diff --git a/terraform/backend.tf b/terraform/backend.tf index 07ed6bb..86bacd1 100644 --- a/terraform/backend.tf +++ b/terraform/backend.tf @@ -1,9 +1,9 @@ terraform { backend "s3" { - bucket = "prod-env" - key = "./terraform.tfstate" - region = "us-east-1" # e.g. us-east-1 ## Region must be hardcoded to an AWS allowed region in order for this resource block to work. - endpoint = "us-southeast-1.linodeobjects.com" # e.g. us-east-1.linodeobjects.com - skip_credentials_validation = true # Terraform will ask AWS about credential validation instead of Linode if this is enabled. + bucket = "prod-env" + key = "./terraform.tfstate" + region = "us-east-1" # e.g. us-east-1 ## Region must be hardcoded to an AWS allowed region in order for this resource block to work. + endpoint = "us-southeast-1.linodeobjects.com" # e.g. us-east-1.linodeobjects.com + skip_credentials_validation = true # Terraform will ask AWS about credential validation instead of Linode if this is enabled. } } \ No newline at end of file diff --git a/terraform/firewall.tf b/terraform/firewall.tf index 33c3b06..400759c 100644 --- a/terraform/firewall.tf +++ b/terraform/firewall.tf @@ -1,63 +1,63 @@ resource "linode_firewall_device" "site-firewall-vms" { - count = length(var.app_servers) - firewall_id = linode_firewall.site-firewall.id - entity_id = "${element(linode_instance.site-vm.*.id, count.index)}" + count = length(var.app_servers) + firewall_id = linode_firewall.site-firewall.id + entity_id = element(linode_instance.site-vm.*.id, count.index) } resource "linode_firewall" "site-firewall" { - label = "site-firewall" - tags = [ - "${var.site}-firewall" - ] - - inbound_policy = "DROP" - outbound_policy = "ACCEPT" - - inbound { - label = "inbound-http" - protocol = "TCP" - action = "ACCEPT" - ports = "80" - ipv4 = ["0.0.0.0/0"] - } - - outbound { - label = "outbound-http" - protocol = "TCP" - action = "ACCEPT" - ports = "80" - ipv4 = ["0.0.0.0/0"] - } - - inbound { - label = "inbound-https" - protocol = "TCP" - action = "ACCEPT" - ports = "443" - ipv4 = ["0.0.0.0/0"] - } - - outbound { - label = "outbound-https" - protocol = "TCP" - action = "ACCEPT" - ports = "443" - ipv4 = ["0.0.0.0/0"] - } - - inbound { - label = "inbound-ssh-22" - protocol = "TCP" - action = "ACCEPT" - ports = "22" - ipv4 = ["0.0.0.0/0"] - } - - inbound { - label = "inbound-ssh-8822" - protocol = "TCP" - action = "ACCEPT" - ports = "8822" - ipv4 = ["0.0.0.0/0"] - } + label = "site-firewall" + tags = [ + "${var.site}-firewall" + ] + + inbound_policy = "DROP" + outbound_policy = "ACCEPT" + + inbound { + label = "inbound-http" + protocol = "TCP" + action = "ACCEPT" + ports = "80" + ipv4 = ["0.0.0.0/0"] + } + + outbound { + label = "outbound-http" + protocol = "TCP" + action = "ACCEPT" + ports = "80" + ipv4 = ["0.0.0.0/0"] + } + + inbound { + label = "inbound-https" + protocol = "TCP" + action = "ACCEPT" + ports = "443" + ipv4 = ["0.0.0.0/0"] + } + + outbound { + label = "outbound-https" + protocol = "TCP" + action = "ACCEPT" + ports = "443" + ipv4 = ["0.0.0.0/0"] + } + + inbound { + label = "inbound-ssh-22" + protocol = "TCP" + action = "ACCEPT" + ports = "22" + ipv4 = ["0.0.0.0/0"] + } + + inbound { + label = "inbound-ssh-8822" + protocol = "TCP" + action = "ACCEPT" + ports = "8822" + ipv4 = ["0.0.0.0/0"] + } } diff --git a/terraform/node-balancer.tf b/terraform/node-balancer.tf index 29ea286..2832795 100644 --- a/terraform/node-balancer.tf +++ b/terraform/node-balancer.tf @@ -1,55 +1,55 @@ resource "linode_nodebalancer" "site-nodebalancer" { - label = "site-nodebalancer" - region = var.region - tags = [ - "${var.site}-nodebalancer" - ] + label = "site-nodebalancer" + region = var.region + tags = [ + "${var.site}-nodebalancer" + ] } resource "linode_nodebalancer_config" "site-nodebalancer-config-http" { - nodebalancer_id = linode_nodebalancer.site-nodebalancer.id - port = 80 - protocol = "tcp" - check = "connection" - check_path = "/" - check_attempts = 3 - check_timeout = 25 - check_interval = 30 - stickiness = "none" - algorithm = "leastconn" + nodebalancer_id = linode_nodebalancer.site-nodebalancer.id + port = 80 + protocol = "tcp" + check = "connection" + check_path = "/" + check_attempts = 3 + check_timeout = 25 + check_interval = 30 + stickiness = "none" + algorithm = "leastconn" } resource "linode_nodebalancer_config" "site-nodebalancer-config-https" { - nodebalancer_id = linode_nodebalancer.site-nodebalancer.id - port = 443 - protocol = "tcp" - check = "connection" - check_path = "/" - check_attempts = 3 - check_timeout = 25 - check_interval = 30 - stickiness = "none" - algorithm = "leastconn" + nodebalancer_id = linode_nodebalancer.site-nodebalancer.id + port = 443 + protocol = "tcp" + check = "connection" + check_path = "/" + check_attempts = 3 + check_timeout = 25 + check_interval = 30 + stickiness = "none" + algorithm = "leastconn" } resource "linode_nodebalancer_node" "site-nodebalancer-nodes-http" { - count = length(var.app_servers) - nodebalancer_id = linode_nodebalancer.site-nodebalancer.id - config_id = linode_nodebalancer_config.site-nodebalancer-config-http.id - label = "app${count.index}" - address = "${element(linode_instance.site-vm.