# GCP Infrastructure for Sing For Hope This directory contains Terraform configurations for deploying and managing Gitea and n8n instances on Google Cloud Platform (GCP). ## Services Deployed * **Gitea**: A self-hosted Git service, accessible at `https://git.singforhope.cloud`. * **n8n**: A workflow automation tool, accessible at `https://n8n.singforhope.cloud`. Both services are deployed on separate `e2-small` virtual machines, configured with Nginx as a reverse proxy and SSL/TLS certificates from Let's Encrypt. ## Prerequisites Before using these Terraform configurations, ensure you have the following: * **GCP Project**: A Google Cloud Platform project with billing enabled. * **`gcloud` CLI**: The Google Cloud SDK installed and authenticated. * **Terraform CLI**: Terraform installed on your local machine. * **GCS Backend**: A Google Cloud Storage bucket named `tf-state-token-sfh` for Terraform state management. ## Usage 1. **Initialize Terraform**: Navigate to this directory in your terminal and initialize Terraform: ```bash terraform init ``` 2. **Review the Plan**: Review the execution plan to understand what changes Terraform will make. Replace `sing-for-hope` with your actual GCP project ID. ```bash terraform plan -var="project_id=sing-for-hope" ``` 3. **Apply the Configuration**: Apply the Terraform configuration to create or update the resources. ```bash terraform apply -var="project_id=sing-for-hope" ``` You will be prompted to confirm the changes. Type `yes` to proceed. ## Resources Managed The Terraform configuration in this directory manages the following GCP resources: * **`google_dns_managed_zone.singforhope_cloud`**: The DNS managed zone for `singforhope.cloud`. * **`google_compute_instance.gitea_vm`**: The virtual machine instance for Gitea. * **`google_compute_instance.n8n_vm`**: The virtual machine instance for n8n. * **`google_dns_record_set.gitea`**: The A record for `git.singforhope.cloud`. * **`google_dns_record_set.n8n`**: The A record for `n8n.singforhope.cloud`. * **`google_compute_firewall.gitea_http`**: Firewall rule to allow traffic to Gitea on port 3000. * **`google_compute_firewall.http_allow`**: Firewall rule to allow HTTP traffic (port 80) to Gitea. * **`google_compute_firewall.https_allow`**: Firewall rule to allow HTTPS traffic (port 443) to Gitea. * **`google_compute_firewall.n8n_app_allow`**: Firewall rule to allow traffic to n8n on port 5678. * **`google_compute_firewall.n8n_http_allow`**: Firewall rule to allow HTTP traffic (port 80) to n8n. * **`google_compute_firewall.n8n_https_allow`**: Firewall rule to allow HTTPS traffic (port 443) to n8n. ## Important Notes * The initial setup of Gitea and n8n (Docker installation, Nginx configuration, and Certbot SSL) was performed manually via `gcloud` commands. This Terraform configuration now manages the underlying infrastructure (VMs, DNS, Firewall rules) but does not re-run the application-level setup scripts. * The `metadata_startup_script` attribute for the VM instances is intentionally omitted from the Terraform configuration to prevent unintended re-provisioning of the VMs. * The `dnssec_config` for the managed zone is included as it is a required parameter.