# [`infra`][infra]

this repo holds the code describing my very own infra (machines I use/manage)
and is very much a WIP.

should contain zero secrets, except encrypted either with [`age`][age] or
[`ansible-vault`][ansible-vault].

[`terraform`][tf] secrets are supplied as ENV vars at runtime by sourcing the
decrypted `infra-vars` file using [`direnv`][direnv], which is in turn
stationed in its place using [`home-manager`][hm].

[infra]: https://git.dotya.ml/wanderer/infra
[age]: https://github.com/FiloSottile/age
[ansible-vault]: https://docs.ansible.com/ansible/latest/cli/ansible-vault.html
[tf]: https://www.terraform.io/
[direnv]: https://direnv.net/
[hm]: https://github.com/nix-community/home-manager