-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
128 lines (101 loc) · 2.73 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
terraform {
required_providers {
vault = {
source = "hashicorp/vault"
version = "~> 3.18.0"
}
nomad = {
source = "hashicorp/nomad"
version = "2.2.0"
}
doormat = {
source = "doormat.hashicorp.services/hashicorp-security/doormat"
version = "~> 0.0.6"
}
aws = {
source = "hashicorp/aws"
version = "~> 5.8.0"
}
}
}
provider "doormat" {}
data "doormat_aws_credentials" "creds" {
provider = doormat
role_arn = "arn:aws:iam::${var.aws_account_id}:role/tfc-doormat-role_hashistack-image-factory"
}
provider "aws" {
region = var.region
access_key = data.doormat_aws_credentials.creds.access_key
secret_key = data.doormat_aws_credentials.creds.secret_key
token = data.doormat_aws_credentials.creds.token
}
data "terraform_remote_state" "nomad_cluster" {
backend = "remote"
config = {
organization = var.tfc_organization
workspaces = {
name = "5_nomad-cluster"
}
}
}
data "terraform_remote_state" "network" {
backend = "remote"
config = {
organization = var.tfc_organization
workspaces = {
name = "1_networking"
}
}
}
provider "vault" {}
data "vault_kv_secret_v2" "bootstrap" {
mount = data.terraform_remote_state.nomad_cluster.outputs.bootstrap_kv
name = "nomad_bootstrap/SecretID"
}
provider "nomad" {
address = data.terraform_remote_state.nomad_cluster.outputs.nomad_public_endpoint
secret_id = data.vault_kv_secret_v2.bootstrap.data["SecretID"]
}
resource "aws_efs_file_system" "jenkins" {
creation_token = "jenkins"
encrypted = true
tags = {
Name = "Jenkins"
}
}
resource "aws_efs_mount_target" "jenkins" {
for_each = toset(data.terraform_remote_state.network.outputs.subnet_ids)
file_system_id = aws_efs_file_system.jenkins.id
subnet_id = each.value
security_groups = ["sg-08d973af47615a208"] // replace with your security group
}
data "nomad_plugin" "efs" {
plugin_id = "aws-efs0"
wait_for_healthy = true
}
resource "nomad_csi_volume_registration" "jenkins" {
depends_on = [data.nomad_plugin.efs, aws_efs_file_system.jenkins, aws_efs_mount_target.jenkins]
plugin_id = "aws-efs0"
volume_id = "jenkins_volume"
name = "jenkins_volume"
external_id = aws_efs_file_system.jenkins.id
capability {
access_mode = "multi-node-multi-writer"
attachment_mode = "file-system"
}
parameters = {
provisioningMode = "efs-ap"
directoryPerms = "755"
fileSystemId = aws_efs_file_system.jenkins.id
gid = "1000"
uid = "1000"
}
}
resource "nomad_job" "jenkins" {
jobspec = file("${path.module}/jenkins.hcl")
hcl2 {
vars = {
jenkins_efs = nomad_csi_volume_registration.jenkins.volume_id
}
}
}