style: renaming scheme for config files

Taskfile.yml

@@ -1,5 +1,4 @@
 version: 3
-# silent: true
 
 includes:
   tf: { taskfile: terraform, dir: terraform }
@@ -7,19 +6,14 @@ includes:
 tasks:
   dev: docker compose -f compose.dev.yml up --build --force-recreate --no-deps
 
-
+  deploy:fast: ansible-playbook playbooks/fast.yml
-  build:slow: ansible-playbook playbooks/build.yml
+  deploy:slow: ansible-playbook playbooks/slow.yml
-  deploy:slow: ansible-playbook playbooks/deploy.yml
+  deploy:restore: ansible-playbook playbooks/restore.yml -e "restore_bucket={{.BUCKET}} restore_key={{.KEY}}"
-  build:fast: ansible-playbook playbooks/fast-build.yml
-  deploy:fast: ansible-playbook playbooks/fast-deploy.yml
-  restore: ansible-playbook playbooks/restore.yml -e "restore_bucket={{.BUCKET}} restore_key={{.KEY}}"
-  run:slow: [task: build:slow, task: deploy:slow]
-  run:fast: [task: build:fast, task: deploy:fast]
 
   enter:
     cmd: aws ssm start-session --target $INSTANCE_ID
     env:
-      INSTANCE_ID: { sh: jq -r .instance_id.value < config/infrastructure.secret.tf.json }
+      INSTANCE_ID: { sh: jq -r .instance_id.value < config/infrastructure.secret.json }
       AWS_REGION: { sh: jq -r .aws_region < config/ansible.secret.json }
       AWS_ACCESS_KEY_ID: { sh: jq -r .aws_access_key < config/ansible.secret.json }
       AWS_SECRET_ACCESS_KEY: { sh: jq -r .aws_secret_key < config/ansible.secret.json }

playbooks/build.yml

@@ -1,42 +0,0 @@
-- name: Make build artifact.
-  hosts: localhost
-  vars_files: ../config/ansible.secret.json
-  gather_facts: false
-  tasks:
-    - name: Build image.
-      community.docker.docker_image_build:
-        name: "{{ image_name }}"
-        path: ../gitea
-        nocache: true
-        rebuild: always
-        pull: true
-
-    - name: Make temp file.
-      ansible.builtin.tempfile:
-        suffix: .tar
-      register: tar_file
-
-    - name: Push image to archive.
-      community.docker.docker_image:
-        name: "{{ image_name }}"
-        archive_path: "{{ tar_file.path }}"
-        source: local
-
-    - name: Compress archive to artifact.
-      register: compress_image
-      community.general.archive:
-        path: "{{ tar_file.path }}"
-        dest: "{{ tar_file.path }}.xz"
-        format: xz
-        mode: "0644"
-
-    - name: Push artifact to S3.
-      amazon.aws.s3_object:
-        bucket: "{{ image_bucket }}"
-        object: "{{ image_key }}"
-        src: "{{ tar_file.path }}.xz"
-        mode: put
-
-        region: "{{ aws_region }}"
-        access_key: "{{ aws_access_key }}"
-        secret_key: "{{ aws_secret_key }}"

playbooks/fast-build.yml

@@ -1,29 +0,0 @@
-- name: Make build artifact.
-  hosts: localhost
-  vars_files:
-    - ../config/ansible.secret.json
-    - ../config/infrastructure.secret.tf.json
-  gather_facts: false
-  tasks:
-    - name: Log into Docker.
-      community.docker.docker_login:
-        registry_url: '{{ full_domain.value }}'
-        username: '{{ username }}'
-        password: '{{ api_key }}'
-        reauthorize: true
-
-    - name: Build image.
-      community.docker.docker_image_build:
-        name: "{{ full_domain.value }}/{{ image_name }}:latest"
-        path: ../gitea
-        nocache: true
-        rebuild: always
-        pull: true
-        outputs: [{ type: image, push: true }]
-        platform:
-          - linux/amd64
-          - linux/arm64/v8
-
-    - name: Log out of Docker.
-      community.docker.docker_login:
-        state: absent

playbooks/fast.yml

@@ -1,17 +1,46 @@
+- name: Make build artifact.
+  hosts: localhost
+  vars_files:
+    - ../config/ansible.secret.json
+    - ../config/infrastructure.secret.json
+  gather_facts: false
+  tasks:
+    - name: Log into Docker.
+      community.docker.docker_login:
+        registry_url: '{{ full_domain.value }}'
+        username: '{{ username }}'
+        password: '{{ api_key }}'
+        reauthorize: true
+
+    - name: Build image.
+      community.docker.docker_image_build:
+        name: "{{ full_domain.value }}/{{ image_name }}:latest"
+        path: ../gitea
+        nocache: true
+        rebuild: always
+        pull: true
+        outputs: [{ type: image, push: true }]
+        platform:
+          - linux/amd64
+          - linux/arm64/v8
+
+    - name: Log out of Docker.
+      community.docker.docker_login:
+        state: absent
+
 - name: Deploy artifact to instance.
   hosts: localhost
   become: true
   gather_facts: false
   vars_files:
     - ../config/ansible.secret.json
-    - ../config/infrastructure.secret.tf.json
+    - ../config/infrastructure.secret.json
   vars:
     ansible_connection: aws_ssm
-    ansible_python_interpreter: /usr/bin/python3
     ansible_aws_ssm_plugin: "{{ ssm_plugin }}"
     ansible_aws_ssm_bucket_name: "{{ image_bucket }}"
     ansible_aws_ssm_instance_id: "{{ instance_id.value }}"
-
+    ansible_python_interpreter: /usr/bin/python3
     ansible_aws_ssm_region: "{{ aws_region }}"
     ansible_aws_ssm_access_key_id: "{{ aws_access_key }}"
     ansible_aws_ssm_secret_access_key: "{{ aws_secret_key }}"

