feat: moved completely over to this repository

2025-01-12 02:25:31 -05:00
parent 9e806d2f60
commit eec96b743a
13 changed files with 254 additions and 23 deletions
--- a/terraform/.terraform.lock.hcl
+++ b/terraform/.terraform.lock.hcl
@@ -0,0 +1,24 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version = "5.83.1"
+  hashes = [
+    "h1:Yy3K7R7881H72rQDzG6qjZVkrWA6DGJzfE21TionY7w=",
+    "zh:0313253c78f195973752c4d1f62bfdd345a9c99c1bc7a612a8c1f1e27d51e49e",
+    "zh:108523f3e9ebc93f7d900c51681f6edbd3f3a56b8a62b0afc31d8214892f91e0",
+    "zh:175b9bf2a00bea6ac1c73796ad77b0e00dcbbde166235017c49377d7763861d8",
+    "zh:1c8bf55b8548bbad683cd6d7bdb03e8840a00b2422dc1529ffb9892820657130",
+    "zh:22338f09bae62d5ff646de00182417f992548da534fee7d98c5d0136d4bd5d7a",
+    "zh:92de1107ec43de60612be5f6255616f16a9cf82d88df1af1c0471b81f3a82c16",
+    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+    "zh:9c7bfb7afea330e6d90e1466125a8cba3db1ed4043c5da52f737459c89290a6e",
+    "zh:ba59b374d477e5610674b70f5abfe0408e8f809390347372751384151440d3d0",
+    "zh:bd1c433966002f586d63cb1e3e16326991f238bc6beeb2352be36ec651917b0b",
+    "zh:ca2b4d1d02651c15261fffa4b142e45def9a22c6069353f0f663fd2046e268f8",
+    "zh:d8ed98c748f7a3f1a72277cfee9afe346aca39ab319d17402277852551d8f14a",
+    "zh:ed3d8bc89de5f35f3c5f4802ff7c749fda2e2be267f9af4a850694f099960a72",
+    "zh:f698732a4391c3f4d7079b4aaa52389da2a460cac5eed438ed688f147d603689",
+    "zh:f9f51b17f2978394954e9f6ab9ef293b8e11f1443117294ccf87f7f8212b3439",
+  ]
+}
--- a/terraform/iam.tf
+++ b/terraform/iam.tf
@@ -2,7 +2,7 @@ data "aws_s3_bucket" "storage_bucket" {
  bucket = var.boot_bucket
 }

-data "aws_iam_policy_document" "gitea_bool_policy" {
+data "aws_iam_policy_document" "boot" {
  statement {
    effect    = "Allow"
    actions   = ["s3:*", "s3-object-lambda:*"]
@@ -10,22 +10,19 @@ data "aws_iam_policy_document" "gitea_bool_policy" {
  }
 }

-resource "aws_iam_policy" "gitea_boot_policy" {
+resource "aws_iam_policy" "boot" {
  name        = "${var.boot_role}Policy"
  description = "The policy that manages the Gitea Boot."

-  policy = data.aws_iam_policy_document.gitea_bool_policy.json
+  policy = data.aws_iam_policy_document.boot.json
 }

-resource "aws_iam_user" "gitea_boot_user" {
+module "boot_user" {
+  source  = "terraform-aws-modules/iam/aws//modules/iam-user"
+  version = "5.52.2"
+
+  create_iam_user_login_profile = false
  name = "${var.boot_role}User"
+  password_reset_required = false
+  policy_arns = [aws_iam_policy.boot.arn]
 }
-
-resource "aws_iam_user_policy_attachment" "attachment" {
-  user       = aws_iam_user.gitea_boot_user.name
-  policy_arn = aws_iam_policy.gitea_boot_policy.arn
-}
-
-resource "aws_iam_access_key" "gitea_boot_key" {
-  user = aws_iam_user.gitea_boot_user.name
-}
--- a/terraform/install.sh
+++ b/terraform/install.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+amazon-linux-extras install docker ansible2 python3.8 -y
+
+# Make Docker work.
+systemctl enable docker
+systemctl start docker
+sudo usermod -a -G docker ssm-user
+
+# Set up the correct version of Python (for Ansible).
+ln -sf /usr/bin/python3.8 /usr/bin/python3
+ln -sf /usr/bin/pip3.8 /usr/bin/pip3
+pip3 install botocore boto3 requests
+python3 -m pip install -U pip
+
+# Add some swap space.
+dd if=/dev/zero of=/swapfile bs=128M count=8
+chmod 600 /swapfile
+mkswap /swapfile
+swapon /swapfile
+
+# Stop SSH (because we have SSM.)
+sudo service sshd stop
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -7,7 +7,7 @@ resource "aws_instance" "gitea" {
  # ami           = data.aws_ami.amazon-linux-2.id
  ami           = "ami-0adec96dc0cdc7bca"
  instance_type = "t4g.nano"
-  subnet_id     = var.subnet
+  subnet_id     = data.aws_subnet.subnet.id

  user_data                   = file("install.sh")
  user_data_replace_on_change = true
--- a/terraform/network.tf
+++ b/terraform/network.tf
@@ -0,0 +1,6 @@
+data "aws_subnet" "subnet" {
+  tags = {
+    SubnetType = "Private"
+    SubnetOf = "Main"
+  }
+}
--- a/terraform/output.tf
+++ b/terraform/output.tf
@@ -9,19 +9,19 @@ output "ip_address" {
 }

 output "boot_region" {
-  value = var.region
+  value = var.aws_region
  description = "The region to manipulate the codebase repository boot."
  sensitive   = true
 }

 output "boot_id" {
-  value = aws_iam_access_key.gitea_boot_key.id
+  value = module.boot_user.iam_access_key_id
  description = "The access id to manipulate the codebase repository boot."
  sensitive   = true
 }

 output "boot_secret" {
-  value = aws_iam_access_key.gitea_boot_key.secret
+  value = module.boot_user.iam_access_key_secret
  description = "The access secret to manipulate the codebase repository boot."
  sensitive   = true
 }
--- a/terraform/providers.tf
+++ b/terraform/providers.tf
@@ -0,0 +1,11 @@
+terraform {
+  # The backend is stored in an S3 bucket.
+  backend "s3" {}
+}
+
+# Access AWS through the IaC roles.
+provider "aws" {
+  region     = var.aws_region
+  access_key = var.aws_access
+  secret_key = var.aws_secret
+}
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -1,8 +1,18 @@
-variable "region" {
+variable "aws_region" {
  type        = string
  description = "The AWS region things are created in."
 }

+variable "aws_access" {
+  type        = string
+  description = "The access key to generate the Gitea instance."
+}
+
+variable "aws_secret" {
+  type        = string
+  description = "The access secret to generate the Gitea instance."
+}
+
 variable "boot_bucket" {
  type = string
  description = "The name of the bucket to store the boot in."
@@ -17,8 +27,3 @@ variable "boot_role" {
  type = string
  description = "The name of the role for boot access."
 }
-
-variable "subnet" {
-  type = string
-  description = "The ID of the subnet that the instance will be housed in."
-}