1 files changed, 39 insertions, 37 deletions

diff --git a/terraform/main.tf b/terraform/main.tf
index e29cf6a..48b821e 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -40,8 +40,10 @@ resource "acme_certificate" "certificate" {
   common_name     = "crashbox.io"
 
   subject_alternative_names = [
+    "www.crashbox.io",
     "ip.crashbox.io",
     "git.crashbox.io",
+    "dl.crashbox.io",
   ]
 
   dns_challenge {
@@ -67,51 +69,30 @@ resource "cloudflare_record" "record_caa" {
   type = "CAA"
 }
 
-resource "random_id" "peter" {
-  prefix      = "peter-"
-  byte_length = 2
-}
-
 resource "hcloud_server" "peter" {
-  name        = "${random_id.peter.hex}"
+  name        = "peter"
   image       = "debian-9"
   server_type = "cx11"
   location    = "nbg1"
   ssh_keys    = ["${hcloud_ssh_key.root.name}"]
+}
 
-  provisioner "file" {
-    content     = "${acme_certificate.certificate.private_key_pem}"
-    destination = "/etc/ssl/private/server.key.pem"
-  }
-
-  provisioner "file" {
-    content     = "${acme_certificate.certificate.certificate_pem}"
-    destination = "/etc/ssl/server.cert.pem"
-  }
-
-  provisioner "file" {
-    content     = "${acme_certificate.certificate.issuer_pem}"
-    destination = "/etc/ssl/issuer.cert.pem"
-  }
-
-  provisioner "file" {
-    source      = "./provision"
-    destination = "/usr/local/share/"
-  }
-
-  provisioner "remote-exec" {
-    inline = [
-      "chmod +x /usr/local/share/provision/provision",
-      "/usr/local/share/provision/provision --force",
-    ]
-  }
+# volumes contain persistent storage and thus need to be initialized
+# manually
+data "hcloud_volume" "master" {
+  name = "master"
 }
 
-module "peter_mount_volume" {
-  source      = "./mount_volume"
-  volume_name = "master"
-  host        = "${hcloud_server.peter.ipv4_address}"
-  server_id   = "${hcloud_server.peter.id}"
+# note that this module not idempotent: a second application requires
+# destroying the server resource first
+module "peter_provision" {
+  source                 = "./mount_and_provision"
+  host                   = "${hcloud_server.peter.ipv4_address}"
+  server_id              = "${hcloud_server.peter.id}"
+  volume_id              = "${data.hcloud_volume.master.id}"
+  tls_private_key        = "${acme_certificate.certificate.private_key_pem}"
+  tls_certificate        = "${acme_certificate.certificate.certificate_pem}"
+  tls_issuer_certificate = "${acme_certificate.certificate.issuer_pem}"
 }
 
 resource "cloudflare_record" "peter_a" {
@@ -128,6 +109,13 @@ resource "cloudflare_record" "peter_aaaa" {
   type   = "AAAA"
 }
 
+resource "cloudflare_record" "record_www" {
+  domain = "crashbox.io"
+  name   = "www"
+  value  = "${cloudflare_record.peter_a.hostname}"
+  type   = "CNAME"
+}
+
 resource "cloudflare_record" "record_ip" {
   domain = "crashbox.io"
   name   = "ip"
@@ -141,3 +129,17 @@ resource "cloudflare_record" "record_git" {
   value  = "${cloudflare_record.peter_a.hostname}"
   type   = "CNAME"
 }
+
+resource "cloudflare_record" "record_a" {
+  domain = "crashbox.io"
+  name   = "@"
+  value  = "${hcloud_server.peter.ipv4_address}"
+  type   = "A"
+}
+
+resource "cloudflare_record" "record_aaaa" {
+  domain = "crashbox.io"
+  name   = "@"
+  value  = "${hcloud_server.peter.ipv6_address}1"
+  type   = "AAAA"
+}