diff options
Diffstat (limited to 'corp/ops')
-rw-r--r-- | corp/ops/yandex/main.tf | 7 | ||||
-rw-r--r-- | corp/ops/yandex/rih.tf | 52 |
2 files changed, 52 insertions, 7 deletions
diff --git a/corp/ops/yandex/main.tf b/corp/ops/yandex/main.tf index 1b87e95115ca..cd8fa6e4cc67 100644 --- a/corp/ops/yandex/main.tf +++ b/corp/ops/yandex/main.tf @@ -55,13 +55,6 @@ resource "yandex_storage_bucket" "tf_state" { bucket = "su-tvl-terraform-state" } -resource "yandex_dns_zone" "russiaishiring_com" { - name = "russiaishiring-com" - zone = "russiaishiring.com." - public = true - folder_id = local.rih_folder_id -} - # Secret management configuration resource "yandex_kms_symmetric_key" "tvl_credentials_key" { diff --git a/corp/ops/yandex/rih.tf b/corp/ops/yandex/rih.tf new file mode 100644 index 000000000000..765c14461168 --- /dev/null +++ b/corp/ops/yandex/rih.tf @@ -0,0 +1,52 @@ +# Deployment configuration for russiaishiring.com +# +# The frontend of the page is served from a storage bucket, the +# backend runs in a container. + +resource "yandex_dns_zone" "russiaishiring_com" { + name = "russiaishiring-com" + zone = "russiaishiring.com." + public = true + folder_id = local.rih_folder_id +} + +resource "yandex_iam_service_account" "rih_storage_sa" { + name = "rih-storage-sa" + folder_id = local.rih_folder_id +} + +resource "yandex_resourcemanager_folder_iam_member" "rih_sa_storage_editor" { + folder_id = local.rih_folder_id + role = "storage.editor" + member = "serviceAccount:${yandex_iam_service_account.rih_storage_sa.id}" +} + +resource "yandex_iam_service_account_static_access_key" "rih_sa_static_key" { + service_account_id = yandex_iam_service_account.rih_storage_sa.id + description = "RIH bucket access key" +} + +resource "yandex_storage_bucket" "rih_storage_bucket" { + access_key = yandex_iam_service_account_static_access_key.rih_sa_static_key.access_key + secret_key = yandex_iam_service_account_static_access_key.rih_sa_static_key.secret_key + bucket = "russiaishiring.com" + folder_id = local.rih_folder_id +} + +resource "yandex_cm_certificate" "russiaishiring_com" { + folder_id = local.rih_folder_id + name = "russiaishiring-com" + domains = ["russiaishiring.com"] + + managed { + challenge_type = "DNS_CNAME" + } +} + +resource "yandex_dns_recordset" "acme_russiaishiring_com" { + zone_id = yandex_dns_zone.russiaishiring_com.id + name = yandex_cm_certificate.russiaishiring_com.challenges[0].dns_name + type = yandex_cm_certificate.russiaishiring_com.challenges[0].dns_type + data = [yandex_cm_certificate.russiaishiring_com.challenges[0].dns_value] + ttl = 60 +} |