From b0e5bd50da3607c58c56dfc8126fc2a3bb68873f Mon Sep 17 00:00:00 2001
From: shockrah <dev@shockrah.xyz>
Date: Thu, 5 Oct 2023 22:20:06 -0700
Subject: [PATCH] Moving out route53 and load balancer resources

---
 infra/dns/Makefile                            | 24 +++++++++
 infra/dns/backend.tf                          | 24 +++++++++
 .../project-athens-xyz.tf}                    |  0
 .../shockrah-xyz.tf}                          |  8 +--
 infra/dns/variables.tf                        | 31 +++++++++++
 infra/input-vars.tf                           |  8 +++
 infra/load-balancer/Makefile                  | 24 +++++++++
 infra/load-balancer/backend.tf                | 24 +++++++++
 infra/{ => load-balancer}/cert.tf             |  4 +-
 infra/load-balancer/data.tf                   | 12 +++++
 infra/{ => load-balancer}/load-balancer.tf    |  0
 infra/load-balancer/local.tf                  | 13 +++++
 infra/load-balancer/variables.tf              | 53 +++++++++++++++++++
 13 files changed, 219 insertions(+), 6 deletions(-)
 create mode 100644 infra/dns/Makefile
 create mode 100644 infra/dns/backend.tf
 rename infra/{route53-project-athens-xyz.tf => dns/project-athens-xyz.tf} (100%)
 rename infra/{route53-shockrah-xyz.tf => dns/shockrah-xyz.tf} (88%)
 create mode 100644 infra/dns/variables.tf
 create mode 100644 infra/load-balancer/Makefile
 create mode 100644 infra/load-balancer/backend.tf
 rename infra/{ => load-balancer}/cert.tf (95%)
 create mode 100644 infra/load-balancer/data.tf
 rename infra/{ => load-balancer}/load-balancer.tf (100%)
 create mode 100644 infra/load-balancer/local.tf
 create mode 100644 infra/load-balancer/variables.tf

diff --git a/infra/dns/Makefile b/infra/dns/Makefile
new file mode 100644
index 0000000..507406e
--- /dev/null
+++ b/infra/dns/Makefile
@@ -0,0 +1,24 @@
+plan=out.plan
+
+SHELL := /bin/bash
+
+$(plan): *.tf
+	source secrets/set-env.sh && terraform plan -input=false -out $(plan)
+
+push: build
+	source secrets/set-env.sh && terraform apply $(plan)
+
+refresh:
+	source secrets/set-env.sh && terraform apply -refresh-only
+
+test:
+	terraform validate
+
+
+rip:
+	source secrets/set-env.sh && terraform destroy
+
+clean:
+	rm -f $(plan)
+
+.PHONY: test build clean push rip
diff --git a/infra/dns/backend.tf b/infra/dns/backend.tf
new file mode 100644
index 0000000..66f5168
--- /dev/null
+++ b/infra/dns/backend.tf
@@ -0,0 +1,24 @@
+terraform {
+  required_version = ">= 0.13"
+  backend "s3" {
+      bucket  = "project-athens"
+      key     = "infra/dns/state/build.tfstate"
+      region  = "us-west-1"
+      encrypt = true
+  }
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "4.13.0"
+    }
+  }
+}
+
+# Base config for using AWS features w/ Terraform
+provider "aws" {
+  access_key = var.aws_key
+  secret_key = var.aws_secret
+  region = var.aws_region
+  max_retries = 1
+}
+
diff --git a/infra/route53-project-athens-xyz.tf b/infra/dns/project-athens-xyz.tf
similarity index 100%
rename from infra/route53-project-athens-xyz.tf
rename to infra/dns/project-athens-xyz.tf
diff --git a/infra/route53-shockrah-xyz.tf b/infra/dns/shockrah-xyz.tf
similarity index 88%
rename from infra/route53-shockrah-xyz.tf
rename to infra/dns/shockrah-xyz.tf
index 181bf36..bc93099 100644
--- a/infra/route53-shockrah-xyz.tf
+++ b/infra/dns/shockrah-xyz.tf
@@ -34,8 +34,8 @@ locals {
       ttl     = 300
       records = [ "v=spf1 include:_mailcust.gandi.net ?all" ]
     },
-    { name = "www.shockrah.xyz",      records = [ aws_lb.alpha.dns_name ] },
-    { name = "resume.shockrah.xyz",   records = [ aws_lb.alpha.dns_name ] }
+    { name = "www.shockrah.xyz",      records = [ var.alpha.dns ] },
+    { name = "resume.shockrah.xyz",   records = [ var.alpha.dns ] }
   ]
 }
 
@@ -62,8 +62,8 @@ resource "aws_route53_record" "shockrah-xyz-apex" {
   type = "A"
 
   alias {
-    name    = aws_lb.alpha.dns_name
-    zone_id = aws_lb.alpha.zone_id
+    name    = var.alpha.dns
+    zone_id = var.alpha.zone
     evaluate_target_health = true
   }
 }
diff --git a/infra/dns/variables.tf b/infra/dns/variables.tf
new file mode 100644
index 0000000..f3e5fd9
--- /dev/null
+++ b/infra/dns/variables.tf
@@ -0,0 +1,31 @@
+# All variables that are used in various places go here
+
+######################### General provider specific values
+
+variable "aws_key" {
+	description = "Access Key for AWS operations"
+	type = string
+	sensitive = true
+}
+
+variable "aws_secret" {
+	description = "Secret Key for AWS operations"
+	type = string
+	sensitive = true
+}
+
+variable "aws_region" {
+	description = "Region where the VPC is located"
+	type = string
+	sensitive = true
+}
+
+
+variable "alpha" {
+  type = object({
+    dns  = string
+    zone = string
+  })
+}
+
+
diff --git a/infra/input-vars.tf b/infra/input-vars.tf
index 4b23934..6b45ce5 100644
--- a/infra/input-vars.tf
+++ b/infra/input-vars.tf
@@ -83,3 +83,11 @@ variable "sg" {
   })
 }
 
+variable "alpha" {
+  type = object({
+    dns  = string
+    zone = string
+  })
+}
+
+
diff --git a/infra/load-balancer/Makefile b/infra/load-balancer/Makefile
new file mode 100644
index 0000000..cb42529
--- /dev/null
+++ b/infra/load-balancer/Makefile
@@ -0,0 +1,24 @@
+plan=out.plan
+
+SHELL := /bin/bash
+
+$(plan): *.tf
+	source ../secrets/set-env.sh && terraform plan -input=false -out $(plan)
+
+push: build
+	source ../secrets/set-env.sh && terraform apply $(plan)
+
+refresh:
+	source ../secrets/set-env.sh && terraform apply -refresh-only
+
+test:
+	terraform validate
+
+
+rip:
+	source ../secrets/set-env.sh && terraform destroy
+
+clean:
+	rm -f $(plan)
+
+.PHONY: test build clean push rip
diff --git a/infra/load-balancer/backend.tf b/infra/load-balancer/backend.tf
new file mode 100644
index 0000000..f9ad43a
--- /dev/null
+++ b/infra/load-balancer/backend.tf
@@ -0,0 +1,24 @@
+terraform {
+  required_version = ">= 0.13"
+  backend "s3" {
+      bucket  = "project-athens"
+      key     = "infra/load-balancer/state/build.tfstate"
+      region  = "us-west-1"
+      encrypt = true
+  }
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "4.13.0"
+    }
+  }
+}
+
+# Base config for using AWS features w/ Terraform
+provider "aws" {
+  access_key = var.aws_key
+  secret_key = var.aws_secret
+  region = var.aws_region
+  max_retries = 1
+}
+
diff --git a/infra/cert.tf b/infra/load-balancer/cert.tf
similarity index 95%
rename from infra/cert.tf
rename to infra/load-balancer/cert.tf
index 423d00e..4dbdca8 100644
--- a/infra/cert.tf
+++ b/infra/load-balancer/cert.tf
@@ -31,7 +31,7 @@ resource "aws_acm_certificate" "project_athens_xyz" {
 # DNS RECORDS
 #############
 resource "aws_route53_record" "shockrah_xyz_cert" {
-  zone_id   = aws_route53_zone.shockrah-xyz.id
+  zone_id   = var.shockrah_zone
   name      = tolist(aws_acm_certificate.shockrah_xyz.domain_validation_options)[0].resource_record_name
   type      = tolist(aws_acm_certificate.shockrah_xyz.domain_validation_options)[0].resource_record_type
   records   = [ tolist(aws_acm_certificate.shockrah_xyz.domain_validation_options)[0].resource_record_value ]
@@ -39,7 +39,7 @@ resource "aws_route53_record" "shockrah_xyz_cert" {
 } 
 
