From e08344247de53421a368a6111d160b68d9ba51e1 Mon Sep 17 00:00:00 2001
From: Layla Manley <layla@layla.gg>
Date: Sat, 1 Jun 2024 23:45:26 +0200
Subject: [PATCH] Init

---
 .gitignore                            | 43 +++++++++++++++
 .tool-versions                        |  1 +
 providers/common_service_providers.tf | 15 ++++++
 services/consul/Taskfile.dist.yml     |  8 +++
 services/consul/_common/main.tf       | 77 +++++++++++++++++++++++++++
 services/consul/_common/vars.tf       | 16 ++++++
 services/consul/_common/versions.tf   |  7 +++
 services/consul/main/main.tf          |  7 +++
 services/consul/main/versions.tf      | 10 ++++
 taskfiles/Taskfile_service.dist.yml   | 37 +++++++++++++
 taskfiles/Taskfile_synology.dist.yml  | 10 ++++
 taskfiles/Taskfile_terraform.dist.yml | 18 +++++++
 12 files changed, 249 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 .tool-versions
 create mode 100644 providers/common_service_providers.tf
 create mode 100644 services/consul/Taskfile.dist.yml
 create mode 100644 services/consul/_common/main.tf
 create mode 100644 services/consul/_common/vars.tf
 create mode 100644 services/consul/_common/versions.tf
 create mode 100644 services/consul/main/main.tf
 create mode 100644 services/consul/main/versions.tf
 create mode 100644 taskfiles/Taskfile_service.dist.yml
 create mode 100644 taskfiles/Taskfile_synology.dist.yml
 create mode 100644 taskfiles/Taskfile_terraform.dist.yml

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..c35cc98
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,43 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore transient lock info files created by terraform apply
+.terraform.tfstate.lock.info
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+# Ignore hcl file
+.terraform.lock.hcl
+
+[Tt]askfile*.[yaml|yml]
+![Tt]askfile*.dist.[yaml|yml]
diff --git a/.tool-versions b/.tool-versions
new file mode 100644
index 0000000..0d5732e
--- /dev/null
+++ b/.tool-versions
@@ -0,0 +1 @@
+terraform 1.8.4
diff --git a/providers/common_service_providers.tf b/providers/common_service_providers.tf
new file mode 100644
index 0000000..8ba7c5c
--- /dev/null
+++ b/providers/common_service_providers.tf
@@ -0,0 +1,15 @@
+terraform {
+  backend "consul" {}
+}
+
+provider "vault" {
+  address = "https://vault.quartz.layla.gg"
+}
+
+provider "docker" {
+  host = "ssh://terraform@192.168.0.54:22"
+
+  # Pass ssh-key
+  ssh_opts = ["-i", "./.terraform/remotes/quartz.pem", "-o", "StrictHostKeyChecking=no", "-o", "UserKnownHostsFile=/dev/null"]
+
+}
diff --git a/services/consul/Taskfile.dist.yml b/services/consul/Taskfile.dist.yml
new file mode 100644
index 0000000..3e49662
--- /dev/null
+++ b/services/consul/Taskfile.dist.yml
@@ -0,0 +1,8 @@
+version: "3"
+
+includes:
+  tf:
+    vars:
+      SERVICE: "consul"
+      ENVIRONMENT: "main"
+    taskfile: ../../taskfiles/Taskfile_service.dist.yml
diff --git a/services/consul/_common/main.tf b/services/consul/_common/main.tf
new file mode 100644
index 0000000..d3a4c8d
--- /dev/null
+++ b/services/consul/_common/main.tf
@@ -0,0 +1,77 @@
+
+
+resource "random_password" "master_token" {
+  length  = 18
+  special = true
+}
+
+resource "vault_generic_secret" "master_token" {
+  path = "secret/consul/master_token"
+  data_json = jsonencode({
+    "acl_token" : random_password.master_token.result
+  })
+}
+
+
+resource "docker_container" "consul" {
+  image = "${var.consul_image}:${var.consul_version}"
+  name  = var.container_name
+
+  env = []
+
+  ports {
+    internal = 8300
+    external = 8300
+  }
+
+  ports {
+    internal = 8301
+    external = 8301
+  }
+
+  ports {
+    internal = 8500
+    external = 8302
+  }
+
+
+  mounts {
+    target    = "/consul/config"
+    source    = "/volume1/cloud/${var.container_name}/config"
+    read_only = false
+    type      = "bind"
+  }
+
+  mounts {
+    target    = "/consul/data"
+    source    = "/volume1/cloud/${var.container_name}/data"
+    read_only = false
+    type      = "bind"
+  }
+
+  command = ["agent", "-server", "-ui", "-bootstrap-expect=1", "-client=0.0.0.0", "-node=root", "-datacenter=quartz"]
+
+
+
+  provisioner "file" {
+    destination = "/volume1/cloud/${var.container_name}/config/acl.json"
+    content = jsonencode({
+      "acl" : {
