diff options
| author | Trygve Laugstøl <trygvis@inamo.no> | 2021-01-07 23:38:01 +0100 |
|---|---|---|
| committer | Trygve Laugstøl <trygvis@inamo.no> | 2021-01-07 23:38:01 +0100 |
| commit | 3d25f7059f518dd8c857dd5e45552ba3ab733aa6 (patch) | |
| tree | e7bbd7f2c6c7cfe41398335da0ab51807b54931c /acme | |
| parent | 70d0ad3c9f37e44a9504a0d7f66e412a3f3bba6f (diff) | |
| download | rules-sandbox-3d25f7059f518dd8c857dd5e45552ba3ab733aa6.tar.gz rules-sandbox-3d25f7059f518dd8c857dd5e45552ba3ab733aa6.tar.bz2 rules-sandbox-3d25f7059f518dd8c857dd5e45552ba3ab733aa6.tar.xz rules-sandbox-3d25f7059f518dd8c857dd5e45552ba3ab733aa6.zip | |
Working terraform setup.
Diffstat (limited to 'acme')
| -rw-r--r-- | acme/.gitignore | 9 | ||||
| -rw-r--r-- | acme/.settings.sh | 9 | ||||
| -rw-r--r-- | acme/Makefile | 41 | ||||
| -rw-r--r-- | acme/ansible.cfg | 8 | ||||
| -rw-r--r-- | acme/main.tf | 60 |
5 files changed, 127 insertions, 0 deletions
diff --git a/acme/.gitignore b/acme/.gitignore new file mode 100644 index 0000000..a01565a --- /dev/null +++ b/acme/.gitignore @@ -0,0 +1,9 @@ +.terraform* +terraform.d +*.tfstate +*.tfstate.backup +plan + +.vault-password* +*.dot +*.png diff --git a/acme/.settings.sh b/acme/.settings.sh new file mode 100644 index 0000000..7bd49fb --- /dev/null +++ b/acme/.settings.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +basedir=$(dirname "$_") +basedir=$(cd "$basedir" && pwd) + +#echo "Adding tools/ to path" +#PATH="$basedir/tools:$PATH" + +alias terraform="TF_VAR_ansible_vault_pass=\$($(pwd)/.vault-password) $(pwd)/.terraform/bin/terraform" diff --git a/acme/Makefile b/acme/Makefile new file mode 100644 index 0000000..39d54a6 --- /dev/null +++ b/acme/Makefile @@ -0,0 +1,41 @@ +terraform_version=0.14.4 +terraform_url=https://releases.hashicorp.com/terraform/$(terraform_version)/terraform_$(terraform_version)_linux_amd64.zip +terraform_unzip=.terraform/unzip/$(terraform_version)/ +terraform_zip=.terraform/zip/terraform_$(terraform_version)_linux_amd64.zip +terraform_bin=.terraform/bin/terraform + +ansiblevault_version=2.0.1 +ansiblevault_url=https://github.com/MeilleursAgents/terraform-provider-ansiblevault/releases/download/v$(ansiblevault_version)/terraform-provider-ansiblevault_linux_amd64_v$(ansiblevault_version) +ansiblevault_path=terraform.d/plugins/linux_amd64/terraform-provider-ansiblevault_v$(ansiblevault_version)_x4 + +all: $(terraform_bin) $(ansiblevault_path) setup + +$(terraform_bin): $(terraform_zip) + rm -rf $(dir $(terraform_unzip)) + mkdir -p $(terraform_unzip) + mkdir -p $(dir $(terraform_bin)) + unzip $(terraform_zip) -d $(terraform_unzip) + ln -sf $(PWD)/$(terraform_unzip)/terraform $(terraform_bin) + touch $(PWD)/$(terraform_unzip)/terraform + +$(terraform_zip): + mkdir -p $(dir $@) + curl -L -o "$@" $(terraform_url) + +$(ansiblevault_path): terraform.d + mkdir -p $(dir $@) + curl -L -o "$@" $(ansiblevault_url) + chmod +x $(@) + +terraform.d: + mkdir $@ + +MAIN=$(patsubst %/main.tf,%,$(wildcard */main.tf)) +setup: $(patsubst %,%/terraform.d,$(MAIN)) +.PHONY: setup + +%/terraform.d: terraform.d + ln -s ../terraform.d $@ + +.terraform/plugins/linux_amd64: + mkdir -p $@ diff --git a/acme/ansible.cfg b/acme/ansible.cfg new file mode 100644 index 0000000..1790523 --- /dev/null +++ b/acme/ansible.cfg @@ -0,0 +1,8 @@ +[defaults] +become_method = sudo +inventory = inventory.yml +nocows = True +stdout_callback = debug +vault_password_file = .vault-password +roles_path = roles +retry_files_enabled = False diff --git a/acme/main.tf b/acme/main.tf new file mode 100644 index 0000000..c7b91b2 --- /dev/null +++ b/acme/main.tf @@ -0,0 +1,60 @@ +terraform { + required_providers { + scaleway = { + source = "scaleway/scaleway" + version = "1.17.2" + } + + ansiblevault = { + source = "MeilleursAgents/ansiblevault" + version = "2.2.0" + } + } +} + +variable "ansible_vault_pass" { + type = string +} + +provider "ansiblevault" { + # vault_path = ".vault-password" + vault_pass = var.ansible_vault_pass + root_folder = "." +} + +data "ansiblevault_path" "scaleway_access_key" { + path = "vault/scaleway.yml" + key = "scaleway_access_key" +} +data "ansiblevault_path" "scaleway_secret_key" { + path = "vault/scaleway.yml" + key = "scaleway_secret_key" +} +data "ansiblevault_path" "scaleway_organization" { + path = "vault/scaleway.yml" + key = "scaleway_organization" +} + +provider "scaleway" { + region = "fr-par" + zone = "fr-par-1" + access_key = data.ansiblevault_path.scaleway_access_key.value + secret_key = data.ansiblevault_path.scaleway_secret_key.value + organization_id = data.ansiblevault_path.scaleway_organization.value +} + +# This can also be generated from input objects, but it might be reused between different modules so some control +# over if/when it is generated is required. +resource "google_dns_managed_zone" "acme" { + name = "acme" + dns_name = "machine.acme.com." +} + +module "acme-apps" { + source = "../acme-apps/terraform" + providers = { + scaleway = scaleway + } + + acme_zone = google_dns_managed_zone.acme.name +} |