From da232c6b03243666a58f9167e1b1aa7574644977 Mon Sep 17 00:00:00 2001 From: Jeremy Dormitzer Date: Fri, 22 Jan 2021 18:22:13 -0500 Subject: [PATCH 1/7] [WIP] Set up gitea packer image TODOs: - figure out how to keep the mail password in app.ini during install - mount volumes to persist data between droplet redeploys - set up HTTPS --- prod/git-jeremydormitzer-com/ansible/.envrc | 1 - .../git-jeremydormitzer-com/ansible/hosts.ini | 1 - prod/git-jeremydormitzer-com/packer/.envrc | 7 ++ .../git-jeremydormitzer-com/packer/.gitignore | 1 + prod/git-jeremydormitzer-com/packer/Makefile | 9 +++ .../packer/files/gitea.service | 74 ++++++++++++++++++ .../git-jeremydormitzer-com/packer/gitea.json | 37 +++++++++ .../packer/packer-manifest.json | 50 +++++++++++++ .../packer/scripts/dependencies.sh | 6 ++ .../packer/scripts/gitea.sh | 28 +++++++ .../packer/templates/app.ini.template | 75 +++++++++++++++++++ .../terraform/.terraform.lock.hcl | 17 +++++ .../git-jeremydormitzer-com/terraform/main.tf | 8 ++ .../terraform/outputs.tf | 8 ++ 14 files changed, 320 insertions(+), 2 deletions(-) delete mode 100644 prod/git-jeremydormitzer-com/ansible/.envrc delete mode 100644 prod/git-jeremydormitzer-com/ansible/hosts.ini create mode 100644 prod/git-jeremydormitzer-com/packer/.envrc create mode 100644 prod/git-jeremydormitzer-com/packer/.gitignore create mode 100644 prod/git-jeremydormitzer-com/packer/Makefile create mode 100644 prod/git-jeremydormitzer-com/packer/files/gitea.service create mode 100644 prod/git-jeremydormitzer-com/packer/gitea.json create mode 100644 prod/git-jeremydormitzer-com/packer/packer-manifest.json create mode 100644 prod/git-jeremydormitzer-com/packer/scripts/dependencies.sh create mode 100644 prod/git-jeremydormitzer-com/packer/scripts/gitea.sh create mode 100644 prod/git-jeremydormitzer-com/packer/templates/app.ini.template diff --git a/prod/git-jeremydormitzer-com/ansible/.envrc b/prod/git-jeremydormitzer-com/ansible/.envrc deleted file mode 100644 index 0512d72..0000000 --- a/prod/git-jeremydormitzer-com/ansible/.envrc +++ /dev/null @@ -1 +0,0 @@ -export ANSIBLE_INVENTORY="$(expand_path hosts.ini)" diff --git a/prod/git-jeremydormitzer-com/ansible/hosts.ini b/prod/git-jeremydormitzer-com/ansible/hosts.ini deleted file mode 100644 index da66b1c..0000000 --- a/prod/git-jeremydormitzer-com/ansible/hosts.ini +++ /dev/null @@ -1 +0,0 @@ -git.jeremydormitzer.com \ No newline at end of file diff --git a/prod/git-jeremydormitzer-com/packer/.envrc b/prod/git-jeremydormitzer-com/packer/.envrc new file mode 100644 index 0000000..31ec5d9 --- /dev/null +++ b/prod/git-jeremydormitzer-com/packer/.envrc @@ -0,0 +1,7 @@ +source_up + +export GITEA_MAILGUN_PASSWORD=$(pass noreply@mg.git.jeremydormitzer.com) +export GITEA_LFS_JWT_SECRET=$(pass packer-gitea-lfs-jwt-secret) +export GITEA_SECRET_KEY=$(pass packer-gitea-secret-key) +export GITEA_INTERNAL_TOKEN=$(pass packer-gitea-internal-token) +export GITEA_JWT_SECRET=$(pass packer-gitea-jwt-secret) diff --git a/prod/git-jeremydormitzer-com/packer/.gitignore b/prod/git-jeremydormitzer-com/packer/.gitignore new file mode 100644 index 0000000..0b3b071 --- /dev/null +++ b/prod/git-jeremydormitzer-com/packer/.gitignore @@ -0,0 +1 @@ +files/app.ini \ No newline at end of file diff --git a/prod/git-jeremydormitzer-com/packer/Makefile b/prod/git-jeremydormitzer-com/packer/Makefile new file mode 100644 index 0000000..64eb606 --- /dev/null +++ b/prod/git-jeremydormitzer-com/packer/Makefile @@ -0,0 +1,9 @@ +packer-manifest.json: gitea.json \ + scripts/dependencies.sh \ + files/gitea.service \ + files/app.ini \ + scripts/gitea.sh + packer build gitea.json + +files/app.ini: templates/app.ini.template + sigil -p -f templates/app.ini.template > files/app.ini diff --git a/prod/git-jeremydormitzer-com/packer/files/gitea.service b/prod/git-jeremydormitzer-com/packer/files/gitea.service new file mode 100644 index 0000000..d6bcd7d --- /dev/null +++ b/prod/git-jeremydormitzer-com/packer/files/gitea.service @@ -0,0 +1,74 @@ +[Unit] +Description=Gitea (Git with a cup of tea) +After=syslog.target +After=network.target +### +# Don't forget to add the database service requirements +### +# +#Requires=mysql.service +#Requires=mariadb.service +#Requires=postgresql.service +#Requires=memcached.service +#Requires=redis.service +# +### +# If using socket activation for main http/s +### +# +#After=gitea.main.socket +#Requires=gitea.main.socket +# +### +# (You can also provide gitea an http fallback and/or ssh socket too) +# +# An example of /etc/systemd/system/gitea.main.socket +### +## +## [Unit] +## Description=Gitea Web Socket +## PartOf=gitea.service +## +## [Socket] +## Service=gitea.service +## ListenStream= +## NoDelay=true +## +## [Install] +## WantedBy=sockets.target +## +### + +[Service] +# Modify these two values and uncomment them if you have +# repos with lots of files and get an HTTP error 500 because +# of that +### +#LimitMEMLOCK=infinity +#LimitNOFILE=65535 +RestartSec=2s +Type=simple +User=git +Group=git +WorkingDirectory=/var/lib/gitea/ +# If using Unix socket: tells systemd to create the /run/gitea folder, which will contain the gitea.sock file +# (manually creating /run/gitea doesn't work, because it would not persist across reboots) +#RuntimeDirectory=gitea +ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini +Restart=always +Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea +# If you install Git to directory prefix other than default PATH (which happens +# for example if you install other versions of Git side-to-side with +# distribution version), uncomment below line and add that prefix to PATH +# Don't forget to place git-lfs binary on the PATH below if you want to enable +# Git LFS support +#Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin +# If you want to bind Gitea to a port below 1024, uncomment +# the two values below, or use socket activation to pass Gitea its ports as above +### +#CapabilityBoundingSet=CAP_NET_BIND_SERVICE +#AmbientCapabilities=CAP_NET_BIND_SERVICE +### + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/prod/git-jeremydormitzer-com/packer/gitea.json b/prod/git-jeremydormitzer-com/packer/gitea.json new file mode 100644 index 0000000..b69f468 --- /dev/null +++ b/prod/git-jeremydormitzer-com/packer/gitea.json @@ -0,0 +1,37 @@ +{ + "builders": [ + { + "type": "digitalocean", + "image": "ubuntu-20-04-x64", + "region": "nyc1", + "size": "s-1vcpu-1gb", + "snapshot_name": "packer-gitea-{{timestamp}}", + "ssh_username": "root" + } + ], + "provisioners": [ + { + "type": "shell", + "script": "scripts/dependencies.sh" + }, + { + "type": "file", + "source": "files/app.ini", + "destination": "/tmp/app.ini" + }, + { + "type": "file", + "source": "files/gitea.service", + "destination": "/tmp/gitea.service" + }, + { + "type": "shell", + "script": "scripts/gitea.sh" + } + ], + "post-processors": [ + { + "type": "manifest" + } + ] +} diff --git a/prod/git-jeremydormitzer-com/packer/packer-manifest.json b/prod/git-jeremydormitzer-com/packer/packer-manifest.json new file mode 100644 index 0000000..2a33bf3 --- /dev/null +++ b/prod/git-jeremydormitzer-com/packer/packer-manifest.json @@ -0,0 +1,50 @@ +{ + "builds": [ + { + "name": "digitalocean", + "builder_type": "digitalocean", + "build_time": 1611352765, + "files": null, + "artifact_id": "nyc1:77396506", + "packer_run_uuid": "a93bca03-f67e-e630-7606-c12222ae21db", + "custom_data": null + }, + { + "name": "digitalocean", + "builder_type": "digitalocean", + "build_time": 1611355972, + "files": null, + "artifact_id": "nyc1:77399380", + "packer_run_uuid": "2c306ac5-20fe-3e4e-9329-c62b03621d95", + "custom_data": null + }, + { + "name": "digitalocean", + "builder_type": "digitalocean", + "build_time": 1611356707, + "files": null, + "artifact_id": "nyc1:77400402", + "packer_run_uuid": "1d401331-1f3f-cfaa-d610-66f06eef5986", + "custom_data": null + }, + { + "name": "digitalocean", + "builder_type": "digitalocean", + "build_time": 1611357084, + "files": null, + "artifact_id": "nyc1:77400747", + "packer_run_uuid": "c40a3d6a-e3a8-099a-1bd1-86f4026a158f", + "custom_data": null + }, + { + "name": "digitalocean", + "builder_type": "digitalocean", + "build_time": 1611357475, + "files": null, + "artifact_id": "nyc1:77401090", + "packer_run_uuid": "2b450ccd-716f-5c9c-20da-662e79a0b929", + "custom_data": null + } + ], + "last_run_uuid": "2b450ccd-716f-5c9c-20da-662e79a0b929" +} \ No newline at end of file diff --git a/prod/git-jeremydormitzer-com/packer/scripts/dependencies.sh b/prod/git-jeremydormitzer-com/packer/scripts/dependencies.sh new file mode 100644 index 0000000..e9a257b --- /dev/null +++ b/prod/git-jeremydormitzer-com/packer/scripts/dependencies.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash + +set -ex + +sudo apt-get update +sudo apt-get install -y git diff --git a/prod/git-jeremydormitzer-com/packer/scripts/gitea.sh b/prod/git-jeremydormitzer-com/packer/scripts/gitea.sh new file mode 100644 index 0000000..91db7e3 --- /dev/null +++ b/prod/git-jeremydormitzer-com/packer/scripts/gitea.sh @@ -0,0 +1,28 @@ +#!/usr/bin/env bash + +set -ex + +adduser \ + --system \ + --shell /bin/bash \ + --gecos 'Git Version Control' \ + --group \ + --disabled-password \ + --home /home/git \ + git + +mkdir -p /var/lib/gitea/{custom,data,log} +chown -R git:git /var/lib/gitea/ +chmod -R 750 /var/lib/gitea/ +mkdir /etc/gitea +mv /tmp/app.ini /etc/gitea/app.ini +chown -R root:git /etc/gitea +chmod 770 /etc/gitea +chmod 660 /etc/gitea/app.ini + +wget -O gitea https://dl.gitea.io/gitea/1.13.1/gitea-1.13.1-linux-amd64 +chmod +x gitea +mv gitea /usr/local/bin/ + +mv /tmp/gitea.service /etc/systemd/system/gitea.service +systemctl enable gitea diff --git a/prod/git-jeremydormitzer-com/packer/templates/app.ini.template b/prod/git-jeremydormitzer-com/packer/templates/app.ini.template new file mode 100644 index 0000000..9aaf5e7 --- /dev/null +++ b/prod/git-jeremydormitzer-com/packer/templates/app.ini.template @@ -0,0 +1,75 @@ +APP_NAME = Jeremy Dormitzer's Git Forge +RUN_USER = git +RUN_MODE = prod + +[oauth2] +JWT_SECRET = ${GITEA_JWT_SECRET:?} + +[security] +INTERNAL_TOKEN = ${GITEA_INTERNAL_TOKEN:?} +SECRET_KEY = ${GITEA_SECRET_KEY:?} + +[database] +DB_TYPE = sqlite3 +HOST = 127.0.0.1:3306 +NAME = gitea +USER = gitea +PASSWD = +SCHEMA = +SSL_MODE = disable +CHARSET = utf8 +PATH = /var/lib/gitea/data/gitea.db +LOG_SQL = false + +[repository] +ROOT = /home/git/gitea-repositories + +[server] +SSH_DOMAIN = git.jeremydormitzer.com +DOMAIN = git.jeremydormitzer.com +HTTP_PORT = 3000 +ROOT_URL = https://git.jeremydormitzer.com/ +DISABLE_SSH = false +SSH_PORT = 22 +LFS_START_SERVER = true +LFS_CONTENT_PATH = /var/lib/gitea/data/lfs +LFS_JWT_SECRET = ${GITEA_LFS_JWT_SECRET:?} +OFFLINE_MODE = false + +[mailer] +ENABLED = true +HOST = smtp.mailgun.org:587 +FROM = Jeremy Dormitzer's Git Forge +USER = noreply@mg.git.jeremydormitzer.com +PASSWD = ${GITEA_MAILGUN_PASSWORD:?} + +[service] +REGISTER_EMAIL_CONFIRM = true +ENABLE_NOTIFY_MAIL = true +DISABLE_REGISTRATION = true +ALLOW_ONLY_EXTERNAL_REGISTRATION = false +ENABLE_CAPTCHA = false +REQUIRE_SIGNIN_VIEW = false +DEFAULT_KEEP_EMAIL_PRIVATE = false +DEFAULT_ALLOW_CREATE_ORGANIZATION = true +DEFAULT_ENABLE_TIMETRACKING = true +NO_REPLY_ADDRESS = noreply.localhost + +[picture] +DISABLE_GRAVATAR = false +ENABLE_FEDERATED_AVATAR = true + +[openid] +ENABLE_OPENID_SIGNIN = true +ENABLE_OPENID_SIGNUP = false + +[session] +PROVIDER = file + +[log] +MODE = console +LEVEL = info +ROOT_PATH = /var/lib/gitea/log +REDIRECT_MACARON_LOG = true +MACARON = console +ROUTER = console \ No newline at end of file diff --git a/prod/git-jeremydormitzer-com/terraform/.terraform.lock.hcl b/prod/git-jeremydormitzer-com/terraform/.terraform.lock.hcl index f7f7ed8..3cc9bda 100755 --- a/prod/git-jeremydormitzer-com/terraform/.terraform.lock.hcl +++ b/prod/git-jeremydormitzer-com/terraform/.terraform.lock.hcl @@ -21,3 +21,20 @@ provider "registry.terraform.io/digitalocean/digitalocean" { "zh:fee52e736edc5ef4088cedae6507790f35e4ee8a078bff1ef894a51dd65d058d", ] } + +provider "registry.terraform.io/hashicorp/local" { + version = "2.0.0" + hashes = [ + "h1:pO1ANXtOCRfecKsY9Hn4UsXoPBLv6LFiDIEiS1MZ09E=", + "zh:34ce8b79493ace8333d094752b579ccc907fa9392a2c1d6933a6c95d0786d3f1", + "zh:5c5a19c4f614a4ffb68bae0b0563f3860115cf7539b8adc21108324cfdc10092", + "zh:67ddb1ca2cd3e1a8f948302597ceb967f19d2eeb2d125303493667388fe6330e", + "zh:68e6b16f3a8e180fcba1a99754118deb2d82331b51f6cca39f04518339bfdfa6", + "zh:8393a12eb11598b2799d51c9b0a922a3d9fadda5a626b94a1b4914086d53120e", + "zh:90daea4b2010a86f2aca1e3a9590e0b3ddcab229c2bd3685fae76a832e9e836f", + "zh:99308edc734a0ac9149b44f8e316ca879b2670a1cae387a8ae754c180b57cdb4", + "zh:c76594db07a9d1a73372a073888b672df64adb455d483c2426cc220eda7e092e", + "zh:dc09c1fb36c6a706bdac96cce338952888c8423978426a09f5df93031aa88b84", + "zh:deda88134e9780319e8de91b3745520be48ead6ec38cb662694d09185c3dac70", + ] +} diff --git a/prod/git-jeremydormitzer-com/terraform/main.tf b/prod/git-jeremydormitzer-com/terraform/main.tf index 1c05446..9ff1ad8 100644 --- a/prod/git-jeremydormitzer-com/terraform/main.tf +++ b/prod/git-jeremydormitzer-com/terraform/main.tf @@ -12,3 +12,11 @@ resource "digitalocean_droplet" "git_jeremydormitzer_com" { backups = true tags = ["terraform"] } + +module "packer_droplet" { + source = "../../../terraform-modules/packer_droplet" + name = "gitea" + do_token = var.do_token + spaces_access_id = var.spaces_access_id + spaces_secret_key = var.spaces_secret_key +} diff --git a/prod/git-jeremydormitzer-com/terraform/outputs.tf b/prod/git-jeremydormitzer-com/terraform/outputs.tf index 2954a17..122d3a9 100644 --- a/prod/git-jeremydormitzer-com/terraform/outputs.tf +++ b/prod/git-jeremydormitzer-com/terraform/outputs.tf @@ -5,3 +5,11 @@ output "git_ip_address" { output "git_urn" { value = digitalocean_droplet.git_jeremydormitzer_com.urn } + +output "gitea_ip_address" { + value = module.packer_droplet.droplet_ip_address +} + +output "gitea_urn" { + value = module.packer_droplet.droplet_urn +} From 1b1eb94aeeaec285cbad8d11509678b44a71630c Mon Sep 17 00:00:00 2001 From: Jeremy Dormitzer Date: Mon, 25 Jan 2021 10:20:18 -0500 Subject: [PATCH 2/7] Switch to .env.local files instead of using pass directly in direnv --- .envrc | 8 ++--- .gitignore | 2 +- prod/git-jeremydormitzer-com/packer/.envrc | 17 +++++++--- prod/jdormit-website-netlify/terraform/.envrc | 9 +++++- prod/justin-ghost-site/ansible/.envrc | 1 - prod/justin-ghost-site/ansible/hosts.ini | 1 - prod/syncthing/packer/.envrc | 19 ++++++++---- prod/wallabag/packer/.envrc | 31 ++++++++++++------- 8 files changed, 57 insertions(+), 31 deletions(-) delete mode 100644 prod/justin-ghost-site/ansible/.envrc delete mode 100644 prod/justin-ghost-site/ansible/hosts.ini diff --git a/.envrc b/.envrc index 402262d..3560150 100644 --- a/.envrc +++ b/.envrc @@ -1,9 +1,9 @@ PATH_add bin -export TF_VAR_do_token=$(pass jdormit-infra-do-token) -export DIGITALOCEAN_API_TOKEN=$(pass jdormit-infra-do-token) -export TF_VAR_spaces_access_id=$(pass jdormit-infra-spaces-access-id) -export TF_VAR_spaces_secret_key=$(pass jdormit-infra-spaces-secret-key) +# export TF_VAR_do_token=$(pass jdormit-infra-do-token) +# export DIGITALOCEAN_API_TOKEN=$(pass jdormit-infra-do-token) +# export TF_VAR_spaces_access_id=$(pass jdormit-infra-spaces-access-id) +# export TF_VAR_spaces_secret_key=$(pass jdormit-infra-spaces-secret-key) if [ -f ".env.local" ]; then echo "sourcing .env.local" diff --git a/.gitignore b/.gitignore index d1d76e7..13728e2 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ -/.env.local +.env.local /backend-config.tf */**/.terraform *.tfstate* diff --git a/prod/git-jeremydormitzer-com/packer/.envrc b/prod/git-jeremydormitzer-com/packer/.envrc index 31ec5d9..021a79e 100644 --- a/prod/git-jeremydormitzer-com/packer/.envrc +++ b/prod/git-jeremydormitzer-com/packer/.envrc @@ -1,7 +1,14 @@ source_up -export GITEA_MAILGUN_PASSWORD=$(pass noreply@mg.git.jeremydormitzer.com) -export GITEA_LFS_JWT_SECRET=$(pass packer-gitea-lfs-jwt-secret) -export GITEA_SECRET_KEY=$(pass packer-gitea-secret-key) -export GITEA_INTERNAL_TOKEN=$(pass packer-gitea-internal-token) -export GITEA_JWT_SECRET=$(pass packer-gitea-jwt-secret) +# export GITEA_MAILGUN_PASSWORD=$(pass noreply@mg.git.jeremydormitzer.com) +# export GITEA_LFS_JWT_SECRET=$(pass packer-gitea-lfs-jwt-secret) +# export GITEA_SECRET_KEY=$(pass packer-gitea-secret-key) +# export GITEA_INTERNAL_TOKEN=$(pass packer-gitea-internal-token) +# export GITEA_JWT_SECRET=$(pass packer-gitea-jwt-secret) + +if [ -f ".env.local" ]; then + echo "sourcing .env.local" + set -a + source ".env.local" + set +a +fi diff --git a/prod/jdormit-website-netlify/terraform/.envrc b/prod/jdormit-website-netlify/terraform/.envrc index fdf9587..185907a 100644 --- a/prod/jdormit-website-netlify/terraform/.envrc +++ b/prod/jdormit-website-netlify/terraform/.envrc @@ -1,3 +1,10 @@ source_up -export TF_VAR_netlify_token=$(pass netlify-terraform-access-token) +# export TF_VAR_netlify_token=$(pass netlify-terraform-access-token) + +if [ -f ".env.local" ]; then + echo "sourcing .env.local" + set -a + source ".env.local" + set +a +fi diff --git a/prod/justin-ghost-site/ansible/.envrc b/prod/justin-ghost-site/ansible/.envrc deleted file mode 100644 index 0512d72..0000000 --- a/prod/justin-ghost-site/ansible/.envrc +++ /dev/null @@ -1 +0,0 @@ -export ANSIBLE_INVENTORY="$(expand_path hosts.ini)" diff --git a/prod/justin-ghost-site/ansible/hosts.ini b/prod/justin-ghost-site/ansible/hosts.ini deleted file mode 100644 index f563a28..0000000 --- a/prod/justin-ghost-site/ansible/hosts.ini +++ /dev/null @@ -1 +0,0 @@ -justindormitzer.com ansible_host=167.71.186.105 ansible_user=root \ No newline at end of file diff --git a/prod/syncthing/packer/.envrc b/prod/syncthing/packer/.envrc index c4eb045..6ab305a 100644 --- a/prod/syncthing/packer/.envrc +++ b/prod/syncthing/packer/.envrc @@ -1,8 +1,15 @@ source_up -export SYNCTHING_USER=$(pass packer-syncthing-user) -export SYNCTHING_PW=$(pass packer-syncthing-pw) -export SYNCTHING_API_KEY=$(pass packer-syncthing-api-key) -export SYNCTHING_CERT_PEM=$(pass packer-syncthing-cert.pem) -export SYNCTHING_KEY_PEM=$(pass packer-syncthing-key.pem) -export CERTBOT_EMAIL=$(pass certbot-email) +# export SYNCTHING_USER=$(pass packer-syncthing-user) +# export SYNCTHING_PW=$(pass packer-syncthing-pw) +# export SYNCTHING_API_KEY=$(pass packer-syncthing-api-key) +# export SYNCTHING_CERT_PEM=$(pass packer-syncthing-cert.pem) +# export SYNCTHING_KEY_PEM=$(pass packer-syncthing-key.pem) +# export CERTBOT_EMAIL=$(pass certbot-email) + +if [ -f ".env.local" ]; then + echo "sourcing .env.local" + set -a + source ".env.local" + set +a +fi diff --git a/prod/wallabag/packer/.envrc b/prod/wallabag/packer/.envrc index 9e78ee2..c2bdd0d 100644 --- a/prod/wallabag/packer/.envrc +++ b/prod/wallabag/packer/.envrc @@ -1,14 +1,21 @@ source_up -export WALLABAG_MAILGUN_PASSWORD=$(pass packer-wallabag-mailgun-password) -export WALLABAG_SECRET=$(pass packer-wallabag-secret) -export WALLABAG_PASSWORD=$(pass wallabag.jeremydormitzer.com) -export WALLABAG_WALLABAGER_ID=$(pass packer-wallabag-wallabager-id) -export WALLABAG_WALLABAGER_SECRET=$(pass packer-wallabag-wallabager-secret) -export WALLABAG_ANDROID_APP_ID=$(pass packer-wallabag-android-app-id) -export WALLABAG_ANDROID_APP_SECRET=$(pass packer-wallabag-android-app-secret) -export WALLABAG_IPAD_ID=$(pass packer-wallabag-ipad-id) -export WALLABAG_IPAD_SECRET=$(pass packer-wallabag-ipad-secret) -export WALLABAG_WALLABAG_EL_ID=$(pass packer-wallabag-wallabag.el-id) -export WALLABAG_WALLABAG_EL_SECRET=$(pass