Page Menu
Home
Phorge
Search
Configure Global Search
Log In
Files
F32534660
D12800.1767158008.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Flag For Later
Award Token
Size
11 KB
Referenced Files
None
Subscribers
None
D12800.1767158008.diff
View Options
diff --git a/services/terraform/self-host/.gitignore b/services/terraform/self-host/.gitignore
--- a/services/terraform/self-host/.gitignore
+++ b/services/terraform/self-host/.gitignore
@@ -1,3 +1,5 @@
+.env
+
# Local .terraform directories
**/.terraform/*
diff --git a/services/terraform/self-host/aws_db.tf b/services/terraform/self-host/aws_db.tf
--- a/services/terraform/self-host/aws_db.tf
+++ b/services/terraform/self-host/aws_db.tf
@@ -1,3 +1,10 @@
+locals {
+ mariadb_database_name = local.local_with_default_environment_vars.COMM_DATABASE_DATABASE
+ mariadb_username = local.local_with_default_environment_vars.COMM_DATABASE_USER
+ mariadb_password = local.local_with_default_environment_vars.COMM_DATABASE_PASSWORD
+ mariadb_port = jsondecode(local.local_with_default_environment_vars.COMM_DATABASE_PORT)
+}
+
# MariaDB Security Group
resource "aws_security_group" "keyserver_mariadb_security_group" {
name = "keyserver-mariadb-sg"
@@ -6,15 +13,15 @@
# Inbound rules
ingress {
- from_port = 3307
- to_port = 3307
+ from_port = local.mariadb_port
+ to_port = local.mariadb_port
protocol = "tcp"
security_groups = [aws_security_group.keyserver_service.id]
}
ingress {
- from_port = 3307
- to_port = 3307
+ from_port = local.mariadb_port
+ to_port = local.mariadb_port
protocol = "tcp"
cidr_blocks = ["${var.allowed_ip}/32"]
}
@@ -40,12 +47,12 @@
instance_class = "db.m6g.large"
db_subnet_group_name = aws_db_subnet_group.public_db_subnet_group.name
vpc_security_group_ids = [aws_security_group.keyserver_mariadb_security_group.id]
- username = var.mariadb_username
- password = var.mariadb_password
+ username = local.mariadb_username
+ password = local.mariadb_password
parameter_group_name = aws_db_parameter_group.mariadb_parameter_group.name
storage_encrypted = true
publicly_accessible = true
- port = 3307
+ port = local.mariadb_port
skip_final_snapshot = true
}
@@ -103,11 +110,11 @@
provisioner "local-exec" {
command = <<EOT
- mysql --user=${var.mariadb_username} \
- --port=3307 \
+ mysql --user=${local.mariadb_username} \
+ --port=${local.mariadb_port} \
--host=${aws_db_instance.mariadb.address} \
- --execute="CREATE DATABASE IF NOT EXISTS comm;" \
- --password=${var.mariadb_password}
+ --execute="CREATE DATABASE IF NOT EXISTS ${local.mariadb_database_name};" \
+ --password=${local.mariadb_password}
EOT
}
}
diff --git a/services/terraform/self-host/env.tf b/services/terraform/self-host/env.tf
new file mode 100644
--- /dev/null
+++ b/services/terraform/self-host/env.tf
@@ -0,0 +1,23 @@
+data "dotenv" "local" {}
+
+locals {
+ default_environment_vars = {
+ "COMM_DATABASE_PORT" = "3307"
+ }
+
+ local_with_default_environment_vars = merge(
+ local.default_environment_vars,
+ data.dotenv.local.entries
+ )
+
+ aws_resource_environment_vars = {
+ "REDIS_URL" = "rediss://${aws_elasticache_serverless_cache.redis.endpoint[0].address}:6379"
+ "COMM_DATABASE_HOST" = "${aws_db_instance.mariadb.address}"
+ }
+
+ shared_environment_vars = merge(
+ local.local_with_default_environment_vars,
+ local.aws_resource_environment_vars
+ )
+}
+
diff --git a/services/terraform/self-host/keyserver_primary.tf b/services/terraform/self-host/keyserver_primary.tf
