Skip to content

Commit

Permalink
terraform for frappe
Browse files Browse the repository at this point in the history
  • Loading branch information
@AmrikSD
AmrikSD committed Dec 12, 2024
1 parent 1023df6 commit fa83dba
Show file tree
Hide file tree
Showing 8 changed files with 152 additions and 8 deletions.
1 change: 1 addition & 0 deletions infra/gcp/00-providers.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,4 +19,5 @@ data "sops_file" "gcp-secret" {
provider "google" {
project = "milestone-medical"
credentials = data.sops_file.gcp-secret.data["google.credentials"]
zone = "us-central1-a"
}
96 changes: 91 additions & 5 deletions infra/gcp/01-project.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,26 +3,112 @@ resource "google_service_account" "frappe" {
display_name = "Custom SA for frappe Instance"
}

resource "google_compute_address" "frappe-static" {
name = "frappe-static"
}

resource "google_compute_instance" "frappe" {
name = "frappe"
machine_type = "e2-small"
zone = "us-central1"

tags = ["milestone-medical", "terraform"]
tags = ["https-server", "http-server", "milestone-medical", "terraform"]

boot_disk {
initialize_params {
image = "debian-cloud/debian-12"
}
}

// Local SSD disk
scratch_disk {
interface = "NVME"
metadata = {
ssh-keys = format("%s:%s", data.sops_file.gcp-secret.data["google.ssh.user"], data.sops_file.gcp-secret.data["google.ssh.public_key"])
startup-script = <<-EOT
#!/bin/bash
apt-get update
apt-get install -y \
apt-transport-https \
ca-certificates \
curl \
software-properties-common
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
apt-get update
apt-get install -y docker-ce docker-compose
systemctl enable --now /home/asbotehg/docker.service
systemctl enable --now /home/asbotehg/docker-compose.app.service
EOT
}



network_interface {
network = "default"
access_config {
nat_ip = google_compute_address.frappe-static.address
}
}

provisioner "file" {
source = "${path.module}/frappe/docker.service"
destination = "docker.service"
connection {
type = "ssh"
host = self.network_interface[0].access_config[0].nat_ip
user = data.sops_file.gcp-secret.data["google.ssh.user"]
private_key = data.sops_file.gcp-secret.data["google.ssh.private_key"]
timeout = "4m"
}
}

provisioner "file" {
source = "${path.module}/frappe/nginx.conf"
destination = "nginx.conf"
connection {
type = "ssh"
host = self.network_interface[0].access_config[0].nat_ip
user = data.sops_file.gcp-secret.data["google.ssh.user"]
private_key = data.sops_file.gcp-secret.data["google.ssh.private_key"]
timeout = "4m"
}
}

provisioner "file" {
source = "${path.module}/frappe/docker-compose.app.service"
destination = "docker-compose.app.service"
connection {
type = "ssh"
host = self.network_interface[0].access_config[0].nat_ip
user = data.sops_file.gcp-secret.data["google.ssh.user"]
private_key = data.sops_file.gcp-secret.data["google.ssh.private_key"]
timeout = "4m"
}
}

provisioner "file" {
source = "${path.module}/frappe/docker-compose.yaml"
destination = "docker-compose.yaml"
connection {
type = "ssh"
host = self.network_interface[0].access_config[0].nat_ip
user = data.sops_file.gcp-secret.data["google.ssh.user"]
private_key = data.sops_file.gcp-secret.data["google.ssh.private_key"]
timeout = "4m"
}
}

}

resource "google_compute_firewall" "default-ssh" {
name = "allow-ssh"
network = "default"
allow {
protocol = "tcp"
ports = ["22"]
}
source_ranges = [
"213.78.238.32/32"
]
}
13 changes: 13 additions & 0 deletions infra/gcp/frappe/docker-compose.app.service
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
[Unit]
Description=My Docker Compose Application
Requires=docker.service
After=docker.service

[Service]
WorkingDirectory=/home/asbotehg
ExecStart=/usr/bin/docker-compose up -d
Restart=on-failure # Restart only on errors, not clean exits
TimeoutStartSec=0

[Install]
WantedBy=multi-user.target
9 changes: 9 additions & 0 deletions infra/gcp/frappe/docker-compose.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
services:
webserver:
image: nginx:latest
ports:
- 80:80
- 443:443
restart: always
volumes:
- ./nginx.conf:/etc/nginx/conf.d/nginx.conf:ro
17 changes: 17 additions & 0 deletions infra/gcp/frappe/docker.service
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target

