flow/platform
1
0
Fork 0
Code Issues Pull requests Projects Releases Activity

Compare commits

base: flow:main
Branches Tags
flow:main
flow:stackscript
flow:wip
..
compare: flow:wip
Branches Tags
flow:stackscript
flow:main
flow:wip

No commits in common. "main" and "wip" have entirely different histories.
main ... wip

5 changed files with 159 additions and 141 deletions
Show stats Expand all files Collapse all files

1
README.md
View file

@ -1 +0,0 @@
# The Flow Platform

2
config

@ -1 +1 @@
Subproject commit 099c48acfad1cc0f4a6f09cbf0e691604f9d2f74 Subproject commit d07bf63dad2132cb3d6f16641ed7f917a2b29282

25
config.go
View file

@ -12,6 +12,7 @@ type platform struct {
Instance instanceConfig `json:"instance"` Instance instanceConfig `json:"instance"`
Region string `json:"region"` Region string `json:"region"`
Tags []string `json:"tags"` Tags []string `json:"tags"`
TempIP string `json:"tempIP"`
Volumes []volumeConfig `json:"volumes"` Volumes []volumeConfig `json:"volumes"`
} }
@ -31,30 +32,22 @@ type domainRecord struct {
} }
type firewallConfig struct { type firewallConfig struct {
Label string `json:"label"` Label string `json:"label"`
Inbound firewallRuleSet `json:"inbound"`
}
type firewallRuleSet struct {
Allow []firewallRule `json:"allow"` Allow []firewallRule `json:"allow"`
Deny []firewallRule `json:"deny"` Deny []firewallRule `json:"deny"`
} }
type firewallRule struct { type firewallRule struct {
Label string `json:"label"` Label string `json:"label"`
Protocol string `json:"protocol"` Protocol string `json:"protocol"`
Ports string `json:"ports"` Ports string `json:"ports"`
SourceIpv4s []string `json:"sourceIpv4s"`
SourceIpv6s []string `json:"sourceIpv6s"`
} }
type instanceConfig struct { type instanceConfig struct {
Label string `json:"label"` Label string `json:"label"`
Type string `json:"type"` InstanceType string `json:"instanceType"`
SwapSize int `json:"swapSize"` SwapSize int `json:"swapSize"`
BackupsEnabled bool `json:"backupsEnabled"` BackupsEnabled bool `json:"backupsEnabled"`
PrivateIp bool `json:"privateIp"`
WatchdogEnabled bool `json:"watchdogEnabled"`
} }
type volumeConfig struct { type volumeConfig struct {

