Operations - Usage, Security & Structure
Usage
Prerequisites
# Load secrets
dsource d000 dev/network
dsource d000 dev/app
# Verify Vault SSH CA key exists
cat ~/.ssh/vault-ca.pubApply Configuration
# KVM VMs
cd environments/prod/kvm
terraform init
terraform plan
terraform apply
# Cloudflare DNS
cd environments/prod/cloudflare
terraform init
terraform plan
# Vault configuration
cd environments/prod/vault
terraform init
terraform plan
# k3s resources
cd environments/prod/k3s
terraform init
terraform planSecurity
-
All credentials via environment variables
-
No secrets in
.tffiles -
.gitignoreprotects state and keys -
Vault for dynamic secrets
-
State stored locally (not in remote backend)
Directory Structure
domus-terraform/
├── backend.tf
├── providers.tf
├── versions.tf
├── environments/
│ └── prod/
│ ├── cloudflare/
│ ├── github/
│ ├── k3s/
│ ├── keycloak/
│ ├── kvm/
│ └── vault/
└── modules/
├── k3s-node/
├── vault-node/
└── vm/