layla/quartz-terraform
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Init

Browse Source
This commit is contained in:
Layla 2024-06-01 23:45:26 +02:00
commit e08344247d
12 changed files with 249 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
.gitignore vendored Normal file
View File

@ -0,0 +1,43 @@
# Local .terraform directories
**/.terraform/*
# .tfstate files
*.tfstate
*.tfstate.*
# Crash log files
crash.log
crash.*.log
# Exclude all .tfvars files, which are likely to contain sensitive data, such as
# password, private keys, and other secrets. These should not be part of version
# control as they are data points which are potentially sensitive and subject
# to change depending on the environment.
*.tfvars
*.tfvars.json
# Ignore override files as they are usually used to override resources locally and so
# are not checked in
override.tf
override.tf.json
*_override.tf
*_override.tf.json
# Ignore transient lock info files created by terraform apply
.terraform.tfstate.lock.info
# Include override files you do wish to add to version control using negated pattern
# !example_override.tf
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
# example: *tfplan*
# Ignore CLI configuration files
.terraformrc
terraform.rc
# Ignore hcl file
.terraform.lock.hcl
[Tt]askfile*.[yaml|yml]
![Tt]askfile*.dist.[yaml|yml]

1
.tool-versions Normal file
View File

@ -0,0 +1 @@
terraform 1.8.4

15
providers/common_service_providers.tf Normal file
View File

@ -0,0 +1,15 @@
terraform {
backend "consul" {}
}
provider "vault" {
address = "https://vault.quartz.layla.gg"
}
provider "docker" {
host = "ssh://terraform@192.168.0.54:22"
# Pass ssh-key
ssh_opts = ["-i", "./.terraform/remotes/quartz.pem", "-o", "StrictHostKeyChecking=no", "-o", "UserKnownHostsFile=/dev/null"]
}

8
services/consul/Taskfile.dist.yml Normal file
View File

@ -0,0 +1,8 @@
version: "3"
includes:
tf:
vars:
SERVICE: "consul"
ENVIRONMENT: "main"
taskfile: ../../taskfiles/Taskfile_service.dist.yml

77
services/consul/_common/main.tf Normal file
View File

@ -0,0 +1,77 @@
resource "random_password" "master_token" {
length = 18
special = true
}
resource "vault_generic_secret" "master_token" {
path = "secret/consul/master_token"
data_json = jsonencode({
"acl_token" : random_password.master_token.result
})
}
resource "docker_container" "consul" {
image = "${var.consul_image}:${var.consul_version}"
name = var.container_name
env = []
ports {
internal = 8300
external = 8300
}
ports {
internal = 8301
external = 8301
}
ports {
internal = 8500
external = 8302
}
mounts {
target = "/consul/config"
source = "/volume1/cloud/${var.container_name}/config"
read_only = false
type = "bind"
}
mounts {
target = "/consul/data"
source = "/volume1/cloud/${var.container_name}/data"
read_only = false
type = "bind"
}
command = ["agent", "-server", "-ui", "-bootstrap-expect=1", "-client=0.0.0.0", "-node=root", "-datacenter=quartz"]
provisioner "file" {
destination = "/volume1/cloud/${var.container_name}/config/acl.json"
content = jsonencode({
"acl" : {
"enabled" : true,
"default_policy" : "deny",
"down_policy" : "extend-cache",
"tokens" : {
"master" : random_password.master_token.result
}
}
})
connection {
type = "ssh"
user = "terraform"
private_key = file("./.terraform/remotes/quartz.pem")
host = "192.168.0.54"
}
}
}

16
services/consul/_common/vars.tf Normal file
View File

@ -0,0 +1,16 @@
variable "consul_version" {
description = "Consul container tag"
type = string
default = "1.15"
}
variable "consul_image" {
description = "Consul container image"
type = string
default = "consul"
}
variable "container_name" {
description = "Consul container name"
type = string
}

7
services/consul/_common/versions.tf Normal file
View File

@ -0,0 +1,7 @@
terraform {
required_providers {
docker = {
source = "kreuzwerker/docker"
}
}
}

7
services/consul/main/main.tf Normal file
View File

@ -0,0 +1,7 @@
module "consul" {
source = "../_common"
container_name = "hashicorp-consul"
consul_image = "consul"
consul_version = "1.15"
}

10
services/consul/main/versions.tf Normal file
View File

@ -0,0 +1,10 @@
terraform {
required_providers {
docker = {
source = "kreuzwerker/docker"
}
vault = {
source = "hashicorp/vault"
}
}
}

37
taskfiles/Taskfile_service.dist.yml Normal file
View File

@ -0,0 +1,37 @@
version: "3"
vars:
SERVICE: "{{.SERVICE}}"
ENVIRONMENT: "{{.ENVIRONMENT}}"
includes:
terraform:
dir: "../services/{{.SERVICE}}/{{.ENVIRONMENT}}"
taskfile: Taskfile_terraform.dist.yml
internal: true
synology:
dir: "../services/{{.SERVICE}}/{{.ENVIRONMENT}}"
taskfile: Taskfile_synology.dist.yml
internal: true
tasks:
init:
cmds:
- task: terraform:init
vars:
TF_STATE_PATH: "{{.ENVIRONMENT}}/{{.SERVICE}}"
- task: synology:install-ssh-key
plan:
dir: "{{.ENVIRONMENT}}"
cmds:
- task: terraform:plan
vars:
WORK_DIR: "{{.ENVIRONMENT}}"
apply:
dir: "{{.ENVIRONMENT}}"
cmds:
- task: terraform:apply
vars:
WORK_DIR: "{{.ENVIRONMENT}}"

10
taskfiles/Taskfile_synology.dist.yml Normal file
View File

@ -0,0 +1,10 @@
version: '3'
tasks:
install-ssh-key:
env:
VAULT_ADDR: https://vault.quartz.layla.gg
cmds:
- mkdir -p ./.terraform/remotes/
- vault read -field=ssh_key secret/synology/quartz/terraform > ./.terraform/remotes/quartz.pem
- chmod 600 ./.terraform/remotes/quartz.pem

18
taskfiles/Taskfile_terraform.dist.yml Normal file
View File

@ -0,0 +1,18 @@
version: "3"
vars:
TF_STATE_PATH: "{{.STATE_PATH}}"
tasks:
init:
env:
VAULT_ADDR: https://vault.quartz.layla.gg
cmds:
- cp ../../../providers/common_service_providers.tf providers_override.tf
- terraform init -upgrade -backend-config="address=consul.quartz.layla.gg" -backend-config="scheme=https" -backend-config="path=terraform/{{.TF_STATE_PATH}}.tfstate" -backend-config="access_token=$(vault read -field=acl_token secret/consul/master_token)"
plan:
cmds:
- terraform plan
apply:
cmds:
- terraform apply -auto-approve