diff options
| author | Jakob Odersky <jakob@odersky.com> | 2018-12-05 18:33:19 -0800 |
|---|---|---|
| committer | Jakob Odersky <jakob@odersky.com> | 2018-12-05 18:57:46 -0800 |
| commit | 01ce7b420b5a50254aa0d6441e01847fda2f21f0 (patch) | |
| tree | 34531a60394cc0c79ca54d99b5cecf87f29e1851 | |
| parent | 9588e9366d3455f203e5482a41f712777595bb13 (diff) | |
| download | infra-01ce7b420b5a50254aa0d6441e01847fda2f21f0.tar.gz infra-01ce7b420b5a50254aa0d6441e01847fda2f21f0.tar.bz2 infra-01ce7b420b5a50254aa0d6441e01847fda2f21f0.zip | |
Move provisioning to separate module
| -rw-r--r-- | terraform/main.tf | 76 | ||||
| -rw-r--r-- | terraform/mount_and_provision/main.tf (renamed from terraform/mount_volume/main.tf) | 62 |
2 files changed, 89 insertions, 49 deletions
diff --git a/terraform/main.tf b/terraform/main.tf index e29cf6a..48b821e 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -40,8 +40,10 @@ resource "acme_certificate" "certificate" { common_name = "crashbox.io" subject_alternative_names = [ + "www.crashbox.io", "ip.crashbox.io", "git.crashbox.io", + "dl.crashbox.io", ] dns_challenge { @@ -67,51 +69,30 @@ resource "cloudflare_record" "record_caa" { type = "CAA" } -resource "random_id" "peter" { - prefix = "peter-" - byte_length = 2 -} - resource "hcloud_server" "peter" { - name = "${random_id.peter.hex}" + name = "peter" image = "debian-9" server_type = "cx11" location = "nbg1" ssh_keys = ["${hcloud_ssh_key.root.name}"] +} - provisioner "file" { - content = "${acme_certificate.certificate.private_key_pem}" - destination = "/etc/ssl/private/server.key.pem" - } - - provisioner "file" { - content = "${acme_certificate.certificate.certificate_pem}" - destination = "/etc/ssl/server.cert.pem" - } - - provisioner "file" { - content = "${acme_certificate.certificate.issuer_pem}" - destination = "/etc/ssl/issuer.cert.pem" - } - - provisioner "file" { - source = "./provision" - destination = "/usr/local/share/" - } - - provisioner "remote-exec" { - inline = [ - "chmod +x /usr/local/share/provision/provision", - "/usr/local/share/provision/provision --force", - ] - } +# volumes contain persistent storage and thus need to be initialized +# manually +data "hcloud_volume" "master" { + name = "master" } -module "peter_mount_volume" { - source = "./mount_volume" - volume_name = "master" - host = "${hcloud_server.peter.ipv4_address}" - server_id = "${hcloud_server.peter.id}" +# note that this module not idempotent: a second application requires +# destroying the server resource first +module "peter_provision" { + source = "./mount_and_provision" + host = "${hcloud_server.peter.ipv4_address}" + server_id = "${hcloud_server.peter.id}" + volume_id = "${data.hcloud_volume.master.id}" + tls_private_key = "${acme_certificate.certificate.private_key_pem}" + tls_certificate = "${acme_certificate.certificate.certificate_pem}" + tls_issuer_certificate = "${acme_certificate.certificate.issuer_pem}" } resource "cloudflare_record" "peter_a" { @@ -128,6 +109,13 @@ resource "cloudflare_record" "peter_aaaa" { type = "AAAA" } +resource "cloudflare_record" "record_www" { + domain = "crashbox.io" + name = "www" + value = "${cloudflare_record.peter_a.hostname}" + type = "CNAME" +} + resource "cloudflare_record" "record_ip" { domain = "crashbox.io" name = "ip" @@ -141,3 +129,17 @@ resource "cloudflare_record" "record_git" { value = "${cloudflare_record.peter_a.hostname}" type = "CNAME" } + +resource "cloudflare_record" "record_a" { + domain = "crashbox.io" + name = "@" + value = "${hcloud_server.peter.ipv4_address}" + type = "A" +} + +resource "cloudflare_record" "record_aaaa" { + domain = "crashbox.io" + name = "@" + value = "${hcloud_server.peter.ipv6_address}1" + type = "AAAA" +} diff --git a/terraform/mount_volume/main.tf b/terraform/mount_and_provision/main.tf index aed5324..e20c90e 100644 --- a/terraform/mount_volume/main.tf +++ b/terraform/mount_and_provision/main.tf @@ -1,8 +1,8 @@ -variable "volume_name" { +variable "host" { type = "string" } -variable "host" { +variable "volume_id" { type = "string" } @@ -10,20 +10,32 @@ variable "server_id" { type = "string" } +variable "tls_private_key" { + type = "string" +} + +variable "tls_certificate" { + type = "string" +} + +variable "tls_issuer_certificate" { + type = "string" +} + # volumes contain persistent storage and thus need to be initialized # manually -data "hcloud_volume" "master" { - name = "${var.volume_name}" +data "hcloud_volume" "volume" { + id = "${var.volume_id}" } -resource "hcloud_volume_attachment" "master_attachment" { - volume_id = "${data.hcloud_volume.master.id}" +resource "hcloud_volume_attachment" "volume_attachment" { + volume_id = "${data.hcloud_volume.volume.id}" server_id = "${var.server_id}" } resource "null_resource" "volume_mount" { triggers = { - attachement_id = "${hcloud_volume_attachment.master_attachment.id}" + attachement_id = "${hcloud_volume_attachment.volume_attachment.id}" } connection { @@ -40,7 +52,7 @@ resource "null_resource" "volume_mount" { Description=Mount /mnt/storage directory [Mount] -What=${data.hcloud_volume.master.linux_device} +What=${data.hcloud_volume.volume.linux_device} Where=/mnt/storage Type=ext4 Options=defaults @@ -95,10 +107,36 @@ EOF provisioner "remote-exec" { inline = [ "systemctl daemon-reload", - "systemctl enable mnt-storage.mount", - "systemctl enable srv.mount", - "systemctl enable home.mount", - "systemctl reboot", + "systemctl enable --now mnt-storage.mount", + "systemctl enable --now srv.mount", + "systemctl enable --now home.mount", + ] + } + + provisioner "file" { + content = "${var.tls_private_key}" + destination = "/etc/ssl/private/server.key.pem" + } + + provisioner "file" { + content = "${var.tls_certificate}" + destination = "/etc/ssl/server.cert.pem" + } + + provisioner "file" { + content = "${var.tls_issuer_certificate}" + destination = "/etc/ssl/issuer.cert.pem" + } + + provisioner "file" { + source = "./provision" + destination = "/usr/local/share/" + } + + provisioner "remote-exec" { + inline = [ + "chmod +x /usr/local/share/provision/provision", + "/usr/local/share/provision/provision --force", ] } } |