From d3e58e6d58c45b13f4e8246e02be3a9e0534ccdc Mon Sep 17 00:00:00 2001 From: Niklas van Schrick Date: Fri, 12 Jul 2024 21:03:38 +0200 Subject: [PATCH] Setup state for administration server --- .github/workflows/ci.yml | 4 ++++ .gitignore | 2 +- .gitlab-ci.yml | 27 ++++++++++++++++++++++++ envs/server_administration/main.tf | 28 +++++++++++++++++++++++++ envs/server_administration/variables.tf | 19 +++++++++++++++++ 5 files changed, 79 insertions(+), 1 deletion(-) create mode 100644 envs/server_administration/main.tf create mode 100644 envs/server_administration/variables.tf diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2ff8331..6e2fa0e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -25,10 +25,14 @@ jobs: SHOW_JOB_LOGS: none env: GLPA_C0_GH_REF: ${{ github.ref }} + GLPA_C0_SSH_KNOWN_HOSTS: ${{ vars.SSH_KNOWN_HOSTS }} + GLPA_C0_PIPELINE_SSH_KEY: ${{ secrets.PIPELINE_SSH_KEY }} GLPA_TF_VAR_cloudflare_api_token: ${{ secrets.CLOUDFLARE_API_TOKEN }} GLPA_TF_VAR_cloudflare_account_id: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} GLPA_TF_VAR_gitlab_api_token: ${{ secrets.GL_API_TOKEN }} GLPA_TF_VAR_github_app_key: ${{ secrets.GH_TF_APP_KEY }} + GLPA_TF_VAR_server_administration_ip: ${{ secrets.SERVER_ADMINISTRATION_IP }} + GLPA_TF_VAR_server_administration_ssh_port: ${{ secrets.SERVER_ADMINISTRATION_SSH_PORT }} - name: Find existing comment uses: peter-evans/find-comment@v3 diff --git a/.gitignore b/.gitignore index 9d25218..1e24df7 100644 --- a/.gitignore +++ b/.gitignore @@ -130,4 +130,4 @@ terraform.rc .terraform.lock.hcl localTerraform.sh setLocalVariables.sh -*.pem +/private/ diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 24a14a0..a06e108 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -6,6 +6,15 @@ default: tags: - infra +.ssh: + before_script: + - IFS= + - mkdir ~/.ssh + - touch ~/.ssh/known_hosts + - echo $C0_SSH_KNOWN_HOSTS >> ~/.ssh/known_hosts + - eval `ssh-agent -s` + - echo "$C0_PIPELINE_SSH_KEY" | tr -d '\r' | ssh-add - + .tf: image: registry.gitlab.com/gitlab-org/terraform-images/stable:latest before_script: @@ -62,3 +71,21 @@ tf-apply:main: needs: - tf-plan:main variables: !reference ["tf-plan:main", variables] + +tf-plan:server_administration: + extends: + - .tf-plan + before_script: + - !reference [.ssh, before_script] + - !reference [.tf, before_script] + variables: + TF_STATE_NAME: server_administration + TF_ROOT: 'envs/server_administration' + +tf-apply:server_administration: + extends: + - .tf-apply + before_script: !reference [tf-plan:server_administration, before_script] + needs: + - tf-plan:server_administration + variables: !reference [tf-plan:server_administration, variables] diff --git a/envs/server_administration/main.tf b/envs/server_administration/main.tf new file mode 100644 index 0000000..73478df --- /dev/null +++ b/envs/server_administration/main.tf @@ -0,0 +1,28 @@ +terraform { + backend "http" {} + + required_providers { + cloudflare = { + source = "cloudflare/cloudflare" + version = "4.37.0" + } + docker = { + source = "kreuzwerker/docker" + version = "3.0.2" + } + } +} + +provider "cloudflare" { + api_token = var.cloudflare_api_token +} + +provider "docker" { + host = "ssh://pipeline@${var.server_administration_ip}:${var.server_administration_ssh_port}" + + cert_path = "" +} + +resource "docker_network" "test" { + name = "test" +} diff --git a/envs/server_administration/variables.tf b/envs/server_administration/variables.tf new file mode 100644 index 0000000..caeb4a1 --- /dev/null +++ b/envs/server_administration/variables.tf @@ -0,0 +1,19 @@ +variable "cloudflare_api_token" { + type = string + sensitive = true +} + +variable "cloudflare_account_id" { + type = string + sensitive = true +} + +variable "server_administration_ip" { + type = string + sensitive = true +} + +variable "server_administration_ssh_port" { + type = string + sensitive = true +}