From 06646e7ec7b124feed41c4c91b61a4447fb68122 Mon Sep 17 00:00:00 2001 From: Max Date: Sun, 22 Jun 2025 03:47:54 -0400 Subject: [PATCH] feat: added config edit to taskfile --- Taskfile.yml | 11 ++----- terraform/.terraform.lock.hcl | 24 --------------- terraform/Taskfile.yml | 18 ------------ terraform/iam.tf | 31 -------------------- terraform/install.sh | 31 -------------------- terraform/main.tf | 43 --------------------------- terraform/network.tf | 55 ----------------------------------- terraform/output.tf | 33 --------------------- terraform/providers.tf | 11 ------- terraform/routing.tf | 13 --------- terraform/variables.tf | 39 ------------------------- 11 files changed, 3 insertions(+), 306 deletions(-) delete mode 100644 terraform/.terraform.lock.hcl delete mode 100644 terraform/Taskfile.yml delete mode 100644 terraform/iam.tf delete mode 100755 terraform/install.sh delete mode 100644 terraform/main.tf delete mode 100644 terraform/network.tf delete mode 100644 terraform/output.tf delete mode 100644 terraform/providers.tf delete mode 100644 terraform/routing.tf delete mode 100644 terraform/variables.tf diff --git a/Taskfile.yml b/Taskfile.yml index f18c3ea..e61cdac 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -11,11 +11,6 @@ tasks: deploy:fast: ansible-playbook playbooks/fast.yml deploy:slow: ansible-playbook playbooks/slow.yml deploy:restore: ansible-playbook playbooks/restore.yml -e "restore_bucket={{.BUCKET}} restore_key={{.KEY}}" - - enter: - cmd: aws ssm start-session --target $INSTANCE_ID - env: - INSTANCE_ID: { sh: jq -r .instance_id.value < config/infrastructure.secret.json } - AWS_REGION: { sh: jq -r .aws_region < config/ansible.secret.json } - AWS_ACCESS_KEY_ID: { sh: jq -r .aws_access_key < config/ansible.secret.json } - AWS_SECRET_ACCESS_KEY: { sh: jq -r .aws_secret_key < config/ansible.secret.json } + + vault: ansible-vault edit vault.yml + inventory: ansible-vault edit inventory.ini diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl deleted file mode 100644 index 8b9ee2c..0000000 --- a/terraform/.terraform.lock.hcl +++ /dev/null @@ -1,24 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "5.83.1" - hashes = [ - "h1:Yy3K7R7881H72rQDzG6qjZVkrWA6DGJzfE21TionY7w=", - "zh:0313253c78f195973752c4d1f62bfdd345a9c99c1bc7a612a8c1f1e27d51e49e", - "zh:108523f3e9ebc93f7d900c51681f6edbd3f3a56b8a62b0afc31d8214892f91e0", - "zh:175b9bf2a00bea6ac1c73796ad77b0e00dcbbde166235017c49377d7763861d8", - "zh:1c8bf55b8548bbad683cd6d7bdb03e8840a00b2422dc1529ffb9892820657130", - "zh:22338f09bae62d5ff646de00182417f992548da534fee7d98c5d0136d4bd5d7a", - "zh:92de1107ec43de60612be5f6255616f16a9cf82d88df1af1c0471b81f3a82c16", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:9c7bfb7afea330e6d90e1466125a8cba3db1ed4043c5da52f737459c89290a6e", - "zh:ba59b374d477e5610674b70f5abfe0408e8f809390347372751384151440d3d0", - "zh:bd1c433966002f586d63cb1e3e16326991f238bc6beeb2352be36ec651917b0b", - "zh:ca2b4d1d02651c15261fffa4b142e45def9a22c6069353f0f663fd2046e268f8", - "zh:d8ed98c748f7a3f1a72277cfee9afe346aca39ab319d17402277852551d8f14a", - "zh:ed3d8bc89de5f35f3c5f4802ff7c749fda2e2be267f9af4a850694f099960a72", - "zh:f698732a4391c3f4d7079b4aaa52389da2a460cac5eed438ed688f147d603689", - "zh:f9f51b17f2978394954e9f6ab9ef293b8e11f1443117294ccf87f7f8212b3439", - ] -} diff --git a/terraform/Taskfile.yml b/terraform/Taskfile.yml deleted file mode 100644 index 4f51aec..0000000 --- a/terraform/Taskfile.yml +++ /dev/null @@ -1,18 +0,0 @@ -version: 3 -silent: true - -vars: - BACKEND: ../config/backend.secret.json - VARIABLES: ../config/variables.secret.json - OUTPUT: ../config/infrastructure.secret.json - -tasks: - init: terraform init -backend-config={{.BACKEND}} - plan: terraform plan -var-file={{.VARIABLES}} - destroy: terraform destroy - format: terraform fmt -recursive - out: terraform output -json > {{.OUTPUT}} - apply: - - terraform apply -var-file={{.VARIABLES}} - - task: out - import: terraform import -var-file={{.VARIABLES}} {{.CLI_ARGS}} \ No newline at end of file diff --git a/terraform/iam.tf b/terraform/iam.tf deleted file mode 100644 index eba76dc..0000000 --- a/terraform/iam.tf +++ /dev/null @@ -1,31 +0,0 @@ -data "aws_s3_bucket" "storage_bucket" { - bucket = var.boot_bucket -} - -data "aws_iam_policy_document" "boot" { - statement { - effect = "Allow" - actions = ["s3:*", "s3-object-lambda:*"] - resources = [ - "${data.aws_s3_bucket.storage_bucket.arn}/${var.boot_key}", - "${data.aws_s3_bucket.storage_bucket.arn}/${var.boot_key}/*", - ] - } -} - -resource "aws_iam_policy" "boot" { - name = "${var.boot_role}Policy" - description = "The policy that manages the Gitea Boot." - - policy = data.aws_iam_policy_document.boot.json -} - -module "boot_user" { - source = "terraform-aws-modules/iam/aws//modules/iam-user" - version = "5.52.2" - - create_iam_user_login_profile = false - name = "${var.boot_role}User" - password_reset_required = false - policy_arns = [aws_iam_policy.boot.arn] -} diff --git a/terraform/install.sh b/terraform/install.sh deleted file mode 100755 index 895828d..0000000 --- a/terraform/install.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/sh - -## Install extras. -rpm --rebuilddb -amazon-linux-extras install docker ansible2 python3.8 -y - -# Make Docker work. -systemctl enable docker -systemctl start docker - -# Set up the correct version of Python (for Ansible). -ln -sf /usr/bin/python3.8 /usr/bin/python3 -ln -sf /usr/bin/pip3.8 /usr/bin/pip3 -pip3 install botocore boto3 requests packaging --user ssm-user -python3 -m pip install -U pip - -# Add some swap space. -dd if=/dev/zero of=/swapfile bs=128M count=8 -chmod 600 /swapfile -mkswap /swapfile -swapon /swapfile - -# Stop SSH (because we have SSM.) -service sshd stop - -# Install Docker Compose. -curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose -chmod +x /usr/local/bin/docker-compose - -# ERROR: SSM User not created yet. -sudo usermod -aG docker ssm-user diff --git a/terraform/main.tf b/terraform/main.tf deleted file mode 100644 index 69704ec..0000000 --- a/terraform/main.tf +++ /dev/null @@ -1,43 +0,0 @@ -# An elastic IP, so if the reverse proxy is modified, the route tables won't. -resource "aws_eip" "public" { - instance = aws_instance.this.id - domain = "vpc" -} - -# An instance profile for access via AWS SSM. -resource "aws_iam_instance_profile" "ssm" { - name = "SSMInstanceProfile" - role = "AmazonSSMRoleForInstancesQuickSetup" -} - -# The Gitea instance. -resource "aws_instance" "this" { - # ami = data.aws_ami.amazon-linux-2.id - ami = "ami-0adec96dc0cdc7bca" - instance_type = "t4g.nano" - subnet_id = module.vpc.public_subnets[0] - - user_data = file("install.sh") - user_data_replace_on_change = true - - iam_instance_profile = aws_iam_instance_profile.ssm.name - vpc_security_group_ids = [aws_security_group.public_access.id] - - metadata_options { - http_tokens = "required" - } - - root_block_device { - volume_type = "gp3" - volume_size = 8 - } - - tags = { - Name = "Codebase: Gitea" - } -} - -resource "aws_ec2_instance_state" "this" { - instance_id = aws_instance.this.id - state = "running" -} diff --git a/terraform/network.tf b/terraform/network.tf deleted file mode 100644 index a93837d..0000000 --- a/terraform/network.tf +++ /dev/null @@ -1,55 +0,0 @@ -locals { - # The IP block for the VPC. - vpc_cidr = "10.0.0.0/16" -} - -data "aws_availability_zones" "all" {} - -# The main VPC. -module "vpc" { - source = "terraform-aws-modules/vpc/aws" - - name = "Main" - cidr = local.vpc_cidr - - azs = [data.aws_availability_zones.all.names[0]] - private_subnets = [cidrsubnet(local.vpc_cidr, 8, 0)] - public_subnets = [cidrsubnet(local.vpc_cidr, 8, 4)] - - private_subnet_tags = { SubnetOf = "Main", SubnetType = "Private" } - public_subnet_tags = { SubnetOf = "Main", SubnetType = "Public" } - - map_public_ip_on_launch = true - enable_dns_hostnames = true - enable_dns_support = true - - private_route_table_tags = { TableOf = "Main", TableType = "Public" } -} - -# Only allow HTTP(s) and SSH traffic. Allow full access to internet. -resource "aws_security_group" "public_access" { - vpc_id = module.vpc.vpc_id - tags = { GroupOf = "Main", GroupType = "Public" } -} - -resource "aws_vpc_security_group_ingress_rule" "ingress" { - for_each = toset(["80", "443", "22", "2222", "81", "8080", "4321", "1234"]) - - security_group_id = aws_security_group.public_access.id - - from_port = each.value - to_port = each.value - ip_protocol = "tcp" - cidr_ipv4 = "0.0.0.0/0" -} - -resource "aws_vpc_security_group_egress_rule" "egress" { - for_each = toset(["-1"]) - - security_group_id = aws_security_group.public_access.id - - from_port = each.value - to_port = each.value - ip_protocol = "-1" - cidr_ipv4 = "0.0.0.0/0" -} \ No newline at end of file diff --git a/terraform/output.tf b/terraform/output.tf deleted file mode 100644 index 065b01c..0000000 --- a/terraform/output.tf +++ /dev/null @@ -1,33 +0,0 @@ -output "instance_id" { - value = aws_instance.this.id - description = "The instance ID of the Gitea instance." -} - -output "ip_address" { - value = aws_instance.this.private_ip - description = "The Gitea IP address." -} - -output "boot_region" { - value = var.aws_region - description = "The region to manipulate the codebase repository boot." - sensitive = true -} - -output "boot_id" { - value = module.boot_user.iam_access_key_id - description = "The access id to manipulate the codebase repository boot." - sensitive = true -} - -output "boot_secret" { - value = module.boot_user.iam_access_key_secret - description = "The access secret to manipulate the codebase repository boot." - sensitive = true -} - -output "full_domain" { - value = "${var.subdomain}.${var.domain}" - description = "The domain of the Gitea instance." - sensitive = true -} diff --git a/terraform/providers.tf b/terraform/providers.tf deleted file mode 100644 index d97d5b4..0000000 --- a/terraform/providers.tf +++ /dev/null @@ -1,11 +0,0 @@ -terraform { - # The backend is stored in an S3 bucket. - backend "s3" {} -} - -# Access AWS through the IaC roles. -provider "aws" { - region = var.aws_region - access_key = var.aws_access - secret_key = var.aws_secret -} \ No newline at end of file diff --git a/terraform/routing.tf b/terraform/routing.tf deleted file mode 100644 index a9bf3df..0000000 --- a/terraform/routing.tf +++ /dev/null @@ -1,13 +0,0 @@ -# The Route53 DNS zone. -data "aws_route53_zone" "main" { - name = var.domain -} - -# Push all domain traffic through the reverse proxy. -resource "aws_route53_record" "domain" { - zone_id = data.aws_route53_zone.main.zone_id - name = "${var.subdomain}.${data.aws_route53_zone.main.name}" - type = "A" - ttl = "60" - records = [aws_eip.public.public_ip] -} \ No newline at end of file diff --git a/terraform/variables.tf b/terraform/variables.tf deleted file mode 100644 index 45ee6ed..0000000 --- a/terraform/variables.tf +++ /dev/null @@ -1,39 +0,0 @@ -variable "aws_region" { - type = string - description = "The AWS region things are created in." -} - -variable "aws_access" { - type = string - description = "The access key to generate the Gitea instance." -} - -variable "aws_secret" { - type = string - description = "The access secret to generate the Gitea instance." -} - -variable "boot_bucket" { - type = string - description = "The name of the bucket to store the boot in." -} - -variable "boot_key" { - type = string - description = "The path that will hold the boot data." -} - -variable "boot_role" { - type = string - description = "The name of the role for boot access." -} - -variable "domain" { - type = string - description = "The name of the domain." -} - -variable "subdomain" { - type = string - description = "The name of the subdomain." -}