singforhope/devops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added infra

Browse Source
This commit is contained in:
Javier Hinojosa
2025-11-09 11:17:13 -05:00
parent afcb0b7932
commit 35773c6efe
9 changed files with 855 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
infra/gcp/README.md Normal file
View File

@@ -0,0 +1,62 @@
# GCP Infrastructure for Sing For Hope
This directory contains Terraform configurations for deploying and managing Gitea and n8n instances on Google Cloud Platform (GCP).
## Services Deployed
* **Gitea**: A self-hosted Git service, accessible at `https://git.singforhope.cloud`.
* **n8n**: A workflow automation tool, accessible at `https://n8n.singforhope.cloud`.
Both services are deployed on separate `e2-small` virtual machines, configured with Nginx as a reverse proxy and SSL/TLS certificates from Let's Encrypt.
## Prerequisites
Before using these Terraform configurations, ensure you have the following:
* **GCP Project**: A Google Cloud Platform project with billing enabled.
* **`gcloud` CLI**: The Google Cloud SDK installed and authenticated.
* **Terraform CLI**: Terraform installed on your local machine.
* **GCS Backend**: A Google Cloud Storage bucket named `tf-state-token-sfh` for Terraform state management.
## Usage
1. **Initialize Terraform**:
Navigate to this directory in your terminal and initialize Terraform:
```bash
terraform init
```
2. **Review the Plan**:
Review the execution plan to understand what changes Terraform will make. Replace `sing-for-hope` with your actual GCP project ID.
```bash
terraform plan -var="project_id=sing-for-hope"
```
3. **Apply the Configuration**:
Apply the Terraform configuration to create or update the resources.
```bash
terraform apply -var="project_id=sing-for-hope"
```
You will be prompted to confirm the changes. Type `yes` to proceed.
## Resources Managed
The Terraform configuration in this directory manages the following GCP resources:
* **`google_dns_managed_zone.singforhope_cloud`**: The DNS managed zone for `singforhope.cloud`.
* **`google_compute_instance.gitea_vm`**: The virtual machine instance for Gitea.
* **`google_compute_instance.n8n_vm`**: The virtual machine instance for n8n.
* **`google_dns_record_set.gitea`**: The A record for `git.singforhope.cloud`.
* **`google_dns_record_set.n8n`**: The A record for `n8n.singforhope.cloud`.
* **`google_compute_firewall.gitea_http`**: Firewall rule to allow traffic to Gitea on port 3000.
* **`google_compute_firewall.http_allow`**: Firewall rule to allow HTTP traffic (port 80) to Gitea.
* **`google_compute_firewall.https_allow`**: Firewall rule to allow HTTPS traffic (port 443) to Gitea.
* **`google_compute_firewall.n8n_app_allow`**: Firewall rule to allow traffic to n8n on port 5678.
* **`google_compute_firewall.n8n_http_allow`**: Firewall rule to allow HTTP traffic (port 80) to n8n.
* **`google_compute_firewall.n8n_https_allow`**: Firewall rule to allow HTTPS traffic (port 443) to n8n.
## Important Notes
* The initial setup of Gitea and n8n (Docker installation, Nginx configuration, and Certbot SSL) was performed manually via `gcloud` commands. This Terraform configuration now manages the underlying infrastructure (VMs, DNS, Firewall rules) but does not re-run the application-level setup scripts.
* The `metadata_startup_script` attribute for the VM instances is intentionally omitted from the Terraform configuration to prevent unintended re-provisioning of the VMs.
* The `dnssec_config` for the managed zone is included as it is a required parameter.