terraform/concourse

3 files changed, 182 insertions, 0 deletions

diff --git a/terraform/concourse/.terraform.lock.hcl b/terraform/concourse/.terraform.lock.hcl
new file mode 100644
index 0000000..2095e00
--- /dev/null
+++ b/terraform/concourse/.terraform.lock.hcl
@@ -0,0 +1,87 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/cyrilgdn/postgresql" {
+  version     = "1.18.0"
+  constraints = "1.18.0"
+  hashes = [
+    "h1:Nf26liFILUZXPh1P2B8T3qtq2Tc7objtm0sBSt0lhh0=",
+    "zh:251b609167ce25e974607c0c7dd3f90cfc45980c9068364f896e26c31416d96c",
+    "zh:317980d14a6a171f118bb522ffd02046e508d98100073f97671aeb2adae30d79",
+    "zh:3622c6414e91f8ccceed94ddf12062a22c14de4fac73c6142b009ae791ca7cd4",
+    "zh:36be2b338c230b0ab0c7b4c55049dba9bd8d705973c2cceaf3e293d41f520db5",
+    "zh:4332e83b91f60c43679ff9660c8ef4ebe251e05926a4d20dc64db1bfbabc8670",
+    "zh:444835840c917aff17f49f9f7b4ae542d5bd9f2ec306b581d1931b00380213bd",
+    "zh:5174bd85ea94ed4a6cef6c02bc27498f47ac21841fcab7487ab19d8513c97e54",
+    "zh:61c6eb6b2bf18cdc0734c101854e25990ba24a16580c6bbc599a0b00f72be397",
+    "zh:b40bbc61a4e522b22ebd57f01a518370a97cd6945e4bdd2955e5f887c88ee3f6",
+    "zh:d7aeb158c884f6590d6033cd44d5e9438f648bcb5ca3bd54573847c287845b00",
+    "zh:da3bee1282f6b48572d15f7a693113931afb306b98e29c09c9a054bdc3d6df44",
+    "zh:ec864a068eeab48899d99405f5606379478df8e48c005844d63a5360c23d5e15",
+    "zh:fda709d1cabde236b79c98c9abb80f2c1591fdea751afadc546073056be6e6ba",
+    "zh:ff08607ab25d1c5b55c3794b67a4ee2c9ac5023962c196ce587df34f0e201ca6",
+  ]
+}
+
+provider "registry.terraform.io/kreuzwerker/docker" {
+  version     = "2.23.1"
+  constraints = "2.23.1"
+  hashes = [
+    "h1:0B1y4P21+k4/3KkVkDRjkmaQ2HYWnCD8EUMBCaoaudA=",
+    "zh:075f591d3ef708cbdb94f31685c332b15622dd0d6a4eff7c36a49c43fe138523",
+    "zh:1952a1d90541ba27e72441d876d7b8c8bdbbaf14cc80685db9940112f2075eb5",
+    "zh:1d050255ac61132e24d7b653bed14b152ad99f4a6ad3bd346694baded4f3eee8",
+    "zh:2fc77142ea2bcabc7dba00bd6e13a88f18987b56e030f1527ed9d3b8f8228179",
+    "zh:3acaa72c112a3fdbeb1463a39049d9ac543db38f1be0ac58b00ef3625e3fdd3a",
+    "zh:46f462e35cd7cc33df9c256a3b47101dd64435c49127f0b9c0731315c19f3a88",
+    "zh:4c647a12a68b6b3ebef2a0d3a36aad2abdab8662ab3fa1ed4965ef7440c529eb",
+    "zh:6440a7989917d538478875e80c682a973b7addf2b7931b4dfd0b15490b05e714",
+    "zh:84c587d6a935fb1b25044e920101b2bee76caa892259076d9eceb241b94271f4",
+    "zh:8960ae0fde31e4c0db97bb60424de79acf6863d49853e8e1426c6bae7fc7d5b6",
+    "zh:9e053699151cbff9e12df11f10d272b24d19eba52760f16ecbc9ba8f36ef086b",
+    "zh:b5261fd530cc531d69a54427a5563834e54f146f93876e9d19d4e8f0681f724e",
+    "zh:edbbf0931b4c82b8cd52cc99f717d5b745ed29fd563f96d9c526c66547ce2af2",
