Use Terraform's -chdir flag

boosh · Feb 13, 2024 · ba0da31 · ba0da31
1 parent 03fff40
commit ba0da31
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 15 deletions.
diff --git a/Makefile b/Makefile
@@ -5,8 +5,8 @@ SERVER_KEYS_PATH := ~/.dawg-server-keys
 SHELL := /bin/bash
 
 TF_DIR := terraform
-TF_PLAN := $(TF_DIR)/_terraform.plan
-TF_VARS := -var-file=terraform/terraform.tfvars \
+TF_PLAN := _terraform.plan
+TF_VARS := -var-file=terraform.tfvars \
 			-var="do_token=$$(cat $(DO_TOKEN_FILE) | tr -d '\n')" \
 			-var="ydns_credentials=$$(cat $(YDNS_CREDS_FILE) | tr -d '\n')" \
 			-var="server_private_key=$$(cat $(SERVER_KEYS_PATH) | head -n1 || echo "")" \
@@ -26,22 +26,22 @@ deps: ## Install dependencies (if using asdf)
 
 .PHONY: init
 init: deps ## Terraform init
-	terraform init $(TF_DIR)
+	terraform -chdir=$(TF_DIR) init
 
 ##@ Infrastructure
 
 .PHONY: plan
 plan: init ## Terraform plan
-	terraform plan $(TF_VARS) -out=$(TF_PLAN) $(TF_DIR)
+	terraform -chdir=$(TF_DIR) plan $(TF_VARS) -out=$(TF_PLAN)
 
 .PHONY: apply
 apply: init ## Terraform apply
-	terraform apply $(TF_PLAN)
+	terraform -chdir=$(TF_DIR) apply $(TF_PLAN)
 	$(MAKE) download-key
 
 .PHONY: destroy
 destroy: init ## Terraform destroy
-	terraform destroy -auto-approve $(TF_VARS) $(TF_DIR)
+	terraform -chdir=$(TF_DIR) destroy -auto-approve $(TF_VARS)
 
 .PHONY: deploy
 deploy: plan apply  ## Terraform plan then apply
@@ -53,7 +53,7 @@ new-client: ## Generate a new client config and write it to ~/Downloads
 ifndef name
 	$(error 'name' is undefined - run with e.g. 'make new-client name=laptop')
 endif
-	ssh root@$$(terraform output ip | tr -d '\n') /usr/local/bin/wg-add-client.sh -e $$(terraform output endpoint) create $(name) > ~/Downloads/wg-$(name).conf
+	ssh root@$$(terraform -chdir=terraform output ip | tr -d '\n' | tr -d '"') /usr/local/bin/wg-add-client.sh -e $$(terraform -chdir=terraform output endpoint) create $(name) > ~/Downloads/wg-$(name).conf
 
 .PHONY: add-client
 add-client: ## Add a client config
@@ -66,11 +66,11 @@ endif
 ifndef key
 	$(error 'key' is undefined - run with e.g. 'make add-client name=laptop ip=10.0.0.3 key=<public key>')
 endif
-	ssh root@$$(terraform output ip | tr -d '\n') /usr/local/bin/wg-add-client.sh -c $(ip) -k $(key) add $(name)
+	ssh root@$$(terraform -chdir=terraform output ip | tr -d '\n' | tr -d '"') /usr/local/bin/wg-add-client.sh -c $(ip) -k $(key) add $(name)
 
 ##@ Server commands
 
-ip ?= $$(terraform output ip | tr -d '\n')
+ip ?= $$(terraform -chdir=terraform output ip | tr -d '\n' | tr -d '"')
 
 .PHONY: status
 status: ## Print server status
@@ -79,24 +79,24 @@ status: ## Print server status
 
 .PHONY: ssh
 ssh: ## SSH to the server
-	ssh root@$$(terraform output ip | tr -d '\n')
+	ssh root@$$(terraform -chdir=terraform output ip | tr -d '\n' | tr -d '"')
 
 .PHONY: ssh-list
 ssh-list: ## List IDs of SSH key in Digital Ocean
 	doctl -t $(shell cat ~/.digitalocean/token) compute ssh-key list
 
 .PHONY: snapshot
 snapshot: ## Snapshot the server
-	ssh root@$$(terraform output ip | tr -d '\n') doctl -t $$(cat $(DO_TOKEN_FILE) | tr -d '\n') compute droplet-action snapshot $$(terraform output droplet_id | tr -d '\n') --snapshot-name dawg
+	ssh root@$$(terraform -chdir=terraform output ip | tr -d '\n' | tr -d '"') doctl -t $$(cat $(DO_TOKEN_FILE) | tr -d '\n') compute droplet-action snapshot $$(terraform output droplet_id | tr -d '\n') --snapshot-name dawg
 
 .PHONY: download-key
 download-key: ## Download the server's private keys and store locally
 	set -eo pipefail ;\
 	if [[ -f $(SERVER_KEYS_PATH) ]]; then \
 		echo Private keys already exists at $(SERVER_KEYS_PATH) ;\
 	else \
-		ssh root@$$(terraform output ip | tr -d '\n') cat /etc/wireguard/server_private.key > $(SERVER_KEYS_PATH) && \
-		ssh root@$$(terraform output ip | tr -d '\n') cat /etc/wireguard/server_preshared.key >> $(SERVER_KEYS_PATH) && \
+		ssh root@$$(terraform -chdir=terraform output ip | tr -d '\n' | tr -d '"') cat /etc/wireguard/server_private.key > $(SERVER_KEYS_PATH) && \
+		ssh root@$$(terraform -chdir=terraform output ip | tr -d '\n' | tr -d '"') cat /etc/wireguard/server_preshared.key >> $(SERVER_KEYS_PATH) && \
 			echo Private keys downloaded to $(SERVER_KEYS_PATH) ;\
 	fi
 

diff --git a/terraform/main.tf b/terraform/main.tf
@@ -38,6 +38,7 @@ resource "null_resource" "server_ready" {
   provisioner "local-exec" {
     command = <<EOF
 set -x
+pushd ..
 while :
 do
   make status ip=${digitalocean_droplet.wg.ipv4_address}
@@ -60,7 +61,6 @@ resource "null_resource" "update_ydns" {
     type        = "ssh"
     user        = "root"
     host        = digitalocean_droplet.wg.ipv4_address
-    private_key = file("~/.ssh/id_rsa")
   }
 
   provisioner "remote-exec" {

diff --git a/terraform/modules/client/main.tf b/terraform/modules/client/main.tf
@@ -3,7 +3,6 @@ resource "null_resource" "client" {
     type        = "ssh"
     user        = "root"
     host        = var.server_ip
-    private_key = file("~/.ssh/id_rsa")
   }
 
   provisioner "remote-exec" {