From e1453c3f98096ed3b1a14ec1ba496bcd661b00f6 Mon Sep 17 00:00:00 2001 From: Anton Iakimov Date: Mon, 18 Sep 2023 12:00:06 +0200 Subject: [PATCH] terraform: initial setup --- main.tf | 17 +---------------- providers.tf | 18 ++++++++++++++++++ secrets.tf | 30 ++++++++++++++++++++++++++++++ versions.tf | 11 ++++++++++- 4 files changed, 59 insertions(+), 17 deletions(-) diff --git a/main.tf b/main.tf index 5a40816..e862e9c 100644 --- a/main.tf +++ b/main.tf @@ -8,24 +8,9 @@ terraform { /* KV store has a limit of 512KB */ gzip = true /* WARNING This needs to be changed for every repo. */ - path = "terraform/codex/" + path = "terraform/shards/" ca_file = "ansible/files/consul-ca.crt" cert_file = "ansible/files/consul-client.crt" key_file = "ansible/files/consul-client.key" } } - -/* CF Zones ------------------------------------*/ - -/* CloudFlare Zone IDs required for records */ -data "cloudflare_zones" "active" { - filter { status = "active" } -} - -/* For easier access to zone ID by domain name */ -locals { - zones = { - for zone in data.cloudflare_zones.active.zones : - zone.name => zone.id - } -} diff --git a/providers.tf b/providers.tf index 538db97..5dc354b 100644 --- a/providers.tf +++ b/providers.tf @@ -4,5 +4,23 @@ provider "cloudflare" { account_id = data.pass_password.cloudflare_account.password } +provider "digitalocean" { + token = data.pass_password.digitalocean_token.password + spaces_access_id = data.pass_password.digitalocean_spaces_id.password + spaces_secret_key = data.pass_password.digitalocean_spaces_key.password +} + +provider "google" { + credentials = data.pass_password.google_cloud_cred_json.full + project = "russia-servers" + region = "us-central1" +} + +provider "alicloud" { + access_key = data.pass_password.alicloud_access_key.password + secret_key = data.pass_password.alicloud_secret_key.password + region = "cn-hongkong" +} + # Uses PASSWORD_STORE_DIR environment variable provider "pass" {} diff --git a/secrets.tf b/secrets.tf index 1b33ae1..b6de512 100644 --- a/secrets.tf +++ b/secrets.tf @@ -12,3 +12,33 @@ data "pass_password" "cloudflare_email" { data "pass_password" "cloudflare_account" { path = "cloud/Cloudflare/account" } + +/* Token for interacting with DigitalOcean API. */ +data "pass_password" "digitalocean_token" { + path = "cloud/DigitalOcean/token" +} + +/* Access key for Digital Ocean Spaces API. */ +data "pass_password" "digitalocean_spaces_id" { + path = "cloud/DigitalOcean/spaces-id" +} + +/* Secret key for Digital Ocean Spaces API. */ +data "pass_password" "digitalocean_spaces_key" { + path = "cloud/DigitalOcean/spaces-key" +} + +/* Alibaba Cloud API access key. */ +data "pass_password" "alicloud_access_key" { + path = "cloud/Alibaba/access-key" +} + +/* Alibaba Cloud API secret key. */ +data "pass_password" "alicloud_secret_key" { + path = "cloud/Alibaba/secret-key" +} + +/* Google Cloud API auth JSON */ +data "pass_password" "google_cloud_cred_json" { + path = "cloud/GoogleCloud/json" +} diff --git a/versions.tf b/versions.tf index 0c0c8c9..c56e4c7 100644 --- a/versions.tf +++ b/versions.tf @@ -1,5 +1,5 @@ terraform { - required_version = "~> 1.2.0" + required_version = "> 1.4.0" required_providers { cloudflare = { source = "cloudflare/cloudflare" @@ -9,5 +9,14 @@ terraform { source = "camptocamp/pass" version = " = 2.0.0" } + digitalocean = { + source = "digitalocean/digitalocean" + } + alicloud = { + source = "aliyun/alicloud" + } + google = { + source = "hashicorp/google" + } } }