Information

Create an instance in your Hetzner project that you can access with a provided SSH key. The instance will run your docker compose files under apps directory.

Requirments

1. Generate an API Token for your Hetzner project.
   This will allow terraform to deploy resources in your hetzner project.
   more info: https://docs.hetzner.com/cloud/api/getting-started/generating-api-token/
2. (Optional) Create an Auth-Key in your taisclale account
   This will be used to join the server in your tailscale network.
   more info: https://tailscale.com/kb/1085/auth-keys#generating-a-key
3. (Optional)Create a service token in your infisical project.
   This will be used to get secrets from your infisical project.
   When you create the token you need to set as below:
   

more info: https://infisical.com/docs/internals/service-tokens

How to inject secrets from infisical
The structure of the directories in infisical project should match the structure of directories in the apps directory.
Let's say you want to inject the secret DB_PASSWORD as environment variable for the app immich.

1.Under immich directory create the key DB_PASSWORD with the value you want to inject to the app

2. Update docker-compose.yaml to pass the content of the .secrets file as environment variables.

Note: What will happened is when you run terraform apply infisical ig going to read all secrets under each infisical project and export it under each directory with same name to a file called .secrets For example if you have under apps three directories, immich, traefik and photoprism the module is going to generate for each directory a file called .secrets

Providers

Name	Version
archive	n/a
hcloud	n/a
local	n/a
null	n/a
tls	n/a

Modules

No modules.

Resources

Name	Type
hcloud_firewall.this	resource
hcloud_network.this	resource
hcloud_network_subnet.this	resource
hcloud_server.this	resource
hcloud_ssh_key.this	resource
hcloud_volume.this	resource
hcloud_volume_attachment.this	resource
local_file.ssh_private_key	resource
null_resource.docker-compose	resource
null_resource.docker-compose-files	resource
null_resource.docker-secrets	resource
null_resource.docker-status	resource
null_resource.post-init	resource
tls_private_key.this	resource
archive_file.docker-files	data source

Inputs

Name	Description	Type	Default	Required
hcloud_token	(Required) The API key for your hetzner project.	string	""	yes
enable_infisical	Set to true to enable accessing secrets from infisical.	bool	false	no
image	The image the server is created from.	string	"ubuntu-22.04"	no
infisical_token	An access token from your infisical project.	string	"st-xxx-xx"	no
ip_range	The IP range of the network.	string	"10.10.0.0/24"	no
name	The name of your server	string	"server"	no
network_zone	The zone where network resources will be created.	string	"eu-central"	no
post_init_commands	A set of commands to be executed everytime terraform runs.	list(string)	[]	no
private_key	The private key which can be used to connect to the server.	string	""	no
public_access	If false a firewall that block all public access will be attached to the server.	bool	false	no
region	The cloud region where resources will be deployed.	string	"nbg1"	no
server_ip	The IP of the interface which will be attached to your server.	string	"10.10.0.2"	no
server_type	The server type this server should be created with.	string	"cax11"	no
ssh_keys	A list of SSH key names which will be imported while creating the server	list(string)	[]	no
tailscale_auth_key	The auth key for your tailscale network	string	""	no
tailscale_routes	The routes which will be advertised in the tailscale network.	string	"10.10.0.2/32"	no
timezone	The timezone which the server will be configured.	string	"Europe/Amsterdam"	no
volume_delete_protection	If set to true is going to protect volume from deletion.	bool	false	no
volume_size	The size of the volume which will be attached to the server	string	"15"	no

Outputs

Name	Description
server_id	n/a
server_ip	n/a