From b867c5dc0097b09a75705d616cc10f65c3d60ffb Mon Sep 17 00:00:00 2001 From: Trygve Laugstøl Date: Fri, 23 Dec 2022 12:07:30 +0100 Subject: knot pdb --- terraform/conflatorio-docker/.terraform.lock.hcl | 19 +++++++ terraform/conflatorio-docker/main.tf | 16 +++--- terraform/conflatorio-docker/traefik.tf | 20 ++------ terraform/dns/trygvis.tf | 7 --- terraform/knot-pdb/.terraform.lock.hcl | 63 ++++++++++++++++++++++++ terraform/knot-pdb/main.tf | 34 +++++++++++++ terraform/knot-pdb/pdb.tf | 40 +++++++++++++++ 7 files changed, 166 insertions(+), 33 deletions(-) create mode 100644 terraform/knot-pdb/.terraform.lock.hcl create mode 100644 terraform/knot-pdb/main.tf create mode 100644 terraform/knot-pdb/pdb.tf (limited to 'terraform') diff --git a/terraform/conflatorio-docker/.terraform.lock.hcl b/terraform/conflatorio-docker/.terraform.lock.hcl index 3ac9963..6b5beb1 100644 --- a/terraform/conflatorio-docker/.terraform.lock.hcl +++ b/terraform/conflatorio-docker/.terraform.lock.hcl @@ -42,6 +42,25 @@ provider "registry.terraform.io/kreuzwerker/docker" { ] } +provider "registry.terraform.io/lokkersp/sops" { + version = "0.6.10" + constraints = "0.6.10" + hashes = [ + "h1:atU8NIBxpNTWY+qBubvEOfjOn4K1aCDoq1iUFocgIHQ=", + "zh:0f053a26392a581b1f1ce6316cb7ed8ec4cc75e7f5f1cf7cfd45050b6b3c87ea", + "zh:207bb96c4471fce9aeb1b3c217d772692c3d865d294cf4d2501dad41de36a15e", + "zh:28506e8f1f3b9eaa95d99043440328044ee6340143535e5751538328a529d001", + "zh:3cae3bcea9e35fdc5b3f2af1b4580cd625c996448ad0c676c772260e46b25289", + "zh:3e44daaf82986c2b0028aeb17b867f3c68ed5dd8ac8625ba0406cf2a5fd3d92e", + "zh:457fb8ca2e677af24f9a4bdd8b613b1d7b604ad7133541657e5757c19268da71", + "zh:473d727c228f021a3df8cc8dcc6231ad7f90ed63f9e47c36b597d591e76228da", + "zh:48c4c1df39fd76ec8bd5fe9ac70cdc0927ac8be95582dbe46458b3442ce0fcd9", + "zh:728b19cb5c07e5e9d8b78fd94cc57d4c13582ecd24b7eb7c4cc2bf73b12fe4d1", + "zh:c51ed9af591779bb0910b82addeebb10f53428b994f8db653dd1dedcec60916c", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + provider "registry.terraform.io/meilleursagents/ansiblevault" { version = "2.2.0" constraints = "2.2.0" diff --git a/terraform/conflatorio-docker/main.tf b/terraform/conflatorio-docker/main.tf index 21081ac..cfc3cf0 100644 --- a/terraform/conflatorio-docker/main.tf +++ b/terraform/conflatorio-docker/main.tf @@ -16,9 +16,9 @@ terraform { source = "kreuzwerker/docker" version = "2.23.1" } - ansiblevault = { - source = "MeilleursAgents/ansiblevault" - version = "2.2.0" + sops = { + source = "lokkersp/sops" + version = "0.6.10" } } } @@ -27,11 +27,7 @@ provider "docker" { host = "ssh://conflatorio.vpn.trygvis.io" } -provider "ansiblevault" { - root_folder = "../.." -} - -data "ansiblevault_path" "linode_token" { - path = "terraform-vault.yml" - key = "linode_token" +data "sops_file_entry" "linode_token" { + source_file = "../../sops.yml" + data_key = "linode_token" } diff --git a/terraform/conflatorio-docker/traefik.tf b/terraform/conflatorio-docker/traefik.tf index 42442be..83adac3 100644 --- a/terraform/conflatorio-docker/traefik.tf +++ b/terraform/conflatorio-docker/traefik.tf @@ -58,13 +58,13 @@ resource "docker_container" "traefik" { # - "/var/run/docker.sock:/var/run/docker.sock:ro" env = [ - "LINODE_TOKEN=${data.ansiblevault_path.linode_token.value}" + "LINODE_TOKEN=${data.sops_file_entry.linode_token.data}" ] mounts { - source = "/etc/docker-service/traefik/letsencrypt" - target = "/letsencrypt" - type = "bind" + source = "/etc/docker-service/traefik/letsencrypt" + target = "/letsencrypt" + type = "bind" } mounts { @@ -92,15 +92,3 @@ resource "null_resource" "letsencrypt" { command = "ssh conflatorio.vpn.trygvis.io sudo mkdir -p ${local.path}" } } - -# provisioner "file" { -# source = "conf/myapp.conf" -# destination = "/etc/myapp.conf" -# -# connection { -# type = "ssh" -# user = "root" -# password = "${var.root_password}" -# host = "${var.host}" -# } -# } diff --git a/terraform/dns/trygvis.tf b/terraform/dns/trygvis.tf index 531661f..659d56a 100644 --- a/terraform/dns/trygvis.tf +++ b/terraform/dns/trygvis.tf @@ -117,10 +117,3 @@ resource "linode_domain_record" "unifi" { record_type = "CNAME" target = "vs.trygvis.io" } - -resource "linode_domain_record" "minio" { - domain_id = linode_domain.root.id - name = "minio" - record_type = "CNAME" - target = "vs.trygvis.io" -} diff --git a/terraform/knot-pdb/.terraform.lock.hcl b/terraform/knot-pdb/.terraform.lock.hcl new file mode 100644 index 0000000..908984b --- /dev/null +++ b/terraform/knot-pdb/.terraform.lock.hcl @@ -0,0 +1,63 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/random" { + version = "3.4.3" + constraints = "3.4.3" + hashes = [ + "h1:xZGZf18JjMS06pFa4NErzANI98qi59SEcBsOcS2P2yQ=", + "zh:41c53ba47085d8261590990f8633c8906696fa0a3c4b384ff6a7ecbf84339752", + "zh:59d98081c4475f2ad77d881c4412c5129c56214892f490adf11c7e7a5a47de9b", + "zh:686ad1ee40b812b9e016317e7f34c0d63ef837e084dea4a1f578f64a6314ad53", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:84103eae7251384c0d995f5a257c72b0096605048f757b749b7b62107a5dccb3", + "zh:8ee974b110adb78c7cd18aae82b2729e5124d8f115d484215fd5199451053de5", + "zh:9dd4561e3c847e45de603f17fa0c01ae14cae8c4b7b4e6423c9ef3904b308dda", + "zh:bb07bb3c2c0296beba0beec629ebc6474c70732387477a65966483b5efabdbc6", + "zh:e891339e96c9e5a888727b45b2e1bb3fcbdfe0fd7c5b4396e4695459b38c8cb1", + "zh:ea4739860c24dfeaac6c100b2a2e357106a89d18751f7693f3c31ecf6a996f8d", + "zh:f0c76ac303fd0ab59146c39bc121c5d7d86f878e9a69294e29444d4c653786f8", + "zh:f143a9a5af42b38fed328a161279906759ff39ac428ebcfe55606e05e1518b93", + ] +} + +provider "registry.terraform.io/linode/linode" { + version = "1.29.4" + constraints = "1.29.4" + hashes = [ + "h1:M6/1OYoR8fb/4cMCILgQMGyHypEf3plTzxyivTu3jxo=", + "zh:06ccda35d968429a1184aaf981c8104394fa1d719de86b718c56d93c27c1fcd6", + "zh:1fb2497917094e77bde90fe6ee781e20cee739142b891391480c1b3376d81dbb", + "zh:27960e9c07e995aad07a9c5ebfd7fe0304fffd4cb159fd215e82932b798c6d55", + "zh:4ed29807c423c77aab1338972aa1ec3cc16c6b14f4c25c86f4427e8a86bfc467", + "zh:7a39103dc0dc8538f5258d3b64db1e6c91335640763bd05da0478e99748a4949", + "zh:95b3e418e6fcb4b826be9b289a834f1b9893977bd330ac418e0285e56a4644c1", + "zh:ac69c992a5cbaaa6ed9bb65206309ab2c71b5eb17740b7a5295532f9840c67fd", + "zh:ae943e8975075cd9664f00a028838566fdf879c772e518b7adcc82e757916a67", + "zh:b3a85a52489bc3777b5e8c4428b8ea42ae8e0f2398077699c1eb99acea931a34", + "zh:c1a2e945f5691ed97b9cf01351dd3a99c2f9871f172bd71ba0c8a810c75740cd", + "zh:ce86a03d73ee3d2ed58c6fe853cd2a9d0974710d94a0aeb4c195a9d1e78a3481", + "zh:d34afbbf848d8b541a068d64fa04ace13c3bd37ad19fd8b0796662f553ca9652", + "zh:e13b4847098d295cd8216eeec55d940cfc4544672fdc89e0048dd067e69b63f8", + "zh:fc62e9f8fc5d37d28aba2077db10355839cae6d7770eaf8711f97877bac046ab", + ] +} + +provider "registry.terraform.io/lokkersp/sops" { + version = "0.6.10" + constraints = "0.6.10" + hashes = [ + "h1:atU8NIBxpNTWY+qBubvEOfjOn4K1aCDoq1iUFocgIHQ=", + "zh:0f053a26392a581b1f1ce6316cb7ed8ec4cc75e7f5f1cf7cfd45050b6b3c87ea", + "zh:207bb96c4471fce9aeb1b3c217d772692c3d865d294cf4d2501dad41de36a15e", + "zh:28506e8f1f3b9eaa95d99043440328044ee6340143535e5751538328a529d001", + "zh:3cae3bcea9e35fdc5b3f2af1b4580cd625c996448ad0c676c772260e46b25289", + "zh:3e44daaf82986c2b0028aeb17b867f3c68ed5dd8ac8625ba0406cf2a5fd3d92e", + "zh:457fb8ca2e677af24f9a4bdd8b613b1d7b604ad7133541657e5757c19268da71", + "zh:473d727c228f021a3df8cc8dcc6231ad7f90ed63f9e47c36b597d591e76228da", + "zh:48c4c1df39fd76ec8bd5fe9ac70cdc0927ac8be95582dbe46458b3442ce0fcd9", + "zh:728b19cb5c07e5e9d8b78fd94cc57d4c13582ecd24b7eb7c4cc2bf73b12fe4d1", + "zh:c51ed9af591779bb0910b82addeebb10f53428b994f8db653dd1dedcec60916c", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/terraform/knot-pdb/main.tf b/terraform/knot-pdb/main.tf new file mode 100644 index 0000000..9f443c3 --- /dev/null +++ b/terraform/knot-pdb/main.tf @@ -0,0 +1,34 @@ +terraform { + required_version = "~> 1.3.5" + + backend "s3" { + bucket = "terraform-a6726272-73ff-11ed-8bdd-c79eb8376e05" + key = "knot-pdf/terraform.tfstate" + region = "eu-central-1" + skip_region_validation = true + skip_credentials_validation = true + skip_metadata_api_check = true + endpoint = "eu-central-1.linodeobjects.com" + } + + required_providers { + linode = { + version = "1.29.4" + source = "linode/linode" + } + random = { + source = "hashicorp/random" + version = "3.4.3" + } + sops = { + source = "lokkersp/sops" + version = "0.6.10" + } + } +} + +provider "sops" { + age = { + key = "age13wv3rp0varlg4nvt3tca48fq8u9q3mc6yfdekjeapcmc7kaq4dysrzcmv3" + } +} diff --git a/terraform/knot-pdb/pdb.tf b/terraform/knot-pdb/pdb.tf new file mode 100644 index 0000000..2a63601 --- /dev/null +++ b/terraform/knot-pdb/pdb.tf @@ -0,0 +1,40 @@ +resource "random_uuid" "uuid" { +} + +data "linode_object_storage_cluster" "cluster" { + id = "eu-central-1" +} + +resource "linode_object_storage_bucket" "wal" { + label = "pdb-wal-${random_uuid.uuid.result}" + + cluster = data.linode_object_storage_cluster.cluster.id +} + +resource "linode_object_storage_key" "wal" { + label = "pdb-wal-${random_uuid.uuid.result} yeah" + + bucket_access { + bucket_name = linode_object_storage_bucket.wal.label + cluster = linode_object_storage_bucket.wal.cluster + permissions = "read_write" + } +} + +resource "sops_file" "secret_data" { + encryption_type = "age" + filename = "../../knot-pdb.sops.yml" + content = yamlencode(local.env) +} + +locals { + env = { + AWS_ACCESS_KEY_ID = linode_object_storage_key.wal.access_key + AWS_SECRET_ACCESS_KEY = linode_object_storage_key.wal.secret_key + WALG_S3_PREFIX = "s3://${linode_object_storage_bucket.wal.label}" + AWS_S3_FORCE_PATH_STYLE = "true" + AWS_REGION = data.linode_object_storage_cluster.cluster.id + AWS_ENDPOINT = "https://${data.linode_object_storage_cluster.cluster.id}.linodeobjects.com" + PGHOST = "" + } +} -- cgit v1.2.3