141
infra.go.bck Normal file
View file

@ -0,0 +1,141 @@
package main
import (
)
//type instanceOutput struct {
// ipv4 pulumi.StringOutput
// id pulumi.IntOutput
//}
//func instance(ctx *pulumi.Context) (instanceOutput, error) {
// var output instanceOutput
//
// cfg := config.New(ctx, "")
//
// region := cfg.Require("region")
// tags := []string{"flow"}
// instanceLabelID := "flow-platform"
// instanceType := "g6-standard-1"
//
// // TODO: finish instance arguments to completion
// instanceArgs := linode.InstanceArgs{
// BackupsEnabled: pulumi.Bool(false),
// Label: pulumi.String(instanceLabelID),
// PrivateIp: pulumi.Bool(false),
// Region: pulumi.String(region),
// Tags: pulumi.ToStringArray(tags),
// SwapSize: pulumi.Int(512),
// Type: pulumi.String(instanceType),
// WatchdogEnabled: pulumi.Bool(true),
// }
//
// instance, err := linode.NewInstance(ctx, instanceLabelID, &instanceArgs, pulumi.Protect(true))
// if err != nil {
// return output, fmt.Errorf("unable to update instance; %w", err)
// }
//
// instanceID := instance.ID().ToStringOutput().ApplyT(func(id string) (int, error) {
// return strconv.Atoi(id)
// }).(pulumi.IntOutput)
//
// output = instanceOutput{
// id: instanceID,
// ipv4: instance.IpAddress,
// }
//
// return output, nil
//}
//func volume(ctx *pulumi.Context, instanceID pulumi.IntInput) error {
// volumeLabelID := "flow-platform-volume"
//
// cfg := config.New(ctx, "")
//
// region := cfg.Require("region")
//
// tags := []string{"flow"}
//
// volumeArgs := linode.VolumeArgs{
// Label: pulumi.String(volumeLabelID),
// LinodeId: instanceID,
// Region: pulumi.String(region),
// Size: pulumi.Int(10),
// Tags: pulumi.ToStringArray(tags),
// }
//
// _, err := linode.NewVolume(ctx, volumeLabelID, &volumeArgs, pulumi.Protect(true))
// if err != nil {
// return fmt.Errorf("unable to update volume; %w", err)
// }
//
// return nil
//}
//func firewall(ctx *pulumi.Context, instanceID pulumi.IntOutput) error {
// allowHttp := linode.FirewallInboundArgs{
// Label: pulumi.String("accept-inbound-tcp-80"),
// Action: pulumi.String("ACCEPT"),
// Protocol: pulumi.String("TCP"),
// Ports: pulumi.String("80"),
// Ipv4s: pulumi.StringArray{
// pulumi.String("0.0.0.0/0"),
// },
// Ipv6s: pulumi.StringArray{
// pulumi.String("::/0"),
// },
// }
//
// allowHttps := linode.FirewallInboundArgs{
// Label: pulumi.String("accept-inbound-tcp-443"),
// Action: pulumi.String("ACCEPT"),
// Protocol: pulumi.String("TCP"),
// Ports: pulumi.String("443"),
// Ipv4s: pulumi.StringArray{
// pulumi.String("0.0.0.0/0"),
// },
// Ipv6s: pulumi.StringArray{
// pulumi.String("::/0"),
// },
// }
//
// tags := []string{"flow"}
//
// label := "fireflow"
//
// firewallArgs := linode.FirewallArgs{
// Label: pulumi.String(label),
// Tags: pulumi.ToStringArray(tags),
// InboundPolicy: pulumi.String("DROP"),
// Inbounds: linode.FirewallInboundArray{
// &allowHttp,
// &allowHttps,
// },
// OutboundPolicy: pulumi.String("ACCEPT"),
// Linodes: pulumi.IntArray{
// instanceID,
// },
// }
//
// _, err := linode.NewFirewall(ctx, label, &firewallArgs)
// if err != nil {
// return fmt.Errorf("unable to update the firewall; %w", err)
// }
//
// return nil
//}
//func main() {
// pulumi.Run(func(ctx *pulumi.Context) error {
// _, err := linode.NewDomainRecord(ctx, "root", &linode.DomainRecordArgs{
// DomainId: pulumi.Int(1297393),
// RecordType: pulumi.String("A"),
// Target: pulumi.String("213.52.130.52"),
// }, pulumi.Protect(true))
// if err != nil {
// return err
// }
// return nil
// })
//}

