infra¶

Infrastructure as Code for Dashecorp. One repo, organized by provider.

Structure¶

cloudflare/
  dashecorp.com/     DNS, tunnels, Access policies, Pages

github/
  dashecorp/         Dashecorp org repos, webhooks, branch protection
  stig-johnny/       Stig-Johnny repos, webhooks
  enterprise/        GitHub Enterprise settings

gcp/
  dashecorp/         GCP VM (k3s), Artifact Registry, Tailscale

k8s/
  dell/              Dell k3s NFS storage (Synology)

tailscale/
  main.tf            Tailscale ACLs

Usage¶

Each directory is an independent OpenTofu root module:

cd github/dashecorp
tofu init
tofu plan
tofu apply

CI runs tofu plan on PRs and tofu apply on merge to main.

Rules¶

Secrets in .tfvars only — never commit .tfvars files
One tofu apply per directory — independent state
All repos private — no exceptions
State in GCS — gs://tablez-terraform-state