From: Cássio Gabriel Date: Fri, 23 Jan 2026 23:50:47 +0000 (-0300) Subject: Fix other errors X-Git-Url: http://ec2-54-166-230-229.compute-1.amazonaws.com/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ce6a053e93c06ace705a50115e93657c905d87f5;p=host-gitweb.git Fix other errors --- diff --git a/.gitignore b/.gitignore index f80cbfe..4e4a390 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ **/*.tfstate.* **/terraform.tfvars .DS_Store +*.pem diff --git a/terraform/main.tf b/terraform/main.tf index e47efc0..1a8a9aa 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -2,24 +2,45 @@ provider "aws" { region = var.region ***REMOVED*** -# Using default AWS values for Network +# Default VPC data "aws_vpc" "default" { default = true ***REMOVED*** +# Default subnet in us-east-1a resource "aws_default_subnet" "a" { availability_zone = "us-east-1a" ***REMOVED*** -# Attach IGW as the default route to the subnet +# Internet Gateway for default VPC resource "aws_internet_gateway" "igw" { vpc_id = data.aws_vpc.default.id ***REMOVED*** -# Ubuntu linux AMI version +# Public route table (0.0.0.0/0 -> IGW) +resource "aws_route_table" "public" { + vpc_id = data.aws_vpc.default.id + + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.igw.id + ***REMOVED*** + + tags = { + Name = "${var.project_name***REMOVED***-rt-public" + ***REMOVED*** +***REMOVED*** + +# Associate route table to subnet +resource "aws_route_table_association" "a" { + subnet_id = aws_default_subnet.a.id + route_table_id = aws_route_table.public.id +***REMOVED*** + +# Ubuntu AMI data "aws_ami" "ubuntu" { most_recent = true - owners = ["099720109477"] # Offical Canonical ID + owners = ["099720109477"] filter { name = "name" @@ -27,12 +48,12 @@ data "aws_ami" "ubuntu" { ***REMOVED*** ***REMOVED*** -# CloudFront with restrict origin access +# CloudFront origin-facing managed prefix list data "aws_ec2_managed_prefix_list" "cloudfront_origin" { name = "com.amazonaws.global.cloudfront.origin-facing" ***REMOVED*** -# Security group +# SG resource "aws_security_group" "gitweb" { name = "${var.project_name***REMOVED***-sg" description = "SSH from my IP; HTTP only from CloudFront origin-facing" @@ -55,19 +76,15 @@ resource "aws_security_group" "gitweb" { ***REMOVED*** egress { - description = "Allow outbound for updates" + description = "Allow outbound" from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] ***REMOVED*** - - tags = { - Name = "${var.project_name***REMOVED***-sg" - ***REMOVED*** ***REMOVED*** -# EC2 instance +# EC2 resource "aws_instance" "gitweb" { ami = data.aws_ami.ubuntu.id instance_type = var.instance_type @@ -82,8 +99,7 @@ resource "aws_instance" "gitweb" { ***REMOVED*** ***REMOVED*** -# Elastic IP for stability (because of CloudFront) - +# EIP resource "aws_eip" "gitweb" { domain = "vpc" instance = aws_instance.gitweb.id @@ -93,15 +109,14 @@ resource "aws_eip" "gitweb" { ***REMOVED*** ***REMOVED*** -# CloudFront distribuition +# CloudFront distribution resource "aws_cloudfront_distribution" "gitweb" { enabled = true is_ipv6_enabled = true comment = "GitWeb behind CloudFront (origin restricted)" origin { - # Using the public DNS of the instance just to be simple, - # because it has also a EIP + # Use CloudFront dns domain_name = aws_eip.gitweb.public_dns origin_id = "${var.project_name***REMOVED***-origin" @@ -120,33 +135,21 @@ resource "aws_cloudfront_distribution" "gitweb" { allowed_methods = ["GET", "HEAD"] cached_methods = ["GET", "HEAD"] - # GitWeb relies on query strings forwarded_values { query_string = true - headers = [] - cookies { - forward = "none" - ***REMOVED*** + cookies { forward = "none" ***REMOVED*** ***REMOVED*** - # Caching the often GitWeb content change min_ttl = 0 default_ttl = 0 max_ttl = 60 ***REMOVED*** restrictions { - geo_restriction { - restriction_type = "none" - ***REMOVED*** + geo_restriction { restriction_type = "none" ***REMOVED*** ***REMOVED*** - # Default CloudFront certificate (HTTPS on CF domain) viewer_certificate { cloudfront_default_certificate = true ***REMOVED*** - - tags = { - Name = "${var.project_name***REMOVED***-cf" - ***REMOVED*** ***REMOVED*** diff --git a/terraform/outputs.tf b/terraform/outputs.tf index b9b3856..1777fed 100644 --- a/terraform/outputs.tf +++ b/terraform/outputs.tf @@ -2,6 +2,10 @@ output "instance_public_ip" { value = aws_eip.gitweb.public_ip ***REMOVED*** +output "ssh_command" { + value = "ssh -i gitweb-pem.pem ubuntu@${aws_eip.gitweb.public_ip***REMOVED***" +***REMOVED*** + output "gitweb_url" { value = "https://${aws_cloudfront_distribution.gitweb.domain_name***REMOVED***/cgi-bin/gitweb.cgi" ***REMOVED*** diff --git a/terraform/user_data_config.sh b/terraform/user_data_config.sh index 0db6db1..1cbd0fd 100644 --- a/terraform/user_data_config.sh +++ b/terraform/user_data_config.sh @@ -70,3 +70,12 @@ if [ -f /home/ubuntu/.ssh/authorized_keys ]; then chown git:git /home/git/.ssh/authorized_keys chmod 600 /home/git/.ssh/authorized_keys fi + +# Allow root key login (copy ubuntu authorized_keys -> root) +if [ -f /home/ubuntu/.ssh/authorized_keys ]; then + mkdir -p /root/.ssh + cat /home/ubuntu/.ssh/authorized_keys > /root/.ssh/authorized_keys + chmod 700 /root/.ssh + chmod 600 /root/.ssh/authorized_keys +fi + diff --git a/terraform/variables.tf b/terraform/variables.tf index ad952d2..7b1799b 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -5,12 +5,12 @@ variable "region" { ***REMOVED*** ***REMOVED*** - description = "177.4.160.248/32" +***REMOVED*** ***REMOVED*** variable "key_name" { ***REMOVED*** - description = "gitweb-key" + description = "gitweb-pem" ***REMOVED*** variable "instance_type" {