diff options
| author | Vincent Ambo <mail@tazj.in> | 2023-04-21T16·25+0300 |
|---|---|---|
| committer | tazjin <tazjin@tvl.su> | 2023-04-24T10·56+0000 |
| commit | c7392b3c6b99bffb06965c81c7bf273371ce813e (patch) | |
| tree | 98374bc74f4cebe09fcd4ad0901d015ea0ab596a /corp/ops/main.tf | |
| parent | 111e1d38e5ac177bcf4defe70aee1e853206bc6d (diff) | |
chore(corp/ops): move terraform config into subfolder r/6110
Change-Id: Iad5ad8d9a48c300faf2e4be7003879656817b518 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8495 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
Diffstat (limited to 'corp/ops/main.tf')
| -rw-r--r-- | corp/ops/main.tf | 77 |
1 files changed, 0 insertions, 77 deletions
diff --git a/corp/ops/main.tf b/corp/ops/main.tf deleted file mode 100644 index 1b87e95115ca..000000000000 --- a/corp/ops/main.tf +++ /dev/null @@ -1,77 +0,0 @@ -# Terraform configuration for TVL corp infrastructure (on Yandex -# Cloud). - -terraform { - required_providers { - yandex = { - source = "yandex-cloud/yandex" - } - } - - # Credentials need to be sourced from creds.fish - backend "s3" { - endpoint = "storage.yandexcloud.net" - bucket = "su-tvl-terraform-state" - region = "ru-central1" - key = "corp/ops/terraform.tfstate" - - skip_region_validation = true - skip_credentials_validation = true - } -} - -provider "yandex" { - zone = "ru-central1-b" -} - -locals { - tvl_cloud_id = "b1ggu5m1btue982app12" - tvl_folder_id = "b1gmbeqt9o5kbl7rclln" - rih_cloud_id = "b1glccvcqggi2ruibgvt" - rih_folder_id = "b1gsavcrsjn059d1sbh9" -} - -# Storage state bucket configuration - -resource "yandex_iam_service_account" "tf_state_sa" { - folder_id = local.tvl_folder_id - name = "terraform-state" -} - -resource "yandex_resourcemanager_folder_iam_member" "tf_state_sa_storage" { - folder_id = local.tvl_folder_id - role = "storage.editor" - member = "serviceAccount:${yandex_iam_service_account.tf_state_sa.id}" -} - -resource "yandex_iam_service_account_static_access_key" "tf_state_sa_key" { - service_account_id = yandex_iam_service_account.tf_state_sa.id - description = "Static access key for Terraform state" -} - -resource "yandex_storage_bucket" "tf_state" { - access_key = yandex_iam_service_account_static_access_key.tf_state_sa_key.access_key - secret_key = yandex_iam_service_account_static_access_key.tf_state_sa_key.secret_key - bucket = "su-tvl-terraform-state" -} - -resource "yandex_dns_zone" "russiaishiring_com" { - name = "russiaishiring-com" - zone = "russiaishiring.com." - public = true - folder_id = local.rih_folder_id -} - -# Secret management configuration - -resource "yandex_kms_symmetric_key" "tvl_credentials_key" { - name = "tvl-credentials" - folder_id = local.tvl_folder_id - default_algorithm = "AES_256" - rotation_period = "2160h" # 90 days -} - -resource "yandex_kms_secret_ciphertext" "tf_state_key" { - key_id = yandex_kms_symmetric_key.tvl_credentials_key.id - plaintext = yandex_iam_service_account_static_access_key.tf_state_sa_key.secret_key -} |