From bcf868a62162ae74d79adb63b908c0f8201c1c53 Mon Sep 17 00:00:00 2001 From: Bartosz Karwacki Date: Fri, 26 Nov 2021 14:08:58 +0100 Subject: [PATCH] aws gitea --- aws/Dockerfile | 7 + aws/db.yaml | 63 ++++++ aws/deploy.sh | 8 + aws/main.tf | 309 +++++++++++++++++++++++++++++ aws/server.yaml | 66 ++++++ Dockerfile => hetzner/Dockerfile | 0 deploy.sh => hetzner/deploy.sh | 0 init-db => hetzner/init-db | 0 init-server => hetzner/init-server | 0 main.tf => hetzner/main.tf | 0 10 files changed, 453 insertions(+) create mode 100644 aws/Dockerfile create mode 100644 aws/db.yaml create mode 100755 aws/deploy.sh create mode 100644 aws/main.tf create mode 100644 aws/server.yaml rename Dockerfile => hetzner/Dockerfile (100%) rename deploy.sh => hetzner/deploy.sh (100%) rename init-db => hetzner/init-db (100%) rename init-server => hetzner/init-server (100%) rename main.tf => hetzner/main.tf (100%) diff --git a/aws/Dockerfile b/aws/Dockerfile new file mode 100644 index 0000000..f245e6b --- /dev/null +++ b/aws/Dockerfile @@ -0,0 +1,7 @@ +FROM hashicorp/terraform:latest + +COPY . . +RUN mkdir ~/.aws +RUN cp credentials ~/.aws + +ENTRYPOINT terraform init && terraform apply -auto-approve && sleep 300 && terraform destroy -auto-approve \ No newline at end of file diff --git a/aws/db.yaml b/aws/db.yaml new file mode 100644 index 0000000..e0b056d --- /dev/null +++ b/aws/db.yaml @@ -0,0 +1,63 @@ +#cloud-config +# Add groups to the system +# Adds the ubuntu group with members 'root' and 'sys' +# and the empty group hashicorp. +groups: + - ubuntu: [root,sys] + - hashicorp + +# Add users to the system. Users are added after groups are added. +users: + - default + - name: terraform + gecos: terraform + shell: /bin/bash + primary_group: hashicorp + sudo: ALL=(ALL) NOPASSWD:ALL + groups: users, admin + lock_passwd: false + ssh_authorized_keys: + - ${rss_key} + + +packages: + - apt-transport-https + - ca-certificates + - curl + - gnupg-agent + - software-properties-common + +write_files: + - path: /root/docker-compose.yml + content: | + version: '3.9' + services: + db: + image: postgres:13 + restart: always + environment: + - POSTGRES_USER=gitea + - POSTGRES_PASSWORD=gitea + - POSTGRES_DB=gitea + ports: + - "5432:5432" + volumes: + - ./postgres:/var/lib/postgresql/data + volumes: + postgres_data: + driver_opts: + type: "nfs4" + o: "addr=${fes_address},nolock,soft,rw" + device: ":/docker/postgres_data" + +# instalujemy docker, docker-compose a następnie uruchamiamy naszą bazę danych +runcmd: + - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - + - add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" + - apt-get update -y + - apt-get install -y docker-ce docker-ce-cli containerd.io + - curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose + - chmod +x /usr/local/bin/docker-compose + - systemctl start docker + - systemctl enable docker + - cd /root/ && docker-compose up -d \ No newline at end of file diff --git a/aws/deploy.sh b/aws/deploy.sh new file mode 100755 index 0000000..9834cb6 --- /dev/null +++ b/aws/deploy.sh @@ -0,0 +1,8 @@ +#!/bin/bash +cp ~/.aws/credentials ./credentials +ssh-keygen -t rsa -C "your_email@example.com" -f ./tf-cloud-init -q -N "" +docker build -t gitea-aws . +docker run -p 80:80 gitea-aws +rm tf-cloud-init +rm tf-cloud-init.pub +rm credentials diff --git a/aws/main.tf b/aws/main.tf new file mode 100644 index 0000000..f8ee21c --- /dev/null +++ b/aws/main.tf @@ -0,0 +1,309 @@ +provider "aws" { + region = "eu-central-1" +} + +resource "aws_vpc" "main" { + cidr_block = "10.0.0.0/16" + + tags = { + Name = "gitea-vpc" + } +} + +resource "aws_subnet" "public_subnet" { + vpc_id = aws_vpc.main.id + cidr_block = "10.0.0.0/24" + availability_zone = "eu-central-1a" + map_public_ip_on_launch = true + tags = { + Name = "gitea-public-subnet" + } +} + +resource "aws_subnet" "private_subnet_server" { + vpc_id = aws_vpc.main.id + cidr_block = "10.0.1.0/24" + availability_zone = "eu-central-1a" + map_public_ip_on_launch = false + tags = { + Name = "gitea-server-private-subnet" + } +} + +resource "aws_subnet" "private_subnet_db" { + vpc_id = aws_vpc.main.id + cidr_block = "10.0.2.0/24" + availability_zone = "eu-central-1a" + map_public_ip_on_launch = false + tags = { + Name = "gitea-db-private-subnet" + } +} + +resource "aws_internet_gateway" "ig" { + vpc_id = aws_vpc.main.id + tags = { + Name = "gitea-igw" + } +} + +resource "aws_eip" "nat_eip" { + vpc = true +} + +resource "aws_nat_gateway" "nat" { + allocation_id = aws_eip.nat_eip.id + subnet_id = element(aws_subnet.public_subnet.