyinfra inventory.py 2-deploy.py
To update the VPS, for example to upgrade packages, simply run pyinfra inventory.py 1-base.py and pyinfra inventory.py 2-deploy.py. To use a new
Ubuntu image, it's easiest to do a fresh deployment.
- [] Provision SSH keys with Terraform
- [] Make ports for services dynamic
- [] Deployments through GitHub actions
- [] Include NAS configuration as code