playbooks/restore.yml

@@ -4,14 +4,13 @@
   gather_facts: false
   vars_files:
     - ../config/ansible.secret.json
-    - ../config/infrastructure.secret.tf.json
+    - ../config/infrastructure.secret.json
   vars:
     ansible_connection: aws_ssm
     ansible_python_interpreter: /usr/bin/python3
     ansible_aws_ssm_plugin: "{{ ssm_plugin }}"
     ansible_aws_ssm_bucket_name: "{{ image_bucket }}"
     ansible_aws_ssm_instance_id: "{{ instance_id.value }}"
-
     ansible_aws_ssm_region: "{{ aws_region }}"
     ansible_aws_ssm_access_key_id: "{{ aws_access_key }}"
     ansible_aws_ssm_secret_access_key: "{{ aws_secret_key }}"

playbooks/slow.yml

@@ -1,17 +1,59 @@
+- name: Make build artifact.
+  hosts: localhost
+  vars_files: ../config/ansible.secret.json
+  gather_facts: false
+  tasks:
+    - name: Build image.
+      community.docker.docker_image_build:
+        name: "{{ image_name }}"
+        path: ../gitea
+        nocache: true
+        rebuild: always
+        pull: true
+
+    - name: Make temp file.
+      ansible.builtin.tempfile:
+        suffix: .tar
+      register: tar_file
+
+    - name: Push image to archive.
+      community.docker.docker_image:
+        name: "{{ image_name }}"
+        archive_path: "{{ tar_file.path }}"
+        source: local
+
+    - name: Compress archive to artifact.
+      register: compress_image
+      community.general.archive:
+        path: "{{ tar_file.path }}"
+        dest: "{{ tar_file.path }}.xz"
+        format: xz
+        mode: "0644"
+
+    - name: Push artifact to S3.
+      amazon.aws.s3_object:
+        bucket: "{{ image_bucket }}"
+        object: "{{ image_key }}"
+        src: "{{ tar_file.path }}.xz"
+        mode: put
+
+        region: "{{ aws_region }}"
+        access_key: "{{ aws_access_key }}"
+        secret_key: "{{ aws_secret_key }}"
+
 - name: Deploy artifact to instance.
   hosts: localhost
   become: true
   gather_facts: false
   vars_files:
     - ../config/ansible.secret.json
-    - ../config/infrastructure.secret.tf.json
+    - ../config/infrastructure.secret.json
   vars:
     ansible_connection: aws_ssm
     ansible_python_interpreter: /usr/bin/python3
     ansible_aws_ssm_plugin: "{{ ssm_plugin }}"
     ansible_aws_ssm_bucket_name: "{{ image_bucket }}"
     ansible_aws_ssm_instance_id: "{{ instance_id.value }}"
-
     ansible_aws_ssm_region: "{{ aws_region }}"
     ansible_aws_ssm_access_key_id: "{{ aws_access_key }}"
     ansible_aws_ssm_secret_access_key: "{{ aws_secret_key }}"

terraform/Taskfile.yml

@@ -2,9 +2,9 @@ version: 3
 silent: true
 
 vars:
-  BACKEND: ../config/backend.secret.tf.json
+  BACKEND: ../config/backend.secret.json
-  VARIABLES: ../config/variables.secret.tf.json
+  VARIABLES: ../config/variables.secret.json
-  OUTPUT: ../config/infrastructure.secret.tf.json
+  OUTPUT: ../config/infrastructure.secret.json
 
 tasks:
   init: terraform init -backend-config={{.BACKEND}}

terraform/main.tf

@@ -4,8 +4,10 @@ resource "aws_eip" "public" {
   domain   = "vpc"
 }
 
-data "aws_iam_instance_profile" "ssm" {
+# An instance profile for access via AWS SSM.
+resource "aws_iam_instance_profile" "ssm" {
   name = "SSMInstanceProfile"
+  role = "AmazonSSMRoleForInstancesQuickSetup"
 }
 
 # The Gitea instance.
@@ -18,7 +20,7 @@ resource "aws_instance" "this" {
   user_data                   = file("install.sh")
   user_data_replace_on_change = false
 
-  iam_instance_profile   = data.aws_iam_instance_profile.ssm.name
+  iam_instance_profile   = aws_iam_instance_profile.ssm.name
   vpc_security_group_ids = [aws_security_group.public_access.id]
   
   metadata_options {