made s3 buckets work
This commit is contained in:
parent
de8a334588
commit
cea37fb8ca
13 changed files with 76 additions and 103 deletions
1
terraform/terranix.org/.gitignore
vendored
Normal file
1
terraform/terranix.org/.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
|||
terraform.tfstate*
|
18
terraform/terranix.org/targets/namecheap/__backend.tf
Normal file
18
terraform/terranix.org/targets/namecheap/__backend.tf
Normal file
|
@ -0,0 +1,18 @@
|
|||
# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa
|
||||
terraform {
|
||||
backend "s3" {
|
||||
bucket = "terraform-state-terranix-website"
|
||||
encrypt = false
|
||||
endpoint = "http://s3.chungus.private"
|
||||
force_path_style = true
|
||||
iam_endpoint = "http://s3.chungus.private"
|
||||
key = "namecheap/terraform.tfstate"
|
||||
region = "home"
|
||||
skip_credentials_validation = true
|
||||
skip_metadata_api_check = true
|
||||
skip_region_validation = true
|
||||
skip_requesting_account_id = true
|
||||
skip_s3_checksum = true
|
||||
sts_endpoint = "http://s3.chunugs.private"
|
||||
}
|
||||
}
|
19
terraform/terranix.org/targets/namecheap/__provider.tf
Normal file
19
terraform/terranix.org/targets/namecheap/__provider.tf
Normal file
|
@ -0,0 +1,19 @@
|
|||
# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa
|
||||
terraform {
|
||||
required_providers {
|
||||
namecheap = {
|
||||
source = "namecheap/namecheap"
|
||||
version = ">= 2.0.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Namecheap API credentials
|
||||
provider "namecheap" {
|
||||
user_name = var.namecheap_user
|
||||
api_user = var.namecheap_user
|
||||
api_key = var.namecheap_api_key
|
||||
}
|
||||
|
||||
variable "namecheap_user" {}
|
||||
variable "namecheap_api_key" {}
|
73
terraform/terranix.org/targets/namecheap/main.tf
Normal file
73
terraform/terranix.org/targets/namecheap/main.tf
Normal file
|
@ -0,0 +1,73 @@
|
|||
locals {
|
||||
minutes = 60
|
||||
hours = 60 * local.minutes
|
||||
days = 24 * local.hours
|
||||
|
||||
normal_ttl = 12 * local.hours
|
||||
short_ttl = 30 * local.minutes
|
||||
very_short_ttl = 2 * local.minutes
|
||||
}
|
||||
|
||||
resource "namecheap_domain_records" "terranix" {
|
||||
domain = "terranix.org"
|
||||
mode = "OVERWRITE"
|
||||
email_type = "OX"
|
||||
|
||||
# terranix.org
|
||||
record {
|
||||
address = "terranix.github.io"
|
||||
hostname = "@"
|
||||
mx_pref = 10
|
||||
ttl = local.normal_ttl
|
||||
type = "CNAME"
|
||||
}
|
||||
record {
|
||||
address = "terranix.github.io"
|
||||
hostname = "www"
|
||||
mx_pref = 10
|
||||
ttl = local.normal_ttl
|
||||
type = "CNAME"
|
||||
}
|
||||
|
||||
# matrix.terranix.org
|
||||
record {
|
||||
address = "144.76.13.147"
|
||||
hostname = "matrix"
|
||||
mx_pref = 10
|
||||
ttl = local.normal_ttl
|
||||
type = "A"
|
||||
}
|
||||
record {
|
||||
address = "144.76.13.147"
|
||||
hostname = "element"
|
||||
mx_pref = 10
|
||||
ttl = local.normal_ttl
|
||||
type = "A"
|
||||
}
|
||||
|
||||
# Github Challenges
|
||||
record {
|
||||
address = "c3fd9329fe"
|
||||
hostname = "_github-challenge-terranix-org"
|
||||
mx_pref = 10
|
||||
ttl = local.normal_ttl
|
||||
type = "TXT"
|
||||
}
|
||||
record {
|
||||
address = "ece2e1608cde1d7785b1315d0b0019"
|
||||
