diff options
author | Jakob Odersky <jakob@odersky.com> | 2018-12-04 21:31:01 -0800 |
---|---|---|
committer | Jakob Odersky <jakob@odersky.com> | 2018-12-04 21:39:07 -0800 |
commit | 9588e9366d3455f203e5482a41f712777595bb13 (patch) | |
tree | 272aeababb1b68f477301d67198a82c80d044c01 /terraform/role | |
parent | db27247dd7d7209ab93419eb33d2ecb21e74c1ec (diff) | |
download | infra-9588e9366d3455f203e5482a41f712777595bb13.tar.gz infra-9588e9366d3455f203e5482a41f712777595bb13.tar.bz2 infra-9588e9366d3455f203e5482a41f712777595bb13.zip |
Simplify terraform and provisioning scripts. Move away from config packages.
Diffstat (limited to 'terraform/role')
-rw-r--r-- | terraform/role/README.md | 4 | ||||
-rw-r--r-- | terraform/role/main.tf | 91 |
2 files changed, 0 insertions, 95 deletions
diff --git a/terraform/role/README.md b/terraform/role/README.md deleted file mode 100644 index 11e2e21..0000000 --- a/terraform/role/README.md +++ /dev/null @@ -1,4 +0,0 @@ -# Role-based configuration for standalone hosts. - -Applying a role to a host will install corresponding config packages -and create a role CNAME record to the host. diff --git a/terraform/role/main.tf b/terraform/role/main.tf deleted file mode 100644 index e85fd3b..0000000 --- a/terraform/role/main.tf +++ /dev/null @@ -1,91 +0,0 @@ -variable "host" { - type = "string" -} - -variable "id" { - type = "string" -} - -variable "roles" { - type = "list" -} - -variable "secret_cloudflare_token" { - type = "string" -} - -resource "tls_private_key" "private_key" { - algorithm = "RSA" -} - -resource "acme_registration" "reg" { - account_key_pem = "${tls_private_key.private_key.private_key_pem}" - email_address = "jakob@odersky.com" -} - -resource "acme_certificate" "certificate" { - account_key_pem = "${acme_registration.reg.account_key_pem}" - common_name = "${var.host}" - subject_alternative_names = "${formatlist("%s.crashbox.io", var.roles)}" - - dns_challenge { - provider = "cloudflare" - - config { - CLOUDFLARE_EMAIL = "jakob@odersky.com" - CLOUDFLARE_API_KEY = "${var.secret_cloudflare_token}" - } - } -} - -resource "cloudflare_record" "role_cname" { - count = "${length(var.roles)}" - - domain = "crashbox.io" - name = "${element(var.roles, count.index)}" - value = "${var.host}" - type = "CNAME" -} - -resource "null_resource" "role_config" { - triggers = { - host_id = "${var.id}" - config_packages = "${join(" ", sort(formatlist("crashbox-%s-config", var.roles)))}" - } - - connection { - host = "${var.host}" - } - - provisioner "file" { - content = "${acme_certificate.certificate.certificate_pem}" - destination = "/etc/ssl/server.cert.pem" - } - - provisioner "file" { - content = "${acme_certificate.certificate.issuer_pem}" - destination = "/etc/ssl/issuer.cert.pem" - } - - provisioner "file" { - content = "${acme_certificate.certificate.private_key_pem}" - destination = "/etc/ssl/private/server.key.pem" - } - - provisioner "file" { - source = "${path.root}/../packages/target/archive" - destination = "/usr/local/share/" - } - - provisioner "remote-exec" { - inline = [ - "echo deb [trusted=yes] file:/usr/local/share/archive ./ > /etc/apt/sources.list.d/local-archive.list", - "apt update --quiet=2", - "apt install --quiet=2 --yes ${null_resource.role_config.triggers.config_packages}", - ] - } -} - -output "roles" { - value = "${var.roles}" -} |