Collections (#7)

* added collections requiremenst for tower integration Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * added crypto & posix Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * removed older files Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated workflow uses rocky8 Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated tags Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated ansible ver Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com> * updated discord info Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2022-03-02 13:19:54 +00:00 · 2022-03-02 13:19:54 +00:00 · ac744cb5ae
commit ac744cb5ae
parent 79cc69e3d9
14 changed files with 333 additions and 82 deletions
--- a/.github/workflows/main.tf
+++ b/.github/workflows/main.tf
@ -0,0 +1,83 @@
+provider "aws" {
+  profile = ""
+  region  = var.aws_region
+}
+
+// Create a security group with access to port 22 and port 80 open to serve HTTP traffic
+
+data "aws_vpc" "default" {
+  default = true
+}
+
+resource "random_id" "server" {
+  keepers = {
+    # Generate a new id each time we switch to a new AMI id
+    ami_id = "${var.ami_id}"
+  }
+
+  byte_length = 8
+}
+
+resource "aws_security_group" "github_actions" {
+  name   = "${var.namespace}-${random_id.server.hex}"
+  vpc_id = data.aws_vpc.default.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  tags = {
+    Name = "${var.namespace}-SG"
+ }
+}
+
+// instance setup
+
+resource "aws_instance" "testing_vm" {
+  ami                         = var.ami_id
+  associate_public_ip_address = true
+  key_name                    = var.ami_key_pair_name # This is the key as known in the ec2 key_pairs
+  instance_type               = var.instance_type
+  tags                        = var.instance_tags
+  vpc_security_group_ids      = [aws_security_group.github_actions.id]
+  root_block_device {
+        delete_on_termination = true
+  }
+}
+
+// generate inventory file
+resource "local_file" "inventory" {
+  filename = "./hosts.yml"
+  directory_permission = "0755"
+  file_permission      = "0644"
+  content  = <<EOF
+    # benchmark host
+    all:
+      hosts:
+        ${var.ami_os}:
+          ansible_host: ${aws_instance.testing_vm.public_ip}
+          ansible_user: ${var.ami_username}
+      vars:
+        setup_audit: true
+        run_audit: true
+        system_is_ec2: true
+        audit_git_version: devel
+    EOF
+}
+