hostname = "_github-pages-challenge-terranix"
|
||||
mx_pref = 10
|
||||
ttl = local.normal_ttl
|
||||
type = "TXT"
|
||||
}
|
||||
|
||||
# Mail Challenges
|
||||
record {
|
||||
address = "v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvlSGd9dcuYFJ8CNAIgF/IWzKD8MlW41V4QeMgWgAQvKCW4JU2pF9IlcQGN+7IQf4PtJlzr/ClUspex58q75IZUjcLCGU0QdaqWPveQuIlS4JwgQadfNc8JtOiDlUSxMWfpROyvNyLtXUQftUvmppJDml2evo2OA5CpN7cKPzR4KcVINHlaL23m7mw9rLWWIpoxaGgp/aTi/a9m3PovUQ/lfDPrgvnmEGIc9piVO3DVE64dB/7yAZe9Jd2Qka3nwq5x3so1YPIOKXVK8G40NlyBOfPdKOeKhERuFL5zMIsLlcJd0BeLiuVqobc6DWLQMjrKDUEVnBsx2dJmhosqeG2wIDAQAB"
|
||||
hostname = "default._domainkey"
|
||||
mx_pref = 10
|
||||
ttl = local.normal_ttl
|
||||
type = "TXT"
|
||||
}
|
||||
|
||||
}
|
34
terraform/terranix.org/targets/namecheap/terragrunt.hcl
Normal file
34
terraform/terranix.org/targets/namecheap/terragrunt.hcl
Normal file
|
@ -0,0 +1,34 @@
|
|||
|
||||
include {
|
||||
path = find_in_parent_folders()
|
||||
}
|
||||
|
||||
inputs = {
|
||||
namecheap_user = run_cmd("--terragrunt-quiet", "pass", "show", "development/namecheap.com/username")
|
||||
namecheap_api_key = run_cmd("--terragrunt-quiet", "pass", "show", "development/namecheap.com/api-key")
|
||||
}
|
||||
|
||||
generate "provider" {
|
||||
path = "__provider.tf"
|
||||
if_exists = "overwrite_terragrunt"
|
||||
contents = <<EOF
|
||||
terraform {
|
||||
required_providers {
|
||||
namecheap = {
|
||||
source = "namecheap/namecheap"
|
||||
version = ">= 2.0.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Namecheap API credentials
|
||||
provider "namecheap" {
|
||||
user_name = var.namecheap_user
|
||||
api_user = var.namecheap_user
|
||||
api_key = var.namecheap_api_key
|
||||
}
|
||||
|
||||
variable "namecheap_user" {}
|
||||
variable "namecheap_api_key" {}
|
||||
EOF
|
||||
}
|
31
terraform/terranix.org/targets/terragrunt.hcl
Normal file
31
terraform/terranix.org/targets/terragrunt.hcl
Normal file
|
@ -0,0 +1,31 @@
|
|||
|
||||
remote_state {
|
||||
backend = "s3"
|
||||
generate = {
|
||||
path = "__backend.tf"
|
||||
if_exists = "overwrite"
|
||||
}
|
||||
config = {
|
||||
bucket = "terraform-state-terranix-website"
|
||||
key = "${path_relative_to_include()}/terraform.tfstate"
|
||||
region = "home"
|
||||
encrypt = false
|
||||
|
||||
endpoint = "http://s3.chungus.private"
|
||||
iam_endpoint = "http://s3.chungus.private"
|
||||
sts_endpoint = "http://s3.chunugs.private"
|
||||
|
||||
force_path_style = true
|
||||
enable_lock_table_ssencryption = false
|
||||
skip_s3_checksum = true
|
||||
skip_bucket_public_access_blocking = true
|
||||
skip_bucket_enforced_tls = true
|
||||
skip_credentials_validation = true
|
||||
skip_bucket_root_access = true # use only if the AWS account root user should not have access to the remote state bucket for some reason
|
||||
skip_bucket_versioning = true # use only if the object store does not support versioning
|
||||
skip_bucket_ssencryption = true # use only if non-encrypted Terraform State is required and/or the object store does not support server-side encryption
|
||||
skip_metadata_api_check = true
|
||||
skip_region_validation = true
|
||||
skip_requesting_account_id = true
|
||||
}
|
||||
}
|
Loading…
Add table
Add a link
Reference in a new issue