https://github.com/filippolmt/terraform-oci-free-tier
Terraform configurations for deploying and managing resources on Oracle Cloud Infrastructure (OCI) Free Tier. Ideal for learning, development, and small-scale projects. Features include automated deployment, cost-effectiveness, modularity, and integrated security practices.
https://github.com/filippolmt/terraform-oci-free-tier
homeserver opentofu opentofu-module opentofu-modules oracle oracle-cloud oracle-cloud-infrastructure runtipi terraform terraform-module
Last synced: about 1 month ago
JSON representation
Terraform configurations for deploying and managing resources on Oracle Cloud Infrastructure (OCI) Free Tier. Ideal for learning, development, and small-scale projects. Features include automated deployment, cost-effectiveness, modularity, and integrated security practices.
- Host: GitHub
- URL: https://github.com/filippolmt/terraform-oci-free-tier
- Owner: filippolmt
- License: gpl-3.0
- Created: 2023-10-03T09:54:46.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2025-03-17T07:58:55.000Z (2 months ago)
- Last Synced: 2025-03-29T06:01:33.355Z (about 2 months ago)
- Topics: homeserver, opentofu, opentofu-module, opentofu-modules, oracle, oracle-cloud, oracle-cloud-infrastructure, runtipi, terraform, terraform-module
- Language: HCL
- Homepage:
- Size: 146 KB
- Stars: 5
- Watchers: 1
- Forks: 0
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Terraform OCI Free Tier
This repository provides Terraform configurations for deploying resources in the Oracle Cloud Infrastructure (OCI) Free Tier.
## Table of Contents
- [Terraform OCI Free Tier](#terraform-oci-free-tier)
- [Table of Contents](#table-of-contents)
- [Prerequisites](#prerequisites)
- [Setup](#setup)
- [Usage](#usage)
- [Files](#files)
- [RunTipi Configuration](#runtipi-configuration)
- [License](#license)
- [Requirements](#requirements)
- [Providers](#providers)
- [Modules](#modules)
- [Resources](#resources)
- [Inputs](#inputs)
- [Outputs](#outputs)
## Prerequisites
- [Terraform](https://developer.hashicorp.com/terraform/install) or [OpenTofu](https://opentofu.org/docs/intro/install/) installed on your local machine.
- An Oracle Cloud Infrastructure (OCI) account.
- OCI CLI configured with your credentials.
## Setup
1. **Clone the repository**:
```bash
git clone https://github.com/filippolmt/terraform-oci-free-tier.git
cd terraform-oci-free-tier
```
2. **Configure your variables**:
Copy the `terraform.tfvars.template` to `terraform.tfvars` and fill in the required variables.
By default, the `install_runtipi` variable is set to `true`, which will trigger the installation of RunTipi. If you do not wish to install RunTipi, set this variable to `false`.
```bash
cp terraform.tfvars.template terraform.tfvars
```
3. **Initialize Terraform or OpenTofu**:
Depending on the tool you are using, run:
```bash
terraform init
```
or
```bash
tofu init
```
## Usage
1. **Plan the deployment**:
```bash
terraform plan
```
or
```bash
tofu plan
```
2. **Apply the deployment**:
```bash
terraform apply
```
or
```bash
tofu apply
```
3. **Destroy the deployment**:
```bash
terraform destroy
```
or
```bash
tofu destroy
```
## Files
- `main.tf`: Main Terraform configuration file.
- `outputs.tf`: Defines the outputs of the Terraform configuration.
- `variables.tf`: Defines the variables used in the Terraform configuration.
- `versions.tf`: Specifies the required Terraform version and provider versions.
- `terraform.tfvars.template`: Template for user-specific variables.
- `.github/workflows/`: Contains GitHub Actions workflows for CI/CD.
- `documentation.yml`: Workflow for generating documentation.
- `tfsec.yml`: Workflow for running TFsec security scans.
- `scripts/startup.sh`: Script for initial setup and configuration. By default, this script installs RunTipi unless the `install_runtipi` variable is set to `false`.
## RunTipi Configuration
If `install_runtipi` is set to `true`, the setup script will install RunTipi and configure the local network for running applications within the local domain. Follow these steps to correctly configure RunTipi:
1. **Access RunTipi via Public IP**:
- Install AdGuard from the RunTipi apps.
