Skills
skills/poindexter12/waypoint/tofu

tofu

SKILL.md

OpenTofu Skill

Infrastructure-as-code reference for OpenTofu configurations, state management, and provider patterns.

OpenTofu is the open-source fork of Terraform, maintained by the Linux Foundation. Commands and syntax are nearly identical to Terraform.

Quick Reference

# Core workflow
tofu init              # Initialize, download providers
tofu validate          # Syntax validation
tofu fmt -recursive    # Format HCL files
tofu plan              # Preview changes
tofu apply             # Apply changes

# Inspection
tofu state list                    # List resources in state
tofu state show <resource>         # Show resource details
tofu graph | dot -Tsvg > graph.svg # Dependency graph

# Debug
TF_LOG=DEBUG tofu plan 2>debug.log

Core Workflow

init → validate → fmt → plan → apply
  1. init: Download providers, initialize backend
  2. validate: Check syntax and configuration validity
  3. fmt: Ensure consistent formatting
  4. plan: Preview what will change (review carefully)
  5. apply: Execute changes

Terraform Migration

OpenTofu is a drop-in replacement for Terraform:

# Replace terraform with tofu in commands
terraform init  →  tofu init
terraform plan  →  tofu plan
terraform apply →  tofu apply

# State files are compatible
# Provider configurations work the same
# Most modules work without changes

Key differences:

  • Different binary name (tofu vs terraform)
  • Some newer Terraform features may not be available yet
  • Provider registry defaults differ (can be configured)

Reference Files

Load on-demand based on task:

Topic File When to Load
Troubleshooting troubleshooting.md Common errors, debugging
State state-management.md Backends, locking, operations
Modules module-design.md Module patterns, composition
Security security.md Secrets, state security
Migration migration.md Terraform → OpenTofu
Proxmox Gotchas proxmox/gotchas.md Critical provider issues
Proxmox Auth proxmox/authentication.md Provider config, API tokens
Proxmox VMs proxmox/vm-qemu.md proxmox_vm_qemu patterns

Validation Checklist

Before tofu apply:

  • tofu init completed successfully
  • tofu validate passes
  • tofu fmt applied
  • tofu plan reviewed (check destroy/replace operations)
  • Backend configured correctly (for team environments)
  • State locking enabled (if remote backend)
  • Sensitive variables marked sensitive = true
  • Provider versions pinned
  • No secrets in version control
  • Blast radius assessed (what could break?)

Variable Precedence

(highest to lowest)

  1. -var flag: tofu apply -var="name=value"
  2. -var-file flag: tofu apply -var-file=prod.tfvars
  3. *.auto.tfvars files (alphabetically)
  4. terraform.tfvars file
  5. TF_VAR_* environment variables
  6. Variable defaults in variables.tf

Provider Configuration

# versions.tf
terraform {
  required_version = ">= 1.6.0"  # OpenTofu version

  required_providers {
    proxmox = {
      source  = "Telmate/proxmox"
      version = "~> 3.0"
    }
  }
}
Weekly Installs
3
Repository
poindexter12/waypoint
GitHub Stars
4
First Seen
Feb 26, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
Installed on
amp3
github-copilot3
codex3
kimi-cli3
gemini-cli3
cursor3