Add work to the development branch

Author: mcgirr

modules/terraform-aws-nixos-webserver-wrapper/ebs.tf

@@ -0,0 +1,36 @@
+# An ebs volume to mount that stores the existing emails
+# resource "aws_ebs_volume" "mailbox" {
+#   availability_zone = var.azs[0]
+#   encrypted  = true
+#   kms_key_id = aws_kms_key.mail.arn
+#   size       = 60
+#   tags = {
+#     Name = "${var.name_prefix}-ebs-volume"
+#   }
+# }
+
+# TODO review/setup
+# This will be mounted to /var/vmail/
+#
+# Attach the email EBS volume to the instance
+# resource "aws_volume_attachment" "mailbox" {
+
+#   # The device name to expose to the instance (for example, /dev/sdh or xvdh).
+#   device_name = "/dev/sdh"
+#   # TODO change this or set up a way for it to be mounted by the instance where
+#   # the mailserver puts the mail files
+#   # https://www.terraform.io/docs/providers/aws/r/volume_attachment.html#device_name
+
+#   volume_id   = aws_ebs_volume.mailbox.id
+#   instance_id = aws_instance.email_server.id
+# }
+
+# # TODO review EBS snapshots
+# # Create a snap of the EBS volume
+# resource "aws_ebs_snapshot" "mailbox_snapshot" {
+#   volume_id = aws_ebs_volume.mailbox.id
+#
+#   tags = {
+#     Name = "${var.name_prefix}-ebs-volume-snapshot"
+#   }
+# }

modules/terraform-aws-nixos-webserver-wrapper/ec2.tf

@@ -81,6 +81,9 @@ resource "aws_instance" "web_server" {
     kms_key_id = aws_kms_key.root.arn
   }
 
+  # ebs_block_device cannot be mixed with external aws_ebs_volume and
+  # aws_volume_attachment resources for a given instance.
+
   tags = {
     Name      = "${var.name_prefix}-web-server"
     Terraform = true

modules/terraform-aws-nixos-webserver-wrapper/kms.tf

@@ -2,7 +2,14 @@
 resource "aws_kms_key" "root" {
   description = "The KMS key used to encrypt the root EBS volume for the ${var.base_domain} web server instance."
 
+  # policy = TODO
+
   tags = {
     Name = "${var.name_prefix}-root-volume-kms-key"
   }
 }
+
+# TODO see https://www.terraform.io/docs/providers/aws/r/ebs_default_kms_key.html
+# resource "aws_ebs_default_kms_key" "example" {
+#   key_arn = "${aws_kms_key.example.arn}"
+# }

modules/terraform-aws-nixos-webserver-wrapper/templates/configuration.nix.tpl

@@ -39,11 +39,9 @@
         locations."/" = {
           root = "/var/www/${content_location}/_site";
         };
-
-
       };
 
-      # TODO combine this with the above so that this doesn't repeat itself
+      # TODO combine this with the above so that this doesn't repeat itself 
 
       "${domain}" = {
         forceSSL = true;
@@ -53,7 +51,6 @@
         locations."/" = {
           root = "/var/www/${content_location}/_site";
         };
-
       };
 
     };

modules/terraform-aws-nixos-webserver-wrapper/variables.tf

@@ -40,13 +40,14 @@ variable "public_subnet_cidr" {
 
 variable "public_subnet_extra_tags" {
   description = "Extra tags that will be added to public subnets."
-  default     = {}
+  default     = {} # TODO remove default
   type        = map
 }
 
+# TODO review
 variable "public_gateway_extra_tags" {
   description = "Extra tags that will be added to Internet Gateway and public Routing Tables."
-  default     = {}
+  default     = {} # TODO remove default
   type        = map
 }
 
@@ -96,7 +97,7 @@ variable "az" {
 
 variable "vpc_extra_tags" {
   description = "Extra tags that will be added to VPC and DHCP Options. Note that duplicate keys will overwrite those from the extra_tags variable."
-  default     = {}
+  default     = {} # TODO remove default
   type        = map
 }
 

modules/terraform-aws-nixos-webserver-wrapper/webserver-sg.tf

@@ -56,4 +56,4 @@ module "web-server-https-rule" {
   security_group_id = module.web-server-sg.id
 }
 
-# TODO add ping icmp 
+# TODO add ping icmp