[WIP] First pass at Syncthing Packer+Terraform deployment

prod/syncthing-packer/packer/syncthing.conf

@@ -0,0 +1,8 @@
+server {
+       listen 80;
+       listen [::]:80;
+
+       location / {
+                proxy_pass http://127.0.0.1:8384;
+       }
+}

prod/syncthing-packer/packer/syncthing.json

@@ -0,0 +1,47 @@
+{
+  "builders": [
+    {
+      "type": "digitalocean",
+      "image": "ubuntu-18-04-x64",
+      "region": "nyc1",
+      "size": "s-1vcpu-1gb",
+      "snapshot_name": "syncthing-packer-{{timestamp}}",
+      "ssh_username": "root"
+    }
+  ],
+  "provisioners": [
+    {
+      "type": "file",
+      "source": "syncthing@.service",
+      "destination": "/tmp/syncthing@.service"
+    },
+    {
+      "type": "shell",
+      "inline": [
+        "sudo useradd -m syncthing",
+        "curl -s https://syncthing.net/release-key.txt | sudo apt-key add -",
+        "echo \"deb https://apt.syncthing.net/ syncthing stable\" | sudo tee /etc/apt/sources.list.d/syncthing.list",
+        "sudo apt-get update",
+        "sudo apt-get install -y syncthing",
+        "sudo mv /tmp/syncthing@.service /etc/systemd/system/syncthing@.service",
+        "sudo systemctl daemon-reload",
+        "sudo systemctl enable syncthing@syncthing"
+      ]
+    },
+    {
+      "type": "file",
+      "source": "syncthing.conf",
+      "destination": "/tmp/syncthing.conf"
+    },
+    {
+      "type": "shell",
+      "inline": [
+        "sudo apt-get install -y nginx",
+        "sudo mv /tmp/syncthing.conf /etc/nginx/sites-available/syncthing.conf",
+        "sudo ln -s /etc/nginx/sites-available/syncthing.conf /etc/nginx/sites-enabled/",
+        "sudo unlink /etc/nginx/sites-enabled/default",
+        "sudo systemctl enable nginx"
+      ]
+    }
+  ]
+}

prod/syncthing-packer/packer/syncthing@.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=Syncthing - Open Source Continuous File Synchronization for %I
+Documentation=man:syncthing(1)
+After=network.target
+
+[Service]
+User=%i
+ExecStart=/usr/bin/syncthing -no-browser -gui-address="127.0.0.1:8384" -no-restart -logflags=0
+Restart=on-failure
+SuccessExitStatus=3 4
+RestartForceExitStatus=3 4
+
+[Install]
+WantedBy=multi-user.target

prod/syncthing-packer/terraform/.terraform.lock.hcl

@@ -0,0 +1,23 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/digitalocean/digitalocean" {
+  version     = "2.3.0"
+  constraints = "~> 2.3.0"
+  hashes = [
+    "h1:Kmcj3ajzt/lSQkbQwcjzUNK2RXXcHNDCs44LfDhZnaM=",
+    "zh:1c0f68715cf0b84ab40ab08aa59232037325cffc2896ba109cae73c81ab021e9",
+    "zh:306599aec6637c92349abb069d8fea3ebac58f52f61707956320a405f57e4a84",
+    "zh:31db532f05e55cb52d61c12c10197dca48dc8809a4f9cc4a935d3161546968ca",
+    "zh:3dba438c0167e5dcf09115f8d2c33c0a821e6b27e83ec6ccaac5fcb557a50bbb",
+    "zh:770c906ab3eeb5c24c5b8bbcca3b18f137d5ac817bd73fa5c9146eb4a9d891d6",
+    "zh:9221f2d275c776382234882d534a1147db04a8be490c023eb08c9a1e579db021",
+    "zh:a4e25e5dd2ad06de6c7148a270b1178b6298846405ce66b9b4ca51ea35b66907",
+    "zh:b3c5555e0c55efaa91de245e6d69e7140665554d2365db2f664802a36b59e0a8",
+    "zh:c510655b6c5de0227babba5a8bb66a8c3d92af94e080ec1c39bde9509a2aa1a6",
+    "zh:d04a135d9bf32c1a55abaaeb719903f4f67797434dd6d9f3219245f62a9a66be",
+    "zh:dd5b99bec9425eb670be5d19b17336d0fa9b894649dac77eac532e4c626616f5",
+    "zh:e57614fb9f3fbf774a9258a197840f40d0f343e8183eef7a842286a87cfc48d7",
+    "zh:fee52e736edc5ef4088cedae6507790f35e4ee8a078bff1ef894a51dd65d058d",
+  ]
+}

prod/syncthing-packer/terraform/main.tf

@@ -0,0 +1,43 @@
+provider "digitalocean" {
+  token             = var.do_token
+  spaces_access_id  = var.spaces_access_id
+  spaces_secret_key = var.spaces_secret_key
+}
+
+data "digitalocean_image" "syncthing" {
+  name = "syncthing-packer-1608562878"
+}
+
+data "terraform_remote_state" "do_ssh_keys" {
+  backend = "s3"
+
+  config = {
+    skip_credentials_validation = true
+    skip_metadata_api_check     = true
+    access_key                  = var.spaces_access_id
+    secret_key                  = var.spaces_secret_key
+    region                      = "us-east-1"
+    endpoint                    = "nyc3.digitaloceanspaces.com"
+    bucket                      = "jdormit-tf-state"
+    key                         = "mgmt/do-ssh-keys.tfstate"
+  }
+}
+
+resource "digitalocean_droplet" "syncthing" {
+  name       = "syncthing"
+  image      = data.digitalocean_image.syncthing.id
+  region     = "nyc1"
+  size       = "s-1vcpu-1gb"
+  backups    = true
+  volume_ids = [digitalocean_volume.syncthing_volume.id]
+  ssh_keys = [
+    data.terraform_remote_state.do_ssh_keys.outputs.jdormit_laptop_ssh_key_id,
+    data.terraform_remote_state.do_ssh_keys.outputs.jdormit_macbook_lola_ssh_key_id
+  ]
+}
+
+resource "digitalocean_volume" "syncthing_volume" {
+  name   = "syncthing-volume"
+  region = "nyc1"
+  size   = 100
+}

prod/syncthing-packer/terraform/outputs.tf

@@ -0,0 +1,11 @@
+output "ip_address" {
+  value = digitalocean_droplet.syncthing.ipv4_address
+}
+
+output "urn" {
+  value = digitalocean_droplet.syncthing.urn
+}
+
+output "volume_urn" {
+  value = digitalocean_volume.syncthing_volume.urn
+}

prod/syncthing-packer/terraform/terraform.tf

@@ -0,0 +1,18 @@
+terraform {
+  required_providers {
+    digitalocean = {
+      source  = "digitalocean/digitalocean"
+      version = "~> 2.3.0"
+    }
+  }
+
+  backend "s3" {
+    skip_credentials_validation = true
+    skip_metadata_api_check     = true
+    # Need to specify an AWS region to stop Terraform complaining
+    region                      = "us-east-1"
+    endpoint                    = "nyc3.digitaloceanspaces.com"
+    bucket                      = "jdormit-tf-state"
+    key                         = "prod/syncthing-packer.tfstate"
+  }
+}

prod/syncthing-packer/terraform/variables.tf

@@ -0,0 +1,11 @@
+variable "do_token" {
+  type = string
+}
+
+variable "spaces_access_id" {
+  type = string
+}
+
+variable "spaces_secret_key" {
+  type = string
+}