infra: add ttrss ssm resources

author: clarkzjw <[email protected]> 2022-12-12 00:03:53 -0800
committer: clarkzjw <[email protected]> 2022-12-12 01:01:06 -0800
commit: fe8cd972b5b72b8983c3f7fd6e7153c78ed278ea (patch)
tree: dbefb0b7dc8178ea1fb979303d73230f67b0f02e
parent: 02288734f6ca91c4a39df80435c0151f1a2dfa86 (diff)
download: jinwei.me-fe8cd972b5b72b8983c3f7fd6e7153c78ed278ea.tar.gz
16 files changed, 256 insertions, 1 deletions
diff --git a/jinwei.me/infra/rds.tf b/jinwei.me/infra/rds.tf
index 3abac21..d55f688 100644
--- a/jinwei.me/infra/rds.tf
+++ b/jinwei.me/infra/rds.tf
@@ -1,4 +1,3 @@
 resource "aws_db_parameter_group" "jinwei-me" {
  name   = var.name
  family = var.rds_parameter_group
diff --git a/rss.jinwei.me/config/ansible.cfg b/rss.jinwei.me/config/ansible.cfg
new file mode 100644
index 0000000..9345045
--- /dev/null
+++ b/rss.jinwei.me/config/ansible.cfg
@@ -0,0 +1,14 @@
+[defaults]
+host_key_checking = False
+transport = ssh
+remote_user = admin
+roles_path = roles
+inventory = inventory
+force_color = True
+interpreter_python = auto_silent
+[connection]
+pipelining = True
+[privilege_escalation]
+become = True
diff --git a/rss.jinwei.me/config/inventory/aws_ec2.yaml b/rss.jinwei.me/config/inventory/aws_ec2.yaml
new file mode 100644
index 0000000..100d95b
--- /dev/null
+++ b/rss.jinwei.me/config/inventory/aws_ec2.yaml
@@ -0,0 +1,7 @@
+plugin: aws_ec2
+regions:
+  - us-west-2
+hostnames:
+  - tag:Name
+compose:
+  ansible_host: public_ip_address
diff --git a/rss.jinwei.me/config/requirements.yaml b/rss.jinwei.me/config/requirements.yaml
new file mode 100644
index 0000000..5229cc7
--- /dev/null
+++ b/rss.jinwei.me/config/requirements.yaml
@@ -0,0 +1,10 @@
+---
+collections:
+  - name: amazon.aws
+    version: 3.2.0
+  - name: community.general
+    version: 4.7.0
+  - name: ansible.posix
+    version: 1.3.0
+  - name: community.docker
+    version: 3.2.1
diff --git a/rss.jinwei.me/config/role.yaml b/rss.jinwei.me/config/role.yaml
new file mode 100644
index 0000000..ab3fca5
--- /dev/null
+++ b/rss.jinwei.me/config/role.yaml
@@ -0,0 +1,3 @@
+- hosts: "{{ target }}"
+  roles:
+    - role: "{{ role }}"
diff --git a/rss.jinwei.me/config/roles/rss/defaults/main.yaml b/rss.jinwei.me/config/roles/rss/defaults/main.yaml
new file mode 100644
index 0000000..28f1f39
--- /dev/null
+++ b/rss.jinwei.me/config/roles/rss/defaults/main.yaml
@@ -0,0 +1 @@
+rss_home: /opt/rss
diff --git a/rss.jinwei.me/config/roles/rss/tasks/main.yaml b/rss.jinwei.me/config/roles/rss/tasks/main.yaml
new file mode 100644
index 0000000..16091cb
--- /dev/null
+++ b/rss.jinwei.me/config/roles/rss/tasks/main.yaml
@@ -0,0 +1,17 @@
+- name: render Dockerfile.rssbot
+  template:
+    src: Dockerfile.rssbot.j2
+    dest: "{{ rss_home }}/Dockerfile.rssbot"
+    mode: 0644
+- name: render docker-compose
+  template:
+    src: docker-compose.yaml.j2
+    dest: "{{ rss_home }}/docker-compose.yaml"
+    mode: 0644
+- name: Start rss toolchain using docker-compose
+  community.docker.docker_compose:
+    project_name: rss
+    project_src: "{{ rss_home }}"
