aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTrygve Laugstøl <trygvis@inamo.no>2022-12-23 09:05:17 +0100
committerTrygve Laugstøl <trygvis@inamo.no>2022-12-23 09:05:17 +0100
commit19d2406d9a51f41ba70c1b9d503fa4cc3bf2af24 (patch)
tree2139741a45e82d6d9b79b6b27d6a0c7841b8f0e9
parent3fc34994497058635777df5b048eac980d6b4d4b (diff)
downloadinfra-19d2406d9a51f41ba70c1b9d503fa4cc3bf2af24.tar.gz
infra-19d2406d9a51f41ba70c1b9d503fa4cc3bf2af24.tar.bz2
infra-19d2406d9a51f41ba70c1b9d503fa4cc3bf2af24.tar.xz
infra-19d2406d9a51f41ba70c1b9d503fa4cc3bf2af24.zip
concourse
-rw-r--r--.gitignore2
-rw-r--r--terraform-vault.yml9
-rw-r--r--terraform/concourse/concourse.tf36
-rw-r--r--terraform/conflatorio-docker/.terraform.lock.hcl19
-rw-r--r--terraform/conflatorio-docker/main.tf13
-rw-r--r--terraform/conflatorio-docker/traefik.tf11
6 files changed, 77 insertions, 13 deletions
diff --git a/.gitignore b/.gitignore
index 6681aa4..2778353 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,5 @@ bin/.tmp
terraform-*/*state*
terraform/*state*
+
+__pycache__
diff --git a/terraform-vault.yml b/terraform-vault.yml
new file mode 100644
index 0000000..d239695
--- /dev/null
+++ b/terraform-vault.yml
@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+64393634356337363035386362316539643735303634646139333266373134393039613535653662
+6530633965336532373562633665626534646232373161340a343135383963623238333862303766
+64646531343634383737373663666534356431393362396532323031393763663362373264373638
+3036336334313762300a323565336536353035333335626666396538646366356634353366636438
+31353063323635396637343037643565333537333366356134663062333437626435343933666438
+30616139636430396435383236346637643034326166373236663861306634323134326132393864
+61346632373331353131313562336134306337643032313339333731343231313234343964383264
+35643064323830633634
diff --git a/terraform/concourse/concourse.tf b/terraform/concourse/concourse.tf
index c191196..28b6d21 100644
--- a/terraform/concourse/concourse.tf
+++ b/terraform/concourse/concourse.tf
@@ -17,7 +17,29 @@ resource "docker_container" "concourse" {
ports {
internal = 8080
external = 8080
- ip = "192.168.10.147"
+ ip = "192.168.10.147"
+ }
+
+ labels {
+ label = "traefik.enable"
+ value = "true"
+ }
+
+ labels {
+ label = "traefik.enable"
+ value = "true"
+ }
+ labels {
+ label = "traefik.http.routers.concourse.rule"
+ value = "Host(`concourse.vpn.trygvis.io`)"
+ }
+ labels {
+ label = "traefik.http.routers.concourse.entrypoints"
+ value = "websecure"
+ }
+ labels {
+ label = "traefik.http.routers.concourse.tls.certresolver"
+ value = "linode"
}
env = [
@@ -27,7 +49,7 @@ resource "docker_container" "concourse" {
"CONCOURSE_POSTGRES_DATABASE=concourse",
"CONCOURSE_POSTGRES_PORT=5432",
"CONCOURSE_POSTGRES_SSLMODE=require",
- "CONCOURSE_EXTERNAL_URL=https://concourse.trygvis.io",
+ "CONCOURSE_EXTERNAL_URL=https://concourse.vpn.trygvis.io",
"CONCOURSE_WORKER_BAGGAGECLAIM_DRIVER=overlay",
"CONCOURSE_CLIENT_SECRET=Y29uY291cnNlLXdlYgo=",
"CONCOURSE_TSA_CLIENT_SECRET=Y29uY291cnNlLXdvcmtlcgo=",
@@ -41,11 +63,11 @@ resource "docker_container" "concourse" {
"CONCOURSE_ADD_LOCAL_USER=trygvis:trygvis",
"CONCOURSE_MAIN_TEAM_LOCAL_USER=trygvis",
-# "CONCOURSE_MAIN_TEAM_GITHUB_ORG=org-name",
-# "CONCOURSE_MAIN_TEAM_GITHUB_TEAM=bitraf:Drift",
-# "CONCOURSE_MAIN_TEAM_GITHUB_USER=some-user",
+ # "CONCOURSE_MAIN_TEAM_GITHUB_ORG=org-name",
+ # "CONCOURSE_MAIN_TEAM_GITHUB_TEAM=bitraf:Drift",
+ # "CONCOURSE_MAIN_TEAM_GITHUB_USER=some-user",
-# "CONCOURSE_GITHUB_CLIENT_ID=${data.ansiblevault_path.github_client_id.value}",
-# "CONCOURSE_GITHUB_CLIENT_SECRET=${data.ansiblevault_path.github_client_secret.value}",
