Terraform Digital Ocean Script

Explore

Terraform Digital Ocean Script v2

6Setup Terraform in Windows (AMD64)

⁠

https://developer.hashicorp.com/terraform/install?product_intent=terraform⁠

⁠

Download Terraform for Windows (AMD64) from

Unzip the file to a directory

Add the Terraform binary to your system's PATH:

Right-click This PC →Settings → Advanced system settings → Environment Variables.

Under User variables for Unity_0116, find the Path variable, and click Edit.

Click New, and add the path to the directory where you unzipped Terraform.

Press OK to save the changes.

terraform —version (Terraform version command)

⁠

⁠

Create API Tokens in Digital Ocean

Go to

DigitalOcean's API tokens page⁠

and log in to your account.

Generate a New Token

Name the Token

Expiration :- 30/60/90 days and No Expir

Set Permissions :- full access

⁠

⁠

Create API Tokens in GitHub

Access Personal Access Tokens:

Click on your profile icon in the top-right corner.

Select Settings from the dropdown menu.

In the left sidebar, click on Developer settings.

Click on Personal access tokens.

Create a New Token

Click on Personal access tokens (classic).

Enter a Token name to describe its purpose.

Choose an Expiration date or set it to No expiration if you prefer.

Set Permissions:

Ensure that your token has both admin:public_key and write:public_key permissions. You can regenerate the token if needed, ensuring those scopes are checked.

⁠

⁠

⁠

Generate and Copy the Token

Create API Tokens for Cloudflare

⁠

Cloudflare's API tokens page⁠

Create a new API token:

Click "Create Token

Select the "Edit zone DNS" template or create a custom token with permissions for "Zone DNS"

Zone DNS" read and edit

Define the token's permissions:

Permissions: Select "Zone DNS" and set to "Read" and "Edit."

Zone Resources: Set to "Include All Zones" or specify the zones as needed.

Click "Continue to summary" and then "Create Token."

⁠

⁠

How to Retrieve the Cloudflare Zone ID

Cloudflare Dashboard⁠

Select your account and choose the domain for which you need the Zone ID.

On the Overview page (this is the default landing page when you select a domain), scroll down to find the API section.

In this section, you will find both the Zone ID and the Account ID.

Copy the Zone ID to use in your Terraform configuration or API calls.

⁠

⁠

ssh-keygen -t rsa

And Save Terraform File

file name :- id_rsa.pub

Terraform File

create a new Terraform file

create the .tf file

⁠

provider.tf⁠

file (Terraform Provider Configuration for Digital Ocean and Cloudflare)

terraform {

required_providers {

cloudflare = {

source = "cloudflare/cloudflare"

version = "~> 3.0" # Use the latest version within the 3.x range

}

digitalocean = {

source = "digitalocean/digitalocean"

version = "~> 2.0" # Example: Use the latest version within the 2.x range

}

# Configure the DigitalOcean Provider

provider "digitalocean" {

token = var.do_token

}

# Configure the Cloudflare Provider

provider "cloudflare" {

api_token = var.cloudflare_api_token

}

terraform.tfvars

# DigitalOcean API Token

do_token = "dop_v1_cd61e7b627830e2212033ceb47b6400e1f1ed981c896b88a3ca6fe5f541da5c4"

# Cloudflare API Token

cloudflare_api_token = "z2ah0j36vxc-nJ11_4qEbDCDLNJtGK8HE8rJ4wQj"

# Cloudflare Zone ID

cloudflare_zone_id = "3dd054264c1a06c8794306590a4205e2"

# Cloudflare DNS Record Name

dns_record_name = "api.sumitdevops.xyz"

# GitHub Username

github_username = "sumit-linearloop"

# Github Token

github_token = "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"

# Github Repo URl

repo_url = "git@github.com:sumit-linearloop/digitalocean-api.git"

# Redis Password

redis_password = "Sumit@123"

# SSH Key Name

key_title = "my_ssh_key"

# SSH Key Path

public_key_path = "C:/Users/Unity_0116/.ssh/id_rsa.pub"

⁠

variables.tf⁠

# Define the DigitalOcean API token variable

variable "do_token" {

description = "The API token for DigitalOcean"

type = string

sensitive = true

}

# Define the Cloudflare API token variable

variable "cloudflare_api_token" {

description = "The API token for Cloudflare"

type = string

sensitive = true

}

# Cloudflare Zone ID

variable "cloudflare_zone_id" {

description = "The Cloudflare zone ID for the DNS records."

