diff --git a/.dockerignore b/.dockerignore --- a/.dockerignore +++ b/.dockerignore @@ -45,6 +45,7 @@ services/reports/email-config.json services/terraform/self-host/*.env services/terraform/self-host/*.env.* +services/terraform/remote/*.env native/cpp/**/build diff --git a/services/terraform/remote/.gitignore b/services/terraform/remote/.gitignore --- a/services/terraform/remote/.gitignore +++ b/services/terraform/remote/.gitignore @@ -5,6 +5,9 @@ *.tfstate *.tfstate.* +# Dotenv +.env + # Crash log files crash.log crash.*.log diff --git a/services/terraform/remote/.terraform.lock.hcl b/services/terraform/remote/.terraform.lock.hcl --- a/services/terraform/remote/.terraform.lock.hcl +++ b/services/terraform/remote/.terraform.lock.hcl @@ -17,6 +17,29 @@ ] } +provider "registry.terraform.io/germanbrew/dotenv" { + version = "1.1.2" + constraints = "1.1.2" + hashes = [ + "h1:rbzMuE2/HHDvrVRUaHabvG5c7y2TMfyoBl4ZOpp0mPw=", + "zh:179e7f19a66205b74b76d76dffc20287a03c68c76356bc9b894d52bf7702767d", + "zh:22f772f4380cb5cde5e3751dc47920c99943aa99f661b123f11bb6022471e976", + "zh:269a023043bd1cd4a6e231e9394d27ebf93df5e0a08751b4e18ff1a745e58cf4", + "zh:2b41bfbfb615a5ecbc1bfc195262e1dedf0e8d59ddae2995dbc308c2fb0fe62c", + "zh:3eeaa46fcf39719ff499b5b7d03dee4b7bfadd5f81549288c4d2640b4e6c3581", + "zh:4d428dc138bdebc69eecc53b2a87d7b7bfa485d3d6b7a651c8f1e97bc4408efc", + "zh:5870a658b75e8909e60beaacbbe9d42f957596a034af6e0d9e1780f96ee09e13", + "zh:7a7eb852fdad76077429b6bc624858df13a7e0571d7f9ee3ad6512b811ca5438", + "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f", + "zh:954b97dc6a3d84c637ceb3ab0b0f1b6eacf68200da62871b41c58c2356d2b722", + "zh:9ba67c1edfb9f4c83e0532c151fa3c1d13169e467b065d63465712f2050952a3", + "zh:a55998a075527c36fb4d8a9224c04b10383c8eabe0b8e9c3283c1e527bd9d2b8", + "zh:afa596b5103275ba75dd248bee68349de3ca535a3f8e28d95de8c52e42e438b3", + "zh:dc5312c982d3e24eab579f94f5b395b57fd65536369f6bcc8b3fd0f4bc78bdd0", + "zh:ea4c5db0d92a6e157ac84e7221da1dc42031d143418d3b719f8c7cbfc2a616d3", + ] +} + provider "registry.terraform.io/hashicorp/aws" { version = "5.7.0" constraints = ">= 4.67.0, ~> 5.7.0" @@ -41,6 +64,25 @@ ] } +provider "registry.terraform.io/hashicorp/null" { + version = "3.2.2" + hashes = [ + "h1:IMVAUHKoydFrlPrl9OzasDnw/8ntZFerCC9iXw1rXQY=", + "zh:3248aae6a2198f3ec8394218d05bd5e42be59f43a3a7c0b71c66ec0df08b69e7", + "zh:32b1aaa1c3013d33c245493f4a65465eab9436b454d250102729321a44c8ab9a", + "zh:38eff7e470acb48f66380a73a5c7cdd76cc9b9c9ba9a7249c7991488abe22fe3", + "zh:4c2f1faee67af104f5f9e711c4574ff4d298afaa8a420680b0cb55d7bbc65606", + "zh:544b33b757c0b954dbb87db83a5ad921edd61f02f1dc86c6186a5ea86465b546", + "zh:696cf785090e1e8cf1587499516b0494f47413b43cb99877ad97f5d0de3dc539", + "zh:6e301f34757b5d265ae44467d95306d61bef5e41930be1365f5a8dcf80f59452", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:913a929070c819e59e94bb37a2a253c228f83921136ff4a7aa1a178c7cce5422", + "zh:aa9015926cd152425dbf86d1abdbc74bfe0e1ba3d26b3db35051d7b9ca9f72ae", + "zh:bb04798b016e1e1d49bcc76d62c53b56c88c63d6f2dfe38821afef17c416a0e1", + "zh:c23084e1b23577de22603cff752e59128d83cfecc2e6819edadd8cf7a10af11e", + ] +} + provider "registry.terraform.io/hashicorp/random" { version = "3.5.1" constraints = "3.5.1" diff --git a/services/terraform/remote/aws_iam.tf b/services/terraform/remote/aws_iam.tf --- a/services/terraform/remote/aws_iam.tf +++ b/services/terraform/remote/aws_iam.tf @@ -70,6 +70,17 @@ } } +# Role with allow ecs exec +resource "aws_iam_role" "ecs_task_role" { + name = "ecs-iam_role" + description = "Allows to SSH into ECS containers" + assume_role_policy = data.aws_iam_policy_document.assume_role_ecs_ec2.json + + managed_policy_arns = [ + aws_iam_policy.allow_ecs_exec.arn, + ] +} + # Allows ECS Exec to SSH into service task containers resource "aws_iam_policy" "allow_ecs_exec" { name = "allow-ecs-exec" diff --git a/services/terraform/remote/providers.tf b/services/terraform/remote/providers.tf --- a/services/terraform/remote/providers.tf +++ b/services/terraform/remote/providers.tf @@ -14,5 +14,10 @@ source = "hashicorp/random" version = "3.5.1" } + + dotenv = { + source = "germanbrew/dotenv" + version = "1.1.2" + } } } diff --git a/services/terraform/remote/secrets.json b/services/terraform/remote/secrets.json --- a/services/terraform/remote/secrets.json +++ b/services/terraform/remote/secrets.json @@ -1,28 +1,95 @@ { "accountIDs": { - "production": "ENC[AES256_GCM,data:bFvAqsaeaK63a89t,iv:DItiKGCI6RPfkjQPSrUWhddvJQKOTnYEeyzgHfckrXw=,tag:5NTw9AuEXhU9eOKzd2wvtw==,type:str]", - "staging": "ENC[AES256_GCM,data:qoJZWlb2BusLjLJV,iv:cRt9S8qKZ8qz3q41Xc1o+giTTHA0jWkTLQDFHUHFR2U=,tag:EbZKVX7NkxDmx1s1PIjIeg==,type:str]" + "production": "ENC[AES256_GCM,data:kuCCoz7IlxgvWF6W,iv:rOkSJ7i9rJKukhhP4Hkh12iXKCOVZGeErLFbu3mKY+w=,tag:GbsUj/IZt+oQL8Usg3xV5w==,type:str]", + "staging": "ENC[AES256_GCM,data