moving deprecated things to it's own folder

2024-05-04 18:58:51 -07:00
parent 6203f355b2
commit 5abcff70ec
53 changed files with 1 additions and 8 deletions
--- a/infra/deprecated/load-balancer/Makefile
+++ b/infra/deprecated/load-balancer/Makefile
@@ -0,0 +1,24 @@
+plan=out.plan
+
+SHELL := /bin/bash
+
+$(plan): *.tf
+	source ../secrets/set-env.sh && terraform plan -input=false -out $(plan)
+
+push: build
+	source ../secrets/set-env.sh && terraform apply $(plan)
+
+refresh:
+	source ../secrets/set-env.sh && terraform apply -refresh-only
+
+test:
+	terraform validate
+
+
+rip:
+	source ../secrets/set-env.sh && terraform plan -destroy -out $(plan)
+
+clean:
+	rm -f $(plan)
+
+.PHONY: test build clean push rip
--- a/infra/deprecated/load-balancer/backend.tf
+++ b/infra/deprecated/load-balancer/backend.tf
@@ -0,0 +1,24 @@
+terraform {
+  required_version = ">= 0.13"
+  backend "s3" {
+      bucket  = "project-athens"
+      key     = "infra/load-balancer/state/build.tfstate"
+      region  = "us-west-1"
+      encrypt = true
+  }
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "4.13.0"
+    }
+  }
+}
+
+# Base config for using AWS features w/ Terraform
+provider "aws" {
+  access_key = var.aws_key
+  secret_key = var.aws_secret
+  region = var.aws_region
+  max_retries = 1
+}
+
--- a/infra/deprecated/load-balancer/data.tf
+++ b/infra/deprecated/load-balancer/data.tf
@@ -0,0 +1,12 @@
+data "aws_vpc" "athens" {
+  id = var.vpc_id
+}
+
+data "aws_subnet" "delphi" {
+  id = "subnet-0a1943f26e4338cf6"
+}
+
+data "aws_subnet" "crete" {
+  id = "subnet-09302319a6678643f"
+}
+
--- a/infra/deprecated/load-balancer/load-balancer.tf
+++ b/infra/deprecated/load-balancer/load-balancer.tf
@@ -0,0 +1,93 @@
+# Here is the application load balancer that we use for services hosted on ECS
+##############################################################################
+
+
+# The LB that we'll use to move traffic into our services
+#########################################################
+resource "aws_lb" "alpha" {
+    name = "alpha-lb"
+    internal = false
+    load_balancer_type = "application"
+    subnets = [ data.aws_subnet.delphi.id, data.aws_subnet.crete.id ]
+    security_groups = [
+      var.sg.ecs_web_ingress,
+      var.sg.lb_health_check
+    ]
+    # TODO: change this to true later
+    enable_deletion_protection = false
+}
+
+## ECS services manage themselves when it comes to registering to the
+## target group so we only need to provide the pool
+#####################################################################
+resource "aws_lb_target_group" "nginx" {
+  name = local.nginx_name 
+  port = var.nginx_port
+  protocol = "HTTP"
+  target_type = "ip"
+  vpc_id = data.aws_vpc.athens.id
+  health_check {
+    interval = local.nginx_hp_check_interval
+  }
+}
+
+resource "aws_lb_listener" "http" {
+  load_balancer_arn  = aws_lb.alpha.arn
+  port                = 80
+  protocol            = "HTTP"
+  default_action { 
+    type = "redirect"
+
+    redirect {
+      port        = 443
+      protocol    = "HTTPS"
+      status_code = "HTTP_301"
+    }
+  }
+}
+
+resource "aws_lb_listener" "https" {
+  load_balancer_arn = aws_lb.alpha.arn
+  port            = 443
+  protocol        = "HTTPS"
+  ssl_policy      = "ELBSecurityPolicy-2016-08"
+
+  certificate_arn = aws_acm_certificate_validation.shockrah_xyz.certificate_arn
+  default_action {
+    type = "fixed-response"
+    fixed_response {
+      content_type = "text/plain"
+      message_body = "Literally how"
+      status_code  = "400"
+    }
+  }
+}
+
+resource "aws_lb_listener_rule" "beta" {
+  listener_arn = aws_lb_listener.https.arn
+  priority = 100
+  action {
+      type = "forward"
+      target_group_arn = aws_lb_target_group.nginx.arn
+  }
+  condition {
+    host_header {
+      values = local.domains
+    }
+  }
+}
+
+
+# Certificate attachment for project athens
+###########################################
+# Additional certificate project-athens
+resource "aws_lb_listener_certificate" "alpha_project_athens_cert" {
+  listener_arn    = aws_lb_listener.https.arn
+  certificate_arn = aws_acm_certificate_validation.project_athens_xyz.certificate_arn
+}
+
+resource "aws_lb_listener_certificate" "alpha_temper_tv_cert" {
+  listener_arn    = aws_lb_listener.https.arn
+  certificate_arn = aws_acm_certificate_validation.temper_tv.certificate_arn
+}
+
--- a/infra/deprecated/load-balancer/local.tf
+++ b/infra/deprecated/load-balancer/local.tf
@@ -0,0 +1,15 @@
+locals {
+  # ECR 
+  repos = [
+    "reverse-proxy",
+  ]
+  domains = [
+    "shockrah.xyz",
+    "project-athens.xyz",
+    "resume.shockrah.xyz",
+    "temper.tv"
+  ]
