From dcf9d7e3efbbe791db1a21de1dd21abf2ff22f81 Mon Sep 17 00:00:00 2001 From: Trygve Laugstøl Date: Sun, 10 Jan 2021 22:23:13 +0100 Subject: terraform in minio --- .gitignore | 2 ++ .settings.sh | 14 +++++++++++-- ansible/.gitignore | 1 + bin/.gitignore | 1 + bin/dhall | 50 +++++++++++++++++++++++++++++++++++++++++++++++ bin/dhall-to-json | 1 + bin/dhall-to-yaml-ng | 1 + bin/json-to-dhall | 1 + bin/terraform | 25 ++++++++++++++++++++++++ bin/yaml-to-dhall | 1 + terraform-minio/README.md | 5 +++++ terraform-minio/main.tf | 29 +++++++++++++++++++++++++++ terraform-minio/root.tf | 46 +++++++++++++++++++++++++++++++++++++++++++ terraform/dns/terraform.d | 1 - terraform/main.tf | 12 ++++++++++-- terraform/minio/README.md | 3 +++ tools/.gitignore | 1 - tools/dhall | 50 ----------------------------------------------- tools/dhall-to-json | 1 - tools/dhall-to-yaml-ng | 1 - tools/json-to-dhall | 1 - tools/yaml-to-dhall | 1 - 22 files changed, 188 insertions(+), 60 deletions(-) create mode 100644 bin/.gitignore create mode 100755 bin/dhall create mode 120000 bin/dhall-to-json create mode 120000 bin/dhall-to-yaml-ng create mode 120000 bin/json-to-dhall create mode 100755 bin/terraform create mode 120000 bin/yaml-to-dhall create mode 100644 terraform-minio/README.md create mode 100644 terraform-minio/main.tf create mode 100644 terraform-minio/root.tf delete mode 120000 terraform/dns/terraform.d create mode 100644 terraform/minio/README.md delete mode 100644 tools/.gitignore delete mode 100755 tools/dhall delete mode 120000 tools/dhall-to-json delete mode 120000 tools/dhall-to-yaml-ng delete mode 120000 tools/json-to-dhall delete mode 120000 tools/yaml-to-dhall diff --git a/.gitignore b/.gitignore index 4bd922a..d32ecb8 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,3 @@ secrets/ +.terraform +.settings-vault diff --git a/.settings.sh b/.settings.sh index 61442c9..b8ecb8a 100644 --- a/.settings.sh +++ b/.settings.sh @@ -3,5 +3,15 @@ basedir=$(dirname "$_") basedir=$(cd "$basedir" && pwd) -echo "Adding tools/ to path" -PATH="$basedir/tools:$PATH" +echo "Adding bin/ to path" +PATH="$basedir/bin:$PATH" + +if [[ ! -r .settings-vault ]] +then + echo "Missing .settings-vault" +else + echo "Loading secrets" + source <(cd $basedir/ansible; ansible-vault view ../.settings-vault) +fi + +alias terraform="ANSIBLE_VAULT_PASS=\$($(pwd)/ansible/.vault-password) $basedir/bin/terraform" diff --git a/ansible/.gitignore b/ansible/.gitignore index 81e8ccb..52f3df5 100644 --- a/ansible/.gitignore +++ b/ansible/.gitignore @@ -6,3 +6,4 @@ .vault-password.asc *.pyc env +*.local.* diff --git a/bin/.gitignore b/bin/.gitignore new file mode 100644 index 0000000..ba077a4 --- /dev/null +++ b/bin/.gitignore @@ -0,0 +1 @@ +bin diff --git a/bin/dhall b/bin/dhall new file mode 100755 index 0000000..ad71285 --- /dev/null +++ b/bin/dhall @@ -0,0 +1,50 @@ +#!/bin/sh + +v_dhall=1.36.0 +v_dhall_yaml=1.2.3 +v_dhall_json=1.7.3 + +set -eu + +basedir=$(dirname "$0") + +cmd="$(basename $0)" + +case $cmd in + dhall) + tar=dhall + v=$v_dhall + ;; + dhall-to-json|json-to-dhall) + tar=dhall-json + v=$v_dhall_json + ;; + dhall-to-yaml-ng|yaml-to-dhall) + tar=dhall-yaml + v=$v_dhall_yaml + ;; + *) + echo "Unknown command: $0" + exit 1 +esac + +bin="$basedir/bin/$cmd-$v" +tar_path="$basedir/bin/$tar-$v.tar.bz2" + +m="$(uname -m)" +s="$(uname -s|tr [:upper:] [:lower:])" + +if [ ! -r "$tar_path" ] +then + mkdir -p "$(dirname $tar_path)" + wget -O "$tar_path" \ + https://github.com/dhall-lang/dhall-haskell/releases/download/$v_dhall/$tar-$v-$m-$s.tar.bz2 +fi + +if [ ! -x "$bin" ] +then + tar Oxf "$tar_path" ./bin/$cmd > "$bin" + chmod +x "$bin" +fi + +exec "$bin" "${@}" diff --git a/bin/dhall-to-json b/bin/dhall-to-json new file mode 120000 index 0000000..ffe753a --- /dev/null +++ b/bin/dhall-to-json @@ -0,0 +1 @@ +dhall \ No newline at end of file diff --git a/bin/dhall-to-yaml-ng b/bin/dhall-to-yaml-ng new file mode 120000 index 0000000..ffe753a --- /dev/null +++ b/bin/dhall-to-yaml-ng @@ -0,0 +1 @@ +dhall \ No newline at end of file diff --git a/bin/json-to-dhall b/bin/json-to-dhall new file mode 120000 index 0000000..ffe753a --- /dev/null +++ b/bin/json-to-dhall @@ -0,0 +1 @@ +dhall \ No newline at end of file diff --git a/bin/terraform b/bin/terraform new file mode 100755 index 0000000..06c2a76 --- /dev/null +++ b/bin/terraform @@ -0,0 +1,25 @@ +#!