diff options
Diffstat (limited to 'terraform/role/main.tf')
-rw-r--r-- | terraform/role/main.tf | 91 |
1 files changed, 91 insertions, 0 deletions
diff --git a/terraform/role/main.tf b/terraform/role/main.tf new file mode 100644 index 0000000..e85fd3b --- /dev/null +++ b/terraform/role/main.tf @@ -0,0 +1,91 @@ +variable "host" { + type = "string" +} + +variable "id" { + type = "string" +} + +variable "roles" { + type = "list" +} + +variable "secret_cloudflare_token" { + type = "string" +} + +resource "tls_private_key" "private_key" { + algorithm = "RSA" +} + +resource "acme_registration" "reg" { + account_key_pem = "${tls_private_key.private_key.private_key_pem}" + email_address = "jakob@odersky.com" +} + +resource "acme_certificate" "certificate" { + account_key_pem = "${acme_registration.reg.account_key_pem}" + common_name = "${var.host}" + subject_alternative_names = "${formatlist("%s.crashbox.io", var.roles)}" + + dns_challenge { + provider = "cloudflare" + + config { + CLOUDFLARE_EMAIL = "jakob@odersky.com" + CLOUDFLARE_API_KEY = "${var.secret_cloudflare_token}" + } + } +} + +resource "cloudflare_record" "role_cname" { + count = "${length(var.roles)}" + + domain = "crashbox.io" + name = "${element(var.roles, count.index)}" + value = "${var.host}" + type = "CNAME" +} + +resource "null_resource" "role_config" { + triggers = { + host_id = "${var.id}" + config_packages = "${join(" ", sort(formatlist("crashbox-%s-config", var.roles)))}" + } + + connection { + host = "${var.host}" + } + + provisioner "file" { + content = "${acme_certificate.certificate.certificate_pem}" + destination = "/etc/ssl/server.cert.pem" + } + + provisioner "file" { + content = "${acme_certificate.certificate.issuer_pem}" + destination = "/etc/ssl/issuer.cert.pem" + } + + provisioner "file" { + content = "${acme_certificate.certificate.private_key_pem}" + destination = "/etc/ssl/private/server.key.pem" + } + + provisioner "file" { + source = "${path.root}/../packages/target/archive" + destination = "/usr/local/share/" + } + + provisioner "remote-exec" { + inline = [ + "echo deb [trusted=yes] file:/usr/local/share/archive ./ > /etc/apt/sources.list.d/local-archive.list", + "apt update --quiet=2", + "apt install --quiet=2 --yes ${null_resource.role_config.triggers.config_packages}", + ] + } +} + +output "roles" { + value = "${var.roles}" +} |