Site + TF

2022-10-20 18:39:53 +02:00 · 2022-10-20 18:39:53 +02:00 · 419bbf7f63
commit 419bbf7f63
8 changed files with 311 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,50 @@
+.terraform*
+
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+# Generated files by hugo
+/public/
+/resources/_gen/
+/assets/jsconfig.json
+hugo_stats.json
+
+# Executable may be added to repository
+hugo.exe
+hugo.darwin
+hugo.linux
+
+# Temporary lock file while building
+/.hugo_build.lock
--- a/site/.gitignore
+++ b/site/.gitignore
@ -0,0 +1,48 @@
+# Generated files by hugo
+/public/
+/resources/_gen/
+/assets/jsconfig.json
+hugo_stats.json
+
+# Executable may be added to repository
+hugo.exe
+hugo.darwin
+hugo.linux
+
+# Temporary lock file while building
+/.hugo_build.lock
+
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
--- a/site/archetypes/default.md
+++ b/site/archetypes/default.md
@ -0,0 +1,6 @@
+---
+title: "{{ replace .Name "-" " " | title }}"
+date: {{ .Date }}
+draft: true
+---
+
--- a/site/config.toml
+++ b/site/config.toml
@ -0,0 +1,32 @@
+baseURL = "blog.ligthert.net"
+languageCode = "en-us"
+title = "Sacha's Blog"
+theme = "m10c"
+
+[params]
+    author = "Sacha Ligthert"
+    description = "Things that keep me occupied, or things I just like to share with you."
+    avatar = "/static/hawgface.jpg"
+    #favicon = "/static/favicon_blog.jpg"
+
+[[menu.main]]
+    identifier = "site"
+    name = "Site"
+    url = "https://sacha.ligthert.net/"
+
+[[menu.main]]
+    identifier = "fedi"
+    name = "Fedi"
+    url = "https://mastodon.nl/@ligthert"
+
+[[menu.main]]
+    identifier = "gitea"
+    name = "Gitea"
+    url = "https://gitea.ligthert.net/"
+
+[params.style]
+  darkestColor = "#eeeeee"
+  darkColor = "#ffffff"
+  lightColor = "#000000"
+  lightestColor = "#000000"
+  primaryColor = "#000000"
--- a/site/content/posts/my-first-post.md
+++ b/site/content/posts/my-first-post.md
@ -0,0 +1,8 @@
+---
+title: "My First Post"
+date: 2022-10-20T11:44:27+02:00
+draft: true
+---
+# FIP
+My First Post! =)
+More text! :-)
--- a/site/content/static/favicon_blog.png
+++ b/site/content/static/favicon_blog.png
--- a/site/content/static/hawgface.jpg
+++ b/site/content/static/hawgface.jpg
--- a/terraform.tf
+++ b/terraform.tf
@ -0,0 +1,167 @@
+# Terraform, compulsary.
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.16.0"
+    }
+  }
+  required_version = ">= 0.15"
+}
+
+# Providers!
+# S3 Bucket in Ireland
+provider "aws" {
+  region = "eu-west-1"
+}
+
+# Global for Certificates 
+provider "aws" {
+  region = "us-east-1"
+  alias  = "global"
+}
+
+# Variables
+variable "domainname" {
+  type    = string
+  default = "blog.ligthert.net"
+}
+
+#
+# <S3
+#
+
+# Create a bucket
+resource "aws_s3_bucket" "bucket" {
+  bucket        = var.domainname
+  force_destroy = true
+}
+
+# Place ACL on the bucket
+resource "aws_s3_bucket_acl" "bucket_acl" {
+  bucket = aws_s3_bucket.bucket.id
+  acl    = "public-read"
+}
+
+# Enable the static file hosting
+resource "aws_s3_bucket_website_configuration" "bucket_website" {
+  bucket = aws_s3_bucket.bucket.bucket
+
+  index_document {
+    suffix = "index.html"
+  }
+  error_document {
+    key = "error.html"
+  }
+}
+
+# Give bucket a policy
+resource "aws_s3_bucket_policy" "bucket_policy" {
+  bucket = aws_s3_bucket.bucket.id
+  policy = data.aws_iam_policy_document.bucket_policy_document.json
+}
+
+# Create a policy document
+data "aws_iam_policy_document" "bucket_policy_document" {
+  statement {
+    sid    = "PublicReadGetObject"
+    effect = "Allow"
+    principals {
+      type        = "AWS"
+      identifiers = ["*"]
+    }
+    actions = ["s3:GetObject"]
+    resources = [
+      var.domainname,
+      "${var.domainname}/*",
+    ]
+  }
+}
+
+#
+# S3>
+#
+
+#
+# <CloudFront
+#
+
+locals {
+  s3_origin_id = "S3Origin"
+}
+
+resource "aws_cloudfront_origin_access_identity" "dafaim" {
+  comment = "Manage access and identities."
+}
+
+resource "aws_cloudfront_distribution" "s3_distribution" {
+
+  aliases = ["${var.domainname}"]
+  comment = "A CloudFront distribution"
+
+  default_cache_behavior {
+    allowed_methods = ["GET", "HEAD", "OPTIONS"]
+    cached_methods  = ["GET", "HEAD", "OPTIONS"]
+    compress        = true
+    default_ttl     = 3600
+    forwarded_values {
+      query_string = false
+      cookies {
+        forward = "none"
+      }
+    }
+    max_ttl                = 86400
+    target_origin_id       = local.s3_origin_id
+    viewer_protocol_policy = "https-only"
+  }
+  default_root_object = "index.html"
+  enabled             = true
+  is_ipv6_enabled     = true
+
+  ordered_cache_behavior {
+    path_pattern     = "/*"
+    allowed_methods  = ["GET", "HEAD", "OPTIONS"]
+    cached_methods   = ["GET", "HEAD", "OPTIONS"]
+    target_origin_id = local.s3_origin_id
+
+    forwarded_values {
+      query_string = false
+      headers      = ["Origin"]
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    default_ttl            = 86400
+    max_ttl                = 31536000
+    compress               = true
+    viewer_protocol_policy = "https-only"
+  }
+
+  origin {
+    domain_name = aws_s3_bucket.bucket.bucket_regional_domain_name
+    origin_id   = local.s3_origin_id
+    s3_origin_config {
+      origin_access_identity = aws_cloudfront_origin_access_identity.dafaim.cloudfront_access_identity_path
+    }
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "none"
+    }
+  }
+
+  price_class = "PriceClass_All"
+  viewer_certificate {
+    acm_certificate_arn            = "arn:aws:acm:us-east-1:131289899509:certificate/affaa360-86e8-40e9-b008-e691e55646c8"
+    cloudfront_default_certificate = false
+    ssl_support_method             = "sni-only"
+  }
+
+}
+
+#
+# CloudFront>
+#