+  register: output
diff --git a/rss.jinwei.me/config/roles/rss/templates/Dockerfile.rssbot.j2 b/rss.jinwei.me/config/roles/rss/templates/Dockerfile.rssbot.j2
new file mode 100644
index 0000000..f7eab63
--- /dev/null
+++ b/rss.jinwei.me/config/roles/rss/templates/Dockerfile.rssbot.j2
@@ -0,0 +1,12 @@
+FROM alpine:3.17
+ENV VERSION={{ lookup('aws_ssm', '/jinwei-me/tgbot/version') }}
+ENV TOKEN ""
+WORKDIR /app
+ADD https://github.com/iovxw/rssbot/releases/download/${VERSION}/rssbot-en-x86_64-unknown-linux-musl /app/rssbot
+RUN chmod +x /app/rssbot
+CMD ["sh", "-c", "./rssbot ${TOKEN}"]
diff --git a/rss.jinwei.me/config/roles/rss/templates/docker-compose.yaml.j2 b/rss.jinwei.me/config/roles/rss/templates/docker-compose.yaml.j2
new file mode 100644
index 0000000..fd556dc
--- /dev/null
+++ b/rss.jinwei.me/config/roles/rss/templates/docker-compose.yaml.j2
@@ -0,0 +1,32 @@
+version: "3"
+services:
+  ttrss:
+    image: wangqiru/ttrss:nightly-2022-08-09
+    container_name: ttrss
+    environment:
+      - SELF_URL_PATH={{ lookup('aws_ssm', '/jinwei-me/ttrss/url') }}
+      - DB_HOST={{ lookup('aws_ssm', '/jinwei-me/mysql/host') }}
+      - DB_PORT={{ lookup('aws_ssm', '/jinwei-me/mysql/port') }}
+      - DB_NAME={{ lookup('aws_ssm', '/jinwei-me/mysql/ttrss_db_name') }}
+      - DB_USER={{ lookup('aws_ssm', '/jinwei-me/mysql/ttrss_db_user') }}
+      - DB_PASS={{ lookup('aws_ssm', '/jinwei-me/mysql/ttrss_db_password') }}
+      - PUID=1000
+      - PGID=1000
+    volumes:
+      - {{ rss_home }}/feed-icons:/var/www/feed-icons/
+    stdin_open: true
+    tty: true
+    restart: always
+  mercury:
+    image: wangqiru/mercury-parser-api:latest
+    container_name: ttrss_mercury
+    restart: always
+  rssbot:
+    build:
+      dockerfile: ./Dockerfile.rssbot
+    container_name: ttrss_rssbot
+    restart: always
+    environment:
+      - TOKEN={{ lookup('aws_ssm', '/jinwei-me/tgbot/token') }}
diff --git a/rss.jinwei.me/config/site.yaml b/rss.jinwei.me/config/site.yaml
new file mode 100644
index 0000000..56e2355
--- /dev/null
+++ b/rss.jinwei.me/config/site.yaml
@@ -0,0 +1,3 @@
+- hosts: jinwei-me
+  roles:
+    - role: rss
diff --git a/rss.jinwei.me/infra/.terraform.lock.hcl b/rss.jinwei.me/infra/.terraform.lock.hcl
new file mode 100644
index 0000000..8ab32aa
--- /dev/null
+++ b/rss.jinwei.me/infra/.terraform.lock.hcl
@@ -0,0 +1,66 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+provider "registry.terraform.io/cloudflare/cloudflare" {
+  version     = "3.29.0"
+  constraints = "~> 3.29"
+  hashes = [
+    "h1:iGDvVJ6kdlopyhR3ONeoh8gZWZg8+M/seP7VM7gOp1I=",
+    "zh:0947f7f9e0234aaeb6b5f344de4148a6379d05370937e1c255872697803c17cc",
+    "zh:17abb230abd852e0e4ed9921cd9aaf03336ad4a13a25b1040ed86cdbddf05123",
+    "zh:2ddf550dbdf5c58bbb8d14de6b2dc76627bb92787b99328300fb312c51e12d1f",
+    "zh:4645758bdefe52c1aa260368522aff6fcb4e508c918e9b2c263c9debd7d71684",
+    "zh:6047320a05d07045f7fb4b24c2540600473a94fc15a24ef99339a6690ab47dfe",
+    "zh:6db2d4e4bc3ab8b6107aec80a8041388c2a7722472c5efa6caf8435a453b1f33",