/bin/bash + +set -euo pipefail +#set -x + +basedir="$(dirname $0)" + +terraform_version=0.13.5 +terraform_url=https://releases.hashicorp.com/terraform/$terraform_version/terraform_${terraform_version}_linux_amd64.zip + +dl_d=$basedir/.terraform/dl +zip_file=$dl_d/terraform-${terraform_version}.zip +unzip_d=$basedir/.terraform/unzip/$terraform_version +cmd=$unzip_d/terraform + +if [[ ! -x $cmd ]] +then + mkdir -p $dl_d + curl -L -o "$zip_file" $terraform_url + rm -rf $unzip_d + mkdir -p $unzip_d + unzip $zip_file -d $unzip_d +fi + +exec "$cmd" "${@}" diff --git a/bin/yaml-to-dhall b/bin/yaml-to-dhall new file mode 120000 index 0000000..ffe753a --- /dev/null +++ b/bin/yaml-to-dhall @@ -0,0 +1 @@ +dhall \ No newline at end of file diff --git a/terraform-minio/README.md b/terraform-minio/README.md new file mode 100644 index 0000000..0e54eba --- /dev/null +++ b/terraform-minio/README.md @@ -0,0 +1,5 @@ +Special Terraform setup for creating user's in Minio for keeping other +Terraform setups in Minio. + + export TF_VAR_minio_access_key= + export TF_VAR_minio_secret_key= diff --git a/terraform-minio/main.tf b/terraform-minio/main.tf new file mode 100644 index 0000000..a08c04a --- /dev/null +++ b/terraform-minio/main.tf @@ -0,0 +1,29 @@ +terraform { + required_version = ">= 0.13" + + backend "local" { + path = "state" + } + + required_providers { + minio = { + source = "tidalf/minio" + version = "1.1.1" + } + } +} + +variable "minio_access_key" { + type = string +} + +variable "minio_secret_key" { + type = string +} + +provider "minio" { + minio_server = "minio.trygvis.io:443" + minio_ssl = "true" + minio_access_key = var.minio_access_key + minio_secret_key = var.minio_secret_key +} diff --git a/terraform-minio/root.tf b/terraform-minio/root.tf new file mode 100644 index 0000000..9751f27 --- /dev/null +++ b/terraform-minio/root.tf @@ -0,0 +1,46 @@ +resource "minio_s3_bucket" "terraform" { + bucket = "terraform" + acl = "public-read-write" +} + +resource "minio_iam_policy" "terraform-access" { + name = "terraform-access" + policy= <=https://:@ diff --git a/tools/.gitignore b/tools/.gitignore deleted file mode 100644 index ba077a4..0000000 --- a/tools/.gitignore +++ /dev/null @@ -1 +0,0 @@ -bin diff --git a/tools/dhall b/tools/dhall deleted file mode 100755 index ad71285..0000000 --- a/tools/dhall +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/sh - -v_dhall=1.36.0 -v_dhall_yaml=1.2.3 -v_dhall_json=1.7.3 - -set -eu - -basedir=$(dirname "$0") - -cmd="$(basename $0)" - -case $cmd in - dhall) - tar=dhall - v=$v_dhall - ;; - dhall-to-json|json-to-dhall) - tar=dhall-json - v=$v_dhall_json - ;; - dhall-to-yaml-ng|yaml-to-dhall) - tar=dhall-yaml - v=$v_dhall_yaml - ;; - *) - echo "Unknown command: $0" - exit 1 -esac - -bin="$basedir/bin/$cmd-$v" -tar_path="$basedir/bin/$tar-$v.tar.bz2" - -m="$(uname -m)" -s="$(uname -s|tr [:upper:] [:lower:])" - -if [ ! -r "$tar_path" ] -then - mkdir -p "$(dirname $tar_path)" - wget -O "$tar_path" \ - https://github.com/dhall-lang/dhall-haskell/releases/download/$v_dhall/$tar-$v-$m-$s.tar.bz2 -fi - -if [ ! -x "$bin" ] -then - tar Oxf "$tar_path" ./bin/$cmd > "$bin" - chmod +x "$bin" -fi - -exec "$bin" "${@}" diff --git a/tools/dhall-to-json b/tools/dhall-to-json deleted file mode 120000 index ffe753a..0000000 --- a/tools/dhall-to-json +++ /dev/null @@ -1 +0,0 @@ -dhall \ No newline at end of file diff --git a/tools/dhall-to-yaml-ng b/tools/dhall-to-yaml-ng deleted file mode 120000 index ffe753a..0000000 --- a/tools/dhall-to-yaml-ng +++ /dev/null @@ -1 +0,0 @@ -dhall \ No newline at end of file diff --git a/tools/json-to-dhall b/tools/json-to-dhall deleted file mode 120000 index ffe753a..0000000 --- a/tools/json-to-dhall +++ /dev/null @@ -1 +0,0 @@ -dhall \ No newline at end of file diff --git a/tools/yaml-to-dhall b/tools/yaml-to-dhall deleted file mode 120000 index ffe753a..0000000 --- a/tools/yaml-to-dhall +++ /dev/null @@ -1 +0,0 @@ -dhall \ No newline at end of file -- cgit v1.2.3