Skip to content
/ castopod-setup Public

Managed by Terraform: castopod-setup

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

wasoeki/castopod-setup

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
compose
compose
 
 
github/terraform
github/terraform
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
secrets-manager
secrets-manager
 
 

Repository files navigation

Castopod

export ORG_NAME=$(hostname) #$(pwgen 4 1)
export STACK_NAME=castopod
export DOMAIN="${STACK_NAME}.${ORG_NAME}"

echo "mkcd(){ mkdir -p \$1 && cd \$1; };" >> ~/.bashrc
source ~/.bashrc

mkcd "~/srv/${ORG_NAME}/${STACK_NAME}"
git clone https://github.com/wasoeki/castopod-setup.git git

# Ask a collegue to get the correct passfile inside your /tmp directory and then decrypt the secrets in the repo
cd git
cp /tmp/.castopod-setup.secrets.pass . 
secrets-manager -d

# Launch containers
cd compose
podman compose up --detach reverse-proxy app web-server db redis

Prerequisites

(Optionnal) Terraform

  • terraform
# Enter root session
sudo -i

# Enter your sudo password
cat > /etc/apt/apt.conf.d/99proxy <<ENDMSG
Acquire::http::proxy::apt.releases.hashicorp.com "$HTTP_PROXY";
Acquire::https::proxy::apt.releases.hashicorp.com "$HTTPS_PROXY";
ENDMSG

# Exit the root session
exit

# Add keyring
wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg

# Add repo
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list

# Install terraform
sudo apt update && sudo apt install terraform

Secrets Manager

Add it to your PATH

# No root privilege necessary

mkdir -p "$HOME/.local/bin"
if [ -d "$HOME/.local/bin" ] && ! $(echo "$PATH" | grep -oEq "$HOME/.local/bin") ; then
    echo "export PATH='\$HOME/.local/bin:\$PATH';" >> ~/.bashrc
    source ~/.bashrc
fi
install secrets-manager "$HOME/.local/bin/"

# or

# With root privilege

# export PATH=$PATH:$PWD:/usr/local/bin
# sudo install secrets-manager /usr/local/bin/

Github Credentials

Add your creds in env vars to ease management

cat >> ~/.bashrc <<ENDMSG
export GITHUB_USER=me
export GITHUB_TOKEN=ghp_XXXXXXXXXXXXXXXXXXX
ENDMSG
source ~/.bashrc

Creating repository

Just make sure to put all secrets inside a secrets directory and then execute the following commands

# You must be at the root of the git repo

rootpath=$(pwd)

# Encrypt the secrets
secrets-manager -e

Using terraform to create the remote Github Project repository

# You must go to github/terraform/ in the git repo

cd github/terraform
terraform init
terraform apply

Creating local git and push to remote

# You must be at the root of the git repo

cd ${rootpath:-$(pwd)}
rm -rf .git
git init -b dev
git remote add origin https://$GITHUB_USER:$GITHUB_TOKEN@github.com/wasoeki/castopod-setup.git
secrets-manager -e
git add .
git add **\.enc -f
git commit -m "init"
git branch --set-upstream-to=origin/dev dev
git pull --rebase
git push --set-upstream origin dev

Decrypting repository

# You must be at the root of the git repo
# Ask a collegue to get the correct passfile inside your /tmp directory
cp /tmp/.castopod-setup.secrets.pass .

# Decrypt the secrets
secrets-manager -d

About

Managed by Terraform: castopod-setup

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages