idk

automation/ansible.md

@@ -7,8 +7,6 @@ breadcrumbs:
 
 ## Usage
 
-### General
-
 - Specify SSH password: `--ask-pass`
 - Specify sudo password: `--ask-become-pass`
 - Specify username: `--username=<username>`

automation/terraform.md

@@ -0,0 +1,80 @@
+---
+title: Terraform
+breadcrumbs:
+- title: Automation
+---
+{% include header.md %}
+
+## General
+
+- Terraform is an infrastructure as code (IaC) orchestrator that integrates with many platforms using over 1000 [providers](https://registry.terraform.io/browse/providers) (e.g. AWS, Kubernetes and Grafana).
+- It's a bit more declarative than Ansible, but often used together with Ansible.
+- It's typically used together with Git for version control.
+- Remote state:
+    - It uses state files (`*.tfstate`) to keep track of the infrastructure, acting as a source of truth. These may contain secrets and must be protected and kept away from source control.
+    - Remote state is an alternative to local state (described above), that avoids local credentials and suits production environments better.
+
+## Setup
+
+- Arch: `pacman -S terraform`
+- RHEL and Debian: See the docs.
+- Setup shell tab completion (BASH and ZSH): `terraform -install-autocomplete`
+
+## Commands
+
+- Login to Terraform Cloud: `terraform login`
+    - To migrate from local to remote state, run a `terraform init` and then delete the local state files.
+- Format the config: `terraform fmt`
+- Validate the config: `terraform validate`
+- Show resource list: `terraform state list`
+- Show resource details: `terraform state show <name>`
+- Show overall state (?): `terraform show`
+- Install the required providers: `terraform init`
+- Plan apply: `terraform plan [-out <name>.tfplan]`
+- Plan destroy: `terraform plan -destroy [-out <name>.destroy.tfplan]`
+- Apply (will show changes and ask for confirmation): `terraform apply [<name>.tfplan]`
+    - Specify `-var "name=value"` to set input variables (override the configured defaults).
+- Destroy (will show changes and ask for confirmation): `terraform destroy` (then restart the shell)
+
+## Configuration
+
+- A simple project setup consists of a `terraform.tf` config containing the `terraform` block with the required Terraform version and providers, as well as a `main.tf` config containing your intent. Alternatively, put everything in a single file or split it up into many files.
+- Variables can be set using environment variables like `TF_VAR_yolo_id` and then accessed like `yolo2_id = var.yolo_id`
+
+### Config Format
+
+- Terraform uses configs in the current directory in either HCL format with extension `.tf` or JSON format with extension `.tf.json`. The notes below assume the HCL format.
+- Argument syntax:
+    - Example: `yolo_id = "abc123"`
+    - Like variables.
+    - Called "attributes" in normal HCL, but Terraform uses "arguments" to avoid confusion with other concepts in Terraform.
+    - Can be given literal or generated values (expressions).
+- Block syntax:
+    - Example: `resource "aws_instance" "example" {}` (body inside curly braces omitted)
+    - Has a _type_ (e.g. `resource`), which defines how many _labels_ are required (zero or more, specified in quotation marks) before the body.
+    - Has a body delimited by curly braces, which may contain arguments and other (nested) blocks.
+    - Terraform uses a limited number of top-level block types, e.g. for resources, input/output variables and data sources.
+- Identifier syntax:
+    - I.e. the names of arguments, blocks and other Terraform things.
+    - Implements the [Unicode identifier syntax](https://unicode.org/reports/tr31/), extended with the ASCII hyphen.
+    - Can contain letters, digits, underscores and hyphens, but the first character can't be a number.
+- Style conventions:
+    - Note: Use `terraform fmt` to enforce style conventions.
+    - Indent using two spaces.
+    - Align argument equals signs for consecutive lines.
+    - Top-level blocks should always be separated by one blank line.
+    - Avoid grouping blocks of different types, unless they form a logical family.
+    - Inside a block body:
+        - Place all arguments together at the top and all the subblocks together at the bottom, with one blank line in-between.
+        - Separate logical groups of arguments too with one blank line. The same applies for blocks, but blocks are more commonly separated than arguments.
+        - Place meta-arguments at the very top, with one blank line before the normal arguments.
+        - Place meta-blocks at the very bottom, with one blank line after the normal blocks.
+
+## Miscellanea
+
+- Automatically created files:
+    - Terraform will create a ton of files, see GitHub's [Terraform.gitignore](https://github.com/github/gitignore/blob/main/Terraform.gitignore) for inspiration.
+    - If not using remote state, Terraform will create some `*.tfstate` files that may contain secrets. These MUST NOT be committed to version control. If using remote state, these files may be deleted after a `terraform init`.
+    - The `.terraform.lock.hcl` file should be committed to version control.
+
+{% include footer.md %}

cloud/azure.md

@@ -20,6 +20,11 @@ breadcrumbs:
 - Login/logout:
     - Interactively (web): `az login`
     - Logout: `az logout`
+- Subscriptions:
+    - Set active subscription (see `id` field from login output): `az account set --subscription <sub-id>`
+- Service principals:
+    - Create (with subscription ID from login): `az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/<sub-id>"`
+    - Copy all the outputted value into the application that needs the credentials, including the inputted subscription ID.
 - Resource Group (RG):
     - Create: `az group create --name <rg> --location norwayeast` (e.g. `test_rg`)
 - Azure Container Registry (ACR):
@@ -52,6 +57,7 @@ Note: This sets up a simple VM (called `Yolo`) in its own resource group and its
     - Use "Microsoft network" routing preference.
     - Use the "zone-redundant" availability zone.
     - Take note of the allocated IPv4 and IPv6 addresses so you can add it to DNS records.
+    - **TODO** See the docs about "IPs created before the availability zone are not zone redundant" etc.
 1. (Optional) Create a NAT gateway for outbound connections (`Yolo-NATGW`):
     - This is required when using multiple VMs behind a limited number of public IPv4 addresses, which may cause port exhaustion if the VMs create many outbound connections. This is not required if all VMs have dedicated public IPv4 addresses, however.
     - Create the NAT gateway with TCP idle timeout 10 minutes (e.g.).

index.md

@@ -20,6 +20,7 @@ Random collection of config notes and Miscellanea. _Technically not a wiki._
 
 - [Ansible](/automation/ansible/)
 - [Puppet](/automation/puppet/)
+- [Terraform](/automation/terraform/)
 
 ## Cloud
 

swe/git.md

@@ -76,6 +76,7 @@ breadcrumbs:
         - A leading `/` means to only match in the same folder as the gitignore file (the gitignore root).
         - A trailing `/` means to only match directories.
         - A `*` means to use globbing to match files, e.g. `*.log` to match all log files.
+        - A leading `**/` means to match in the current directory or in subdirectories.
 - Committing:
     - Typical command (with inline message): `git commit -m "<message>"`
     - Commit message: