From 01ce7b420b5a50254aa0d6441e01847fda2f21f0 Mon Sep 17 00:00:00 2001
From: Jakob Odersky <jakob@odersky.com>
Date: Wed, 5 Dec 2018 18:33:19 -0800
Subject: Move provisioning to separate module

---
 terraform/main.tf                     |  76 +++++++++---------
 terraform/mount_and_provision/main.tf | 142 ++++++++++++++++++++++++++++++++++
 terraform/mount_volume/main.tf        | 104 -------------------------
 3 files changed, 181 insertions(+), 141 deletions(-)
 create mode 100644 terraform/mount_and_provision/main.tf
 delete mode 100644 terraform/mount_volume/main.tf

diff --git a/terraform/main.tf b/terraform/main.tf
index e29cf6a..48b821e 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -40,8 +40,10 @@ resource "acme_certificate" "certificate" {
   common_name     = "crashbox.io"
 
   subject_alternative_names = [
+    "www.crashbox.io",
     "ip.crashbox.io",
     "git.crashbox.io",
+    "dl.crashbox.io",
   ]
 
   dns_challenge {
@@ -67,51 +69,30 @@ resource "cloudflare_record" "record_caa" {
   type = "CAA"
 }
 
-resource "random_id" "peter" {
-  prefix      = "peter-"
-  byte_length = 2
-}
-
 resource "hcloud_server" "peter" {
-  name        = "${random_id.peter.hex}"
+  name        = "peter"
   image       = "debian-9"
   server_type = "cx11"
   location    = "nbg1"
   ssh_keys    = ["${hcloud_ssh_key.root.name}"]
+}
 
-  provisioner "file" {
-    content     = "${acme_certificate.certificate.private_key_pem}"
-    destination = "/etc/ssl/private/server.key.pem"
-  }
-
-  provisioner "file" {
-    content     = "${acme_certificate.certificate.certificate_pem}"
-    destination = "/etc/ssl/server.cert.pem"
-  }
-
-  provisioner "file" {
-    content     = "${acme_certificate.certificate.issuer_pem}"
-    destination = "/etc/ssl/issuer.cert.pem"
-  }
-
-  provisioner "file" {
-    source      = "./provision"
-    destination = "/usr/local/share/"
-  }
-
-  provisioner "remote-exec" {
-    inline = [
-      "chmod +x /usr/local/share/provision/provision",
-      "/usr/local/share/provision/provision --force",
-    ]
-  }
+# volumes contain persistent storage and thus need to be initialized
+# manually
+data "hcloud_volume" "master" {
+  name = "master"
 }
 
-module "peter_mount_volume" {
-  source      = "./mount_volume"
-  volume_name = "master"
-  host        = "${hcloud_server.peter.ipv4_address}"
-  server_id   = "${hcloud_server.peter.id}"
+# note that this module not idempotent: a second application requires
+# destroying the server resource first
+module "peter_provision" {
+  source                 = "./mount_and_provision"
+  host                   = "${hcloud_server.peter.ipv4_address}"
+  server_id              = "${hcloud_server.peter.id}"
+  volume_id              = "${data.hcloud_volume.master.id}"
+  tls_private_key        = "${acme_certificate.certificate.private_key_pem}"
+  tls_certificate        = "${acme_certificate.certificate.certificate_pem}"
+  tls_issuer_certificate = "${acme_certificate.certificate.issuer_pem}"
 }
 
 resource "cloudflare_record" "peter_a" {
@@ -128,6 +109,13 @@ resource "cloudflare_record" "peter_aaaa" {
   type   = "AAAA"
 }
 