+  nginx_name = "${var.athens_prefix}-nginx-static-content"
+  nginx_hp_check_interval = 300
+}
+
--- a/infra/deprecated/load-balancer/project-athens-xyz-cert.tf
+++ b/infra/deprecated/load-balancer/project-athens-xyz-cert.tf
@@ -0,0 +1,24 @@
+# Base certificate for project athens
+#####################################
+resource "aws_acm_certificate" "project_athens_xyz" {
+  domain_name       = "*.project-athens.xyz"
+  subject_alternative_names = [ "project-athens.xyz" ]
+  validation_method = "DNS"
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_route53_record" "project_athens_xyz_cert" {
+  zone_id   = var.project_athens_zone
+  name      = tolist(aws_acm_certificate.project_athens_xyz.domain_validation_options)[0].resource_record_name
+  type      = tolist(aws_acm_certificate.project_athens_xyz.domain_validation_options)[0].resource_record_type
+  records   = [ tolist(aws_acm_certificate.project_athens_xyz.domain_validation_options)[0].resource_record_value ]
+  ttl       = 300
+} 
+
+resource "aws_acm_certificate_validation" "project_athens_xyz" {
+  certificate_arn = aws_acm_certificate.project_athens_xyz.arn
+  validation_record_fqdns = [ aws_route53_record.project_athens_xyz_cert.fqdn ]
+}
--- a/infra/deprecated/load-balancer/shockrah-xyz-cert.tf
+++ b/infra/deprecated/load-balancer/shockrah-xyz-cert.tf
@@ -0,0 +1,29 @@
+# Base cerificate for shockrah_xyz
+##################################
+resource "aws_acm_certificate" "shockrah_xyz" {
+  domain_name   = "*.shockrah.xyz"
+  subject_alternative_names = [ "shockrah.xyz" ]
+  validation_method = "DNS"
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+# DNS RECORDS
+#############
+resource "aws_route53_record" "shockrah_xyz_cert" {
+  zone_id   = var.shockrah_zone
+  name      = tolist(aws_acm_certificate.shockrah_xyz.domain_validation_options)[0].resource_record_name
+  type      = tolist(aws_acm_certificate.shockrah_xyz.domain_validation_options)[0].resource_record_type
+  records   = [ tolist(aws_acm_certificate.shockrah_xyz.domain_validation_options)[0].resource_record_value ]
+  ttl       = 300
+} 
+
+# Validation configuration blocks used by terraform 
+###################################################
+resource "aws_acm_certificate_validation" "shockrah_xyz" {
+  certificate_arn = aws_acm_certificate.shockrah_xyz.arn
+  validation_record_fqdns = [ aws_route53_record.shockrah_xyz_cert.fqdn ]
+}
+
--- a/infra/deprecated/load-balancer/temper-tv-cert.tf
+++ b/infra/deprecated/load-balancer/temper-tv-cert.tf
@@ -0,0 +1,30 @@
+# Base cerificate for shockrah_xyz
+##################################
+resource "aws_acm_certificate" "temper_tv" {
+  domain_name   = "*.temper.tv"
+  subject_alternative_names = [ "temper.tv" ]
+  validation_method = "DNS"
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+# DNS RECORDS
+#############
+resource "aws_route53_record" "temper_tv_cert" {
+  zone_id   = var.temper_zone
+  name      = tolist(aws_acm_certificate.temper_tv.domain_validation_options)[0].resource_record_name
+  type      = tolist(aws_acm_certificate.temper_tv.domain_validation_options)[0].resource_record_type
+  records   = [ tolist(aws_acm_certificate.temper_tv.domain_validation_options)[0].resource_record_value ]
+  ttl       = 300
+} 
+
+# Validation configuration blocks used by terraform 
+###################################################
+resource "aws_acm_certificate_validation" "temper_tv" {
+  certificate_arn = aws_acm_certificate.temper_tv.arn
+  validation_record_fqdns = [ aws_route53_record.temper_tv_cert.fqdn ]
+}
+
+
--- a/infra/deprecated/load-balancer/variables.tf
+++ b/infra/deprecated/load-balancer/variables.tf
@@ -0,0 +1,56 @@
+# All variables that are used in various places go here
+
+######################### General provider specific values
+
+variable "aws_key" {
+	description = "Access Key for AWS operations"
+	type = string
+	sensitive = true
+}
+
+variable "aws_secret" {
+	description = "Secret Key for AWS operations"
+	type = string
+	sensitive = true
+}
+
+variable "aws_region" {
+	description = "Region where the VPC is located"
+	type = string
+	sensitive = true
+}
+
+variable "vpc_id" {
+  description = "Project Athens VPC ID"
+  type = string
+}
+
+variable "athens_prefix" {
+	description = "Prefix for all things in alpha cluster"
+	type = string
+}
+
+variable "nginx_port" {
+  description = "Port for shockrah.xyz"
+  type        = number
+}
+
+variable "sg" {
+  type = object({
+    base_ecs        = string
+    ecs_web_ingress = string
+    lb_health_check = string
+  })
+}
+
+variable "shockrah_zone" {
+  type = string
+}
+
+variable "project_athens_zone" {
+  type = string
+}
+
+variable "temper_zone" {
+  type = string
+}