 resource "aws_route53_record" "project_athens_xyz_cert" {
-  zone_id   = aws_route53_zone.project-athens.id
+  zone_id   = var.project_athens_zone
   name      = tolist(aws_acm_certificate.project_athens_xyz.domain_validation_options)[0].resource_record_name
   type      = tolist(aws_acm_certificate.project_athens_xyz.domain_validation_options)[0].resource_record_type
   records   = [ tolist(aws_acm_certificate.project_athens_xyz.domain_validation_options)[0].resource_record_value ]
diff --git a/infra/load-balancer/data.tf b/infra/load-balancer/data.tf
new file mode 100644
index 0000000..f655ae9
--- /dev/null
+++ b/infra/load-balancer/data.tf
@@ -0,0 +1,12 @@
+data "aws_vpc" "athens" {
+  id = var.vpc_id
+}
+
+data "aws_subnet" "delphi" {
+  id = "subnet-0a1943f26e4338cf6"
+}
+
+data "aws_subnet" "crete" {
+  id = "subnet-09302319a6678643f"
+}
+
diff --git a/infra/load-balancer.tf b/infra/load-balancer/load-balancer.tf
similarity index 100%
rename from infra/load-balancer.tf
rename to infra/load-balancer/load-balancer.tf
diff --git a/infra/load-balancer/local.tf b/infra/load-balancer/local.tf
new file mode 100644
index 0000000..2eb5d6c
--- /dev/null
+++ b/infra/load-balancer/local.tf
@@ -0,0 +1,13 @@
+locals {
+  # ECR 
+  repos = [
+    "reverse-proxy",
+  ]
+  buckets = [
+    "shockrah.xyz",
+    "resume.shockrah.xyz"
+  ]
+  nginx_name = "${var.athens_prefix}-nginx-static-content"
+  nginx_hp_check_interval = 300
+}
+
diff --git a/infra/load-balancer/variables.tf b/infra/load-balancer/variables.tf
new file mode 100644
index 0000000..8673831
--- /dev/null
+++ b/infra/load-balancer/variables.tf
@@ -0,0 +1,53 @@
+# All variables that are used in various places go here
+
+######################### General provider specific values
+
+variable "aws_key" {
+	description = "Access Key for AWS operations"
+	type = string
+	sensitive = true
+}
+
+variable "aws_secret" {
+	description = "Secret Key for AWS operations"
+	type = string
+	sensitive = true
+}
+
+variable "aws_region" {
+	description = "Region where the VPC is located"
+	type = string
+	sensitive = true
+}
+
+variable "vpc_id" {
+  description = "Project Athens VPC ID"
+  type = string
+}
+
+variable "athens_prefix" {
+	description = "Prefix for all things in alpha cluster"
+	type = string
+}
+
+variable "nginx_port" {
+  description = "Port for shockrah.xyz"
+  type        = number
+}
+
+variable "sg" {
+  type = object({
+    base_ecs        = string
+    ecs_web_ingress = string
+    lb_health_check = string
+  })
+}
+
+variable "shockrah_zone" {
+  type = string
+}
+
+variable "project_athens_zone" {
+  type = string
+}
+