diff options
author | Christopher Baines <mail@cbaines.net> | 2018-01-27 23:23:05 +0000 |
---|---|---|
committer | Christopher Baines <mail@cbaines.net> | 2018-03-29 07:28:05 +0100 |
commit | eb3177b0d8de10f316ac595dff3b8165cf828796 (patch) | |
tree | 501b338a14a3cedc71c9a33a17d5810848374572 /terraform | |
download | govuk-mini-environment-admin-eb3177b0d8de10f316ac595dff3b8165cf828796.tar govuk-mini-environment-admin-eb3177b0d8de10f316ac595dff3b8165cf828796.tar.gz |
Initial commit
Diffstat (limited to 'terraform')
-rw-r--r-- | terraform/.gitignore | 3 | ||||
-rw-r--r-- | terraform/example.tf | 95 | ||||
-rw-r--r-- | terraform/example/govuk.service.tpl | 13 |
3 files changed, 111 insertions, 0 deletions
diff --git a/terraform/.gitignore b/terraform/.gitignore new file mode 100644 index 0000000..96c7538 --- /dev/null +++ b/terraform/.gitignore @@ -0,0 +1,3 @@ +.terraform +*.tfstate +*.tfstate.backup diff --git a/terraform/example.tf b/terraform/example.tf new file mode 100644 index 0000000..0efeed8 --- /dev/null +++ b/terraform/example.tf @@ -0,0 +1,95 @@ +provider "aws" { + region = "eu-west-1" +} + +resource "aws_key_pair" "deployer" { + key_name = "deployer" + public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwICJ0eU/M+373AwzuvFtr+xCQdIQfK8CgbroCVMR2nezt/M+I8TIHtY9eb7M7J9Wnpgo+ObVbEmLXZeyzjme4BVBEBCUfKnkxmysqQFCb3NM96rLz509HFsKx/evo8Y+oazuW2L3vnLEKkqXq8jhL2YhlRWZwdNoEBa5N6Lsk/C4zwElAJKRkUDURLZcaNQOiTBtXh4lviX6Fj8rXjRgw/rZZ/fkWkLhP0RuS9V6Pw+f58sgFPkw19ZXj0LZNGHxeeCnyU7Ll0WlZa3WkDwbhNDvHJy6ZcIYZYHJicRKfbeCgBS7KRJvAlnW88au2wbU9t02H9INJyI5Mwua23X9v7tPvFLIFUOHIL5oCJEFYO4iM3lHTwrAov3UQ4/hsV/EVL1rQ1htDMt0QoXxQnJH0u7ThssGi1shJb34/F828lj1qPE4vjvoEyOLZs/pUwXbKHnKevQyiU159J/41shp7HNYh0d6eAeyFSnyvdfhvzx2TdKII0LaXdIgA3BYhN+j4ljNuN1BLEllJNb3u2L8FyyV/PA53k9XE8RdVU3JpE2m1u/49sgYiboruQzzQqelyuvBnajf/4q5wMQrJ8lf4PXp/oTwcvolJ/qiQ5qkfCx7sZojgLZlz1ReqsGAubEpZydme1Ujm5SGVkSSHC/Kx4sDADetJ3k6b1s4Y6w6cfw== chris@giedi" +} + +data "aws_security_group" "guix-client" { + id = "sg-d8003ba3" +} + +data "aws_instance" "guix-daemon" { + instance_id = "i-010e25f85dfa73e72" +} + +data "aws_route53_zone" "main" { + zone_id = "ZD004G8DN6AQZ" +} + +data "template_file" "govuk_service" { + template = "file(example/govuk.service.tpl)" + + vars { + guix_daemon_socket = "guix://${data.aws_instance.guix-daemon.private_dns}", + app_domain = "banana.aws.cbaines.net", + web_domain = "www.banana.aws.cbaines.net" + } +} + +resource "aws_spot_instance_request" "example" { + ami = "ami-8fd760f6" + instance_type = "t2.large" + key_name = "${aws_key_pair.deployer.key_name}" + security_groups = [ + "${data.aws_security_group.guix-client.name}", + "default", + "public-webserver" + ] + + wait_for_fulfillment = true + spot_price = "0.05" + + provisioner "file" { + content = "${data.template_file.govuk_service.rendered}" + destination = "/home/ubuntu/govuk.service" + + connection { + type = "ssh" + user = "ubuntu" + } + } + + provisioner "remote-exec" { + inline = [ + "sudo apt-get update", + "sudo apt-get update", + "sudo apt-get -y install nfs-common cachefilesd", + "sudo tune2fs -o user_xattr /dev/xvda1", + "sudo sed 's/#RUN/RUN/' -i /etc/default/cachefilesd", + "sudo mkdir -p /gnu/store", + "sudo mount -t nfs4 -o ro,nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,actimeo=600,fsc,nocto,retrans=2 fs-81e05e48.efs.eu-west-1.amazonaws.com:gnu/store /gnu/store", + "sudo mkdir -p /var/guix", + "sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 fs-81e05e48.efs.eu-west-1.amazonaws.com:var/guix /var/guix", + "echo \"export GUIX_DAEMON_SOCKET=guix://${data.aws_instance.guix-daemon.private_dns}\" | sudo tee /etc/profile.d/guix-daemon-socket.sh", + #"sudo systemctl restart cachefilesd", + "sudo mv /home/ubuntu/govuk.service /etc/systemd/system/govuk.service", + "sudo systemctl daemon-reload", + "sudo systemctl enable govuk.service", + "sudo systemctl start govuk.service" + ] + + connection { + type = "ssh" + user = "ubuntu" + } + } +} + +resource "aws_route53_record" "example" { + zone_id = "${data.aws_route53_zone.main.zone_id}" + name = "banana" + type = "A" + ttl = "60" + records = ["${aws_spot_instance_request.example.public_ip}"] +} + +resource "aws_route53_record" "example_wildcard" { + zone_id = "${data.aws_route53_zone.main.zone_id}" + name = "*.banana" + type = "A" + ttl = "60" + records = ["${aws_spot_instance_request.example.public_ip}"] +} diff --git a/terraform/example/govuk.service.tpl b/terraform/example/govuk.service.tpl new file mode 100644 index 0000000..52b4b56 --- /dev/null +++ b/terraform/example/govuk.service.tpl @@ -0,0 +1,13 @@ +[Unit] +Description=GOV.UK +After=network.target + +[Service] +Type=simple +User=ubuntu +WorkingDirectory=/home/ubuntu +Environment="GUIX_DAEMON_SOCKET=guix://${guix_daemon_socket}" +ExecStart=/var/guix/profiles/per-user/ubuntu/guix-profile/bin/govuk system start --rails-environment=production --app-domain=${app_domain} --web-domain=${web_domain} --use-high-ports=false --use-https=certbot --fallback + +[Install] +WantedBy=multi-user.target |