tusd/.infra/Freyfile.hcl

278 lines
7.7 KiB
HCL
Raw Normal View History

2016-09-15 10:49:15 +00:00
global {
appname = "tusd"
approot = "/srv/tusd"
ssh {
key_dir = "./ssh"
}
ansiblecfg {
privilege_escalation {
become = true
}
defaults {
host_key_checking = false
ansible_managed = "Ansible managed"
}
ssh_connection {
pipelining = true
2016-09-15 10:49:15 +00:00
}
}
}
infra provider aws {
access_key = "${var.FREY_AWS_ACCESS_KEY}"
region = "us-east-1"
secret_key = "${var.FREY_AWS_SECRET_KEY}"
}
infra variable {
amis {
type = "map"
default {
2016-09-28 18:59:31 +00:00
"us-east-1" = "ami-8fe79998"
2016-09-15 10:49:15 +00:00
}
}
region {
default = "us-east-1"
}
}
infra output {
public_address {
value = "${aws_instance.tusd.0.public_dns}"
}
public_addresses {
value = "${join("\n", aws_instance.tusd.*.public_dns)}"
}
endpoint {
value = "http://${aws_route53_record.www.name}:80/"
}
2016-09-28 18:59:31 +00:00
}
infra resource aws_key_pair "infra-tusd" {
key_name = "infra-tusd"
public_key = "${file("{{{config.global.ssh.publickey_file}}}")}"
2016-09-15 10:49:15 +00:00
}
2016-09-28 18:59:31 +00:00
infra resource aws_instance "tusd" {
ami = "${lookup(var.amis, var.region)}"
instance_type = "t2.micro"
key_name = "${aws_key_pair.infra-tusd.key_name}"
// vpc_security_group_ids = ["aws_security_group.fw-tusd.id"]
subnet_id = "subnet-1adf3953"
2016-09-15 10:49:15 +00:00
connection {
key_file = "{{{config.global.ssh.privatekey_file}}}"
user = "{{{config.global.ssh.user}}}"
}
tags {
"Name" = "${var.FREY_DOMAIN}"
}
2016-09-15 10:49:15 +00:00
}
2016-09-28 18:59:31 +00:00
infra resource aws_route53_record "www" {
name = "${var.FREY_DOMAIN}"
2016-09-15 10:49:15 +00:00
records = ["${aws_instance.tusd.public_dns}"]
ttl = "300"
type = "CNAME"
zone_id = "${var.FREY_AWS_ZONE_ID}"
}
2016-09-28 18:59:31 +00:00
infra resource aws_security_group "fw-tusd" {
2016-09-15 10:49:15 +00:00
description = "Infra tusd"
2016-09-28 18:59:31 +00:00
name = "fw-tusd"
vpc_id = "vpc-cea030a9"
2016-09-15 10:49:15 +00:00
ingress {
cidr_blocks = ["0.0.0.0/0"]
2016-09-28 18:59:31 +00:00
from_port = 8080
2016-09-15 10:49:15 +00:00
protocol = "tcp"
to_port = 8080
}
ingress {
cidr_blocks = ["0.0.0.0/0"]
2016-09-28 18:59:31 +00:00
from_port = 80
2016-09-15 10:49:15 +00:00
protocol = "tcp"
to_port = 80
}
ingress {
cidr_blocks = ["0.0.0.0/0"]
from_port = 443
2016-09-15 10:49:15 +00:00
protocol = "tcp"
to_port = 443
}
2016-09-15 10:49:15 +00:00
ingress {
cidr_blocks = ["0.0.0.0/0"]
2016-09-28 18:59:31 +00:00
from_port = 22
2016-09-15 10:49:15 +00:00
protocol = "tcp"
to_port = 22
}
2016-09-28 18:59:31 +00:00
// This is for outbound internet access
egress {
from_port = 0
protocol = "-1"
to_port = 0
2016-09-28 18:59:31 +00:00
cidr_blocks = [ "0.0.0.0/0" ]
}
2016-09-15 10:49:15 +00:00
}
install {
playbooks {
hosts = "tusd"
name = "Install tusd"
roles {
role = "{{{init.paths.roles_dir}}}/apt/1.3.0"
apt_install = ["apg", "build-essential", "curl", "git-core", "htop", "iotop", "libpcre3", "logtail", "mlocate", "mtr", "psmisc", "telnet", "vim", "wget"]
2016-09-15 10:49:15 +00:00
}
roles {
role = "{{{init.paths.roles_dir}}}/unattended-upgrades/1.3.0"
2016-09-15 10:49:15 +00:00
}
tasks {
lineinfile = "dest=/home/{{{config.global.ssh.user}}}/.bashrc line=\"alias wtf='sudo tail -f /var/log/*{log,err} /var/log/{dmesg,messages,*{,/*}{log,err}}'\" owner={{{config.global.ssh.user}}} group={{{config.global.ssh.user}}} mode=0644 backup=yes"
name = "Common | Add convenience shortcut wtf"
}
tasks {
lineinfile = "dest=/home/{{{config.global.ssh.user}}}/.bashrc line=\"cd {{{config.global.approot}}}/current || true\" owner={{{config.global.ssh.user}}} group={{{config.global.ssh.user}}} mode=0644 backup=yes"
name = "Common | Install login"
}
tasks {
name = "Common | Set motd"
copy = "content='Welcome to {{lookup('env', 'FREY_DOMAIN')}}' dest=/etc/motd owner=root group=root mode=0644 backup=yes"
2016-09-15 10:49:15 +00:00
}
tasks {
