Basic skeleton for new gitea server ( not provisioned yet )

2023-11-27 22:28:06 -08:00 · 2023-11-27 22:28:06 -08:00 · bf00b3482d
commit bf00b3482d
parent 4f3d1a090e
6 changed files with 155 additions and 0 deletions
--- a/infra/gitea-instance/backend.tf
+++ b/infra/gitea-instance/backend.tf
@ -0,0 +1,37 @@
+terraform {
+  required_version = ">= 0.13"
+  backend s3 {
+    bucket  = "project-athens"
+    key     = "infra/gitea/state/build.tfstate"
+    region  = "us-west-1"
+    encrypt = true
+  }
+  required_providers {
+    vultr = {
+      source = "vultr/vultr"
+      version = "2.16.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = "5.22.0"
+    }
+    tls = {
+      source  = "hashicorp/tls"
+      version = "4.0.4"
+    }
+  }
+}
+
+provider vultr {
+  api_key     = var.vultr_api_key
+  rate_limit  = 100
+  retry_limit = 3
+}
+
+provider aws {
+  access_key  = var.aws_key
+  secret_key  = var.aws_secret
+  region      = var.aws_region
+  max_retries = 1
+}
+
--- a/infra/gitea-instance/firewall.tf
+++ b/infra/gitea-instance/firewall.tf
@ -0,0 +1,22 @@
+locals {
+  # Rules for publicly reaching the gitea instance
+  rules = {
+    tcp = [22, 25, 53, 80, 443, 465, 587, 993, 995]
+  }
+}
+resource vultr_firewall_group gitea {
+  description = "Gitea server  main firewall"
+}
+
+# Inbound rules that we need to define for the instance
+# Create all the tcp rules of type ipv4
+resource vultr_firewall_rule gitea_tcp {
+  for_each = toset([for v in local.rules.tcp: tostring(v)])
+  firewall_group_id = vultr_firewall_group.gitea.id
+  protocol = "tcp"
+  ip_type  = "v4"
+  subnet      = "0.0.0.0"
+  subnet_size = 0
+  port = each.value
+}
+
--- a/infra/gitea-instance/host.tf
+++ b/infra/gitea-instance/host.tf
@ -0,0 +1,36 @@
+# Basic configuration for the gite server itself
+# Monthly cost for this should be about 10$ a month
+resource vultr_instance gitea {
+  # Core config
+  plan     = var.gitea.plan
+  region   = var.gitea.region
+  os_id    = var.gitea.os
+  enable_ipv6 = true
+
+  # Enable backups of the server in case we lose something for some reason
+  backups = "enabled"
+  backups_schedule {
+    type = "daily_alt_even"
+  }
+
+  # Metadata
+  hostname = var.gitea.name
+  label    = var.gitea.name
+  tags = [
+    "Gitea server",
+    var.gitea.name,
+  ]
+}
+
+resource vultr_reverse_ipv4 gitea {
+  instance_id = vultr_instance.gitea.id
+  ip = vultr_instance.gitea.main_ip
+  reverse = "gitea.project-athens.xyz"
+}
+
+resource vultr_reverse_ipv6 gitea {
+  instance_id = vultr_instance.gitea.id
+  ip = vultr_instance.gitea.v6_main_ip
+  reverse = "gitea.project-athens.xyz"
+}
+
--- a/infra/gitea-instance/route53-gitea-project-athens-xyz.tf
+++ b/infra/gitea-instance/route53-gitea-project-athens-xyz.tf
--- a/infra/gitea-instance/ssh.tf
+++ b/infra/gitea-instance/ssh.tf
@ -0,0 +1,20 @@
+resource tls_private_key gitea {
+  algorithm = "RSA"
+  rsa_bits  = 4096
+}
+
+output gitea_ssh_private {
+  value = tls_private_key.gitea.private_key_pem
+  sensitive = true
+}
+
+output gitea_ssh_public {
+  value = tls_private_key.gitea.public_key_openssh
+  sensitive = true
+}
+
+resource vultr_ssh_key gitea {
+  name = "gitea_key"
+  ssh_key = tls_private_key.gitea.public_key_openssh
+}
+
--- a/infra/gitea-instance/variables.tf
+++ b/infra/gitea-instance/variables.tf
@ -0,0 +1,40 @@
+# Provider variables
+####################
+
+# For creating Vultr resources
+variable vultr_api_key {
+  type = string
+  sensitive = true
+}
+
+# Using AWS for route53 as this is where we define our DNS entries
+variable aws_key {
+  type = string
+  sensitive = true
+}
+
+variable aws_secret {
+  type = string
+  sensitive = true
+}
+
+variable aws_region {
+  type = string
+  default = "us-west-1"
+}
+
+# References the gitea host configuration
+variable gitea {
+  type = object({
+    plan   = string
+    region = string
+    os     = number
+    name   = string
+  })
+}
+
+# For picking out the zone to create the git.project-athens.xyz DNS entry
+variable route53_zone_id {
+  type = string
+  sensitive = true
+}