From 24d9d299ca8aad01511083003de91e32f33b25dd Mon Sep 17 00:00:00 2001
From: mitchell <mitchelljfsimon@gmail.com>
Date: Mon, 17 Feb 2020 00:49:04 -0500
Subject: [PATCH] Add terraform configuration;

Modify docker-stack to configure secrets and volumes itself
---
 .gitignore                |  4 ++
 services/docker-stack.yml | 11 +++--
 terraform/main.tf         | 92 +++++++++++++++++++++++++++++++++++++++
 3 files changed, 103 insertions(+), 4 deletions(-)
 create mode 100644 terraform/main.tf

diff --git a/.gitignore b/.gitignore
index 0e76e24..1c8c8f3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,7 @@ data
 *.enc
 vendor
 .vscode
+*.tfstate
+*.tfstate.backup
+*.tfvars
+.terraform/
diff --git a/services/docker-stack.yml b/services/docker-stack.yml
index 7ea6911..02ecc8d 100644
--- a/services/docker-stack.yml
+++ b/services/docker-stack.yml
@@ -18,12 +18,15 @@ services:
 
 secrets:
   ca:
-    external: true
+    file: ./certs/ca.pem
   cert:
-    external: true
+    file: ./certs/server.pem
   key:
-    external: true
+    file: ./certs/server-key.pem
 
 volumes:
   data:
-    external: true
+    driver: local
+    driver_opts:
+      type: "ext4"
+      device: "/dev/sdb1"
diff --git a/terraform/main.tf b/terraform/main.tf
new file mode 100644
index 0000000..a6b28b5
--- /dev/null
+++ b/terraform/main.tf
@@ -0,0 +1,92 @@
+# vim:foldmethod=indent
+
+provider "google" {
+  version = "3.8.0"
+  project = var.project_id
+  region  = "us-east4"
+  zone    = "us-east4-b"
+}
+
+variable "ssh_keys" {
+  type        = string
+  description = "The ssh username and key in the format `username:ssh-key`."
+}
+
+variable "project_id" {
+  type        = string
+  description = "The name of the google cloud project you're deploying to."
+}
+
+variable "deletion_protection" {
+  type        = bool
+  description = "Whether to apply deletion protection to the selfpass-instance."
+  default     = true
+}
+
+output "selfpass_static_ip" {
+  value       = google_compute_address.selfpass.address
+  description = "The public static IP address used by the selfpass-instance."
+}
+
+data "google_compute_image" "debian_image" {
+  family  = "debian-10"
+  project = "debian-cloud"
+}
+
+resource "google_compute_address" "selfpass" {
+  name = "selfpass-address"
+}
+
+resource "google_compute_disk" "selfpass_data" {
+  name                      = "seflpass-data"
+  type                      = "pd-ssd"
+  snapshot                  = "selfpass-data-us-east4-c-20200215205733-qkksrkqr"
+  physical_block_size_bytes = 4096
+}
+
+resource "google_compute_instance" "selfpass" {
+  name                = "selfpass-instance"
+  machine_type        = "f1-micro"
+  deletion_protection = var.deletion_protection
+
+  boot_disk {
+    initialize_params {
+      image = data.google_compute_image.debian_image.self_link
+    }
+  }
+
+  attached_disk {
+    source = google_compute_disk.selfpass_data.self_link
+  }
+
+  network_interface {
+    network = "default"
+    access_config {
+      nat_ip = google_compute_address.selfpass.address
+    }
+  }
+
+  metadata = {
+    ssh-keys = var.ssh_keys
+  }
+}
+
+resource "google_compute_firewall" "grpc_server" {
+  name    = "grpc-server"
+  network = "default"
+
+  allow {
+    protocol = "tcp"
+    ports    = ["8080"]
+  }
+}
+
+resource "google_compute_firewall" "docker_machine" {
+  name    = "docker-machine"
+  network = "default"
+
+  allow {
+    protocol = "tcp"
+    ports    = ["2376"]
+  }
+}