+    "zh:8b6b75a75567ae44a788128aebcbb59cebd9a9dbc4ddc1b05f4455734363d55a",
+    "zh:90c51deb4e96690ed73d8b8498d5ab2d7bb78597861bbef23fab18764371deb0",
+    "zh:9b0f89952afb5d00e31fb745f1ebb4ef677591ca62c002c744d23bcaa0d51e9a",
+    "zh:9cfe38d8ef5515d164f59b5f4ddc14bb8817051ea4efed54cb7834c66492dd79",
+    "zh:acf89e44b8643d52186ef5155c8889845681471abb60a933017cda9bc38d86ef",
+    "zh:c09205c6f1e39994c2f707cce0758a2cd16949b33566a724644593d2a616ea41",
+    "zh:c5412f2868592db091b91361b7a85fa3a1a97282e9e6e1c5883dd5f6b5f2e86c",
+    "zh:ff93702ca9a99863914718ae4214acffa1a72d481c8e1d3254ccf5930a2d7e10",
+  ]
+}
+provider "registry.terraform.io/hashicorp/aws" {
+  version     = "4.46.0"
+  constraints = "~> 4.46"
+  hashes = [
+    "h1:EZB4OgvytV38JpWyye9zoMQ0bfT9yB9xSXM5NY3Lrws=",
+    "zh:1678e6a4bdb3d81a6713adc62ca0fdb8250c584e10c10d1daca72316e9db8df2",
+    "zh:329903acf86ef6072502736dff4c43c2b50f762a958f76aa924e2d74c7fca1e3",
+    "zh:33db8131fe0ec7e1d9f30bc9f65c2440e9c1f708d681b6062757a351f1df7ce6",
+    "zh:3a3b010bc393784c16f4b6cdce7f76db93d5efa323fce4920bfea9e9ba6abe44",
+    "zh:979e2713a5759a7483a065e149e3cb69db9225326fc0457fa3fc3a48aed0c63f",
+    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+    "zh:9efcf0067e16ad53da7504178a05eb2118770b4ae00c193c10ecad4cbfce308e",
+    "zh:a10655bf1b6376ab7f3e55efadf54dc70f7bd07ca11369557c312095076f9d62",
+    "zh:b0394dd42cbd2a718a7dd7ae0283f04769aaf8b3d52664e141da59c0171a11ab",
+    "zh:b958e614c2cf6d9c05a6ad5e94dc5c04b97ebfb84415da068be5a081b5ebbe24",
+    "zh:ba5069e624210c63ad9e633a8eb0108b21f2322bc4967ba2b82d09168c466888",
+    "zh:d7dfa597a17186e7f4d741dd7111849f1c0dd6f7ebc983043d8262d2fb37b408",
+    "zh:e8a641ca2c99f96d64fa2725875e797273984981d3e54772a2823541c44e3cd3",
+    "zh:f89898b7067c4246293a8007f59f5cfcac7b8dd251d39886c7a53ba596251466",
+    "zh:fb1e1df1d5cc208e08a850f8e84423bce080f01f5e901791c79df369d3ed52f2",
+  ]
+}
+provider "registry.terraform.io/hashicorp/random" {
+  version = "3.4.3"
+  hashes = [
+    "h1:xZGZf18JjMS06pFa4NErzANI98qi59SEcBsOcS2P2yQ=",
+    "zh:41c53ba47085d8261590990f8633c8906696fa0a3c4b384ff6a7ecbf84339752",
+    "zh:59d98081c4475f2ad77d881c4412c5129c56214892f490adf11c7e7a5a47de9b",
+    "zh:686ad1ee40b812b9e016317e7f34c0d63ef837e084dea4a1f578f64a6314ad53",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:84103eae7251384c0d995f5a257c72b0096605048f757b749b7b62107a5dccb3",
+    "zh:8ee974b110adb78c7cd18aae82b2729e5124d8f115d484215fd5199451053de5",
+    "zh:9dd4561e3c847e45de603f17fa0c01ae14cae8c4b7b4e6423c9ef3904b308dda",
+    "zh:bb07bb3c2c0296beba0beec629ebc6474c70732387477a65966483b5efabdbc6",
+    "zh:e891339e96c9e5a888727b45b2e1bb3fcbdfe0fd7c5b4396e4695459b38c8cb1",
+    "zh:ea4739860c24dfeaac6c100b2a2e357106a89d18751f7693f3c31ecf6a996f8d",
+    "zh:f0c76ac303fd0ab59146c39bc121c5d7d86f878e9a69294e29444d4c653786f8",
+    "zh:f143a9a5af42b38fed328a161279906759ff39ac428ebcfe55606e05e1518b93",
+  ]
+}
diff --git a/rss.jinwei.me/infra/README b/rss.jinwei.me/infra/README
new file mode 100644
index 0000000..fe02282
--- /dev/null
+++ b/rss.jinwei.me/infra/README
