Add terraform

Vylpes · Feb 9, 2024 · 37b13ef · 37b13ef
1 parent 3c5df8d
commit 37b13ef
Show file tree

Hide file tree

Showing 6 changed files with 249 additions and 1 deletion.
diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
@@ -0,0 +1,78 @@
+name: Deploy To Stage
+
+on:
+  push:
+    branches:
+      - develop
+
+jobs:
+  build:
+    environment: stage
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Use Node.js
+      uses: actions/setup-node@v1
+      with:
+        node-version: 18.x
+    - run: yarn install --frozen-lockfile
+    - run: yarn build
+    - run: yarn test
+
+    - name: RSync to Stage Server
+      uses: D3rHase/[email protected]
+      with:
+        HOST: ${{ secrets.SSH_HOST }}
+        PORT: ${{ secrets.SSH_PORT }}
+        USER: ${{ secrets.SSH_USER }}
+        PRIVATE_SSH_KEY: ${{ secrets.SSH_KEY }}
+        REPOSITORY_PATH: ${{ secrets.SSH_REPO_PATH }}
+        SERVER_PATH: ${{ secrets.SSH_SERVER_PATH }}
+
+  deploy:
+    environment: stage
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+    - uses: appleboy/[email protected]
+      env:
+        DB_NAME: ${{ secrets.DB_NAME }}
+        DB_AUTH_USER: ${{ secrets.DB_AUTH_USER }}
+        DB_AUTH_PASS: ${{ secrets.DB_AUTH_PASS }}
+        DB_HOST: ${{ secrets.DB_HOST }}
+        DB_PORT: ${{ secrets.DB_PORT }}
+        DB_ROOT_HOST: ${{ secrets.DB_ROOT_HOST }}
+        DB_SYNC: ${{ secrets.DB_SYNC }}
+        DB_LOGGING: ${{ secrets.DB_LOGGING }}
+        DB_DATA_LOCATION: ${{ secrets.DB_DATA_LOCATION }}
+        EXPRESS_PORT: ${{ secrets.EXPRESS_PORT }}
+        EXPRESS_PROTOCOL: ${{ secrets.EXPRESS_PROTOCOL }}
+        EXPRESS_SECRET: ${{ secrets.EXPRESS_SECRET }}
+        EMAIL_HOST: ${{ secrets.EMAIL_HOST }}
+        EMAIL_PORT: ${{ secrets.EMAIL_PORT }}
+        EMAIL_SECURE: ${{ secrets.EMAIL_SECURE }}
+        EMAIL_FROM_NAME: ${{ vars.EMAIL_FROM_NAME }}
+        EMAIL_FROM_ADDRESS: ${{ vars.EMAIL_FROM_ADDRESS }}
+        EMAIL_AUTH_ENABLE: ${{ secrets.EMAIL_AUTH_ENABLE }}
+        EMAIL_AUTH_USER: ${{ secrets.EMAIL_AUTH_USER }}
+        EMAIL_AUTH_PASS: ${{ secrets.EMAIL_AUTH_PASS }}
+        EMAIL_TLS_REJECT_UNAUTHORISED: ${{ secrets.EMAIL_TLS_REJECT_UNAUTHORISED }}
+        EMAIL_TEMPLATE_PASSWORDRESET_RESETLINK: ${{ vars.EMAIL_TEMPLATE_PASSWORDRESET_RESETLINK }}
+        EMAIL_TEMPLATE_VERIFYUSER_VERIFYLINK: ${{ vars.EMAIL_TEMPLATE_VERIFYUSER_VERIFYLINK }}
+      with:
+        host: ${{ secrets.SSH_HOST }}
+        username: ${{ secrets.SSH_USER }}
+        key: ${{ secrets.SSH_KEY }}
+        port: ${{ secrets.SSH_PORT }}
+        envs: DB_NAME,DB_AUTH_USER,DB_AUTH_PASS,DB_HOST,DB_PORT,DB_ROOT_HOST,DB_SYNC,DB_LOGGING,DB_DATA_LOCATION,EXPRESS_PORT,EXPRESS_PROTOCOL,EXPRESS_SECRET,EMAIL_HOST,EMAIL_PORT,EMAIL_SECURE,EMAIL_FROM_NAME,EMAIL_FROM_ADDRESS,EMAIL_AUTH_ENABLE,EMAIL_AUTH_USER,EMAIL_AUTH_PASS,EMAIL_TLS_REJECT_UNAUTHORISED,EMAIL_TEMPLATE_PASSWORDRESET_RESETLINK,EMAIL_TEMPLATE_VERIFYUSER_VERIFYLINK
+        script: |
+          cd ~/app \
+          && docker compose down \
+          && (pm2 stop droplet || true) \
+          && (pm2 delete droplet || true) \
+          && docker compose up -d \
+          && sleep 10 \
+          && yarn run db:up \
+          && pm2 start --name droplet dist/index.js
diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml
@@ -0,0 +1,23 @@
+name: Testing
+
+on:
+  push:
+    branches:
+      - feature/*
+      - hotfix/*
+      - renovate/*
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Use Node.js
+      uses: actions/setup-node@v1
+      with:
+        node-version: 18.x
+    - run: yarn install
+    - run: yarn build
+    - run: yarn test
diff --git a/.gitignore b/.gitignore
@@ -6,4 +6,8 @@ coverage/
 ormconfig.json
 yarn-error.log
 .DS_Store
-secret.txt