+        "enabled" : true,
+        "default_policy" : "deny",
+        "down_policy" : "extend-cache",
+        "tokens" : {
+          "master" : random_password.master_token.result
+        }
+      }
+    })
+
+    connection {
+      type        = "ssh"
+      user        = "terraform"
+      private_key = file("./.terraform/remotes/quartz.pem")
+      host        = "192.168.0.54"
+    }
+  }
+
+}
diff --git a/services/consul/_common/vars.tf b/services/consul/_common/vars.tf
new file mode 100644
index 0000000..0bb5b10
--- /dev/null
+++ b/services/consul/_common/vars.tf
@@ -0,0 +1,16 @@
+variable "consul_version" {
+  description = "Consul container tag"
+  type        = string
+  default     = "1.15"
+}
+
+variable "consul_image" {
+  description = "Consul container image"
+  type        = string
+  default     = "consul"
+}
+
+variable "container_name" {
+  description = "Consul container name"
+  type        = string
+}
diff --git a/services/consul/_common/versions.tf b/services/consul/_common/versions.tf
new file mode 100644
index 0000000..b433ffb
--- /dev/null
+++ b/services/consul/_common/versions.tf
@@ -0,0 +1,7 @@
+terraform {
+  required_providers {
+    docker = {
+      source = "kreuzwerker/docker"
+    }
+  }
+}
diff --git a/services/consul/main/main.tf b/services/consul/main/main.tf
new file mode 100644
index 0000000..dfce269
--- /dev/null
+++ b/services/consul/main/main.tf
@@ -0,0 +1,7 @@
+module "consul" {
+  source = "../_common"
+
+  container_name = "hashicorp-consul"
+  consul_image   = "consul"
+  consul_version = "1.15"
+}
diff --git a/services/consul/main/versions.tf b/services/consul/main/versions.tf
new file mode 100644
index 0000000..8e6f29e
--- /dev/null
+++ b/services/consul/main/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_providers {
+    docker = {
+      source = "kreuzwerker/docker"
+    }
+    vault = {
+      source = "hashicorp/vault"
+    }
+  }
+}
diff --git a/taskfiles/Taskfile_service.dist.yml b/taskfiles/Taskfile_service.dist.yml
new file mode 100644
index 0000000..70fced1
--- /dev/null
+++ b/taskfiles/Taskfile_service.dist.yml
@@ -0,0 +1,37 @@
+version: "3"
+
+vars:
+  SERVICE: "{{.SERVICE}}"
+  ENVIRONMENT: "{{.ENVIRONMENT}}"
+
+includes:
+  terraform:
+    dir: "../services/{{.SERVICE}}/{{.ENVIRONMENT}}"
+    taskfile: Taskfile_terraform.dist.yml
+    internal: true
+  synology:
+    dir: "../services/{{.SERVICE}}/{{.ENVIRONMENT}}"
+    taskfile: Taskfile_synology.dist.yml
+    internal: true
+
+tasks:
+  init:
+    cmds:
+      - task: terraform:init
+        vars:
+          TF_STATE_PATH: "{{.ENVIRONMENT}}/{{.SERVICE}}"
+      - task: synology:install-ssh-key
+
+  plan:
+    dir: "{{.ENVIRONMENT}}"
+    cmds:
+      - task: terraform:plan
+        vars:
+          WORK_DIR: "{{.ENVIRONMENT}}"
+
+  apply:
+    dir: "{{.ENVIRONMENT}}"
+    cmds:
+      - task: terraform:apply
+        vars:
+          WORK_DIR: "{{.ENVIRONMENT}}"
diff --git a/taskfiles/Taskfile_synology.dist.yml b/taskfiles/Taskfile_synology.dist.yml
new file mode 100644
index 0000000..cecea3e
--- /dev/null
+++ b/taskfiles/Taskfile_synology.dist.yml
@@ -0,0 +1,10 @@
+version: '3'
+
+tasks:
+  install-ssh-key:
+    env:
+      VAULT_ADDR: https://vault.quartz.layla.gg
+    cmds:
+      - mkdir -p ./.terraform/remotes/
+      - vault read -field=ssh_key secret/synology/quartz/terraform > ./.terraform/remotes/quartz.pem
+      - chmod 600 ./.terraform/remotes/quartz.pem
\ No newline at end of file
diff --git a/taskfiles/Taskfile_terraform.dist.yml b/taskfiles/Taskfile_terraform.dist.yml
new file mode 100644
index 0000000..5371835
--- /dev/null
+++ b/taskfiles/Taskfile_terraform.dist.yml
@@ -0,0 +1,18 @@
+version: "3"
+
+vars:
+  TF_STATE_PATH: "{{.STATE_PATH}}"
+
+tasks:
+  init:
+    env:
+      VAULT_ADDR: https://vault.quartz.layla.gg
+    cmds:
+      - cp ../../../providers/common_service_providers.tf providers_override.tf
+      - terraform init -upgrade -backend-config="address=consul.quartz.layla.gg" -backend-config="scheme=https" -backend-config="path=terraform/{{.TF_STATE_PATH}}.tfstate" -backend-config="access_token=$(vault read -field=acl_token secret/consul/master_token)"
+  plan:
+    cmds:
+      - terraform plan
+  apply:
+    cmds:
+      - terraform apply -auto-approve