+resource "cloudflare_record" "record_www" {
+  domain = "crashbox.io"
+  name   = "www"
+  value  = "${cloudflare_record.peter_a.hostname}"
+  type   = "CNAME"
+}
+
 resource "cloudflare_record" "record_ip" {
   domain = "crashbox.io"
   name   = "ip"
@@ -141,3 +129,17 @@ resource "cloudflare_record" "record_git" {
   value  = "${cloudflare_record.peter_a.hostname}"
   type   = "CNAME"
 }
+
+resource "cloudflare_record" "record_a" {
+  domain = "crashbox.io"
+  name   = "@"
+  value  = "${hcloud_server.peter.ipv4_address}"
+  type   = "A"
+}
+
+resource "cloudflare_record" "record_aaaa" {
+  domain = "crashbox.io"
+  name   = "@"
+  value  = "${hcloud_server.peter.ipv6_address}1"
+  type   = "AAAA"
+}
diff --git a/terraform/mount_and_provision/main.tf b/terraform/mount_and_provision/main.tf
new file mode 100644
index 0000000..e20c90e
--- /dev/null
+++ b/terraform/mount_and_provision/main.tf
@@ -0,0 +1,142 @@
+variable "host" {
+  type = "string"
+}
+
+variable "volume_id" {
+  type = "string"
+}
+
+variable "server_id" {
+  type = "string"
+}
+
+variable "tls_private_key" {
+  type = "string"
+}
+
+variable "tls_certificate" {
+  type = "string"
+}
+
+variable "tls_issuer_certificate" {
+  type = "string"
+}
+
+# volumes contain persistent storage and thus need to be initialized
+# manually
+data "hcloud_volume" "volume" {
+  id = "${var.volume_id}"
+}
+
+resource "hcloud_volume_attachment" "volume_attachment" {
+  volume_id = "${data.hcloud_volume.volume.id}"
+  server_id = "${var.server_id}"
+}
+
+resource "null_resource" "volume_mount" {
+  triggers = {
+    attachement_id = "${hcloud_volume_attachment.volume_attachment.id}"
+  }
+
+  connection {
+    host = "${var.host}"
+  }
+
+  provisioner "remote-exec" {
+    inline = ["mkdir -p /mnt/storage"]
+  }
+
+  provisioner "file" {
+    content = <<EOF
+[Unit]
+Description=Mount /mnt/storage directory
+
+[Mount]
+What=${data.hcloud_volume.volume.linux_device}
+Where=/mnt/storage
+Type=ext4
+Options=defaults
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+    destination = "/etc/systemd/system/mnt-storage.mount"
+  }
+
+  provisioner "file" {
+    content = <<EOF
+[Unit]
+Description=Mount /srv to persistent volume storage
+After=mnt-storage.mount
+BindsTo=mnt-storage.mount
+
+[Mount]
+What=/mnt/storage/srv
+Where=/srv
+Type=ext4
+Options=bind
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+    destination = "/etc/systemd/system/srv.mount"
+  }
+
+  provisioner "file" {
+    content = <<EOF
+[Unit]
+Description=Mount /home to persistent volume storage
+After=mnt-storage.mount
+BindsTo=mnt-storage.mount
+
+[Mount]
+What=/mnt/storage/home
+Where=/home
+Type=ext4
+Options=bind
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+    destination = "/etc/systemd/system/home.mount"
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "systemctl daemon-reload",
+      "systemctl enable --now mnt-storage.mount",
+      "systemctl enable --now srv.mount",
+      "systemctl enable --now home.mount",
+    ]
+  }
+
+  provisioner "file" {
+    content     = "${var.tls_private_key}"
+    destination = "/etc/ssl/private/server.key.pem"
+  }
+
+  provisioner "file" {
+    content     = "${var.tls_certificate}"
+    destination = "/etc/ssl/server.cert.pem"
+  }
+
+  provisioner "file" {
+    content     = "${var.tls_issuer_certificate}"
+    destination = "/etc/ssl/issuer.cert.pem"
+  }
+
+  provisioner "file" {
+    source      = "./provision"
+    destination = "/usr/local/share/"
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "chmod +x /usr/local/share/provision/provision",
+      "/usr/local/share/provision/provision --force",
+    ]
+  }
+}
diff --git a/terraform/mount_volume/main.tf b/terraform/mount_volume/main.tf
deleted file mode 100644
index aed5324..0000000
--- a/terraform/mount_volume/main.tf
+++ /dev/null
@@ -1,104 +0,0 @@
-variable "volume_name" {
-  type = "string"
-}
-
-variable "host" {
-  type = "string"
-}
-
-variable "server_id" {
-  type = "string"
-}
-
-# volumes contain persistent storage and thus need to be initialized
-# manually
-data "hcloud_volume" "master" {
-  name = "${var.volume_name}"
-}
-
-resource "hcloud_volume_attachment" "master_attachment" {
-  volume_id = "${data.hcloud_volume.master.id}"
-  server_id = "${var.server_id}"
-}
-
-resource "null_resource" "volume_mount" {
-  triggers = {
-    attachement_id = "${hcloud_volume_attachment.master_attachment.id}"
-  }
-
-  connection {
-    host = "${var.host}"
-  }
-
-  provisioner "remote-exec" {
-    inline = ["mkdir -p /mnt/storage"]
-  }
-
-  provisioner "file" {
-    content = <<EOF
-[Unit]
-Description=Mount /mnt/storage directory
-
-[Mount]
-What=${data.hcloud_volume.master.linux_device}
-Where=/mnt/storage
-Type=ext4
-Options=defaults
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
-    destination = "/etc/systemd/system/mnt-storage.mount"
-  }
-
-  provisioner "file" {
-    content = <<EOF
-[Unit]
-Description=Mount /srv to persistent volume storage
-After=mnt-storage.mount
-BindsTo=mnt-storage.mount
-
-[Mount]
-What=/mnt/storage/srv
-Where=/srv
-Type=ext4
-Options=bind
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
-    destination = "/etc/systemd/system/srv.mount"
-  }
-
-  provisioner "file" {
-    content = <<EOF
-[Unit]
-Description=Mount /home to persistent volume storage
-After=mnt-storage.mount
-BindsTo=mnt-storage.mount
-
-[Mount]
-What=/mnt/storage/home
-Where=/home
-Type=ext4
-Options=bind
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
-    destination = "/etc/systemd/system/home.mount"
-  }
-
-  provisioner "remote-exec" {
-    inline = [
-      "systemctl daemon-reload",
-      "systemctl enable mnt-storage.mount",
-      "systemctl enable srv.mount",
-      "systemctl enable home.mount",
-      "systemctl reboot",
-    ]
-  }
-}
-- 
cgit v1.2.3