@@ -0,0 +1,3 @@
+rss.jinwei.me
+Currently, rss.jinwei.me reuses the same infrastructure as jinwei.me.
diff --git a/rss.jinwei.me/infra/rds.tf b/rss.jinwei.me/infra/rds.tf
new file mode 100644
index 0000000..ad719ea
--- /dev/null
+++ b/rss.jinwei.me/infra/rds.tf
@@ -0,0 +1,4 @@
+resource "random_password" "ttrss_password" {
+  length  = 16
+  special = false
+}
diff --git a/rss.jinwei.me/infra/ssm.tf b/rss.jinwei.me/infra/ssm.tf
new file mode 100644
index 0000000..62aaba7
--- /dev/null
+++ b/rss.jinwei.me/infra/ssm.tf
@@ -0,0 +1,35 @@
+resource "aws_ssm_parameter" "ttrss_site_url" {
+  name  = "/${var.name}/ttrss/url"
+  type  = "String"
+  value = var.ttrss_site_url
+}
+resource "aws_ssm_parameter" "ttrss_db_name" {
+  name  = "/${var.name}/mysql/ttrss_db_name"
+  type  = "String"
+  value = var.ttrss_db_name
+}
+resource "aws_ssm_parameter" "ttrss_db_user" {
+  name  = "/${var.name}/mysql/ttrss_db_user"
+  type  = "String"
+  value = var.ttrss_db_user
+}
+resource "aws_ssm_parameter" "ttrss_db_password" {
+  name  = "/${var.name}/mysql/ttrss_db_password"
+  type  = "SecureString"
+  value = random_password.ttrss_password.result
+}
+resource "aws_ssm_parameter" "ttrss_tgbot_token" {
+  name  = "/${var.name}/tgbot/token"
+  type  = "SecureString"
+  value = var.rss_tgbot_token
+}
+resource "aws_ssm_parameter" "ttrss_tgbot_version" {
+  name  = "/${var.name}/tgbot/version"
+  type  = "String"
+  value = var.tg_bot_version
+}
diff --git a/rss.jinwei.me/infra/variables.tf b/rss.jinwei.me/infra/variables.tf
new file mode 100644
index 0000000..64e6912
--- /dev/null
+++ b/rss.jinwei.me/infra/variables.tf
@@ -0,0 +1,37 @@
+provider "aws" {
+  region = var.region
+}
+variable "name" {
+  description = "Name of the service. It will be used to name EC2, and RDS instances."
+  default     = "jinwei-me"
+}
+variable "region" {
+  default     = "us-west-2"
+  description = "AWS region"
+}
+variable "ttrss_db_name" {
+  default = "ttrss"
+}
+variable "ttrss_db_user" {
+  default = "ttrss"
+}
+variable "ttrss_site_url" {
+  default = "feed.jinwei.me"
+}
+variable "rss_tgbot_token" {
+  description = "Telegram bot token for rssbot"
+  type        = string
+  sensitive   = true
+}
+variable "tg_bot_version" {
+  description = "Telegram rss bot version, from https://github.com/iovxw/rssbot/releases"
+  default = "v2.0.0-alpha.11"
+  type = string
+}
diff --git a/rss.jinwei.me/infra/versions.tf b/rss.jinwei.me/infra/versions.tf
new file mode 100644
index 0000000..844ac4b
--- /dev/null
+++ b/rss.jinwei.me/infra/versions.tf
@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.46"
+    }
+    cloudflare = {
+      source  = "cloudflare/cloudflare"
+      version = "~> 3.29"
+    }
+  }
+}
author	clarkzjw <[email protected]>	2022-12-12 00:03:53 -0800
committer	clarkzjw <[email protected]>	2022-12-12 01:01:06 -0800
commit	fe8cd972b5b72b8983c3f7fd6e7153c78ed278ea (patch)
tree	dbefb0b7dc8178ea1fb979303d73230f67b0f02e
parent	02288734f6ca91c4a39df80435c0151f1a2dfa86 (diff)
download	jinwei.me-fe8cd972b5b72b8983c3f7fd6e7153c78ed278ea.tar.gz

