provider "aws" { region = "eu-central-1" } resource "aws_vpc" "main" { cidr_block = "10.0.0.0/16" tags = { Name = "gitea-vpc" } } resource "aws_subnet" "public_subnet" { vpc_id = aws_vpc.main.id cidr_block = "10.0.0.0/24" availability_zone = "eu-central-1a" map_public_ip_on_launch = true tags = { Name = "gitea-public-subnet" } } resource "aws_subnet" "private_subnet_server" { vpc_id = aws_vpc.main.id cidr_block = "10.0.1.0/24" availability_zone = "eu-central-1a" map_public_ip_on_launch = false tags = { Name = "gitea-server-private-subnet" } } resource "aws_subnet" "private_subnet_db" { vpc_id = aws_vpc.main.id cidr_block = "10.0.2.0/24" availability_zone = "eu-central-1a" map_public_ip_on_launch = false tags = { Name = "gitea-db-private-subnet" } } resource "aws_internet_gateway" "ig" { vpc_id = aws_vpc.main.id tags = { Name = "gitea-igw" } } resource "aws_eip" "nat_eip" { vpc = true } resource "aws_nat_gateway" "nat" { allocation_id = aws_eip.nat_eip.id subnet_id = element(aws_subnet.public_subnet.*.id, 0) tags = { Name = "gitea-nat" } } resource "aws_route_table" "private" { vpc_id = aws_vpc.main.id tags = { Name = "gitea-private-route-table" } } resource "aws_route_table" "public" { vpc_id = aws_vpc.main.id tags = { Name = "gitea-public-route-table" } } resource "aws_route" "public_internet_gateway" { route_table_id = aws_route_table.public.id destination_cidr_block = "0.0.0.0/0" gateway_id = aws_internet_gateway.ig.id } resource "aws_route" "private_nat_gateway" { route_table_id = aws_route_table.private.id destination_cidr_block = "0.0.0.0/0" nat_gateway_id = aws_nat_gateway.nat.id } resource "aws_route_table_association" "public" { subnet_id = aws_subnet.public_subnet.id route_table_id = aws_route_table.public.id } resource "aws_route_table_association" "private_server" { subnet_id = aws_subnet.private_subnet_server.id route_table_id = aws_route_table.private.id } resource "aws_route_table_association" "private_db" { subnet_id = aws_subnet.private_subnet_db.id route_table_id = aws_route_table.private.id } resource "aws_security_group" "default" { name = "gitea-default-sg" description = "Default security group to allow inbound/outbound from the VPC" vpc_id = aws_vpc.main.id ingress { description = "SSH from VPC" from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] ipv6_cidr_blocks = ["::/0"] } ingress { description = "SSH from VPC" from_port = 2222 to_port = 2222 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] ipv6_cidr_blocks = ["::/0"] } ingress { description = "HTTP from VPC" from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] ipv6_cidr_blocks = ["::/0"] } ingress { description = "HTTP from VPC" from_port = 443 to_port = 443 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] ipv6_cidr_blocks = ["::/0"] } ingress { description = "HTTP from VPC" from_port = 3000 to_port = 3000 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] ipv6_cidr_blocks = ["::/0"] } ingress { description = "HTTP from VPC" from_port = 5432 to_port = 5432 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] ipv6_cidr_blocks = ["::/0"] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] ipv6_cidr_blocks = ["::/0"] } } data "aws_ami" "ubuntu" { most_recent = true filter { name = "name" values = ["ubuntu/images/hvm-ssd/ubuntu-*20*-amd64-server-*"] } filter { name = "virtualization-type" values = ["hvm"] } owners = ["099720109477"] # Canonical } data "template_file" "user_data_server" { template = file("server.yaml") vars = { private_ip = "${aws_instance.db.private_ip}:5432" } } data "template_file" "user_data_db" { template = file("db.yaml") vars = { fes_address = aws_efs_mount_target.alpha.dns_name } } resource "aws_instance" "server" { ami = data.aws_ami.ubuntu.id instance_type = "t2.micro" subnet_id = aws_subnet.private_subnet_server.id vpc_security_group_ids = [aws_security_group.default.id] user_data = data.template_file.user_data_server.rendered tags = { Name = "ec2-gitea-server" } } resource "aws_instance" "db" { ami = data.aws_ami.ubuntu.id instance_type = "t2.micro" subnet_id = aws_subnet.private_subnet_db.id vpc_security_group_ids = [aws_security_group.default.id] user_data = data.template_file.user_data_db.rendered tags = { Name = "ec2-gitea-db" } } resource "aws_lb" "lb" { name = "gitea-lb" internal = false load_balancer_type = "network" subnet_mapping { subnet_id = aws_subnet.public_subnet.id } } resource "aws_lb_listener" "main_80" { load_balancer_arn = aws_lb.lb.arn port = "80" protocol = "TCP" default_action { type = "forward" target_group_arn = aws_lb_target_group.main.arn } } resource "aws_lb_listener" "main_443" { load_balancer_arn = aws_lb.lb.arn port = "443" protocol = "TCP" default_action { type = "forward" target_group_arn = aws_lb_target_group.main.arn } } resource "aws_lb_listener" "main_22" { load_balancer_arn = aws_lb.lb.arn port = "22" protocol = "TCP" default_action { type = "forward" target_group_arn = aws_lb_target_group.main_ssh.arn } } resource "aws_lb_target_group" "main" { name = "tg" port = 80 protocol = "TCP" vpc_id = aws_vpc.main.id } resource "aws_lb_target_group" "main_ssh" { name = "tg-ssh" port = 22 protocol = "TCP" vpc_id = aws_vpc.main.id } resource "aws_lb_target_group_attachment" "tg_attch_ssh" { target_group_arn = aws_lb_target_group.main_ssh.arn target_id = aws_instance.server.id port = 2222 } resource "aws_lb_target_group_attachment" "tg_attch" { target_group_arn = aws_lb_target_group.main.arn target_id = aws_instance.server.id port = 3000 } resource "aws_efs_file_system" "file_system" { availability_zone_name = "eu-central-1a" tags = { Name = "gitea-efs" } } resource "aws_efs_mount_target" "alpha" { file_system_id = aws_efs_file_system.file_system.id subnet_id = aws_subnet.private_subnet_db.id security_groups = [aws_security_group.default.id] } output "lb_ip" { value = "http://${aws_lb.lb.dns_name}" }