feat: added config edit to taskfile

Taskfile.yml

@@ -11,11 +11,6 @@ tasks:
   deploy:fast: ansible-playbook playbooks/fast.yml
   deploy:slow: ansible-playbook playbooks/slow.yml
   deploy:restore: ansible-playbook playbooks/restore.yml -e "restore_bucket={{.BUCKET}} restore_key={{.KEY}}"
-
-  enter:
-    cmd: aws ssm start-session --target $INSTANCE_ID
-    env:
-      INSTANCE_ID: { sh: jq -r .instance_id.value < config/infrastructure.secret.json }
-      AWS_REGION: { sh: jq -r .aws_region < config/ansible.secret.json }
-      AWS_ACCESS_KEY_ID: { sh: jq -r .aws_access_key < config/ansible.secret.json }
-      AWS_SECRET_ACCESS_KEY: { sh: jq -r .aws_secret_key < config/ansible.secret.json }
+  
+  vault: ansible-vault edit vault.yml
+  inventory: ansible-vault edit inventory.ini

terraform/.terraform.lock.hcl

@@ -1,24 +0,0 @@
-# This file is maintained automatically by "terraform init".
-# Manual edits may be lost in future updates.
-
-provider "registry.terraform.io/hashicorp/aws" {
-  version = "5.83.1"
-  hashes = [
-    "h1:Yy3K7R7881H72rQDzG6qjZVkrWA6DGJzfE21TionY7w=",
-    "zh:0313253c78f195973752c4d1f62bfdd345a9c99c1bc7a612a8c1f1e27d51e49e",
-    "zh:108523f3e9ebc93f7d900c51681f6edbd3f3a56b8a62b0afc31d8214892f91e0",
-    "zh:175b9bf2a00bea6ac1c73796ad77b0e00dcbbde166235017c49377d7763861d8",
-    "zh:1c8bf55b8548bbad683cd6d7bdb03e8840a00b2422dc1529ffb9892820657130",
-    "zh:22338f09bae62d5ff646de00182417f992548da534fee7d98c5d0136d4bd5d7a",
-    "zh:92de1107ec43de60612be5f6255616f16a9cf82d88df1af1c0471b81f3a82c16",
-    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
-    "zh:9c7bfb7afea330e6d90e1466125a8cba3db1ed4043c5da52f737459c89290a6e",
-    "zh:ba59b374d477e5610674b70f5abfe0408e8f809390347372751384151440d3d0",
-    "zh:bd1c433966002f586d63cb1e3e16326991f238bc6beeb2352be36ec651917b0b",
-    "zh:ca2b4d1d02651c15261fffa4b142e45def9a22c6069353f0f663fd2046e268f8",
-    "zh:d8ed98c748f7a3f1a72277cfee9afe346aca39ab319d17402277852551d8f14a",
-    "zh:ed3d8bc89de5f35f3c5f4802ff7c749fda2e2be267f9af4a850694f099960a72",
-    "zh:f698732a4391c3f4d7079b4aaa52389da2a460cac5eed438ed688f147d603689",
-    "zh:f9f51b17f2978394954e9f6ab9ef293b8e11f1443117294ccf87f7f8212b3439",
-  ]
-}

terraform/Taskfile.yml

@@ -1,18 +0,0 @@
-version: 3
-silent: true
-
-vars:
-  BACKEND: ../config/backend.secret.json
-  VARIABLES: ../config/variables.secret.json
-  OUTPUT: ../config/infrastructure.secret.json
-
-tasks:
-  init: terraform init -backend-config={{.BACKEND}}
-  plan: terraform plan -var-file={{.VARIABLES}}
-  destroy: terraform destroy
-  format: terraform fmt -recursive
-  out: terraform output -json > {{.OUTPUT}}
-  apply: 
-    - terraform apply -var-file={{.VARIABLES}}
-    - task: out
-  import: terraform import -var-file={{.VARIABLES}} {{.CLI_ARGS}}

