x/terraform-digitalocean-spoke
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Modernizing many things

Browse Source 
- use hashicorp/setup-terraform action
- bump terraform requirement to 0.13
- bump digitalocean provider requirement to 1.22
- bump to latest nvm
- remove a bunch of unnecessary quotes
This commit is contained in:
Dan Buch 2020-08-22 22:28:12 -04:00
parent 1a1a670e10
commit afde778e29
Signed by: meatballhat
GPG Key ID: 9685130D8B763EA7
5 changed files with 72 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
.github/workflows/terraform.yml vendored
View File

@ -1,23 +1,18 @@
name: terraform name: terraform
on: [push, pull_request] on:
push:
branches: [main]
pull_request:
branches: [main]
jobs: jobs:
terraform: terraform:
name: Terraform name: Terraform
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@master - uses: actions/checkout@v2
- name: fmt - uses: hashicorp/setup-terraform@v1
uses: hashicorp/terraform-github-actions@master
with: with:
tf_actions_version: 0.12.21 terraform_version: 0.13.0
tf_actions_subcommand: fmt - run: terraform fmt -check -recursive
- name: init - run: terraform init
uses: hashicorp/terraform-github-actions@master - run: terraform validate
with:
tf_actions_version: 0.12.21
tf_actions_subcommand: init
- name: validate
uses: hashicorp/terraform-github-actions@master
with:
tf_actions_version: 0.12.21
tf_actions_subcommand: validate

27
.gitignore vendored
View File

@ -1,29 +1,8 @@
# Local .terraform directories
**/.terraform/* **/.terraform/*
# .tfstate files
*.tfstate *.tfstate
*.tfstate.* *.tfstate.*
# Crash log files
crash.log
# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
# .tfvars files are managed as part of configuration and so should be included in
# version control.
#
# example.tfvars
# Ignore override files as they are usually used to override resources locally and so
# are not checked in
override.tf
override.tf.json
*_override.tf *_override.tf
*_override.tf.json *_override.tf.json
crash.log
# Include override files you do wish to add to version control using negated pattern override.tf
# override.tf.json
# !example_override.tf
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
# example: *tfplan*

15
README.md
View File

@ -6,7 +6,7 @@ This is a terraform module that provisions a
## Terraform versions ## Terraform versions
This module is compatible with Terraform version `0.12+`. This module is compatible with Terraform version `0.13+`.
## Usage ## Usage
@ -48,21 +48,28 @@ module "digitalocean_spoke" {
} }
``` ```
## Requirements
| Name | Version |
|------|---------|
| digitalocean | >= 1.22 |
## Providers ## Providers
| Name | Version | | Name | Version |
|------|---------| |------|---------|
| digitalocean | >= 1.14 | | digitalocean | >= 1.22 |
| null | n/a | | null | n/a |
| random | n/a | | random | n/a |
## Inputs ## Inputs
| Name | Description | Type | Default | Required | | Name | Description | Type | Default | Required |
|------|-------------|------|---------|:-----:| |------|-------------|------|---------|:--------:|
| base\_url | Fully qualified https URL of the app | `string` | n/a | yes | | base\_url | Fully qualified https URL of the app | `string` | n/a | yes |
| cert\_certificate | Certificate with leaf and intermediates to pass to nginx | `string` | n/a | yes | | cert\_certificate | Certificate with leaf and intermediates to pass to nginx | `string` | n/a | yes |
| cert\_private\_key | Certificate key to pass to nginx | `string` | n/a | yes | | cert\_private\_key | Certificate key to pass to nginx | `string` | n/a | yes |
| droplet\_image | Image to use when provisioning app droplet | `string` | `"ubuntu-20-04-x64"` | no |
| droplet\_size | Size value passed when provisioning app droplet | `string` | `"s-1vcpu-1gb"` | no | | droplet\_size | Size value passed when provisioning app droplet | `string` | `"s-1vcpu-1gb"` | no |
| env | Arbitrary *additional* environment variables passed at build time and run time | `map(string)` | `{}` | no | | env | Arbitrary *additional* environment variables passed at build time and run time | `map(string)` | `{}` | no |
| node\_env | Value defined at build time and run time as NODE\_ENV | `string` | `"production"` | no | | node\_env | Value defined at build time and run time as NODE\_ENV | `string` | `"production"` | no |
@ -71,7 +78,7 @@ module "digitalocean_spoke" {
| region | Region in which all resources will be provisioned | `string` | `"nyc1"` | no | | region | Region in which all resources will be provisioned | `string` | `"nyc1"` | no |
| resource\_prefix | Prefix prepended to resource names | `string` | `"spoke-"` | no | | resource\_prefix | Prefix prepended to resource names | `string` | `"spoke-"` | no |
| server\_name | Server name used in nginx config | `string` | n/a | yes | | server\_name | Server name used in nginx config | `string` | n/a | yes |
| spoke\_version | Git ref of MoveOnOrg/Spoke to deploy | `string` | `"v5.2"` | no | | spoke\_version | Git ref of MoveOnOrg/Spoke to deploy | `string` | `"v8.0"` | no |
| ssh\_keys | List of ssh public keys to pass to droplet provisioning | `list(string)` | n/a | yes | | ssh\_keys | List of ssh public keys to pass to droplet provisioning | `list(string)` | n/a | yes |
## Outputs ## Outputs

86
main.tf
View File

@ -7,7 +7,7 @@
* *
* ## Terraform versions * ## Terraform versions
* *
* This module is compatible with Terraform version `0.12+`. * This module is compatible with Terraform version `0.13+`.
* *
* ## Usage * ## Usage
* *
@ -52,91 +52,97 @@
terraform { terraform {
required_providers { required_providers {
digitalocean = ">= 1.14" digitalocean = ">= 1.22"
} }
} }
variable "server_name" { variable server_name {
description = "Server name used in nginx config" description = "Server name used in nginx config"
type = string type = string
} }
variable "base_url" { variable base_url {
description = "Fully qualified https URL of the app" description = "Fully qualified https URL of the app"
type = string type = string
} }
variable "resource_prefix" { variable resource_prefix {
description = "Prefix prepended to resource names" description = "Prefix prepended to resource names"
default = "spoke-" default = "spoke-"
type = string type = string
} }
variable "node_options" { variable node_options {
description = "Value defined at build time and run time as NODE_OPTIONS" description = "Value defined at build time and run time as NODE_OPTIONS"
default = "--max_old_space_size=8192" default = "--max_old_space_size=8192"
type = string type = string
} }
variable "node_env" { variable node_env {
description = "Value defined at build time and run time as NODE_ENV" description = "Value defined at build time and run time as NODE_ENV"
default = "production" default = "production"
type = string type = string
} }
variable "port" { variable port {
description = "TCP port used to communicate between droplet and nginx" description = "TCP port used to communicate between droplet and nginx"
default = "3000" default = "3000"
type = string type = string
} }
variable "droplet_size" { variable droplet_image {
description = "Image to use when provisioning app droplet"
default = "ubuntu-20-04-x64"
type = string
}
variable droplet_size {
description = "Size value passed when provisioning app droplet" description = "Size value passed when provisioning app droplet"
default = "s-1vcpu-1gb" default = "s-1vcpu-1gb"
type = string type = string
} }
variable "region" { variable region {
description = "Region in which all resources will be provisioned" description = "Region in which all resources will be provisioned"
default = "nyc1" default = "nyc1"
type = string type = string
} }
variable "spoke_version" { variable spoke_version {
description = "Git ref of MoveOnOrg/Spoke to deploy" description = "Git ref of MoveOnOrg/Spoke to deploy"
default = "v5.2" default = "v8.0"
type = string type = string
} }
variable "ssh_keys" { variable ssh_keys {
type = list(string) type = list(string)
description = "List of ssh public keys to pass to droplet provisioning" description = "List of ssh public keys to pass to droplet provisioning"
} }
variable "cert_private_key" { variable cert_private_key {
description = "Certificate key to pass to nginx" description = "Certificate key to pass to nginx"
type = string type = string
} }
variable "cert_certificate" { variable cert_certificate {
description = "Certificate with leaf and intermediates to pass to nginx" description = "Certificate with leaf and intermediates to pass to nginx"
type = string type = string
} }
variable "env" { variable env {
