Split resources by service (for now)

Author: carlthome

packages/ping-home/terraform/alerts.tf

@@ -6,7 +6,7 @@ data "google_secret_manager_secret_version" "email" {
 resource "google_monitoring_notification_channel" "email" {
   display_name = "Home LAN Alerts"
   type         = "email"
-  labels = { email_address = data.google_secret_manager_secret_version.email.secret_data }
+  labels       = { email_address = data.google_secret_manager_secret_version.email.secret_data }
 }
 
 resource "google_monitoring_alert_policy" "lan_down" {

packages/ping-home/terraform/artifact-registry.tf

@@ -0,0 +1,7 @@
+resource "google_artifact_registry_repository" "repo" {
+  location      = var.google_region
+  repository_id = "lan-checker-repo"
+  description   = "Docker repository for the Home LAN Checker"
+  format        = "DOCKER"
+  depends_on    = [google_project_service.apis]
+}

packages/ping-home/terraform/cloud-run.tf

@@ -0,0 +1,54 @@
+resource "google_cloud_run_v2_service" "checker" {
+  name     = "home-lan-checker"
+  location = var.google_region
+  template {
+    service_account = google_service_account.cloudrun.email
+    scaling {
+      min_instance_count = 0
+      max_instance_count = 1
+    }
+    max_instance_request_concurrency = 1
+    containers {
+      image = "us-docker.pkg.dev/cloudrun/container/hello"
+      resources {
+        limits = {
+          cpu    = "1000m"
+          memory = "256Mi"
+        }
+        cpu_idle = true
+      }
+      env {
+        name = "HOME_LAN_ENDPOINT"
+        value_source {
+          secret_key_ref {
+            secret  = "home-lan-endpoint"
+            version = "latest"
+          }
+        }
+      }
+      env {
+        name = "TS_AUTHKEY"
+        value_source {
+          secret_key_ref {
+            secret  = "tailscale-auth-key"
+            version = "latest"
+          }
+        }
+      }
+      env {
+        name  = "TS_HOSTNAME"
+        value = "gcp-health-checker"
+      }
+      env {
+        name  = "TS_SOCKS5_SERVER"
+        value = "localhost:1055"
+      }
+    }
+  }
+  lifecycle { ignore_changes = [template[0].containers[0].image] }
+  depends_on = [
+    google_project_service.apis,
+    google_secret_manager_secret_iam_member.cloudrun_home_lan_endpoint,
+    google_secret_manager_secret_iam_member.cloudrun_tailscale_auth_key,
+  ]
+}

packages/ping-home/terraform/cloud-scheduler.tf

@@ -0,0 +1,17 @@
+resource "google_cloud_scheduler_job" "cron" {
+  depends_on       = [google_project_service.apis]
+  name             = "trigger-lan-check"
+  region           = "europe-west1"
+  description      = "Pings the home LAN every 5 minutes"
+  schedule         = "*/5 * * * *"
+  time_zone        = "UTC"
+  attempt_deadline = "30s"
+  http_target {
+    http_method = "GET"
+    uri         = google_cloud_run_v2_service.checker.uri
+    oidc_token {
+      service_account_email = google_service_account.cloudrun.email
+      audience              = "${google_cloud_run_v2_service.checker.uri}/"
+    }
+  }
+}

packages/ping-home/terraform/main.tf

@@ -34,84 +34,3 @@ resource "google_project_service" "apis" {
   service            = each.value
   disable_on_destroy = false
 }
-
-resource "google_artifact_registry_repository" "repo" {
-  location      = var.google_region
-  repository_id = "lan-checker-repo"
-  description   = "Docker repository for the Home LAN Checker"
-  format        = "DOCKER"
-  depends_on    = [google_project_service.apis]
-}
-
-resource "google_cloud_run_v2_service" "checker" {
-  name     = "home-lan-checker"
-  location = var.google_region
-  template {
-    service_account = google_service_account.cloudrun.email
-    scaling {
-      min_instance_count = 0
-      max_instance_count = 1
-    }
-    max_instance_request_concurrency = 1
-    containers {
-      image = "us-docker.pkg.dev/cloudrun/container/hello"
-      resources {
-        limits = {
-          cpu    = "1000m"
-          memory = "256Mi"
-        }
-        cpu_idle = true
-      }
-      env {
-        name = "HOME_LAN_ENDPOINT"
-        value_source {
-          secret_key_ref {
-            secret  = "home-lan-endpoint"
-            version = "latest"
-          }
-        }
-      }
-      env {
-        name = "TS_AUTHKEY"
-        value_source {
-          secret_key_ref {
-            secret  = "tailscale-auth-key"
-            version = "latest"
-          }
-        }
-      }
-      env {
-        name  = "TS_HOSTNAME"
-        value = "gcp-health-checker"
-      }
-      env {
-        name  = "TS_SOCKS5_SERVER"
-        value = "localhost:1055"
-      }
-    }
-  }
-  lifecycle { ignore_changes = [template[0].containers[0].image] }
-  depends_on = [
-    google_project_service.apis,
-    google_secret_manager_secret_iam_member.cloudrun_home_lan_endpoint,
-    google_secret_manager_secret_iam_member.cloudrun_tailscale_auth_key,
-  ]
-}
-
-resource "google_cloud_scheduler_job" "cron" {
-  depends_on       = [google_project_service.apis]
-  name             = "trigger-lan-check"
-  region           = "europe-west1"
-  description      = "Pings the home LAN every 5 minutes"
-  schedule         = "*/5 * * * *"
-  time_zone        = "UTC"
-  attempt_deadline = "30s"
-  http_target {
-    http_method = "GET"
-    uri         = google_cloud_run_v2_service.checker.uri
-    oidc_token {
-      service_account_email = google_service_account.cloudrun.email
-      audience              = "${google_cloud_run_v2_service.checker.uri}/"
-    }
-  }
-}

packages/ping-home/terraform/secrets.tf …es/ping-home/terraform/secret-manager.tfpackages/ping-home/terraform/secrets.tf renamed to packages/ping-home/terraform/secret-manager.tf packages/ping-home/terraform/secrets.tf renamed to packages/ping-home/terraform/secret-manager.tf

@@ -1,6 +1,3 @@
-# GCP Secrets for the application.
-# Terraform creates the secret resources; populate values using populate-secrets.sh.
-
 resource "google_secret_manager_secret" "home_lan_endpoint" {
   secret_id = "home-lan-endpoint"
   replication {