From f4daa69ff0c5ffe437fe5465db84452e43d0b02e Mon Sep 17 00:00:00 2001
From: Roberto Hidalgo <un@rob.mx>
Date: Wed, 8 Nov 2023 20:24:15 -0600
Subject: [PATCH] chau, bedstuy. hola bernal

---
 .gitattributes  |  1 +
 gotosocial.yaml | 13 +++++++++++
 gts.nomad       |  8 +++----
 litestream.yaml | 12 ++++++----
 main.tf         | 62 +++++++++----------------------------------------
 5 files changed, 36 insertions(+), 60 deletions(-)
 create mode 100644 .gitattributes

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..0c64dc9
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+**/*.joao.yaml filter=joao diff=joao
diff --git a/gotosocial.yaml b/gotosocial.yaml
index dfdb5b8..e6fefde 100644
--- a/gotosocial.yaml
+++ b/gotosocial.yaml
@@ -8,6 +8,19 @@
 log-level: "info"
 log-db-queries: false
 
+# String. Format to use for the timestamp in log lines.
+# If set to the empty string, the timestamp will be
+# ommitted from the logs entirely.
+#
+# The format must be compatible with Go's time.Layout, as
+# documented on https://pkg.go.dev/time#pkg-constants.
+#
+# Examples: [true, false]
+# Default: "02/01/2006 15:04:05.000"
+log-timestamp-format: "2006-01-02T15:04:05Z07:00"
+
+
+
 application-name: "club patito"
 
 # String. Hostname that this server will be reachable at. Defaults to localhost for local testing,
diff --git a/gts.nomad b/gts.nomad
index 54c6039..b117b91 100644
--- a/gts.nomad
+++ b/gts.nomad
@@ -1,6 +1,6 @@
 job "club-patito" {
-  datacenters = ["nyc1"]
-  region = "nyc1"
+  datacenters = ["qro0"]
+  region = "qro0"
 
   vault {
     policies = ["club-patito"]
@@ -46,7 +46,7 @@ job "club-patito" {
       }
 
       config {
-        image = "litestream/litestream:0.3.9"
+        image = "litestream/litestream:0.3.12"
         args = ["restore", "/alloc/gotosocial.db"]
         volumes = ["secrets/litestream.yaml:/etc/litestream.yml"]
       }
@@ -73,7 +73,7 @@ job "club-patito" {
       }
 
       config {
-        image = "litestream/litestream:0.3.9"
+        image = "litestream/litestream:0.3.12"
         args = ["replicate"]
         volumes = ["secrets/litestream.yaml:/etc/litestream.yml"]
       }
diff --git a/litestream.yaml b/litestream.yaml
index eb251d1..ea83164 100644
--- a/litestream.yaml
+++ b/litestream.yaml
@@ -1,9 +1,11 @@
-{{- with secret "cfg/infra/tree/provider:cdn" }}
-access-key-id:     {{ .Data.key }}
-secret-access-key: {{ .Data.secret }}
-
 dbs:
   - path: /alloc/gotosocial.db
     replicas:
-      - url: s3://{{ .Data.bucket }}.{{ .Data.endpoint }}/club-patito/gotosocial.db
+{{- with secret "cfg/svc/tree/pati.to:club"}}
+      - name: vultr
+        url: s3://{{ .Data.cdn.bucket }}/db/gotosocial.db
+        access-key-id:     {{ .Data.cdn.key }}
+        secret-access-key: {{ .Data.cdn.secret }}
+        endpoint: {{ .Data.cdn.endpoint }}
+        type: s3
 {{- end }}
diff --git a/main.tf b/main.tf
index 36b9615..8b8792a 100644
--- a/main.tf
+++ b/main.tf
@@ -6,17 +6,17 @@ terraform {
   required_providers {
     acme = {
       source  = "vancluever/acme"
-      version = "~> 2.5.3"
+      version = "~> 2.15.1"
     }
 
     digitalocean = {
       source = "digitalocean/digitalocean"
-      version = "~> 2.16.0"
+      version = "~> 2.29.0"
     }
 
     vault = {
       source  = "hashicorp/vault"
-      version = "~> 3.7.0"
+      version = "~> 3.18.0"
     }
   }
 
@@ -52,14 +52,13 @@ provider "digitalocean" {
   token = data.vault_generic_secret.DO.data.patito
 }
 
-provider "digitalocean" {
-  alias = "compute"
-  token = data.vault_generic_secret.DO.data.token
-}
-
-data "digitalocean_droplet" "bedstuy" {
-  provider = digitalocean.compute
-  name = "bedstuy"
+data "terraform_remote_state" "rob_mx" {
+  backend = "consul"
+  workspace = "default"
+  config = {
+    datacenter = "casa"
+    path = "nidito/state/rob.mx"
+  }
 }
 
 resource "vault_policy" "service" {
@@ -78,7 +77,7 @@ resource "digitalocean_record" "to_pati_club" {
   type   = "A"
   ttl    = 3600
   name   = "club"
-  value  = data.digitalocean_droplet.bedstuy.ipv4_address
+  value  = data.terraform_remote_state.rob_mx.outputs.bernal.ip
 }
 
 resource "digitalocean_record" "txt_smtp_domainkey" {
@@ -104,42 +103,3 @@ resource "digitalocean_record" "mx" {
   priority = each.value
 }
 
-
-data "terraform_remote_state" "registration" {
-  backend = "consul"
-  workspace = "default"
-  config = {
-    address = "consul.service.casa.consul:5554"
-    scheme = "https"
-    path = "nidito/state/letsencrypt/registration"
-  }
-}
-
-resource acme_certificate cert {
-  account_key_pem           = data.terraform_remote_state.registration.outputs.account_key
-  common_name               = "pati.to"
-  subject_alternative_names = ["*.pati.to"]
-  recursive_nameservers = ["1.1.1.1:53", "8.8.8.8:53"]
-
-  dns_challenge {
-    provider = "digitalocean"
-    config = {
-      DO_AUTH_TOKEN = data.vault_generic_secret.DO.data.patito
-      DO_PROPAGATION_TIMEOUT = 60
-      DO_TTL = 30
-    }
-  }
-}
-
-resource vault_generic_secret cert {
-  path = "nidito/tls/${acme_certificate.cert.common_name}"
-  data_json = jsonencode({
-    private_key = acme_certificate.cert.private_key_pem,
-    cert = join("", [
-      acme_certificate.cert.certificate_pem,
-      acme_certificate.cert.issuer_pem,
-    ])
-    issuer = acme_certificate.cert.issuer_pem,
-    bare_cert = acme_certificate.cert.certificate_pem,
-  })
-}