terraform/iam.tf

@@ -1,31 +0,0 @@
-data "aws_s3_bucket" "storage_bucket" {
-  bucket = var.boot_bucket
-}
-
-data "aws_iam_policy_document" "boot" {
-  statement {
-    effect  = "Allow"
-    actions = ["s3:*", "s3-object-lambda:*"]
-    resources = [
-      "${data.aws_s3_bucket.storage_bucket.arn}/${var.boot_key}",
-      "${data.aws_s3_bucket.storage_bucket.arn}/${var.boot_key}/*",
-    ]
-  }
-}
-
-resource "aws_iam_policy" "boot" {
-  name        = "${var.boot_role}Policy"
-  description = "The policy that manages the Gitea Boot."
-
-  policy = data.aws_iam_policy_document.boot.json
-}
-
-module "boot_user" {
-  source  = "terraform-aws-modules/iam/aws//modules/iam-user"
-  version = "5.52.2"
-
-  create_iam_user_login_profile = false
-  name                          = "${var.boot_role}User"
-  password_reset_required       = false
-  policy_arns                   = [aws_iam_policy.boot.arn]
-}

terraform/install.sh

@@ -1,31 +0,0 @@
-#!/bin/sh
-
-## Install extras.
-rpm --rebuilddb
-amazon-linux-extras install docker ansible2 python3.8 -y
-
-# Make Docker work.
-systemctl enable docker
-systemctl start docker
-
-# Set up the correct version of Python (for Ansible).
-ln -sf /usr/bin/python3.8 /usr/bin/python3
-ln -sf /usr/bin/pip3.8 /usr/bin/pip3
-pip3 install botocore boto3 requests packaging --user ssm-user
-python3 -m pip install -U pip
-
-# Add some swap space.
-dd if=/dev/zero of=/swapfile bs=128M count=8
-chmod 600 /swapfile
-mkswap /swapfile
-swapon /swapfile
-
-# Stop SSH (because we have SSM.)
-service sshd stop
-
-# Install Docker Compose.
-curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
-chmod +x /usr/local/bin/docker-compose
-
-# ERROR: SSM User not created yet.
-sudo usermod -aG docker ssm-user

terraform/main.tf

@@ -1,43 +0,0 @@
-# An elastic IP, so if the reverse proxy is modified, the route tables won't.
-resource "aws_eip" "public" {
-  instance = aws_instance.this.id
-  domain   = "vpc"
-}
-
-# An instance profile for access via AWS SSM.
-resource "aws_iam_instance_profile" "ssm" {
-  name = "SSMInstanceProfile"
-  role = "AmazonSSMRoleForInstancesQuickSetup"
-}
-
-# The Gitea instance.
-resource "aws_instance" "this" {
-  # ami           = data.aws_ami.amazon-linux-2.id
-  ami           = "ami-0adec96dc0cdc7bca"
-  instance_type = "t4g.nano"
-  subnet_id     = module.vpc.public_subnets[0]
-
-  user_data                   = file("install.sh")
-  user_data_replace_on_change = true
-
-  iam_instance_profile   = aws_iam_instance_profile.ssm.name
-  vpc_security_group_ids = [aws_security_group.public_access.id]
-  
-  metadata_options {
-    http_tokens = "required"
-  }
-
-  root_block_device {
-    volume_type = "gp3"
-    volume_size = 8
-  }
-
-  tags = {
-    Name = "Codebase: Gitea"
-  }
-}
-
-resource "aws_ec2_instance_state" "this" {
-  instance_id = aws_instance.this.id
-  state       = "running"
-}

