e5069332e5
Infrastructure components: - VPC with single public subnet (10.0.0.0/16) - Security group (SSH/HTTP/HTTPS from anywhere) - EC2 instance (t3.medium, Ubuntu 24.04, 30GB encrypted gp3) - S3 bucket for backups (versioned, encrypted) - IAM role with S3FullAccess for EC2 - Route 53 DNS (gitea.poll-streams.com → EC2) - Ed25519 SSH key generation via Terraform
59 lines
1.3 KiB
HCL
59 lines
1.3 KiB
HCL
# SSH Key Pair
|
|
resource "tls_private_key" "ec2_key" {
|
|
algorithm = "ED25519"
|
|
}
|
|
|
|
resource "aws_key_pair" "ec2_key" {
|
|
key_name = "${var.project_name}-key"
|
|
public_key = tls_private_key.ec2_key.public_key_openssh
|
|
|
|
tags = {
|
|
Name = "${var.project_name}-key"
|
|
}
|
|
}
|
|
|
|
resource "local_file" "private_key" {
|
|
content = tls_private_key.ec2_key.private_key_openssh
|
|
filename = "${path.module}/../ssh-keys/${var.project_name}-key.pem"
|
|
file_permission = "0600"
|
|
}
|
|
|
|
# EC2 Instance
|
|
data "aws_ami" "ubuntu" {
|
|
most_recent = true
|
|
owners = ["099720109477"] # Canonical
|
|
|
|
filter {
|
|
name = "name"
|
|
values = ["ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-server-*"]
|
|
}
|
|
|
|
filter {
|
|
name = "virtualization-type"
|
|
values = ["hvm"]
|
|
}
|
|
}
|
|
|
|
resource "aws_instance" "gitea" {
|
|
ami = data.aws_ami.ubuntu.id
|
|
instance_type = "t3.medium"
|
|
subnet_id = module.vpc.public_subnets[0]
|
|
key_name = aws_key_pair.ec2_key.key_name
|
|
|
|
vpc_security_group_ids = [module.security_group.id]
|
|
iam_instance_profile = aws_iam_instance_profile.ec2_profile.name
|
|
|
|
associate_public_ip_address = true
|
|
|
|
root_block_device {
|
|
volume_size = 30
|
|
volume_type = "gp3"
|
|
delete_on_termination = true
|
|
encrypted = true
|
|
}
|
|
|
|
tags = {
|
|
Name = "${var.project_name}-gitea"
|
|
}
|
|
}
|