packer-wallabag-wallabag.el-secret) -export CERTBOT_EMAIL=$(pass certbot-email) +# export WALLABAG_MAILGUN_PASSWORD=$(pass packer-wallabag-mailgun-password) +# export WALLABAG_SECRET=$(pass packer-wallabag-secret) +# export WALLABAG_PASSWORD=$(pass wallabag.jeremydormitzer.com) +# export WALLABAG_WALLABAGER_ID=$(pass packer-wallabag-wallabager-id) +# export WALLABAG_WALLABAGER_SECRET=$(pass packer-wallabag-wallabager-secret) +# export WALLABAG_ANDROID_APP_ID=$(pass packer-wallabag-android-app-id) +# export WALLABAG_ANDROID_APP_SECRET=$(pass packer-wallabag-android-app-secret) +# export WALLABAG_IPAD_ID=$(pass packer-wallabag-ipad-id) +# export WALLABAG_IPAD_SECRET=$(pass packer-wallabag-ipad-secret) +# export WALLABAG_WALLABAG_EL_ID=$(pass packer-wallabag-wallabag.el-id) +# export WALLABAG_WALLABAG_EL_SECRET=$(pass packer-wallabag-wallabag.el-secret) +# export CERTBOT_EMAIL=$(pass certbot-email) + +if [ -f ".env.local" ]; then + echo "sourcing .env.local" + set -a + source ".env.local" + set +a +fi From 0843cccd5094e080ea2d29ec7426aaabea21a501 Mon Sep 17 00:00:00 2001 From: Jeremy Dormitzer Date: Mon, 25 Jan 2021 17:56:15 -0500 Subject: [PATCH 3/7] Add nginx+https and volume to gitea --- prod/git-jeremydormitzer-com/packer/.envrc | 1 + .../git-jeremydormitzer-com/packer/.gitignore | 4 +- prod/git-jeremydormitzer-com/packer/Makefile | 32 ++++++- .../packer/files/gitea-nginx.conf | 28 +++++++ .../packer/files/gitea.service | 4 +- .../git-jeremydormitzer-com/packer/gitea.json | 23 +++++ .../packer/packer-manifest.json | 83 ++++++++++++++++++- .../packer/scripts/dependencies.sh | 2 +- .../packer/scripts/gitea.sh | 3 - .../packer/scripts/nginx.sh | 16 ++++ .../packer/scripts/volume.sh | 7 ++ .../packer/templates/app.ini.template | 10 ++- .../packer/templates/do.ini.template | 1 + .../git-jeremydormitzer-com/terraform/main.tf | 19 +++++ 14 files changed, 220 insertions(+), 13 deletions(-) create mode 100644 prod/git-jeremydormitzer-com/packer/files/gitea-nginx.conf create mode 100644 prod/git-jeremydormitzer-com/packer/scripts/nginx.sh create mode 100644 prod/git-jeremydormitzer-com/packer/scripts/volume.sh create mode 100644 prod/git-jeremydormitzer-com/packer/templates/do.ini.template diff --git a/prod/git-jeremydormitzer-com/packer/.envrc b/prod/git-jeremydormitzer-com/packer/.envrc index 021a79e..31e4204 100644 --- a/prod/git-jeremydormitzer-com/packer/.envrc +++ b/prod/git-jeremydormitzer-com/packer/.envrc @@ -5,6 +5,7 @@ source_up # export GITEA_SECRET_KEY=$(pass packer-gitea-secret-key) # export GITEA_INTERNAL_TOKEN=$(pass packer-gitea-internal-token) # export GITEA_JWT_SECRET=$(pass packer-gitea-jwt-secret) +# export CERTBOT_EMAIL=$(pass certbot-email) if [ -f ".env.local" ]; then echo "sourcing .env.local" diff --git a/prod/git-jeremydormitzer-com/packer/.gitignore b/prod/git-jeremydormitzer-com/packer/.gitignore index 0b3b071..6f7c105 100644 --- a/prod/git-jeremydormitzer-com/packer/.gitignore +++ b/prod/git-jeremydormitzer-com/packer/.gitignore @@ -1 +1,3 @@ -files/app.ini \ No newline at end of file +files/app.ini +tmp/ +certbot/ \ No newline at end of file diff --git a/prod/git-jeremydormitzer-com/packer/Makefile b/prod/git-jeremydormitzer-com/packer/Makefile index 64eb606..2975d85 100644 --- a/prod/git-jeremydormitzer-com/packer/Makefile +++ b/prod/git-jeremydormitzer-com/packer/Makefile @@ -1,9 +1,39 @@ +.PHONY: reissue-certs + packer-manifest.json: gitea.json \ scripts/dependencies.sh \ + scripts/volume.sh \ files/gitea.service \ files/app.ini \ - scripts/gitea.sh + scripts/gitea.sh \ + files/gitea-nginx.conf \ + scripts/nginx.sh \ + certbot/live/git.jeremydormitzer.com/fullchain.pem \ + certbot/live/git.jeremydormitzer.com/privkey.pem packer build gitea.json files/app.ini: templates/app.ini.template sigil -p -f templates/app.ini.template > files/app.ini + +certbot/live/git.jeremydormitzer.com/fullchain.pem certbot/live/git.jeremydormitzer.com/privkey.pem &: tmp/do.ini + certbot certonly -n \ + --agree-tos \ + --email ${CERTBOT_EMAIL} \ + --dns-digitalocean \ + --dns-digitalocean-credentials tmp/do.ini \ + --config-dir ./certbot \ + --work-dir ./certbot \ + --logs-dir ./certbot \ + -d git.jeremydormitzer.com + + +tmp/do.ini: templates/do.ini.template tmp + sigil -p -f templates/do.ini.template > tmp/do.ini + chmod 600 tmp/do.ini + +tmp: + mkdir tmp + +reissue-certs: + rm -rf certbot + make diff --git a/prod/git-jeremydormitzer-com/packer/files/gitea-nginx.conf b/prod/git-jeremydormitzer-com/packer/files/gitea-nginx.conf new file mode 100644 index 0000000..9353285 --- /dev/null +++ b/prod/git-jeremydormitzer-com/packer/files/gitea-nginx.conf @@ -0,0 +1,28 @@ +server { + listen [::]:443 ssl ipv6only=on; + listen 443 ssl; + + ssl_certificate /var/www/gitea/fullchain.pem; + ssl_certificate_key /var/www/gitea/privkey.pem; + + ssl_session_cache shared:le_nginx_SSL:1m; + ssl_session_timeout 1440m; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + + ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"; + + error_log /var/log/nginx/gitea_error.log; + access_log /var/log/nginx/gitea_access.log; + + location / { + proxy_pass http://localhost:3000; + } +} + +server { + listen 80; + listen [::]:80; + return 301 https://$host$request_uri; +} \ No newline at end of file diff --git a/prod/git-jeremydormitzer-com/packer/files/gitea.service b/prod/git-jeremydormitzer-com/packer/files/gitea.service index d6bcd7d..6226843 100644 --- a/prod/git-jeremydormitzer-com/packer/files/gitea.service +++ b/prod/git-jeremydormitzer-com/packer/files/gitea.service @@ -50,13 +50,13 @@ RestartSec=2s Type=simple User=git Group=git -WorkingDirectory=/var/lib/gitea/ +WorkingDirectory=/mnt/gitea/ # If using Unix socket: tells systemd to create the /run/gitea folder, which will contain the gitea.sock file # (manually creating /run/gitea doesn't work, because it would not persist across reboots) #RuntimeDirectory=gitea ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini Restart=always -Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea +Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/mnt/gitea # If you install Git to directory prefix other than default PATH (which happens # for example if you install other versions of Git side-to-side with # distribution version), uncomment below line and add that prefix to PATH diff --git a/prod/git-jeremydormitzer-com/packer/gitea.json b/prod/git-jeremydormitzer-com/packer/gitea.json index b69f468..a77da3e 100644 --- a/prod/git-jeremydormitzer-com/packer/gitea.json +++ b/prod/git-jeremydormitzer-com/packer/gitea.json @@ -14,6 +14,10 @@ "type": "shell", "script": "scripts/dependencies.sh" }, + { + "type": "shell", + "script": "scripts/volume.sh" + }, { "type": "file", "source": "files/app.ini", @@ -27,6 +31,25 @@ { "type": "shell", "script": "scripts/gitea.sh" + }, + { + "type": "file", + "source": "files/gitea-nginx.conf", + "destination": "/tmp/gitea-nginx.conf" + }, + { + "type": "file", + "source": "certbot/live/git.jeremydormitzer.com/fullchain.pem", + "destination": "/tmp/fullchain.pem" + }, + { + "type": "file", + "source": "certbot/live/git.jeremydormitzer.com/privkey.pem", + "destination": "/tmp/privkey.pem" + }, + { + "type": "shell", + "script": "scripts/nginx.sh" } ], "post-processors": [ diff --git a/prod/git-jeremydormitzer-com/packer/packer-manifest.json b/prod/git-jeremydormitzer-com/packer/packer-manifest.json index 2a33bf3..5005ad4 100644 --- a/prod/git-jeremydormitzer-com/packer/packer-manifest.json +++ b/prod/git-jeremydormitzer-com/packer/packer-manifest.json @@ -44,7 +44,88 @@ "artifact_id": "nyc1:77401090", "packer_run_uuid": "2b450ccd-716f-5c9c-20da-662e79a0b929", "custom_data": null + }, + { + "name": "digitalocean", + "builder_type": "digitalocean", + "build_time": 1611589317, + "files": null, + "artifact_id": "nyc1:77556065", + "packer_run_uuid": "e2582fd0-50a1-ff12-55d4-e2b8c3d8f219", + "custom_data": null + }, + { + "name": "digitalocean", + "builder_type": "digitalocean", + "build_time": 1611590422, + "files": null, + "artifact_id": "nyc1:77556468", + "packer_run_uuid": "fc433d91-57be-76b1-8556-9db7db2bec1a", + "custom_data": null + }, + { + "name": "digitalocean", + "builder_type": "digitalocean", + "build_time": 1611592717, + "files": null, + "artifact_id": "nyc1:77557404", + "packer_run_uuid": "263c77ab-063b-0cdc-fa3b-2ade99fc7c13", + "custom_data": null + }, + { + "name": "digitalocean", + "builder_type": "digitalocean", + "build_time": 1611593408, + "files": null, + "artifact_id": "nyc1:77557615", + "packer_run_uuid": "19edc202-d12a-44ac-45ca-b4bb7ad9b50d", + "custom_data": null + }, + { + "name": "digitalocean", + "builder_type": "digitalocean", + "build_time": 1611597797, + "files": null, + "artifact_id": "nyc1:77559148", + "packer_run_uuid": "e6bf1c31-9406-7aec-c5b4-e1a7e43bb712", + "custom_data": null + }, + { + "name": "digitalocean", + "builder_type": "digitalocean", + "build_time": 1611598412, + "files": null, + "artifact_id": "nyc1:77559258", + "packer_run_uuid": "808d4681-7b0f-cda7-9dde-fc47861f18c5", + "custom_data": null + }, + { + "name": "digitalocean", + "builder_type": "digitalocean", + "build_time": 1611599594, + "files": null, + "artifact_id": "nyc1:77560033", + "packer_run_uuid": "dfbec72e-764d-5f5c-8a58-f82102f1b295", + "custom_data": null + }, + { + "name": "digitalocean", + "builder_type": "digitalocean", + "build_time": 1611608782, + "files": null, + "artifact_id": "nyc1:77566816", + "packer_run_uuid": "88d9d9f3-e664-2d8b-fafb-8c0a63bdc418", + "custom_data": null + }, + { + "name": "digitalocean", + "builder_type": "digitalocean", + "build_time": 1611613275, + "files": null, + "artifact_id": "nyc1:77570642", + "packer_run_uuid": "c224b88a-0de7-6e4e-7057-c45a0521ee64", + "custom_data": null } ], - "last_run_uuid": "2b450ccd-716f-5c9c-20da-662e79a0b929" + "last_run_uuid": "c224b88a-0de7-6e4e-7057-c45a0521ee64" } \ No newline at end of file diff --git a/prod/git-jeremydormitzer-com/packer/scripts/dependencies.sh b/prod/git-jeremydormitzer-com/packer/scripts/dependencies.sh index e9a257b..5955e1a 100644 --- a/prod/git-jeremydormitzer-com/packer/scripts/dependencies.sh +++ b/prod/git-jeremydormitzer-com/packer/scripts/dependencies.sh @@ -3,4 +3,4 @@ set -ex sudo apt-get update -sudo apt-get install -y git +sudo apt-get install -y git bindfs diff --git a/prod/git-jeremydormitzer-com/packer/scripts/gitea.sh b/prod/git-jeremydormitzer-com/packer/scripts/gitea.sh index 91db7e3..17d3a51 100644 --- a/prod/git-jeremydormitzer-com/packer/scripts/gitea.sh +++ b/prod/git-jeremydormitzer-com/packer/scripts/gitea.sh @@ -11,9 +11,6 @@ adduser \ --home /home/git \ git -mkdir -p /var/lib/gitea/{custom,data,log} -chown -R git:git /var/lib/gitea/ -chmod -R 750 /var/lib/gitea/ mkdir /etc/gitea mv /tmp/app.ini /etc/gitea/app.ini chown -R root:git /etc/gitea diff --git a/prod/git-jeremydormitzer-com/packer/scripts/nginx.sh b/prod/git-jeremydormitzer-com/packer/scripts/nginx.sh new file mode 100644 index 0000000..a9d6244 --- /dev/null +++ b/prod/git-jeremydormitzer-com/packer/scripts/nginx.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash + +set -ex + +sudo apt-get install -y nginx +sudo mv /tmp/gitea-nginx.conf /etc/nginx/sites-available/gitea.conf +sudo ln -s /etc/nginx/sites-available/gitea.conf \ + /etc/nginx/sites-enabled/ +sudo unlink /etc/nginx/sites-enabled/default + +sudo mkdir -p /var/www/gitea +sudo mv /tmp/fullchain.pem /var/www/gitea/fullchain.pem +sudo mv /tmp/privkey.pem /var/www/gitea/privkey.pem +chown www-data:www-data /var/www/gitea/{fullchain,privkey}.pem + +sudo systemctl enable nginx diff --git a/prod/git-jeremydormitzer-com/packer/scripts/volume.sh b/prod/git-jeremydormitzer-com/packer/scripts/volume.sh new file mode 100644 index 0000000..8687fcd --- /dev/null +++ b/prod/git-jeremydormitzer-com/packer/scripts/volume.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +set -ex + +sudo echo "/dev/disk/by-label/gitea-volume /mnt/gitea-volume ext4 defaults,nofail,discard,noatime 0 2" >> /etc/fstab +sudo echo "/mnt/gitea-volume /mnt/gitea fuse.bindfs force-user=git,force-group=git 0 0" >> /etc/fstab +sudo echo "/mnt/gitea/.ssh /home/git/.ssh fuse.bindfs force-user=git,force-group=git,perms=700" >> /etc/fstab diff --git a/prod/git-jeremydormitzer-com/packer/templates/app.ini.template b/prod/git-jeremydormitzer-com/packer/templates/app.ini.template index 9aaf5e7..fa3001f 100644 --- a/prod/git-jeremydormitzer-com/packer/templates/app.ini.template +++ b/prod/git-jeremydormitzer-com/packer/templates/app.ini.template @@ -6,6 +6,7 @@ RUN_MODE = prod JWT_SECRET = ${GITEA_JWT_SECRET:?} [security] +INSTALL_LOCK = true INTERNAL_TOKEN = ${GITEA_INTERNAL_TOKEN:?} SECRET_KEY = ${GITEA_SECRET_KEY:?} @@ -18,11 +19,12 @@ PASSWD = SCHEMA = SSL_MODE = disable CHARSET = utf8 -PATH = /var/lib/gitea/data/gitea.db +PATH = /mnt/gitea/gitea.db LOG_SQL = false [repository] -ROOT = /home/git/gitea-repositories +ROOT = /mnt/gitea/gitea-repositories +ENABLE_PUSH_CREATE_USER = true [server] SSH_DOMAIN = git.jeremydormitzer.com @@ -32,7 +34,7 @@ ROOT_URL = https://git.jeremydormitzer.com/ DISABLE_SSH = false SSH_PORT = 22 LFS_START_SERVER = true -LFS_CONTENT_PATH = /var/lib/gitea/data/lfs +LFS_CONTENT_PATH = /mnt/gitea/lfs LFS_JWT_SECRET = ${GITEA_LFS_JWT_SECRET:?} OFFLINE_MODE = false @@ -69,7 +71,7 @@ PROVIDER = file [log] MODE = console LEVEL = info -ROOT_PATH = /var/lib/gitea/log +ROOT_PATH = /mnt/gitea/log REDIRECT_MACARON_LOG = true MACARON = console ROUTER = console \ No newline at end of file diff --git a/prod/git-jeremydormitzer-com/packer/templates/do.ini.template b/prod/git-jeremydormitzer-com/packer/templates/do.ini.template new file mode 100644 index 0000000..7c6ec3f --- /dev/null +++ b/prod/git-jeremydormitzer-com/packer/templates/do.ini.template @@ -0,0 +1 @@ +dns_digitalocean_token = ${DIGITALOCEAN_API_TOKEN:?} \ No newline at end of file diff --git a/prod/git-jeremydormitzer-com/terraform/main.tf b/prod/git-jeremydormitzer-com/terraform/main.tf index 9ff1ad8..0fc00ea 100644 --- a/prod/git-jeremydormitzer-com/terraform/main.tf +++ b/prod/git-jeremydormitzer-com/terraform/main.tf @@ -20,3 +20,22 @@ module "packer_droplet" { spaces_access_id = var.spaces_access_id spaces_secret_key = var.spaces_secret_key } + +resource "digitalocean_volume" "gitea_volume" { + name = "gitea-volume" + description = "The volume to hold Gitea repositories and data" + region = "nyc1" + size = 20 + initial_filesystem_label = "gitea-volume" + initial_filesystem_type = "ext4" + tags = ["terraform"] + + lifecycle { + prevent_destroy = true + } +} + +resource "digitalocean_volume_attachment" "gitea" { + droplet_id = module.packer_droplet.droplet_id + volume_id = digitalocean_volume.gitea_volume.id +} From d4fec2d74922df42444e0fe0ce9eb5e97487cbb3 Mon Sep 17 00:00:00 2001 From: Jeremy Dormitzer Date: Tue, 26 Jan 2021 20:50:32 -0500 Subject: [PATCH 4/7] Point git.jeremydormitzer.com at packer-ized gitea --- mgmt/do-jeremydormitzer-com/terraform/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mgmt/do-jeremydormitzer-com/terraform/main.tf b/mgmt/do-jeremydormitzer-com/terraform/main.tf index c635005..b5aade0 100644 --- a/mgmt/do-jeremydormitzer-com/terraform/main.tf +++ b/mgmt/do-jeremydormitzer-com/terraform/main.tf @@ -46,7 +46,7 @@ resource "digitalocean_record" "git" { domain = digitalocean_domain.jeremydormitzer_com.name type = "A" name = "git" - value = data.terraform_remote_state.git_jeremydormitzer_com.outputs.git_ip_address + value = data.terraform_remote_state.git_jeremydormitzer_com.outputs.gitea_ip_address ttl = 3600 } From 0da8e4b6d25f2965edf5f6c025424dc8ac0e183b Mon Sep 17 00:00:00 2001 From: Jeremy Dormitzer Date: Tue, 26 Jan 2021 21:57:40 -0500 Subject: [PATCH 5/7] Rename git-jeremydormitzer-com -> gitea --- mgmt/do-jeremydormitzer-com/terraform/data.tf | 2 +- mgmt/do-project-jeremydormitzer/terraform/data.tf | 2 +- mgmt/do-project-jeremydormitzer/terraform/main.tf | 5 +++-- prod/{git-jeremydormitzer-com => gitea}/packer/.envrc | 0 prod/{git-jeremydormitzer-com => gitea}/packer/.gitignore | 0 prod/{git-jeremydormitzer-com => gitea}/packer/Makefile | 0 .../packer/files/gitea-nginx.conf | 0 .../packer/files/gitea.service | 0 prod/{git-jeremydormitzer-com => gitea}/packer/gitea.json | 0 .../packer/packer-manifest.json | 0 .../packer/scripts/dependencies.sh | 0 .../packer/scripts/gitea.sh | 0 .../packer/scripts/nginx.sh | 0 .../packer/scripts/volume.sh | 0 .../packer/templates/app.ini.template | 0 .../packer/templates/do.ini.template | 0 .../terraform/.terraform.lock.hcl | 0 prod/{git-jeremydormitzer-com => gitea}/terraform/main.tf | 0 prod/{git-jeremydormitzer-com => gitea}/terraform/outputs.tf | 0 .../terraform/terraform.tf | 2 +- .../terraform/variables.tf | 0 21 files changed, 6 insertions(+), 5 deletions(-) rename prod/{git-jeremydormitzer-com => gitea}/packer/.envrc (100%) rename prod/{git-jeremydormitzer-com => gitea}/packer/.gitignore (100%) rename prod/{git-jeremydormitzer-com => gitea}/packer/Makefile (100%) rename prod/{git-jeremydormitzer-com => gitea}/packer/files/gitea-nginx.conf (100%) rename prod/{git-jeremydormitzer-com => gitea}/packer/files/gitea.service (100%) rename prod/{git-jeremydormitzer-com => gitea}/packer/gitea.json (100%) rename prod/{git-jeremydormitzer-com => gitea}/packer/packer-manifest.json (100%) rename prod/{git-jeremydormitzer-com => gitea}/packer/scripts/dependencies.sh (100%) rename prod/{git-jeremydormitzer-com => gitea}/packer/scripts/gitea.sh (100%) rename prod/{git-jeremydormitzer-com => gitea}/packer/scripts/nginx.sh (100%) rename prod/{git-jeremydormitzer-com => gitea}/packer/scripts/volume.sh (100%) rename prod/{git-jeremydormitzer-com => gitea}/packer/templates/app.ini.template (100%) rename prod/{git-jeremydormitzer-com => gitea}/packer/templates/do.ini.template (100%) rename prod/{git-jeremydormitzer-com => gitea}/terraform/.terraform.lock.hcl (100%) rename prod/{git-jeremydormitzer-com => gitea}/terraform/main.tf (100%) rename prod/{git-jeremydormitzer-com => gitea}/terraform/outputs.tf (100%) rename prod/{git-jeremydormitzer-com => gitea}/terraform/terraform.tf (86%) rename prod/{git-jeremydormitzer-com => gitea}/terraform/variables.tf (100%) diff --git a/mgmt/do-jeremydormitzer-com/terraform/data.tf b/mgmt/do-jeremydormitzer-com/terraform/data.tf index f503fc1..8d58a05 100644 --- a/mgmt/do-jeremydormitzer-com/terraform/data.tf +++ b/mgmt/do-jeremydormitzer-com/terraform/data.tf @@ -9,7 +9,7 @@ data "terraform_remote_state" "git_jeremydormitzer_com" { region = "us-east-1" endpoint = "nyc3.digitaloceanspaces.com" bucket = "jdormit-tf-state" - key = "prod/git-jeremydormitzer-com.tfstate" + key = "prod/gitea.tfstate" } } diff --git a/mgmt/do-project-jeremydormitzer/terraform/data.tf b/mgmt/do-project-jeremydormitzer/terraform/data.tf index 9c59f0e..6da504f 100644 --- a/mgmt/do-project-jeremydormitzer/terraform/data.tf +++ b/mgmt/do-project-jeremydormitzer/terraform/data.tf @@ -24,7 +24,7 @@ data "terraform_remote_state" "git_jeremydormitzer_com" { region = "us-east-1" endpoint = "nyc3.digitaloceanspaces.com" bucket = "jdormit-tf-state" - key = "prod/git-jeremydormitzer-com.tfstate" + key = "prod/gitea.tfstate" } } diff --git a/mgmt/do-project-jeremydormitzer/terraform/main.tf b/mgmt/do-project-jeremydormitzer/terraform/main.tf index 44c5af1..64130d2 100644 --- a/mgmt/do-project-jeremydormitzer/terraform/main.tf +++ b/mgmt/do-project-jeremydormitzer/terraform/main.tf @@ -12,8 +12,9 @@ resource "digitalocean_project" "jeremy_dormitzer" { resources = [ data.terraform_remote_state.jdormit_website.outputs.jdormit_website_urn, data.terraform_remote_state.git_jeremydormitzer_com.outputs.git_urn, - data.terraform_remote_state.syncthing.outputs.syncthing_urn, - data.terraform_remote_state.syncthing.outputs.syncthing_volume_urn, + data.terraform_remote_state.git_jeremydormitzer_com.outputs.gitea_urn, + data.terraform_remote_state.syncthing.outputs.urn, + data.terraform_remote_state.syncthing.outputs.volume_urn, data.terraform_remote_state.justin_ghost_site.outputs.justin_ghost_site_urn, data.terraform_remote_state.jeremydormitzer_com.outputs.jeremydormitzer_com_urn ] diff --git a/prod/git-jeremydormitzer-com/packer/.envrc b/prod/gitea/packer/.envrc similarity index 100% rename from prod/git-jeremydormitzer-com/packer/.envrc rename to prod/gitea/packer/.envrc diff --git a/prod/git-jeremydormitzer-com/packer/.gitignore b/prod/gitea/packer/.gitignore similarity index 100% rename from prod/git-jeremydormitzer-com/packer/.gitignore rename to prod/gitea/packer/.gitignore diff --git a/prod/git-jeremydormitzer-com/packer/Makefile b/prod/gitea/packer/Makefile similarity index 100% rename from prod/git-jeremydormitzer-com/packer/Makefile rename to prod/gitea/packer/Makefile diff --git a/prod/git-jeremydormitzer-com/packer/files/gitea-nginx.conf b/prod/gitea/packer/files/gitea-nginx.conf similarity index 100% rename from prod/git-jeremydormitzer-com/packer/files/gitea-nginx.conf rename to prod/gitea/packer/files/gitea-nginx.conf diff --git a/prod/git-jeremydormitzer-com/packer/files/gitea.service b/prod/gitea/packer/files/gitea.service similarity index 100% rename from prod/git-jeremydormitzer-com/packer/files/gitea.service rename to prod/gitea/packer/files/gitea.service diff --git a/prod/git-jeremydormitzer-com/packer/gitea.json b/prod/gitea/packer/gitea.json similarity index 100% rename from prod/git-jeremydormitzer-com/packer/gitea.json rename to prod/gitea/packer/gitea.json diff --git a/prod/git-jeremydormitzer-com/packer/packer-manifest.json b/prod/gitea/packer/packer-manifest.json similarity index 100% rename from prod/git-jeremydormitzer-com/packer/packer-manifest.json rename to prod/gitea/packer/packer-manifest.json diff --git a/prod/git-jeremydormitzer-com/packer/scripts/dependencies.sh b/prod/gitea/packer/scripts/dependencies.sh similarity index 100% rename from prod/git-jeremydormitzer-com/packer/scripts/dependencies.sh rename to prod/gitea/packer/scripts/dependencies.sh diff --git a/prod/git-jeremydormitzer-com/packer/scripts/gitea.sh b/prod/gitea/packer/scripts/gitea.sh similarity index 100% rename from prod/git-jeremydormitzer-com/packer/scripts/gitea.sh rename to prod/gitea/packer/scripts/gitea.sh diff --git a/prod/git-jeremydormitzer-com/packer/scripts/nginx.sh b/prod/gitea/packer/scripts/nginx.sh similarity index 100% rename from prod/git-jeremydormitzer-com/packer/scripts/nginx.sh rename to prod/gitea/packer/scripts/nginx.sh diff --git a/prod/git-jeremydormitzer-com/packer/scripts/volume.sh b/prod/gitea/packer/scripts/volume.sh similarity index 100% rename from prod/git-jeremydormitzer-com/packer/scripts/volume.sh rename to prod/gitea/packer/scripts/volume.sh diff --git a/prod/git-jeremydormitzer-com/packer/templates/app.ini.template b/prod/gitea/packer/templates/app.ini.template similarity index 100% rename from prod/git-jeremydormitzer-com/packer/templates/app.ini.template rename to prod/gitea/packer/templates/app.ini.template diff --git a/prod/git-jeremydormitzer-com/packer/templates/do.ini.template b/prod/gitea/packer/templates/do.ini.template similarity index 100% rename from prod/git-jeremydormitzer-com/packer/templates/do.ini.template rename to prod/gitea/packer/templates/do.ini.template diff --git a/prod/git-jeremydormitzer-com/terraform/.terraform.lock.hcl b/prod/gitea/terraform/.terraform.lock.hcl similarity index 100% rename from prod/git-jeremydormitzer-com/terraform/.terraform.lock.hcl rename to prod/gitea/terraform/.terraform.lock.hcl diff --git a/prod/git-jeremydormitzer-com/terraform/main.tf b/prod/gitea/terraform/main.tf similarity index 100% rename from prod/git-jeremydormitzer-com/terraform/main.tf rename to prod/gitea/terraform/main.tf diff --git a/prod/git-jeremydormitzer-com/terraform/outputs.tf b/prod/gitea/terraform/outputs.tf similarity index 100% rename from prod/git-jeremydormitzer-com/terraform/outputs.tf rename to prod/gitea/terraform/outputs.tf diff --git a/prod/git-jeremydormitzer-com/terraform/terraform.tf b/prod/gitea/terraform/terraform.tf similarity index 86% rename from prod/git-jeremydormitzer-com/terraform/terraform.tf rename to prod/gitea/terraform/terraform.tf index 5a46fa2..4db9a04 100644 --- a/prod/git-jeremydormitzer-com/terraform/terraform.tf +++ b/prod/gitea/terraform/terraform.tf @@ -13,6 +13,6 @@ terraform { region = "us-east-1" endpoint = "nyc3.digitaloceanspaces.com" bucket = "jdormit-tf-state" - key = "prod/git-jeremydormitzer-com.tfstate" + key = "prod/gitea.tfstate" } } diff --git a/prod/git-jeremydormitzer-com/terraform/variables.tf b/prod/gitea/terraform/variables.tf similarity index 100% rename from prod/git-jeremydormitzer-com/terraform/variables.tf rename to prod/gitea/terraform/variables.tf From f5e4767c3f7cf695ed477e803c85683ff8f0de74 Mon Sep 17 00:00:00 2001 From: Jeremy Dormitzer Date: Tue, 26 Jan 2021 21:57:51 -0500 Subject: [PATCH 6/7] Add lockfile --- .../terraform/.terraform.lock.hcl | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100755 mgmt/do-project-jeremydormitzer/terraform/.terraform.lock.hcl diff --git a/mgmt/do-project-jeremydormitzer/terraform/.terraform.lock.hcl b/mgmt/do-project-jeremydormitzer/terraform/.terraform.lock.hcl new file mode 100755 index 0000000..f7f7ed8 --- /dev/null +++ b/mgmt/do-project-jeremydormitzer/terraform/.terraform.lock.hcl @@ -0,0 +1,23 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/digitalocean/digitalocean" { + version = "2.3.0" + constraints = "~> 2.3.0" + hashes = [ + "h1:Kmcj3ajzt/lSQkbQwcjzUNK2RXXcHNDCs44LfDhZnaM=", + "zh:1c0f68715cf0b84ab40ab08aa59232037325cffc2896ba109cae73c81ab021e9", + "zh:306599aec6637c92349abb069d8fea3ebac58f52f61707956320a405f57e4a84", + "zh:31db532f05e55cb52d61c12c10197dca48dc8809a4f9cc4a935d3161546968ca", + "zh:3dba438c0167e5dcf09115f8d2c33c0a821e6b27e83ec6ccaac5fcb557a50bbb", + "zh:770c906ab3eeb5c24c5b8bbcca3b18f137d5ac817bd73fa5c9146eb4a9d891d6", + "zh:9221f2d275c776382234882d534a1147db04a8be490c023eb08c9a1e579db021", + "zh:a4e25e5dd2ad06de6c7148a270b1178b6298846405ce66b9b4ca51ea35b66907", + "zh:b3c5555e0c55efaa91de245e6d69e7140665554d2365db2f664802a36b59e0a8", + "zh:c510655b6c5de0227babba5a8bb66a8c3d92af94e080ec1c39bde9509a2aa1a6", + "zh:d04a135d9bf32c1a55abaaeb719903f4f67797434dd6d9f3219245f62a9a66be", + "zh:dd5b99bec9425eb670be5d19b17336d0fa9b894649dac77eac532e4c626616f5", + "zh:e57614fb9f3fbf774a9258a197840f40d0f343e8183eef7a842286a87cfc48d7", + "zh:fee52e736edc5ef4088cedae6507790f35e4ee8a078bff1ef894a51dd65d058d", + ] +} From 