andrejus/dotfiles
1
1
Fork 0
Code Issues Activity

feat: publish script and cleanup

Browse Source
This commit is contained in:
Andrejus
2021-05-02 21:53:29 +01:00
parent fb50593834
commit 1f569c7e09
22 changed files with 144 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

120
terraform/module/main.tf
View File

@@ -1,36 +1,112 @@
# Static bucket
locals {
fqdn = "${var.domain}."
}
# =================================================================
# Public bucket for static content
# =================================================================
resource "google_project_service" "storage" {
service = "storage.googleapis.com"
}
resource "google_storage_bucket" "bucket" {
provider = google-beta
name = var.domain
depends_on = [google_project_service.storage]
project = var.project
location = var.gcs_location
}
name = var.domain
location = "EU"
storage_class = "MULTI_REGIONAL"
resource "google_storage_default_object_access_control" "bucket_public" {
bucket = google_storage_bucket.bucket.name
role = "READER"
entity = "allUsers"
}
versioning {
enabled = var.enable_versioning
# =================================================================
# Expose bucket via HTTPS using Cloud CDN
#
# Adapted from
# https://medium.com/cognite/configuring-google-cloud-cdn-with-terraform-ab65bb0456a9
# =================================================================
resource "google_project_service" "compute" {
service = "compute.googleapis.com"
}
resource "google_compute_backend_bucket" "backend" {
name = "${var.prefix}-backend"
depends_on = [google_project_service.compute]
bucket_name = google_storage_bucket.bucket.name
description = "Bucket backend for serving static content through CDN"
enable_cdn = true
}
resource "google_compute_url_map" "urlmap" {
name = "${var.prefix}-urlmap"
description = "URL map to bucket backend service"
default_service = google_compute_backend_bucket.backend.self_link
}
resource "google_compute_managed_ssl_certificate" "certificate" {
name = "${var.prefix}-certificate"
depends_on = [google_project_service.compute]
managed {
domains = [local.fqdn]
}
}
# Allow public read
resource "google_storage_default_object_acl" "bucket_acl" {
provider = google-beta
bucket = google_storage_bucket.bucket.name
role_entity = ["READER:allUsers"]
resource "google_compute_target_https_proxy" "https" {
name = "${var.prefix}-https-proxy"
url_map = google_compute_url_map.urlmap.self_link
ssl_certificates = [google_compute_managed_ssl_certificate.certificate.self_link]
}
# DNS entry
resource "google_dns_record_set" "cname" {
provider = google-beta
resource "google_compute_global_address" "ipv4" {
name = "${var.prefix}-ipv4"
depends_on = [google_project_service.compute]
depends_on = [google_storage_bucket.bucket]
ip_version = "IPV4"
address_type = "EXTERNAL"
}
project = var.project
resource "google_compute_global_address" "ipv6" {
name = "${var.prefix}-ipv6"
depends_on = [google_project_service.compute]
name = "${var.domain}."
ip_version = "IPV6"
address_type = "EXTERNAL"
}
resource "google_compute_global_forwarding_rule" "fwd_ipv4" {
name = "${var.prefix}-fwd-ipv4"
target = google_compute_target_https_proxy.https.self_link
ip_address = google_compute_global_address.ipv4.address
port_range = "443"
}
resource "google_compute_global_forwarding_rule" "fwd_ipv6" {
name = "${var.prefix}-fwd-ipv6"
target = google_compute_target_https_proxy.https.self_link
ip_address = google_compute_global_address.ipv6.address
port_range = "443"
}
resource "google_dns_record_set" "dns_a_record" {
name = local.fqdn
managed_zone = var.dns_zone
type = "CNAME"
ttl = 300
rrdatas = ["c.storage.googleapis.com."]
type = "A"
ttl = var.dns_ttl
rrdatas = [google_compute_global_address.ipv4.address]
}
resource "google_dns_record_set" "dns_aaaa_record" {
name = local.fqdn
managed_zone = var.dns_zone
type = "AAAA"
ttl = var.dns_ttl
rrdatas = [google_compute_global_address.ipv6.address]
}