try to use https

zeeket · Jul 7, 2024 · 68195fe · 68195fe
1 parent de75002
commit 68195fe
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 3 deletions.
diff --git a/.github/workflows/push-apply.yml b/.github/workflows/push-apply.yml
@@ -61,4 +61,6 @@ jobs:
             TF_VAR_TG_ADMIN_GROUP_IDS: ${{ secrets.TG_ADMIN_GROUP_IDS }}
             TF_VAR_GOOGLEVERIFICATION: ${{ secrets.GOOGLEVERIFICATION }}
             TF_TOKEN_app_terraform_io: ${{ secrets.TF_API_TOKEN }}
+            TF_VAR_DOMAIN: ${{ secrets.DOMAIN }}
+            TF_VAR_CERTBOT_EMAIL: ${{ secrets.CERTBOT_EMAIL }}
         run: tofu apply -input=false -auto-approve
diff --git a/docker/docker-compose.prod.tls-registry.yml b/docker/docker-compose.prod.tls-registry.yml
@@ -8,7 +8,7 @@ services:
       - "80:80"
       - "443:443"
     environment:
-      - CERTBOT_EMAIL=${CERTBOT_EMAIL}
+      - CERTBOT_EMAIL=${CERTBOT_EMAIL:?error}
     volumes:
       - nginx-secrets:/etc/letsencrypt
       - ./nginx-conf/user_conf.d:/etc/nginx/user_conf.d

diff --git a/infrastructure/main.tf b/infrastructure/main.tf
@@ -30,6 +30,8 @@ data "cloudinit_config" "config" {
     content = templatefile("${path.module}/templates/user-data.sh.tftpl",
       {
         REPO_URL = local.REPO_URL
+        DOMAIN = var.DOMAIN
+        CERTBOT_EMAIL = var.CERTBOT_EMAIL
     })
   }
 
@@ -58,6 +60,13 @@ resource "digitalocean_domain" "hytky" {
   name = "hytky.org"
 }
 
+resource "digitalocean_record" "root" {
+  domain = digitalocean_domain.hytky.name
+  type   = "A"
+  name   = "@"
+  value  = digitalocean_droplet.webserver.ipv4_address
+}
+
 resource "digitalocean_record" "www" {
   domain = digitalocean_domain.hytky.name
   type   = "A"

diff --git a/infrastructure/templates/user-data.sh.tftpl b/infrastructure/templates/user-data.sh.tftpl
@@ -18,7 +18,13 @@ git clone ${REPO_URL} /opt/webapp
 mv /opt/secrets/.* /opt/webapp/
 rmdir /opt/secrets
 
+%{ if DOMAIN != "" }
+echo "NEXTAUTH_URL=https://${DOMAIN}" | tee -a /opt/webapp/.env
+sed -i '' 's/sub.yourdomain.org/${DOMAIN}/g' /opt/webapp/docker/nginx-conf/user_conf.d/tls.conf
+export CERTBOT_EMAIL=${CERTBOT_EMAIL}
+docker compose -f /opt/webapp/docker/docker-compose.prod.tls-registry.yml up -d 
+%{ else }
 IP=$(ip addr show eth0 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1 | awk -F. '$1>=1 && $1<=126 || $1>=128 && $1<=191' | head -n 1)
 echo "NEXTAUTH_URL=http://$IP" | tee -a /opt/webapp/.env
-
-docker compose -f /opt/webapp/docker/docker-compose.prod.from-registry.yml up -d 
+docker compose -f /opt/webapp/docker/docker-compose.prod.from-registry.yml up -d 
+%{ endif }
diff --git a/infrastructure/variables.tf b/infrastructure/variables.tf
@@ -1,3 +1,16 @@
+variable "DOMAIN" {
+  description = "Domain Name"
+  type        = string
+  default     = ""
+}
+
+variable "CERTBOT_EMAIL" {
+  description = "The email address to use for Let's Encrypt"
+  type        = string
+  default     = ""
+  sensitive   = true
+}
+
 variable "do_token" {
   description = "Digital Ocean Token"
   type        = string