--- a/services/terraform/self-host/keyserver_primary.tf
+++ b/services/terraform/self-host/keyserver_primary.tf
@@ -2,6 +2,18 @@
keyserver_service_image_tag = "1.0.100"
keyserver_service_server_image = "commapp/keyserver:${local.keyserver_service_image_tag}"
keyserver_primary_container_name = "keyserver-primary"
+
+ primary_environment_vars = merge(local.shared_environment_vars,
+ {
+ "COMM_NODE_ROLE" = "primary"
+ })
+
+ primary_environment = [
+ for name, value in local.primary_environment_vars : {
+ name = name
+ value = value
+ }
+ ]
}
resource "aws_cloudwatch_log_group" "keyserver_primary_service" {
@@ -40,76 +52,7 @@
},
]
- environment = [
- {
- name = "REDIS_URL"
- value = "rediss://${aws_elasticache_serverless_cache.redis.endpoint[0].address}:6379"
- },
- {
- name = "COMM_NODE_ROLE"
- value = "primary"
- },
- {
- name = "COMM_LISTEN_ADDR"
- value = "0.0.0.0"
- },
- {
- name = "COMM_DATABASE_HOST"
- value = "${aws_db_instance.mariadb.address}"
- },
- {
- name = "COMM_DATABASE_DATABASE"
- value = "comm"
- },
- {
- name = "COMM_DATABASE_PORT"
- value = "3307"
- },
- {
- name = "COMM_DATABASE_USER"
- value = "${var.mariadb_username}"
- },
- {
- name = "COMM_DATABASE_PASSWORD"
- value = "${var.mariadb_password}"
- },
- {
- name = "COMM_JSONCONFIG_secrets_user_credentials"
- value = jsonencode(var.keyserver_user_credentials)
- },
- {
- name = "COMM_JSONCONFIG_facts_webapp_cors"
- value = jsonencode({
- "domain" : "https://web.comm.app"
- })
- },
- {
- name = "COMM_JSONCONFIG_facts_keyserver_url"
- value = jsonencode({
- "baseDomain" : "https://${var.domain_name}",
- "basePath" : "/",
- "baseRoutePath" : "/",
- "https" : true,
- "proxy" : "aws"
- })
- },
- {
- name = "COMM_JSONCONFIG_secrets_identity_service_config",
- value = jsonencode({
- "identitySocketAddr" : "${var.identity_socket_address}"
- })
- },
- {
- name = "COMM_JSONCONFIG_facts_authoritative_keyserver",
- value = jsonencode(var.authoritative_keyserver_config),
- },
- {
- name = "COMM_JSONCONFIG_facts_tunnelbroker",
- value = jsonencode({
- "url" : "${var.tunnelbroker_url}"
- })
- }
- ]
+ environment = local.primary_environment
logConfiguration = {
"logDriver" = "awslogs"
"options" = {
@@ -199,5 +142,3 @@
create_before_destroy = true
}
}
-
-
diff --git a/services/terraform/self-host/keyserver_secondary.tf b/services/terraform/self-host/keyserver_secondary.tf
--- a/services/terraform/self-host/keyserver_secondary.tf
+++ b/services/terraform/self-host/keyserver_secondary.tf
@@ -1,5 +1,17 @@
locals {
keyserver_secondary_container_name = "keyserver-secondary"
+
+ secondary_environment_vars = merge(local.shared_environment_vars,
+ {
+ "COMM_NODE_ROLE" = "secondary"
+ })
+
+ secondary_environment = [
+ for name, value in local.secondary_environment_vars : {
+ name = name
+ value = value
+ }
+ ]
}
resource "aws_cloudwatch_log_group" "keyserver_secondary_service" {
@@ -36,76 +48,7 @@
},
]
- environment = [
- {
- name = "REDIS_URL"
- value = "rediss://${aws_elasticache_serverless_cache.redis.endpoint[0].address}:6379"
- },
- {
- name = "COMM_NODE_ROLE"
- value = "secondary"
- },
- {
- name = "COMM_LISTEN_ADDR"
- value = "0.0.0.0"
- },
- {
- name = "COMM_DATABASE_HOST"
- value = "${aws_db_instance.mariadb.address}"
- },
- {
- name = "COMM_DATABASE_DATABASE"
- value = "comm"
- },
- {
- name = "COMM_DATABASE_PORT"
- value = "3307"
- },
- {
- name = "COMM_DATABASE_USER"
- value = "${var.mariadb_username}"
- },
- {
- name = "COMM_DATABASE_PASSWORD"
