Skip to content

Commit

Permalink
#1 Initial commit of IPFS terraform
Browse files Browse the repository at this point in the history
  • Loading branch information
natebolam committed Jul 9, 2022
1 parent 35f17bc commit 88d765b
Show file tree
Hide file tree
Showing 31 changed files with 742 additions and 3 deletions.
6 changes: 4 additions & 2 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,7 @@
# Output of the go coverage tool, specifically when used with LiteIDE
*.out

# Dependency directories (remove the comment below to include it)
# vendor/
# Terraform secrets and provider files
/terraform/**/*.terraform
/terraform/**/*.env
/terraform/**/*.tfvars
3 changes: 3 additions & 0 deletions .vscode/settings.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
{
"files.eol": "\n",
}
3 changes: 2 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
# gitblox
# GitBlox

Git IPFS Storage
1 change: 1 addition & 0 deletions assets/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
# GitBlox Assets
Binary file added assets/logos/GitBloxLogoHorizontal.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/logos/GitBloxLogoIcon.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/logos/GitBloxLogoVertical.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
1 change: 1 addition & 0 deletions docs/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
# GitBlox Documentation
1 change: 1 addition & 0 deletions terraform/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
.terraform
22 changes: 22 additions & 0 deletions terraform/.terraform.lock.hcl

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions terraform/.terraform/environment
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
develop
52 changes: 52 additions & 0 deletions terraform/.terraform/terraform.tfstate
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
{
"version": 3,
"serial": 1,
"lineage": "53b7c779-871b-621a-cee5-e3004c8d9292",
"backend": {
"type": "s3",
"config": {
"access_key": null,
"acl": null,
"assume_role_duration_seconds": null,
"assume_role_policy": null,
"assume_role_policy_arns": null,
"assume_role_tags": null,
"assume_role_transitive_tag_keys": null,
"bucket": "terraform-ca-state",
"dynamodb_endpoint": null,
"dynamodb_table": null,
"encrypt": true,
"endpoint": null,
"external_id": null,
"force_path_style": null,
"iam_endpoint": null,
"key": "terraform.tfstate",
"kms_key_id": null,
"max_retries": null,
"profile": null,
"region": "us-east-1",
"role_arn": null,
"secret_key": null,
"session_name": null,
"shared_credentials_file": null,
"skip_credentials_validation": null,
"skip_metadata_api_check": null,
"skip_region_validation": null,
"sse_customer_key": null,
"sts_endpoint": null,
"token": null,
"workspace_key_prefix": "gitblox"
},
"hash": 30241332
},
"modules": [
{
"path": [
"root"
],
"outputs": {},
"resources": {},
"depends_on": []
}
]
}
1 change: 1 addition & 0 deletions terraform/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
# GitBlox
1 change: 1 addition & 0 deletions terraform/config/ipfs-node/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
*.env
14 changes: 14 additions & 0 deletions terraform/connect.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
#!/bin/bash

source ./utilities/rainbow.sh

USERNAME=`sed -e 's/^"//' -e 's/"$//' <<<$(terraform output prefix)`

if [[ "${2}" != "" ]]; then
terraform output ${1}-ip | sed ':a;N;$!ba;s/,\n]/]/g' | jq -r ".[${2}]"
ssh -o "StrictHostKeyChecking no" $USERNAME@$(terraform output ${1}-ip | sed ':a;N;$!ba;s/,\n]/]/g' | jq -r ".[${2}]")
elif [[ ! -z "${1}" ]]; then
ssh -o "StrictHostKeyChecking no" $USERNAME@$(terraform output ${1}-ip)
else
echored "Missing ssh target instance!"
fi
99 changes: 99 additions & 0 deletions terraform/iam.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
resource "aws_iam_role" "role" {
name = "${var.prefix}-${terraform.workspace}"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF

tags = {
Name = "${var.prefix}-${terraform.workspace}"
environment = terraform.workspace
group = var.prefix
}
}

resource "aws_iam_instance_profile" "profile" {
name = "${var.prefix}-${terraform.workspace}"
role = aws_iam_role.role.name
}

resource "aws_iam_role_policy" "policy" {
name = "${var.prefix}-${terraform.workspace}"
role = aws_iam_role.role.id
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*",
"ssm:DescribeAssociation",
"ssm:GetDeployablePatchSnapshotForInstance",
"ssm:GetDocument",
"ssm:DescribeDocument",
"ssm:GetManifest",
"ssm:GetParameters",
"ssm:ListAssociations",
"ssm:ListInstanceAssociations",
"ssm:PutInventory",
"ssm:PutComplianceItems",
"ssm:PutConfigurePackageResult",
"ssm:UpdateAssociationStatus",
"ssm:UpdateInstanceAssociationStatus",
"ssm:UpdateInstanceInformation",
"ssmmessages:CreateControlChannel",
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenControlChannel",
"ssmmessages:OpenDataChannel",
"ec2:DetachVolume",
"ec2:AttachVolume",
"ec2:CopySnapshot",
"ec2:DeleteSnapshot",
"ec2:DescribeInstances",
"ec2:DeleteTags",
"ec2:DescribeTags",
"ec2:DescribeSnapshotAttribute",
"ec2:CreateTags",
"ec2:ResetSnapshotAttribute",
"ec2:ImportSnapshot",
"ec2:DescribeSnapshots",
"ec2:DescribeVolumeAttribute",
"ec2:DescribeImportSnapshotTasks",
"ec2:DescribeVolumeStatus",
"ec2:ModifySnapshotAttribute",
"ec2:DescribeVolumes",
"ec2:CreateSnapshot"
],
"Resource": "*"
},
{
"Effect":"Allow",
"Action":[
"ses:SendEmail",
"ses:SendRawEmail"
],
"Resource":"*",
"Condition":{
"ForAllValues:StringLike":{
"ses:Recipients":[
"*@${var.root_domain}"
]
}
}
}
]
}
EOF
}
35 changes: 35 additions & 0 deletions terraform/ipfs-node-cloud-init.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
#cloud-config

