First set up

README.md

@@ -4,11 +4,12 @@ Provisioning, configuration and manifests for my Kubernetes dev cluster on Hetzn
 
 ## Prerequisites
 
-- [Terraform](https://www.terraform.io/downloads.html) installed
-- [SOPS](https://github.com/mozilla/sops) installed
-- [Age](https://github.com/FiloSottile/age) installed (for encryption)
+- [OpenTofu](https://opentofu.org/docs/intro/install/)
+- [SOPS](https://github.com/mozilla/sops)
+- [Age](https://github.com/FiloSottile/age)
 - A Hetzner Cloud account and API token
 - A GitHub account and personal access token (for Flux)
+- S3 compatible storage credentials
 
 ## Setup Steps
 
@@ -17,21 +18,23 @@ Provisioning, configuration and manifests for my Kubernetes dev cluster on Hetzn
    age-keygen -o key.txt
    ```
 
-2. **Create a `.sops.yaml` file in your project root:**
+2. **Edit `.sops.yaml` file in your project root:**
    ```yaml
    creation_rules:
-     - path_regex: secrets\.enc\.yaml$
+     - unencrypted_regex: "^(apiVersion|metadata|kind|type)$"
        age: <your-age-public-key>
    ```
    Replace `<your-age-public-key>` with the public key from your `key.txt` file.
 
 3. **Create a `secrets.yaml` file with your sensitive data:**
+
    ```yaml
    username: <your-username>
    user_hashed_password: <your-hashed-password>
    user_ssh_public_key: <your-ssh-public-key>
    github_username: <your-github-username>
    github_repo: <your-flux-repo-name>
+   github_token: <your-github-token>
    ```
 
 4. **Encrypt the secrets file:**
@@ -42,57 +45,24 @@ Provisioning, configuration and manifests for my Kubernetes dev cluster on Hetzn
 5. **Create a `terraform.tfvars` file for your Hetzner Cloud token:**
    ```hcl
    hcloud_token = "your-hetzner-cloud-token"
+
    ```
 
-6. **Initialize Terraform:**
+6. **Create `s3_env.yaml` file with your S3 compatible storage credentials**
+
+   `AWS_ENDPOINT_URL_S3`
+   `AWS_ACCESS_KEY_ID`
+   `AWS_REGION`
+   `AWS_SECRET_ACCESS_KEY`
+
+7. **Encrypt the `s3_env.yaml` file:**
    ```
-   terraform init
+   sops -e s3_env.yaml > s3_env.enc.yaml
    ```
 
-7. **Plan your Terraform deployment:**
+6. **Initialize OpenTofu:**
+   ```bash
+   tofu init
+   tofu plan
+   tofu apply
    ```
-   terraform plan
-   ```
-
-8. **Apply your Terraform configuration:**
-   ```
-   terraform apply
-   ```
-
-## File Structure
-
-- `main.tf`: Main Terraform configuration file
-- `variables.tf`: Terraform variables definition
-- `cloud-init.yaml`: Cloud-init configuration template
-- `secrets.enc.yaml`: Encrypted secrets file (do not commit to version control)
-- `terraform.tfvars`: Terraform variables values (do not commit to version control)
-- `.sops.yaml`: SOPS configuration file
-
-## Usage
-
-After successful provisioning, you can access your new server using SSH:
-
-```
-ssh <your-username>@<server-ip>
-```
-
-The server IP will be output by Terraform after successful application.
-
-## Customization
-
-- Modify `cloud-init.yaml` to change the initial server setup.
-- Adjust `main.tf` to change Hetzner Cloud resources or add additional configurations.
-
-## Security Notes
-
-- Never commit `secrets.yaml`, `secrets.enc.yaml`, or `terraform.tfvars` to version control.
-- Keep your `key.txt` file secure and backed up. Losing this file means losing access to your encrypted secrets.
-
-## Troubleshooting
-
-If you encounter issues:
-1. Check Terraform output for errors.
-2. Review cloud-init logs on the server: `/var/log/cloud-init-output.log`
-3. Ensure all required variables are correctly set in your encrypted secrets file.
-
-For further assistance, please open an issue in the project repository.