Manage your entire Discord server (Helmáč) as declarative Terraform configuration. Add, modify, or remove divisions, channels, roles, and permissions through code—everything syncs automatically to Discord.
To configure new divisions or teams: Simply edit divisions.tf.json and open a pull request. The rest is automated.
All channels, roles, permissions, and onboarding flows are generated automatically from the division definitions.
This project uses Terraform to manage:
- Shared channels with full permission setup
- Individual division channels (teams) with dedicated channels, roles, and permissions
- Automated onboarding for new members to self-select divisions
- Role hierarchy with member and manager roles per division
- Channel permissions configured declaratively
- CI/CD pipeline with encrypted state management
divisions.tf.json (single source of truth)
↓
├─→ channels.tf - Creates text channels + permissions
├─→ roles.tf - Creates member & manager roles
└─→ onboarding.tf - Generates self-service onboarding
For contributing:
-
Gain access to
ENCRYPTION_KEYand add it to.env. -
Terraform 1.0+
For applying changes manually:
-
Discord Bot with Admin permissions
- Create at Discord Developer Portal
- Copy bot token and server ID (enable Developer Mode in Discord) to
.env
-
Terraform 1.0+
# 1. Configure credentials
cp .env.example .env
# Edit .env with ENCRYPTION_KEY
source .env
# 2. Install Discord provider
./scripts/setup.sh
# 3. Download latest available shared state
./scripts/download-state.sh
# 3. Initialize Terraform
terraform initEdit divisions.tf.json and add to the locals.divize array:
{
"name": "new-team",
"color": {
"clen": 2067276,
"garant": 3066993
},
"onboarding": {
"description": "Help with new team tasks",
"emoji_name": "🆕",
"title": "New Team"
}
}Note: Terraform cannot handle HEX colors, use decimal values instead.
This automatically creates:
- Text channel
#new-team - Role
Člen - new-team(Member) - Role
Garant - new-team(Manager) - Channel permissions for both roles
- Onboarding prompt for self-assignment
! This will only work if you have access to following secrets:
DISCORD_BOT_TOKENDISCORD_SERVER_ID
# Preview changes
terraform plan
# Apply to Discord
terraform applyHelper scripts are provided for importing existing Discord infrastructure:
# Import division roles
./scripts/import-division.sh garant hospoda ROLE_ID
# Import channel permissions
./scripts/import-channel-permission.sh info INFO_ID
# Import division channel permissions
./scripts/import-division-channel-permission.shGitHub Actions automatically:
- Decrypts Terraform state (GPG encrypted)
- Builds Discord provider from source
- Plans changes on every push to main
- Re-encrypts and stores state
Required secrets:
DISCORD_BOT_TOKENDISCORD_SERVER_IDENCRYPTION_KEY(GPG passphrase)
| File | Purpose |
|---|---|
| divisions.tf.json | Division definitions (edit this to add/modify teams) |
| channels.tf | Channel creation and permission overrides |
| roles.tf | Role definitions (global + division roles) |
| permissions.tf | Reusable permission datasets |
| onboarding.tf | Server onboarding flow configuration |
| server.tf | Main server resource |
| provider.tf | Discord provider authentication |
| variables.tf | Input variable definitions |
| versions.tf | Terraform and provider version constraints |
- Never commit
.env,terraform.tfvars, orterraform.tfstate(contains sensitive data) - Test first - Always run
terraform planbeforeterraform apply - Encrypted state - CI/CD uses GPG-encrypted state for security
- Provider source - Built from tumido/terraform-provider-discord (branch: my-release)