[Service]
Type=notify
ExecStart=/usr/bin/dockerd
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutStartSec=0
Restart=always
StartLimitBurst=3
StartLimitInterval=60s

[Install]
WantedBy=multi-user.target
15 changes: 15 additions & 0 deletions infra/gcp/frappe/nginx.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
server {
listen 80;
listen [::]:80;

server_name amrik.xyz www.amrik.xyz;
server_tokens off;

location /.well-known/acme-challenge/ {
root /var/www/certbot;
}

location / {
return 301 https://amrik.xyz$request_uri;
}
}
8 changes: 6 additions & 2 deletions infra/gcp/gcp.sops.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,10 @@
google:
project_id: ENC[AES256_GCM,data:wduDriJrbYei6oxWVha+6ng=,iv:ecTwYb+/Vju9G+nk8Oe5mwWSQp6cUrGALcQDCfnn8fE=,tag:uHHWw8b0eR0f6mG6qmbEYg==,type:str]
credentials: ENC[AES256_GCM,data:mK8U07p6scoFz1ri7vi7RFq6b8pUGXetny3kjK8PvGacf1uT/NjQegPuD6wO7c6UJp9dzKhwb9G/gn5G1qcMbMezyurBtRDPOAC9quI06uyKi8S0ivxJUosBDBup75Y7fcM1x95Wpqp0CONTaG2w60uKHsqvg8Hz5avqKOVq9GJB0BvSJl8bKtOoUc2FKSP0r+xzeO0YNB9BNaQTnEOWv+s+Es9lbzAytBuTjIlD5OyhKPZRi1arFHY9G7QRe/0d1wIOCh3q92EqZtsqIseKwZpRZ4iwA1DZewTmx9qgCjiFh8lsIK95w3khTon1epY30yePA/BEwOoT6RaSakEp8kyaU3rmY9X0KODuHE/MetOXjTnEVguvYd/13YIE6MK3QhkTOfTeoFNxJPbwoGl2iebdEubeMvRbMpNO7XunP3MNl+adbjfqluZ7kJqoUuSccoKZDgmmPl8b17tGkTa0qOMQVrtlHkVm6+PW7qhfgZOwGwNTs6m99TRfqMAlgjqQuNtRRiHVUfDnO9OiNQaXosV1+cAvV8+NjMG2bjZak6F1NwStWvNXQFr6GyJ3HJjUkDrXEimUELQ0RZA5EE8tgxnz+qQ0HyoeZOOz4l0CLxjuEdMhk49us3sVSeWYeIG0iaf9ARD02dH1aOvzN4DmZIiOHRQnToiomL0n7WyZfuiss8P1EZF7kVmh0AV2z6cefQRxy/tVqtbY0Hh7gRecllnc56pJGvTnVQW8sQszXaSpOXLnmjJNXcmrKBF/QEpAWmuF9jVMf3p4x8NOyUF58feDoizv6mYd1OxqPbqE8exrw41LK622n7mlThSnxeyUgWjnTSEcZqgflNeKuYgNxB4nk+f0yChoGjSA78zSPOqzg0L8G6Mee0+egJZkWSWXs+80tJeq+sz9qWUeNSBQTRYtf1qXoJqoXjpwy+ZBaQa0SmlDN1lNV3RWFLZc2jIMVXL0gGZ+IKihx1FSj0FCSBkklN/VComKS8Y8fv3M/GjG4jqASSKgp06kNIwtNjsiIIIuJae+VhsvW3p6Ku32tO7xOEeVvkNyL57QUhohxQZRTCV6Jpan1yYMYX2HYrXfy5h39ZiomOa6ol76gGi467DCKhHvQfELbKizyln3rkXyw/gw4Ncw0oefP5PMCkKBjSEoPCrvz5/5RCle8U1NOPhz+/XktzhNIlGyKDFnsUjna3P6kHe5/AuBVkvRfD20/Iiz10fUJrZvmP3ws9dGogSf2m8HwSEoKJ8NvmiaKEossClx1yqHyHkwh/NK4qwCqln+v8g7VKzAHEQ2EARm1x7UPUEGtX5R1Be9NxqmBhSmaDi2BInYxsZJYfsfzJKF0EugeW/Qr3mAB3MCU2wwi02jqPGwlsIP6SmxgiLf75kWJs2xANobnWOQ3yf1pbwnO1FeoJFHrpLk1RU+Ya+64JgHoEZeFSLNFQ6zb6s9mR7eExtPKU+znYhfNI3PQQjcZy3UdpF1klouiMF5C7QLDZmYPUoL4fJtUg8CWj7GaSy0bq2S+p/1G4YbdXgU1w3gK1to8IuF0LD+FcOUZ7B6Uaa+I8Qd0gWvan/MahfPiu4J/vlR5A9uFgIwV24ePcXmxIkZqBz1I9E0zw1o6LE+7MWpq59VK+tneHfmGZUtmwgVYPkAeb/xyvYFvF08LE95pWjYyGy2z5oRKO2O7FeqSIDj782ltEMesx5tTfhw9XmUvhAwdzRbzyHVUIcpCB2YeUu7na2m70hqOdHDYrUz8LLhMq6n/EwPoB7u7TAv69ygL2WXupN99qOTLcgnz5gSbdOtX2qhRUNXa7SPKdx84OETz6x4268ATsiLd4Dt1iQeqk8TCFme0mXVfmshOoKsCGYGJiwwcs2Rj2ef+BqOYl4qf/8dsdSTjZJ2TiDjOO4Gb0z88jHz53wTgcT+RdDl8wKKnxTkMdKYWaG7wxb2MJng+E013Hj59Yku++n8UQlH8GLNAVG0PQVTQjv4SzWi4PVPzhEtDwxiyIzu9t6Dg6JDRv9mOWMtX6SJtjMxf3dpm55zdm+CJTnyFnieta1aKdgsHdciOIMKJhVa3oHMmiz2F8VhHepcexkGYf2zJEGgjjWafx9Z2gAI3J1pr0ORe3iMRZoDBHCjdBFRfgdOjj7thrwE/pp8RX+YeG5Zpur7JVzy7i3cGqPcXT6xDgc20KHiJ+u7WOXRLvB7jcD93JGIGv1b1XJSjw4wmw2HH9AuOWJpFcGvuCxHNak86RI6nTXJjnhqd/sl1toVS6ZeXTLZDoAY9zCiAUxp70PA2UHNmYUl532b933eS80jUAZxO6g/otF3IQr0tPIObr8FZaPR8umqIO3PgU4DcVpEQP9vhxxvQ459L0jr/KekFsqFCKy8ExZIJPYjd4jc8ddRxHCIb2097IiecICYRXVCIvPkU6vsYq8GH2cpacDxzGbHZq6khKz2btl+JLynAIisY/BU4OKfzGJPF/qnmFzpBmheXVvCQEQf6d0i8xnrwzbzgWZCWMvUydh3KLAyF0KXE1zn0JiFxJ1pMlaouFtBAciyrNDtzfauqor7TVnpq/hJyWfxTxFRiKX4yWX7BXLZ8RY+sL7DIIpE0uXJgpsDVPUJOsLjJ0YWY8rLvXzBlWHWmReqX97ar5SWhTP24KDHYzl+Ds69ZbHTQ8PQemGNf+pS1HShE6tWIqCBQlk1lKZ9nmwMTvSQRVydw+xZnuviRjN9lBxXHNf1oGPViKwjWsfBcjW/KWEYqvgq3QICpmAMj9/ehLzml0crKo3Du+76wIonAgwYqYu+HlcDgyq0hxSLmJTrgm1BZ+IIF4QYNS+ShRL+d9sjRLeLpO9Hk/d0n+QJGg01Yuf3yjiWSou5KBAkiZhImfhKPCf451131m3N4KGkqwSi/FGGS0RSRwNRQsefXXEWTnE/T/iAu6y8YwXloYCObH8VSEN23xoxmnfsAdmOJY9uslSvcoPTLMEHQJeDEoFzhw7LSENJ/ebgoIjOpvJeS17Wbc670wQRH2FkV5vielp9oqZ097r8o6zgh5X47GCHTimhlZy+4QycbM+7aoRKjf4lAAz7syf8Xseej4tWzKVQkqDhrTIV2Na/dPKbFGE5XHY=,iv:y2TRKXC4kFIEEIkVg3w2pg9fVQRz5679cxIhqvLIh4c=,tag:KjccTKDWGr133TEB2aq6wg==,type:str]
ssh:
user: ENC[AES256_GCM,data:HBf+XMSAp/k=,iv:bi9y/nFLwOI+g4lEXyP8CakhZ7yYx4WOmtwAWaIocN0=,tag:VZNOVT/n3elCo661OGpicA==,type:str]
private_key: ENC[AES256_GCM,data:8As+OwYhGrgbw9hbULl2Y8kTp/ZgfI/ctJikq+0UK+bHZwGL2VDKaWHp+4LUKlTXiRSj9VSfmbbmFiGMWyIr6OR5VQHbo5qFhMyNrKClTjrkhlEEMiXN1w9bxJO3iduFsxgouMIEjYSUKw3AStYvx9UuOJwJZSom+rEj7l2YwDP3Tevvz/FtyncUKKuWtmrScJq0CfGOCKRtmwYszXyMHb46/w/oTc2yP9qCP02JEKwbdVlbkuW6+8EjVIUN6/DIV6/bi9zi1qeGoUPX+NaujxXr99EAnbLYDxVluKN+wCqASD67lliX+DUrr4RFF5y32F4oDTb1oE+Gaomlrx+3jBMPGcbiuL27IWlICNXJ6151VtNyCrhVWJws0l6ShCS0vTlRbU79fAQK4o2HOrwOrzt7H3RLS+g/XyZjrLgE6WFN1wiv5CYrfC9p7tAKcr58R/rpEIpeCcCwSXvBwruKv40jJU9L/dPma8HmIVNvqM2Yz2vsdEoK/3hT7ypDRiovV2rW,iv:OJBsHQ5am0rcIWKG2FKHt+IFsvnXS/ToLPPn+S4mVmc=,tag:7mR/XoIfagt6CrYi7fFR9g==,type:str]
public_key: ENC[AES256_GCM,data:o4yQ1pqTPe8cAMWjYECge9A3g+8Xk2+KL1NA6l2Vqx4DLP5Al2p2NNa/uQmsGo3IqHXsM6ytdTHdgBb/XML1pT1V6wSOVPBe5alx1lcozec=,iv:3dK0GB8uvPDmj+Ja+1inALhqA/4o71eZxrvhwLQ4zMo=,tag:tD2ldgT6bj20N27Kb44tOQ==,type:str]
sops:
kms: []
gcp_kms: []
Expand All @@ -16,8 +20,8 @@ sops:
M0RFak9kUE1mNTlVMEM4cFZSZHNqT2sKUZDxGrvUIiITyvCqK1/vQVPHgociBgOj
kLJAczj7Scgd20WvEeNebDUsiqj6SMxdqK/zU0pme1OE9ECeE1dUbA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-12T15:04:24Z"
mac: ENC[AES256_GCM,data:PjJ0bsLurkphlSlIYOMY6yKr9fDaKDLryeJPBzv0lbE6s7i52ts8wNE1G1XmRziL1HA2Ez1VejVwYnv3lAbCnEecGI5g4GaujdAFukS21OgwgYpPgdZpclBThoLsA6QhnAz1vFu0I1cPICgtzSo3hn/Vpax35lZIRnfP8o2xQ1Y=,iv:GKdBgtbxmh2nfcpzSHik/zfg2Q9soPqJlzguHqGdZj4=,tag:rd1hMH/+KiAg/XeHKoY8cg==,type:str]
lastmodified: "2024-12-12T19:38:32Z"
mac: ENC[AES256_GCM,data:n25cZqWq571SXM3FNJUDBICKhdYejE1oWj670IL1Xu1SZTMNjmHHxtEcjbvUMA8agBp5y+EHXxhw/99shcrtAYcwtuwRgfRvy97KzU/hfBFV8aZcEM/GtSSYCVCEZZxgypLe2a9izOGl9+2vGSmaq47hsJZT++cYBenR4KJVL4w=,iv:r0NVlGe9NxIQUX9A5B1FDgUJd+iPy0GPe0L/nkKETpQ=,tag:04R7RZCy9c7fZX3V4rOgKQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1
1 change: 0 additions & 1 deletion infra/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,4 +48,3 @@ module "truenas" {
}
]
}

0 comments on commit fa83dba

Please sign in to comment.