From 61773be76c1d05d80c6810803185611c9424ef65 Mon Sep 17 00:00:00 2001
From: Nathan Rodet <nrodet@grandlyon.com>
Date: Thu, 22 Dec 2022 10:41:44 +0100
Subject: [PATCH] Added configuration

---
 .gitlab-ci.yml                              |  5 +--
 instance_scripts/atrium_scripts/atrium.yaml | 17 +++++------
 instance_scripts/atrium_scripts/deploy.sh   | 17 +++++------
 terraform/cloud-init.yml                    | 34 ++++++++++++++++++---
 terraform/main.tf                           | 14 ++++++---
 terraform/output.tf                         |  5 ---
 terraform/variables-gitlab.tf               |  8 ++++-
 7 files changed, 66 insertions(+), 34 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 1c622f4..2372602 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -11,14 +11,15 @@ before_script:
   - cd ${TF_ROOT}
   - which ssh-agent || ( apt-get install -qq openssh-client )
   - ssh-keygen -b 2048 -t rsa -f ./tf.rsa -q -N "" -C "FORGE alpha-project-manager"
+  - export TF_VAR_SCW_SSH_PUB_KEY=$(cat tf.rsa.pub)
+  - export TF_VAR_SCW_SSH_PRIVATE_KEY=$(cat tf.rsa)
   - export TF_VAR_SCW_ACCESS_KEY=${TF_VAR_SCW_ACCESS_KEY}
   - export TF_VAR_SCW_SECRET_KEY=${TF_VAR_SCW_SECRET_KEY}
   - export TF_VAR_SCW_PROJECT_ID=${TF_VAR_SCW_PROJECT_ID}
   - export TF_VAR_INSTANCES_COUNT=${TF_VAR_INSTANCES_COUNT}
   - export TF_VAR_USER_PASSWORD=${TF_VAR_USER_PASSWORD}
+  - export TF_VAR_LETSENCRYPT_EMAIL={TF_VAR_LETSENCRYPT_EMAIL}
   - export TF_VAR_ENVIRONMENT=${ENVIRONMENT}
-  - export TF_VAR_SCW_SSH_PUB_KEY=$(cat tf.rsa.pub)
-  - export TF_VAR_SCW_SSH_PRIVATE_KEY=$(cat tf.rsa)
 
 stages:
   - prepare
diff --git a/instance_scripts/atrium_scripts/atrium.yaml b/instance_scripts/atrium_scripts/atrium.yaml
index badb1c5..86aa951 100644
--- a/instance_scripts/atrium_scripts/atrium.yaml
+++ b/instance_scripts/atrium_scripts/atrium.yaml
@@ -1,19 +1,18 @@
-hostname: labo.alpha.grandlyon.com
+hostname: $(scw-userdata atrium_hostname)
 debug_mode: false
-letsencrypt_email: nrodet@alpha.grandlyon.com
+letsencrypt_email: $(scw_userdata atrium_letsencrypt_email)
 apps: # optional : applications served by atrium
-  - id: $COUNT
+  - id: 1
     name: Code
     icon: web_asset
     color: 4292030255
     is_proxy: true
-    host: instance$COUNT-code
-    target: $PRIVATE_IP:8080
-apps: # optional : applications served by atrium
-  - id: $COUNT
+    host: "code-$(scw_userdata atrium_count_index)"
+    target: $(scw_userdata atrium_private_ip):8080
+  - id: 2
     name: Desktop
     icon: web_asset
     color: 4292030255
     is_proxy: true
-    host: instance$COUNT-desktop
-    target: $PRIVATE_IP:8081
\ No newline at end of file
+    host: "desktop-$(scw_userdata atrium_count_index)"
+    target: $(scw_userdata atrium_private_ip):8081
\ No newline at end of file
diff --git a/instance_scripts/atrium_scripts/deploy.sh b/instance_scripts/atrium_scripts/deploy.sh
index b947e39..1d1ac1f 100644
--- a/instance_scripts/atrium_scripts/deploy.sh
+++ b/instance_scripts/atrium_scripts/deploy.sh
@@ -1,21 +1,20 @@
 cat<<EOF >> ./atrium.yaml
-hostname: labo.alpha.grandlyon.com
+hostname: $(scw-userdata atrium_hostname)
 debug_mode: false
-letsencrypt_email: nrodet@alpha.grandlyon.com
+letsencrypt_email: $(scw_userdata atrium_letsencrypt_email)
 apps: # optional : applications served by atrium
-  - id: "$COUNT"
+  - id: 1
     name: Code
     icon: web_asset
     color: 4292030255
     is_proxy: true
-    host: machine$COUNT-code
-    target: $PRIVATE_IP:8080
-apps: # optional : applications served by atrium
-  - id: "$COUNT"
+    host: "code-$(scw_userdata atrium_count_index)"
+    target: $(scw_userdata atrium_private_ip):8080
+  - id: 2
     name: Desktop
     icon: web_asset
     color: 4292030255
     is_proxy: true
-    host: machine$COUNT-desktop
-    target: $PRIVATE_IP:8081
+    host: "desktop-$(scw_userdata atrium_count_index)"
+    target: $(scw_userdata atrium_private_ip):8081
 EOF
diff --git a/terraform/cloud-init.yml b/terraform/cloud-init.yml
index 30b09c1..20807b9 100644
--- a/terraform/cloud-init.yml
+++ b/terraform/cloud-init.yml
@@ -9,6 +9,29 @@ packages:
   - curl
   - git
 