terraform/network.tf

@@ -1,55 +0,0 @@
-locals {
-  # The IP block for the VPC.
-  vpc_cidr = "10.0.0.0/16"
-}
-
-data "aws_availability_zones" "all" {}
-
-# The main VPC.
-module "vpc" {
-  source = "terraform-aws-modules/vpc/aws"
-
-  name = "Main"
-  cidr = local.vpc_cidr
-
-  azs             = [data.aws_availability_zones.all.names[0]]
-  private_subnets = [cidrsubnet(local.vpc_cidr, 8, 0)]
-  public_subnets  = [cidrsubnet(local.vpc_cidr, 8, 4)]
-
-  private_subnet_tags = { SubnetOf = "Main", SubnetType = "Private" }
-  public_subnet_tags  = { SubnetOf = "Main", SubnetType = "Public" }
-
-  map_public_ip_on_launch = true
-  enable_dns_hostnames    = true
-  enable_dns_support      = true
-
-  private_route_table_tags = { TableOf = "Main", TableType = "Public" }
-}
-
-# Only allow HTTP(s) and SSH traffic. Allow full access to internet.
-resource "aws_security_group" "public_access" {
-  vpc_id = module.vpc.vpc_id
-  tags = { GroupOf = "Main", GroupType = "Public" }
-}
-
-resource "aws_vpc_security_group_ingress_rule" "ingress" {
-  for_each = toset(["80", "443", "22", "2222", "81", "8080", "4321", "1234"])
-
-  security_group_id = aws_security_group.public_access.id
-
-  from_port   = each.value
-  to_port     = each.value
-  ip_protocol = "tcp"
-  cidr_ipv4   = "0.0.0.0/0"
-}
-
-resource "aws_vpc_security_group_egress_rule" "egress" {
-  for_each = toset(["-1"])
-
-  security_group_id = aws_security_group.public_access.id
-
-  from_port   = each.value
-  to_port     = each.value
-  ip_protocol = "-1"
-  cidr_ipv4   = "0.0.0.0/0"
-}

terraform/output.tf

@@ -1,33 +0,0 @@
-output "instance_id" {
-  value       = aws_instance.this.id
-  description = "The instance ID of the Gitea instance."
-}
-
-output "ip_address" {
-  value       = aws_instance.this.private_ip
-  description = "The Gitea IP address."
-}
-
-output "boot_region" {
-  value       = var.aws_region
-  description = "The region to manipulate the codebase repository boot."
-  sensitive   = true
-}
-
-output "boot_id" {
-  value       = module.boot_user.iam_access_key_id
-  description = "The access id to manipulate the codebase repository boot."
-  sensitive   = true
-}
-
-output "boot_secret" {
-  value       = module.boot_user.iam_access_key_secret
-  description = "The access secret to manipulate the codebase repository boot."
-  sensitive   = true
-}
-
-output "full_domain" {
-  value       = "${var.subdomain}.${var.domain}"
-  description = "The domain of the Gitea instance."
-  sensitive   = true
-}

terraform/providers.tf

@@ -1,11 +0,0 @@
-terraform {
-  # The backend is stored in an S3 bucket.
-  backend "s3" {}
-}
-
-# Access AWS through the IaC roles.
-provider "aws" {
-  region     = var.aws_region
-  access_key = var.aws_access
-  secret_key = var.aws_secret
-}

terraform/routing.tf

@@ -1,13 +0,0 @@
-# The Route53 DNS zone.
-data "aws_route53_zone" "main" {
-  name = var.domain
-}
-
-# Push all domain traffic through the reverse proxy.
-resource "aws_route53_record" "domain" {
-  zone_id = data.aws_route53_zone.main.zone_id
-  name    = "${var.subdomain}.${data.aws_route53_zone.main.name}"
-  type    = "A"
-  ttl     = "60"
-  records = [aws_eip.public.public_ip]
-}

terraform/variables.tf

@@ -1,39 +0,0 @@
-variable "aws_region" {
-  type        = string
-  description = "The AWS region things are created in."
-}
-
-variable "aws_access" {
-  type        = string
-  description = "The access key to generate the Gitea instance."
-}
-
-variable "aws_secret" {
-  type        = string
-  description = "The access secret to generate the Gitea instance."
-}
-
-variable "boot_bucket" {
-  type        = string
-  description = "The name of the bucket to store the boot in."
-}
-
-variable "boot_key" {
-  type        = string
-  description = "The path that will hold the boot data."
-}
-
-variable "boot_role" {
-  type        = string
-  description = "The name of the role for boot access."
-}
-
-variable "domain" {
-  type        = string
-  description = "The name of the domain."
-}
-
-variable "subdomain" {
-  type        = string
-  description = "The name of the subdomain."
-}