chau, bedstuy. hola bernal

This commit is contained in:
Roberto Hidalgo 2023-11-08 20:24:15 -06:00
parent 143eb43c5b
commit f4daa69ff0
5 changed files with 36 additions and 60 deletions

1
.gitattributes vendored Normal file
View File

@ -0,0 +1 @@
**/*.joao.yaml filter=joao diff=joao

View File

@ -8,6 +8,19 @@
log-level: "info"
log-db-queries: false
# String. Format to use for the timestamp in log lines.
# If set to the empty string, the timestamp will be
# ommitted from the logs entirely.
#
# The format must be compatible with Go's time.Layout, as
# documented on https://pkg.go.dev/time#pkg-constants.
#
# Examples: [true, false]
# Default: "02/01/2006 15:04:05.000"
log-timestamp-format: "2006-01-02T15:04:05Z07:00"
application-name: "club patito"
# String. Hostname that this server will be reachable at. Defaults to localhost for local testing,

View File

@ -1,6 +1,6 @@
job "club-patito" {
datacenters = ["nyc1"]
region = "nyc1"
datacenters = ["qro0"]
region = "qro0"
vault {
policies = ["club-patito"]
@ -46,7 +46,7 @@ job "club-patito" {
}
config {
image = "litestream/litestream:0.3.9"
image = "litestream/litestream:0.3.12"
args = ["restore", "/alloc/gotosocial.db"]
volumes = ["secrets/litestream.yaml:/etc/litestream.yml"]
}
@ -73,7 +73,7 @@ job "club-patito" {
}
config {
image = "litestream/litestream:0.3.9"
image = "litestream/litestream:0.3.12"
args = ["replicate"]
volumes = ["secrets/litestream.yaml:/etc/litestream.yml"]
}

View File

@ -1,9 +1,11 @@
{{- with secret "cfg/infra/tree/provider:cdn" }}
access-key-id: {{ .Data.key }}
secret-access-key: {{ .Data.secret }}
dbs:
- path: /alloc/gotosocial.db
replicas:
- url: s3://{{ .Data.bucket }}.{{ .Data.endpoint }}/club-patito/gotosocial.db
{{- with secret "cfg/svc/tree/pati.to:club"}}
- name: vultr
url: s3://{{ .Data.cdn.bucket }}/db/gotosocial.db
access-key-id: {{ .Data.cdn.key }}
secret-access-key: {{ .Data.cdn.secret }}
endpoint: {{ .Data.cdn.endpoint }}
type: s3
{{- end }}

60
main.tf
View File

@ -6,17 +6,17 @@ terraform {
required_providers {
acme = {
source = "vancluever/acme"
version = "~> 2.5.3"
version = "~> 2.15.1"
}
digitalocean = {
source = "digitalocean/digitalocean"
version = "~> 2.16.0"
version = "~> 2.29.0"
}
vault = {
source = "hashicorp/vault"
version = "~> 3.7.0"
version = "~> 3.18.0"
}
}
@ -52,14 +52,13 @@ provider "digitalocean" {
token = data.vault_generic_secret.DO.data.patito
}
provider "digitalocean" {
alias = "compute"
token = data.vault_generic_secret.DO.data.token
data "terraform_remote_state" "rob_mx" {
backend = "consul"
workspace = "default"
config = {
datacenter = "casa"
path = "nidito/state/rob.mx"
}
data "digitalocean_droplet" "bedstuy" {
provider = digitalocean.compute
name = "bedstuy"
}
resource "vault_policy" "service" {
@ -78,7 +77,7 @@ resource "digitalocean_record" "to_pati_club" {
type = "A"
ttl = 3600
name = "club"
value = data.digitalocean_droplet.bedstuy.ipv4_address
value = data.terraform_remote_state.rob_mx.outputs.bernal.ip
}
resource "digitalocean_record" "txt_smtp_domainkey" {
@ -104,42 +103,3 @@ resource "digitalocean_record" "mx" {
priority = each.value
}
data "terraform_remote_state" "registration" {
backend = "consul"
workspace = "default"
config = {
address = "consul.service.casa.consul:5554"
scheme = "https"
path = "nidito/state/letsencrypt/registration"
}
}
resource acme_certificate cert {
account_key_pem = data.terraform_remote_state.registration.outputs.account_key
common_name = "pati.to"
subject_alternative_names = ["*.pati.to"]
recursive_nameservers = ["1.1.1.1:53", "8.8.8.8:53"]
dns_challenge {
provider = "digitalocean"
config = {
DO_AUTH_TOKEN = data.vault_generic_secret.DO.data.patito
DO_PROPAGATION_TIMEOUT = 60
DO_TTL = 30
}
}
}
resource vault_generic_secret cert {
path = "nidito/tls/${acme_certificate.cert.common_name}"
data_json = jsonencode({
private_key = acme_certificate.cert.private_key_pem,
cert = join("", [
acme_certificate.cert.certificate_pem,
acme_certificate.cert.issuer_pem,
])
issuer = acme_certificate.cert.issuer_pem,
bare_cert = acme_certificate.cert.certificate_pem,
})
}