diff --git a/README.md b/README.md index fe32c04..c3ff9e2 100644 --- a/README.md +++ b/README.md @@ -36,7 +36,10 @@ Login into the tailscale web console and enable the exit node manually (after cr ## Steps -1. Create a `main.tf` and import the module (see [variables.tf](./variables.tf) for all available options). For example: +1. Generate a tailscale auth key at https://login.tailscale.com/admin/settings/authkeys +2. Generate DigitalOcean personal access token at https://cloud.digitalocean.com/account/api/tokens +3. Add your public SSH key https://cloud.digitalocean.com/account/security and make sure the name matches that supplied in the `ssh_key_name` terraform arg (defaults to `personal`) +4. Create a `main.tf` and import the module (see [variables.tf](./variables.tf) for all available options). For example: ```terraform variable "do_token" { sensitive = true @@ -51,18 +54,16 @@ Login into the tailscale web console and enable the exit node manually (after cr region = "lon1" instance_name = "my-vpn" + ssh_key_name = "personal" + ssh_private_key = "~/.ssh/id_ed25519" tailscale_authkey = var.tailscale_authkey do_token = var.do_token - pvt_key = "~/.ssh/id_ed25519" } ``` -2. Generate a tailscale auth key at https://login.tailscale.com/admin/settings/authkeys -3. Generate terraform personal access token from https://cloud.digitalocean.com/account/api/tokens -4. Add your public SSH key https://cloud.digitalocean.com/account/security and make sure the name matches that supplied in the `ssh_key_name` terraform arg (defaults to `personal`) -6. Run `terraform init` -7. Run terraform to create the server and run the ansible playbook +5. Run `terraform init` +6. Run terraform to create the server and run the ansible playbook ```shell terraform apply \ - -var "do_token=$YOUR_DIGITAL_OCEAN_ACCESS_KEY" \ - -var "tailscale_authkey=$YOUR_TAILSCALE_AUTHKEY" \ + -var "do_token=" \ + -var "tailscale_authkey=" \ ``` diff --git a/droplet.tf b/droplet.tf index 39348dd..4ca1d62 100644 --- a/droplet.tf +++ b/droplet.tf @@ -6,7 +6,7 @@ resource "digitalocean_droplet" "ubi" { image = "ubuntu-20-04-x64" name = var.instance_name region = var.region - size = "s-1vcpu-1gb" + size = var.size ssh_keys = [ data.digitalocean_ssh_key.terraform.id ] @@ -27,7 +27,7 @@ resource "null_resource" "ansible" { type = "ssh" host = digitalocean_droplet.ubi.ipv4_address user = var.user - private_key = file(var.pvt_key) + private_key = file(var.ssh_private_key) timeout = "2m" } @@ -40,7 +40,7 @@ resource "null_resource" "ansible" { TAILSCALE_KEY = var.tailscale_authkey ANSIBLE_HOST_KEY_CHECKING = "False" } - command = "ansible-playbook -u ${var.user} -i '${digitalocean_droplet.ubi.ipv4_address},' --private-key ${var.pvt_key} ${path.module}/ansible/playbook.yaml" + command = "ansible-playbook -u ${var.user} -i '${digitalocean_droplet.ubi.ipv4_address},' --private-key ${var.ssh_private_key} ${path.module}/ansible/playbook.yaml" } depends_on = [digitalocean_droplet.ubi] diff --git a/firewall.tf b/firewall.tf index e508b61..816a9b6 100644 --- a/firewall.tf +++ b/firewall.tf @@ -32,5 +32,6 @@ resource "digitalocean_firewall" "only-tailscale" { destination_addresses = ["0.0.0.0/0", "::/0"] } + # Tailscale must be installed & up before we block outside access depends_on = [null_resource.ansible] } diff --git a/variables.tf b/variables.tf index f85549f..42def3d 100644 --- a/variables.tf +++ b/variables.tf @@ -16,7 +16,7 @@ variable "ssh_key_name" { description = "The name of the DigitalOcean ssh key that will be granted SSH access to the droplet" } -variable "pvt_key" { +variable "ssh_private_key" { type = string description = "Path to the SSH private key that will be used to connect to the instance, this should match the key refered to by the `ssh_key_name` variable" } @@ -37,3 +37,9 @@ variable "region" { description = "The DigitalOcean region where the droplet will be created" default = "lon1" } + +variable "size" { + type = string + description = "The DigitalOcean droplet size slug" + default = "s-1vcpu-1gb" +}