! Baseline Terraform configuration(no EIP yet)

Major components are scripted out here however a
gateway + EIP still need to be configured for full
base level infra "doneness"

.gitignore

@@ -2,3 +2,4 @@ msg
 *.swp
 infra/.terraform
 infra/.terraform.lock.hcl
+infra/terraform.tfvars

infra/alpha.tf

@@ -0,0 +1,27 @@
+# Alpha is our primary server that we use for bots which basically
+# serve services that I personally run
+variable "alpha_ssh_key_name" {}
+variable "alpha_public_key_path" {}
+
+
+variable "alpha_instance_type" {}
+
+variable "alpha_ami_id" {}
+
+resource "aws_key_pair" "alpha_ssh" {
+  key_name = var.alpha_ssh_key_name
+  public_key = var.alpha_public_key_path
+}
+
+resource "aws_instance" "alpha" {
+  ami = var.alpha_ami_id
+  instance_type = var.alpha_instance_type
+
+  key_name = var.alpha_ssh_key_name
+
+  security_groups = [ 
+    aws_security_group.basic_web_sec.id,
+    aws_security_group.internal_ssh_recv.id
+  ]
+  subnet_id = aws_subnet.crete_subnet.id
+}

infra/beta.tf

@@ -0,0 +1,26 @@
+# This module defines the beta server instance which 
+variable "beta_ssh_key_name" {}
+variable "beta_public_key_path" {}
+
+variable "beta_instance_type" {}
+
+variable "beta_ami_id" {}
+
+resource "aws_key_pair" "beta_ssh" {
+  key_name = var.beta_public_key_path
+  public_key = var.beta_public_key_path
+}
+
+resource "aws_instance" "beta" {
+  ami = var.beta_ami_id
+  instance_type = var.beta_instance_type
+
+  key_name = var.beta_public_key_path
+
+  security_groups = [
+    aws_security_group.basic_web_sec.id,
+    aws_security_group.internal_ssh_recv.id
+  ]
+
+  subnet_id = aws_subnet.crete_subnet.id
+}

infra/provider.tf

@@ -0,0 +1,11 @@
+variable "aws_key" {}
+variable "aws_secret" {}
+variable "aws_region" {}
+variable "ami_id" {}
+
+provider "aws" {
+  access_key = var.aws_key
+  secret_key = var.aws_secret
+  region = var.aws_region
+  max_retries = 1
+}

infra/security-groups.tf

@@ -0,0 +1,56 @@
+# Here are general definitions for security rulesets
+
+resource "aws_security_group" "basic_web_sec" {
+  name = "General web server ruleset"
+  description = "Allowing strictly web traffic"
+  # Intake of web requests(only serving TLS enabled traffic)
+  ingress {
+    cidr_blocks = ["0.0.0.0/0"]
+    from_port = 443
+    to_port = 443
+    protocol = "tcp"
+  }
+  # WARN: Due to the usage of debian based images this rule
+  # is effectively required in order to properly update
+  # the system as apt mostly talks over port 443(maybe port 80 too?)
+  egress {
+    cidr_blocks = ["0.0.0.0/0"]
+    from_port = 443
+    to_port = 443
+    protocol = "tcp"
+  }
+}
+
+resource "aws_security_group" "internal_ssh_recv" {
+  ingress {
+    cidr_blocks = [var.crete_cidr]
+    from_port = 22
+    to_port = 22
+    protocol = "tcp"
+  }
+}
+
+# Main role: SSH host/dev box(not to be up 24/7)
+# Note this one is kinda special because the dev box
+# itself is _kinda_ special(?)
+resource "aws_security_group" "gamma_sec" {
+  ingress {
+    cidr_blocks = ["0.0.0.0/0"]
+    from_port = 22
+    to_port = 22
+    protocol = "tcp"
+  }
+  egress {
+    cidr_blocks = [ var.crete_cidr ]
+    from_port = 22
+    to_port = 22
+    protocol = "tcp"
+  }
+  # Again this is for APT to update repo's when needed
+  egress {
+    cidr_blocks = ["0.0.0.0/0"]
+    from_port = 443
+    to_port = 443
+    protocol = "tcp"
+  }
+}

infra/subnet.tf

@@ -0,0 +1,15 @@
+# This script represents the subnet structure for Crete(primary subnet)
+variable "crete_cidr" {}
+variable "athens_availability_zone" {}
+
+
+resource "aws_subnet" "crete_subnet" {
+  vpc_id = aws_vpc.athens_vpc.id
+  cidr_block = var.crete_cidr
+  availability_zone = var.athens_availability_zone
+
+  tags = {
+    Name = "Create Subnet"
+  }
+}
+

infra/vpc.tf

@@ -0,0 +1,12 @@
+variable "athens_cidr" {}
+
+resource "aws_vpc" "athens_vpc" {
+  cidr_block = var.athens_cidr
+  enable_dns_support = true
+  enable_dns_hostnames = true
+
+  tags = {
+    Name = "Project Athens VPC"
+  }
+}
+