168 lines
7.1 KiB
Go
168 lines
7.1 KiB
Go
|
package main
|
||
|
|
||
|
import (
|
||
|
"encoding/base64"
|
||
|
"io"
|
||
|
"io/ioutil"
|
||
|
|
||
|
"github.com/pulumi/pulumi-oci/sdk/go/oci/core"
|
||
|
"github.com/pulumi/pulumi-oci/sdk/go/oci/identity"
|
||
|
"github.com/pulumi/pulumi-oci/sdk/go/oci/networkloadbalancer"
|
||
|
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
|
||
|
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
|
||
|
)
|
||
|
|
||
|
func setupHostMain(ctx *pulumi.Context, ocicfg *config.Config, compartment *identity.Compartment, ns pulumi.StringOutput, subnet *core.Subnet, listmonkAuthToken *identity.CustomerSecretKey, smtpcreds *identity.SmtpCredential, pemprvkey io.Reader) error {
|
||
|
cfg := config.New(ctx, "")
|
||
|
|
||
|
// Setup load-balancer
|
||
|
nlb, err := networkloadbalancer.NewNetworkLoadBalancer(ctx, "happy-nlb", &networkloadbalancer.NetworkLoadBalancerArgs{
|
||
|
DisplayName: pulumi.Sprintf("%s-happy-nlb", ctx.Stack()),
|
||
|
SubnetId: subnet.ID(),
|
||
|
CompartmentId: compartment.ID(),
|
||
|
IsPreserveSourceDestination: pulumi.Bool(false),
|
||
|
IsPrivate: pulumi.Bool(false),
|
||
|
NlbIpVersion: pulumi.String("IPV4"),
|
||
|
})
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
ctx.Export("nlb-ip", nlb.IpAddresses)
|
||
|
|
||
|
nlbset4, err := networkloadbalancer.NewBackendSet(ctx, "happydomain-nlbset4", &networkloadbalancer.BackendSetArgs{
|
||
|
HealthChecker: &networkloadbalancer.BackendSetHealthCheckerArgs{
|
||
|
Protocol: pulumi.String("HTTPS"),
|
||
|
Port: pulumi.Int(443),
|
||
|
UrlPath: pulumi.String("/api/version"),
|
||
|
ReturnCode: pulumi.Int(200),
|
||
|
},
|
||
|
Name: pulumi.Sprintf("%s-happydomain-nlbset4", ctx.Stack()),
|
||
|
NetworkLoadBalancerId: nlb.ID(),
|
||
|
Policy: pulumi.String("FIVE_TUPLE"),
|
||
|
IpVersion: pulumi.String("IPV4"),
|
||
|
IsPreserveSource: pulumi.Bool(true),
|
||
|
IsFailOpen: pulumi.Bool(true),
|
||
|
})
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
_, err = networkloadbalancer.NewListener(ctx, "happydomain-listener4", &networkloadbalancer.ListenerArgs{
|
||
|
DefaultBackendSetName: nlbset4.Name,
|
||
|
Name: pulumi.Sprintf("%s-happydomain-nlb-listen4", ctx.Stack()),
|
||
|
NetworkLoadBalancerId: nlb.ID(),
|
||
|
Port: pulumi.Int(0),
|
||
|
Protocol: pulumi.String("TCP"),
|
||
|
IpVersion: pulumi.String("IPV4"),
|
||
|
})
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
// Get boot image
|
||
|
imageId := compartment.CompartmentId.ApplyT(func(id string) string {
|
||
|
images, _ := core.GetImages(ctx, &core.GetImagesArgs{
|
||
|
CompartmentId: id,
|
||
|
OperatingSystem: pulumi.StringRef("Canonical Ubuntu"),
|
||
|
OperatingSystemVersion: pulumi.StringRef("22.04 Minimal"),
|
||
|
SortBy: pulumi.StringRef("TIMECREATED"),
|
||
|
SortOrder: pulumi.StringRef("DESC"),
|
||
|
Shape: pulumi.StringRef(SHAPE_AMD64),
|
||
|
})
|
||
|
return images.Images[0].Id
|
||
|
}).(pulumi.StringOutput)
|
||
|
|
||
|
// Get availability domains
|
||
|
availabilityDomainName := compartment.CompartmentId.ApplyT(func(id string) string {
|
||
|
availabilityDomains, _ := identity.GetAvailabilityDomains(ctx, &identity.GetAvailabilityDomainsArgs{
|
||
|
CompartmentId: id,
|
||
|
})
|
||
|
return availabilityDomains.AvailabilityDomains[0].Name
|
||
|
}).(pulumi.StringOutput)
|
||
|
|
||
|
// Load cloudinit
|
||
|
userData, err := ioutil.ReadFile("cloud-init.yaml")
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
storens := ns.ApplyT(func(storageNamespace string) string {
|
||
|
return storageNamespace + ".compat.objectstorage." + ocicfg.Require("region") + ".oraclecloud.com"
|
||
|
}).(pulumi.StringOutput)
|
||
