package main import ( "encoding/base64" "io" "io/ioutil" "github.com/pulumi/pulumi-oci/sdk/go/oci/core" "github.com/pulumi/pulumi-oci/sdk/go/oci/identity" "github.com/pulumi/pulumi-oci/sdk/go/oci/networkloadbalancer" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" "github.com/pulumi/pulumi/sdk/v3/go/pulumi/config" ) func setupHostMain(ctx *pulumi.Context, ocicfg *config.Config, compartment *identity.Compartment, ns pulumi.StringOutput, subnet *core.Subnet, listmonkAuthToken *identity.CustomerSecretKey, smtpcreds *identity.SmtpCredential, pemprvkey io.Reader) error { cfg := config.New(ctx, "") // Setup load-balancer nlb, err := networkloadbalancer.NewNetworkLoadBalancer(ctx, "happy-nlb", &networkloadbalancer.NetworkLoadBalancerArgs{ DisplayName: pulumi.Sprintf("%s-happy-nlb", ctx.Stack()), SubnetId: subnet.ID(), CompartmentId: compartment.ID(), IsPreserveSourceDestination: pulumi.Bool(false), IsPrivate: pulumi.Bool(false), NlbIpVersion: pulumi.String("IPV4"), }) if err != nil { return err } ctx.Export("nlb-ip", nlb.IpAddresses) nlbset4, err := networkloadbalancer.NewBackendSet(ctx, "happydomain-nlbset4", &networkloadbalancer.BackendSetArgs{ HealthChecker: &networkloadbalancer.BackendSetHealthCheckerArgs{ Protocol: pulumi.String("HTTPS"), Port: pulumi.Int(443), UrlPath: pulumi.String("/api/version"), ReturnCode: pulumi.Int(200), }, Name: pulumi.Sprintf("%s-happydomain-nlbset4", ctx.Stack()), NetworkLoadBalancerId: nlb.ID(), Policy: pulumi.String("FIVE_TUPLE"), IpVersion: pulumi.String("IPV4"), IsPreserveSource: pulumi.Bool(true), IsFailOpen: pulumi.Bool(true), }) if err != nil { return err } _, err = networkloadbalancer.NewListener(ctx, "happydomain-listener4", &networkloadbalancer.ListenerArgs{ DefaultBackendSetName: nlbset4.Name, Name: pulumi.Sprintf("%s-happydomain-nlb-listen4", ctx.Stack()), NetworkLoadBalancerId: nlb.ID(), Port: pulumi.Int(0), Protocol: pulumi.String("TCP"), IpVersion: pulumi.String("IPV4"), }) if err != nil { return err } // Get boot image imageId := compartment.CompartmentId.ApplyT(func(id string) string { images, _ := core.GetImages(ctx, &core.GetImagesArgs{ CompartmentId: id, OperatingSystem: pulumi.StringRef("Canonical Ubuntu"), OperatingSystemVersion: pulumi.StringRef("22.04 Minimal"), SortBy: pulumi.StringRef("TIMECREATED"), SortOrder: pulumi.StringRef("DESC"), Shape: pulumi.StringRef(SHAPE_AMD64), }) return images.Images[0].Id }).(pulumi.StringOutput) // Get availability domains availabilityDomainName := compartment.CompartmentId.ApplyT(func(id string) string { availabilityDomains, _ := identity.GetAvailabilityDomains(ctx, &identity.GetAvailabilityDomainsArgs{ CompartmentId: id, }) return availabilityDomains.AvailabilityDomains[0].Name }).(pulumi.StringOutput) // Load cloudinit userData, err := ioutil.ReadFile("cloud-init.yaml") if err != nil { return err } storens := ns.ApplyT(func(storageNamespace string) string { return storageNamespace + ".compat.objectstorage." + ocicfg.Require("region") + ".oraclecloud.com" }).