feat: runner infrastructure is built

2025-02-13 15:50:39 -05:00
parent a1844458b0
commit 829df54ae9
9 changed files with 150 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -210,3 +210,4 @@ cython_debug/
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
 #.idea/
 *secret*
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -0,0 +1,19 @@
 version: 3
 includes:
  tf: { taskfile: terraform, dir: terraform }
 tasks:
  dev: docker compose -f compose.dev.yml up --build --force-recreate --no-deps
  deploy:fast: ansible-playbook playbooks/fast.yml
  deploy:slow: ansible-playbook playbooks/slow.yml
  deploy:restore: ansible-playbook playbooks/restore.yml -e "restore_bucket={{.BUCKET}} restore_key={{.KEY}}"
  enter:
    cmd: aws ssm start-session --target $INSTANCE_ID
    env:
      INSTANCE_ID: { sh: jq -r .instance_id.value < config/infrastructure.secret.json }
      AWS_REGION: { sh: jq -r .aws_region < config/ansible.secret.json }
      AWS_ACCESS_KEY_ID: { sh: jq -r .aws_access_key < config/ansible.secret.json }
      AWS_SECRET_ACCESS_KEY: { sh: jq -r .aws_secret_key < config/ansible.secret.json }
--- a/terraform/.terraform.lock.hcl
+++ b/terraform/.terraform.lock.hcl
@@ -0,0 +1,24 @@
 # This file is maintained automatically by "terraform init".
 # Manual edits may be lost in future updates.
 provider "registry.terraform.io/hashicorp/aws" {
  version = "5.86.1"
  hashes = [
    "h1:IekGV22ML8NcKlhaAceeWdHdXAWfFLJYaslIEkpMHps=",
    "zh:0c5901c55f9bc0d353c48aa29e08d7152055dd296f3b60e1fe1634af8a7d32e4",
    "zh:26ddfc89d2a410492e31f1014bbf5388f871cb67d01e80255bde3e22a468e8a6",
    "zh:380c57474796e680c4477c4a69810db9389ce2717ff2da8d0f06716247dd1295",
    "zh:53bf6f567be4348ddd566792fccddd9db6104111e619aa4042afb594b9a5cc75",
    "zh:575c41544fd4ac969d59ecdff66428583c228a20a4893d238414e932bb2f2dc0",
    "zh:63d9473a2f55f4941e98cb2fcc7031b4266c1cdc40a8f96d52b7d29504984da3",
    "zh:6ec72fbc68f608a4e947a0b1356b14791330a425b7ebd3125e8023693bb37ec8",
    "zh:729a0853f9ca42b60993d6233b80e1fea52cc5c9401693cef83ade502f51e3e8",
    "zh:750eda82a9bde02a999677cdeb1e6d69b0d7af783e8d629c813da9be3ee6d493",
    "zh:90f70d5b31bdae6b7f3aee9b2b618168a32f434eb976b935d907c95271e7e692",
    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
    "zh:9cbf0464984b19a5a9027e8b03ebf1b56761c73f97171013b29f2d525ba91587",
    "zh:aec08a2374a5cdaac3df3d6a39d98aaf58a3e0a500259b791a2dc5693280bc4b",
    "zh:b638d8bd8ad11f14f7811696edcf744df07ea0f5c6033f59f3b325f921b7f54c",
    "zh:bb862a4d11da06fff7c04978769cd100547bbf4735f64bfe2374b289e41a5147",
  ]
 }
--- a/terraform/Taskfile.yml
+++ b/terraform/Taskfile.yml
@@ -0,0 +1,18 @@
 version: 3
 silent: true
 vars:
  BACKEND: ../config/backend.secret.json
  VARIABLES: ../config/variables.secret.json
  OUTPUT: ../config/infrastructure.secret.json
 tasks:
  init: terraform init -backend-config={{.BACKEND}}
  plan: terraform plan -var-file={{.VARIABLES}}
  destroy: terraform destroy
  format: terraform fmt -recursive
  out: terraform output -json > {{.OUTPUT}}
  apply: 
    - terraform apply -var-file={{.VARIABLES}}
    - task: out
  import: terraform import -var-file={{.VARIABLES}} {{.CLI_ARGS}}
--- a/terraform/install.sh
+++ b/terraform/install.sh
@@ -0,0 +1,30 @@
 #!/bin/sh
 rpm --rebuilddb
 amazon-linux-extras install docker ansible2 python3.8 -y
 # Make Docker work.
 systemctl enable docker
 systemctl start docker
 # Set up the correct version of Python (for Ansible).
 ln -sf /usr/bin/python3.8 /usr/bin/python3
 ln -sf /usr/bin/pip3.8 /usr/bin/pip3
 pip3 install botocore boto3 requests packaging
 python3 -m pip install -U pip
 # Add some swap space.
 dd if=/dev/zero of=/swapfile bs=128M count=8
 chmod 600 /swapfile
 mkswap /swapfile
 swapon /swapfile
 # Stop SSH (because we have SSM.)
 service sshd stop
 # Install Docker Compose.
 curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
 chmod +x /usr/local/bin/docker-compose
 # ERROR: SSM User not created yet.
 sudo usermod -aG docker ssm-user
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -0,0 +1,29 @@
 data "aws_subnet" "public" {
  tags = { SubnetOf = "Main", SubnetType = "Public" }
 }
 # An instance profile for access via AWS SSM.
 data "aws_iam_instance_profile" "ssm" {
  name = "SSMInstanceProfile"
 }
 # The Gitea Runner instance.
 resource "aws_instance" "this" {
  ami           = "ami-0adec96dc0cdc7bca"
  instance_type = "t4g.nano"
  subnet_id     = data.aws_subnet.public.id
  user_data                   = file("install.sh")
  user_data_replace_on_change = true
  iam_instance_profile = data.aws_iam_instance_profile.ssm.name
  root_block_device {
    volume_type = "gp3"
    volume_size = 8
  }
  tags = {
    Name = "Codebase: Runner"
  }
 }
--- a/terraform/outputs.tf
+++ b/terraform/outputs.tf
@@ -0,0 +1,4 @@
 output "instance_id" {
  value       = aws_instance.this.id
  description = "The instance ID of the Gitea instance."
 }
--- a/terraform/providers.tf
+++ b/terraform/providers.tf
@@ -0,0 +1,11 @@
 terraform {
  # The backend is stored in an S3 bucket.
  backend "s3" {}
 }
 # Access AWS through the IaC roles.
 provider "aws" {
  region     = var.aws_region
  access_key = var.aws_access
  secret_key = var.aws_secret
 }
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -0,0 +1,14 @@
 variable "aws_region" {
  type        = string
  description = "The AWS region things are created in."
 }
 variable "aws_access" {
  type        = string
  description = "The access key to generate the Gitea instance."
 }
 variable "aws_secret" {
  type        = string
  description = "The access secret to generate the Gitea instance."
 }