diff --git a/jinwei.me/infra/rds.tf b/jinwei.me/infra/rds.tf index 3abac21..d55f688 100644 --- a/jinwei.me/infra/rds.tf +++ b/jinwei.me/infra/rds.tf
@@ -1,4 +1,3 @@
1
2	resource "aws_db_parameter_group" "jinwei-me" {	1	resource "aws_db_parameter_group" "jinwei-me" {
3	name = var.name	2	name = var.name
4	family = var.rds_parameter_group	3	family = var.rds_parameter_group


diff --git a/rss.jinwei.me/config/ansible.cfg b/rss.jinwei.me/config/ansible.cfg new file mode 100644 index 0000000..9345045 --- /dev/null +++ b/rss.jinwei.me/config/ansible.cfg
@@ -0,0 +1,14 @@
		1	[defaults]
		2	host_key_checking = False
		3	transport = ssh
		4	remote_user = admin
		5	roles_path = roles
		6	inventory = inventory
		7	force_color = True
		8	interpreter_python = auto_silent
		9
		10	[connection]
		11	pipelining = True
		12
		13	[privilege_escalation]
		14	become = True


diff --git a/rss.jinwei.me/config/inventory/aws_ec2.yaml b/rss.jinwei.me/config/inventory/aws_ec2.yaml new file mode 100644 index 0000000..100d95b --- /dev/null +++ b/rss.jinwei.me/config/inventory/aws_ec2.yaml
@@ -0,0 +1,7 @@
		1	plugin: aws_ec2
		2	regions:
		3	- us-west-2
		4	hostnames:
		5	- tag:Name
		6	compose:
		7	ansible_host: public_ip_address


diff --git a/rss.jinwei.me/config/requirements.yaml b/rss.jinwei.me/config/requirements.yaml new file mode 100644 index 0000000..5229cc7 --- /dev/null +++ b/rss.jinwei.me/config/requirements.yaml
@@ -0,0 +1,10 @@
		1	---
		2	collections:
		3	- name: amazon.aws
		4	version: 3.2.0
		5	- name: community.general
		6	version: 4.7.0
		7	- name: ansible.posix
		8	version: 1.3.0
		9	- name: community.docker
		10	version: 3.2.1


diff --git a/rss.jinwei.me/config/role.yaml b/rss.jinwei.me/config/role.yaml new file mode 100644 index 0000000..ab3fca5 --- /dev/null +++ b/rss.jinwei.me/config/role.yaml
@@ -0,0 +1,3 @@
		1	- hosts: "{{ target }}"
		2	roles:
		3	- role: "{{ role }}"


diff --git a/rss.jinwei.me/config/roles/rss/defaults/main.yaml b/rss.jinwei.me/config/roles/rss/defaults/main.yaml new file mode 100644 index 0000000..28f1f39 --- /dev/null +++ b/rss.jinwei.me/config/roles/rss/defaults/main.yaml
@@ -0,0 +1 @@
			rss_home: /opt/rss


diff --git a/rss.jinwei.me/config/roles/rss/tasks/main.yaml b/rss.jinwei.me/config/roles/rss/tasks/main.yaml new file mode 100644 index 0000000..16091cb --- /dev/null +++ b/rss.jinwei.me/config/roles/rss/tasks/main.yaml
@@ -0,0 +1,17 @@
		1	- name: render Dockerfile.rssbot
		2	template:
		3	src: Dockerfile.rssbot.j2
		4	dest: "{{ rss_home }}/Dockerfile.rssbot"
		5	mode: 0644
		6
		7	- name: render docker-compose
		8	template:
		9	src: docker-compose.yaml.j2
		10	dest: "{{ rss_home }}/docker-compose.yaml"
		11	mode: 0644
		12
		13	- name: Start rss toolchain using docker-compose
		14	community.docker.docker_compose:
		15	project_name: rss
		16	project_src: "{{ rss_home }}"
		17	register: output


diff --git a/rss.jinwei.me/config/roles/rss/templates/Dockerfile.rssbot.j2 b/rss.jinwei.me/config/roles/rss/templates/Dockerfile.rssbot.j2 new file mode 100644 index 0000000..f7eab63 --- /dev/null +++ b/rss.jinwei.me/config/roles/rss/templates/Dockerfile.rssbot.j2
@@ -0,0 +1,12 @@
		1	FROM alpine:3.17
		2
		3	ENV VERSION={{ lookup('aws_ssm', '/jinwei-me/tgbot/version') }}
		4	ENV TOKEN ""
		5
		6	WORKDIR /app
		7
		8	ADD https://github.com/iovxw/rssbot/releases/download/${VERSION}/rssbot-en-x86_64-unknown-linux-musl /app/rssbot
		9
		10	RUN chmod +x /app/rssbot
		11
		12	CMD ["sh", "-c", "./rssbot ${TOKEN}"]