name = "Common | Set timezone variables"
copy = "content='Etc/UTC' dest=/etc/timezone owner=root group=root mode=0644 backup=yes"
notify = ["Common | Update timezone"]
}
tasks {
name = "Common | Disable UseDNS for SSHD"
lineinfile = "dest=/etc/ssh/sshd_config regexp=\"^UseDNS\" line=\"UseDNS no\" state=present"
notify = ["Common | Restart sshd"]
}
2016-09-15 10:49:15 +00:00
handlers {
name = "Common | Update timezone"
command = "dpkg-reconfigure --frontend noninteractive tzdata"
}
handlers {
name = "Common | Restart sshd"
service = "name=ssh state=restarted"
}
2016-09-15 10:49:15 +00:00
}
}
setup {
playbooks {
hosts = "tusd"
name = "Setup tusd"
roles {
role = "{{{init.paths.roles_dir}}}/upstart/1.0.0"
upstart_command = "./tusd -port=8080 -dir=/mnt/tusd-data -max-size=1000000000 -behind-proxy"
2016-09-15 10:49:15 +00:00
upstart_description = "tusd server"
upstart_name = "{{{config.global.appname}}}"
upstart_pidfile_path = "{{{config.global.approot}}}/shared/{{{config.global.appname}}}.pid"
upstart_respawn = true
upstart_respawn_limit = true
upstart_runtime_root = "{{{config.global.approot}}}/current/tusd_linux_amd64"
upstart_user = "www-data"
}
roles {
role = "{{{init.paths.roles_dir}}}/rsyslog/3.1.0"
2016-09-15 10:49:15 +00:00
rsyslog_rsyslog_d_files "49-tusd" {
directives = ["& stop"]
rules {
rule = ":programname, startswith, \"{{{config.global.appname}}}\""
logpath = "{{{config.global.approot}}}/shared/logs/{{{config.global.appname}}}.log"
}
}
}
roles {
role = "{{{init.paths.roles_dir}}}/fqdn/1.0.0"
fqdn = "{{lookup('env', 'FREY_DOMAIN')}}"
2016-09-15 10:49:15 +00:00
}
tasks {
file = "path=/mnt/tusd-data state=directory owner=www-data group=ubuntu mode=ug+rwX,o= recurse=yes"
2016-09-15 10:49:15 +00:00
name = "tusd | Create tusd data dir"
}
tasks {
name = "tusd | Create purger crontab (clean up >24h (1400minutes) files)"
cron {
name = "purger"
special_time = "hourly"
job = "find /mnt/tusd-data -type f -mmin +1440 -print0 | xargs -n 200 -r -0 rm || true"
}
}
2016-09-15 10:49:15 +00:00
}
playbooks {
hosts = "tusd"
name = "Setup nginx"
tasks {
name = "nginx | Add nginx PPA"
apt_repository = "repo='ppa:nginx/stable'"
}
2016-11-04 18:51:39 +00:00
tasks {
name = "nginx | Create public www directory"
file = "path=/mnt/nginx-www state=directory owner=www-data group=ubuntu mode=ug+rwX,o= recurse=yes"
}
}
2016-09-15 10:49:15 +00:00
}
deploy {
playbooks {
hosts = "tusd"
name = "Deploy tusd"
roles {
role = "{{{init.paths.roles_dir}}}/deploy/1.4.0"
ansistrano_deploy_from = "./files/tusd_linux_amd64.tar.gz"
ansistrano_deploy_to = "{{{config.global.approot}}}"
ansistrano_deploy_via = "copy_unarchive"
ansistrano_group = "ubuntu"
2016-09-15 10:49:15 +00:00
}
tasks {
file = "path=/srv/tusd/shared/logs state=directory owner=syslog group=ubuntu mode=ug+rwX,o= recurse=yes"
name = "tusd | Create and chown shared log dir"
2016-09-15 10:49:15 +00:00
}
tasks {
name = "tusd | Set file attributes"
file = "path={{{config.global.approot}}}/current/tusd_linux_amd64/tusd mode=0755 owner=www-data group=www-data"
}
}
playbooks {
hosts = "tusd"
name = "Deploy nginx"
roles {
role = "{{{init.paths.roles_dir}}}/apt/1.3.0"
apt_install = ["nginx-light"]
}
tasks {
name = "nginx | Create nginx configuration"
copy = "src=./files/nginx.conf dest=/etc/nginx/sites-enabled/default"
}
2016-11-09 20:44:24 +00:00
tasks {
name = "nginx | Create DH parameters"
command = "openssl dhparam -out /etc/nginx/dhparams.pem 2048 creates=/etc/nginx/dhparams.pem"
}
tasks {
name = "nginx | Start service"
service = "name=nginx state=started"
}
}
2016-09-15 10:49:15 +00:00
}
restart {
playbooks {
hosts = "tusd"
name = "Restart tusd"
tasks {
action = "service name=tusd state=restarted"
name = "tusd | Restart"
}
}
playbooks {
2016-11-09 20:44:24 +00:00
hosts = "tusd"
name = "Restart nginx"
tasks {
2016-11-11 22:24:12 +00:00
name = "nginx | Restart"
service = "name=nginx state=restarted"
}
}
2016-09-15 10:49:15 +00:00
}