Added Cloudflare resources (#5)

spietras · Feb 25, 2024 · d4eefcd · d4eefcd
1 parent cbd0c15
commit d4eefcd
Show file tree

Hide file tree

Showing 21 changed files with 977 additions and 13 deletions.
diff --git a/.github/workflows/apply.yaml b/.github/workflows/apply.yaml
@@ -35,6 +35,7 @@ jobs:
       name: main
     env:
       NIX_CACHE_DIR: /home/runner/.nixcache/
+      TERRAFORM_BACKEND_CONFIG: /home/runner/config.s3.tfbackend
       TERRAFORM_CACHE_DIR: /home/runner/.terraformcache/
     permissions:
       # Needed to checkout code
@@ -73,6 +74,32 @@ jobs:
           nix-store
           --import
           < ${{ env.NIX_CACHE_DIR }}/archive.nar
+      - name: Create backend configuration
+        run: |
+          cat <<EOF > ${{ env.TERRAFORM_BACKEND_CONFIG }}
+          access_key = "${{ secrets.TERRAFORM_BACKEND_ACCESS_KEY }}"
+          endpoints = {
+            s3 = "${{ secrets.TERRAFORM_BACKEND_ENDPOINT }}"
+          }
+          secret_key = "${{ secrets.TERRAFORM_BACKEND_SECRET_KEY }}"
+          EOF
+      - name: Initialize
+        env:
+          SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }}
+          TF_PLUGIN_CACHE_DIR: ${{ env.TERRAFORM_CACHE_DIR }}
+        # yamllint disable rule:line-length
+        run: >
+          nix
+          develop
+          ./#terraform
+          --command
+          --
+          task
+          init
+          --
+          -input=false
+          -backend-config=${{ env.TERRAFORM_BACKEND_CONFIG }}
+      # yamllint enable rule:line-length
       - name: Apply
         env:
           SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }}

diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml
@@ -29,6 +29,7 @@ jobs:
       name: main
     env:
       NIX_CACHE_DIR: /home/runner/.nixcache/
+      TERRAFORM_BACKEND_CONFIG: /home/runner/config.s3.tfbackend
       TERRAFORM_CACHE_DIR: /home/runner/.terraformcache/
     permissions:
       # Needed to checkout code
@@ -67,6 +68,32 @@ jobs:
           nix-store
           --import
           < ${{ env.NIX_CACHE_DIR }}/archive.nar
+      - name: Create backend configuration
+        run: |
+          cat <<EOF > ${{ env.TERRAFORM_BACKEND_CONFIG }}
+          access_key = "${{ secrets.TERRAFORM_BACKEND_ACCESS_KEY }}"
+          endpoints = {
+            s3 = "${{ secrets.TERRAFORM_BACKEND_ENDPOINT }}"
+          }
+          secret_key = "${{ secrets.TERRAFORM_BACKEND_SECRET_KEY }}"
+          EOF
+      - name: Initialize
+        env:
+          SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }}
+          TF_PLUGIN_CACHE_DIR: ${{ env.TERRAFORM_CACHE_DIR }}
+        # yamllint disable rule:line-length
+        run: >
+          nix
+          develop
+          ./#terraform
+          --command
+          --
+          task
+          init
+          --
+          -input=false
+          -backend-config=${{ env.TERRAFORM_BACKEND_CONFIG }}
+      # yamllint enable rule:line-length
       - name: Plan
         env:
           SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }}

diff --git a/.gitignore b/.gitignore
@@ -16,3 +16,6 @@
 # Terraform state
 *.tfstate
 *.tfstate.*
+
+# Terraform backend configuration
+*.tfbackend
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -1 +1,8 @@
-{}
+{
+  "[terraform]": {
+    "editor.tabSize": 2
+  },
+  "[terraform-vars]": {
+    "editor.tabSize": 2
+  }
+}
diff --git a/Taskfile.dist.yaml b/Taskfile.dist.yaml
@@ -137,21 +137,10 @@ tasks:
         -chdir=src/
         init
         {{ .CLI_ARGS }}
-  init-internal:
-    desc: Initialize Terraform quietly
-    internal: true
-    env:
-      TF_IN_AUTOMATION: "true"
-    cmds:
-      - task: init
-        vars:
-          CLI_ARGS: >
-            -input=false
   plan:
     desc: Create an execution plan
     interactive: true
     cmds:
-      - task: init-internal
       - >
         terraform
         -chdir=src/
@@ -161,7 +150,6 @@ tasks:
     desc: Apply changes
     interactive: true
     cmds:
-      - task: init-internal
       - >
         terraform
         -chdir=src/

diff --git a/src/.terraform.lock.hcl b/src/.terraform.lock.hcl
diff --git a/src/cloudflare/accounts.tf b/src/cloudflare/accounts.tf
@@ -0,0 +1,22 @@
+# Add main account
+resource "cloudflare_account" "main" {
+  # Name of the account
+  name = local.account.name
+}
+
+# Add me as a member to the account
+resource "cloudflare_account_member" "spietras" {
+  # Identifier of the account to add the member to
+  account_id = cloudflare_account.main.id
+
+  # Email address of the member
+  email_address = local.account.members.spietras.email
+
+  # Role IDs to assign to the member
+  role_ids = [
+    local.roles["Super Administrator - All Privileges"],
+  ]
+
+  # Member is accepted
+  status = "accepted"
+}
diff --git a/src/cloudflare/data.tf b/src/cloudflare/data.tf
@@ -0,0 +1,4 @@
+# Data source with account roles
+data "cloudflare_account_roles" "account_roles" {
+  account_id = cloudflare_account.main.id
+}