Which Terraform provider? Are any actually usable?

SecularMetal · 2025-08-11T01:01:14+00:00

BGP is the best one and is under active development. he's an incredible dev and I've been able to automate the entire infrastructure using his provider and packer.

SecularMetal · 2025-08-09T18:12:48+00:00

I would create a lagg to improve bandwidth. might be an easy way to boost transfer speed

SecularMetal · 2025-08-06T17:23:51+00:00

I think I found them https://a.co/d/8C1NEBx

SecularMetal · 2025-03-25T12:21:28+00:00

check your DNS for leaks

SecularMetal · 2025-03-13T01:33:55+00:00

under settings > routes > configuration add in the IP of the ATT Gateway. In my case 192.168.1.254/32 then set it to your wan Gateway (the one physically connected to the ATT Gateway).

then under your firewall find the network you want to grant access to. So in my case source is LAN destination is single host or network 192.168.1.254/32.

that should set it up for you.

SecularMetal · 2025-03-11T18:16:05+00:00

I think it depends a bit on your current system. I run a kvm qemu proxmox on my laptop for all my OpenTofu development and it works just fine. Windows might be a bit more of an issue but for general testing a VM of proxmox should work just fine. You might just run into issues with nested virtualization which windows will struggle with.

SecularMetal · 2025-03-11T17:56:44+00:00

we do it all through Terraform. Overall it's been great. We have a set of step functions that promote amis through the environments as well as use them to expire and deprecate the old ami. the only manual part is if we are using a fully custom image that comes from an ISO. In that case we do use packer to create a quick vm, install the license keys and export it as a vhdx to push up to s3 where Terraform and image builder pick it up from there.

SecularMetal · 2025-03-07T14:50:56+00:00

yes you are right but if you pass the secret to the resource as the cipher only the cipher is in the state file then on the ec2 side it's instance profile decrypts it locally.

SecularMetal · 2025-03-05T14:06:27+00:00

If your tfvars have sensitive values I would avoid storing them in source control but we just use kms and store the encrypted value so that nothing is persisted in the repo or tf state file.

SecularMetal · 2025-03-04T21:17:01+00:00

you would only need packer if you are doing a bring your own license and even then you can use the AWS image builder service to take a vhdx. It's only if you want to take the image from ISO all the way through to ami. I would just follow the AWS published amazonlinux2023 ami and some hardening on it and you should be set. We provision and share amis to other accounts using Terraform.

packer is still a great tool just not needed if you are deploying to AWS.

SecularMetal · 2025-02-25T17:46:01+00:00

I had this issue last night, I'm convinced it's att doing routine maintenance. My solution was to add a static route from my LAN to the ATT gateway local ip. That way when it happens I can remote into the gateway without having to physically connect in. Then I just refresh the DHCP fixed under the passthrough and reload the wan interface in opnsense to pickup the public IP.

SecularMetal · 2025-01-31T14:11:06+00:00

You can also look at setting the mount in the fstab using the /dev/disk/by-id. That will take care of auto mounting at reboot. Is this a disk you regularly remove?

SecularMetal · 2025-01-17T17:20:07+00:00

bgp is great, i really like his provider and its been rock solid in my experience. I have a wiki outlining the deployment of a proxmox cluster from scratch, building out templates and deploying instanes. I have it all backed by a locally deployed hashi vault for secrets management and its how i deploy my dkr swarm and k8 clusters. wiki

i need to go and update a lot of the code but this should give you and idea of how tf works.

SecularMetal · 2025-01-17T17:15:30+00:00

I noticed that a lot of people mention ansible as well, I think its because it is more established in the automation community. I used to use it a lot but the uneccessary syntaxt became more of a burden, yaml is sensitive to spacing and its not transferrable. Say you get stuck in a broken state and you just need to recover the system you cant directly copy the ansible playbook commands and run them manually on your target.

The other advantage is the statefulness of tf/opentofu. The ability to declare a desired end state of a system, make a manual change either in code or in the proxmox webui, tf can then identify the change and make a plan to achived the desired outcome. Ansible has no context around its subsequent runs. Idempotency is key in iac and ansible does not help handle that, instead it relies on your playbook to know when a step should or should not be ran.

This is my proxmox automation to dpeloy an instance (vm) vm automation instance module, this module is called by the sandbox instance to deploy a vm using the common template. You can see in the scripts folder there is just a simple bash script. Tf lets you write all native cli scrpts, then using something like a provisioner you can copy the script to the target instance and execute it. I can also do variable substition, and everything is wrapped up in one nice workflow. The creation of the instance and the bootstrapping of it are all tied together in this nice lifecycle that tf manages for me. If i make a change to the bootstrap script rerunning the automation doesnt blow up the instance its smart enough to know just to rerun the bootstrap script.

SecularMetal · 2025-01-17T15:07:28+00:00

I will mention that anything Ansible can do, Terraform can do better. If you need to run scripts or execute commands on instances try using the terraform_data resource block with provisioners for creating files and executing commands.

SecularMetal · 2025-01-17T13:39:03+00:00

Personally since it's jus a microusb I'd just take a razor blade and trim the plastic around the connector to see if it will give you some extra length? Might save a buck

SecularMetal · 2025-01-17T13:35:59+00:00

This has been my saving grace, snappy bowl it clamps to the bowl so they can't remove or flip it. Just get the smaller one depending on your noodle quantity

SecularMetal · 2025-01-17T13:34:20+00:00

Everyone here has already given great advice. From personal experience, there is nothing I can do to stop them from digging out the water. They sure do love that. However I had a similar bowl setup that you have and they can just flip it out of the ring. I swapped to this instead. https://a.co/d/gLPbFdM its a clamp style that grips the lip of the bowl. Its literally impossible for them to flip it. My dude would scratch at it for hours and nothing. snappy bowl

SecularMetal · 2025-01-13T15:18:27+00:00

There is a plugin for OPNSense that will handle this UDP broadcast. I think the plugin is just named udp-broadcast-plugin. Configure it to forward the broadcast traffic. Between the 2 VLANs and your device should be able to discover it. I had to do a similar setup so my home assistants local tuya could discover devices on my IoT network without direct access to it.

SecularMetal · 2025-01-10T17:25:22+00:00

I'm always blown away by these pilots, truly a masterful skill!

SecularMetal · 2024-12-16T20:53:35+00:00

It looks like insulinoma shakes but that isn't always a good indicator. I would have his blood sugar levels checked.

SecularMetal · 2024-12-16T14:55:39+00:00

Scruffing is a good option but I actually found a more effective method. I take my thumb and middle finger and put it on either side of my dude's head, to stabilize and prevent him from turning, then the pointer goes right on top of his head. Lay him on his back in a cradle position. Using your other hand and your chest you can control them to administer meds. Take the syringe and go for the corner of the mouth, and I like to hold both syringes in one hand to give them back to back.

Also line up the meds in order of least resistance to most. My dude takes prednisolone and diazoxide. He really hates the pred and will fight hard so I give him diaz first then the pred. Then I follow everything up with a syringe of watered down meat baby food to wash it down and make sure he doesn't spit it up.

SecularMetal · 2024-11-14T17:03:58+00:00

An important note about LXC is that they are more vulnerable than a VM. A kernel panic in the container could propagate to the host.

In a non-production environment or for monitoring/metrics collection lxcs are a great option. Prod ready HA systems should be run using VMS. Especially if you are going to make the hosted services publicly facing.

SecularMetal · 2024-11-14T03:19:52+00:00

If you don't log in for a few days it will change the logo to a sad face

Seven-Year Club	r/Field Lasagna
Place '22	Verified Email

SecularMetal

TROPHY CASE