fix: restore command now seperated

2025-02-11 21:18:55 -05:00
parent f7a0a3e868
commit 116c683300
11 changed files with 77 additions and 37 deletions
--- a/terraform/Taskfile.yml
+++ b/terraform/Taskfile.yml
@@ -1,13 +1,18 @@
 version: 3
 silent: true

+vars:
+  BACKEND: ../config/backend.secret.tf.json
+  VARIABLES: ../config/variables.secret.tf.json
+  OUTPUT: ../config/infrastructure.secret.tf.json
+
 tasks:
-  init: terraform init -backend-config=../config/backend.tf.json
-  plan: terraform plan -var-file=../config/variables.tf.json
+  init: terraform init -backend-config={{.BACKEND}}
+  plan: terraform plan -var-file={{.VARIABLES}}
  destroy: terraform destroy
  format: terraform fmt -recursive
-  out: terraform output -json > ../config/infrastructure.tf.json
+  out: terraform output -json > {{.OUTPUT}}
  apply: 
-    - terraform apply -var-file=../config/variables.tf.json
+    - terraform apply -var-file={{.VARIABLES}}
    - task: out
-  import: terraform import -var-file=../config/variables.tf.json {{.CLI_ARGS}}
+  import: terraform import -var-file={{.VARIABLES}} {{.CLI_ARGS}}
--- a/terraform/iam.tf
+++ b/terraform/iam.tf
@@ -4,8 +4,8 @@ data "aws_s3_bucket" "storage_bucket" {

 data "aws_iam_policy_document" "boot" {
  statement {
-    effect    = "Allow"
-    actions   = ["s3:*", "s3-object-lambda:*"]
+    effect  = "Allow"
+    actions = ["s3:*", "s3-object-lambda:*"]
    resources = [
      "${data.aws_s3_bucket.storage_bucket.arn}/${var.boot_key}",
      "${data.aws_s3_bucket.storage_bucket.arn}/${var.boot_key}/*",
--- a/terraform/install.sh
+++ b/terraform/install.sh
@@ -6,7 +6,6 @@ amazon-linux-extras install docker ansible2 python3.8 -y
 # Make Docker work.
 systemctl enable docker
 systemctl start docker
-sudo usermod -aG docker ssm-user

 # Set up the correct version of Python (for Ansible).
 ln -sf /usr/bin/python3.8 /usr/bin/python3
@@ -26,3 +25,6 @@ service sshd stop
 # Install Docker Compose.
 curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
 chmod +x /usr/local/bin/docker-compose
+
+# ERROR: SSM User not created yet.
+sudo usermod -aG docker ssm-user
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -1,6 +1,6 @@
 # An elastic IP, so if the reverse proxy is modified, the route tables won't.
 resource "aws_eip" "public" {
-  instance = aws_instance.gitea.id
+  instance = aws_instance.this.id
  domain   = "vpc"
 }

@@ -9,17 +9,21 @@ data "aws_iam_instance_profile" "ssm" {
 }

 # The Gitea instance.
-resource "aws_instance" "gitea" {
+resource "aws_instance" "this" {
  # ami           = data.aws_ami.amazon-linux-2.id
  ami           = "ami-0adec96dc0cdc7bca"
  instance_type = "t4g.nano"
  subnet_id     = module.vpc.public_subnets[0]

  user_data                   = file("install.sh")
-  user_data_replace_on_change = false
+  user_data_replace_on_change = true

  iam_instance_profile   = data.aws_iam_instance_profile.ssm.name
  vpc_security_group_ids = [aws_security_group.public_access.id]
+  
+  metadata_options {
+    http_tokens = "required"
+  }

  root_block_device {
    volume_type = "gp3"
@@ -30,3 +34,8 @@ resource "aws_instance" "gitea" {
    Name = "Codebase: Gitea"
  }
 }
+
+resource "aws_ec2_instance_state" "this" {
+  instance_id = aws_instance.this.id
+  state       = "running"
+}
--- a/terraform/network.tf
+++ b/terraform/network.tf
@@ -20,7 +20,7 @@ module "vpc" {
  public_subnets  = [cidrsubnet(local.vpc_cidr, 8, 4)]

  private_subnet_tags = { SubnetOf = "Main", SubnetType = "Private" }
-  public_subnet_tags = { SubnetOf = "Main", SubnetType = "Public" }
+  public_subnet_tags  = { SubnetOf = "Main", SubnetType = "Public" }

  map_public_ip_on_launch = true
  enable_dns_hostnames    = true
--- a/terraform/output.tf
+++ b/terraform/output.tf
@@ -1,27 +1,27 @@
 output "instance_id" {
-  value       = aws_instance.gitea.id
+  value       = aws_instance.this.id
  description = "The instance ID of the Gitea instance."
 }

 output "ip_address" {
-  value       = aws_instance.gitea.private_ip
+  value       = aws_instance.this.private_ip
  description = "The Gitea IP address."
 }

 output "boot_region" {
-  value = var.aws_region
+  value       = var.aws_region
  description = "The region to manipulate the codebase repository boot."
  sensitive   = true
 }

 output "boot_id" {
-  value = module.boot_user.iam_access_key_id
+  value       = module.boot_user.iam_access_key_id
  description = "The access id to manipulate the codebase repository boot."
  sensitive   = true
 }

 output "boot_secret" {
-  value = module.boot_user.iam_access_key_secret
+  value       = module.boot_user.iam_access_key_secret
  description = "The access secret to manipulate the codebase repository boot."
  sensitive   = true
 }
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -14,16 +14,16 @@ variable "aws_secret" {
 }

 variable "boot_bucket" {
-  type = string
+  type        = string
  description = "The name of the bucket to store the boot in."
 }

 variable "boot_key" {
-  type = string
+  type        = string
  description = "The path that will hold the boot data."
 }

 variable "boot_role" {
-  type = string
+  type        = string
  description = "The name of the role for boot access."
 }