package_update: true
package_upgrade: true
users:
- name: ${prefix}
sudo: ["ALL=(ALL) NOPASSWD:ALL"]
groups: sudo, docker
shell: /bin/bash
ssh_authorized_keys:
- "${ssh_key_1}"
- "${ssh_key_2}"
packages:
- fail2ban
- jq
- prometheus-node-exporter
- python3-pip
preserve_hostname: false
fqdn: ${fqdn}
hostname: ${fqdn}
write_files:
- path: /etc/environment
content: |
IPFS_PATH="${ipfs_path}"
NODE_NUMBER=${ipfs_node_number}
REGION="${region}"
WORKSPACE="${workspace}"
append: true
runcmd:
- pip3 install awscli
- sed -i -e '/^Port/s/^.*$/Port ${ssh_port}/' /etc/ssh/sshd_config
- sed -i -e '/^PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
- sed -i -e '$aAllowUsers ${prefix}' /etc/ssh/sshd_config
- echo '* soft nofile 512000' >> /etc/security/limits.conf
- echo '* hard nofile 512000' >> /etc/security/limits.conf
73 changes: 73 additions & 0 deletions terraform/ipfs-node-ec2.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@


resource "aws_instance" "ipfs_node" {
ami = data.aws_ami.ubuntu.id
count = var.ipfs_node_count[terraform.workspace]
iam_instance_profile = aws_iam_instance_profile.profile.name
instance_type = var.ipfs_node_instance_types[terraform.workspace]
key_name = aws_key_pair.auth.id
subnet_id = aws_subnet.public.0.id
vpc_security_group_ids = [aws_security_group.ipfs_node.id]
timeouts {
create = "30m"
delete = "10m"
}
user_data = templatefile("${abspath(path.root)}/ipfs-node-cloud-init.yml", {
fqdn = "${var.prefix}-ipfs-node-${terraform.workspace}-${count.index + 1}.${var.root_domain}"
prefix = var.prefix
ssh_port = var.ssh_port
ssh_key_1 = var.ssh_key_1
ssh_key_2 = var.ssh_key_2
ipfs_node_number = "${count.index + 1}"
ipfs_path = var.ipfs_path
region = var.workspace_regions[terraform.workspace]
workspace = terraform.workspace
})
connection {
type = "ssh"
user = var.prefix
port = var.ssh_port
host = self.public_ip
private_key = file(var.private_key_path)
agent = false
}
root_block_device {
volume_size = var.ipfs_node_root_volume_size
}
ebs_block_device {
device_name = "/dev/sdf"
snapshot_id = length(data.aws_ebs_snapshot_ids.ipfs_data.ids) > 0 ? data.aws_ebs_snapshot_ids.ipfs_data.ids[0] : null
volume_size = var.ipfs_node_data_volume_size
volume_type = "gp2"
}
tags = {
Name = "${var.prefix}-ipfs-node-${terraform.workspace}-${count.index + 1}"
environment = terraform.workspace
group = var.prefix
type = "ipfs-node"
}
volume_tags = {
Name = "${var.prefix}-ipfs-node-${terraform.workspace}-${count.index + 1}"
environment = terraform.workspace
group = var.prefix
type = "ipfs-node"
}
provisioner "file" {
source = "./ipfs-node"
destination = "/home/${var.prefix}/"
}
provisioner "file" {
source = "./config/ipfs-node/${terraform.workspace}.env"
destination = "/home/${var.prefix}/ipfs-node/.env"
}
provisioner "file" {
source = "./utilities"
destination = "/home/${var.prefix}/utilities"
}
provisioner "remote-exec" {
inline = ["cloud-init status --wait",
"find ~ -name '*.sh' | xargs chmod +x",
"/home/${var.prefix}/ipfs-node/init.sh"
]
}
}
56 changes: 56 additions & 0 deletions terraform/ipfs-node-elb.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
resource "aws_security_group" "ipfs_node_elb" {
name = "${var.prefix}-ipfs-node-elb-${terraform.workspace}"
description = "${var.prefix} ipfs-node ELB ${terraform.workspace}"
vpc_id = aws_vpc.main.id

ingress {
description = "https"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
description = "outbound internet access"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}

resource "aws_elb" "ipfs" {
name = "${var.prefix}-ipfs-${terraform.workspace}-${count.index + 1}"
count = var.ipfs_node_count[terraform.workspace]
subnets = aws_subnet.public.*.id
security_groups = [aws_security_group.ipfs_node_elb.id]
instances = [aws_instance.ipfs_node[count.index].id]

listener {
instance_port = 8080
instance_protocol = "http"
lb_port = 443
lb_protocol = "https"
ssl_certificate_id = data.aws_acm_certificate.cert.arn
}

health_check {
healthy_threshold = 2
unhealthy_threshold = 2
timeout = 3
target = "HTTP:8080/"
interval = 30
}

cross_zone_load_balancing = true
idle_timeout = 400
connection_draining = true
connection_draining_timeout = 400

tags = {
Name = "${var.prefix}-${terraform.workspace}-${count.index + 1}"
environment = terraform.workspace
group = var.prefix
type = "ipfs"
}
}
Loading

0 comments on commit 88d765b

Please sign in to comment.