+    "zh:f6238eee53124aae4896a57e92c6ad7ce35adb946662e864abf3c8cc154e3498",
+  ]
+}
+
+provider "registry.terraform.io/linode/linode" {
+  version     = "1.29.4"
+  constraints = "1.29.4"
+  hashes = [
+    "h1:M6/1OYoR8fb/4cMCILgQMGyHypEf3plTzxyivTu3jxo=",
+    "zh:06ccda35d968429a1184aaf981c8104394fa1d719de86b718c56d93c27c1fcd6",
+    "zh:1fb2497917094e77bde90fe6ee781e20cee739142b891391480c1b3376d81dbb",
+    "zh:27960e9c07e995aad07a9c5ebfd7fe0304fffd4cb159fd215e82932b798c6d55",
+    "zh:4ed29807c423c77aab1338972aa1ec3cc16c6b14f4c25c86f4427e8a86bfc467",
+    "zh:7a39103dc0dc8538f5258d3b64db1e6c91335640763bd05da0478e99748a4949",
+    "zh:95b3e418e6fcb4b826be9b289a834f1b9893977bd330ac418e0285e56a4644c1",
+    "zh:ac69c992a5cbaaa6ed9bb65206309ab2c71b5eb17740b7a5295532f9840c67fd",
+    "zh:ae943e8975075cd9664f00a028838566fdf879c772e518b7adcc82e757916a67",
+    "zh:b3a85a52489bc3777b5e8c4428b8ea42ae8e0f2398077699c1eb99acea931a34",
+    "zh:c1a2e945f5691ed97b9cf01351dd3a99c2f9871f172bd71ba0c8a810c75740cd",
+    "zh:ce86a03d73ee3d2ed58c6fe853cd2a9d0974710d94a0aeb4c195a9d1e78a3481",
+    "zh:d34afbbf848d8b541a068d64fa04ace13c3bd37ad19fd8b0796662f553ca9652",
+    "zh:e13b4847098d295cd8216eeec55d940cfc4544672fdc89e0048dd067e69b63f8",
+    "zh:fc62e9f8fc5d37d28aba2077db10355839cae6d7770eaf8711f97877bac046ab",
+  ]
+}
+
+provider "registry.terraform.io/meilleursagents/ansiblevault" {
+  version     = "2.2.0"
+  constraints = "2.2.0"
+  hashes = [
+    "h1:BdAWPYZ+cwkGuc9Hy0zZfyvbRL9f3naXpcUaOnoZee8=",
+    "zh:06faf88f2a6f2e9aabadb0d50565f4804636039042d37984463f0ca647f52189",
+    "zh:15053cceec8b24d9b62598e9e6860607603c2ecc7871705720a0753ef297d79f",
+    "zh:525f261f35d58151b4c51301cc1ae98a592c9b3400449361a91f2d84c467e2ac",
+    "zh:8bfe3b2c2b975792987d0642e8525efbf436ae08b1cebb1fa266b8954cb1915e",
+    "zh:93a943b494b0f70ef644334bf7646bf203ca087873385ab8ff89d406b9448771",
+    "zh:c651248189d297321a48feb775907de0ba2b9a100cb35f7364357b0af0e55931",
+    "zh:ccbee95f3c264c663fcddac8c8c921ec9f4fde95f15196838a73a9bf215a4020",
+    "zh:d3226f7b3a3013fceeef3392f54708b976daa0f43767bc24ff8c420c8a48a1a9",
+    "zh:f236d34596a51f64163eb5d13c3bcea4e10023f7e65f777b7267c463c427aad2",
+    "zh:f79f848b9c4b67879c2c25f2ef5b654eaafcfd7568f442eea2566bb580519c4f",
+    "zh:fbe2363c1c6a32df6443e650b53b5004a4d6f9431d23935ed98c500bed1552bd",
+  ]
+}
diff --git a/terraform/concourse/concourse.tf b/terraform/concourse/concourse.tf
new file mode 100644
index 0000000..c191196
--- /dev/null
+++ b/terraform/concourse/concourse.tf
@@ -0,0 +1,51 @@
+resource "docker_image" "concourse" {
+  name = "concourse/concourse:7.8.3"
+}
+
+resource "docker_container" "concourse" {
+  image      = docker_image.concourse.image_id
