admin/netbird-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e422d7476cbdb7e5e56cd71264e19b3a9a860869
netbird-iac/terraform/README.md
Prox a7062b43ab Switch to terraform
2026-02-15 18:37:15 +02:00

87 lines
1.7 KiB
Markdown
Raw Blame History

# NetBird IaC
Terraform configuration for managing NetBird VPN resources via GitOps.
## Resources Managed
- **Groups:** ground-stations, pilots, operators, fusion-servers
- **Policies:** Access control between groups
- **Setup Keys:** For peer enrollment
## Usage
### Making Changes
1. Edit the relevant `.tf` file
2. Create a PR
3. CI runs `terraform plan` - review the changes
4. Merge PR
5. CI runs `terraform apply` - changes applied
### Adding a New Group
```hcl
# groups.tf
resource "netbird_group" "new_team" {
name = "new-team"
}
```
### Adding a Setup Key (Per-Ticket)
```hcl
# setup_keys.tf
resource "netbird_setup_key" "ticket_1234_pilot" {
name = "ticket-1234-pilot-ivanov"
type = "one-off"
auto_groups = [netbird_group.pilots.id]
usage_limit = 1
ephemeral = false
}
# outputs.tf
output "ticket_1234_pilot_key" {
value = netbird_setup_key.ticket_1234_pilot.key
sensitive = true
}
```
### Retrieving Setup Keys
After apply, retrieve keys locally:
```bash
terraform output -raw gs_setup_key
terraform output -raw pilot_setup_key
```
## Local Development
```bash
# Create tfvars (copy from example)
cp terraform.tfvars.example terraform.tfvars
# Edit with your NetBird PAT
# Init and plan
terraform init
terraform plan
# Apply (be careful!)
terraform apply
```
## CI/CD
Configured in `.gitea/workflows/terraform.yml`:
- PR: `terraform plan`
- Merge to main: `terraform apply`
Required secrets in Gitea:
- `NETBIRD_TOKEN`: NetBird PAT
## State Management
State is committed to git (`terraform.tfstate`). This is acceptable for single-operator scenarios but not recommended for production with multiple operators.
For production, configure a remote backend (S3, Terraform Cloud, etc.).
Reference in New Issue View Git Blame Copy Permalink