- In the "Network Interface" section, add the IP `127.0.0.1` and ensure the system is also reachable from the internet.
- Add a valid DNS or any DNS by modifying the `hosts` file if needed.
2. **Configure DNS Resolution for VPN Network**:
- Access the RunTipi dashboard and follow this guide for DNS resolution within the VPN network: [RunTipi DNS Resolution Guide](https://runtipi.io/docs/guides/local-certificate#dns-resolution).
- Configure the IP to `172.18.0.254`, which is the IP set for Traefik.
3. **Configure WireGuard**:
- Install and configure WireGuard by adding a public IP or DNS.
- Set a password and configure the AdGuard IP to `172.18.0.253`.
- Restart RunTipi.
4. **Disable Internet Access**:
- Once AdGuard is configured and running, you can disable internet access to ensure that applications are only reachable within the local network.
Once these steps are complete, you will be able to use the local network without the applications being accessible externally.
## License
This project is licensed under the MIT License. See the [LICENSE](./LICENSE) file for details.
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >=1.3 |
| [oci](#requirement\_oci) | 6.30.0 |
## Providers
| Name | Version |
|------|---------|
| [oci](#provider\_oci) | 6.30.0 |
## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [oci_core_default_route_table.default_route_table](https://registry.terraform.io/providers/oracle/oci/6.30.0/docs/resources/core_default_route_table) | resource |
| [oci_core_instance.instance](https://registry.terraform.io/providers/oracle/oci/6.30.0/docs/resources/core_instance) | resource |
| [oci_core_internet_gateway.internet_gateway](https://registry.terraform.io/providers/oracle/oci/6.30.0/docs/resources/core_internet_gateway) | resource |
| [oci_core_public_ip.public_ip](https://registry.terraform.io/providers/oracle/oci/6.30.0/docs/resources/core_public_ip) | resource |
| [oci_core_security_list.security_list](https://registry.terraform.io/providers/oracle/oci/6.30.0/docs/resources/core_security_list) | resource |
| [oci_core_subnet.subnet](https://registry.terraform.io/providers/oracle/oci/6.30.0/docs/resources/core_subnet) | resource |
| [oci_core_vcn.vcn](https://registry.terraform.io/providers/oracle/oci/6.30.0/docs/resources/core_vcn) | resource |
| [oci_core_volume.docker_volume](https://registry.terraform.io/providers/oracle/oci/6.30.0/docs/resources/core_volume) | resource |
| [oci_core_volume_attachment.docker_volume_attachment](https://registry.terraform.io/providers/oracle/oci/6.30.0/docs/resources/core_volume_attachment) | resource |
| [oci_core_volume_backup_policy.docker_volume_backup_policy](https://registry.terraform.io/providers/oracle/oci/6.30.0/docs/resources/core_volume_backup_policy) | resource |
| [oci_core_volume_backup_policy_assignment.docker_volume_backup_policy_assignment](https://registry.terraform.io/providers/oracle/oci/6.30.0/docs/resources/core_volume_backup_policy_assignment) | resource |
| [oci_core_private_ips.instance_private_ip](https://registry.terraform.io/providers/oracle/oci/6.30.0/docs/data-sources/core_private_ips) | data source |
