From f430c6b0e14a097e8bd1f370651ce0149db632d0 Mon Sep 17 00:00:00 2001
From: Damien Duportal <damien.duportal@gmail.com>
Date: Mon, 25 Sep 2023 16:16:09 +0200
Subject: [PATCH] feat: add archives.jenkins.io VM

Signed-off-by: Damien Duportal <damien.duportal@gmail.com>
---
 archives.jenkins.io.tf         | 81 ++++++++++++++++++++++++++++++++++
 ssh/id_archives_jenkins_io.pub |  1 +
 2 files changed, 82 insertions(+)
 create mode 100644 archives.jenkins.io.tf
 create mode 100644 ssh/id_archives_jenkins_io.pub

diff --git a/archives.jenkins.io.tf b/archives.jenkins.io.tf
new file mode 100644
index 0000000..0fb57f7
--- /dev/null
+++ b/archives.jenkins.io.tf
@@ -0,0 +1,81 @@
+resource "digitalocean_ssh_key" "archives_jenkins_io" {
+  name       = "Administrator Public SSH Key for archives.jenkins.io"
+  public_key = file("ssh/id_archives_jenkins_io.pub")
+}
+
+resource "digitalocean_volume" "archives_jenkins_io_data" {
+  region                  = var.region
+  name                    = "archives.jenkins.io-data"
+  size                    = 700
+  initial_filesystem_type = "ext4"
+  description             = "Data disk for archives.jenkins.io"
+}
+
+resource "digitalocean_volume_attachment" "archives_jenkins_io_data" {
+  droplet_id = digitalocean_droplet.archives_jenkins_io.id
+  volume_id  = digitalocean_volume.archives_jenkins_io_data.id
+}
+
+resource "digitalocean_droplet" "archives_jenkins_io" {
+  image       = "ubuntu-22-04-x64"
+  name        = "archives.jenkins.io"
+  region      = var.region
+  size        = "s-2vcpu-2gb"
+  monitoring  = true
+  ipv6        = true
+  resize_disk = true
+  ssh_keys    = [digitalocean_ssh_key.archives_jenkins_io.fingerprint]
+  user_data   = base64encode(templatefile("${path.root}/.shared-tools/terraform/cloudinit.tftpl", { hostname = "do.archives.jenkins.io" }))
+
+}
+
+## Allow accessing the internet in HTTP/HTTPS/DNS and allow incoming HTTP/HTTP from anywhere (public service)
+#trivy:ignore:AVD-DIG-0001 trivy:ignore:AVD-DIG-0003
+resource "digitalocean_firewall" "archives_jenkins_io" {
+  name = "archives.jenkins.io"
+
+  droplet_ids = [digitalocean_droplet.archives_jenkins_io.id]
+
+  inbound_rule {
+    protocol         = "tcp"
+    port_range       = "22"
+    source_addresses = ["109.88.234.158/32"]
+  }
+
+  inbound_rule {
+    protocol         = "tcp"
+    port_range       = "80"
+    source_addresses = ["0.0.0.0/0", "::/0"]
+  }
+
+  inbound_rule {
+    protocol         = "tcp"
+    port_range       = "443"
+    source_addresses = ["0.0.0.0/0", "::/0"]
+  }
+
+
+  outbound_rule {
+    protocol              = "tcp"
+    port_range            = "53"
+    destination_addresses = ["0.0.0.0/0", "::/0"]
+  }
+
+  outbound_rule {
+    protocol              = "udp"
+    port_range            = "53"
+    destination_addresses = ["0.0.0.0/0", "::/0"]
+  }
+
+  outbound_rule {
+    protocol              = "tcp"
+    port_range            = "80"
+    destination_addresses = ["0.0.0.0/0", "::/0"]
+  }
+
+  outbound_rule {
+    protocol              = "tcp"
+    port_range            = "443"
+    destination_addresses = ["0.0.0.0/0", "::/0"]
+  }
+}
diff --git a/ssh/id_archives_jenkins_io.pub b/ssh/id_archives_jenkins_io.pub
new file mode 100644
index 0000000..9d17c00
--- /dev/null
+++ b/ssh/id_archives_jenkins_io.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyC+IXY8n+ea2DP5eu2ftwS2001NFsKHXEcHXmaTMdxJvtLCY2xyzS+QDb07KzjC6dwUnnfDRsYTeuuL7JxldMH7SsK/7Y+cRTOtr5X/xnaP4qDkbzgO34M14RxJogrwsDMhxaYSAZPZyrz7qvnRPlrwjeX165O6ehTRun9X44IwN5KN7sWsimhnoIaAJBEQAsvxcHe1Q1DbPNLKAnVZa5JEdgLlJWSpDDk8DNcdPO8SzV7bez0+lfuaU4fcwdYuTk25wU6A2VcD9kgfToBeGNjumSyrviOGt4O7i2f4Inzv+Pb+l7M5emZd4MjITtzrTNHzz/JtqZhYwow7ja/pz2jQetepL3nglSrvjJ9pFzPPcKm+SpRkpbYISpp3Kbxbbe00ZqH/LhTRncc1N0mdaO0KGa69HAp95dM7FOGVE5VFzT6TXsd89ud+p+/FF7qtOjPt/3yx735I73egJYBLG8KfVHiimhBUmd8TIGjTzD2dvFteR6jXif0FXcMfF7q98= jenkininfra-team@googlegroups.com