diff --git a/rss.jinwei.me/config/roles/rss/templates/docker-compose.yaml.j2 b/rss.jinwei.me/config/roles/rss/templates/docker-compose.yaml.j2 new file mode 100644 index 0000000..fd556dc --- /dev/null +++ b/rss.jinwei.me/config/roles/rss/templates/docker-compose.yaml.j2
@@ -0,0 +1,32 @@
		1	version: "3"
		2	services:
		3	ttrss:
		4	image: wangqiru/ttrss:nightly-2022-08-09
		5	container_name: ttrss
		6	environment:
		7	- SELF_URL_PATH={{ lookup('aws_ssm', '/jinwei-me/ttrss/url') }}
		8	- DB_HOST={{ lookup('aws_ssm', '/jinwei-me/mysql/host') }}
		9	- DB_PORT={{ lookup('aws_ssm', '/jinwei-me/mysql/port') }}
		10	- DB_NAME={{ lookup('aws_ssm', '/jinwei-me/mysql/ttrss_db_name') }}
		11	- DB_USER={{ lookup('aws_ssm', '/jinwei-me/mysql/ttrss_db_user') }}
		12	- DB_PASS={{ lookup('aws_ssm', '/jinwei-me/mysql/ttrss_db_password') }}
		13	- PUID=1000
		14	- PGID=1000
		15	volumes:
		16	- {{ rss_home }}/feed-icons:/var/www/feed-icons/
		17	stdin_open: true
		18	tty: true
		19	restart: always
		20
		21	mercury:
		22	image: wangqiru/mercury-parser-api:latest
		23	container_name: ttrss_mercury
		24	restart: always
		25
		26	rssbot:
		27	build:
		28	dockerfile: ./Dockerfile.rssbot
		29	container_name: ttrss_rssbot
		30	restart: always
		31	environment:
		32	- TOKEN={{ lookup('aws_ssm', '/jinwei-me/tgbot/token') }}


diff --git a/rss.jinwei.me/config/site.yaml b/rss.jinwei.me/config/site.yaml new file mode 100644 index 0000000..56e2355 --- /dev/null +++ b/rss.jinwei.me/config/site.yaml
@@ -0,0 +1,3 @@
		1	- hosts: jinwei-me
		2	roles:
		3	- role: rss