131
main.go
View file

@ -2,12 +2,11 @@ package main
import ( import (
"fmt" "fmt"
"os"
"strconv" "strconv"
"github.com/pulumi/pulumi-linode/sdk/v3/go/linode"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config" "github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
"github.com/pulumi/pulumi-linode/sdk/v3/go/linode"
) )
func main() { func main() {
@ -24,31 +23,14 @@ func infra(ctx *pulumi.Context) error {
return fmt.Errorf("unable to load the platform configuration; %w", err) return fmt.Errorf("unable to load the platform configuration; %w", err)
} }
instanceDetails, err := instance(ctx, p);
if err != nil {
return fmt.Errorf("unable to manage the instance; %w", err)
}
if err := domain(ctx, p); err != nil { if err := domain(ctx, p); err != nil {
return fmt.Errorf("unable to manage the domain; %w", err) return fmt.Errorf("unable to manage the domain; %w", err)
} }
if err := records(ctx, p, instanceDetails.ipv4); err != nil { if err := records(ctx, p); err != nil {
return fmt.Errorf("unable to manage the domain records; %w", err) return fmt.Errorf("unable to manage the domain records; %w", err)
} }
if err := firewall(ctx, p, instanceDetails.id); err != nil {
return fmt.Errorf("unable to manage the firewall; %w", err)
}
if err := volumes(ctx, p, instanceDetails.id); err != nil {
return fmt.Errorf("unable to manage the volumes; %w", err)
}
if err := readme(ctx); err != nil {
return fmt.Errorf("unable to add the README to the Stack; %w", err)
}
return nil return nil
} }
@ -58,8 +40,10 @@ func domain(ctx *pulumi.Context, cfg *platform) error {
Domain: pulumi.String(cfg.Domain.Name), Domain: pulumi.String(cfg.Domain.Name),
SoaEmail: pulumi.String(cfg.Domain.Email), SoaEmail: pulumi.String(cfg.Domain.Email),
Status: pulumi.String("active"), Status: pulumi.String("active"),
Tags: pulumi.ToStringArray(cfg.Tags), Tags: pulumi.StringArray{
Type: pulumi.String(cfg.Domain.Type), pulumi.String("flow"),
},
Type: pulumi.String(cfg.Domain.Type),
} }
_, err := linode.NewDomain(ctx, cfg.Domain.Name, &domainArgs, pulumi.Protect(true)) _, err := linode.NewDomain(ctx, cfg.Domain.Name, &domainArgs, pulumi.Protect(true))
@ -70,7 +54,7 @@ func domain(ctx *pulumi.Context, cfg *platform) error {
return nil return nil
} }
func records(ctx *pulumi.Context, cfg *platform, instanceIPv4 pulumi.StringInput) error { func records(ctx *pulumi.Context, cfg *platform) error {
domainName := cfg.Domain.Name domainName := cfg.Domain.Name
domainArgs := linode.LookupDomainArgs{ domainArgs := linode.LookupDomainArgs{
@ -92,7 +76,7 @@ func records(ctx *pulumi.Context, cfg *platform, instanceIPv4 pulumi.StringInput
DomainId: pulumi.Int(domainID), DomainId: pulumi.Int(domainID),
Name: pulumi.String(r.Name), Name: pulumi.String(r.Name),
RecordType: pulumi.String(r.Type), RecordType: pulumi.String(r.Type),
Target: instanceIPv4, Target: pulumi.String(cfg.TempIP),
TtlSec: pulumi.Int(r.TtlSec), TtlSec: pulumi.Int(r.TtlSec),
} }
@ -104,102 +88,3 @@ func records(ctx *pulumi.Context, cfg *platform, instanceIPv4 pulumi.StringInput
return nil return nil
} }
func firewall(ctx *pulumi.Context, cfg *platform, instanceID pulumi.IntInput) error {
inbounds := linode.FirewallInboundArray{}
for _, a := range cfg.Firewall.Inbound.Allow {
allow := linode.FirewallInboundArgs{
Label: pulumi.String(a.Label),
Action: pulumi.String("ACCEPT"),
Protocol: pulumi.String(a.Protocol),
Ports: pulumi.String(a.Ports),
Ipv4s: pulumi.ToStringArray(a.SourceIpv4s),
Ipv6s: pulumi.ToStringArray(a.SourceIpv6s),
}
inbounds = append(inbounds, allow)
}
firewallArgs := linode.FirewallArgs{
Label: pulumi.String(cfg.Firewall.Label),
Tags: pulumi.ToStringArray(cfg.Tags),
InboundPolicy: pulumi.String("DROP"),
Inbounds: inbounds,
OutboundPolicy: pulumi.String("ACCEPT"),
Linodes: pulumi.IntArray{
instanceID,
},
}
_, err := linode.NewFirewall(ctx, cfg.Firewall.Label, &firewallArgs)
if err != nil {
return fmt.Errorf("unable to update the firewall; %w", err)
}
return nil
}
func volumes(ctx *pulumi.Context, cfg *platform, instanceID pulumi.IntInput) error {
for _, v := range cfg.Volumes {
args := linode.VolumeArgs{
Label: pulumi.String(v.Label),
LinodeId: instanceID,
Region: pulumi.String(cfg.Region),
Size: pulumi.Int(v.Size),
Tags: pulumi.ToStringArray(cfg.Tags),
}
_, err := linode.NewVolume(ctx, v.Label, &args, pulumi.Protect(true))
if err != nil {
return fmt.Errorf("unable to update volume; %w", err)
}
}
return nil
}
type instanceOutput struct {
ipv4 pulumi.StringOutput
id pulumi.IntOutput
}
func instance(ctx *pulumi.Context, cfg *platform) (instanceOutput, error) {
instanceArgs := linode.InstanceArgs{
BackupsEnabled: pulumi.Bool(cfg.Instance.BackupsEnabled),
Label: pulumi.String(cfg.Instance.Label),
PrivateIp: pulumi.Bool(cfg.Instance.PrivateIp),
Region: pulumi.String(cfg.Region),
Tags: pulumi.ToStringArray(cfg.Tags),
SwapSize: pulumi.Int(cfg.Instance.SwapSize),
Type: pulumi.String(cfg.Instance.Type),
WatchdogEnabled: pulumi.Bool(cfg.Instance.WatchdogEnabled),
}
instance, err := linode.NewInstance(ctx, cfg.Instance.Label, &instanceArgs, pulumi.Protect(true))
if err != nil {
return instanceOutput{}, fmt.Errorf("unable to update instance; %w", err)
}
instanceID := instance.ID().ToStringOutput().ApplyT(func(id string) (int, error) {
return strconv.Atoi(id)
}).(pulumi.IntOutput)
output := instanceOutput{
id: instanceID,
ipv4: instance.IpAddress,
}
return output, nil
}
func readme(ctx *pulumi.Context) error {
data, err := os.ReadFile("./README.md")
if err != nil {
return fmt.Errorf("unable to read README.md; %w", err)
}
ctx.Export("readme", pulumi.String(string(data)))
return nil
}