type = string

}

# DNS Record Name

variable "dns_record_name" {

description = "The DNS record name (e.g., subdomain)."

type = string

}

# Github Username

variable "github_username" {

description = "The GitHub username"

type = string

}

# Github Token

variable "github_token" {

description = "GitHub token for authentication"

type = string

}

# Repository URL

variable "repo_url" {

description = "The GitHub repository URL"

type = string

}

# Redis Password

variable "redis_password" {

description = "Password for Redis"

type = string

}

# SSH Key Name

variable "key_title" {

description = "Title for the SSH key"

type = string

}

# SSH Key Path

variable "public_key_path" {

description = "Path to the public key file"

type = string

default = "C:/Users/Unity_0116/.ssh/id_rsa.pub" # Default path (can be overridden)

}

variable "XDG_CONFIG_HOME" {

description = "The XDG configuration home directory"

type = string

default = "~/.config" # or any other path you want to set as default

}

⁠

main.tf⁠

⁠

# Define your SSH key for DigitalOcean using the variable

resource "digitalocean_ssh_key" "id_rsa" {

name = "id_rsa"

public_key = file(var.public_key_path) # Use the public key path variable

}

# Create the Droplet on DigitalOcean

resource "digitalocean_droplet" "nestjs_droplet" {

name = "sumit"

image = "ubuntu-22-04-x64"

region = "nyc3"

size = "s-1vcpu-2gb"

backups = false

ipv6 = true

monitoring = true

ssh_keys = [digitalocean_ssh_key.id_rsa.fingerprint]

# Pass the GitHub token to the shell script using a template

user_data = templatefile("${path.module}/betterbugs.sh", {

github_token = var.github_token,

redis_password = var.redis_password

})

}

# Output the public IP of the droplet

output "droplet_ip" {

value = digitalocean_droplet.nestjs_droplet.ipv4_address

}

# Create a Cloudflare DNS record

resource "cloudflare_record" "example_a_record" {

zone_id = var.cloudflare_zone_id

name = var.dns_record_name

value = digitalocean_droplet.nestjs_droplet.ipv4_address

type = "A"

ttl = 1

proxied = true

}

⁠

betterbugs.sh⁠

⁠

#!/bin/bash

# Redirect both stdout and stderr to the log file

LOG_FILE="/root/git-clone.log"

exec > >(tee -a "$LOG_FILE") 2>&1

# Create .ssh directory if it doesn't exist

mkdir -p ~/.ssh

# Generate the SSH key pair

ssh-keygen -t rsa -b 4096 -C "sumitkhandala246@gmail.com" -N "" -f ~/.ssh/id_rsa

# Set the correct permissions

chmod 700 ~/.ssh

chmod 600 ~/.ssh/id_rsa

chmod 644 ~/.ssh/id_rsa.pub

# Display the public key

cat ~/.ssh/id_rsa.pub

# Ensure environment variables are passed for GitHub credentials

KEY_TITLE="My_SSH_Key"

# Ensure the public key exists before reading it

if [ ! -f ~/.ssh/id_rsa.pub ]; then

echo "SSH public key not found. Please generate one using 'ssh-keygen'."

exit 1

# Read the public key

SSH_KEY=$(cat ~/.ssh/id_rsa.pub)

export GITHUB_TOKEN="${github_token}"

# GitHub token should be passed as an environment variable

# Example: export GITHUB_TOKEN="your_github_token_here"

# Check if GitHub token is provided

if [ -z "$GITHUB_TOKEN" ]; then

echo "GitHub token is not provided. Please export the GITHUB_TOKEN environment variable."

exit 1

# Make the API request to add the SSH key

response=$(curl -s -H "Authorization: token $GITHUB_TOKEN" \

-H "Accept: application/vnd.github.v3+json" \

-d "{\"title\":\"$KEY_TITLE\",\"key\":\"$SSH_KEY\"}" \

https://api.github.com/user/keys)

# Check if the key was added successfully

if echo "$response" | grep -q "id"; then

echo "SSH key added successfully to GitHub."

else

echo "Failed to add SSH key. Response:"

echo "$response"

exit 1

# Delay before proceeding

sleep 20

# Variables for cloning the repository

REPO_URL="git@github.com:sumit-linearloop/digitalocean-api.git"

CLONE_DIR="/var/www/nest-api"

Want to print your doc?
This is not the way.

Try clicking the ⋯ next to your doc name or using a keyboard shortcut (

CtrlP

) instead.