(pulumi.StringOutput) // Create an OCI instance instance, err := core.NewInstance(ctx, "happydomain-main-1", &core.InstanceArgs{ AvailabilityDomain: availabilityDomainName, CompartmentId: compartment.ID(), DisplayName: pulumi.Sprintf("%s-happydomain-main", ctx.Stack()), Shape: pulumi.String(SHAPE_AMD64), SourceDetails: &core.InstanceSourceDetailsArgs{ SourceId: imageId, SourceType: pulumi.String("image"), }, CreateVnicDetails: &core.InstanceCreateVnicDetailsArgs{ AssignIpv6ip: pulumi.Bool(true), SubnetId: subnet.ID(), DisplayName: pulumi.Sprintf("%s-happydomain-main", ctx.Stack()), }, ExtendedMetadata: pulumi.Map{ "EMAIL_SMTP_HOST": pulumi.String("smtp.email." + ocicfg.Require("region") + ".oci.oraclecloud.com"), "EMAIL_SMTP_PORT": pulumi.String("587"), "EMAIL_SMTP_USERNAME": smtpcreds.Username, "EMAIL_SMTP_PASSWORD": smtpcreds.Password, "FIDER_DOMAIN": pulumi.String("feedback.happydomain.org"), "FIDER_JWT_SECRET": cfg.RequireSecret("fider_jwt_secret"), "FIDER_GITHUB_CLIENTID": cfg.RequireSecret("fider_github_clientid"), "FIDER_GITHUB_SECRET": cfg.RequireSecret("fider_github_secret"), "UMAMI_ID": pulumi.String("3a9d70d8-c2d4-44e0-9fa1-46d4b2e3fca0"), "HAPPYDOMAIN_JWT_SECRET_KEY": cfg.RequireSecret("happydomain_jwt_secret_key"), "HAPPYDOMAIN_OVH_APPLICATION_KEY": cfg.RequireSecret("happydomain_ovh_application_key"), "HAPPYDOMAIN_OVH_APPLICATION_SECRET": cfg.RequireSecret("happydomain_ovh_application_secret"), "HAPPYDOMAIN_VERSION": pulumi.String("latest"), "MY_DOMAIN": pulumi.String("app.happydomain.org"), "LISTMONK_NEWSLETTER_ID": pulumi.String("4"), "LISTMONK_API_USERNAME": cfg.RequireSecret("listmonk_api_username"), "LISTMONK_API_PASSWORD": cfg.RequireSecret("listmonk_api_password"), "LISTMONK_DOMAIN": pulumi.String("lists.happydomain.org"), "LISTMONK_S3_BUCKET": pulumi.String(HappyListmonkBucketName), "LISTMONK_S3_CLIENT_ID": listmonkAuthToken.ID(), "LISTMONK_S3_CLIENT_SECRET": listmonkAuthToken.Key, "LISTMONK_S3_HOST": storens, "LISTMONK_S3_REGION": pulumi.String(ocicfg.Require("region")), "POSTGRES_PASSWORD": cfg.RequireSecret("postgres_password"), "RESTIC_REPOSITORY": pulumi.String("s3:storage.nemunai.re/zbackup-happydomain"), "RESTIC_REPOSITORY_POSTGRES": pulumi.String("s3:storage.nemunai.re/zbackup-postgres-happydomain"), "RESTIC_PASSWORD": cfg.RequireSecret("restic_password"), "RESTIC_AWS_ACCESS_KEY_ID": cfg.RequireSecret("restic_aws_access_key_id"), "RESTIC_AWS_SECRET_ACCESS_KEY": cfg.RequireSecret("restic_aws_secret_access_key"), "TRY_DOMAIN": pulumi.String("try.happydomain.org"), "TRY_UMAMI_ID": pulumi.String("0af0b29f-bf8a-4801-918a-01a8fb4b4312"), }, Metadata: pulumi.Map{ "user_data": pulumi.String(base64.StdEncoding.EncodeToString(userData)), "ssh_authorized_keys": pulumi.String(SSH_AUTHORIZED_KEYS), }, }) if err != nil { return err } // Export the public-ip ctx.Export("instance-ip", instance.PublicIp) // Add host to backend _, err = networkloadbalancer.NewBackend(ctx, "happydomain-lb4", &networkloadbalancer.BackendArgs{ BackendSetName: nlbset4.Name, NetworkLoadBalancerId: nlb.ID(), Port: pulumi.Int(0), IpAddress: instance.PrivateIp, TargetId: instance.ID(), }) if err != nil { return err } return nil }