diff options
Diffstat (limited to 'terraform/main.tf')
-rw-r--r--[-rwxr-xr-x] | terraform/main.tf | 126 |
1 files changed, 109 insertions, 17 deletions
diff --git a/terraform/main.tf b/terraform/main.tf index b25598e..e29cf6a 100755..100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -16,36 +16,128 @@ provider "cloudflare" { } provider "acme" { - #server_url = "https://acme-staging-v02.api.letsencrypt.org/directory" server_url = "https://acme-v02.api.letsencrypt.org/directory" } -################################################################################ +############################################################ resource "hcloud_ssh_key" "root" { name = "root" - public_key = "${file("~/.ssh/id_rsa.pub")}" + public_key = "${file("root-ssh-key")}" } -module "vps" { - source = "./stdvps" - location = "nbg1" - ssh_key_name = "${hcloud_ssh_key.root.name}" +resource "tls_private_key" "private_key" { + algorithm = "RSA" +} + +resource "acme_registration" "registration" { + account_key_pem = "${tls_private_key.private_key.private_key_pem}" + email_address = "jakob@odersky.com" +} + +resource "acme_certificate" "certificate" { + account_key_pem = "${acme_registration.registration.account_key_pem}" + common_name = "crashbox.io" + + subject_alternative_names = [ + "ip.crashbox.io", + "git.crashbox.io", + ] + + dns_challenge { + provider = "cloudflare" + + config { + CLOUDFLARE_EMAIL = "jakob@odersky.com" + CLOUDFLARE_API_KEY = "${var.secret_cloudflare_token}" + } + } +} + +resource "cloudflare_record" "record_caa" { + domain = "crashbox.io" + name = "crashbox.io" + + data = { + flags = "0" + tag = "issue" + value = "letsencrypt.org" + } + + type = "CAA" +} + +resource "random_id" "peter" { + prefix = "peter-" + byte_length = 2 +} + +resource "hcloud_server" "peter" { + name = "${random_id.peter.hex}" + image = "debian-9" + server_type = "cx11" + location = "nbg1" + ssh_keys = ["${hcloud_ssh_key.root.name}"] + + provisioner "file" { + content = "${acme_certificate.certificate.private_key_pem}" + destination = "/etc/ssl/private/server.key.pem" + } + + provisioner "file" { + content = "${acme_certificate.certificate.certificate_pem}" + destination = "/etc/ssl/server.cert.pem" + } + + provisioner "file" { + content = "${acme_certificate.certificate.issuer_pem}" + destination = "/etc/ssl/issuer.cert.pem" + } + + provisioner "file" { + source = "./provision" + destination = "/usr/local/share/" + } + + provisioner "remote-exec" { + inline = [ + "chmod +x /usr/local/share/provision/provision", + "/usr/local/share/provision/provision --force", + ] + } +} + +module "peter_mount_volume" { + source = "./mount_volume" volume_name = "master" + host = "${hcloud_server.peter.ipv4_address}" + server_id = "${hcloud_server.peter.id}" +} + +resource "cloudflare_record" "peter_a" { + domain = "crashbox.io" + name = "${hcloud_server.peter.name}" + value = "${hcloud_server.peter.ipv4_address}" + type = "A" } -module "roles" { - source = "./role" - secret_cloudflare_token = "${var.secret_cloudflare_token}" - host = "${module.vps.fqdn}" - id = "${module.vps.id}" - roles = ["ip", "git"] +resource "cloudflare_record" "peter_aaaa" { + domain = "crashbox.io" + name = "${hcloud_server.peter.name}" + value = "${hcloud_server.peter.ipv6_address}1" + type = "AAAA" } -output "vps_address" { - value = "${module.vps.fqdn}" +resource "cloudflare_record" "record_ip" { + domain = "crashbox.io" + name = "ip" + value = "${cloudflare_record.peter_a.hostname}" + type = "CNAME" } -output "vps_roles" { - value = "${join(" ", module.roles.roles)}" +resource "cloudflare_record" "record_git" { + domain = "crashbox.io" + name = "git" + value = "${cloudflare_record.peter_a.hostname}" + type = "CNAME" } |