terraform { backend "http" {} } variable "slug" { type = "string" } variable "aws_access_key" { type = "string" } variable "aws_secret_key" { type = "string" } variable "aws_region" { type = "string" } variable "aws_route_53_zone_id" { type = "string" } variable "start_command" { type = "string" } variable "backend_remote_state_address" { type = "string" } variable "backend_remote_state_username" { type = "string" } variable "backend_remote_state_password" { type = "string" } variable "ssh_private_key" { type = "string" } provider "aws" { access_key = "${var.aws_access_key}" secret_key = "${var.aws_secret_key}" region = "${var.aws_region}" } data "terraform_remote_state" "backend" { backend = "http" config { address = "${var.backend_remote_state_address}" username = "${var.backend_remote_state_username}" password = "${var.backend_remote_state_password}" } } data "aws_route53_zone" "main" { zone_id = "${var.aws_route_53_zone_id}" } data "template_file" "govuk_service" { template = "${file("${path.module}/govuk.service.tpl")}" vars { start_command = "${var.start_command}" } } resource "aws_spot_instance_request" "main" { ami = "ami-8fd760f6" instance_type = "t2.xlarge" key_name = "${data.terraform_remote_state.backend.deployer_key_pair_name}" security_groups = [ "${data.terraform_remote_state.backend.guix_client_security_group_name}", "${data.terraform_remote_state.backend.public_webserver_security_group_name}", "${data.terraform_remote_state.backend.ssh_access_from_mini_environment_admin_security_group_name}" ] wait_for_fulfillment = true spot_price = "0.21" spot_type = "one-time" root_block_device { volume_size = "150" } provisioner "file" { content = "${data.template_file.govuk_service.rendered}" destination = "/home/ubuntu/govuk.service" connection { type = "ssh" user = "ubuntu" private_key = "${var.ssh_private_key}" } } provisioner "remote-exec" { inline = [ "sudo apt-get update", "sudo apt-get update", "sudo apt-get -y install nfs-common cachefilesd", "sudo tune2fs -o user_xattr /dev/xvda1", "sudo sed 's/#RUN/RUN/' -i /etc/default/cachefilesd", "sudo mkdir -p /gnu/store", "sudo mount -t nfs4 -o ro,nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,actimeo=600,fsc,nocto,retrans=2 ${data.terraform_remote_state.backend.efs_file_system_dns_name}:gnu/store /gnu/store", "sudo mkdir -p /var/guix", "sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 ${data.terraform_remote_state.backend.efs_file_system_dns_name}:var/guix /var/guix", "echo \"export GUIX_DAEMON_SOCKET=guix://${data.terraform_remote_state.backend.guix_daemon_private_dns}\" | sudo tee /etc/profile.d/guix-daemon-socket.sh", #"sudo systemctl restart cachefilesd", "sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080", "sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8443", "sudo iptables -A OUTPUT -t nat -o lo -p tcp --dport 80 -j REDIRECT --to-port 8080", "sudo iptables -A OUTPUT -t nat -o lo -p tcp --dport 443 -j REDIRECT --to-port 8443", "sudo mkdir -p /var/cache/govuk-mini-environment-admin /var/lib/govuk-mini-environment-admin /var/log/govuk-mini-environment-admin", "sudo mv /home/ubuntu/govuk.service /etc/systemd/system/govuk.service", "sudo systemctl daemon-reload", "sudo systemctl enable govuk.service", "sudo systemctl start govuk.service" ] connection { type = "ssh" user = "ubuntu" private_key = "${var.ssh_private_key}" } } } resource "aws_route53_record" "main" { zone_id = "${data.aws_route53_zone.main.zone_id}" name = "${var.slug}" type = "A" ttl = "60" records = ["${aws_spot_instance_request.main.public_ip}"] } resource "aws_route53_record" "wildcard" { zone_id = "${data.aws_route53_zone.main.zone_id}" name = "*.${var.slug}" type = "A" ttl = "60" records = ["${aws_spot_instance_request.main.public_ip}"] } # Outputs output "spot_bid_status" { value = "${aws_spot_instance_request.main.spot_bid_status}" } output "spot_request_status" { value = "${aws_spot_instance_request.main.spot_request_state}" } output "mini_environment_up" { value = "${aws_spot_instance_request.main.spot_bid_status == "fulfilled"}" }