Improve docs

README.md

@@ -36,7 +36,10 @@ Login into the tailscale web console and enable the exit node manually (after cr
 
 ## Steps
 
-1. Create a `main.tf` and import the module (see [variables.tf](./variables.tf) for all available options). For example: 
+1. Generate a tailscale auth key at https://login.tailscale.com/admin/settings/authkeys
+2. Generate DigitalOcean personal access token at https://cloud.digitalocean.com/account/api/tokens
+3. Add your public SSH key https://cloud.digitalocean.com/account/security and make sure the name matches that supplied in the `ssh_key_name` terraform arg (defaults to `personal`)
+4. Create a `main.tf` and import the module (see [variables.tf](./variables.tf) for all available options). For example: 
    ```terraform
    variable "do_token" {
      sensitive = true
@@ -51,18 +54,16 @@ Login into the tailscale web console and enable the exit node manually (after cr
 
      region            = "lon1"
      instance_name     = "my-vpn"
+     ssh_key_name      = "personal"
+     ssh_private_key   = "~/.ssh/id_ed25519" 
      tailscale_authkey = var.tailscale_authkey
      do_token          = var.do_token
-     pvt_key           = "~/.ssh/id_ed25519"
    }
    ```
-2. Generate a tailscale auth key at https://login.tailscale.com/admin/settings/authkeys
-3. Generate terraform personal access token from https://cloud.digitalocean.com/account/api/tokens
-4. Add your public SSH key https://cloud.digitalocean.com/account/security and make sure the name matches that supplied in the `ssh_key_name` terraform arg (defaults to `personal`)
-6. Run `terraform init`
-7. Run terraform to create the server and run the ansible playbook
+5. Run `terraform init`
+6. Run terraform to create the server and run the ansible playbook
    ```shell
    terraform apply \
-     -var "do_token=$YOUR_DIGITAL_OCEAN_ACCESS_KEY" \
-     -var "tailscale_authkey=$YOUR_TAILSCALE_AUTHKEY" \
+     -var "do_token=<your-digital-ocean-access-token-here>" \
+     -var "tailscale_authkey=<your-tailscale-authkey-here>" \
    ```

droplet.tf

@@ -6,7 +6,7 @@ resource "digitalocean_droplet" "ubi" {
   image  = "ubuntu-20-04-x64"
   name   = var.instance_name
   region = var.region
-  size   = "s-1vcpu-1gb"
+  size   = var.size
   ssh_keys = [
     data.digitalocean_ssh_key.terraform.id
   ]
@@ -27,7 +27,7 @@ resource "null_resource" "ansible" {
       type        = "ssh"
       host        = digitalocean_droplet.ubi.ipv4_address
       user        = var.user
-      private_key = file(var.pvt_key)
+      private_key = file(var.ssh_private_key)
       timeout     = "2m"
     }
 
@@ -40,7 +40,7 @@ resource "null_resource" "ansible" {
       TAILSCALE_KEY             = var.tailscale_authkey
       ANSIBLE_HOST_KEY_CHECKING = "False"
     }
-    command = "ansible-playbook -u ${var.user} -i '${digitalocean_droplet.ubi.ipv4_address},' --private-key ${var.pvt_key} ${path.module}/ansible/playbook.yaml"
+    command = "ansible-playbook -u ${var.user} -i '${digitalocean_droplet.ubi.ipv4_address},' --private-key ${var.ssh_private_key} ${path.module}/ansible/playbook.yaml"
   }
 
   depends_on = [digitalocean_droplet.ubi]

firewall.tf

@@ -32,5 +32,6 @@ resource "digitalocean_firewall" "only-tailscale" {
     destination_addresses = ["0.0.0.0/0", "::/0"]
   }
 
+  # Tailscale must be installed & up before we block outside access
   depends_on = [null_resource.ansible]
 }

variables.tf

@@ -16,7 +16,7 @@ variable "ssh_key_name" {
   description = "The name of the DigitalOcean ssh key that will be granted SSH access to the droplet"
 }
 
-variable "pvt_key" {
+variable "ssh_private_key" {
   type        = string
   description = "Path to the SSH private key that will be used to connect to the instance, this should match the key refered to by the `ssh_key_name` variable"
 }
@@ -37,3 +37,9 @@ variable "region" {
   description = "The DigitalOcean region where the droplet will be created"
   default     = "lon1"
 }
+
+variable "size" {
+  type        = string
+  description = "The DigitalOcean droplet size slug"
+  default     = "s-1vcpu-1gb"
+}