TODOs.org

Extend on how to use =vps-state= to store Terraform state.

1 files changed, 5 insertions, 1 deletions

diff --git a/TODOs.org b/TODOs.org
index c921a8c..2b50fab 100644
--- a/TODOs.org
+++ b/TODOs.org
@@ -153,8 +153,12 @@ Terraform does have the support for "backends" where it can store =.tfstate= fil
 
 From the list of supported backends, the [[https://www.terraform.io/docs/backends/types/s3.html][S3]] option initially stands out as the simplest to configure. It doesn't however support state locking, only if also configuring DynamoDB.
 
-This extra configuration and complexity isn't attractive, and we can achieve similar outcomes by using the =local= backend and storing it properly. Even better than sending to S3 and setting up the proper revision headers is to just use a separate repository to keep it.
+This extra configuration and complexity isn't attractive, and I can achieve similar outcomes by using the =local= backend and storing it properly. Even better than sending to S3 and setting up the proper revision headers is to just use a separate repository to keep it.
 
 Using the same repository would create an unwanted cyclic process where the repository pipeline commits in itself.
 
 All data stored on git is encrypted with [[https://www.agwa.name/projects/git-crypt/][git-crypt]], which means git isn't being actually used as a source code repository, but as a versioned filesystem database.
+
+By taking advantage of the sourcehut ecosystem, it was easier to setup the access of the pipeline to the ad-hoc Terraform backend.
+
+I created a repository called [[https://git.sr.ht/~euandreh/vps-state/][=vps-state=]] to store the encrypted =.tfstate= and =.tfplan= files. During the CI run, the pipeline creates new a =.tfplan= file and commits it into =vps-state=, and after applying the plan it updates the =.tfstate= file and adds this change to =vps-state=.