blockstream-satellite-api/terraform/main.tf

terraform {
  required_version = "> 0.11.0"

  backend "gcs" {
    bucket = "terraform-bs-source"
    prefix = "satellite-api"
  }
}

provider "google" {
  project = var.project
}

provider "google-beta" {
  project = var.project
}

module "blc-mainnet" {
  source = "./modules/blc"

  project               = var.project
  name                  = "satellite-api"
  network               = "default"
  lightning_docker      = var.lightning_docker
  charge_docker         = var.charge_docker
  ionosphere_docker     = var.ionosphere_docker
  ionosphere_sse_docker = var.ionosphere_sse_docker
  node_exporter_docker  = var.node_exporter_docker
  postgres_docker       = var.postgres_docker
  autossh_docker        = var.autossh_docker
  certbot_docker        = var.certbot_docker
  net                   = "mainnet"
  env                   = local.env
  lb_svc_acct           = module.lb.lb_svc_acct
  ssh_key_net           = ""
  lightning_cmd         = "lightningd --mainnet --conf=/root/.lightning/bitcoin/lightning.conf"

  create_resources = local.create_mainnet

  # CI vars
  region            = var.region
  zone              = var.zone
  instance_type     = var.instance_type[1]
  timeout           = var.timeout
  prom_service_acct = var.prom_service_acct
  opsgenie_key      = var.opsgenie_key
  rpcpass           = var.rpcpass
  pguser            = var.pguser
  pgpass            = var.pgpass
  charge_token      = var.charge_token
  k8s_autossh_lb    = var.k8s_autossh_lb
  private_bucket    = var.private_bucket
}

module "blc-testnet" {
  source = "./modules/blc"

  project               = var.project
  name                  = "satellite-api"
  network               = "default"
  lightning_docker      = var.lightning_docker
  charge_docker         = var.charge_docker
  ionosphere_docker     = var.ionosphere_docker
  ionosphere_sse_docker = var.ionosphere_sse_docker
  node_exporter_docker  = var.node_exporter_docker
  postgres_docker       = var.postgres_docker
  autossh_docker        = var.autossh_docker
  certbot_docker        = var.certbot_docker
  net                   = "testnet"
  env                   = local.env
  lb_svc_acct           = "${length(data.terraform_remote_state.blc-mainnet.outputs) > 1 ? data.terraform_remote_state.blc-mainnet.outputs.lb_svc_acct : ""}"
  ssh_key_net           = "_testnet"
  lightning_cmd         = "lightningd --testnet --conf=/root/.lightning/testnet/lightning.conf"

  create_resources = local.create_testnet

  # CI vars
  region            = var.region
  zone              = var.zone
  instance_type     = var.instance_type[1]
  timeout           = var.timeout
  prom_service_acct = var.prom_service_acct
  opsgenie_key      = var.opsgenie_key
  rpcpass           = var.rpcpass
  pguser            = var.pguser
  pgpass            = var.pgpass
  charge_token      = var.charge_token
  k8s_autossh_lb    = var.k8s_autossh_lb
  private_bucket    = var.private_bucket
}

module "lb" {
  source = "./modules/lb"

  project              = var.project
  name                 = "satellite-api-lb"
  network              = "default"
  certbot_docker       = var.certbot_docker
  node_exporter_docker = var.node_exporter_docker
  env                  = local.env
  internal_ip_mainnet  = module.blc-mainnet.internal_ip
  internal_ip_testnet  = data.terraform_remote_state.blc-testnet.outputs.blc_internal_ip_testnet
  target_pool          = "${length(google_compute_target_pool.lb-pool) > 0 ? google_compute_target_pool.lb-pool[0].self_link : ""}"
  health_check         = "${length(google_compute_http_health_check.lb-health) > 0 ? google_compute_http_health_check.lb-health[0].self_link : ""}"

  create_resources = local.create_mainnet

  # CI vars
  region            = var.region
  zone              = var.zone
  instance_type     = var.instance_type[0]
  host              = var.host
  timeout           = var.timeout
  prom_service_acct = var.prom_service_acct
  letsencrypt_email = var.letsencrypt_email
  public_bucket_url = var.public_bucket_url
}

module "tor" {
  source = "./modules/tor"

  project              = var.project
  network              = "default"
  name                 = "satapi-tor"
  gcloud_docker        = var.gcloud_docker
  tor_docker           = var.tor_docker
  node_exporter_docker = var.node_exporter_docker
  kms_key              = element(concat(google_kms_crypto_key.tor-crypto-key.*.name, [""]), 0)
  kms_key_ring         = element(concat(google_kms_key_ring.tor-key-ring.*.name, [""]), 0)
  kms_key_link = element(
    concat(google_kms_crypto_key.tor-crypto-key.*.self_link, [""]),
    0,
  )
  tor_lb = element(
    concat(google_compute_global_address.tor-lb.*.address, [""]),
    0,
  )

  create_resources = local.create_misc

  # CI vars
  region            = var.region
  zone              = var.zone
  instance_type     = var.instance_type[0]
  onion_host        = var.onion_host
  prom_service_acct = var.prom_service_acct
}

module "prometheus" {
  source = "./modules/prometheus"

  project              = var.project
  network              = "default"
  name                 = "satapi-prometheus"
  prom_docker          = var.prom_docker
  node_exporter_docker = var.node_exporter_docker

  create_resources = local.create_misc

  # CI vars
  region                 = var.region
  zone                   = var.zone
  instance_type          = var.instance_type[1]
  prom_allowed_source_ip = var.prom_allowed_source_ip
  opsgenie_key           = var.opsgenie_key
  prom_service_acct      = var.prom_service_acct
}

module "dns" {
  source = "./modules/dns"

  project = var.project

  create_resources = local.create_misc

  # CI vars
  satellite_lb             = var.satellite_lb
  satellite_api_lb         = var.satellite_api_lb
  satellite_api_lb_staging = var.satellite_api_lb_staging
}
initial commit 2019-01-16 10:22:44 -08:00			`terraform {`
			`required_version = "> 0.11.0"`

			`backend "gcs" {`
tf .12 2019-05-31 07:23:30 -07:00			`bucket = "terraform-bs-source"`
			`prefix = "satellite-api"`
initial commit 2019-01-16 10:22:44 -08:00			`}`
			`}`

			`provider "google" {`
terraform: LN node dir structure; literal values vs quotes 2020-01-02 10:58:11 -08:00			`project = var.project`
initial commit 2019-01-16 10:22:44 -08:00			`}`

update to google-beta and tor docker image 2019-02-13 14:36:26 -08:00			`provider "google-beta" {`
terraform: LN node dir structure; literal values vs quotes 2020-01-02 10:58:11 -08:00			`project = var.project`
update to google-beta and tor docker image 2019-02-13 14:36:26 -08:00			`}`

add mainnet 2019-03-07 12:29:43 -08:00			`module "blc-mainnet" {`
tf .12 2019-05-31 07:23:30 -07:00			`source = "./modules/blc"`
add mainnet 2019-03-07 12:29:43 -08:00
tf .12 2019-05-31 07:23:30 -07:00			`project = var.project`
add mainnet 2019-03-07 12:29:43 -08:00			`name = "satellite-api"`
			`network = "default"`
tf .12 2019-05-31 07:23:30 -07:00			`lightning_docker = var.lightning_docker`
			`charge_docker = var.charge_docker`
			`ionosphere_docker = var.ionosphere_docker`
			`ionosphere_sse_docker = var.ionosphere_sse_docker`
			`node_exporter_docker = var.node_exporter_docker`
add postgres 2019-07-29 16:40:27 -07:00			`postgres_docker = var.postgres_docker`
add autossh.service tunnel to on-prem k8s 2019-08-06 16:47:59 -07:00			`autossh_docker = var.autossh_docker`
			`certbot_docker = var.certbot_docker`
add mainnet 2019-03-07 12:29:43 -08:00			`net = "mainnet"`
tf .12 2019-05-31 07:23:30 -07:00			`env = local.env`
add nginx proxy as LB 2019-06-13 09:01:23 -07:00			`lb_svc_acct = module.lb.lb_svc_acct`
don't read in tor cloud_init + fix cert_bucket uri 2019-08-12 17:55:52 -07:00			`ssh_key_net = ""`
fixup lightning command + charge lightning dir 2020-01-03 05:57:51 -08:00			`lightning_cmd = "lightningd --mainnet --conf=/root/.lightning/bitcoin/lightning.conf"`
add mainnet 2019-03-07 12:29:43 -08:00
tf .12 2019-05-31 07:23:30 -07:00			`create_resources = local.create_mainnet`
add mainnet 2019-03-07 12:29:43 -08:00
			`# CI vars`
tf .12 2019-05-31 07:23:30 -07:00			`region = var.region`
			`zone = var.zone`
update instance_types + don't always refresh different modules 2019-09-03 15:20:15 -07:00			`instance_type = var.instance_type[1]`
tf .12 2019-05-31 07:23:30 -07:00			`timeout = var.timeout`
			`prom_service_acct = var.prom_service_acct`
			`opsgenie_key = var.opsgenie_key`
			`rpcpass = var.rpcpass`
add postgres 2019-07-29 16:40:27 -07:00			`pguser = var.pguser`
			`pgpass = var.pgpass`
add autossh.service tunnel to on-prem k8s 2019-08-06 16:47:59 -07:00			`charge_token = var.charge_token`
			`k8s_autossh_lb = var.k8s_autossh_lb`
stop using data image, use private_bucket as CI var 2019-09-06 11:43:25 -07:00			`private_bucket = var.private_bucket`
add mainnet 2019-03-07 12:29:43 -08:00			`}`