| [oci_core_vnic.instance_vnic](https://registry.terraform.io/providers/oracle/oci/6.30.0/docs/data-sources/core_vnic) | data source |
| [oci_core_vnic_attachments.instance_vnics](https://registry.terraform.io/providers/oracle/oci/6.30.0/docs/data-sources/core_vnic_attachments) | data source |
| [oci_identity_availability_domain.ad](https://registry.terraform.io/providers/oracle/oci/6.30.0/docs/data-sources/identity_availability_domain) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [additional\_ssh\_public\_key](#input\_additional\_ssh\_public\_key) | Additional public key to use for SSH access example: < /home/ubuntu/.ssh/authorized\_keys ssh-rsa AAAAB3NzaC1yc2EAA EOF | `string` | `""` | no |
| [availability\_domain\_number](#input\_availability\_domain\_number) | The availability domain number | `number` | `1` | no |
| [compartment\_ocid](#input\_compartment\_ocid) | The OCID of the compartment | `string` | n/a | yes |
| [docker\_volume\_size\_gb](#input\_docker\_volume\_size\_gb) | The size of the docker volume in GBs | `string` | `"150"` | no |
| [fault\_domain](#input\_fault\_domain) | The fault domain to deploy to | `string` | `"FAULT-DOMAIN-2"` | no |
| [install\_runtipi](#input\_install\_runtipi) | Install Homeserver Runtipi refs: https://runtipi.io/ | `bool` | `true` | no |
| [instance\_display\_name](#input\_instance\_display\_name) | The display name of the instance | `string` | `"DockerHost"` | no |
| [instance\_image\_ocids\_by\_region](#input\_instance\_image\_ocids\_by\_region) | The OCID of the image to use for the instance | `map(string)` |
{
"af-johannesburg-1": "ocid1.image.oc1.af-johannesburg-1.aaaaaaaafot57oc456xr2m6qg7auumzzlcrdqehitdceztk7cafwwwqr6rfa",
"ap-chuncheon-1": "ocid1.image.oc1.ap-chuncheon-1.aaaaaaaa6s4f3ux4iqlidzupc6swhgxapaq4wp6e6rav2jcrntrq4xm5hboq",
"ap-hyderabad-1": "ocid1.image.oc1.ap-hyderabad-1.aaaaaaaav2hw27anzikymein2qlui36oskhql4nk7uvg6ys2oy3isek45ncq",
"ap-melbourne-1": "ocid1.image.oc1.ap-melbourne-1.aaaaaaaajs7exfbxezdpvnyfvy3tb7nipyoyvvzpawcavr3lnluoabbw6fnq",
"ap-mumbai-1": "ocid1.image.oc1.ap-mumbai-1.aaaaaaaapj3j2y7ce7hx7mi5svv55xk56vt5gxv6m52fan53bjh3ylucuwiq",
"ap-osaka-1": "ocid1.image.oc1.ap-osaka-1.aaaaaaaaldeqjomudapby2r4vqzkqpgfbltlzqdsoznfbrfy3oxhrro5lfha",
"ap-seoul-1": "ocid1.image.oc1.ap-seoul-1.aaaaaaaaxcb4mkvnrbh67tsy7l2saxpggg47su4ieqqs47zajiksdevac4tq",
"ap-singapore-1": "ocid1.image.oc1.ap-singapore-1.aaaaaaaazgpftr3dz6ycggdv3hzgeuigok6ppjo7tulyvt23dcifmraploiq",
"ap-sydney-1": "ocid1.image.oc1.ap-sydney-1.aaaaaaaabren6pndzvk3zx6yvsrlvuytl252gfffngbmdnnqiju2ns3n53mq",
"ap-tokyo-1": "ocid1.image.oc1.ap-tokyo-1.aaaaaaaa7wfpiywco2qtsayxepkt6m72fki2fckhtk67hepa53lxdobmvucq",
"ca-montreal-1": "ocid1.image.oc1.ca-montreal-1.aaaaaaaa6apcspvi563o3a3w72v5ke3rl73zd7ozwlpd7nddncdty46gwhaa",
"ca-toronto-1": "ocid1.image.oc1.ca-toronto-1.aaaaaaaatyk4uxydfb6nld77djoh6unxvcjjwbhnuxyc66q2h2scq4kn2dsa",
"eu-amsterdam-1": "ocid1.image.oc1.eu-amsterdam-1.aaaaaaaa7urvqgyy3qu5icptd2lq4yuyvhpnqedulxcnme7mq7f4pvxtbufq",
"eu-frankfurt-1": "ocid1.image.oc1.eu-frankfurt-1.aaaaaaaax65kresevp22fzwqj3yy553ktmoekrhjmgx3p3p2tvk4hsw3vxmq",
