mirror of
https://github.com/digital-asset/daml.git
synced 2024-11-10 10:46:11 +03:00
cfae2d88f5
* fixup terraform config Two changes have happened recently that have invalidated the current Terraform files: 1. The Terraform version has gone through a major, incompatible upgrade (#8190); the required updates for this are reflected in the first commit of this PR. 2. The certificate used to serve [Hoogle](https://hoogle.daml.com) was about to expire, so Edward created a new one and updated the config directly. The second commit in this PR updates the Terraform config to match that new, already-in-prod setting. Note: This PR applies cleanly, as there are no resulting changes in Terraform's perception of the target state from 1, and the change from 2 has already been applied through other channels. CHANGELOG_BEGIN CHANGELOG_END * update hoogle cert
41 lines
1.3 KiB
HCL
41 lines
1.3 KiB
HCL
# Copyright (c) 2021 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
// Setup the Nix bucket + CDN
|
|
locals {
|
|
nix_cache_name = "daml-nix-cache"
|
|
|
|
// see main.tf for additional locals
|
|
}
|
|
|
|
module "nix_cache" {
|
|
source = "./modules/gcp_cdn_bucket"
|
|
|
|
labels = local.labels
|
|
name = local.nix_cache_name
|
|
project = local.project
|
|
region = local.region
|
|
ssl_certificate = "https://www.googleapis.com/compute/v1/projects/da-dev-gcp-daml-language/global/sslCertificates/nix-cache"
|
|
cache_retention_days = 360
|
|
}
|
|
|
|
// allow rw access for CI writer (see writer.tf)
|
|
resource "google_storage_bucket_iam_member" "nix_cache_writer_create" {
|
|
bucket = module.nix_cache.bucket_name
|
|
|
|
# https://cloud.google.com/storage/docs/access-control/iam-roles
|
|
role = "roles/storage.objectCreator"
|
|
member = "serviceAccount:${google_service_account.writer.email}"
|
|
}
|
|
resource "google_storage_bucket_iam_member" "nix_cache_writer_read" {
|
|
bucket = module.nix_cache.bucket_name
|
|
|
|
# https://cloud.google.com/storage/docs/access-control/iam-roles
|
|
role = "roles/storage.objectViewer"
|
|
member = "serviceAccount:${google_service_account.writer.email}"
|
|
}
|
|
|
|
output "nix_cache_ip" {
|
|
value = module.nix_cache.external_ip
|
|
}
|