aboutsummaryrefslogtreecommitdiff
path: root/terraform
diff options
context:
space:
mode:
authorChristopher Baines <mail@cbaines.net>2018-01-27 23:23:05 +0000
committerChristopher Baines <mail@cbaines.net>2018-03-29 07:28:05 +0100
commiteb3177b0d8de10f316ac595dff3b8165cf828796 (patch)
tree501b338a14a3cedc71c9a33a17d5810848374572 /terraform
downloadgovuk-mini-environment-admin-eb3177b0d8de10f316ac595dff3b8165cf828796.tar
govuk-mini-environment-admin-eb3177b0d8de10f316ac595dff3b8165cf828796.tar.gz
Initial commit
Diffstat (limited to 'terraform')
-rw-r--r--terraform/.gitignore3
-rw-r--r--terraform/example.tf95
-rw-r--r--terraform/example/govuk.service.tpl13
3 files changed, 111 insertions, 0 deletions
diff --git a/terraform/.gitignore b/terraform/.gitignore
new file mode 100644
index 0000000..96c7538
--- /dev/null
+++ b/terraform/.gitignore
@@ -0,0 +1,3 @@
+.terraform
+*.tfstate
+*.tfstate.backup
diff --git a/terraform/example.tf b/terraform/example.tf
new file mode 100644
index 0000000..0efeed8
--- /dev/null
+++ b/terraform/example.tf
@@ -0,0 +1,95 @@
+provider "aws" {
+ region = "eu-west-1"
+}
+
+resource "aws_key_pair" "deployer" {
+ key_name = "deployer"
+ public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwICJ0eU/M+373AwzuvFtr+xCQdIQfK8CgbroCVMR2nezt/M+I8TIHtY9eb7M7J9Wnpgo+ObVbEmLXZeyzjme4BVBEBCUfKnkxmysqQFCb3NM96rLz509HFsKx/evo8Y+oazuW2L3vnLEKkqXq8jhL2YhlRWZwdNoEBa5N6Lsk/C4zwElAJKRkUDURLZcaNQOiTBtXh4lviX6Fj8rXjRgw/rZZ/fkWkLhP0RuS9V6Pw+f58sgFPkw19ZXj0LZNGHxeeCnyU7Ll0WlZa3WkDwbhNDvHJy6ZcIYZYHJicRKfbeCgBS7KRJvAlnW88au2wbU9t02H9INJyI5Mwua23X9v7tPvFLIFUOHIL5oCJEFYO4iM3lHTwrAov3UQ4/hsV/EVL1rQ1htDMt0QoXxQnJH0u7ThssGi1shJb34/F828lj1qPE4vjvoEyOLZs/pUwXbKHnKevQyiU159J/41shp7HNYh0d6eAeyFSnyvdfhvzx2TdKII0LaXdIgA3BYhN+j4ljNuN1BLEllJNb3u2L8FyyV/PA53k9XE8RdVU3JpE2m1u/49sgYiboruQzzQqelyuvBnajf/4q5wMQrJ8lf4PXp/oTwcvolJ/qiQ5qkfCx7sZojgLZlz1ReqsGAubEpZydme1Ujm5SGVkSSHC/Kx4sDADetJ3k6b1s4Y6w6cfw== chris@giedi"
+}
+
+data "aws_security_group" "guix-client" {
+ id = "sg-d8003ba3"
+}
+
+data "aws_instance" "guix-daemon" {
+ instance_id = "i-010e25f85dfa73e72"
+}
+
+data "aws_route53_zone" "main" {
+ zone_id = "ZD004G8DN6AQZ"
+}
+
+data "template_file" "govuk_service" {
+ template = "file(example/govuk.service.tpl)"
+
+ vars {
+ guix_daemon_socket = "guix://${data.aws_instance.guix-daemon.private_dns}",
+ app_domain = "banana.aws.cbaines.net",
+ web_domain = "www.banana.aws.cbaines.net"
+ }
+}
+
+resource "aws_spot_instance_request" "example" {
+ ami = "ami-8fd760f6"
+ instance_type = "t2.large"
+ key_name = "${aws_key_pair.deployer.key_name}"
+ security_groups = [
+ "${data.aws_security_group.guix-client.name}",
+ "default",
+ "public-webserver"
+ ]
+
+ wait_for_fulfillment = true
+ spot_price = "0.05"
+
+ provisioner "file" {
+ content = "${data.template_file.govuk_service.rendered}"
+ destination = "/home/ubuntu/govuk.service"
+
+ connection {
+ type = "ssh"
+ user = "ubuntu"
+ }
+ }
+
+ provisioner "remote-exec" {
+ inline = [
+ "sudo apt-get update",
+ "sudo apt-get update",
+ "sudo apt-get -y install nfs-common cachefilesd",
+ "sudo tune2fs -o user_xattr /dev/xvda1",
+ "sudo sed 's/#RUN/RUN/' -i /etc/default/cachefilesd",
+ "sudo mkdir -p /gnu/store",
+ "sudo mount -t nfs4 -o ro,nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,actimeo=600,fsc,nocto,retrans=2 fs-81e05e48.efs.eu-west-1.amazonaws.com:gnu/store /gnu/store",
+ "sudo mkdir -p /var/guix",
+ "sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 fs-81e05e48.efs.eu-west-1.amazonaws.com:var/guix /var/guix",
+ "echo \"export GUIX_DAEMON_SOCKET=guix://${data.aws_instance.guix-daemon.private_dns}\" | sudo tee /etc/profile.d/guix-daemon-socket.sh",
+ #"sudo systemctl restart cachefilesd",
+ "sudo mv /home/ubuntu/govuk.service /etc/systemd/system/govuk.service",
+ "sudo systemctl daemon-reload",
+ "sudo systemctl enable govuk.service",
+ "sudo systemctl start govuk.service"
+ ]
+
+ connection {
+ type = "ssh"
+ user = "ubuntu"
+ }
+ }
+}
+
+resource "aws_route53_record" "example" {
+ zone_id = "${data.aws_route53_zone.main.zone_id}"
+ name = "banana"
+ type = "A"
+ ttl = "60"
+ records = ["${aws_spot_instance_request.example.public_ip}"]
+}
+
+resource "aws_route53_record" "example_wildcard" {
+ zone_id = "${data.aws_route53_zone.main.zone_id}"
+ name = "*.banana"
+ type = "A"
+ ttl = "60"
+ records = ["${aws_spot_instance_request.example.public_ip}"]
+}
diff --git a/terraform/example/govuk.service.tpl b/terraform/example/govuk.service.tpl
new file mode 100644
index 0000000..52b4b56
--- /dev/null
+++ b/terraform/example/govuk.service.tpl
@@ -0,0 +1,13 @@
+[Unit]
+Description=GOV.UK
+After=network.target
+
+[Service]
+Type=simple
+User=ubuntu
+WorkingDirectory=/home/ubuntu
+Environment="GUIX_DAEMON_SOCKET=guix://${guix_daemon_socket}"
+ExecStart=/var/guix/profiles/per-user/ubuntu/guix-profile/bin/govuk system start --rails-environment=production --app-domain=${app_domain} --web-domain=${web_domain} --use-high-ports=false --use-https=certbot --fallback
+
+[Install]
+WantedBy=multi-user.target