diff --git a/rss.jinwei.me/infra/.terraform.lock.hcl b/rss.jinwei.me/infra/.terraform.lock.hcl new file mode 100644 index 0000000..8ab32aa --- /dev/null +++ b/rss.jinwei.me/infra/.terraform.lock.hcl
@@ -0,0 +1,66 @@
		1	# This file is maintained automatically by "terraform init".
		2	# Manual edits may be lost in future updates.
		3
		4	provider "registry.terraform.io/cloudflare/cloudflare" {
		5	version = "3.29.0"
		6	constraints = "~> 3.29"
		7	hashes = [
		8	"h1:iGDvVJ6kdlopyhR3ONeoh8gZWZg8+M/seP7VM7gOp1I=",
		9	"zh:0947f7f9e0234aaeb6b5f344de4148a6379d05370937e1c255872697803c17cc",
		10	"zh:17abb230abd852e0e4ed9921cd9aaf03336ad4a13a25b1040ed86cdbddf05123",
		11	"zh:2ddf550dbdf5c58bbb8d14de6b2dc76627bb92787b99328300fb312c51e12d1f",
		12	"zh:4645758bdefe52c1aa260368522aff6fcb4e508c918e9b2c263c9debd7d71684",
		13	"zh:6047320a05d07045f7fb4b24c2540600473a94fc15a24ef99339a6690ab47dfe",
		14	"zh:6db2d4e4bc3ab8b6107aec80a8041388c2a7722472c5efa6caf8435a453b1f33",
		15	"zh:8b6b75a75567ae44a788128aebcbb59cebd9a9dbc4ddc1b05f4455734363d55a",
		16	"zh:90c51deb4e96690ed73d8b8498d5ab2d7bb78597861bbef23fab18764371deb0",
		17	"zh:9b0f89952afb5d00e31fb745f1ebb4ef677591ca62c002c744d23bcaa0d51e9a",
		18	"zh:9cfe38d8ef5515d164f59b5f4ddc14bb8817051ea4efed54cb7834c66492dd79",
		19	"zh:acf89e44b8643d52186ef5155c8889845681471abb60a933017cda9bc38d86ef",
		20	"zh:c09205c6f1e39994c2f707cce0758a2cd16949b33566a724644593d2a616ea41",
		21	"zh:c5412f2868592db091b91361b7a85fa3a1a97282e9e6e1c5883dd5f6b5f2e86c",
		22	"zh:ff93702ca9a99863914718ae4214acffa1a72d481c8e1d3254ccf5930a2d7e10",
		23	]
		24	}
		25
		26	provider "registry.terraform.io/hashicorp/aws" {
		27	version = "4.46.0"
		28	constraints = "~> 4.46"
		29	hashes = [
		30	"h1:EZB4OgvytV38JpWyye9zoMQ0bfT9yB9xSXM5NY3Lrws=",
		31	"zh:1678e6a4bdb3d81a6713adc62ca0fdb8250c584e10c10d1daca72316e9db8df2",
		32	"zh:329903acf86ef6072502736dff4c43c2b50f762a958f76aa924e2d74c7fca1e3",
		33	"zh:33db8131fe0ec7e1d9f30bc9f65c2440e9c1f708d681b6062757a351f1df7ce6",
		34	"zh:3a3b010bc393784c16f4b6cdce7f76db93d5efa323fce4920bfea9e9ba6abe44",
		35	"zh:979e2713a5759a7483a065e149e3cb69db9225326fc0457fa3fc3a48aed0c63f",
		36	"zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
		37	"zh:9efcf0067e16ad53da7504178a05eb2118770b4ae00c193c10ecad4cbfce308e",
		38	"zh:a10655bf1b6376ab7f3e55efadf54dc70f7bd07ca11369557c312095076f9d62",
		39	"zh:b0394dd42cbd2a718a7dd7ae0283f04769aaf8b3d52664e141da59c0171a11ab",
		40	"zh:b958e614c2cf6d9c05a6ad5e94dc5c04b97ebfb84415da068be5a081b5ebbe24",
		41	"zh:ba5069e624210c63ad9e633a8eb0108b21f2322bc4967ba2b82d09168c466888",
		42	"zh:d7dfa597a17186e7f4d741dd7111849f1c0dd6f7ebc983043d8262d2fb37b408",
		43	"zh:e8a641ca2c99f96d64fa2725875e797273984981d3e54772a2823541c44e3cd3",
		44	"zh:f89898b7067c4246293a8007f59f5cfcac7b8dd251d39886c7a53ba596251466",
		45	"zh:fb1e1df1d5cc208e08a850f8e84423bce080f01f5e901791c79df369d3ed52f2",
		46	]
		47	}
		48
		49	provider "registry.terraform.io/hashicorp/random" {
		50	version = "3.4.3"
		51	hashes = [
		52	"h1:xZGZf18JjMS06pFa4NErzANI98qi59SEcBsOcS2P2yQ=",
		53	"zh:41c53ba47085d8261590990f8633c8906696fa0a3c4b384ff6a7ecbf84339752",
		54	"zh:59d98081c4475f2ad77d881c4412c5129c56214892f490adf11c7e7a5a47de9b",
		55	"zh:686ad1ee40b812b9e016317e7f34c0d63ef837e084dea4a1f578f64a6314ad53",
		56	"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
		57	"zh:84103eae7251384c0d995f5a257c72b0096605048f757b749b7b62107a5dccb3",
		58	"zh:8ee974b110adb78c7cd18aae82b2729e5124d8f115d484215fd5199451053de5",
		59	"zh:9dd4561e3c847e45de603f17fa0c01ae14cae8c4b7b4e6423c9ef3904b308dda",
		60	"zh:bb07bb3c2c0296beba0beec629ebc6474c70732387477a65966483b5efabdbc6",
		61	"zh:e891339e96c9e5a888727b45b2e1bb3fcbdfe0fd7c5b4396e4695459b38c8cb1",
		62	"zh:ea4739860c24dfeaac6c100b2a2e357106a89d18751f7693f3c31ecf6a996f8d",
		63	"zh:f0c76ac303fd0ab59146c39bc121c5d7d86f878e9a69294e29444d4c653786f8",
		64	"zh:f143a9a5af42b38fed328a161279906759ff39ac428ebcfe55606e05e1518b93",
		65	]
		66	}


diff --git a/rss.jinwei.me/infra/README b/rss.jinwei.me/infra/README new file mode 100644 index 0000000..fe02282 --- /dev/null +++ b/rss.jinwei.me/infra/README
@@ -0,0 +1,3 @@
		1	rss.jinwei.me
		2
		3	Currently, rss.jinwei.me reuses the same infrastructure as jinwei.me.


