Initialize Module

Author: Mmadu Manasseh

.gitignore

@@ -0,0 +1,14 @@
+*.tfvars
+*.tfstate*
+.terraform/
+**/inspec.lock
+*.gem
+Gemfile.lock
+terraform.tfstate.d/
+eks-admin-cluster-role-binding.yaml
+eks-admin-service-account.yaml
+.idea/
+*.iml
+config-map-aws-auth*.yaml
+kubeconfig_*
+*.swp

.gitlab-ci.yml

@@ -0,0 +1,48 @@
+variables:
+  DOCKER_USERNAME: _json_key
+  DOCKER_TLS_CERTDIR: ""
+  DOCKER_HOST: tcp://docker:2375
+  GCLOUD_SDK: gcr.io/google.com/cloudsdktool/cloud-sdk
+
+image:
+  name: hashicorp/terraform:0.13.3
+  entrypoint:
+    - "/usr/bin/env"
+    - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+stages:
+  - init
+  - validate
+
+
+cache: &cache
+  key: "${CI_COMMIT_REF_SLUG}-$CI_PROJECT_DIR-$DEPLOY_DIR"
+  paths:
+    - $CI_PROJECT_DIR/$DEPLOY_DIR/.terraform
+
+init:
+  stage: init
+  script:
+    - terraform init -input=false
+
+#------------------------------
+# TERRAFORM LINT TEMPLATE
+#------------------------------
+validate:
+  stage: validate
+  script:
+    - terraform validate
+  cache:
+    <<: *cache
+    policy: pull
+
+#------------------------------
+# TERRAFORM LINT TEMPLATE
+#------------------------------
+lint:
+  stage: validate
+  script:
+    - terraform fmt -check -diff -write=false --recursive .
+  cache:
+    <<: *cache
+    policy: pull

.pre-commit-config.yaml

@@ -0,0 +1,8 @@
+repos:
+- repo: git://github.com/antonbabenko/pre-commit-terraform
+  rev: v1.43.0
+  hooks:
+    - id: terraform_fmt
+    - id: terraform_docs
+    - id: terraform_validate
+    - id: terraform_tflint

CONTRIBUTIONS.md

@@ -0,0 +1,33 @@
+# Contributing
+
+When contributing to this repository, please first discuss the change you wish to make via issue,
+email, or any other method with the owners of this repository before making a change.
+
+Please note we have a code of conduct, please follow it in all your interactions with the project.
+
+## Pull Request Process
+
+1.  Ensure any install or build dependencies are removed before the end of the layer when doing a build.  Follow [these instructions](https://github.com/antonbabenko/pre-commit-terraform#how-to-install) to install pre-commit locally to run pre-commit terraform hooks to validate your changes before committing
+2.  Update the README.md with details of changes to the interface, this includes new environment variables, exposed ports, useful file locations and container parameters.
+3. Once all outstanding comments and checklist items have been addressed, your contribution will be merged! Merged PRs will be included in the next release. The mainteners takes care of updating the CHANGELOG as they merge.
+
+## Checklists for contributions
+
+- [ ] Add [sementics prefix](#semantic-pull-requests) to your PR or Commits (at leats one of your commit groups)
+- [ ] CI tests are passing
+- [ ] README.md has been updated after any changes to variables and outputs. See [docs generation](README.md#doc-generation)
+
+## Semantic Pull Requests
+
+To generate changelog, Pull Requests or Commits must have sementic and must follow conventional specs below:
+
+- `feat:` for new features
+- `fix:` for bug fixes
+- `improvement:` for enhancements
+- `docs:` for documentation and examples
+- `refactor:` for code refactoring
+- `test:` for tests
+- `ci:` for CI purpose
+- `chore:` for chores stuff
+
+The `chore` prefix skipped during changelog generation. It can be used for `chore: update changelog` commit message by example.

README.md

@@ -0,0 +1,83 @@
+# Terraform OpenVPN GCP
+A terraform module to setup OpenVPN on GCP
+
+
+## Usage
+
+```hcl
+module "openvpn" {
+  source     = "../modules/terraform-openvpn-gcp"
+  region     = var.region
+  project_id = var.project_id
+  network    = module.vpc.network
+  subnetwork = module.vpc.public_subnetwork
+  hostname   = "openvpn"
+  output_dir = "${path.module}/openvpn"
+  users      = ["bob", "alice"]
+}
+
+```
+
+## Doc generation
+
+Code formatting and documentation for variables and outputs is generated using [pre-commit-terraform hooks](https://github.com/antonbabenko/pre-commit-terraform) which uses [terraform-docs](https://github.com/segmentio/terraform-docs).
+
+
+And install `terraform-docs` with
+```bash
+go get github.com/segmentio/terraform-docs
+```
+or
+```bash
+brew install terraform-docs.
+```
+
+## Contributing
+
+Report issues/questions/feature requests on in the issues section.
+
+Full contributing guidelines are covered [here](CONTRIBUTIONS.md).
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| google | n/a |
+| local | n/a |
+| null | n/a |
+| random | n/a |
+| tls | n/a |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| disk\_size\_gb | n/a | `string` | `"30"` | no |
+| hostname | Hostname of instances | `string` | `"openvpn"` | no |
+| image\_family | n/a | `string` | `"ubuntu-2004-lts"` | no |
+| labels | Labels, provided as a map | `map` | `{}` | no |
+| metadata | Metadata, provided as a map | `map` | `{}` | no |
+| network | The name or self\_link of the network to attach this interface to. Use network attribute for Legacy or Auto subnetted networks and subnetwork for custom subnetted networks. | `any` | `null` | no |
+| network\_tier | Network network\_tier | `string` | `"STANDARD"` | no |
+| output\_dir | Folder to store all user openvpn details | `string` | `"openvpn"` | no |
+| project\_id | The GCP Project ID | `any` | `null` | no |
+| region | The GCP Project Region | `any` | `null` | no |
+| remote\_user | The user to operate as on the VM. SSH Key is generated for this user | `string` | `"ubuntu"` | no |
+| service\_account | Service account to attach to the instance. See https://www.terraform.io/docs/providers/google/r/compute_instance_template.html#service_account. | <pre>object({<br>    email  = string,<br>    scopes = set(string)<br>  })</pre> | <pre>{<br>  "email": null,<br>  "scopes": []<br>}</pre> | no |
+| source\_image\_project | n/a | `string` | `"ubuntu-os-cloud"` | no |
+| subnetwork | The name of the subnetwork to attach this interface to. The subnetwork must exist in the same region this instance will be created in. Either network or subnetwork must be provided. | `any` | `null` | no |
+| tags | network tags to attach to the instance | `list` | `[]` | no |
+| users | list of user to create | `list(string)` | `[]` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| users | Created Users |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

main.tf

@@ -0,0 +1,146 @@
+# Uses https://github.com/angristan/openvpn-install to setup VPN in a google VM
+# creates and deletes users accordingly
+
+locals {
+  metadata = merge(var.metadata, {
+    sshKeys = "${var.remote_user}:${tls_private_key.ssh-key.public_key_openssh}"
+  })
+  ssh_tag          = ["allow-ssh"]
+  tags             = toset(concat(var.tags, local.ssh_tag))
+  output_folder    = var.output_dir
+  private_key_file = "private-key.pem"
+}
+
+resource "google_compute_firewall" "allow-external-ssh" {
+  name    = "allow-external-ssh"
+  network = var.network
+
+  allow {
+    protocol = "tcp"
+    ports    = ["22"]
+  }
+
+  source_ranges = ["0.0.0.0/0"]
+  target_tags   = local.ssh_tag
+}
+
+resource "google_compute_address" "default" {
+  name         = "global-openvpn-ip"
+  region       = var.region
+  network_tier = var.network_tier
+}
+
+resource "tls_private_key" "ssh-key" {
+  algorithm = "RSA"
+}
+
+
+// SSH Private Key
+resource "local_file" "private_key" {
+  sensitive_content = tls_private_key.ssh-key.private_key_pem
+  filename          = "${var.output_dir}/${local.private_key_file}"
+  file_permission   = "0400"
+}
+
+resource "random_id" "this" {
+  byte_length = "8"
+}
+
+resource "random_id" "password" {
+  byte_length = "16"
+}
+
+module "instance_template" {
+  source               = "terraform-google-modules/vm/google//modules/instance_template"
+  version              = "~>6.0.0"
+  region               = var.region
+  project_id           = var.project_id
+  network              = var.network
+  subnetwork           = var.subnetwork
+  metadata             = local.metadata
+  service_account      = var.service_account
+  source_image_family  = var.image_family
+  source_image_project = var.source_image_project
+  disk_size_gb         = var.disk_size_gb
+
+  startup_script = <<SCRIPT
+    curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh
+    chmod +x openvpn-install.sh
+    mv openvpn-install.sh /home/${var.remote_user}/
+    export AUTO_INSTALL=y
+    export PASS=1
+    /home/${var.remote_user}/openvpn-install.sh
+  SCRIPT
+
+  tags   = local.tags
+  labels = var.labels
+}
+
+
+module "openvpn_vm" {
+  source            = "terraform-google-modules/vm/google//modules/compute_instance"
+  version           = "~>6.0.0"
+  region            = var.region
+  network           = var.network
+  subnetwork        = var.subnetwork
+  hostname          = var.hostname
+  instance_template = module.instance_template.self_link
+
+  access_config = [{
+    nat_ip       = google_compute_address.default.address
+    network_tier = var.network_tier
+  }]
+}
+
+
+resource "null_resource" "openvpn_update_users_script" {
+  triggers = {
+    users = join(", ", var.users)
+  }
+
+  connection {
+    type        = "ssh"
+    user        = var.remote_user
+    host        = google_compute_address.default.address
+    private_key = tls_private_key.ssh-key.private_key_pem
+  }
+
+  provisioner "file" {
+    source      = "${path.module}/scripts/update_users.sh"
+    destination = "/home/${var.remote_user}/update_users.sh"
+    when        = create
+  }
+
+  # Create New User with MENU_OPTION=1
+  provisioner "remote-exec" {
+    inline = [
+      "while [ ! -f /etc/openvpn/server.conf ]; do sleep 10; done",
+      "chmod +x ~${var.remote_user}/update_users.sh",
+      "sudo ~${var.remote_user}/update_users.sh ${join(" ", var.users)}",
+    ]
+    when = create
+  }
+
+  depends_on = [module.openvpn_vm, local_file.private_key]
+}
+
+# Download user configurations to output_dir
+resource "null_resource" "openvpn_download_configurations" {
+  depends_on = [null_resource.openvpn_update_users_script]
+
+  triggers = {
+    users = join(", ", var.users)
+  }
+
+  # Copy .ovpn config for user from server to var.output_dir
+  provisioner "local-exec" {
+    working_dir = var.output_dir
+    command     = <<SCRIPT
+      scp -i ${local.private_key_file} \
+          -o StrictHostKeyChecking=no \
+          -o UserKnownHostsFile=/dev/null \
+          ${var.remote_user}@${google_compute_address.default.address}:/home/${var.remote_user}/*.ovpn .
+    SCRIPT
+    when        = create
+  }
+}

output.tf

@@ -0,0 +1,4 @@
+output "users" {
+  description = "Created Users"
+  value       = var.users
+}