			`module "blc-testnet" {`
tf .12 2019-05-31 07:23:30 -07:00			`source = "./modules/blc"`
initial commit 2019-01-16 10:22:44 -08:00
tf .12 2019-05-31 07:23:30 -07:00			`project = var.project`
initial commit 2019-01-16 10:22:44 -08:00			`name = "satellite-api"`
			`network = "default"`
tf .12 2019-05-31 07:23:30 -07:00			`lightning_docker = var.lightning_docker`
			`charge_docker = var.charge_docker`
			`ionosphere_docker = var.ionosphere_docker`
			`ionosphere_sse_docker = var.ionosphere_sse_docker`
			`node_exporter_docker = var.node_exporter_docker`
add postgres 2019-07-29 16:40:27 -07:00			`postgres_docker = var.postgres_docker`
add autossh.service tunnel to on-prem k8s 2019-08-06 16:47:59 -07:00			`autossh_docker = var.autossh_docker`
			`certbot_docker = var.certbot_docker`
initial commit 2019-01-16 10:22:44 -08:00			`net = "testnet"`
tf .12 2019-05-31 07:23:30 -07:00			`env = local.env`
tf: remote-state troubles 2020-01-06 06:36:41 -08:00			`lb_svc_acct = "${length(data.terraform_remote_state.blc-mainnet.outputs) > 1 ? data.terraform_remote_state.blc-mainnet.outputs.lb_svc_acct : ""}"`
don't read in tor cloud_init + fix cert_bucket uri 2019-08-12 17:55:52 -07:00			`ssh_key_net = "_testnet"`
fixup lightning command + charge lightning dir 2020-01-03 05:57:51 -08:00			`lightning_cmd = "lightningd --testnet --conf=/root/.lightning/testnet/lightning.conf"`
initial commit 2019-01-16 10:22:44 -08:00
tf .12 2019-05-31 07:23:30 -07:00			`create_resources = local.create_testnet`
add tor infra 2019-01-18 14:57:15 -08:00
initial commit 2019-01-16 10:22:44 -08:00			`# CI vars`
tf .12 2019-05-31 07:23:30 -07:00			`region = var.region`
			`zone = var.zone`
update instance_types + don't always refresh different modules 2019-09-03 15:20:15 -07:00			`instance_type = var.instance_type[1]`
tf .12 2019-05-31 07:23:30 -07:00			`timeout = var.timeout`
			`prom_service_acct = var.prom_service_acct`
			`opsgenie_key = var.opsgenie_key`
			`rpcpass = var.rpcpass`
add postgres 2019-07-29 16:40:27 -07:00			`pguser = var.pguser`
			`pgpass = var.pgpass`
add autossh.service tunnel to on-prem k8s 2019-08-06 16:47:59 -07:00			`charge_token = var.charge_token`
			`k8s_autossh_lb = var.k8s_autossh_lb`
stop using data image, use private_bucket as CI var 2019-09-06 11:43:25 -07:00			`private_bucket = var.private_bucket`
add nginx proxy as LB 2019-06-13 09:01:23 -07:00			`}`

			`module "lb" {`
			`source = "./modules/lb"`

			`project = var.project`
			`name = "satellite-api-lb"`
			`network = "default"`
			`certbot_docker = var.certbot_docker`
			`node_exporter_docker = var.node_exporter_docker`
			`env = local.env`
			`internal_ip_mainnet = module.blc-mainnet.internal_ip`
			`internal_ip_testnet = data.terraform_remote_state.blc-testnet.outputs.blc_internal_ip_testnet`
tf: hack to avoid using a non-existent resourcein a specific workspace 2020-01-06 09:43:59 -08:00			`target_pool = "${length(google_compute_target_pool.lb-pool) > 0 ? google_compute_target_pool.lb-pool[0].self_link : ""}"`
			`health_check = "${length(google_compute_http_health_check.lb-health) > 0 ? google_compute_http_health_check.lb-health[0].self_link : ""}"`
add nginx proxy as LB 2019-06-13 09:01:23 -07:00
			`create_resources = local.create_mainnet`

