flow/platform
1
0
Fork 0
Code Issues Pull requests Projects Releases Activity
platform/infra.go

181 lines
4.2 KiB
Go
Raw Blame History

package main
import (
"fmt"
"strconv"
"github.com/pulumi/pulumi-linode/sdk/v3/go/linode"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
type instanceOutput struct {
ipv4 pulumi.StringOutput
id pulumi.IntOutput
}
func instance(ctx *pulumi.Context) (instanceOutput, error) {
var output instanceOutput
cfg := config.New(ctx, "")
region := cfg.Require("region")
tags := []string{"flow"}
instanceLabelID := "flow-platform"
instanceType := "g6-standard-1"
// TODO: finish instance arguments to completion
instanceArgs := linode.InstanceArgs{
BackupsEnabled: pulumi.Bool(false),
Label: pulumi.String(instanceLabelID),
PrivateIp: pulumi.Bool(false),
Region: pulumi.String(region),
Tags: pulumi.ToStringArray(tags),
SwapSize: pulumi.Int(512),
Type: pulumi.String(instanceType),
WatchdogEnabled: pulumi.Bool(true),
}
instance, err := linode.NewInstance(ctx, instanceLabelID, &instanceArgs, pulumi.Protect(true))
if err != nil {
return output, fmt.Errorf("unable to update instance; %w", err)
}
instanceID := instance.ID().ToStringOutput().ApplyT(func(id string) (int, error) {
return strconv.Atoi(id)
}).(pulumi.IntOutput)
output = instanceOutput{
id: instanceID,
ipv4: instance.IpAddress,
}
return output, nil
}
func volume(ctx *pulumi.Context, instanceID pulumi.IntInput) error {
volumeLabelID := "flow-platform-volume"
cfg := config.New(ctx, "")
region := cfg.Require("region")
tags := []string{"flow"}
volumeArgs := linode.VolumeArgs{
Label: pulumi.String(volumeLabelID),
LinodeId: instanceID,
Region: pulumi.String(region),
Size: pulumi.Int(10),
Tags: pulumi.ToStringArray(tags),
}
_, err := linode.NewVolume(ctx, volumeLabelID, &volumeArgs, pulumi.Protect(true))
if err != nil {
return fmt.Errorf("unable to update volume; %w", err)
}
return nil
}
func firewall(ctx *pulumi.Context, instanceID pulumi.IntOutput) error {
allowHttp := linode.FirewallInboundArgs{
Label: pulumi.String("accept-inbound-tcp-80"),
Action: pulumi.String("ACCEPT"),
Protocol: pulumi.String("TCP"),
Ports: pulumi.String("80"),
Ipv4s: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
},
Ipv6s: pulumi.StringArray{
pulumi.String("::/0"),
},
}
allowHttps := linode.FirewallInboundArgs{
Label: pulumi.String("accept-inbound-tcp-443"),
Action: pulumi.String("ACCEPT"),
Protocol: pulumi.String("TCP"),
Ports: pulumi.String("443"),
Ipv4s: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
},
Ipv6s: pulumi.StringArray{
pulumi.String("::/0"),
},
}
tags := []string{"flow"}
label := "fireflow"
firewallArgs := linode.FirewallArgs{
Label: pulumi.String(label),
Tags: pulumi.ToStringArray(tags),
InboundPolicy: pulumi.String("DROP"),
Inbounds: linode.FirewallInboundArray{
&allowHttp,
&allowHttps,
},
OutboundPolicy: pulumi.String("ACCEPT"),
Linodes: pulumi.IntArray{
instanceID,
},
}
_, err := linode.NewFirewall(ctx, label, &firewallArgs)
if err != nil {
return fmt.Errorf("unable to update the firewall; %w", err)
}
return nil
}
func records(ctx *pulumi.Context, ipv4 pulumi.StringOutput) error {
cfg := config.New(ctx, "")
rootDomainName := cfg.Require("rootDomain")
domainArgs := linode.LookupDomainArgs{
Domain: &rootDomainName,
}
domain, err := linode.LookupDomain(ctx, &domainArgs, nil)
if err != nil {
return fmt.Errorf("unable to lookup domain %s; %w", rootDomainName, err)
}
domainID, err := strconv.Atoi(*domain.Id)
if err != nil {
return fmt.Errorf("unable to get the Domain ID; %w", err)
}
records := make(map[string]string)
cfg.RequireObject("records", &records)
for _, r := range records {
args := linode.DomainRecordArgs{
DomainId: pulumi.Int(domainID),
Name: pulumi.String(r),
RecordType: pulumi.String("A"),
Target: ipv4,
TtlSec: pulumi.Int(300),
}
var resourceName string
if r == "." {
resourceName = "root-record"
} else {
resourceName = r + "-record"
}
_, err := linode.NewDomainRecord(ctx, resourceName, &args, nil)
if err != nil {
return fmt.Errorf("unable to update the domain record '%s'; %w", r, err)
}
}
return nil
}
Reference in a new issue View git blame Copy permalink