From 1fb1cff06b44e4f14fed05d6386600c23c85248a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Soko=C5=82owski?= Date: Tue, 15 Feb 2022 13:28:32 +0100 Subject: [PATCH] add Terraform boilerplate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jakub SokoĊ‚owski --- main.tf | 16 ++++++++++++++++ providers.tf | 26 ++++++++++++++++++++++++++ secrets.tf | 44 ++++++++++++++++++++++++++++++++++++++++++++ variables.tf | 5 +++++ versions.tf | 23 +++++++++++++++++++++++ workspaces.tf | 31 +++++++++++++++++++++++++++++++ 6 files changed, 145 insertions(+) create mode 100644 main.tf create mode 100644 providers.tf create mode 100644 secrets.tf create mode 100644 variables.tf create mode 100644 versions.tf create mode 100644 workspaces.tf diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..b30ff9e --- /dev/null +++ b/main.tf @@ -0,0 +1,16 @@ +/* DATA -----------------------------------------*/ + +terraform { + backend "consul" { + address = "https://consul.statusim.net:8400" + /* Lock to avoid syncing issues */ + lock = true + /* KV store has a limit of 512KB */ + gzip = true + /* WARNING This needs to be changed for every repo. */ + path = "terraform/status/" + ca_file = "ansible/files/consul-ca.crt" + cert_file = "ansible/files/consul-client.crt" + key_file = "ansible/files/consul-client.key" + } +} diff --git a/providers.tf b/providers.tf new file mode 100644 index 0000000..711eefa --- /dev/null +++ b/providers.tf @@ -0,0 +1,26 @@ +provider "digitalocean" { + token = data.pass_password.digitalocean_token.password + spaces_access_id = data.pass_password.digitalocean_spaces_id.password + spaces_secret_key = data.pass_password.digitalocean_spaces_key.password +} + +provider "cloudflare" { + email = data.pass_password.cloudflare_email.password + api_key = data.pass_password.cloudflare_token.password + account_id = data.pass_password.cloudflare_account.password +} + +provider "google" { + credentials = data.pass_password.google_cloud_cred_json.full + project = "russia-servers" + region = "us-central1" +} + +provider "alicloud" { + access_key = data.pass_password.alicloud_access_key.password + secret_key = data.pass_password.alicloud_secret_key.password + region = "cn-hongkong" +} + +# Uses PASSWORD_STORE_DIR environment variable +provider "pass" {} diff --git a/secrets.tf b/secrets.tf new file mode 100644 index 0000000..b6de512 --- /dev/null +++ b/secrets.tf @@ -0,0 +1,44 @@ +/* Token for interacting with Cloudflare API. */ +data "pass_password" "cloudflare_token" { + path = "cloud/Cloudflare/token" +} + +/* Email address of Cloudflare account. */ +data "pass_password" "cloudflare_email" { + path = "cloud/Cloudflare/email" +} + +/* ID of CloudFlare Account. */ +data "pass_password" "cloudflare_account" { + path = "cloud/Cloudflare/account" +} + +/* Token for interacting with DigitalOcean API. */ +data "pass_password" "digitalocean_token" { + path = "cloud/DigitalOcean/token" +} + +/* Access key for Digital Ocean Spaces API. */ +data "pass_password" "digitalocean_spaces_id" { + path = "cloud/DigitalOcean/spaces-id" +} + +/* Secret key for Digital Ocean Spaces API. */ +data "pass_password" "digitalocean_spaces_key" { + path = "cloud/DigitalOcean/spaces-key" +} + +/* Alibaba Cloud API access key. */ +data "pass_password" "alicloud_access_key" { + path = "cloud/Alibaba/access-key" +} + +/* Alibaba Cloud API secret key. */ +data "pass_password" "alicloud_secret_key" { + path = "cloud/Alibaba/secret-key" +} + +/* Google Cloud API auth JSON */ +data "pass_password" "google_cloud_cred_json" { + path = "cloud/GoogleCloud/json" +} diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..fd89d3c --- /dev/null +++ b/variables.tf @@ -0,0 +1,5 @@ +variable "domain" { + description = "DNS Domain to update" + type = string + default = "statusim.net" +} diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..71b6014 --- /dev/null +++ b/versions.tf @@ -0,0 +1,23 @@ + +terraform { + required_version = "~> 1.0.0" + required_providers { + cloudflare = { + source = "cloudflare/cloudflare" + version = " = 2.21.0" + } + pass = { + source = "camptocamp/pass" + version = " = 2.0.0" + } + digitalocean = { + source = "digitalocean/digitalocean" + } + alicloud = { + source = "aliyun/alicloud" + } + google = { + source = "hashicorp/google" + } + } +} diff --git a/workspaces.tf b/workspaces.tf new file mode 100644 index 0000000..8cc9ee9 --- /dev/null +++ b/workspaces.tf @@ -0,0 +1,31 @@ +/** + * This is a hacky way of binding specific variable + * values to different Terraform workspaces. + * + * Details: + * https://github.com/hashicorp/terraform/issues/15966 + */ + +locals { + env = { + defaults = { + /* general */ + env = "status" + stage = terraform.workspace + + /* scaling */ + hosts_count = 1 + do_type = "s-1vcpu-2gb" /* DigitalOcean */ + ac_type = "ecs.t5-lc1m2.small" /* Alibaba Cloud */ + gc_type = "g1-small" /* Google Cloud */ + } + + # Inherits defaults. + test = {} + prod = {} + } +} + +locals { + ws = merge(local.env["defaults"], local.env[terraform.workspace]) +}