Logan
33700448bf
Provisions e2-micro VM (us-east1-b, free tier) with static IP, SSH and web firewall rules, Docker + Caddy startup script, and IAM bindings for Firestore and GCS access via ADC. Imports existing drb-calls bucket and c2-server Firestore database into state. Ansible roles handle first-time setup (swap, docker group) and all subsequent deploys via rsync + docker compose, with secrets managed via Ansible Vault. DNS stays on AWS Route 53.
41 lines
1.5 KiB
Makefile
41 lines
1.5 KiB
Makefile
.PHONY: tf-init tf-plan tf-apply tf-destroy deploy setup-ansible
|
|
|
|
ANSIBLE_DIR = ansible
|
|
INVENTORY = $(ANSIBLE_DIR)/inventory.ini
|
|
|
|
# ── Terraform ─────────────────────────────────────────────────────────────────
|
|
|
|
tf-init:
|
|
terraform init
|
|
|
|
tf-plan:
|
|
terraform plan
|
|
|
|
tf-apply:
|
|
terraform apply
|
|
@echo ""
|
|
@echo "Server IP: $$(terraform output -raw server_ip)"
|
|
@echo "Update $(INVENTORY) with this IP, then run: make deploy"
|
|
|
|
tf-destroy:
|
|
@echo "WARNING: This will destroy the VM and all data on it."
|
|
@read -p "Type 'yes' to confirm: " confirm && [ "$$confirm" = "yes" ] && terraform destroy
|
|
|
|
# ── Ansible ───────────────────────────────────────────────────────────────────
|
|
|
|
# First-time setup: waits for Docker, clones repo, starts stack.
|
|
setup:
|
|
ansible-playbook -i $(INVENTORY) $(ANSIBLE_DIR)/site.yml --ask-vault-pass
|
|
|
|
# Update deploy: sync code + restart changed containers. Run this after every push.
|
|
deploy:
|
|
ansible-playbook -i $(INVENTORY) $(ANSIBLE_DIR)/deploy.yml --ask-vault-pass
|
|
|
|
# ── Helpers ───────────────────────────────────────────────────────────────────
|
|
|
|
ip:
|
|
@terraform output -raw server_ip
|
|
|
|
ssh:
|
|
ssh drb@$$(terraform output -raw server_ip)
|