+2 -1

.gitignore

reviewed

··· 1 1 - .terragrunt-cache/ 1 1 + .terraform* 2 2 + *.auto.tfvars

+9 -26

README.md

reviewed

··· 41 41 - A credit/debit card to register for the accounts. 42 42 - Basic knowledge on Terraform and Ansible (optional, but will help a lot) 43 43 44 44 - Create initial configurations, it will prompt you for the information. 44 44 + Configuration files: 45 45 46 46 - ```sh 47 47 - make prereqs 48 48 - ``` 46 46 + <details> <summary>Terraform Cloud (`~/.terraform.d/credentials.tfrc.json`)</summary> 49 47 50 50 - Continue reading to see what to fill in. 48 48 + - Create a Terraform account 49 49 + - Run `terraform login` and follow the instruction 51 50 52 52 - <details> <summary>Oracle Cloud</summary> 51 51 + </details> 52 52 + 53 53 + <details> <summary>Oracle Cloud (`~/.oci/config` and `~/.oci/private.pem`)</summary> 53 54 54 55 - Create an Oracle Cloud account 55 56 - Generate an API signing key: 56 57 - Profile menu (User menu icon) -> User Settings -> API Keys -> Add API Key 57 57 - - Select Generate API Key Pair, download the private key and click Add 58 58 - - Check the Configuration File Preview for the values 59 59 - 60 60 - </details> 61 61 - 62 62 - <details> <summary>Google Cloud</summary> 63 63 - 64 64 - No resource on GCP yet 65 65 - 66 66 - </details> 67 67 - 68 68 - <details> <summary>AWS</summary> 69 69 - 70 70 - No resource on AWS yet 71 71 - 72 72 - </details> 73 73 - 74 74 - <details> <summary>Azure</summary> 75 75 - 76 76 - No resource on Azure yet 58 58 + - Select Generate API Key Pair, download the private key to `~/.oci/private.pem` and click Add 59 59 + - Copy the Configuration File Preview to `~/.oci/config` and change `key_file` to `~/.oci/private.pem` 77 60 78 61 </details> 79 62

+6 -3

infra/Makefile

reviewed

··· 1 1 - default: apply 1 1 + default: init apply 2 2 + 3 3 + init: 4 4 + terraform init 2 5 3 6 plan: 4 4 - terragrunt run-all plan 7 7 + terraform plan 5 8 6 9 apply: 7 7 - terragrunt run-all apply 10 10 + terraform apply

-3

infra/config.hcl

reviewed

··· 1 1 - # remote_state { 2 2 - # backend = "s3" 3 3 - # }

-10

infra/mail-server/terragrunt.hcl

reviewed

··· 1 1 - include { 2 2 - path = find_in_parent_folders("config.hcl") 3 3 - } 4 4 - 5 5 - terraform { 6 6 - source = "../modules//vm" 7 7 - } 8 8 - 9 9 - inputs = { 10 10 - }

+3

infra/main.tf

reviewed

··· 1 1 + module "virtual_machine" { 2 2 + source = "./modules/virtual-machine" 3 3 + }

infra/modules/README.md

reviewed

This is a binary file and will not be displayed.

+17

infra/modules/virtual-machine/cloud-init.yaml

reviewed

··· 1 1 + #cloud-config 2 2 + 3 3 + package_update: true 4 4 + 5 5 + packages: 6 6 + - apt-transport-https 7 7 + - ca-certificates 8 8 + - curl 9 9 + - gnupg 10 10 + - lsb-release 11 11 + 12 12 + runcmd: 13 13 + - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg 14 14 + - echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null 15 15 + - apt-get update 16 16 + - apt-get install -y docker-ce docker-ce-cli containerd.io python3-docker 17 17 + - systemctl enable --now docker

