From df0dfbbe84f8a9402611d82a2fe5632ba0d47d4d Mon Sep 17 00:00:00 2001 From: shane Date: Fri, 27 Jan 2023 21:08:56 -0600 Subject: [PATCH] Add first-working plan --- .gitignore | 3 ++ .terraform.lock.hcl | 85 +++++++++++++++++++++++++++++++++++++++++++++ README.md | 16 +++++++++ letsencrypt.tf | 38 ++++++++++++++++++++ provider.tf | 16 +++++++++ website.tf | 51 +++++++++++++++++++++++++++ 6 files changed, 209 insertions(+) create mode 100644 .terraform.lock.hcl create mode 100644 letsencrypt.tf create mode 100644 provider.tf create mode 100644 website.tf diff --git a/.gitignore b/.gitignore index d38c99a..72368f2 100644 --- a/.gitignore +++ b/.gitignore @@ -35,3 +35,6 @@ terraform.rc # Platform .DS_Store + +# Misc +token \ No newline at end of file diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl new file mode 100644 index 0000000..95b594a --- /dev/null +++ b/.terraform.lock.hcl @@ -0,0 +1,85 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/digitalocean/digitalocean" { + version = "2.25.2" + constraints = "2.25.2" + hashes = [ + "h1:OreINFf349wOcU2trD8gmP2/dFYT85ltyG0YIQ+d4GA=", + "zh:0accb40afb05425f20ff93426c69fa9585fd269f5a0caff9e03173ca3a0f66f0", + "zh:0e389b5ebfce42a9a1c78b576acffa6d4f1cfa421810537e6e096a254ff3fec8", + "zh:12441f028af172a823b452bb017721d7bf2f6f14e343ac90f361c7bb73ff0874", + "zh:18e04874d833d014617ee94971b8ef4638931a3ee7c572f86ee816b74911bcb5", + "zh:4e728375e24fdc37e791b3f234c991da342dbad8e1bd878531dd45ab6710c4fe", + "zh:4f76bea793d71ae85c72275bd1a5d28ce72afbb41e6cf51cc74d19a470b2c4dc", + "zh:588fd686e257b9d989427106e16b7d35a805cf6c1f532dca8fd61c09f19cc95a", + "zh:5b433b49869a45d96b95e921dd3cc713471dfa78157fe6f89f09d41c689256c2", + "zh:5de660180ab655b64e579564ec5f60f63d7c6633f47dfe4c8ac5a6718d19b5ea", + "zh:6395f4d9995f525469d88825f56c88f46b3466db26a3962a645c9a2e65e60dad", + "zh:7b04b9ca110f3876000616f9f3f046a974a20db93583786f26dccf10ed9372cf", + "zh:81b02a7247a0142075315cdbccd41138c01ed3327036c6b3b417859b06fdac0d", + "zh:99e4cf8818eed4e0516a939658ae89a8eefeb4dd9d49303b47b28dc844f983ac", + "zh:a85ddbfc6db67508a64c95edd333132efbc40ab7b4d6266023750dc7756f6bec", + "zh:b7e9ee035192e2f4d8db11d33e0dabd1969135901bae52d96001fce5f2a4dce8", + "zh:ec5d133c03319ec103c80d954be31dd673f44e9c93ec9ed951576e110549b59f", + ] +} + +provider "registry.terraform.io/hashicorp/local" { + version = "2.3.0" + hashes = [ + "h1:7y8CXQKtfyvrMCSWgCkCclNN9L161u6jO1dEGVaB5RQ=", + "zh:1f1920b3f78c31c6b69cdfe1e016a959667c0e2d01934e1a084b94d5a02cd9d2", + "zh:550a3cdae0ddb350942624e7b2e8b31d28bc15c20511553432413b1f38f4b214", + "zh:68d1d9ccbfce2ce56b28a23b22833a5369d4c719d6d75d50e101a8a8dbe33b9b", + "zh:6ae3ad6d865a906920c313ec2f413d080efe32c230aca711fd106b4cb9022ced", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:a0f413d50f54124057ae3dcd9353a797b84e91dc34bcf85c34a06f8aef1f9b12", + "zh:a2ac6d4088ceddcd73d88505e18b8226a6e008bff967b9e2d04254ef71b4ac6b", + "zh:a851010672e5218bdd4c4ea1822706c9025ef813a03da716d647dd6f8e2cffb0", + "zh:aa797561755041ef2fad99ee9ffc12b5e724e246bb019b21d7409afc2ece3232", + "zh:c6afa960a20d776f54bb1fc260cd13ead17280ebd87f05b9abcaa841ed29d289", + "zh:df0975e86b30bb89717b8c8d6d4690b21db66de06e79e6d6cfda769f3304afe6", + "zh:f0d3cc3da72135efdbe8f4cfbfb0f2f7174827887990a5545e6db1981f0d3a7c", + ] +} + +provider "registry.terraform.io/hashicorp/tls" { + version = "4.0.4" + hashes = [ + "h1:Wd3RqmQW60k2QWPN4sK5CtjGuO1d+CRNXgC+D4rKtXc=", + "zh:23671ed83e1fcf79745534841e10291bbf34046b27d6e68a5d0aab77206f4a55", + "zh:45292421211ffd9e8e3eb3655677700e3c5047f71d8f7650d2ce30242335f848", + "zh:59fedb519f4433c0fdb1d58b27c210b27415fddd0cd73c5312530b4309c088be", + "zh:5a8eec2409a9ff7cd0758a9d818c74bcba92a240e6c5e54b99df68fff312bbd5", + "zh:5e6a4b39f3171f53292ab88058a59e64825f2b842760a4869e64dc1dc093d1fe", + "zh:810547d0bf9311d21c81cc306126d3547e7bd3f194fc295836acf164b9f8424e", + "zh:824a5f3617624243bed0259d7dd37d76017097dc3193dac669be342b90b2ab48", + "zh:9361ccc7048be5dcbc2fafe2d8216939765b3160bd52734f7a9fd917a39ecbd8", + "zh:aa02ea625aaf672e649296bce7580f62d724268189fe9ad7c1b36bb0fa12fa60", + "zh:c71b4cd40d6ec7815dfeefd57d88bc592c0c42f5e5858dcc88245d371b4b8b1e", + "zh:dabcd52f36b43d250a3d71ad7abfa07b5622c69068d989e60b79b2bb4f220316", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/vancluever/acme" { + version = "2.12.0" + constraints = "~> 2.0" + hashes = [ + "h1:/vWhC9ly4N+BehMDxETXSeCWe2w+1MZgM6Ai6cHxpYY=", + "zh:10f52acfdc36510ece0790af4c93f88bc8bb3270cd23fac1f740900dbceff317", + "zh:24e52840e1d7a369a522465b7ab3ab3b13236fb9731867cfaa1957c3a0d09254", + "zh:354f87de829707e625cb6da2318796b314897a6dd639ce367e397496a86af9fb", + "zh:3569b27c707fa4170c9c736116aa6ecbd25c3d3c94558e9001e2aed858ee6ac6", + "zh:429427787e450138db9100fec60966b26810d1447b9b675cea56259e0b3bf4c6", + "zh:533ae7a09e83b2ed5235ef607815468daadfa78c722e85d3f3c6f6a740dee40e", + "zh:772b346540392b43dd422b5e77e1008953f9df1538545d61cba35d12bc569fa1", + "zh:7a9e6f5b6470f16a640e5751f95375b654fa63bbf702d2c20ef616be0b2fe80f", + "zh:a186f1121c9a802cce71045245b861aa09b7a7dc0e93fd913b261f8d892ff2d5", + "zh:b1521cb89a7166e26dd2b9dedd1f45e43a037de50ea19e42856e740b64bdaba9", + "zh:c152efb60e50e8a298fc66a3446cb47d1b110c642681df8fe3ab4892711b530a", + "zh:c6491988233db2691f26e821c1b81aa30c017f194fa3a17b98447076cae30d41", + "zh:ea564dcf2cc65610103495f8b18baf0fe4a0664e06f4fc7006c0938ac15227c1", + ] +} diff --git a/README.md b/README.md index 30ed2ba..13abed5 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,19 @@ # Distrust Infrastructure For the purpose of transparency, we include our infrastructure configuration right out in the open to encourage those we work with, and otherwise to do the same. + +## Dependencies + +You will need the following installed: +- `terraform` + + +## Usage + +```shell +$ terraform init +``` + +```shell +$ terraform plan +``` \ No newline at end of file diff --git a/letsencrypt.tf b/letsencrypt.tf new file mode 100644 index 0000000..356ec4c --- /dev/null +++ b/letsencrypt.tf @@ -0,0 +1,38 @@ +resource "digitalocean_domain" "default" { + name = "distrust.co" +} + +# Handle record for www redirect +resource "digitalocean_record" "www" { + domain = "distrust.co" + type = "CNAME" + name = "www" + value = digitalocean_cdn.distrust_co.origin +} + +# Handle record for distrust.co +resource "digitalocean_record" "distrust_co" { + domain = "distrust.co" + type = "CNAME" + name = "@" + value = digitalocean_cdn.distrust_co.origin +} + +resource "tls_private_key" "private_key" { + algorithm = "RSA" +} + +resource "acme_registration" "reg" { + account_key_pem = tls_private_key.private_key.private_key_pem + email_address = "team@distrust.co" +} + +resource "acme_certificate" "certificate" { + account_key_pem = acme_registration.reg.account_key_pem + common_name = "www.distrust.co" + subject_alternative_names = [] + + dns_challenge { + provider = "digitalociean" + } +} \ No newline at end of file diff --git a/provider.tf b/provider.tf new file mode 100644 index 0000000..bc95bdb --- /dev/null +++ b/provider.tf @@ -0,0 +1,16 @@ +terraform { + required_providers { + digitalocean = { + source = "digitalocean/digitalocean" + version = "2.25.2" + } + acme = { + source = "vancluever/acme" + version = "~> 2.0" + } + } +} + +provider "acme" { + server_url = "https://acme-v02.api.letsencrypt.org/directory" +} \ No newline at end of file diff --git a/website.tf b/website.tf new file mode 100644 index 0000000..f9b37dd --- /dev/null +++ b/website.tf @@ -0,0 +1,51 @@ +# Upload files to Digital Ocean +## The Digital Ocean Spaces API is compatible with Amazon S3 +# resource "local_exec" "s3cmd" { +# command = "s3cmd put --recursive --acl-public --guess-mime-type --verbose static/ s3://static-site/" +# depends_on = [local_file.index_html, local_file.static_dir] +# } + +# Create local directories as scratch space +resource "local_file" "openpgpkey" { + filename = ".well-known/openpgpkey/policy" + content = "" +} +resource "local_file" "hu" { + filename = ".well-known/openpgpkey/hu/.keep" + content = "" + depends_on = [local_file.openpgpkey] +} +resource "local_file" "static_dir" { + filename = "static/.keep" + content = "" +} + +# Create local files as scratch space +resource "local_file" "example" { + filename = ".well-known/openpgpkey/policy" + content = "" + depends_on = [local_file.openpgpkey] +} + +# # Execute commands required to fetch PGP keys +# resource "local_exec" "command1" { +# command = "command1 arg1 arg2" +# output = var.output1 +# depends_on = [local_file.openpgpkey] +# } + +# # Execute commands to build static site +# resource "local_exec" "command2" { +# command = "command2 ${var.output1} arg2" +# depends_on = [local_exec.command1] +# } + +# Create the Space on Digital Ocean +resource "digitalocean_spaces_bucket" "distrust_co" { + name = "distrust.co" + region = "nyc3" +} + +resource "digitalocean_cdn" "distrust_co" { + origin = digitalocean_spaces_bucket.distrust_co.bucket_domain_name +} \ No newline at end of file