+  name       = "concourse"
+  privileged = true
+  must_run   = false
+
+  command = ["quickstart"]
+
+  networks_advanced {
+    name = data.docker_network.traefik.name
+  }
+
+  ports {
+    internal = 8080
+    external = 8080
+    ip = "192.168.10.147"
+  }
+
+  env = [
+    "CONCOURSE_POSTGRES_HOST=knot.vpn.trygvis.io",
+    "CONCOURSE_POSTGRES_USER=concourse",
+    "CONCOURSE_POSTGRES_PASSWORD=concourse",
+    "CONCOURSE_POSTGRES_DATABASE=concourse",
+    "CONCOURSE_POSTGRES_PORT=5432",
+    "CONCOURSE_POSTGRES_SSLMODE=require",
+    "CONCOURSE_EXTERNAL_URL=https://concourse.trygvis.io",
+    "CONCOURSE_WORKER_BAGGAGECLAIM_DRIVER=overlay",
+    "CONCOURSE_CLIENT_SECRET=Y29uY291cnNlLXdlYgo=",
+    "CONCOURSE_TSA_CLIENT_SECRET=Y29uY291cnNlLXdvcmtlcgo=",
+    "CONCOURSE_X_FRAME_OPTIONS=allow",
+    "CONCOURSE_CONTENT_SECURITY_POLICY=*",
+    "CONCOURSE_CLUSTER_NAME=tutorial",
+    "CONCOURSE_WORKER_CONTAINERD_DNS_SERVER=8.8.8.8",
+    "CONCOURSE_WORKER_RUNTIME=containerd",
+    "CONCOURSE_ENABLE_ACROSS_STEP=true",
+
+    "CONCOURSE_ADD_LOCAL_USER=trygvis:trygvis",
+    "CONCOURSE_MAIN_TEAM_LOCAL_USER=trygvis",
+
+#    "CONCOURSE_MAIN_TEAM_GITHUB_ORG=org-name",
+#    "CONCOURSE_MAIN_TEAM_GITHUB_TEAM=bitraf:Drift",
+#    "CONCOURSE_MAIN_TEAM_GITHUB_USER=some-user",
+
+#    "CONCOURSE_GITHUB_CLIENT_ID=${data.ansiblevault_path.github_client_id.value}",
+#    "CONCOURSE_GITHUB_CLIENT_SECRET=${data.ansiblevault_path.github_client_secret.value}",
+  ]
+}
diff --git a/terraform/concourse/main.tf b/terraform/concourse/main.tf
new file mode 100644
index 0000000..fc4b088
--- /dev/null
+++ b/terraform/concourse/main.tf
@@ -0,0 +1,44 @@
+terraform {
+  required_version = "~> 1.3.5"
+
+  backend "s3" {
+    bucket                      = "terraform-a6726272-73ff-11ed-8bdd-c79eb8376e05"
+    key                         = "concourse/terraform.tfstate"
+    region                      = "eu-central-1"
+    skip_region_validation      = true
+    skip_credentials_validation = true
+    skip_metadata_api_check     = true
+    endpoint                    = "eu-central-1.linodeobjects.com"
+  }
+
+  required_providers {
+    ansiblevault = {
+      source  = "MeilleursAgents/ansiblevault"
+      version = "2.2.0"
+    }
+    docker = {
+      source  = "kreuzwerker/docker"
+      version = "2.23.1"
+    }
+    linode = {
+      source  = "linode/linode"
+      version = "1.29.4"
+    }
+    postgresql = {
+      source  = "cyrilgdn/postgresql"
+      version = "1.18.0"
+    }
+  }
+}
+
+provider "docker" {
+  host = "ssh://conflatorio.vpn.trygvis.io"
+}
+
+provider "ansiblevault" {
+  root_folder = ".."
+}
+
+data "docker_network" "traefik" {
+  name = "traefik"
+}