description = "Arbitrary *additional* environment variables passed at build time and run time" description = "Arbitrary *additional* environment variables passed at build time and run time"
default = {} default = {}
type = map(string) type = map(string)
} }
resource "digitalocean_ssh_key" "app" { resource digitalocean_ssh_key app {
count = length(var.ssh_keys) count = length(var.ssh_keys)
name = "${var.resource_prefix}app-${count.index}" name = "${var.resource_prefix}app-${count.index}"
public_key = element(var.ssh_keys, count.index) public_key = element(var.ssh_keys, count.index)
} }
resource "digitalocean_droplet" "app" { resource digitalocean_droplet app {
image = "ubuntu-18-04-x64" image = var.droplet_image
name = "${var.resource_prefix}app" name = "${var.resource_prefix}app"
region = var.region region = var.region
size = var.droplet_size size = var.droplet_size
@ -144,17 +150,17 @@ resource "digitalocean_droplet" "app" {
ssh_keys = digitalocean_ssh_key.app[*].id ssh_keys = digitalocean_ssh_key.app[*].id
} }
resource "digitalocean_floating_ip" "app" { resource digitalocean_floating_ip app {
droplet_id = digitalocean_droplet.app.id droplet_id = digitalocean_droplet.app.id
region = digitalocean_droplet.app.region region = digitalocean_droplet.app.region
} }
resource "digitalocean_firewall" "app" { resource digitalocean_firewall app {
name = "pghdsa-spoke-app" name = "pghdsa-spoke-app"
droplet_ids = [digitalocean_droplet.app.id] droplet_ids = [digitalocean_droplet.app.id]
dynamic "inbound_rule" { dynamic inbound_rule {
for_each = ["22", "80", "443"] for_each = ["22", "80", "443"]
content { content {
protocol = "tcp" protocol = "tcp"
@ -168,7 +174,7 @@ resource "digitalocean_firewall" "app" {
source_addresses = ["0.0.0.0/0", "::/0"] source_addresses = ["0.0.0.0/0", "::/0"]
} }
dynamic "outbound_rule" { dynamic outbound_rule {
for_each = ["tcp", "udp"] for_each = ["tcp", "udp"]
content { content {
protocol = outbound_rule.value protocol = outbound_rule.value
@ -183,12 +189,12 @@ resource "digitalocean_firewall" "app" {
} }
} }
resource "random_string" "session_secret" { resource random_string session_secret {
length = 199 length = 199
special = false special = false
} }
resource "random_string" "pg_password" { resource random_string pg_password {
length = 31 length = 31
} }
@ -216,7 +222,7 @@ locals {
}, var.env) }, var.env)
} }
resource "null_resource" "app_provision" { resource null_resource app_provision {
triggers = { triggers = {
droplet_id = digitalocean_droplet.app.id droplet_id = digitalocean_droplet.app.id
provision_script_sha1 = filesha1("${path.module}/spoke-app-provision") provision_script_sha1 = filesha1("${path.module}/spoke-app-provision")
@ -236,17 +242,17 @@ resource "null_resource" "app_provision" {
host = digitalocean_droplet.app.ipv4_address host = digitalocean_droplet.app.ipv4_address
} }
provisioner "file" { provisioner file {
source = "${path.module}/spoke-app-provision" source = "${path.module}/spoke-app-provision"
destination = "/tmp/spoke-app-provision" destination = "/tmp/spoke-app-provision"
} }
provisioner "file" { provisioner file {
source = "${path.module}/spoke-app-run" source = "${path.module}/spoke-app-run"
destination = "/tmp/spoke-app-run" destination = "/tmp/spoke-app-run"
} }
provisioner "file" { provisioner file {
content = templatefile("${path.module}/nginx-sites-default.conf.tpl", { content = templatefile("${path.module}/nginx-sites-default.conf.tpl", {
server_name = var.server_name, server_name = var.server_name,
port = var.port, port = var.port,
@ -254,32 +260,32 @@ resource "null_resource" "app_provision" {
destination = "/tmp/nginx-sites-default.conf" destination = "/tmp/nginx-sites-default.conf"
} }
provisioner "file" { provisioner file {
content = var.cert_certificate content = var.cert_certificate
destination = "/tmp/spoke.crt" destination = "/tmp/spoke.crt"
} }
provisioner "file" { provisioner file {
content = var.cert_private_key content = var.cert_private_key
destination = "/tmp/spoke.key" destination = "/tmp/spoke.key"
} }
provisioner "file" { provisioner file {
content = <<-ENV_TMPL content = <<-ENVTMPL
%{for key, value in local.env_map~} %{for key, value in local.env_map~}
${key}='${value}' ${key}='${value}'
%{endfor~} %{endfor~}
ENV_TMPL ENVTMPL
destination = "/tmp/app.env" destination = "/tmp/app.env"
} }
provisioner "file" { provisioner file {
source = "${path.module}/spoke.service" source = "${path.module}/spoke.service"
destination = "/tmp/spoke.service" destination = "/tmp/spoke.service"
} }
provisioner "remote-exec" { provisioner remote-exec {
inline = [ inline = [
"bash /tmp/spoke-app-provision system0", "bash /tmp/spoke-app-provision system0",
"sudo -H -u spoke bash /tmp/spoke-app-provision spoke0", "sudo -H -u spoke bash /tmp/spoke-app-provision spoke0",
@ -288,22 +294,22 @@ ENV_TMPL
} }
} }
output "droplet_urn" { output droplet_urn {
description = "urn of the droplet suitable for adding to project resources" description = "urn of the droplet suitable for adding to project resources"
value = digitalocean_droplet.app.urn value = digitalocean_droplet.app.urn
} }
output "droplet_ipv4_address" { output droplet_ipv4_address {
description = "ipv4 address of the droplet" description = "ipv4 address of the droplet"
value = digitalocean_droplet.app.ipv4_address value = digitalocean_droplet.app.ipv4_address
} }
output "floating_ip_address" { output floating_ip_address {
description = "floating IP address assigned to the droplet suitable for creating a DNS A record" description = "floating IP address assigned to the droplet suitable for creating a DNS A record"
value = digitalocean_floating_ip.app.ip_address value = digitalocean_floating_ip.app.ip_address
} }
output "floating_ip_urn" { output floating_ip_urn {
description = "urn of the floating IP address assigned to the droplet suitable for adding to project resources" description = "urn of the floating IP address assigned to the droplet suitable for adding to project resources"
value = digitalocean_floating_ip.app.urn value = digitalocean_floating_ip.app.urn
} }

2
spoke-app-provision
View File

@ -116,7 +116,7 @@ _run_spoke0() {
if ! command -v nvm; then if ! command -v nvm; then
curl -fsSL \ curl -fsSL \
https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.2/install.sh | bash https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh | bash
set +o errexit set +o errexit
set +o xtrace set +o xtrace
# shellcheck source=/dev/null # shellcheck source=/dev/null