public
/
stack
5
0
Fork 1
Code Issues 4 Pull Requests 1 Packages Projects Releases Wiki Activity

Add first-working plan

This commit is contained in:
Shane Engelman 2023-01-27 21:08:56 -06:00
parent 1e83b29ca8
commit df0dfbbe84
Signed by: shane
GPG Key ID: D9DF703B83B9A9B5
6 changed files with 209 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -35,3 +35,6 @@ terraform.rc
# Platform # Platform
.DS_Store .DS_Store
# Misc
token

85
.terraform.lock.hcl Normal file
View File

@ -0,0 +1,85 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/digitalocean/digitalocean" {
version = "2.25.2"
constraints = "2.25.2"
hashes = [
"h1:OreINFf349wOcU2trD8gmP2/dFYT85ltyG0YIQ+d4GA=",
"zh:0accb40afb05425f20ff93426c69fa9585fd269f5a0caff9e03173ca3a0f66f0",
"zh:0e389b5ebfce42a9a1c78b576acffa6d4f1cfa421810537e6e096a254ff3fec8",
"zh:12441f028af172a823b452bb017721d7bf2f6f14e343ac90f361c7bb73ff0874",
"zh:18e04874d833d014617ee94971b8ef4638931a3ee7c572f86ee816b74911bcb5",
"zh:4e728375e24fdc37e791b3f234c991da342dbad8e1bd878531dd45ab6710c4fe",
"zh:4f76bea793d71ae85c72275bd1a5d28ce72afbb41e6cf51cc74d19a470b2c4dc",
"zh:588fd686e257b9d989427106e16b7d35a805cf6c1f532dca8fd61c09f19cc95a",
"zh:5b433b49869a45d96b95e921dd3cc713471dfa78157fe6f89f09d41c689256c2",
"zh:5de660180ab655b64e579564ec5f60f63d7c6633f47dfe4c8ac5a6718d19b5ea",
"zh:6395f4d9995f525469d88825f56c88f46b3466db26a3962a645c9a2e65e60dad",
"zh:7b04b9ca110f3876000616f9f3f046a974a20db93583786f26dccf10ed9372cf",
"zh:81b02a7247a0142075315cdbccd41138c01ed3327036c6b3b417859b06fdac0d",
"zh:99e4cf8818eed4e0516a939658ae89a8eefeb4dd9d49303b47b28dc844f983ac",
"zh:a85ddbfc6db67508a64c95edd333132efbc40ab7b4d6266023750dc7756f6bec",
"zh:b7e9ee035192e2f4d8db11d33e0dabd1969135901bae52d96001fce5f2a4dce8",
"zh:ec5d133c03319ec103c80d954be31dd673f44e9c93ec9ed951576e110549b59f",
]
}
provider "registry.terraform.io/hashicorp/local" {
version = "2.3.0"
hashes = [
"h1:7y8CXQKtfyvrMCSWgCkCclNN9L161u6jO1dEGVaB5RQ=",
"zh:1f1920b3f78c31c6b69cdfe1e016a959667c0e2d01934e1a084b94d5a02cd9d2",
"zh:550a3cdae0ddb350942624e7b2e8b31d28bc15c20511553432413b1f38f4b214",
"zh:68d1d9ccbfce2ce56b28a23b22833a5369d4c719d6d75d50e101a8a8dbe33b9b",
"zh:6ae3ad6d865a906920c313ec2f413d080efe32c230aca711fd106b4cb9022ced",
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
"zh:a0f413d50f54124057ae3dcd9353a797b84e91dc34bcf85c34a06f8aef1f9b12",
"zh:a2ac6d4088ceddcd73d88505e18b8226a6e008bff967b9e2d04254ef71b4ac6b",
"zh:a851010672e5218bdd4c4ea1822706c9025ef813a03da716d647dd6f8e2cffb0",
"zh:aa797561755041ef2fad99ee9ffc12b5e724e246bb019b21d7409afc2ece3232",
"zh:c6afa960a20d776f54bb1fc260cd13ead17280ebd87f05b9abcaa841ed29d289",
"zh:df0975e86b30bb89717b8c8d6d4690b21db66de06e79e6d6cfda769f3304afe6",
"zh:f0d3cc3da72135efdbe8f4cfbfb0f2f7174827887990a5545e6db1981f0d3a7c",
]
}
provider "registry.terraform.io/hashicorp/tls" {
version = "4.0.4"
hashes = [
"h1:Wd3RqmQW60k2QWPN4sK5CtjGuO1d+CRNXgC+D4rKtXc=",
"zh:23671ed83e1fcf79745534841e10291bbf34046b27d6e68a5d0aab77206f4a55",
"zh:45292421211ffd9e8e3eb3655677700e3c5047f71d8f7650d2ce30242335f848",
"zh:59fedb519f4433c0fdb1d58b27c210b27415fddd0cd73c5312530b4309c088be",
"zh:5a8eec2409a9ff7cd0758a9d818c74bcba92a240e6c5e54b99df68fff312bbd5",
"zh:5e6a4b39f3171f53292ab88058a59e64825f2b842760a4869e64dc1dc093d1fe",
"zh:810547d0bf9311d21c81cc306126d3547e7bd3f194fc295836acf164b9f8424e",
"zh:824a5f3617624243bed0259d7dd37d76017097dc3193dac669be342b90b2ab48",
"zh:9361ccc7048be5dcbc2fafe2d8216939765b3160bd52734f7a9fd917a39ecbd8",
"zh:aa02ea625aaf672e649296bce7580f62d724268189fe9ad7c1b36bb0fa12fa60",
"zh:c71b4cd40d6ec7815dfeefd57d88bc592c0c42f5e5858dcc88245d371b4b8b1e",
"zh:dabcd52f36b43d250a3d71ad7abfa07b5622c69068d989e60b79b2bb4f220316",
"zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
]
}
provider "registry.terraform.io/vancluever/acme" {
version = "2.12.0"
constraints = "~> 2.0"
hashes = [
"h1:/vWhC9ly4N+BehMDxETXSeCWe2w+1MZgM6Ai6cHxpYY=",
"zh:10f52acfdc36510ece0790af4c93f88bc8bb3270cd23fac1f740900dbceff317",
"zh:24e52840e1d7a369a522465b7ab3ab3b13236fb9731867cfaa1957c3a0d09254",
"zh:354f87de829707e625cb6da2318796b314897a6dd639ce367e397496a86af9fb",
"zh:3569b27c707fa4170c9c736116aa6ecbd25c3d3c94558e9001e2aed858ee6ac6",
"zh:429427787e450138db9100fec60966b26810d1447b9b675cea56259e0b3bf4c6",
"zh:533ae7a09e83b2ed5235ef607815468daadfa78c722e85d3f3c6f6a740dee40e",
"zh:772b346540392b43dd422b5e77e1008953f9df1538545d61cba35d12bc569fa1",
"zh:7a9e6f5b6470f16a640e5751f95375b654fa63bbf702d2c20ef616be0b2fe80f",
"zh:a186f1121c9a802cce71045245b861aa09b7a7dc0e93fd913b261f8d892ff2d5",
"zh:b1521cb89a7166e26dd2b9dedd1f45e43a037de50ea19e42856e740b64bdaba9",
"zh:c152efb60e50e8a298fc66a3446cb47d1b110c642681df8fe3ab4892711b530a",
"zh:c6491988233db2691f26e821c1b81aa30c017f194fa3a17b98447076cae30d41",
"zh:ea564dcf2cc65610103495f8b18baf0fe4a0664e06f4fc7006c0938ac15227c1",
]
}