+write_files:
+  path: /root/atrium.yaml
+  content: |
+    hostname: $(scw-userdata atrium_hostname)
+    debug_mode: false
+    letsencrypt_email: $(scw_userdata atrium_letsencrypt_email)
+    apps: # optional : applications served by atrium
+      - id: 1
+        name: Code
+        icon: web_asset
+        color: 4292030255
+        is_proxy: true
+        host: "code-$(scw_userdata atrium_count_index)"
+        target: $(scw_userdata atrium_private_ip):8080
+    apps: # optional : applications served by atrium
+      - id: 2
+        name: Desktop
+        icon: web_asset
+        color: 4292030255
+        is_proxy: true
+        host: "desktop-$(scw_userdata atrium_count_index)"
+        target: $(scw_userdata atrium_private_ip):8081
+
 runcmd:
 # Install Rust
   - "curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y"
@@ -16,13 +39,16 @@ runcmd:
 # Install Docker
   - "curl -fsSL https://get.docker.com -o get-docker.sh"
   - "sh get-docker.sh"
-# Install atrium
-  - "git clone https://github.com/nicolaspernoud/atrium.git ./root/atrium"
+# Setup Atrium
+  - "mkdir -p /root/data/letsencrypt_cache && mkdir /root/app"
+  - "cp -f /root/atrium.yaml /root/data/app/atrium.yaml"
+# Run Atrium Container
+  - "docker run -d --name atrium --net=host -v /root/atrium.yaml:/app/atrium.yaml -v /root/GeoLite2-City.mmdb:/app/GeoLite2-City.mmdb -v /root/letsencrypt_cache:/app/letsencrypt_cache -v /root/data:/app/data nicolaspernoud/atrium:latest"
 # Install Code Server
   - "curl -fsSL https://code-server.dev/install.sh | sh"
   - "mkdir -p  /root/.config/code-server/"
   - 'echo "bind-addr: 0.0.0.0:8080\nauth: password\npassword: $(scw-userdata user_password)\ncert: false\n" > /root/.config/code-server/config.yaml'
 # Run Code Server
-#  - "systemctl enable --now code-server@$USER"
+  - "systemctl enable --now code-server@$USER"
 # Run Webtop Container
-#  - "docker run -d --name=webtop --security-opt seccomp=unconfined -e PUID=0 -e PGID=0 -e TZ=Europe/Paris -e SUBFOLDER=/ -e KEYBOARD=fr-fr-azerty -e AUTO_LOGIN=false -p 80:3000 -v /root/webtop_data/:/config -v /var/run/docker.sock:/var/run/docker.sock --shm-size=8gb --cap-add=NET_ADMIN --privileged --restart unless-stopped --sysctl net.ipv6.conf.all.disable_ipv6=0 lscr.io/linuxserver/webtop:ubuntu-xfce"
+  - "docker run -d --name=webtop --security-opt seccomp=unconfined -e PUID=0 -e PGID=0 -e TZ=Europe/Paris -e SUBFOLDER=/ -e KEYBOARD=fr-fr-azerty -e AUTO_LOGIN=false -p 80:3000 -v /root/webtop_data/:/config -v /var/run/docker.sock:/var/run/docker.sock --shm-size=8gb --cap-add=NET_ADMIN --privileged --restart unless-stopped --sysctl net.ipv6.conf.all.disable_ipv6=0 lscr.io/linuxserver/webtop:ubuntu-xfce"
diff --git a/terraform/main.tf b/terraform/main.tf
index d423eed..e1b7aac 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -44,7 +44,7 @@ resource "scaleway_domain_record" "host_subdomain_record" {
 