+secret.txt
+
+.terraform/
+*.tfvars
+*.tfstate
diff --git a/infrastructure/.terraform.lock.hcl b/infrastructure/.terraform.lock.hcl
diff --git a/infrastructure/cloud-config.yml b/infrastructure/cloud-config.yml
@@ -0,0 +1,61 @@
+#cloud-config
+
+users:
+  - default
+  - name: vylpes
+    primary-group: vylpes
+    shell: /bin/bash
+    groups: users, docker, sudo
+    ssh-authorized-keys:
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/EDwCD5t3/WpyqDwpGAJMHTfbpPT9W5ffQfVqlMFl4TA8eVzPS+H/czy3PQOMUAgVKtO1Xup8GdFovN6dMVEk4IPNNS8w8OheSUKOCsRq1A1r2vDHZ/h393l4A9jWGq2HRBdUdQhy7SDXC/VBY2Yo5IQuAhI6gaXz/AENQ0Qf5PpMevfGs2jVu+0Ic5J1ccjX+8FWXZtRi0VF84WIixUfdyNgsi0RkywlRKyas7bDAWRtfB556qrxaQd0iTdyL0sCR+XAIx5cGbf5knFUXXeQvsASczgzn6X4Jzzgnv/MB0K/nALZeETxI9IXki4yQuGSomiR9WRYSIRLZsjrWxUTwk5RPMuAofW8hr20HL5QqBLVRzFVf7RipmCug8JAx8EE1uk8SLFOJCQBwzYTTbp1KAsJtVkUL+0YEIsgFuhPcXXIN1DbHCeKu5WHKnPxx9kwW/bx9q+Id1crYFWMm/a+MJPBNhIGmv9+HAWOeSZDeROCYd9Nx3yEdT15+hn5L/GZaMyk5AbCwjFWVwUVIAt5Pcn/AkBngRc5DuA+JE7TbbeWsYyN379gwswl/IYBP6fO13V80iDwwkQdizvBCtnmD3Q200aI1unpydR4lZlpPyP0ug0t7jJSEAn9nzQmsMSw7sI9BJ3uf49Y8Qf7LPd9llQeJl+qFXpvDBcji/qHYQ== [email protected]
+    sudo: ['ALL=(ALL) NOPASSWD:ALL']
+
+apt:
+  sources:
+    docker.list:
+      source: deb [arch=amd64] https://download.docker.com/linux/debian $RELEASE stable
+      keyid: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
+    nodejs.list:
+      source: deb [signed-by=$KEY_FILE] https://deb.nodesource.com/node_18.x $RELEASE main
+      keyid: 9FD3B784BC1C6FC31A8A0A1C1655A0AB68576280
+
+write_files:
+  - path: /etc/nginx/sites-enabled/app
+    owner: root:root
+    permissions: '0775'
+    content: |
+      server {
+        server_name droplet-stage.vylpes.xyz;
+        listen 80;
+
+        location / {
+          proxy_pass http://127.0.0.1:3000;
+        }
+      }
+  - path: /opt/droplet/certbot.sh
+    owner: root:root
+    permissions: '0775'
+    content: |
+      sudo certbot --nginx -d droplet-stage.vylpes.xyz --non-interactive --agree-tos -m [email protected]
+
+packages:
+  - git
+  - rsync
+  - docker-ce
+  - docker-ce-cli
+  - containerd.io
+  - docker-buildx-plugin
+  - docker-compose-plugin
+  - nodejs
+  - nginx
+  - snapd
+
+runcmd:
+  - snap install core
+  - snap install --classic certbot
+  - ln -sf /snap/bin/cerbot /usr/bin/cerbot
+  - npm install -g yarn pm2
+  - ufw limit ssh
+  - ufw allow 80
+  - ufw allow 443
+  - ufw enable
diff --git a/infrastructure/main.tf b/infrastructure/main.tf
@@ -0,0 +1,56 @@
+# Variables
+variable "VULTR_API_KEY" {
+  description = "The Vultr API Key"
+}
+
+variable "INSTANCE_NAME" {
+  description = "The name of the project this instance is for"
+}
+
+variable "INSTANCE_ENV" {
+  description = "The environment this project will be running"
+  default = "prod"
+}
+
+variable "INSTANCE_LOCATION" {
+  description = "The location all instances will be generated in"
+  default = "lhr"
+}
+
+# Providers
+terraform {
+  required_providers {
+    vultr = {
+        source = "vultr/vultr"
+        version = "2.16.1"
+    }
+  }
+}
+
+provider "vultr" {
+  api_key = var.VULTR_API_KEY
+  rate_limit = 100
+  retry_limit = 3
+}
+
+# Resources
+resource "vultr_instance" "vps-app" {
+    label = "vps-${var.INSTANCE_NAME}-${var.INSTANCE_ENV}-${var.INSTANCE_LOCATION}-app"
+    hostname = "vps-${var.INSTANCE_NAME}-${var.INSTANCE_ENV}-${var.INSTANCE_LOCATION}-app"
+    plan = "vc2-1c-1gb"
+    region = var.INSTANCE_LOCATION
+    os_id = "2136"
+    enable_ipv6 = false
+    user_data = file("./cloud-config.yml")
+}
+
+resource "vultr_reserved_ip" "ip-app" {
+  region = var.INSTANCE_LOCATION
+  ip_type = "v4"
+  instance_id = "${vultr_instance.vps-app.id}"
+}
+
+# Outputs
+output "instance_ip" {
+    value = vultr_instance.vps-app.main_ip
+}