roberto/pati.to
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chau, bedstuy. hola bernal

Browse Source
This commit is contained in:
Roberto Hidalgo 2023-11-08 20:24:15 -06:00
parent 143eb43c5b
commit f4daa69ff0
5 changed files with 36 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitattributes vendored Normal file
View File

@ -0,0 +1 @@
**/*.joao.yaml filter=joao diff=joao

13
gotosocial.yaml
View File

@ -8,6 +8,19 @@
log-level: "info" log-level: "info"
log-db-queries: false log-db-queries: false
# String. Format to use for the timestamp in log lines.
# If set to the empty string, the timestamp will be
# ommitted from the logs entirely.
#
# The format must be compatible with Go's time.Layout, as
# documented on https://pkg.go.dev/time#pkg-constants.
#
# Examples: [true, false]
# Default: "02/01/2006 15:04:05.000"
log-timestamp-format: "2006-01-02T15:04:05Z07:00"
application-name: "club patito" application-name: "club patito"
# String. Hostname that this server will be reachable at. Defaults to localhost for local testing, # String. Hostname that this server will be reachable at. Defaults to localhost for local testing,

8
gts.nomad
View File

@ -1,6 +1,6 @@
job "club-patito" { job "club-patito" {
datacenters = ["nyc1"] datacenters = ["qro0"]
region = "nyc1" region = "qro0"
vault { vault {
policies = ["club-patito"] policies = ["club-patito"]
@ -46,7 +46,7 @@ job "club-patito" {
} }
config { config {
image = "litestream/litestream:0.3.9" image = "litestream/litestream:0.3.12"
args = ["restore", "/alloc/gotosocial.db"] args = ["restore", "/alloc/gotosocial.db"]
volumes = ["secrets/litestream.yaml:/etc/litestream.yml"] volumes = ["secrets/litestream.yaml:/etc/litestream.yml"]
} }
@ -73,7 +73,7 @@ job "club-patito" {
} }
config { config {
image = "litestream/litestream:0.3.9" image = "litestream/litestream:0.3.12"
args = ["replicate"] args = ["replicate"]
volumes = ["secrets/litestream.yaml:/etc/litestream.yml"] volumes = ["secrets/litestream.yaml:/etc/litestream.yml"]
} }

12
litestream.yaml
View File

@ -1,9 +1,11 @@
{{- with secret "cfg/infra/tree/provider:cdn" }}
access-key-id: {{ .Data.key }}
secret-access-key: {{ .Data.secret }}
dbs: dbs:
- path: /alloc/gotosocial.db - path: /alloc/gotosocial.db
replicas: replicas:
- url: s3://{{ .Data.bucket }}.{{ .Data.endpoint }}/club-patito/gotosocial.db {{- with secret "cfg/svc/tree/pati.to:club"}}
- name: vultr
url: s3://{{ .Data.cdn.bucket }}/db/gotosocial.db
access-key-id: {{ .Data.cdn.key }}
secret-access-key: {{ .Data.cdn.secret }}
endpoint: {{ .Data.cdn.endpoint }}
type: s3
{{- end }} {{- end }}

60
main.tf
View File

@ -6,17 +6,17 @@ terraform {
required_providers { required_providers {
acme = { acme = {
source = "vancluever/acme" source = "vancluever/acme"
version = "~> 2.5.3" version = "~> 2.15.1"
} }
digitalocean = { digitalocean = {
source = "digitalocean/digitalocean" source = "digitalocean/digitalocean"
version = "~> 2.16.0" version = "~> 2.29.0"
} }
vault = { vault = {
source = "hashicorp/vault" source = "hashicorp/vault"
version = "~> 3.7.0" version = "~> 3.18.0"
} }
} }
@ -52,14 +52,13 @@ provider "digitalocean" {
token = data.vault_generic_secret.DO.data.patito token = data.vault_generic_secret.DO.data.patito
} }
provider "digitalocean" { data "terraform_remote_state" "rob_mx" {
alias = "compute" backend = "consul"
token = data.vault_generic_secret.DO.data.token workspace = "default"
config = {
datacenter = "casa"
path = "nidito/state/rob.mx"
} }
data "digitalocean_droplet" "bedstuy" {
provider = digitalocean.compute
name = "bedstuy"
} }
resource "vault_policy" "service" { resource "vault_policy" "service" {
@ -78,7 +77,7 @@ resource "digitalocean_record" "to_pati_club" {
type = "A" type = "A"
ttl = 3600 ttl = 3600
name = "club" name = "club"
value = data.digitalocean_droplet.bedstuy.ipv4_address value = data.terraform_remote_state.rob_mx.outputs.bernal.ip
} }
resource "digitalocean_record" "txt_smtp_domainkey" { resource "digitalocean_record" "txt_smtp_domainkey" {
@ -104,42 +103,3 @@ resource "digitalocean_record" "mx" {
priority = each.value priority = each.value
} }
data "terraform_remote_state" "registration" {
backend = "consul"
workspace = "default"
config = {
address = "consul.service.casa.consul:5554"
scheme = "https"
path = "nidito/state/letsencrypt/registration"
}
}
resource acme_certificate cert {
account_key_pem = data.terraform_remote_state.registration.outputs.account_key
common_name = "pati.to"
subject_alternative_names = ["*.pati.to"]
recursive_nameservers = ["1.1.1.1:53", "8.8.8.8:53"]
dns_challenge {
provider = "digitalocean"
config = {
DO_AUTH_TOKEN = data.vault_generic_secret.DO.data.patito
DO_PROPAGATION_TIMEOUT = 60
DO_TTL = 30
}
}
}
resource vault_generic_secret cert {
path = "nidito/tls/${acme_certificate.cert.common_name}"
data_json = jsonencode({
private_key = acme_certificate.cert.private_key_pem,
cert = join("", [
acme_certificate.cert.certificate_pem,
acme_certificate.cert.issuer_pem,
])
issuer = acme_certificate.cert.issuer_pem,
bare_cert = acme_certificate.cert.certificate_pem,
})
}