"eu-madrid-1": "ocid1.image.oc1.eu-madrid-1.aaaaaaaavc2jr2yqm7xxhthlhuae3aodwfvxhyjes5g4iimkr3irc3nhkf7q",
"eu-marseille-1": "ocid1.image.oc1.eu-marseille-1.aaaaaaaaeahdract2jxrkpsgxgcrgllwkhxfyv4srx2a4jxfkzuqe37tb44a",
"eu-milan-1": "ocid1.image.oc1.eu-milan-1.aaaaaaaa54frn7sjk7iuf7hy2kvcvz3bpgeodolqopyz2i4yrmv5riqoo52a",
"eu-paris-1": "ocid1.image.oc1.eu-paris-1.aaaaaaaaabnylsroi62h56d34ulckcbmg3t3yu2qad2dhypmjs5qdfv7h5kq",
"eu-stockholm-1": "ocid1.image.oc1.eu-stockholm-1.aaaaaaaalrpn2ma77pltnts5ipmtqnynlc5rnkrdjkvkcgwznlsu6xkybdcq",
"eu-zurich-1": "ocid1.image.oc1.eu-zurich-1.aaaaaaaamrglec2vbss5tmteupwfhq47i5ts4zbhpyugilr55dhnkxwanaca",
"il-jerusalem-1": "ocid1.image.oc1.il-jerusalem-1.aaaaaaaamq3zfigwidconwcgzx3nwmmt55svbbgujhsxnse74ia5ugggsjga",
"me-abudhabi-1": "ocid1.image.oc1.me-abudhabi-1.aaaaaaaan2eszzdrwqft754ghcce637x2wmmtv7xz4s5lfe4lpiuj4einsvq",
"me-dubai-1": "ocid1.image.oc1.me-dubai-1.aaaaaaaaxwsbrnl45fqc5awpv2vksx2gxwnyhv4dffigcpnscq7znhmljdbq",
"me-jeddah-1": "ocid1.image.oc1.me-jeddah-1.aaaaaaaahsee5b75qh3fpvtcxty26knl7mtchuh2gwvmclnytvhqwvblnhga",
"mx-monterrey-1": "ocid1.image.oc1.mx-monterrey-1.aaaaaaaattmfisdlui4cqrgytayqp47oqponuukb5754lv4ol7zwmnhixy6a",
"mx-queretaro-1": "ocid1.image.oc1.mx-queretaro-1.aaaaaaaaaibqfitupdgsk3qozwfxrv7fal4t5u6gujemkdzqv56ado2ytidq",
"sa-bogota-1": "ocid1.image.oc1.sa-bogota-1.aaaaaaaaef37yvccm356ekf6c4vjfxcp7amjsubrus7f5yzowepelwfwdd7q",
"sa-santiago-1": "ocid1.image.oc1.sa-santiago-1.aaaaaaaascdz5oprkbvtxvylajktpjvy6bzffvv6pxzsnhib7tlm6e3x4xja",
"sa-saopaulo-1": "ocid1.image.oc1.sa-saopaulo-1.aaaaaaaaw2n2h7zt4mxamzw4upmzh5djd3bdcukvpyp2kiozooxdwxumzsfq",
"sa-valparaiso-1": "ocid1.image.oc1.sa-valparaiso-1.aaaaaaaae37edjvawkov7m4saxlbt25zl4n65cgnj4hap6vncpv2ttv4bzma",
"sa-vinhedo-1": "ocid1.image.oc1.sa-vinhedo-1.aaaaaaaatrwlgkiptlh34l65net44k2tmv4zh2chvmzw7jhommsvfe72qg3q",
"uk-cardiff-1": "ocid1.image.oc1.uk-cardiff-1.aaaaaaaavjb6ajzjfwk2zlliuzoetyhfvhqhpo6hxyur77ai4ebjrprlyhda",
"uk-london-1": "ocid1.image.oc1.uk-london-1.aaaaaaaa4z7qr5ccidp4dowvqrb65v4qnrmzmx346q7gkvsbw6vfwxh6bkfq",
"us-ashburn-1": "ocid1.image.oc1.iad.aaaaaaaa5rxxb24tifnuklbdr3uqe3jnoeojal5evtkwysu37m6sxnod2rqa",
"us-chicago-1": "ocid1.image.oc1.us-chicago-1.aaaaaaaa64e73jfbns5ivnphb2oqyfqvuumbghlfouvudebolh4yev6gckdq",
"us-phoenix-1": "ocid1.image.oc1.phx.aaaaaaaame5af3onauf35n5nth4efynuag67gkakivhvp26othxzjfvj4ria",
"us-sanjose-1": "ocid1.image.oc1.us-sanjose-1.aaaaaaaagqsk2tvjwnkkarmct7bzmzez6v4cnqtsueca2lhg6lsfeji36qcq"
} | no |
| [instance\_shape](#input\_instance\_shape) | The shape of the instance | `string` | `"VM.Standard.A1.Flex"` | no |
| [instance\_shape\_boot\_volume\_size\_gb](#input\_instance\_shape\_boot\_volume\_size\_gb) | The size of the boot volume in GBs | `string` | `"50"` | no |
| [instance\_shape\_config\_memory\_gb](#input\_instance\_shape\_config\_memory\_gb) | The amount of memory in GBs for the instance | `string` | `"24"` | no |
| [instance\_shape\_config\_ocpus](#input\_instance\_shape\_config\_ocpus) | The number of OCPUs for the instance | `string` | `"4"` | no |