*.private_ip_address, count.index)}:80" - mode = "accept" + count = length(var.app_servers) + nodebalancer_id = linode_nodebalancer.site-nodebalancer.id + config_id = linode_nodebalancer_config.site-nodebalancer-config-http.id + label = "app${count.index}" + address = "${element(linode_instance.site-vm.*.private_ip_address, count.index)}:80" + mode = "accept" } resource "linode_nodebalancer_node" "site-nodebalancer-nodes-https" { - count = length(var.app_servers) - nodebalancer_id = linode_nodebalancer.site-nodebalancer.id - config_id = linode_nodebalancer_config.site-nodebalancer-config-https.id - label = "app${count.index}" - address = "${element(linode_instance.site-vm.*.private_ip_address, count.index)}:443" - mode = "accept" + count = length(var.app_servers) + nodebalancer_id = linode_nodebalancer.site-nodebalancer.id + config_id = linode_nodebalancer_config.site-nodebalancer-config-https.id + label = "app${count.index}" + address = "${element(linode_instance.site-vm.*.private_ip_address, count.index)}:443" + mode = "accept" } output "nodebalancer_ip_address" { - value = linode_nodebalancer.site-nodebalancer.ipv4 + value = linode_nodebalancer.site-nodebalancer.ipv4 } \ No newline at end of file diff --git a/terraform/provider.tf b/terraform/provider.tf index e93a7e0..563e5cf 100644 --- a/terraform/provider.tf +++ b/terraform/provider.tf @@ -1,7 +1,7 @@ terraform { required_providers { linode = { - source = "linode/linode" + source = "linode/linode" version = "1.25.2" } } @@ -12,6 +12,6 @@ provider "linode" { } resource "linode_sshkey" "main_key" { - label = "ssh_key" + label = "ssh_key" ssh_key = chomp(file(var.ssh_key)) } \ No newline at end of file diff --git a/terraform/site-vm.tf b/terraform/site-vm.tf index 4abbd08..b2bfba3 100644 --- a/terraform/site-vm.tf +++ b/terraform/site-vm.tf @@ -1,18 +1,18 @@ resource "linode_instance" "site-vm" { - count = length(var.app_servers) - label = "${var.site}-app${count.index}" - tags = [ - "${var.site}-app${count.index}" - ] - region = var.region - private_ip = true - type = var.app_servers[count.index].type - image = var.app_servers[count.index].image - authorized_keys = [ - linode_sshkey.main_key.ssh_key - ] + count = length(var.app_servers) + label = "${var.site}-app${count.index}" + tags = [ + "${var.site}-app${count.index}" + ] + region = var.region + private_ip = true + type = var.app_servers[count.index].type + image = var.app_servers[count.index].image + authorized_keys = [ + linode_sshkey.main_key.ssh_key + ] } output "linode_instance_ip_address" { - value = linode_instance.site-vm.*.ipv4 + value = linode_instance.site-vm.*.ipv4 } \ No newline at end of file diff --git a/terraform/site.auto.tfvars b/terraform/site.auto.tfvars index cd0edfa..d92896e 100644 --- a/terraform/site.auto.tfvars +++ b/terraform/site.auto.tfvars @@ -1,18 +1,18 @@ -site = "example.com" -region = "us-southeast" +site = "example.com" +region = "us-southeast" environment = "production" app_servers = [ - { - type = "g6-nanode-1" - image = "linode/ubuntu20.04" - }, - { - type = "g6-nanode-1" - image = "linode/ubuntu20.04" - } + { + type = "g6-nanode-1" + image = "linode/ubuntu20.04" + }, + { + type = "g6-nanode-1" + image = "linode/ubuntu20.04" + } ] bastion_server = { - type = "g6-nanode-1" - image = "linode/ubuntu20.04" + type = "g6-nanode-1" + image = "linode/ubuntu20.04" } ssh_key = "~/.ssh/id_rsa.pub" \ No newline at end of file diff --git a/terraform/variables.tf b/terraform/variables.tf index 1b10b68..86987a7 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -1,39 +1,39 @@ variable "token" { - description = "API token of the Linode Account" - type = string + description = "API token of the Linode Account" + type = string } variable "site" { - description = "FQDN of the static site" - type = string + description = "FQDN of the static site" + type = string } variable "environment" { - description = "Environment of the infrastructure (staging/production/dev/etc..)" - type = string + description = "Environment of the infrastructure (staging/production/dev/etc..)" + type = string } variable "region" { - description = "Region to host the infrastructure" - type = string + description = "Region to host the infrastructure" + type = string } variable "root_pass" { - description = "The root password for the bastion instance." - default = "default-root-password" - type = string - sensitive = true + description = "The root password for the bastion instance." + default = "default-root-password" + type = string + sensitive = true } variable "ssh_key" { - description = "Filepath of id_rsa.pub for root access to VMs." + description = "Filepath of id_rsa.pub for root access to VMs." } variable "app_servers" { - description = "Details describing the vm instances for the app" - type = list + description = "Details describing the vm instances for the app" + type = list(any) } variable "bastion_server" { - description = "Details describing the bastion instance." - type = map + description = "Details describing the bastion instance." + type = map(any) } \ No newline at end of file