|
|
||
|
// Create an OCI instance
|
||
|
instance, err := core.NewInstance(ctx, "happydomain-main-1", &core.InstanceArgs{
|
||
|
AvailabilityDomain: availabilityDomainName,
|
||
|
CompartmentId: compartment.ID(),
|
||
|
DisplayName: pulumi.Sprintf("%s-happydomain-main", ctx.Stack()),
|
||
|
Shape: pulumi.String(SHAPE_AMD64),
|
||
|
SourceDetails: &core.InstanceSourceDetailsArgs{
|
||
|
SourceId: imageId,
|
||
|
SourceType: pulumi.String("image"),
|
||
|
},
|
||
|
CreateVnicDetails: &core.InstanceCreateVnicDetailsArgs{
|
||
|
AssignIpv6ip: pulumi.Bool(true),
|
||
|
SubnetId: subnet.ID(),
|
||
|
DisplayName: pulumi.Sprintf("%s-happydomain-main", ctx.Stack()),
|
||
|
},
|
||
|
ExtendedMetadata: pulumi.Map{
|
||
|
"EMAIL_SMTP_HOST": pulumi.String("smtp.email." + ocicfg.Require("region") + ".oci.oraclecloud.com"),
|
||
|
"EMAIL_SMTP_PORT": pulumi.String("587"),
|
||
|
"EMAIL_SMTP_USERNAME": smtpcreds.Username,
|
||
|
"EMAIL_SMTP_PASSWORD": smtpcreds.Password,
|
||
|
"FIDER_DOMAIN": pulumi.String("feedback.happydomain.org"),
|
||
|
"FIDER_JWT_SECRET": cfg.RequireSecret("fider_jwt_secret"),
|
||
|
"FIDER_GITHUB_CLIENTID": cfg.RequireSecret("fider_github_clientid"),
|
||
|
"FIDER_GITHUB_SECRET": cfg.RequireSecret("fider_github_secret"),
|
||
|
"UMAMI_ID": pulumi.String("3a9d70d8-c2d4-44e0-9fa1-46d4b2e3fca0"),
|
||
|
"HAPPYDOMAIN_JWT_SECRET_KEY": cfg.RequireSecret("happydomain_jwt_secret_key"),
|
||
|
"HAPPYDOMAIN_OVH_APPLICATION_KEY": cfg.RequireSecret("happydomain_ovh_application_key"),
|
||
|
"HAPPYDOMAIN_OVH_APPLICATION_SECRET": cfg.RequireSecret("happydomain_ovh_application_secret"),
|
||
|
"HAPPYDOMAIN_VERSION": pulumi.String("latest"),
|
||
|
"MY_DOMAIN": pulumi.String("app.happydomain.org"),
|
||
|
"LISTMONK_NEWSLETTER_ID": pulumi.String("4"),
|
||
|
"LISTMONK_API_USERNAME": cfg.RequireSecret("listmonk_api_username"),
|
||
|
"LISTMONK_API_PASSWORD": cfg.RequireSecret("listmonk_api_password"),
|
||
|
"LISTMONK_DOMAIN": pulumi.String("lists.happydomain.org"),
|
||
|
"LISTMONK_S3_BUCKET": pulumi.String(HappyListmonkBucketName),
|
||
|
"LISTMONK_S3_CLIENT_ID": listmonkAuthToken.ID(),
|
||
|
"LISTMONK_S3_CLIENT_SECRET": listmonkAuthToken.Key,
|
||
|
"LISTMONK_S3_HOST": storens,
|
||
|
"LISTMONK_S3_REGION": pulumi.String(ocicfg.Require("region")),
|
||
|
"POSTGRES_PASSWORD": cfg.RequireSecret("postgres_password"),
|
||
|
"RESTIC_REPOSITORY": pulumi.String("s3:storage.nemunai.re/zbackup-happydomain"),
|
||
|
"RESTIC_REPOSITORY_POSTGRES": pulumi.String("s3:storage.nemunai.re/zbackup-postgres-happydomain"),
|
||
|
"RESTIC_PASSWORD": cfg.RequireSecret("restic_password"),
|
||
|
"RESTIC_AWS_ACCESS_KEY_ID": cfg.RequireSecret("restic_aws_access_key_id"),
|
||
|
"RESTIC_AWS_SECRET_ACCESS_KEY": cfg.RequireSecret("restic_aws_secret_access_key"),
|
||
|
"TRY_DOMAIN": pulumi.String("try.happydomain.org"),
|
||
|
"TRY_UMAMI_ID": pulumi.String("0af0b29f-bf8a-4801-918a-01a8fb4b4312"),
|
||
|
},
|
||
|
Metadata: pulumi.Map{
|
||
|
"user_data": pulumi.String(base64.StdEncoding.EncodeToString(userData)),
|
||
|
"ssh_authorized_keys": pulumi.String(SSH_AUTHORIZED_KEYS),
|
||
|
},
|
||
|
})
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
// Export the public-ip
|
||
|
ctx.Export("instance-ip", instance.PublicIp)
|
||
|
|
||
|
// Add host to backend
|
||
|
_, err = networkloadbalancer.NewBackend(ctx, "happydomain-lb4", &networkloadbalancer.BackendArgs{
|
||
|
BackendSetName: nlbset4.Name,
|
||
|
NetworkLoadBalancerId: nlb.ID(),
|
||
|
Port: pulumi.Int(0),
|
||
|
IpAddress: instance.PrivateIp,
|
||
|
TargetId: instance.ID(),
|
||
|
})
|
||
|
if err != nil {
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
return nil
|
||
|
}
|