diff options
Diffstat (limited to 'terraform/role')
-rw-r--r-- | terraform/role/README.md | 4 | ||||
-rw-r--r-- | terraform/role/main.tf | 91 |
2 files changed, 0 insertions, 95 deletions
diff --git a/terraform/role/README.md b/terraform/role/README.md deleted file mode 100644 index 11e2e21..0000000 --- a/terraform/role/README.md +++ /dev/null @@ -1,4 +0,0 @@ -# Role-based configuration for standalone hosts. - -Applying a role to a host will install corresponding config packages -and create a role CNAME record to the host. diff --git a/terraform/role/main.tf b/terraform/role/main.tf deleted file mode 100644 index e85fd3b..0000000 --- a/terraform/role/main.tf +++ /dev/null @@ -1,91 +0,0 @@ -variable "host" { - type = "string" -} - -variable "id" { - type = "string" -} - -variable "roles" { - type = "list" -} - -variable "secret_cloudflare_token" { - type = "string" -} - -resource "tls_private_key" "private_key" { - algorithm = "RSA" -} - -resource "acme_registration" "reg" { - account_key_pem = "${tls_private_key.private_key.private_key_pem}" - email_address = "jakob@odersky.com" -} - -resource "acme_certificate" "certificate" { - account_key_pem = "${acme_registration.reg.account_key_pem}" - common_name = "${var.host}" - subject_alternative_names = "${formatlist("%s.crashbox.io", var.roles)}" - - dns_challenge { - provider = "cloudflare" - - config { - CLOUDFLARE_EMAIL = "jakob@odersky.com" - CLOUDFLARE_API_KEY = "${var.secret_cloudflare_token}" - } - } -} - -resource "cloudflare_record" "role_cname" { - count = "${length(var.roles)}" - - domain = "crashbox.io" - name = "${element(var.roles, count.index)}" - value = "${var.host}" - type = "CNAME" -} - -resource "null_resource" "role_config" { - triggers = { - host_id = "${var.id}" - config_packages = "${join(" ", sort(formatlist("crashbox-%s-config", var.roles)))}" - } - - connection { - host = "${var.host}" - } - - provisioner "file" { - content = "${acme_certificate.certificate.certificate_pem}" - destination = "/etc/ssl/server.cert.pem" - } - - provisioner "file" { - content = "${acme_certificate.certificate.issuer_pem}" - destination = "/etc/ssl/issuer.cert.pem" - } - - provisioner "file" { - content = "${acme_certificate.certificate.private_key_pem}" - destination = "/etc/ssl/private/server.key.pem" - } - - provisioner "file" { - source = "${path.root}/../packages/target/archive" - destination = "/usr/local/share/" - } - - provisioner "remote-exec" { - inline = [ - "echo deb [trusted=yes] file:/usr/local/share/archive ./ > /etc/apt/sources.list.d/local-archive.list", - "apt update --quiet=2", - "apt install --quiet=2 --yes ${null_resource.role_config.triggers.config_packages}", - ] - } -} - -output "roles" { - value = "${var.roles}" -} |