16
README.md
View File

@ -1,3 +1,19 @@
# Distrust Infrastructure # Distrust Infrastructure
For the purpose of transparency, we include our infrastructure configuration right out in the open to encourage those we work with, and otherwise to do the same. For the purpose of transparency, we include our infrastructure configuration right out in the open to encourage those we work with, and otherwise to do the same.
## Dependencies
You will need the following installed:
- `terraform`
<!-- - `s3cmd` -->
## Usage
```shell
$ terraform init
```
```shell
$ terraform plan
```

38
letsencrypt.tf Normal file
View File

@ -0,0 +1,38 @@
resource "digitalocean_domain" "default" {
name = "distrust.co"
}
# Handle record for www redirect
resource "digitalocean_record" "www" {
domain = "distrust.co"
type = "CNAME"
name = "www"
value = digitalocean_cdn.distrust_co.origin
}
# Handle record for distrust.co
resource "digitalocean_record" "distrust_co" {
domain = "distrust.co"
type = "CNAME"
name = "@"
value = digitalocean_cdn.distrust_co.origin
}
resource "tls_private_key" "private_key" {
algorithm = "RSA"
}
resource "acme_registration" "reg" {
account_key_pem = tls_private_key.private_key.private_key_pem
email_address = "team@distrust.co"
}
resource "acme_certificate" "certificate" {
account_key_pem = acme_registration.reg.account_key_pem
common_name = "www.distrust.co"
subject_alternative_names = []
dns_challenge {
provider = "digitalociean"
}
}

16
provider.tf Normal file
View File

@ -0,0 +1,16 @@
terraform {
required_providers {
digitalocean = {
source = "digitalocean/digitalocean"
version = "2.25.2"
}
acme = {
source = "vancluever/acme"
version = "~> 2.0"
}
}
}
provider "acme" {
server_url = "https://acme-v02.api.letsencrypt.org/directory"
}

51
website.tf Normal file
View File

@ -0,0 +1,51 @@
# Upload files to Digital Ocean
## The Digital Ocean Spaces API is compatible with Amazon S3
# resource "local_exec" "s3cmd" {
# command = "s3cmd put --recursive --acl-public --guess-mime-type --verbose static/ s3://static-site/"
# depends_on = [local_file.index_html, local_file.static_dir]
# }
# Create local directories as scratch space
resource "local_file" "openpgpkey" {
filename = ".well-known/openpgpkey/policy"
content = ""
}
resource "local_file" "hu" {
filename = ".well-known/openpgpkey/hu/.keep"
content = ""
depends_on = [local_file.openpgpkey]
}
resource "local_file" "static_dir" {
filename = "static/.keep"
content = ""
}
# Create local files as scratch space
resource "local_file" "example" {
filename = ".well-known/openpgpkey/policy"
content = ""
depends_on = [local_file.openpgpkey]
}
# # Execute commands required to fetch PGP keys
# resource "local_exec" "command1" {
# command = "command1 arg1 arg2"
# output = var.output1
# depends_on = [local_file.openpgpkey]
# }
# # Execute commands to build static site
# resource "local_exec" "command2" {
# command = "command2 ${var.output1} arg2"
# depends_on = [local_exec.command1]
# }
# Create the Space on Digital Ocean
resource "digitalocean_spaces_bucket" "distrust_co" {
name = "distrust.co"
region = "nyc3"
}
resource "digitalocean_cdn" "distrust_co" {
origin = digitalocean_spaces_bucket.distrust_co.bucket_domain_name
}