From da00227813b1fbeebae8c90e2122a8b73acb1af9 Mon Sep 17 00:00:00 2001 From: EuAndreh Date: Sun, 26 May 2019 11:51:51 -0300 Subject: Automate provisioning and deployment of VPS In order to perform that I had to remove Terraform's =.tfstate= files from the repository. Terraform does support "backends" for storing the state files, but I settled for storing it on a separate repo (vps-state). For now it solves the state management problem: - it has history of states; - all state files are GPG encrypted; - there's no coordination however, but only the CI should perform a deploy in order to avoid race conditions. I had to add GPG and SSH keys to sr.ht to achieve that: - SSH public key to my profile to authorize it to push to vps-state repo; - SSH private key to the secret builds.sr.ht environment to enable push to the repository from the pipeline; - GPG public key to git-crypt to make it possible for the pipeline to unlock the encrypted content; - GPG private key to the secret builds.sr.ht environment to enable decrypting git-crypt content from the pipeline. In order to avoid divergent environment from local and CI, the ./provision.sh script is ran through nix-shell. --- secrets/terraform.tfstate | Bin 2243 -> 0 bytes secrets/terraform.tfstate.backup | Bin 2244 -> 0 bytes 2 files changed, 0 insertions(+), 0 deletions(-) delete mode 100644 secrets/terraform.tfstate delete mode 100644 secrets/terraform.tfstate.backup (limited to 'secrets') diff --git a/secrets/terraform.tfstate b/secrets/terraform.tfstate deleted file mode 100644 index 58d3d71..0000000 Binary files a/secrets/terraform.tfstate and /dev/null differ diff --git a/secrets/terraform.tfstate.backup b/secrets/terraform.tfstate.backup deleted file mode 100644 index f6e33dd..0000000 Binary files a/secrets/terraform.tfstate.backup and /dev/null differ -- cgit v1.2.3