made s3 buckets work

This commit is contained in:
Ingolf Wagner 2024-01-07 00:27:29 +01:00
parent de8a334588
commit cea37fb8ca
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
13 changed files with 76 additions and 103 deletions

1
terraform/terranix.org/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
terraform.tfstate*

View file

@ -0,0 +1,18 @@
# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa
terraform {
backend "s3" {
bucket = "terraform-state-terranix-website"
encrypt = false
endpoint = "http://s3.chungus.private"
force_path_style = true
iam_endpoint = "http://s3.chungus.private"
key = "namecheap/terraform.tfstate"
region = "home"
skip_credentials_validation = true
skip_metadata_api_check = true
skip_region_validation = true
skip_requesting_account_id = true
skip_s3_checksum = true
sts_endpoint = "http://s3.chunugs.private"
}
}

View file

@ -0,0 +1,19 @@
# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa
terraform {
required_providers {
namecheap = {
source = "namecheap/namecheap"
version = ">= 2.0.0"
}
}
}
# Namecheap API credentials
provider "namecheap" {
user_name = var.namecheap_user
api_user = var.namecheap_user
api_key = var.namecheap_api_key
}
variable "namecheap_user" {}
variable "namecheap_api_key" {}

View file

@ -0,0 +1,73 @@
locals {
minutes = 60
hours = 60 * local.minutes
days = 24 * local.hours
normal_ttl = 12 * local.hours
short_ttl = 30 * local.minutes
very_short_ttl = 2 * local.minutes
}
resource "namecheap_domain_records" "terranix" {
domain = "terranix.org"
mode = "OVERWRITE"
email_type = "OX"
# terranix.org
record {
address = "terranix.github.io"
hostname = "@"
mx_pref = 10
ttl = local.normal_ttl
type = "CNAME"
}
record {
address = "terranix.github.io"
hostname = "www"
mx_pref = 10
ttl = local.normal_ttl
type = "CNAME"
}
# matrix.terranix.org
record {
address = "144.76.13.147"
hostname = "matrix"
mx_pref = 10
ttl = local.normal_ttl
type = "A"
}
record {
address = "144.76.13.147"
hostname = "element"
mx_pref = 10
ttl = local.normal_ttl
type = "A"
}
# Github Challenges
record {
address = "c3fd9329fe"
hostname = "_github-challenge-terranix-org"
mx_pref = 10
ttl = local.normal_ttl
type = "TXT"
}
record {
address = "ece2e1608cde1d7785b1315d0b0019"
hostname = "_github-pages-challenge-terranix"
mx_pref = 10
ttl = local.normal_ttl
type = "TXT"
}
# Mail Challenges
record {
address = "v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvlSGd9dcuYFJ8CNAIgF/IWzKD8MlW41V4QeMgWgAQvKCW4JU2pF9IlcQGN+7IQf4PtJlzr/ClUspex58q75IZUjcLCGU0QdaqWPveQuIlS4JwgQadfNc8JtOiDlUSxMWfpROyvNyLtXUQftUvmppJDml2evo2OA5CpN7cKPzR4KcVINHlaL23m7mw9rLWWIpoxaGgp/aTi/a9m3PovUQ/lfDPrgvnmEGIc9piVO3DVE64dB/7yAZe9Jd2Qka3nwq5x3so1YPIOKXVK8G40NlyBOfPdKOeKhERuFL5zMIsLlcJd0BeLiuVqobc6DWLQMjrKDUEVnBsx2dJmhosqeG2wIDAQAB"
hostname = "default._domainkey"
mx_pref = 10
ttl = local.normal_ttl
type = "TXT"
}
}

View file

@ -0,0 +1,34 @@
include {
path = find_in_parent_folders()
}
inputs = {
namecheap_user = run_cmd("--terragrunt-quiet", "pass", "show", "development/namecheap.com/username")
namecheap_api_key = run_cmd("--terragrunt-quiet", "pass", "show", "development/namecheap.com/api-key")
}
generate "provider" {
path = "__provider.tf"
if_exists = "overwrite_terragrunt"
contents = <<EOF
terraform {
required_providers {
namecheap = {
source = "namecheap/namecheap"
version = ">= 2.0.0"
}
}
}
# Namecheap API credentials
provider "namecheap" {
user_name = var.namecheap_user
api_user = var.namecheap_user
api_key = var.namecheap_api_key
}
variable "namecheap_user" {}
variable "namecheap_api_key" {}
EOF
}

View file

@ -0,0 +1,31 @@
remote_state {
backend = "s3"
generate = {
path = "__backend.tf"
if_exists = "overwrite"
}
config = {
bucket = "terraform-state-terranix-website"
key = "${path_relative_to_include()}/terraform.tfstate"
region = "home"
encrypt = false
endpoint = "http://s3.chungus.private"
iam_endpoint = "http://s3.chungus.private"
sts_endpoint = "http://s3.chunugs.private"
force_path_style = true
enable_lock_table_ssencryption = false
skip_s3_checksum = true
skip_bucket_public_access_blocking = true
skip_bucket_enforced_tls = true
skip_credentials_validation = true
skip_bucket_root_access = true # use only if the AWS account root user should not have access to the remote state bucket for some reason
skip_bucket_versioning = true # use only if the object store does not support versioning
skip_bucket_ssencryption = true # use only if non-encrypted Terraform State is required and/or the object store does not support server-side encryption
skip_metadata_api_check = true
skip_region_validation = true
skip_requesting_account_id = true
}
}