+122

infra/modules/virtual-machine/main.tf

reviewed

··· 1 1 + resource "tls_private_key" "ssh" { 2 2 + algorithm = "ECDSA" 3 3 + ecdsa_curve = "P256" 4 4 + } 5 5 + 6 6 + resource "local_file" "ssh_private_key" { 7 7 + content = tls_private_key.ssh.private_key_pem 8 8 + filename = "${path.module}/private.pem" 9 9 + file_permission = "0600" 10 10 + } 11 11 + 12 12 + resource "oci_core_instance" "instance" { 13 13 + availability_domain = "gHLA:US-SANJOSE-1-AD-1" # TODO 14 14 + compartment_id = var.compartment_id 15 15 + shape = var.instance_shape 16 16 + 17 17 + instance_options { 18 18 + are_legacy_imds_endpoints_disabled = true 19 19 + } 20 20 + 21 21 + create_vnic_details { 22 22 + assign_public_ip = "true" 23 23 + subnet_id = oci_core_subnet.subnet.id 24 24 + } 25 25 + 26 26 + source_details { 27 27 + source_type = "image" 28 28 + source_id = var.instance_image_id 29 29 + } 30 30 + 31 31 + metadata = { 32 32 + ssh_authorized_keys = tls_private_key.ssh.public_key_openssh 33 33 + user_data = filebase64("${path.module}/cloud-init.yaml") 34 34 + } 35 35 + } 36 36 + 37 37 + resource "oci_core_vcn" "vcn" { 38 38 + cidr_block = var.vcn_cidr_blocks[0] # TODO deprecated, use cidr_blocks instead 39 39 + compartment_id = var.compartment_id 40 40 + } 41 41 + 42 42 + resource "oci_core_security_list" "security_list" { 43 43 + compartment_id = var.compartment_id 44 44 + vcn_id = oci_core_vcn.vcn.id 45 45 + 46 46 + ingress_security_rules { 47 47 + description = "Wireguard" 48 48 + protocol = "17" # UDP 49 49 + source = "0.0.0.0/0" 50 50 + stateless = false 51 51 + 52 52 + udp_options { 53 53 + source_port_range { 54 54 + min = 1 55 55 + max = 65535 56 56 + } 57 57 + 58 58 + min = 51820 59 59 + max = 51820 60 60 + } 61 61 + } 62 62 + 63 63 + ingress_security_rules { 64 64 + description = "HTTP" 65 65 + protocol = "6" # TCP 66 66 + source = "0.0.0.0/0" 67 67 + stateless = false 68 68 + 69 69 + tcp_options { 70 70 + source_port_range { 71 71 + min = 1 72 72 + max = 65535 73 73 + } 74 74 + 75 75 + min = 80 76 76 + max = 80 77 77 + } 78 78 + } 79 79 + 80 80 + ingress_security_rules { 81 81 + description = "HTTPS" 82 82 + protocol = "6" # TCP 83 83 + source = "0.0.0.0/0" 84 84 + stateless = false 85 85 + 86 86 + tcp_options { 87 87 + source_port_range { 88 88 + min = 1 89 89 + max = 65535 90 90 + } 91 91 + 92 92 + min = 443 93 93 + max = 443 94 94 + } 95 95 + } 96 96 + } 97 97 + 98 98 + resource "oci_core_subnet" "subnet" { 99 99 + cidr_block = var.subnet_cidr_block 100 100 + compartment_id = var.compartment_id 101 101 + route_table_id = oci_core_vcn.vcn.default_route_table_id 102 102 + vcn_id = oci_core_vcn.vcn.id 103 103 + 104 104 + security_list_ids = [ 105 105 + oci_core_vcn.vcn.default_security_list_id, 106 106 + oci_core_security_list.security_list.id 107 107 + ] 108 108 + } 109 109 + 110 110 + resource "oci_core_internet_gateway" "internet_gateway" { 111 111 + compartment_id = var.compartment_id 112 112 + vcn_id = oci_core_vcn.vcn.id 113 113 + } 114 114 + 115 115 + resource "oci_core_default_route_table" "default_route_table" { 116 116 + route_rules { 117 117 + destination = "0.0.0.0/0" 118 118 + destination_type = "CIDR_BLOCK" 119 119 + network_entity_id = oci_core_internet_gateway.internet_gateway.id 120 120 + } 121 121 + manage_default_resource_id = oci_core_vcn.vcn.default_route_table_id 122 122 + }

+8

infra/modules/virtual-machine/terraform.tf

reviewed

··· 1 1 + terraform { 2 2 + required_providers { 3 3 + oci = { 4 4 + source = "hashicorp/oci" 5 5 + version = "4.43.0" 6 6 + } 7 7 + } 8 8 + }

+21

infra/modules/virtual-machine/variables.tf

reviewed

··· 1 1 + variable "instance_shape" { 2 2 + default = "VM.Standard.E2.1.Micro" 3 3 + } 4 4 + 5 5 + variable "compartment_id" { 6 6 + default = "ocid1.compartment.oc1..aaaaaaaasvkl7yw6gj2pytybimo6ax7fg2jq7m4t5aueig3xrnfxwo7xwulq" 7 7 + } 8 8 + 9 9 + variable "instance_image_id" { 10 10 + default = "ocid1.image.oc1.us-sanjose-1.aaaaaaaan4g4q527bljtyczck6xrsutbzps6h7mut2xcfhnbzw66sbbsvwoq" 11 11 + } 12 12 + 13 13 + variable "vcn_cidr_blocks" { 14 14 + default = [ 15 15 + "10.0.0.0/16" 16 16 + ] 17 17 + } 18 18 + 19 19 + variable "subnet_cidr_block" { 20 20 + default = "10.0.0.0/24" 21 21 + }

infra/modules/vm/main.tf

reviewed

This is a binary file and will not be displayed.

infra/modules/vm/terraform.tf

reviewed

This is a binary file and will not be displayed.

infra/modules/vm/variables.tf infra/variables.tf

reviewed

+9

infra/terraform.tf

reviewed

··· 1 1 + terraform { 2 2 + backend "remote" { 3 3 + organization = "khuedoan" 4 4 + 5 5 + workspaces { 6 6 + name = "freecloud" 7 7 + } 8 8 + } 9 9 + }