TODOs.org

Expand on the decision of using =vps-state= to store Terraform files.

1 files changed, 11 insertions, 0 deletions

diff --git a/TODOs.org b/TODOs.org
index 596793e..c921a8c 100644
--- a/TODOs.org
+++ b/TODOs.org
@@ -147,3 +147,14 @@ This was I can compartimentalize the data storage to easily backup and duplicate
 ** [[https://github.com/sovereign/sovereign/][Sovereign]]
 ** [[https://github.com/nixcloud/nixcloud-webservices][nixcloud-webservices]]
 ** [[https://github.com/Kickball/awesome-selfhosted#email][Awesome-Selfhosted: Email]]
+* Decisions
+** Use external git repository as an encrypted database
+Terraform does have the support for "backends" where it can store =.tfstate= files.
+
+From the list of supported backends, the [[https://www.terraform.io/docs/backends/types/s3.html][S3]] option initially stands out as the simplest to configure. It doesn't however support state locking, only if also configuring DynamoDB.
+
+This extra configuration and complexity isn't attractive, and we can achieve similar outcomes by using the =local= backend and storing it properly. Even better than sending to S3 and setting up the proper revision headers is to just use a separate repository to keep it.
+
+Using the same repository would create an unwanted cyclic process where the repository pipeline commits in itself.
+
+All data stored on git is encrypted with [[https://www.agwa.name/projects/git-crypt/][git-crypt]], which means git isn't being actually used as a source code repository, but as a versioned filesystem database.