harbor: init terraform provisioning

Signed-off-by: Alexis Pentori <alexis@status.im>

ansible/inventory/default

@@ -0,0 +1,14 @@
+# NOTE: This file is generated by terraform.py
+# For emergency use when Consul fails
+[all]
+node-01.do-ams3.harbor.registry hostname=node-01.do-ams3.harbor.registry ansible_host=159.223.242.198 env=harbor stage=registry data_center=do-ams3 region=ams3 dns_entry=node-01.do-ams3.harbor.registry.statusim.net
+
+[do-ams3]
+node-01.do-ams3.harbor.registry
+
+[harbor]
+node-01.do-ams3.harbor.registry
+
+[harbor.registry]
+node-01.do-ams3.harbor.registry
+

harbor.tf

@@ -0,0 +1,22 @@
+module "harbor" {
+  source     = "github.com/status-im/infra-tf-digital-ocean"
+  host_count = 1
+  name       = "node"
+  env        = "harbor"
+  group      = "harbor"
+  stage      = "registry"
+  type       = "s-2vcpu-4gb"
+  domain     = var.domain
+
+  open_tcp_ports = ["80", "443"]
+
+}
+
+
+resource "cloudflare_record" "harbor" {
+  zone_id = local.zones["status.im"]
+  name    = "harbor"
+  type    = "CNAME"
+  proxied = false
+  value   = "proxy.infra.status.im"
+}

main.tf

@@ -8,7 +8,7 @@ terraform {
     /* KV store has a limit of 512KB */
     gzip = true
     /* WARNING This needs to be changed for every repo. */
-    path      = "terraform/codex/"
+    path      = "terraform/harbor/"
     ca_file   = "ansible/files/consul-ca.crt"
     cert_file = "ansible/files/consul-client.crt"
     key_file  = "ansible/files/consul-client.key"

providers.tf

@@ -1,7 +1,13 @@
+provider "digitalocean" {
+  token             = data.pass_password.digitalocean_token.password
+  spaces_access_id  = data.pass_password.digitalocean_spaces_id.password
+  spaces_secret_key = data.pass_password.digitalocean_spaces_key.password
+}
+
 provider "cloudflare" {
-  email      = data.pass_password.cloudflare_email.password
-  api_key    = data.pass_password.cloudflare_token.password
-  account_id = data.pass_password.cloudflare_account.password
+email      = data.pass_password.cloudflare_email.password
+api_key    = data.pass_password.cloudflare_token.password
+account_id = data.pass_password.cloudflare_account.password
 }
 
 # Uses PASSWORD_STORE_DIR environment variable

secrets.tf

@@ -12,3 +12,18 @@ data "pass_password" "cloudflare_email" {
 data "pass_password" "cloudflare_account" {
   path = "cloud/Cloudflare/account"
 }
+
+/* Token for interacting with DigitalOcean API. */
+data "pass_password" "digitalocean_token" {
+  path = "cloud/DigitalOcean/token"
+}
+
+/* Access key for Digital Ocean Spaces API. */
+data "pass_password" "digitalocean_spaces_id" {
+  path = "cloud/DigitalOcean/spaces-id"
+}
+
+/* Secret key for Digital Ocean Spaces API. */
+data "pass_password" "digitalocean_spaces_key" {
+  path = "cloud/DigitalOcean/spaces-key"
+}

versions.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 1.2.0"
+  required_version = "> 1.4.0"
   required_providers {
     cloudflare = {
       source  = "cloudflare/cloudflare"
@@ -9,5 +9,9 @@ terraform {
       source  = "camptocamp/pass"
       version = " = 2.0.0"
     }
+    digitalocean = {
+      source = "digitalocean/digitalocean"
+    }
+
   }
 }

workspaces.tf

@@ -1,24 +0,0 @@
-/**
- * This is a hacky way of binding specific variable
- * values to different Terraform workspaces.
- *
- * Details:
- * https://github.com/hashicorp/terraform/issues/15966
- */
-
-locals {
-  env = {
-    defaults = {
-      /* Default settings for all fleets/workspaces. */
-    }
-
-    test = {
-      /* Settings specific to the test fleet/workspace. */
-    }
-  }
-}
-
-/* Makes fleet settings available under local.ws. */
-locals {
-  ws = merge(local.env["defaults"], local.env[terraform.workspace])
-}