diff --git a/infra/static-vultr/backend.tf b/infra/static-vultr/backend.tf new file mode 100644 index 0000000..de0a286 --- /dev/null +++ b/infra/static-vultr/backend.tf @@ -0,0 +1,34 @@ +terraform { + required_version = ">= 0.13" + backend s3 { + bucket = "project-athens" + key = "infra/vultr/static-hosts/state/build.tfstate" + region = "us-west-1" + encrypt = true + } + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.0" + } + vultr = { + source = "vultr/vultr" + version = "2.19.0" + } + } +} + +provider vultr { + api_key = var.vultr_api_key + rate_limit = 100 + retry_limit = 3 +} + +provider aws { + access_key = var.aws_key + secret_key = var.aws_secret + region = var.aws_region + max_retries = 1 +} + + diff --git a/infra/static-vultr/firewall.tf b/infra/static-vultr/firewall.tf new file mode 100644 index 0000000..357bd53 --- /dev/null +++ b/infra/static-vultr/firewall.tf @@ -0,0 +1,25 @@ +resource vultr_firewall_group host { + description = "Static host firewall" +} + +resource vultr_firewall_rule web_v4 { + for_each = toset(["80", "443"]) + firewall_group_id = vultr_firewall_group.host.id + protocol = "tcp" + ip_type = "v4" + subnet = "0.0.0.0" + subnet_size = 0 + port = each.value +} + +resource vultr_firewall_rule ssh_v4 { + count = var.enable_ssh ? 1 : 0 + firewall_group_id = vultr_firewall_group.host.id + protocol = "tcp" + ip_type = "v4" + subnet = "0.0.0.0" + subnet_size = 0 + port = "22" +} + + diff --git a/infra/static-vultr/generic.tfvars b/infra/static-vultr/generic.tfvars new file mode 100644 index 0000000..c531d23 --- /dev/null +++ b/infra/static-vultr/generic.tfvars @@ -0,0 +1,14 @@ +host = { + plan = "vc2-1c-2gb" + region = "lax" + os = 1743 + name = "project-athens-static-host" + backups = { + day = 2 # Monday + hour = 7 # midnight + } +} + +enable_ssh = true + + diff --git a/infra/static-vultr/host.tf b/infra/static-vultr/host.tf new file mode 100644 index 0000000..7ae3f04 --- /dev/null +++ b/infra/static-vultr/host.tf @@ -0,0 +1,19 @@ +# Using a single host for this as I'm just looking for a quick and dirty solution +# to host basically everything for now + +resource "vultr_instance" "websites" { + # Core configuration + plan = var.host.plan + region = var.host.region + os_id = var.host.os + enable_ipv6 = true + + + # Enable backups for now since we're getting off of s3 as well at some point + backups = "enabled" + backups_schedule { + type = "weekly" + dow = var.host.backups.day + hour = var.host.backups.hour + } +} diff --git a/infra/static-vultr/ssh.tf b/infra/static-vultr/ssh.tf new file mode 100644 index 0000000..859a852 --- /dev/null +++ b/infra/static-vultr/ssh.tf @@ -0,0 +1,9 @@ +resource tls_private_key host { + algorithm = "RSA" + rsa_bits = 4096 +} + +resource vultr_ssh_key host { + name = "static_ssh_key" + ssh_key = tls_private_key.host.public_key_pem +} diff --git a/infra/static-vultr/variables.tf b/infra/static-vultr/variables.tf new file mode 100644 index 0000000..c1995c4 --- /dev/null +++ b/infra/static-vultr/variables.tf @@ -0,0 +1,45 @@ +# API Keys required to reach AWS/Vultr +variable vultr_api_key { + type = string + sensitive = true +} + +variable aws_key { + type = string + sensitive = true +} + +variable aws_secret { + type = string + sensitive = true +} + +variable aws_region { + type = string + sensitive = true +} + +################### ################### ################### + +# Host configuration options +variable host { + type = object({ + plan = string + region = string + os = string + name = string + backups = object({ + hour = number # hour of the day + day = number # 1 = sunday, 7 = saturday + }) + }) +} + +variable enable_ssh { + type = bool + default = false +} + + + +