Add security group open to current public IP. Fix problem with mariadb.
This commit is contained in:
parent
1077a5c160
commit
c035ce9b54
3 changed files with 55 additions and 18 deletions
48
nextcloud.tf
48
nextcloud.tf
|
|
@ -5,11 +5,6 @@ provider "aws" {
|
|||
|
||||
resource "random_pet" "name" {}
|
||||
|
||||
#resource "aws_s3_bucket" "bucket" {
|
||||
# bucket = "nextcloud-${random_pet.name.id}"
|
||||
# acl = "private"
|
||||
#}
|
||||
|
||||
# https://registry.terraform.io/modules/terraform-aws-modules/s3-bucket/aws/latest
|
||||
module "s3_bucket" {
|
||||
source = "terraform-aws-modules/s3-bucket/aws"
|
||||
|
|
@ -37,11 +32,6 @@ module "vpc" {
|
|||
|
||||
enable_nat_gateway = false
|
||||
enable_vpn_gateway = false
|
||||
|
||||
# tags = {
|
||||
# Terraform = "true"
|
||||
# Environment = "dev"
|
||||
# }
|
||||
}
|
||||
|
||||
resource "tls_private_key" "n" {
|
||||
|
|
@ -66,20 +56,42 @@ resource "aws_instance" "nextcloud" {
|
|||
key_name = aws_key_pair.n.key_name
|
||||
iam_instance_profile = aws_iam_instance_profile.nextcloud.name
|
||||
|
||||
# user_data = <<EOF
|
||||
##!/bin/bash
|
||||
#sudo snap install amazon-ssm-agent --classic
|
||||
#EOF
|
||||
# associate_public_ip_address = false
|
||||
|
||||
user_data = <<EOF
|
||||
#!/bin/bash
|
||||
sudo snap install amazon-ssm-agent --classic
|
||||
EOF
|
||||
|
||||
tags = {
|
||||
Name = "nextcloud"
|
||||
}
|
||||
}
|
||||
|
||||
#resource "aws_eip" "nextcloud" {
|
||||
# vpc = true
|
||||
# instance = aws_instance.nextcloud.id
|
||||
#}
|
||||
# get my public IP address. For now, it's the only thing that should be able to access.
|
||||
data "http" "myip" {
|
||||
url = "http://ipv4.icanhazip.com"
|
||||
}
|
||||
|
||||
module "nextcloud_sg" {
|
||||
source = "terraform-aws-modules/security-group/aws"
|
||||
|
||||
name = "nextcloud"
|
||||
description = "Nextcloud SG"
|
||||
vpc_id = module.vpc.vpc_id
|
||||
|
||||
ingress_with_cidr_blocks = [
|
||||
{
|
||||
rule = "http-80-tcp"
|
||||
cidr_blocks = "${chomp(data.http.myip.body)}/32"
|
||||
},
|
||||
]
|
||||
}
|
||||
|
||||
resource "aws_eip" "nextcloud" {
|
||||
vpc = true
|
||||
instance = aws_instance.nextcloud.id
|
||||
}
|
||||
|
||||
resource "aws_iam_instance_profile" "nextcloud" {
|
||||
name = "nextcloud"
|
||||
|
|
|
|||
|
|
@ -8,18 +8,21 @@ volumes:
|
|||
|
||||
services:
|
||||
db:
|
||||
container_name: nextcloud_db
|
||||
image: mariadb
|
||||
restart: always
|
||||
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
|
||||
volumes:
|
||||
- db:/var/lib/mysql
|
||||
environment:
|
||||
- MARIADB_ALLOW_EMPTY_ROOT_PASSWORD=true
|
||||
- MYSQL_ROOT_PASSWORD=
|
||||
- MYSQL_PASSWORD=
|
||||
- MYSQL_DATABASE=nextcloud
|
||||
- MYSQL_USER=nextcloud
|
||||
|
||||
app:
|
||||
container_name: nextcloud
|
||||
image: nextcloud
|
||||
restart: always
|
||||
ports:
|
||||
|
|
|
|||
|
|
@ -25,6 +25,28 @@
|
|||
with_items:
|
||||
- ubuntu
|
||||
|
||||
# ---
|
||||
|
||||
- name: nextcloud docker-compose
|
||||
copy:
|
||||
src: files/docker-compose.yaml
|
||||
dest: /srv/nextcloud/docker-compose.yaml
|
||||
register: dockercompose
|
||||
|
||||
- name: install nextcloud
|
||||
command: docker-compose up -d
|
||||
args:
|
||||
chdir: /srv/nextcloud
|
||||
|
||||
- name: install nextcloud
|
||||
command: docker-compose restart
|
||||
args:
|
||||
chdir: /srv/nextcloud
|
||||
when: dockercompose.changed
|
||||
|
||||
|
||||
# ---
|
||||
|
||||
- name: do some cleanup
|
||||
command: "{{item}}"
|
||||
with_items:
|
||||
|
|
|
|||
Loading…
Reference in a new issue