:A/SixKIxXzDwgU58,iv:sVMlGpkdHWV/lWc308YkFgrZWZ6DjWOt7UQ/mRHMl6w=,tag:+xB9tswTcrw8tobrOuoSZQ==,type:str]" }, - "keyserverPublicKey": "ENC[AES256_GCM,data:6QnxnmA21WMjsqFJHgSxh4UkzoR1LMQuoK+F4uj5cxZPqsvverDjf9OfJg==,iv:gScxT+OOcnIrnc32S/Skk1/y15k2yhMVkCjuCUkQ3Y8=,tag:ZzP+7sgxZoJHD/XpMwwxWg==,type:str]", + "keyserverPublicKey": "ENC[AES256_GCM,data:nVTl0xKmi2FI0CtzvJpRwrKf7eUiea2R/BFm+SFGO2MESTw/IawXxKwdWQ==,iv:HEDGp/9dLDdQtyVSa5e0dDmkVGVINdgNIl9mh/Kc6fE=,tag:r5nSo3v5m3o0kHsFPO6BvQ==,type:str]", "emailConfig": { - "postmarkToken": "ENC[AES256_GCM,data:9LHtrcnsPjSQ9taGbM984vHubERZZxvVrrEu0EmpSxA3fABH,iv:IGvphb6l6sCfeY6liOcmLaVsEtNKO97kSuB3YUMQVAg=,tag:+2F/or6vbv90kD1T1h+ZHA==,type:str]", - "senderEmail": "ENC[AES256_GCM,data:TtXiJwxtgqSfJw8Lht1o89i0aNwjHLHO70v7SlAUJWJXg2sMoz8Weg==,iv:g9a/QNXyDorilDdh6GQjWmO4iZ8ngYqjMmws8O64T9M=,tag:5QrBdNY011OTvZPr9FVqEg==,type:str]", + "postmarkToken": "ENC[AES256_GCM,data:g6ZCrhUZAb61hsqpuLyp00/IOedGHhYhnjs7W3yjAJIhF93C,iv:rtWPRj1CCVJuP+XLKeWFbjFp1sJy/KRZDzo/+ipw/Vk=,tag:kk3JtY0ssqPtuvrMMf5rcg==,type:str]", + "senderEmail": "ENC[AES256_GCM,data:vsK91pGmIC3C8LlgQBkFfmyHSeX9k4gFV6mf4bgQGZ7/1e0cJrSzMg==,iv:u1NsWBYVujppzvzoL4YggavTMjTaLJgxwGRtbP6ZA24=,tag:jonR7QWhDwNsfv6J7u/cUQ==,type:str]", "mailingGroups": { - "inconsistencyReports": "ENC[AES256_GCM,data:WpfRg05ey0NqXD7xsJM4em2QxwBTZf1A/dhZJmll,iv:nSH3oPSmja6lvEqGLpNrpPqVmMrD8OqAU3gvMIlm68E=,tag:vIi5G+3F3eIoZP6zma7rZw==,type:str]", - "mediaReports": "ENC[AES256_GCM,data:ayhONEdMxKQgJKtVzkcJUMWy30y/hw==,iv:Cr/vcQ/HObcbSfoKXZ8hiGwSdTETsAoohJCargaWadM=,tag:WCpfrV0SSBM+DoYIahIkpw==,type:str]", - "errorReports": "ENC[AES256_GCM,data:5IfELwZmEvDgIalp3M4oxh8jgiJKuA==,iv:YCuAsQMiIE+ahatbc+GcJAwfr//aoGsfb6VCUeeXZh0=,tag:06RAnL4s2sFsvBJqH5IZuQ==,type:str]" + "inconsistencyReports": "ENC[AES256_GCM,data:hoblOUDXYEvfvsYTd9r87iyTOIRtgVaXl0ioaKM7,iv:HydsVHmutFcH1bM/S9q9cHzJ6Fi7wmBsc0GzIKRstAY=,tag:VDVYjNF/EFALq+sPNtEzEQ==,type:str]", + "mediaReports": "ENC[AES256_GCM,data:TLwloRlIOVHUmfIWDiLGtoaMu11mew==,iv:0C02916vp0achsYcwfQbuDYqPFCD7O97K/k1VIRvhjU=,tag:bzfgAWSR9kSJWZuDipp7Tw==,type:str]", + "errorReports": "ENC[AES256_GCM,data:5BxNT6CyqlXb4sqo2OaHDBW9nXt23g==,iv:14wasztkciqHKXhuqJW+TMMuWIETwdbMmxUgqxjJ/PM=,tag:7Tx+MKowFRa77pnJi0kSHw==,type:str]" } }, "amqpPassword": { - "production": "ENC[AES256_GCM,data:HGWWEwKhNeIAYqqyzAo=,iv:JwsXBZwyrzvO7KvfmyE2RUmo23n+zXedS0HZpHUgg1U=,tag:CCk7MgUKbwREy9cSdJNtig==,type:str]", - "staging": "ENC[AES256_GCM,data:DULoLDulN6rSeHVf+g0=,iv:DOPgUu1P+1c6YXYbYona3Q/rCN2X9Gs8sMiOaJgLu1A=,tag:h35i33gOmBgFAtbjFiQgWw==,type:str]" + "production": "ENC[AES256_GCM,data:apPbQzb3aI0LS26M4SM=,iv:FM66MLDyFysYnb+5/g7nHnv8SuhPx1l4l2ygYMEaPRE=,tag:njG4Sk1IM4+3CzAROIla4Q==,type:str]", + "staging": "ENC[AES256_GCM,data:Mc4lASnc3pBtAV0KfN8=,iv:rtej+MdNEgJQJWrgECdyrbXJZi2PeoW/y4RS+K15HtM=,tag:OaAwbt7xwgJb1lQdedpvnw==,type:str]" + }, + "webappLandingEnvVars": { + "COMM_JSONCONFIG_facts_keyserver_url": { + "baseDomain": "ENC[AES256_GCM,data:YGf2hGjvvUrsX8pstqzHUSwxOo0=,iv:s6O6K++sMstnGYzFq9780V95xT9OrTpWSQgkfZ886hA=,tag:661Z6NUV1NdQ5x8RoYpl2A==,type:str]", + "basePath": "ENC[AES256_GCM,data:iQ==,iv:Yv49ymWtglxyforwMOqgcukp+x5bnQPamaB0JAYTbto=,tag:nlYBbftFYfXlYzadTpHdXw==,type:str]", + "baseRoutePath": "ENC[AES256_GCM,data:jA==,iv:GMCZzKWhb9WPc5MQ2Ett2xz6+NTHbtMGS44moubFRpI=,tag:3kQIXp5v+unjh4X2kqnjtQ==,type:str]", + "https": "ENC[AES256_GCM,data:9/rxwQ==,iv:IlzORxiWlJgJg4MxbxiPzr++Svuf5qfcAVkf6B95ctQ=,tag:sAeeP3GeVT0pKD/5q89eLA==,type:bool]", + "proxy": "ENC[AES256_GCM,data:jQwY,iv:lkhOmD8yUf4DZgL4he6zm0KWyseVswSZIxWXKz9vbAg=,tag:xa5dNdPFaxHl+/rGRCRhNw==,type:str]" + }, + "COMM_JSONCONFIG_facts_webapp_url": { + "baseDomain": "ENC[AES256_GCM,data:K3KmxQpBtoZWD05BZtPVRXoljuk6,iv:oXkntWzV5TIgL5LYH454kCXbeSLmAfjmfLVWCcZBhd4=,tag:gXFuy8s6lHtApWWo13TUNQ==,type:str]", + "basePath": "ENC[AES256_GCM,data:4w==,iv:Fb3oM0UEbShwNtbiPR33zGv9hnQiqfYd7AoaDJSiots=,tag:VfB3QHzWs0c9m3IBcPZjBg==,type:str]", + "baseRoutePath": "ENC[AES256_GCM,data:MA==,iv:oBwDnDi5ZNTq58hq7CoXaEcmDAltslSBKLu9J9u3hnI=,tag:hlKKlclVcF/fn3OBrUwmiA==,type:str]", + "https": "ENC[AES256_GCM,data:+aL6eQ==,iv:aDou9cvd/e+h2uo/9VIt6yJbzhy6roLX/pRk7hASBXU=,tag:2tAo3UN46eFf8CCim5wppw==,type:bool]", + "proxy": "ENC[AES256_GCM,data:yaIq,iv:NRg4rnr2EO2UKB48Dq+21aJma9hzGQytzVpnQwwlE2Y=,tag:6gCH6plpKY39hHE67uzOMw==,type:str]" + }, + "COMM_JSONCONFIG_facts_landing_url": { + "baseDomain": "ENC[AES256_GCM,data:Fsbo2xE3gTxvzsHT7P0scUisJnWM,iv:h3EDy1KaHsrPUhx3HV8oV+HSeU9149okPXqTAOjZ6kA=,tag:v3dYtMKuFLEj6+Gq4YSzaw==,type:str]", + "basePath": "ENC[AES256_GCM,data:Sg==,iv:TqbENv4Y3kFjGLhDnq3NUqhG1eSzHt6965OmspVE58k=,tag:ukmGtMYK//SIcJLnFFtndw==,type:str]", + "baseRoutePath": "ENC[AES256_GCM,data:iQ==,iv:vcrFHIQLa/7YB5MPW6hzCekelHUQprFlhrlaBaDgwdc=,tag:uzSdJjQWZm2FnmiexUM0og==,type:str]", + "https": "ENC[AES256_GCM,data:1mF6Sw==,iv:GWKdreVvZCD/9gMoEdbYlHL4HXsMJaT2zSopLvxrUuw=,tag:xeMk+AOcHPm7APhalOHwkw==,type:bool]" + }, + "COMM_JSONCONFIG_secrets_alchemy": { + "key": "ENC[AES256_GCM,data:OJh3fnTACBGOQ6qrk7FcbbB5hy3ECsNxNAs6t0aHtjo=,iv:+DBjvhSKRn/QWrEfVJ3vtVmv3dxZH3NzZi1d1HQ+X8Q=,tag:pzo6qQF8JxYe0FPgQxideA==,type:str]" + }, + "COMM_JSONCONFIG_secrets_walletconnect": { + "key": "ENC[AES256_GCM,data:cR5TVGZDKZng4nvbHzpwk+Nj0U3t8j54FLrn35Ckf9k=,iv:BI0ftkm6pzL/46GAA4BOOFPNcbqlsn6mr4z2lsHSjm4=,tag:1CReGDvhibkCsyLC3JnYKQ==,type:str]" + }, + "COMM_JSONCONFIG_secrets_geoip_license": { + "key": "ENC[AES256_GCM,data:GAvcKVvU7bWUe8+idx7zNA==,iv:mHIS+xV7jDF+Dc89Hu/fwKZ7e9rodc5Za4qmKSbVekc=,tag:1rQuAnoxmhST7csMlkbQZg==,type:str]" + }, + "COMM_JSONCONFIG_secrets_postmark": { + "apiToken": "ENC[AES256_GCM,data:aK4jAHXCjmPSLSVFoRDr9WJoy3po+IoBWxJFbr/nXW1+b18W,iv:QzDmUACPb2+TGBxi2DNt55V+eJmFOH5062siLoLDbEo=,tag:Jz7xJ8o1QzeLDulj6zHA7g==,type:str]" + }, + "COMM_JSONCONFIG_secrets_neynar": { + "key": "ENC[AES256_GCM,data:+QpwbD+gcc9lfXT73eXAYpsJmaPkiEunRjulCwY+EVZah8jQ,iv:O0LwzvTh5R1EavIf4hujkTrXur6z8Ym+4HownchsCqE=,tag:mRGGOpPW7P5ljHwkcoGriw==,type:str]" + } + }, + "webappLandingStagingEnvVars": { + "COMM_JSONCONFIG_facts_webapp_url": { + "baseDomain": "ENC[AES256_GCM,data:3far99kHAl0T66Bh7+MjK9hBFW+K,iv:PqnT5xPXsISW9zGA7r9vjs0Qu5bjnhxTJ9+GIf31Neo=,tag:pUxNSE8UGWvJBrNB5wTZ1Q==,type:str]", + "basePath": "ENC[AES256_GCM,data:8g==,iv:GV11qLKNvb69oOvPomesLNGlBGv+oDom4WXeH3fs3/I=,tag:kZ8VT0osJ9l0GtAxh+DLQQ==,type:str]", + "baseRoutePath": "ENC[AES256_GCM,data:3g==,iv:E6ohwF2ybKUYZv+jmSakv5F2CGZwRb2v0nLV2KjJMJ0=,tag:iFA2MCj33SkoSzvCqKCqCg==,type:str]", + "https": "ENC[AES256_GCM,data:VdNVtA==,iv:9JpBIx7mwriQsyQng3lMc1mhccp21fR1Cdw7vFXRuA0=,tag:hKDCTzaHdx42uu42HkOFzQ==,type:bool]", + "proxy": "ENC[AES256_GCM,data:pckR,iv:wyPFiqH4SvFIWeeBbbg7hrnF9JAAOCxFIhNHNwMQ2jQ=,tag:PilhWu9g5x2EeMk35eWPJg==,type:str]" + }, + "COMM_JSONCONFIG_facts_landing_url": { + "baseDomain": "ENC[AES256_GCM,data:fz4xtBjtoQqNje2tFnyvqVKBy64q,iv:pJHBTWHzd6ZxcF9UdCUQey1rjsmLoX6bKBFW9ij5Nss=,tag:od835wpIyq4q09XSin9nBA==,type:str]", + "basePath": "ENC[AES256_GCM,data:sg==,iv:Yi2Cd9LeWJpdQpcYoTi8MC3yUVgEKy35l93m+5G4t9s=,tag:fUpQZIwQINvZJREJvZxuVA==,type:str]", + "baseRoutePath": "ENC[AES256_GCM,data:lQ==,iv:83pO4fpEtG/ShQthGrlog+NywZdkMItztSH4vL4zr3k=,tag:unlLT0kZwqfmJuNYdpeLJA==,type:str]", + "https": "ENC[AES256_GCM,data:xovX0Q==,iv:jE2OGF+xZZkG4W58Wtnfm8jqjGpVLmzQtNnNwAi96ao=,tag:1