4d7bc558eb187c3ae728497cf0a35f3bbb8487a3 Mon Sep 17 00:00:00 2001 From: Jeremy Dormitzer Date: Tue, 26 Jan 2021 22:47:14 -0500 Subject: [PATCH 7/7] Get DO project terraform synced up --- .../terraform/data.tf | 47 ++++++++++++------- .../terraform/main.tf | 9 ++-- mgmt/do-spaces/terraform/.terraform.lock.hcl | 23 +++++++++ mgmt/do-spaces/terraform/outputs.tf | 3 ++ prod/gitea/terraform/main.tf | 9 ---- prod/gitea/terraform/outputs.tf | 12 ++--- 6 files changed, 66 insertions(+), 37 deletions(-) create mode 100755 mgmt/do-spaces/terraform/.terraform.lock.hcl create mode 100644 mgmt/do-spaces/terraform/outputs.tf diff --git a/mgmt/do-project-jeremydormitzer/terraform/data.tf b/mgmt/do-project-jeremydormitzer/terraform/data.tf index 6da504f..5a7e749 100644 --- a/mgmt/do-project-jeremydormitzer/terraform/data.tf +++ b/mgmt/do-project-jeremydormitzer/terraform/data.tf @@ -1,19 +1,4 @@ -data "terraform_remote_state" "jdormit_website" { - backend = "s3" - - config = { - skip_credentials_validation = true - skip_metadata_api_check = true - access_key = var.spaces_access_id - secret_key = var.spaces_secret_key - region = "us-east-1" - endpoint = "nyc3.digitaloceanspaces.com" - bucket = "jdormit-tf-state" - key = "prod/jdormit-website.tfstate" - } -} - -data "terraform_remote_state" "git_jeremydormitzer_com" { +data "terraform_remote_state" "gitea" { backend = "s3" config = { @@ -72,3 +57,33 @@ data "terraform_remote_state" "jeremydormitzer_com" { key = "mgmt/do-dns.tfstate" } } + +data "terraform_remote_state" "spaces" { + backend = "s3" + + config = { + skip_credentials_validation = true + skip_metadata_api_check = true + access_key = var.spaces_access_id + secret_key = var.spaces_secret_key + region = "us-east-1" + endpoint = "nyc3.digitaloceanspaces.com" + bucket = "jdormit-tf-state" + key = "mgmt/do-spaces.tfstate" + } +} + +data "terraform_remote_state" "wallabag" { + backend = "s3" + + config = { + skip_credentials_validation = true + skip_metadata_api_check = true + access_key = var.spaces_access_id + secret_key = var.spaces_secret_key + region = "us-east-1" + endpoint = "nyc3.digitaloceanspaces.com" + bucket = "jdormit-tf-state" + key = "prod/wallabag.tfstate" + } +} diff --git a/mgmt/do-project-jeremydormitzer/terraform/main.tf b/mgmt/do-project-jeremydormitzer/terraform/main.tf index 64130d2..20a23bc 100644 --- a/mgmt/do-project-jeremydormitzer/terraform/main.tf +++ b/mgmt/do-project-jeremydormitzer/terraform/main.tf @@ -10,12 +10,13 @@ resource "digitalocean_project" "jeremy_dormitzer" { description = "Personal infrastructure" purpose = "Personal infrastructure" resources = [ - data.terraform_remote_state.jdormit_website.outputs.jdormit_website_urn, - data.terraform_remote_state.git_jeremydormitzer_com.outputs.git_urn, - data.terraform_remote_state.git_jeremydormitzer_com.outputs.gitea_urn, + data.terraform_remote_state.gitea.outputs.gitea_urn, + data.terraform_remote_state.gitea.outputs.gitea_volume_urn, data.terraform_remote_state.syncthing.outputs.urn, data.terraform_remote_state.syncthing.outputs.volume_urn, data.terraform_remote_state.justin_ghost_site.outputs.justin_ghost_site_urn, - data.terraform_remote_state.jeremydormitzer_com.outputs.jeremydormitzer_com_urn + data.terraform_remote_state.jeremydormitzer_com.outputs.jeremydormitzer_com_urn, + data.terraform_remote_state.spaces.outputs.jdormit_infra_bucket_urn, + data.terraform_remote_state.wallabag.outputs.urn ] } diff --git a/mgmt/do-spaces/terraform/.terraform.lock.hcl b/mgmt/do-spaces/terraform/.terraform.lock.hcl new file mode 100755 index 0000000..f7f7ed8 --- /dev/null +++ b/mgmt/do-spaces/terraform/.terraform.lock.hcl @@ -0,0 +1,23 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/digitalocean/digitalocean" { + version = "2.3.0" + constraints = "~> 2.3.0" + hashes = [ + "h1:Kmcj3ajzt/lSQkbQwcjzUNK2RXXcHNDCs44LfDhZnaM=", + "zh:1c0f68715cf0b84ab40ab08aa59232037325cffc2896ba109cae73c81ab021e9", + "zh:306599aec6637c92349abb069d8fea3ebac58f52f61707956320a405f57e4a84", + "zh:31db532f05e55cb52d61c12c10197dca48dc8809a4f9cc4a935d3161546968ca", + "zh:3dba438c0167e5dcf09115f8d2c33c0a821e6b27e83ec6ccaac5fcb557a50bbb", + "zh:770c906ab3eeb5c24c5b8bbcca3b18f137d5ac817bd73fa5c9146eb4a9d891d6", + "zh:9221f2d275c776382234882d534a1147db04a8be490c023eb08c9a1e579db021", + "zh:a4e25e5dd2ad06de6c7148a270b1178b6298846405ce66b9b4ca51ea35b66907", + "zh:b3c5555e0c55efaa91de245e6d69e7140665554d2365db2f664802a36b59e0a8", + "zh:c510655b6c5de0227babba5a8bb66a8c3d92af94e080ec1c39bde9509a2aa1a6", + "zh:d04a135d9bf32c1a55abaaeb719903f4f67797434dd6d9f3219245f62a9a66be", + "zh:dd5b99bec9425eb670be5d19b17336d0fa9b894649dac77eac532e4c626616f5", + "zh:e57614fb9f3fbf774a9258a197840f40d0f343e8183eef7a842286a87cfc48d7", + "zh:fee52e736edc5ef4088cedae6507790f35e4ee8a078bff1ef894a51dd65d058d", + ] +} diff --git a/mgmt/do-spaces/terraform/outputs.tf b/mgmt/do-spaces/terraform/outputs.tf new file mode 100644 index 0000000..fe9bd2e --- /dev/null +++ b/mgmt/do-spaces/terraform/outputs.tf @@ -0,0 +1,3 @@ +output "jdormit_infra_bucket_urn" { + value = digitalocean_spaces_bucket.jdormit_tf_state.urn +} diff --git a/prod/gitea/terraform/main.tf b/prod/gitea/terraform/main.tf index 0fc00ea..4efe8a3 100644 --- a/prod/gitea/terraform/main.tf +++ b/prod/gitea/terraform/main.tf @@ -4,15 +4,6 @@ provider "digitalocean" { spaces_secret_key = var.spaces_secret_key } -resource "digitalocean_droplet" "git_jeremydormitzer_com" { - name = "git.jeremydormitzer.com" - image = "41695378" - region = "nyc3" - size = "s-1vcpu-1gb" - backups = true - tags = ["terraform"] -} - module "packer_droplet" { source = "../../../terraform-modules/packer_droplet" name = "gitea" diff --git a/prod/gitea/terraform/outputs.tf b/prod/gitea/terraform/outputs.tf index 122d3a9..5f753b4 100644 --- a/prod/gitea/terraform/outputs.tf +++ b/prod/gitea/terraform/outputs.tf @@ -1,11 +1,3 @@ -output "git_ip_address" { - value = digitalocean_droplet.git_jeremydormitzer_com.ipv4_address -} - -output "git_urn" { - value = digitalocean_droplet.git_jeremydormitzer_com.urn -} - output "gitea_ip_address" { value = module.packer_droplet.droplet_ip_address } @@ -13,3 +5,7 @@ output "gitea_ip_address" { output "gitea_urn" { value = module.packer_droplet.droplet_urn } + +output "gitea_volume_urn" { + value = digitalocean_volume.gitea_volume.urn +}