From d2fffa77b6cc5a9caf11c5a71304d7a8d43da23c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Soko=C5=82owski?= <jakub@status.im>
Date: Wed, 11 May 2022 14:29:16 +0200
Subject: [PATCH] add Terraform boilerplate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jakub Sokołowski <jakub@status.im>
---
 main.tf       | 16 ++++++++++++++++
 providers.tf  |  8 ++++++++
 secrets.tf    | 14 ++++++++++++++
 variables.tf  |  5 +++++
 versions.tf   | 14 ++++++++++++++
 workspaces.tf | 24 ++++++++++++++++++++++++
 6 files changed, 81 insertions(+)
 create mode 100644 main.tf
 create mode 100644 providers.tf
 create mode 100644 secrets.tf
 create mode 100644 variables.tf
 create mode 100644 versions.tf
 create mode 100644 workspaces.tf

diff --git a/main.tf b/main.tf
new file mode 100644
index 0000000..2d50bdb
--- /dev/null
+++ b/main.tf
@@ -0,0 +1,16 @@
+/* DATA -----------------------------------------*/
+
+terraform {
+  backend "consul" {
+    address = "https://consul.statusim.net:8400"
+    /* Lock to avoid syncing issues */
+    lock = true
+    /* KV store has a limit of 512KB */
+    gzip = true
+    /* WARNING This needs to be changed for every repo. */
+    path      = "terraform/codex/"
+    ca_file   = "ansible/files/consul-ca.crt"
+    cert_file = "ansible/files/consul-client.crt"
+    key_file  = "ansible/files/consul-client.key"
+  }
+}
diff --git a/providers.tf b/providers.tf
new file mode 100644
index 0000000..538db97
--- /dev/null
+++ b/providers.tf
@@ -0,0 +1,8 @@
+provider "cloudflare" {
+  email      = data.pass_password.cloudflare_email.password
+  api_key    = data.pass_password.cloudflare_token.password
+  account_id = data.pass_password.cloudflare_account.password
+}
+
+# Uses PASSWORD_STORE_DIR environment variable
+provider "pass" {}
diff --git a/secrets.tf b/secrets.tf
new file mode 100644
index 0000000..1b33ae1
--- /dev/null
+++ b/secrets.tf
@@ -0,0 +1,14 @@
+/* Token for interacting with Cloudflare API. */
+data "pass_password" "cloudflare_token" {
+  path = "cloud/Cloudflare/token"
+}
+
+/* Email address of Cloudflare account. */
+data "pass_password" "cloudflare_email" {
+  path = "cloud/Cloudflare/email"
+}
+
+/* ID of CloudFlare Account. */
+data "pass_password" "cloudflare_account" {
+  path = "cloud/Cloudflare/account"
+}
diff --git a/variables.tf b/variables.tf
new file mode 100644
index 0000000..fd89d3c
--- /dev/null
+++ b/variables.tf
@@ -0,0 +1,5 @@
+variable "domain" {
+  description = "DNS Domain to update"
+  type        = string
+  default     = "statusim.net"
+}
diff --git a/versions.tf b/versions.tf
new file mode 100644
index 0000000..0d80218
--- /dev/null
+++ b/versions.tf
@@ -0,0 +1,14 @@
+
+terraform {
+  required_version = "~> 1.1.0"
+  required_providers {
+    cloudflare = {
+      source  = "cloudflare/cloudflare"
+      version = " = 2.21.0"
+    }
+    pass = {
+      source  = "camptocamp/pass"
+      version = " = 2.0.0"
+    }
+  }
+}
diff --git a/workspaces.tf b/workspaces.tf
new file mode 100644
index 0000000..406ce40
--- /dev/null
+++ b/workspaces.tf
@@ -0,0 +1,24 @@
+/**
+ * This is a hacky way of binding specific variable
+ * values to different Terraform workspaces.
+ *
+ * Details:
+ * https://github.com/hashicorp/terraform/issues/15966
+ */
+
+locals {
+  env = {
+    defaults = {
+      /* Default settings for all fleets/workspaces. */
+    }
+
+    test = {
+      /* Settings specific to the test fleet/workspace. */
+    }
+  }
+}
+
+/* Makes fleet settings available under local.ws. */
+locals {
+  ws = merge(local.env["defaults"], local.env[terraform.workspace])
+}