+ # "CONCOURSE_GITHUB_CLIENT_ID=${data.ansiblevault_path.github_client_id.value}",
+ # "CONCOURSE_GITHUB_CLIENT_SECRET=${data.ansiblevault_path.github_client_secret.value}",
]
}
diff --git a/terraform/conflatorio-docker/.terraform.lock.hcl b/terraform/conflatorio-docker/.terraform.lock.hcl
index 33dd88d..3ac9963 100644
--- a/terraform/conflatorio-docker/.terraform.lock.hcl
+++ b/terraform/conflatorio-docker/.terraform.lock.hcl
@@ -41,3 +41,22 @@ provider "registry.terraform.io/kreuzwerker/docker" {
"zh:f6238eee53124aae4896a57e92c6ad7ce35adb946662e864abf3c8cc154e3498",
]
}
+
+provider "registry.terraform.io/meilleursagents/ansiblevault" {
+ version = "2.2.0"
+ constraints = "2.2.0"
+ hashes = [
+ "h1:BdAWPYZ+cwkGuc9Hy0zZfyvbRL9f3naXpcUaOnoZee8=",
+ "zh:06faf88f2a6f2e9aabadb0d50565f4804636039042d37984463f0ca647f52189",
+ "zh:15053cceec8b24d9b62598e9e6860607603c2ecc7871705720a0753ef297d79f",
+ "zh:525f261f35d58151b4c51301cc1ae98a592c9b3400449361a91f2d84c467e2ac",
+ "zh:8bfe3b2c2b975792987d0642e8525efbf436ae08b1cebb1fa266b8954cb1915e",
+ "zh:93a943b494b0f70ef644334bf7646bf203ca087873385ab8ff89d406b9448771",
+ "zh:c651248189d297321a48feb775907de0ba2b9a100cb35f7364357b0af0e55931",
+ "zh:ccbee95f3c264c663fcddac8c8c921ec9f4fde95f15196838a73a9bf215a4020",
+ "zh:d3226f7b3a3013fceeef3392f54708b976daa0f43767bc24ff8c420c8a48a1a9",
+ "zh:f236d34596a51f64163eb5d13c3bcea4e10023f7e65f777b7267c463c427aad2",
+ "zh:f79f848b9c4b67879c2c25f2ef5b654eaafcfd7568f442eea2566bb580519c4f",
+ "zh:fbe2363c1c6a32df6443e650b53b5004a4d6f9431d23935ed98c500bed1552bd",
+ ]
+}
diff --git a/terraform/conflatorio-docker/main.tf b/terraform/conflatorio-docker/main.tf
index ce46e60..21081ac 100644
--- a/terraform/conflatorio-docker/main.tf
+++ b/terraform/conflatorio-docker/main.tf
@@ -16,9 +16,22 @@ terraform {
source = "kreuzwerker/docker"
version = "2.23.1"
}
+ ansiblevault = {
+ source = "MeilleursAgents/ansiblevault"
+ version = "2.2.0"
+ }
}
}
provider "docker" {
host = "ssh://conflatorio.vpn.trygvis.io"
}
+
+provider "ansiblevault" {
+ root_folder = "../.."
+}
+
+data "ansiblevault_path" "linode_token" {
+ path = "terraform-vault.yml"
+ key = "linode_token"
+}
diff --git a/terraform/conflatorio-docker/traefik.tf b/terraform/conflatorio-docker/traefik.tf
index 281d94f..42442be 100644
--- a/terraform/conflatorio-docker/traefik.tf
+++ b/terraform/conflatorio-docker/traefik.tf
@@ -43,10 +43,10 @@ resource "docker_container" "traefik" {
"--entrypoints.web.address=:80",
"--entrypoints.web.http.redirections.entrypoint.to=websecure",
"--entrypoints.web.http.redirections.entrypoint.scheme=https",
- "--certificatesresolvers.bitraf.acme.dnschallenge.provider=linode",
- "--certificatesresolvers.bitraf.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53",
- "--certificatesresolvers.bitraf.acme.email=itavdelingen@bitraf.no",
- "--certificatesresolvers.bitraf.acme.storage=/letsencrypt/acme.json",
+ "--certificatesresolvers.linode.acme.dnschallenge.provider=linode",
+ "--certificatesresolvers.linode.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53",
+ "--certificatesresolvers.linode.acme.email=root@trygvis.io",
+ "--certificatesresolvers.linode.acme.storage=/letsencrypt/acme.json",
]
# labels {
@@ -58,14 +58,13 @@ resource "docker_container" "traefik" {
# - "/var/run/docker.sock:/var/run/docker.sock:ro"
env = [
- # LINODE_TOKEN: "{{ linode_itavdelingen_pat }}"
+ "LINODE_TOKEN=${data.ansiblevault_path.linode_token.value}"
]
mounts {
source = "/etc/docker-service/traefik/letsencrypt"
target = "/letsencrypt"
type = "bind"
- read_only = true
}
mounts {