chau, bedstuy. hola bernal
This commit is contained in:
parent
143eb43c5b
commit
f4daa69ff0
1
.gitattributes
vendored
Normal file
1
.gitattributes
vendored
Normal file
@ -0,0 +1 @@
|
||||
**/*.joao.yaml filter=joao diff=joao
|
@ -8,6 +8,19 @@
|
||||
log-level: "info"
|
||||
log-db-queries: false
|
||||
|
||||
# String. Format to use for the timestamp in log lines.
|
||||
# If set to the empty string, the timestamp will be
|
||||
# ommitted from the logs entirely.
|
||||
#
|
||||
# The format must be compatible with Go's time.Layout, as
|
||||
# documented on https://pkg.go.dev/time#pkg-constants.
|
||||
#
|
||||
# Examples: [true, false]
|
||||
# Default: "02/01/2006 15:04:05.000"
|
||||
log-timestamp-format: "2006-01-02T15:04:05Z07:00"
|
||||
|
||||
|
||||
|
||||
application-name: "club patito"
|
||||
|
||||
# String. Hostname that this server will be reachable at. Defaults to localhost for local testing,
|
||||
|
@ -1,6 +1,6 @@
|
||||
job "club-patito" {
|
||||
datacenters = ["nyc1"]
|
||||
region = "nyc1"
|
||||
datacenters = ["qro0"]
|
||||
region = "qro0"
|
||||
|
||||
vault {
|
||||
policies = ["club-patito"]
|
||||
@ -46,7 +46,7 @@ job "club-patito" {
|
||||
}
|
||||
|
||||
config {
|
||||
image = "litestream/litestream:0.3.9"
|
||||
image = "litestream/litestream:0.3.12"
|
||||
args = ["restore", "/alloc/gotosocial.db"]
|
||||
volumes = ["secrets/litestream.yaml:/etc/litestream.yml"]
|
||||
}
|
||||
@ -73,7 +73,7 @@ job "club-patito" {
|
||||
}
|
||||
|
||||
config {
|
||||
image = "litestream/litestream:0.3.9"
|
||||
image = "litestream/litestream:0.3.12"
|
||||
args = ["replicate"]
|
||||
volumes = ["secrets/litestream.yaml:/etc/litestream.yml"]
|
||||
}
|
||||
|
@ -1,9 +1,11 @@
|
||||
{{- with secret "cfg/infra/tree/provider:cdn" }}
|
||||
access-key-id: {{ .Data.key }}
|
||||
secret-access-key: {{ .Data.secret }}
|
||||
|
||||
dbs:
|
||||
- path: /alloc/gotosocial.db
|
||||
replicas:
|
||||
- url: s3://{{ .Data.bucket }}.{{ .Data.endpoint }}/club-patito/gotosocial.db
|
||||
{{- with secret "cfg/svc/tree/pati.to:club"}}
|
||||
- name: vultr
|
||||
url: s3://{{ .Data.cdn.bucket }}/db/gotosocial.db
|
||||
access-key-id: {{ .Data.cdn.key }}
|
||||
secret-access-key: {{ .Data.cdn.secret }}
|
||||
endpoint: {{ .Data.cdn.endpoint }}
|
||||
type: s3
|
||||
{{- end }}
|
||||
|
62
main.tf
62
main.tf
@ -6,17 +6,17 @@ terraform {
|
||||
required_providers {
|
||||
acme = {
|
||||
source = "vancluever/acme"
|
||||
version = "~> 2.5.3"
|
||||
version = "~> 2.15.1"
|
||||
}
|
||||
|
||||
digitalocean = {
|
||||
source = "digitalocean/digitalocean"
|
||||
version = "~> 2.16.0"
|
||||
version = "~> 2.29.0"
|
||||
}
|
||||
|
||||
vault = {
|
||||
source = "hashicorp/vault"
|
||||
version = "~> 3.7.0"
|
||||
version = "~> 3.18.0"
|
||||
}
|
||||
}
|
||||
|
||||
@ -52,14 +52,13 @@ provider "digitalocean" {
|
||||
token = data.vault_generic_secret.DO.data.patito
|
||||
}
|
||||
|
||||
provider "digitalocean" {
|
||||
alias = "compute"
|
||||
token = data.vault_generic_secret.DO.data.token
|
||||
}
|
||||
|
||||
data "digitalocean_droplet" "bedstuy" {
|
||||
provider = digitalocean.compute
|
||||
name = "bedstuy"
|
||||
data "terraform_remote_state" "rob_mx" {
|
||||
backend = "consul"
|
||||
workspace = "default"
|
||||
config = {
|
||||
datacenter = "casa"
|
||||
path = "nidito/state/rob.mx"
|
||||
}
|
||||
}
|
||||
|
||||
resource "vault_policy" "service" {
|
||||
@ -78,7 +77,7 @@ resource "digitalocean_record" "to_pati_club" {
|
||||
type = "A"
|
||||
ttl = 3600
|
||||
name = "club"
|
||||
value = data.digitalocean_droplet.bedstuy.ipv4_address
|
||||
value = data.terraform_remote_state.rob_mx.outputs.bernal.ip
|
||||
}
|
||||
|
||||
resource "digitalocean_record" "txt_smtp_domainkey" {
|
||||
@ -104,42 +103,3 @@ resource "digitalocean_record" "mx" {
|
||||
priority = each.value
|
||||
}
|
||||
|
||||
|
||||
data "terraform_remote_state" "registration" {
|
||||
backend = "consul"
|
||||
workspace = "default"
|
||||
config = {
|
||||
address = "consul.service.casa.consul:5554"
|
||||
scheme = "https"
|
||||
path = "nidito/state/letsencrypt/registration"
|
||||
}
|
||||
}
|
||||
|
||||
resource acme_certificate cert {
|
||||
account_key_pem = data.terraform_remote_state.registration.outputs.account_key
|
||||
common_name = "pati.to"
|
||||
subject_alternative_names = ["*.pati.to"]
|
||||
recursive_nameservers = ["1.1.1.1:53", "8.8.8.8:53"]
|
||||
|
||||
dns_challenge {
|
||||
provider = "digitalocean"
|
||||
config = {
|
||||
DO_AUTH_TOKEN = data.vault_generic_secret.DO.data.patito
|
||||
DO_PROPAGATION_TIMEOUT = 60
|
||||
DO_TTL = 30
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource vault_generic_secret cert {
|
||||
path = "nidito/tls/${acme_certificate.cert.common_name}"
|
||||
data_json = jsonencode({
|
||||
private_key = acme_certificate.cert.private_key_pem,
|
||||
cert = join("", [
|
||||
acme_certificate.cert.certificate_pem,
|
||||
acme_certificate.cert.issuer_pem,
|
||||
])
|
||||
issuer = acme_certificate.cert.issuer_pem,
|
||||
bare_cert = acme_certificate.cert.certificate_pem,
|
||||
})
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user