- value = "${var.mariadb_password}"
- },
- {
- name = "COMM_JSONCONFIG_secrets_user_credentials"
- value = jsonencode(var.keyserver_user_credentials)
- },
- {
- name = "COMM_JSONCONFIG_facts_keyserver_url"
- value = jsonencode({
- "baseDomain" : "https://${var.domain_name}",
- "basePath" : "/",
- "baseRoutePath" : "/",
- "https" : true,
- "proxy" : "aws"
- })
- },
- {
- name = "COMM_JSONCONFIG_facts_webapp_cors"
- value = jsonencode({
- "domain" : "https://web.comm.app"
- })
- },
- {
- name = "COMM_JSONCONFIG_facts_tunnelbroker",
- value = jsonencode({
- "url" : "${var.tunnelbroker_url}"
- })
- },
- {
- name = "COMM_JSONCONFIG_secrets_identity_service_config",
- value = jsonencode({
- "identitySocketAddr" : "${var.identity_socket_address}"
- })
- },
- {
- name = "COMM_JSONCONFIG_facts_authoritative_keyserver",
- value = jsonencode(var.authoritative_keyserver_config),
- }
- ]
+ environment = local.secondary_environment
logConfiguration = {
"logDriver" = "awslogs"
"options" = {
diff --git a/services/terraform/self-host/providers.tf b/services/terraform/self-host/providers.tf
--- a/services/terraform/self-host/providers.tf
+++ b/services/terraform/self-host/providers.tf
@@ -4,5 +4,9 @@
source = "hashicorp/aws"
version = "~> 5.32.0"
}
+ dotenv = {
+ source = "germanbrew/dotenv"
+ version = "1.1.2"
+ }
}
}
diff --git a/services/terraform/self-host/variables.tf b/services/terraform/self-host/variables.tf
--- a/services/terraform/self-host/variables.tf
+++ b/services/terraform/self-host/variables.tf
@@ -1,30 +1,8 @@
-variable "keyserver_user_credentials" {
- description = "Credentials for user authentication"
- type = object({
- username = string
- password = string
- usingIdentityCredentials = optional(bool)
- force = optional(bool)
- })
-}
-
variable "domain_name" {
description = "Domain name for your keyserver"
type = string
}
-variable "mariadb_username" {
- description = "MariaDB username"
- type = string
- sensitive = true
-}
-
-variable "mariadb_password" {
- description = "MariaDB password"
- type = string
- sensitive = true
-}
-
variable "region" {
description = "The AWS region to deploy your keyserver in"
type = string
@@ -40,14 +18,6 @@
description = "Use non-default vpc and subnets"
}
-variable "authoritative_keyserver_config" {
- description = "Authoritative keyserver user id"
- type = object({
- authoritativeKeyserverID = optional(string)
- })
- default = {}
-}
-
variable "availability_zone_1" {
description = "First availability zone for vpc subnet if user created vpc"
type = string
@@ -60,18 +30,6 @@
default = "us-west-1c"
}
-variable "identity_socket_address" {
- description = "The socket address to access the identity service"
- type = string
- default = "https://identity.commtechnologies.org:50054"
-}
-
-variable "tunnelbroker_url" {
- description = "The address to access the tunnelbroker service"
- type = string
- default = "wss://tunnelbroker.commtechnologies.org:51001"
-}
-
variable "db_instance_class" {
description = "The instance class for the MariaDB RDS instance"
type = string
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Wed, Dec 31, 5:13 AM (16 h, 57 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
5872135
Default Alt Text
D12800.1767158008.diff (11 KB)
Attached To
Mode
D12800: [terraform] use `.env` in self-host folder for keyserver config variables instead of specifying values in terraform.tfvars or terraform.tfvars.json
Attached
Detach File
Event Timeline
Log In to Comment