 resource "scaleway_instance_security_group" "www" {
   project_id              = var.SCW_PROJECT_ID
-  name                    = "security-group-daag-lab-${var.ENVIRONMENT}"
+  name                    = "security-group-lab-daag-${var.ENVIRONMENT}"
   inbound_default_policy  = "drop"
   outbound_default_policy = "accept"
 
@@ -76,19 +76,25 @@ resource "scaleway_instance_security_group" "www" {
 resource "scaleway_instance_server" "user_instance_server" {
   count             = var.INSTANCES_COUNT
   project_id        = var.SCW_PROJECT_ID
-  name              = "instance-${count.index}-daag-lab-${var.ENVIRONMENT}"
+  name              = "instance-${count.index}-lab-daag-${var.ENVIRONMENT}"
   type              = "DEV1-L"
   image             = "ubuntu_jammy"
   ip_id             = scaleway_instance_ip.public_ip[count.index].id
   security_group_id = scaleway_instance_security_group.www.id
 
   user_data = {
+    atrium_private_ip = scaleway_instance_ip.public_ip[count.index].address
+    atrium_count_index = count.index
+    atrium_hostname = scaleway_domain_record.host_subdomain_record[count.index].name
+    atrium_letsencrypt_email = var.LETSENCRYPT_EMAIL
     user_password = var.USER_PASSWORD
     cloud-init = file("cloud-init.yml")
   }
 
   depends_on = [
-    scaleway_account_ssh_key.ssh_key,
-    scaleway_instance_security_group.www
+    scaleway_instance_ip.public_ip,
+    scaleway_instance_security_group.www,
+    scaleway_domain_record.host_subdomain_record,
+    scaleway_domain_record.subdomain_record
   ]
 }
\ No newline at end of file
diff --git a/terraform/output.tf b/terraform/output.tf
index a31ec88..62ee373 100644
--- a/terraform/output.tf
+++ b/terraform/output.tf
@@ -5,9 +5,4 @@
 output "public_ip_address" {
   value     = scaleway_instance_ip.public_ip[*].address
   sensitive = false
-}
-
-output "USER_PASSWORD" {
-  value = var.USER_PASSWORD
-  sensitive = false
 }
\ No newline at end of file
diff --git a/terraform/variables-gitlab.tf b/terraform/variables-gitlab.tf
index f9c58d8..db99aa3 100644
--- a/terraform/variables-gitlab.tf
+++ b/terraform/variables-gitlab.tf
@@ -30,9 +30,15 @@ variable "SCW_SSH_PRIVATE_KEY" {
   description = "SSH private key from Gitlab agent for remote-exec"
 }
 
+variable "LETSENCRYPT_EMAIL" {
+  type        = string
+  sensitive   = true
+  description = "User password for accessing services"
+}
+
 variable "USER_PASSWORD" {
   type        = string
-  sensitive   = false
+  sensitive   = true
   description = "User password for accessing services"
 }
 
-- 
GitLab