*.id, 0) + tags = { + Name = "gitea-nat" + } +} + +resource "aws_route_table" "private" { + vpc_id = aws_vpc.main.id + tags = { + Name = "gitea-private-route-table" + } +} + +resource "aws_route_table" "public" { + vpc_id = aws_vpc.main.id + tags = { + Name = "gitea-public-route-table" + } +} + +resource "aws_route" "public_internet_gateway" { + route_table_id = aws_route_table.public.id + destination_cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.ig.id +} +resource "aws_route" "private_nat_gateway" { + route_table_id = aws_route_table.private.id + destination_cidr_block = "0.0.0.0/0" + nat_gateway_id = aws_nat_gateway.nat.id +} + +resource "aws_route_table_association" "public" { + subnet_id = aws_subnet.public_subnet.id + route_table_id = aws_route_table.public.id +} +resource "aws_route_table_association" "private_server" { + subnet_id = aws_subnet.private_subnet_server.id + route_table_id = aws_route_table.private.id +} +resource "aws_route_table_association" "private_db" { + subnet_id = aws_subnet.private_subnet_db.id + route_table_id = aws_route_table.private.id +} + +resource "aws_security_group" "default" { + name = "gitea-default-sg" + description = "Default security group to allow inbound/outbound from the VPC" + vpc_id = aws_vpc.main.id + ingress { + description = "SSH from VPC" + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + ipv6_cidr_blocks = ["::/0"] + } + ingress { + description = "SSH from VPC" + from_port = 2222 + to_port = 2222 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + ipv6_cidr_blocks = ["::/0"] + } + + ingress { + description = "HTTP from VPC" + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + ipv6_cidr_blocks = ["::/0"] + } + ingress { + description = "HTTP from VPC" + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + ipv6_cidr_blocks = ["::/0"] + } + + ingress { + description = "HTTP from VPC" + from_port = 3000 + to_port = 3000 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + ipv6_cidr_blocks = ["::/0"] + } + + ingress { + description = "HTTP from VPC" + from_port = 5432 + to_port = 5432 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + ipv6_cidr_blocks = ["::/0"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + ipv6_cidr_blocks = ["::/0"] + } +} + +data "aws_ami" "ubuntu" { + most_recent = true + + filter { + name = "name" + values = ["ubuntu/images/hvm-ssd/ubuntu-*20*-amd64-server-*"] + } + + filter { + name = "virtualization-type" + values = ["hvm"] + } + + owners = ["099720109477"] # Canonical +} + +data "template_file" "user_data_server" { + template = file("server.yaml") + + vars = { + rss_key = file("tf-cloud-init.pub"), + private_ip = "${aws_instance.db.private_ip}:5432" + } +} +data "template_file" "user_data_db" { + template = file("db.yaml") + vars = { + rss_key = file("tf-cloud-init.pub"), + fes_address = aws_efs_mount_target.alpha.dns_name + } +} + +resource "aws_instance" "server" { + ami = data.aws_ami.ubuntu.id + instance_type = "t2.micro" + subnet_id = aws_subnet.private_subnet_server.id + vpc_security_group_ids = [aws_security_group.default.id] + user_data = data.template_file.user_data_server.rendered + + tags = { + Name = "ec2-gitea-server" + } +} + +resource "aws_instance" "db" { + ami = data.aws_ami.ubuntu.id + instance_type = "t2.micro" + subnet_id = aws_subnet.private_subnet_db.id + vpc_security_group_ids = [aws_security_group.default.id] + user_data = data.template_file.user_data_db.rendered + + tags = { + Name = "ec2-gitea-db" + } +} + + +resource "aws_lb" "lb" { + name = "gitea-lb" + internal = false + load_balancer_type = "network" + subnet_mapping { + subnet_id = aws_subnet.public_subnet.id + } +} + +resource "aws_lb_listener" "main_80" { + load_balancer_arn = aws_lb.lb.arn + port = "80" + protocol = "TCP" + + default_action { + type = "forward" + target_group_arn = aws_lb_target_group.main.arn + } +} + +resource "aws_lb_listener" "main_443" { + load_balancer_arn = aws_lb.lb.arn + port = "443" + protocol = "TCP" + + default_action { + type = "forward" + target_group_arn = aws_lb_target_group.main.arn + } +} + +resource "aws_lb_listener" "main_22" { + load_balancer_arn = aws_lb.lb.arn + port = "22" + protocol = "TCP" + + default_action { + type = "forward" + target_group_arn = aws_lb_target_group.main_ssh.arn + } +} + +resource "aws_lb_target_group" "main" { + name = "tg" + port = 80 + protocol = "TCP" + vpc_id = aws_vpc.main.id +} + + +resource "aws_lb_target_group" "main_ssh" { + name = "tg-ssh" + port = 22 + protocol = "TCP" + vpc_id = aws_vpc.main.id +} + +resource "aws_lb_target_group_attachment" "tg_attch_ssh" { + target_group_arn = aws_lb_target_group.main_ssh.arn + target_id = aws_instance.server.id + port = 2222 +} + + +resource "aws_lb_target_group_attachment" "tg_attch" { + target_group_arn = aws_lb_target_group.main.arn + target_id = aws_instance.server.id + port = 3000 +} + + +resource "aws_efs_file_system" "file_system" { + availability_zone_name = "eu-central-1a" + tags = { + Name = "gitea-efs" + } +} + +resource "aws_efs_mount_target" "alpha" { + file_system_id = aws_efs_file_system.file_system.id + subnet_id = aws_subnet.private_subnet_db.id + security_groups = [aws_security_group.default.id] +} + + +output "lb_ip" { + value = "http://${aws_lb.lb.dns_name}" +} diff --git a/aws/server.yaml b/aws/server.yaml new file mode 100644 index 0000000..6d14fbd --- /dev/null +++ b/aws/server.yaml @@ -0,0 +1,66 @@ +#cloud-config +# Add groups to the system +# Adds the ubuntu group with members 'root' and 'sys' +# and the empty group hashicorp. +groups: + - ubuntu: [root,sys] + - hashicorp + +# Add users to the system. Users are added after groups are added. +users: + - default + - name: terraform + gecos: terraform + shell: /bin/bash + primary_group: hashicorp + sudo: ALL=(ALL) NOPASSWD:ALL + groups: users, admin + lock_passwd: false + ssh_authorized_keys: + - ${rss_key} + + +packages: + - apt-transport-https + - ca-certificates + - curl + - gnupg-agent + - software-properties-common + +write_files: + - path: /root/docker-compose.yml + content: | + version: '3.9' + + services: + server: + image: gitea/gitea:1.15.6 + container_name: gitea + environment: + - USER_UID=1000 + - USER_GID=1000 + - GITEA__database__DB_TYPE=postgres + - GITEA__database__HOST=${private_ip} + - GITEA__database__NAME=gitea + - GITEA__database__USER=gitea + - GITEA__database__PASSWD=gitea + restart: always + volumes: + - ./gitea:/data + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + ports: + - "3000:3000" + - "2222:22" + +# instalujemy docker, docker-compose a następnie uruchamiamy naszą bazę danych +runcmd: + - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - + - add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" + - apt-get update -y + - apt-get install -y docker-ce docker-ce-cli containerd.io + - curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose + - chmod +x /usr/local/bin/docker-compose + - systemctl start docker + - systemctl enable docker + - cd /root/ && docker-compose up -d diff --git a/Dockerfile b/hetzner/Dockerfile similarity index 100% rename from Dockerfile rename to hetzner/Dockerfile diff --git a/deploy.sh b/hetzner/deploy.sh similarity index 100% rename from deploy.sh rename to hetzner/deploy.sh diff --git a/init-db b/hetzner/init-db similarity index 100% rename from init-db rename to hetzner/init-db diff --git a/init-server b/hetzner/init-server similarity index 100% rename from init-server rename to hetzner/init-server diff --git a/main.tf b/hetzner/main.tf similarity index 100% rename from main.tf rename to hetzner/main.tf