Basic skeleton for new gitea server ( not provisioned yet )

2023-11-27 22:28:06 -08:00 · 2023-11-27 22:28:06 -08:00 · bf00b3482d
commit bf00b3482d
parent 4f3d1a090e
6 changed files with 155 additions and 0 deletions
--- a/infra/gitea-instance/backend.tf
+++ b/infra/gitea-instance/backend.tf
@ -0,0 +1,37 @@
 terraform {
  required_version = ">= 0.13"
  backend s3 {
    bucket  = "project-athens"
    key     = "infra/gitea/state/build.tfstate"
    region  = "us-west-1"
    encrypt = true
  }
  required_providers {
    vultr = {
      source = "vultr/vultr"
      version = "2.16.4"
    }
    aws = {
      source  = "hashicorp/aws"
      version = "5.22.0"
    }
    tls = {
      source  = "hashicorp/tls"
      version = "4.0.4"
    }
  }
 }
 provider vultr {
  api_key     = var.vultr_api_key
  rate_limit  = 100
  retry_limit = 3
 }
 provider aws {
  access_key  = var.aws_key
  secret_key  = var.aws_secret
  region      = var.aws_region
  max_retries = 1
 }
--- a/infra/gitea-instance/firewall.tf
+++ b/infra/gitea-instance/firewall.tf
@ -0,0 +1,22 @@
 locals {
  # Rules for publicly reaching the gitea instance
  rules = {
    tcp = [22, 25, 53, 80, 443, 465, 587, 993, 995]
  }
 }
 resource vultr_firewall_group gitea {
  description = "Gitea server  main firewall"
 }
 # Inbound rules that we need to define for the instance
 # Create all the tcp rules of type ipv4
 resource vultr_firewall_rule gitea_tcp {
  for_each = toset([for v in local.rules.tcp: tostring(v)])
  firewall_group_id = vultr_firewall_group.gitea.id
  protocol = "tcp"
  ip_type  = "v4"
  subnet      = "0.0.0.0"
  subnet_size = 0
  port = each.value
 }
--- a/infra/gitea-instance/host.tf
+++ b/infra/gitea-instance/host.tf
@ -0,0 +1,36 @@
 # Basic configuration for the gite server itself
 # Monthly cost for this should be about 10$ a month
 resource vultr_instance gitea {
  # Core config
  plan     = var.gitea.plan
  region   = var.gitea.region
  os_id    = var.gitea.os
  enable_ipv6 = true
  # Enable backups of the server in case we lose something for some reason
  backups = "enabled"
  backups_schedule {
    type = "daily_alt_even"
  }
  # Metadata
  hostname = var.gitea.name
  label    = var.gitea.name
  tags = [
    "Gitea server",
    var.gitea.name,
  ]
 }
 resource vultr_reverse_ipv4 gitea {
  instance_id = vultr_instance.gitea.id
  ip = vultr_instance.gitea.main_ip
  reverse = "gitea.project-athens.xyz"
 }
 resource vultr_reverse_ipv6 gitea {
  instance_id = vultr_instance.gitea.id
  ip = vultr_instance.gitea.v6_main_ip
  reverse = "gitea.project-athens.xyz"
 }
--- a/infra/gitea-instance/route53-gitea-project-athens-xyz.tf
+++ b/infra/gitea-instance/route53-gitea-project-athens-xyz.tf
--- a/infra/gitea-instance/ssh.tf
+++ b/infra/gitea-instance/ssh.tf
@ -0,0 +1,20 @@
 resource tls_private_key gitea {
  algorithm = "RSA"
  rsa_bits  = 4096
 }
 output gitea_ssh_private {
  value = tls_private_key.gitea.private_key_pem
  sensitive = true
 }
 output gitea_ssh_public {
  value = tls_private_key.gitea.public_key_openssh
  sensitive = true
 }
 resource vultr_ssh_key gitea {
  name = "gitea_key"
  ssh_key = tls_private_key.gitea.public_key_openssh
 }
--- a/infra/gitea-instance/variables.tf
+++ b/infra/gitea-instance/variables.tf
@ -0,0 +1,40 @@
 # Provider variables
 ####################
 # For creating Vultr resources
 variable vultr_api_key {
  type = string
  sensitive = true
 }
 # Using AWS for route53 as this is where we define our DNS entries
 variable aws_key {
  type = string
  sensitive = true
 }
 variable aws_secret {
  type = string
  sensitive = true
 }
 variable aws_region {
  type = string
  default = "us-west-1"
 }
 # References the gitea host configuration
 variable gitea {
  type = object({
    plan   = string
    region = string
    os     = number
    name   = string
  })
 }
 # For picking out the zone to create the git.project-athens.xyz DNS entry
 variable route53_zone_id {
  type = string
  sensitive = true
 }