diff --git a/rss.jinwei.me/infra/rds.tf b/rss.jinwei.me/infra/rds.tf new file mode 100644 index 0000000..ad719ea --- /dev/null +++ b/rss.jinwei.me/infra/rds.tf
@@ -0,0 +1,4 @@
		1	resource "random_password" "ttrss_password" {
		2	length = 16
		3	special = false
		4	}


diff --git a/rss.jinwei.me/infra/ssm.tf b/rss.jinwei.me/infra/ssm.tf new file mode 100644 index 0000000..62aaba7 --- /dev/null +++ b/rss.jinwei.me/infra/ssm.tf
@@ -0,0 +1,35 @@
		1	resource "aws_ssm_parameter" "ttrss_site_url" {
		2	name = "/${var.name}/ttrss/url"
		3	type = "String"
		4	value = var.ttrss_site_url
		5	}
		6
		7	resource "aws_ssm_parameter" "ttrss_db_name" {
		8	name = "/${var.name}/mysql/ttrss_db_name"
		9	type = "String"
		10	value = var.ttrss_db_name
		11	}
		12
		13	resource "aws_ssm_parameter" "ttrss_db_user" {
		14	name = "/${var.name}/mysql/ttrss_db_user"
		15	type = "String"
		16	value = var.ttrss_db_user
		17	}
		18
		19	resource "aws_ssm_parameter" "ttrss_db_password" {
		20	name = "/${var.name}/mysql/ttrss_db_password"
		21	type = "SecureString"
		22	value = random_password.ttrss_password.result
		23	}
		24
		25	resource "aws_ssm_parameter" "ttrss_tgbot_token" {
		26	name = "/${var.name}/tgbot/token"
		27	type = "SecureString"
		28	value = var.rss_tgbot_token
		29	}
		30
		31	resource "aws_ssm_parameter" "ttrss_tgbot_version" {
		32	name = "/${var.name}/tgbot/version"
		33	type = "String"
		34	value = var.tg_bot_version
		35	}


diff --git a/rss.jinwei.me/infra/variables.tf b/rss.jinwei.me/infra/variables.tf new file mode 100644 index 0000000..64e6912 --- /dev/null +++ b/rss.jinwei.me/infra/variables.tf
@@ -0,0 +1,37 @@
		1	provider "aws" {
		2	region = var.region
		3	}
		4
		5	variable "name" {
		6	description = "Name of the service. It will be used to name EC2, and RDS instances."
		7	default = "jinwei-me"
		8	}
		9
		10	variable "region" {
		11	default = "us-west-2"
		12	description = "AWS region"
		13	}
		14
		15	variable "ttrss_db_name" {
		16	default = "ttrss"
		17	}
		18
		19	variable "ttrss_db_user" {
		20	default = "ttrss"
		21	}
		22
		23	variable "ttrss_site_url" {
		24	default = "feed.jinwei.me"
		25	}
		26
		27	variable "rss_tgbot_token" {
		28	description = "Telegram bot token for rssbot"
		29	type = string
		30	sensitive = true
		31	}
		32
		33	variable "tg_bot_version" {
		34	description = "Telegram rss bot version, from https://github.com/iovxw/rssbot/releases"
		35	default = "v2.0.0-alpha.11"
		36	type = string
		37	}


diff --git a/rss.jinwei.me/infra/versions.tf b/rss.jinwei.me/infra/versions.tf new file mode 100644 index 0000000..844ac4b --- /dev/null +++ b/rss.jinwei.me/infra/versions.tf
@@ -0,0 +1,12 @@
		1	terraform {
		2	required_providers {
		3	aws = {
		4	source = "hashicorp/aws"
		5	version = "~> 4.46"
		6	}
		7	cloudflare = {
		8	source = "cloudflare/cloudflare"
		9	version = "~> 3.29"
		10	}
		11	}
		12	}