| [oracle\_api\_key\_fingerprint](#input\_oracle\_api\_key\_fingerprint) | The fingerprint of the public key | `string` | n/a | yes |
| [oracle\_api\_private\_key\_path](#input\_oracle\_api\_private\_key\_path) | The path to the private key | `string` | `"~/.oci/oci_api_key.pem"` | no |
| [region](#input\_region) | The region to deploy to | `string` | `"eu-milan-1"` | no |
| [runtipi\_adguard\_ip](#input\_runtipi\_adguard\_ip) | The IP of the AdGuard for Runtipi, WARNING: this IP should be in the subnet of the main network and different from the reverse proxy IP | `string` | `"172.18.0.253"` | no |
| [runtipi\_main\_network\_subnet](#input\_runtipi\_main\_network\_subnet) | The subnet of the main network for Runtipi | `string` | `"172.18.0.0/16"` | no |
| [runtipi\_reverse\_proxy\_ip](#input\_runtipi\_reverse\_proxy\_ip) | The IP of the reverse proxy for Runtipi, WARNING: this IP should be in the subnet of the main network | `string` | `"172.18.0.254"` | no |
| [security\_list\_rules](#input\_security\_list\_rules) | The security list rules | list(object({
protocol = string
source = string
stateless = bool
tcp_options = object({
source_port_range = object({
min = number
max = number
})
min = number
max = number
})
udp_options = object({
source_port_range = object({
min = number
max = number
})
min = number
max = number
})
icmp_options = object({
type = number
code = number
})
})) | [
{
"icmp_options": null,
"protocol": "6",
"source": "0.0.0.0/0",
"stateless": false,
"tcp_options": {
"max": 22,
"min": 22,
"source_port_range": {
"max": 65535,
"min": 1
}
},
"udp_options": null
},
{
"icmp_options": null,
"protocol": "17",
"source": "0.0.0.0/0",
"stateless": false,
"tcp_options": null,
"udp_options": {
"max": 51820,
"min": 51820,
"source_port_range": {
"max": 65535,
"min": 1
}
}
},
{
"icmp_options": {
"code": 4,
"type": 3
},
"protocol": "1",
"source": "0.0.0.0/0",
"stateless": false,
"tcp_options": null,
"udp_options": null
}
]
| no |
| [ssh\_public\_key](#input\_ssh\_public\_key) | The public key to use for SSH access | `string` | n/a | yes |
| [tenancy\_ocid](#input\_tenancy\_ocid) | The OCID of the tenancy | `string` | n/a | yes |
| [user\_ocid](#input\_user\_ocid) | The OCID of the user to use for authentication | `string` | n/a | yes |
| [vcn\_cidr\_block](#input\_vcn\_cidr\_block) | The CIDR block for the VCN | `string` | `"10.1.0.0/16"` | no |
| [wireguard\_client\_configuration](#input\_wireguard\_client\_configuration) | Adding a valid configuration for a WireGuard client will automatically install and configure it on the virtual machine. Example:<
[Interface]
PrivateKey = aaaaaaaaaaaaaaa
Address = 1.2.3.4/24
DNS = 5.6.7.8
DNS = 9.1.1.1
[Peer]
PublicKey = bbbbbbbbbbbbbbbbbb
PresharedKey = ccccccccccccccc
AllowedIPs = 0.0.0.0/24
Endpoint = dddddddddddddd
PersistentKeepalive = 25
EOF | `string` | `""` | no |
## Outputs
| Name | Description |
|------|-------------|
| [instance\_id](#output\_instance\_id) | The OCID of the instance |
| [private\_ip](#output\_private\_ip) | The private IP of the instance |
| [public\_ip](#output\_public\_ip) | The public IP of the instance |