YkSq2kRr5is1muQom/Bsg==,type:bool]" + } + }, + "webappLandingProdEnvVars": { + "COMM_JSONCONFIG_facts_webapp_url": { + "baseDomain": "ENC[AES256_GCM,data:X6fasqy0avZp+41kjH3Gr9HdDX8=,iv:rLPcJ3oXCGnm+rjJ+16sFh3+fEq4nQMzMV4L6Cx0Z1k=,tag:MNKo9gAojKPXKEl818hvTQ==,type:str]", + "basePath": "ENC[AES256_GCM,data:dw==,iv:iOAya1UQl4IZtVfD5i0LGpo+xEdwaAHL3dmPVWpR9g8=,tag:es1DIuRC+BCY71gPCzPgKw==,type:str]", + "baseRoutePath": "ENC[AES256_GCM,data:EA==,iv:7QyNHb6o6kSodvZBRNo7EoNXKZnol7330abxYeycdmU=,tag:+ORALMoe6qWy7GaQ7Gfy1w==,type:str]", + "https": "ENC[AES256_GCM,data:r+zk6g==,iv:OajjkuSLoP0pdIXBxCvQO5KAt89XdKOEXaZZxPgi/Zc=,tag:fq5gV/RZVcp558niDTv0rA==,type:bool]", + "proxy": "ENC[AES256_GCM,data:X8+T,iv:WyfpPRMYiif5H856RBNBklHJduU/jHMpR3L9jb6mZ1I=,tag:D7g5PtCYI4JPgw736phmpQ==,type:str]" + }, + "COMM_JSONCONFIG_facts_landing_url": { + "baseDomain": "ENC[AES256_GCM,data:SQPXRiazlhAhX+rcXW8OOA==,iv:U7xS/5tsT9ojDegFLztnVeF0S2pp350TMGYxDjvpXJs=,tag:kI0wjoDjRLyYST7Is4RADA==,type:str]", + "basePath": "ENC[AES256_GCM,data:fg==,iv:j1ROfswvTTiy8bDrSps6shRvtt5mMQV+Z+3UPmir2GE=,tag:H2DJYu0XRXSPKc6udFvuTQ==,type:str]", + "baseRoutePath": "ENC[AES256_GCM,data:iA==,iv:uv5fqM5pWdVkRSEx+oaCPsW8ipV2zU4FrrlVWDIFb9M=,tag:+s+Nk20NsYpFWLCiRzBUqA==,type:str]", + "https": "ENC[AES256_GCM,data:jcHJLg==,iv:KK7anHrp5IR65O8Y7Pp6U5TQJCqQ2Z2rl7jwT5VPvIs=,tag:8j+TBZRWyKQXGU9/lORPEA==,type:bool]" + } }, "sops": { "kms": [ { "arn": "arn:aws:kms:us-east-2:319076408221:key/2e54d528-50a2-489c-a4d7-d50c7c9f8303", - "created_at": "2023-07-29T15:16:43Z", - "enc": "AQICAHj+McP79InpW8dFM/rPPvaCljIlb0zq8qoMY/a2UlUSewFFXrO432X6dWZfZHFVsgoGAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQM0LAEze794jBZIKO/AgEQgDuVcwyViTDZoLwGj5icgKlABQFeUofitRD9e19i3Q+0ZyT7sSQ/4t2GuxvVo4cVEIkHCgTNH2RXLoqzPA==", + "created_at": "2024-08-01T16:22:06Z", + "enc": "AQICAHj+McP79InpW8dFM/rPPvaCljIlb0zq8qoMY/a2UlUSewGNNTDHmzVW5Awp7cm2AzUQAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMmElf2gcK2+5OM5nQAgEQgDvMwce1O589MVHM9smF0wZXHMq5WXxHpcv5+1D0ogdB9z0l81+bvMF7iNnl3+bfAFF1m68T0XxjbzkcEA==", "aws_profile": "" } ], @@ -30,10 +97,10 @@ "azure_kv": null, "hc_vault": null, "age": null, - "lastmodified": "2023-09-12T09:29:09Z", - "mac": "ENC[AES256_GCM,data:q0leMf7J7MBHoQQ6h82eT4xUsIHC6j1DKolRYn/USJsZ4+rt2EEICzD7J8tLUIzv2IqHnTV9hYMt+8Q0qAfOl87Z8VI0TwzXiAx3b2pdAfCheozz6vE1F/94XVz8S6v/YZpVGT9u1lwPISdXYfd/7QqK3u8hZJM/PVVn5djNcj8=,iv:pb1Ii6BfZMgz6S3R+xEehycArHeBz2wzNHJLms9Jby0=,tag:s8sCtTexTs7Qb6magRWzSw==,type:str]", + "lastmodified": "2024-08-01T16:22:06Z", + "mac": "ENC[AES256_GCM,data:bmtRZOKvD2AQ7NuGIhzQxCempkFafvZNdPp+vpqk6KbYujy34EtmVY3icjAbnf4alY9NLLmKMa2h7uomLvsFSbUEao/6/5cKeC9lgS/jCf0WOEY7QsXZSmyk7J/dmHNGgz4lx7Rx2t7D/bH0EHbGOsuBkR/6pJGcFtsJI9vrIFg=,iv:l6jsCUvZNXVdxe3oDoF34Tj9VLNMMj/w61tNzxcH0dY=,tag:0zD9jq3XPtKLxn6/OFMg3w==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", - "version": "3.7.3" + "version": "3.8.1" } } diff --git a/services/terraform/remote/service_webapp.tf b/services/terraform/remote/service_webapp.tf new file mode 100644 --- /dev/null +++ b/services/terraform/remote/service_webapp.tf @@ -0,0 +1,54 @@ +locals { + webapp_image_tag = "1.0.102" + webapp_service_image = "commapp/keyserver:${local.webapp_image_tag}" + webapp_container_name = "webapp" + + webapp_run_server_config = jsonencode({ + runKeyserver = false + runWebApp = true + runLanding = false + }) + + webapp_landing_environment_vars = local.secrets["webappLandingEnvVars"] + + webapp_landing_environment_vars_encoded = { + for key, value in local.webapp_landing_environment_vars : key => jsonencode(value) + } + + stage_specific_environment_vars = (local.is_staging ? + local.secrets["webappLandingStagingEnvVars"] : + local.secrets["webappLandingProdEnvVars"]) + + stage_specific_environment_vars_encoded = { + for key, value in local.stage_specific_environment_vars : key => jsonencode(value) + } + + webapp_environment_vars = merge( + local.webapp_landing_environment_vars_encoded, + local.stage_specific_environment_vars_encoded, + { + "COMM_LISTEN_ADDR" = "0.0.0.0", + "COMM_NODE_ROLE" = "webapp", + "COMM_JSONCONFIG_facts_run_server_config" = local.webapp_run_server_config + }) +} + +module "webapp_service" { + source = "../modules/node_service" + + container_name = "webapp" + image = local.webapp_service_image + service_name = "webapp" + cluster_id = aws_ecs_cluster.comm_services.id + domain_name = local.is_staging ? "comm.software" : "web.comm.app" + vpc_id = aws_vpc.default.id + vpc_subnets = [aws_subnet.public_a.id, aws_subnet.public_b.id] + region = "us-east-2" + environment_vars = local.webapp_environment_vars + ecs_task_role_arn = aws_iam_role.ecs_task_role.arn + ecs_task_execution_role_arn = aws_iam_role.ecs_task_execution.arn +} + +output "webapp_service_load_balancer_dns_name" { + value = module.webapp_service.service_load_balancer_dns_name +}