masto-aio/terraform/main.tf



provider "aws" {
  region = local.aws_region
}

resource "random_pet" "name" {}

module "vpc" {
  source = "terraform-aws-modules/vpc/aws"

  name = "social-vpc"
  cidr = "10.42.0.0/16"

  azs = [ "${local.aws_region}a" ] # XXX probably a better way to pick AZs
  private_subnets = [ "10.42.0.0/20"  ]
  public_subnets  = [ "10.42.16.0/20" ]

  enable_nat_gateway = false # nat gateways cost money and who has any of that?
  enable_vpn_gateway = false
}

resource "aws_instance" "social" {
  ami                    = data.aws_ami.ubuntu.id
  instance_type          = local.instance_type
  subnet_id              = module.vpc.public_subnets.0
  key_name               = aws_key_pair.key.key_name
  iam_instance_profile   = aws_iam_instance_profile.ssm.name

  vpc_security_group_ids = [ module.sg.security_group_id ]

  user_data = <<EOF
#!/bin/bash
set -e
sudo snap install amazon-ssm-agent --classic
sudo apt-get -y --no-install-recommends install ansible
EOF

  tags = { Name = "social" }
  lifecycle {
    ignore_changes = [ ami ]
  }
}

resource "aws_eip" "social" {
  domain   = "vpc"
  instance = aws_instance.social.id
}

module "sg" {
  source = "terraform-aws-modules/security-group/aws"

  name        = "social"
  description = "social SG"
  vpc_id      = module.vpc.vpc_id

  egress_rules = [ "all-all" ]

  ingress_with_cidr_blocks = [
#    {
#      rule        = "http-80-tcp"
#      cidr_blocks = "0.0.0.0/0"
#    },
#    {
#    },
#    {
#    }
  ]
}

resource "aws_key_pair" "key" {
  key_name = "social"
  public_key = local.public_key
}

data "aws_ami" "ubuntu" {
    most_recent = true

    filter {
        name   = "name"
        values =  ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-arm64-server-*"]
    }

    filter {
        name   = "virtualization-type"
        values = ["hvm"]
    }

    owners = ["099720109477"] # Canonical
}
Initial commit. 2023-11-12 16:50:05 -08:00

			`provider "aws" {`
			`region = local.aws_region`
			`}`

First version that works, or at least gets all the way through ansible config 2024-01-18 18:14:17 -08:00			`resource "random_pet" "name" {}`
Initial commit. 2023-11-12 16:50:05 -08:00
			`module "vpc" {`
			`source = "terraform-aws-modules/vpc/aws"`

			`name = "social-vpc"`
			`cidr = "10.42.0.0/16"`

			`azs = [ "${local.aws_region}a" ] # XXX probably a better way to pick AZs`
			`private_subnets = [ "10.42.0.0/20" ]`
			`public_subnets = [ "10.42.16.0/20" ]`

			`enable_nat_gateway = false # nat gateways cost money and who has any of that?`
			`enable_vpn_gateway = false`
			`}`

			`resource "aws_instance" "social" {`
			`ami = data.aws_ami.ubuntu.id`
			`instance_type = local.instance_type`
			`subnet_id = module.vpc.public_subnets.0`
			`key_name = aws_key_pair.key.key_name`
			`iam_instance_profile = aws_iam_instance_profile.ssm.name`

			`vpc_security_group_ids = [ module.sg.security_group_id ]`

			`user_data = <<EOF`
			`#!/bin/bash`
			`set -e`
			`sudo snap install amazon-ssm-agent --classic`
			`sudo apt-get -y --no-install-recommends install ansible`
			`EOF`

			`tags = { Name = "social" }`
please stop murdering my server whenever a new ami comes out thanks 2024-01-19 17:33:17 -08:00			`lifecycle {`
			`ignore_changes = [ ami ]`
			`}`
Initial commit. 2023-11-12 16:50:05 -08:00			`}`

			`resource "aws_eip" "social" {`
			`domain = "vpc"`
			`instance = aws_instance.social.id`
			`}`

			`module "sg" {`
			`source = "terraform-aws-modules/security-group/aws"`

			`name = "social"`
			`description = "social SG"`
			`vpc_id = module.vpc.vpc_id`

			`egress_rules = [ "all-all" ]`

			`ingress_with_cidr_blocks = [`
			`# {`
			`# rule = "http-80-tcp"`
			`# cidr_blocks = "0.0.0.0/0"`
			`# },`
			`# {`
			`# },`
			`# {`
			`# }`
			`]`
			`}`

			`resource "aws_key_pair" "key" {`
			`key_name = "social"`
			`public_key = local.public_key`
			`}`

			`data "aws_ami" "ubuntu" {`
			`most_recent = true`

			`filter {`
			`name = "name"`
			`values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-arm64-server-*"]`
			`}`

			`filter {`
			`name = "virtualization-type"`
			`values = ["hvm"]`
			`}`

			`owners = ["099720109477"] # Canonical`
			`}`