This repository provides Terraform configurations for deploying resources in the Oracle Cloud Infrastructure (OCI) Free Tier.
- Terraform or OpenTofu installed on your local machine.
- An Oracle Cloud Infrastructure (OCI) account.
- OCI CLI configured with your credentials.
-
Clone the repository:
git clone https://github.com/filippolmt/terraform-oci-free-tier.git cd terraform-oci-free-tier -
Configure your variables: Copy the
terraform.tfvars.templatetoterraform.tfvarsand fill in the required variables. By default, theinstall_runtipivariable is set totrue, which will trigger the installation of RunTipi. If you do not wish to install RunTipi, set this variable tofalse.cp terraform.tfvars.template terraform.tfvars
-
Initialize Terraform or OpenTofu: Depending on the tool you are using, run:
terraform init
or
tofu init
-
Plan the deployment:
terraform plan
or
tofu plan
-
Apply the deployment:
terraform apply
or
tofu apply
-
Destroy the deployment:
terraform destroy
or
tofu destroy
main.tf: Main Terraform configuration file.outputs.tf: Defines the outputs of the Terraform configuration.variables.tf: Defines the variables used in the Terraform configuration.versions.tf: Specifies the required Terraform version and provider versions.terraform.tfvars.template: Template for user-specific variables..github/workflows/: Contains GitHub Actions workflows for CI/CD.documentation.yml: Workflow for generating documentation.tfsec.yml: Workflow for running TFsec security scans.
scripts/startup.sh: Script for initial setup and configuration. By default, this script installs RunTipi unless theinstall_runtipivariable is set tofalse.
If install_runtipi is set to true, the setup script will install RunTipi and configure the local network for running applications within the local domain. Follow these steps to correctly configure RunTipi:
-
Access RunTipi via Public IP:
- Install AdGuard from the RunTipi apps.
- In the "Network Interface" section, add the IP
127.0.0.1and ensure the system is also reachable from the internet. - Add a valid DNS or any DNS by modifying the
hostsfile if needed.
-
Configure DNS Resolution for VPN Network:
- Access the RunTipi dashboard and follow this guide for DNS resolution within the VPN network: RunTipi DNS Resolution Guide.
- Configure the IP to
172.18.0.254, which is the IP set for Traefik.
-
Configure WireGuard:
- Install and configure WireGuard by adding a public IP or DNS.
- Set a password and configure the AdGuard IP to
172.18.0.253. - Restart RunTipi.
-
Disable Internet Access:
- Once AdGuard is configured and running, you can disable internet access to ensure that applications are only reachable within the local network.
Once these steps are complete, you will be able to use the local network without the applications being accessible externally.
This project is licensed under the MIT License. See the LICENSE file for details.
| Name | Version |
|---|---|
| terraform | >=1.3 |
| oci | 6.17.0 |
| Name | Version |
|---|---|
| oci | 6.17.0 |
No modules.
| Name | Type |
|---|---|
| oci_core_default_route_table.default_route_table | resource |
| oci_core_instance.instance | resource |
| oci_core_internet_gateway.internet_gateway | resource |
| oci_core_public_ip.public_ip | resource |
| oci_core_security_list.security_list | resource |
| oci_core_subnet.subnet | resource |
| oci_core_vcn.vcn | resource |
| oci_core_volume.docker_volume | resource |
| oci_core_volume_attachment.docker_volume_attachment | resource |
| oci_core_volume_backup_policy.docker_volume_backup_policy | resource |
| oci_core_volume_backup_policy_assignment.docker_volume_backup_policy_assignment | resource |
| oci_core_private_ips.instance_private_ip | data source |
| oci_core_vnic.instance_vnic | data source |
| oci_core_vnic_attachments.instance_vnics | data source |
| oci_identity_availability_domain.ad | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| additional_ssh_public_key | Additional public key to use for SSH access example: < /home/ubuntu/.ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAA EOF | string |
"" |
no |
| availability_domain_number | The availability domain number | number |
1 |
no |
| compartment_ocid | The OCID of the compartment | string |
n/a | yes |
| docker_volume_size_gb | The size of the docker volume in GBs | string |
"150" |
no |
| fault_domain | The fault domain to deploy to | string |
"FAULT-DOMAIN-2" |
no |
| install_runtipi | Install Homeserver Runtipi refs: https://runtipi.io/ | bool |
true |
no |
| instance_display_name | The display name of the instance | string |
"DockerHost" |
no |
| instance_image_ocids_by_region | The OCID of the image to use for the instance | map(string) |
{ |
no |
| instance_shape | The shape of the instance | string |
"VM.Standard.A1.Flex" |
no |
| instance_shape_boot_volume_size_gb | The size of the boot volume in GBs | string |
"50" |
no |
| instance_shape_config_memory_gb | The amount of memory in GBs for the instance | string |
"24" |
no |
| instance_shape_config_ocpus | The number of OCPUs for the instance | string |
"4" |
no |
| oracle_api_key_fingerprint | The fingerprint of the public key | string |
n/a | yes |
| oracle_api_private_key_path | The path to the private key | string |
"~/.oci/oci_api_key.pem" |
no |
| region | The region to deploy to | string |
"eu-milan-1" |
no |
| runtipi_adguard_ip | The IP of the AdGuard for Runtipi, WARNING: this IP should be in the subnet of the main network and different from the reverse proxy IP | string |
"172.18.0.253" |
no |
| runtipi_main_network_subnet | The subnet of the main network for Runtipi | string |
"172.18.0.0/16" |
no |
| runtipi_reverse_proxy_ip | The IP of the reverse proxy for Runtipi, WARNING: this IP should be in the subnet of the main network | string |
"172.18.0.254" |
no |
| security_list_rules | The security list rules | list(object({ |
[ |
no |
| ssh_public_key | The public key to use for SSH access | string |
n/a | yes |
| tenancy_ocid | The OCID of the tenancy | string |
n/a | yes |
| user_ocid | The OCID of the user to use for authentication | string |
n/a | yes |
| vcn_cidr_block | The CIDR block for the VCN | string |
"10.1.0.0/16" |
no |
| Name | Description |
|---|---|
| instance_id | The OCID of the instance |
| private_ip | The private IP of the instance |
| public_ip | The public IP of the instance |