terraform.tfvars.example
sha256:8915fe406161f95c1681f9469375e7bae5b28c884f00bedbdef65e4b0cd0738d
docs(flow): commit FLOW-V0-SPEC.md hygiene for 7A-INT merge
Human
13 hours ago
| 1 | ###################################################################### |
| 2 | # Copy this file to terraform.tfvars and fill in your values. |
| 3 | # DO NOT commit terraform.tfvars to git — it contains your Tailscale |
| 4 | # auth key. Add it to .gitignore (already done at the repo root). |
| 5 | ###################################################################### |
| 6 | |
| 7 | # Region: us-west-2 for west-coast users, us-east-1 for east-coast. |
| 8 | aws_region = "us-west-2" |
| 9 | |
| 10 | # 'prod' is the only environment for now. Add 'staging' later if needed. |
| 11 | environment = "prod" |
| 12 | |
| 13 | # t3.medium = 2 vCPU, 4 GB RAM, ~$30/mo. Sufficient for 22 agents @ 30 videos/wk. |
| 14 | # Upgrade to t3.large (4 GB → 8 GB) if you see OOMs in journalctl -u paperclip. |
| 15 | instance_type = "t3.medium" |
| 16 | |
| 17 | # 30 GB covers Paperclip + Postgres + 6mo of agent logs + Node modules + headroom. |
| 18 | ebs_size_gb = 30 |
| 19 | |
| 20 | # Your home/office public IP. Find with: curl ifconfig.me |
| 21 | # Format: <IP>/32 for a single IP. SSH on port 22 is locked to this. |
| 22 | # Tailscale (the preferred path) is independent of this — Tailnet works regardless. |
| 23 | home_ip_cidr = "REPLACE_ME/32" |
| 24 | |
| 25 | # Your SSH public key. Get with: cat ~/.ssh/id_ed25519.pub |
| 26 | ssh_public_key = "ssh-ed25519 AAAAREPLACEME aaron@laptop" |
| 27 | |
| 28 | # Tailscale ephemeral auth key. |
| 29 | # Generate at https://login.tailscale.com/admin/settings/keys with: |
| 30 | # - Reusable: false |
| 31 | # - Ephemeral: false |
| 32 | # - Pre-approved: true (so the box joins without manual approval) |
| 33 | # - Tags: tag:paperclip-prod (you must define this tag in your ACL first) |
| 34 | # The key is single-use. After the box joins, the key is consumed. |
| 35 | tailscale_auth_key = "tskey-auth-REPLACE_ME" |
| 36 | |
| 37 | # Knowtation hosted Hub URL. Pre-seeded into SSM as a non-secret String parameter. |
| 38 | # Leave empty if you'd rather push it later via push-secrets.sh. |
| 39 | knowtation_hub_url = "https://hub.knowtation.dev" |
| 40 | |
| 41 | # Vault ID. Default is fine for single-vault users. |
| 42 | knowtation_vault_id = "default" |
File History
1 commit
sha256:8915fe406161f95c1681f9469375e7bae5b28c884f00bedbdef65e4b0cd0738d
docs(flow): commit FLOW-V0-SPEC.md hygiene for 7A-INT merge
Human
13 hours ago