			`# CI vars`
			`region = var.region`
			`zone = var.zone`
update instance_types + don't always refresh different modules 2019-09-03 15:20:15 -07:00			`instance_type = var.instance_type[0]`
add nginx proxy as LB 2019-06-13 09:01:23 -07:00			`host = var.host`
			`timeout = var.timeout`
			`prom_service_acct = var.prom_service_acct`
terminate SSL on instance; misc: add var.project, $request_uri, don't test_build on cleanup 2019-06-03 05:36:31 -07:00			`letsencrypt_email = var.letsencrypt_email`
			`public_bucket_url = var.public_bucket_url`
initial commit 2019-01-16 10:22:44 -08:00			`}`
add tor infra 2019-01-18 14:57:15 -08:00
			`module "tor" {`
tf .12 2019-05-31 07:23:30 -07:00			`source = "./modules/tor"`
add tor infra 2019-01-18 14:57:15 -08:00
tf .12 2019-05-31 07:23:30 -07:00			`project = var.project`
add tor infra 2019-01-18 14:57:15 -08:00			`network = "default"`
			`name = "satapi-tor"`
tf .12 2019-05-31 07:23:30 -07:00			`gcloud_docker = var.gcloud_docker`
			`tor_docker = var.tor_docker`
			`node_exporter_docker = var.node_exporter_docker`
			`kms_key = element(concat(google_kms_crypto_key.tor-crypto-key.*.name, [""]), 0)`
			`kms_key_ring = element(concat(google_kms_key_ring.tor-key-ring.*.name, [""]), 0)`
			`kms_key_link = element(`
			`concat(google_kms_crypto_key.tor-crypto-key.*.self_link, [""]),`
			`0,`
			`)`
			`tor_lb = element(`
			`concat(google_compute_global_address.tor-lb.*.address, [""]),`
			`0,`
			`)`

			`create_resources = local.create_misc`
add tor infra 2019-01-18 14:57:15 -08:00
use host list and split in module; add dns module to misc workspace 2019-02-27 12:47:01 -08:00			`# CI vars`
tf .12 2019-05-31 07:23:30 -07:00			`region = var.region`
			`zone = var.zone`
update instance_types + don't always refresh different modules 2019-09-03 15:20:15 -07:00			`instance_type = var.instance_type[0]`
tf .12 2019-05-31 07:23:30 -07:00			`onion_host = var.onion_host`
			`prom_service_acct = var.prom_service_acct`
lots of changes; adding prometheus instance, and api.blockstream.space adjustments 2019-02-26 16:44:51 -08:00			`}`

			`module "prometheus" {`
tf .12 2019-05-31 07:23:30 -07:00			`source = "./modules/prometheus"`
lots of changes; adding prometheus instance, and api.blockstream.space adjustments 2019-02-26 16:44:51 -08:00
tf .12 2019-05-31 07:23:30 -07:00			`project = var.project`
lots of changes; adding prometheus instance, and api.blockstream.space adjustments 2019-02-26 16:44:51 -08:00			`network = "default"`
			`name = "satapi-prometheus"`
tf .12 2019-05-31 07:23:30 -07:00			`prom_docker = var.prom_docker`
			`node_exporter_docker = var.node_exporter_docker`
lots of changes; adding prometheus instance, and api.blockstream.space adjustments 2019-02-26 16:44:51 -08:00
tf .12 2019-05-31 07:23:30 -07:00			`create_resources = local.create_misc`
lots of changes; adding prometheus instance, and api.blockstream.space adjustments 2019-02-26 16:44:51 -08:00
use host list and split in module; add dns module to misc workspace 2019-02-27 12:47:01 -08:00			`# CI vars`
tf .12 2019-05-31 07:23:30 -07:00			`region = var.region`
			`zone = var.zone`
update instance_types + don't always refresh different modules 2019-09-03 15:20:15 -07:00			`instance_type = var.instance_type[1]`
tf .12 2019-05-31 07:23:30 -07:00			`prom_allowed_source_ip = var.prom_allowed_source_ip`
			`opsgenie_key = var.opsgenie_key`
			`prom_service_acct = var.prom_service_acct`
update to google-beta and tor docker image 2019-02-13 14:36:26 -08:00			`}`
use host list and split in module; add dns module to misc workspace 2019-02-27 12:47:01 -08:00
			`module "dns" {`
tf .12 2019-05-31 07:23:30 -07:00			`source = "./modules/dns"`
use host list and split in module; add dns module to misc workspace 2019-02-27 12:47:01 -08:00
tf .12 2019-05-31 07:23:30 -07:00			`project = var.project`
use host list and split in module; add dns module to misc workspace 2019-02-27 12:47:01 -08:00
tf .12 2019-05-31 07:23:30 -07:00			`create_resources = local.create_misc`
use host list and split in module; add dns module to misc workspace 2019-02-27 12:47:01 -08:00
			`# CI vars`
tf .12 2019-05-31 07:23:30 -07:00			`satellite_lb = var.satellite_lb`
			`satellite_api_lb = var.satellite_api_lb`
			`satellite_api_lb_staging = var.satellite_api_lb_staging`
use host list and split in module; add dns module to misc workspace 2019-02-27 12:47:01 -08:00			`}`