890a23e8d5
Some checks failed
Update Automation Tests / Integration Tests (pull_request) Failing after 40s
Infrastructure & Permissions: - Set recovery_window_in_days=0 on secrets for immediate deletion on destroy - Add secretsmanager:UpdateSecret permission to EC2 IAM role - Move SES secret definition from ses.tf to secrets.tf for better organization - Create scripts/empty-s3-bucket.sh to handle versioned S3 object deletion - Update Makefile to use S3 cleanup script in full-destroy target Gitea Admin User Automation: - Remove non-functional GITEA_ADMIN_* environment variables from docker-compose.yml - Add CLI-based admin user creation via docker exec in deploy-gitea.yml - Add database update to disable must_change_password requirement - Fix runner token API call to use GET instead of POST Runner Setup Fixes: - Change runner gitea_instance to http://localhost:3000 (was failing with public URL) - Fix registration to work from same host as Gitea Domain Migration: - Change domain from gitea.poll-streams.com to git.poll-streams.com - Update DNS, docker-compose, nginx configs, ansible inventory, and SSL setup - Enables fresh SSL certificate (avoids Let's Encrypt rate limit) All changes enable zero-to-one deployment: make full-destroy && make full-deploy
60 lines
1.9 KiB
HCL
60 lines
1.9 KiB
HCL
# Generate random password for PostgreSQL
|
|
resource "random_password" "db_password" {
|
|
length = 32
|
|
special = true
|
|
}
|
|
|
|
# Generate random password for Gitea admin user
|
|
resource "random_password" "gitea_admin_password" {
|
|
length = 32
|
|
special = true
|
|
}
|
|
|
|
# Store credentials in AWS Secrets Manager
|
|
resource "aws_secretsmanager_secret" "db_credentials" {
|
|
name = "${var.project_name}-db-credentials"
|
|
description = "PostgreSQL database credentials for Gitea"
|
|
recovery_window_in_days = 0
|
|
|
|
tags = {
|
|
Name = "${var.project_name}-db-credentials"
|
|
}
|
|
}
|
|
|
|
resource "aws_secretsmanager_secret_version" "db_credentials" {
|
|
secret_id = aws_secretsmanager_secret.db_credentials.id
|
|
secret_string = jsonencode({
|
|
username = "gitea"
|
|
password = random_password.db_password.result
|
|
database = "gitea"
|
|
host = "postgres"
|
|
port = 5432
|
|
admin_username = "gitea_admin"
|
|
admin_password = random_password.gitea_admin_password.result
|
|
admin_email = "admin@poll-streams.com"
|
|
gitea_runner_token = "" # Will be auto-generated via API
|
|
})
|
|
}
|
|
|
|
# Store SMTP credentials in Secrets Manager
|
|
resource "aws_secretsmanager_secret" "ses_smtp_credentials" {
|
|
name = "${var.project_name}-ses-smtp-credentials"
|
|
description = "SMTP credentials for AWS SES"
|
|
recovery_window_in_days = 0
|
|
|
|
tags = {
|
|
Name = "${var.project_name}-ses-smtp-credentials"
|
|
}
|
|
}
|
|
|
|
resource "aws_secretsmanager_secret_version" "ses_smtp_credentials" {
|
|
secret_id = aws_secretsmanager_secret.ses_smtp_credentials.id
|
|
secret_string = jsonencode({
|
|
smtp_host = "email-smtp.${var.aws_region}.amazonaws.com"
|
|
smtp_port = "587"
|
|
smtp_username = aws_iam_access_key.ses_smtp_access_key.id
|
|
smtp_password = aws_iam_access_key.ses_smtp_access_key.ses_smtp_password_v4
|
|
alert_email = var.alert_email
|
|
})
|
|
}
|