Compare commits
9 Commits
ba2e1e4655
...
todos
| Author | SHA1 | Date | |
|---|---|---|---|
9648a0b161
|
|||
| a9f8183309 | |||
|
1381635467
|
|||
|
d831f89ad8
|
|||
|
579c73b128
|
|||
|
f2b9fd4c11
|
|||
| 64c297a905 | |||
|
39c02779a9
|
|||
|
daf180c210
|
@@ -13,6 +13,7 @@ env:
|
||||
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
|
||||
TF_VAR_aws_region: ${{ vars.TF_VAR_aws_region }}
|
||||
TF_VAR_site_domain: ${{ vars.TF_VAR_site_domain }}
|
||||
TF_VAR_site_domains: ${{ vars.TF_VAR_site_domains }}
|
||||
TF_VAR_project_name: ${{ vars.TF_VAR_project_name }}
|
||||
TF_VAR_environment: ${{ vars.TF_VAR_environment }}
|
||||
TF_VAR_tuffas_applier_role_arn: ${{ vars.TF_VAR_tuffas_applier_role_arn }}
|
||||
|
||||
27
README.md
27
README.md
@@ -5,11 +5,32 @@ hosting hruday.me via terraform
|
||||
---
|
||||
|
||||
|
||||
Add `dotenv` to .envrc after other nix stuff, and store keys in .env, which is fine for a testing project.
|
||||
~~Add `dotenv` to .envrc after other nix stuff, and store keys in .env, which is fine for a testing project.~~
|
||||
|
||||
Don't add dotenv.
|
||||
Workflow is to just use the `dev` branch or anything else, then only actually deploy via PR to `master`.
|
||||
PR to master is a great deployment strategy, no notes.
|
||||
|
||||
Currently manages hruday.me and deepakmallubhotla.com, creating buckets which match the domain names.
|
||||
The content of the sites are managed externally, in their own repos which deploy by uploading to the S3 bucket created here.
|
||||
|
||||
## adding a domain
|
||||
|
||||
Not an ideal process, so we should improve.
|
||||
|
||||
1. Acquire domain name, manually atm.
|
||||
2. let Cloudflare manage DNS by setting nameservers (following the wizard in cf works with no DNS records required before we get here!) etc., also manual
|
||||
3. Add domain name to relevant Gitea variable, should be easy.
|
||||
4. Bucket will be created, empty. If you want an easy start you can manually upload to the bucket.
|
||||
5. Deploy with whatever method you want, can include a build process or anything else. Follow hruday.me as a guide maybe
|
||||
|
||||
|
||||
|
||||
## Todos
|
||||
- [ ] better secrets management
|
||||
- [x] better secrets management
|
||||
- [x] ci
|
||||
- [ ] test ci permissions with a real terraform apply (not in ci)
|
||||
- [x] test ci permissions with a real terraform apply (not in ci)
|
||||
- [ ] can we make a lower-weight runner? ubuntu-latest is heavy and still requires ~1m for providers
|
||||
- [ ] For new domain should provide a default set of content in the bucket? or does that cost more for the extra creates, for a local project we may not care
|
||||
- [ ] in ci our terraform plan steps should output a file, which could get manually reviewed (add to PR as comment)
|
||||
- [ ] create workflow for drift detection
|
||||
|
||||
2
moved.tf
2
moved.tf
@@ -56,5 +56,5 @@ moved {
|
||||
|
||||
moved {
|
||||
from = module.static_website
|
||||
to = module.static_website["hruday.me"]
|
||||
to = module.static_website["hruday.me"]
|
||||
}
|
||||
|
||||
@@ -4,7 +4,7 @@ variable "aws_region" {
|
||||
}
|
||||
|
||||
variable "site_domains" {
|
||||
type = list(any)
|
||||
type = list(string)
|
||||
description = "The domain name of these sites, which will be mapped over"
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user