aboutsummaryrefslogtreecommitdiff
path: root/terraform/role
diff options
context:
space:
mode:
Diffstat (limited to 'terraform/role')
-rw-r--r--terraform/role/README.md4
-rw-r--r--terraform/role/main.tf91
2 files changed, 0 insertions, 95 deletions
diff --git a/terraform/role/README.md b/terraform/role/README.md
deleted file mode 100644
index 11e2e21..0000000
--- a/terraform/role/README.md
+++ /dev/null
@@ -1,4 +0,0 @@
-# Role-based configuration for standalone hosts.
-
-Applying a role to a host will install corresponding config packages
-and create a role CNAME record to the host.
diff --git a/terraform/role/main.tf b/terraform/role/main.tf
deleted file mode 100644
index e85fd3b..0000000
--- a/terraform/role/main.tf
+++ /dev/null
@@ -1,91 +0,0 @@
-variable "host" {
- type = "string"
-}
-
-variable "id" {
- type = "string"
-}
-
-variable "roles" {
- type = "list"
-}
-
-variable "secret_cloudflare_token" {
- type = "string"
-}
-
-resource "tls_private_key" "private_key" {
- algorithm = "RSA"
-}
-
-resource "acme_registration" "reg" {
- account_key_pem = "${tls_private_key.private_key.private_key_pem}"
- email_address = "jakob@odersky.com"
-}
-
-resource "acme_certificate" "certificate" {
- account_key_pem = "${acme_registration.reg.account_key_pem}"
- common_name = "${var.host}"
- subject_alternative_names = "${formatlist("%s.crashbox.io", var.roles)}"
-
- dns_challenge {
- provider = "cloudflare"
-
- config {
- CLOUDFLARE_EMAIL = "jakob@odersky.com"
- CLOUDFLARE_API_KEY = "${var.secret_cloudflare_token}"
- }
- }
-}
-
-resource "cloudflare_record" "role_cname" {
- count = "${length(var.roles)}"
-
- domain = "crashbox.io"
- name = "${element(var.roles, count.index)}"
- value = "${var.host}"
- type = "CNAME"
-}
-
-resource "null_resource" "role_config" {
- triggers = {
- host_id = "${var.id}"
- config_packages = "${join(" ", sort(formatlist("crashbox-%s-config", var.roles)))}"
- }
-
- connection {
- host = "${var.host}"
- }
-
- provisioner "file" {
- content = "${acme_certificate.certificate.certificate_pem}"
- destination = "/etc/ssl/server.cert.pem"
- }
-
- provisioner "file" {
- content = "${acme_certificate.certificate.issuer_pem}"
- destination = "/etc/ssl/issuer.cert.pem"
- }
-
- provisioner "file" {
- content = "${acme_certificate.certificate.private_key_pem}"
- destination = "/etc/ssl/private/server.key.pem"
- }
-
- provisioner "file" {
- source = "${path.root}/../packages/target/archive"
- destination = "/usr/local/share/"
- }
-
- provisioner "remote-exec" {
- inline = [
- "echo deb [trusted=yes] file:/usr/local/share/archive ./ > /etc/apt/sources.list.d/local-archive.list",
- "apt update --quiet=2",
- "apt install --quiet=2 --yes ${null_resource.role_config.triggers.config_packages}",
- ]
- }
-}
-
-output "roles" {
- value = "${var.roles}"
-}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-08 15:07:33 +0000