package main import ( "fmt" "strconv" "github.com/pulumi/pulumi-linode/sdk/v3/go/linode" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" "github.com/pulumi/pulumi/sdk/v3/go/pulumi/config" ) func main() { pulumi.Run(infra) } func infra(ctx *pulumi.Context) error { cfg := config.New(ctx, "") platformConfigFile := cfg.Require("file") p, err := newConfig(platformConfigFile) if err != nil { return fmt.Errorf("unable to load the platform configuration; %w", err) } instance, err := getInstance(ctx, p) if err != nil { return err } if err := domain(ctx, p); err != nil { return fmt.Errorf("unable to manage the domain; %w", err) } if err := records(ctx, p); err != nil { return fmt.Errorf("unable to manage the domain records; %w", err) } if err := firewall(ctx, p, instance.Instances[0].Id); err != nil { return fmt.Errorf("unable to manage the firewall; %w", err) } return nil } func getInstance(ctx *pulumi.Context, cfg *platform) (*linode.GetInstancesResult, error) { args := linode.GetInstancesArgs{ Filters: []linode.GetInstancesFilter{ { Name: "label", Values: []string{cfg.Instance.Label}, }, }, } instance, err := linode.GetInstances(ctx, &args) if err != nil { return nil, fmt.Errorf("unable to get instance details; %w", err) } return instance, nil } func domain(ctx *pulumi.Context, cfg *platform) error { domainArgs := linode.DomainArgs{ Description: pulumi.String(cfg.Domain.Description), Domain: pulumi.String(cfg.Domain.Name), SoaEmail: pulumi.String(cfg.Domain.Email), Status: pulumi.String("active"), Tags: pulumi.ToStringArray(cfg.Tags), Type: pulumi.String(cfg.Domain.Type), } _, err := linode.NewDomain(ctx, cfg.Domain.Name, &domainArgs, pulumi.Protect(true)) if err != nil { return err } return nil } func records(ctx *pulumi.Context, cfg *platform) error { domainName := cfg.Domain.Name domainArgs := linode.LookupDomainArgs{ Domain: &domainName, } domain, err := linode.LookupDomain(ctx, &domainArgs, nil) if err != nil { return fmt.Errorf("unable to lookup domain %s; %w", domainName, err) } domainID, err := strconv.Atoi(*domain.Id) if err != nil { return fmt.Errorf("unable to get the Domain ID; %w", err) } for _, r := range cfg.Domain.Records { args := linode.DomainRecordArgs{ DomainId: pulumi.Int(domainID), Name: pulumi.String(r.Name), RecordType: pulumi.String(r.Type), Target: pulumi.String(cfg.TempIP), TtlSec: pulumi.Int(r.TtlSec), } _, err := linode.NewDomainRecord(ctx, r.Label, &args, nil) if err != nil { return fmt.Errorf("unable to update the domain record '%s'; %w", r.Name, err) } } return nil } func firewall(ctx *pulumi.Context, cfg *platform, instanceID int) error { inbounds := linode.FirewallInboundArray{} for _, a := range cfg.Firewall.Inbound.Allow { allow := linode.FirewallInboundArgs{ Label: pulumi.String(a.Label), Action: pulumi.String("ACCEPT"), Protocol: pulumi.String(a.Protocol), Ports: pulumi.String(a.Ports), Ipv4s: pulumi.ToStringArray(a.SourceIpv4s), Ipv6s: pulumi.ToStringArray(a.SourceIpv6s), } inbounds = append(inbounds, allow) } firewallArgs := linode.FirewallArgs{ Label: pulumi.String(cfg.Firewall.Label), Tags: pulumi.ToStringArray(cfg.Tags), InboundPolicy: pulumi.String("DROP"), Inbounds: inbounds, OutboundPolicy: pulumi.String("ACCEPT"), Linodes: pulumi.IntArray{ pulumi.Int(instanceID), }, } _, err := linode.NewFirewall(ctx, cfg.Firewall.Label, &firewallArgs) if err != nil { return fmt.Errorf("unable to update the firewall; %w", err) } return nil }