From fe8cd972b5b72b8983c3f7fd6e7153c78ed278ea Mon Sep 17 00:00:00 2001 From: clarkzjw Date: Mon, 12 Dec 2022 00:03:53 -0800 Subject: infra: add ttrss ssm resources --- jinwei.me/infra/rds.tf | 1 - rss.jinwei.me/config/ansible.cfg | 14 +++++ rss.jinwei.me/config/inventory/aws_ec2.yaml | 7 +++ rss.jinwei.me/config/requirements.yaml | 10 ++++ rss.jinwei.me/config/role.yaml | 3 + rss.jinwei.me/config/roles/rss/defaults/main.yaml | 1 + rss.jinwei.me/config/roles/rss/tasks/main.yaml | 17 ++++++ .../roles/rss/templates/Dockerfile.rssbot.j2 | 12 ++++ .../roles/rss/templates/docker-compose.yaml.j2 | 32 +++++++++++ rss.jinwei.me/config/site.yaml | 3 + rss.jinwei.me/infra/.terraform.lock.hcl | 66 ++++++++++++++++++++++ rss.jinwei.me/infra/README | 3 + rss.jinwei.me/infra/rds.tf | 4 ++ rss.jinwei.me/infra/ssm.tf | 35 ++++++++++++ rss.jinwei.me/infra/variables.tf | 37 ++++++++++++ rss.jinwei.me/infra/versions.tf | 12 ++++ 16 files changed, 256 insertions(+), 1 deletion(-) create mode 100644 rss.jinwei.me/config/ansible.cfg create mode 100644 rss.jinwei.me/config/inventory/aws_ec2.yaml create mode 100644 rss.jinwei.me/config/requirements.yaml create mode 100644 rss.jinwei.me/config/role.yaml create mode 100644 rss.jinwei.me/config/roles/rss/defaults/main.yaml create mode 100644 rss.jinwei.me/config/roles/rss/tasks/main.yaml create mode 100644 rss.jinwei.me/config/roles/rss/templates/Dockerfile.rssbot.j2 create mode 100644 rss.jinwei.me/config/roles/rss/templates/docker-compose.yaml.j2 create mode 100644 rss.jinwei.me/config/site.yaml create mode 100644 rss.jinwei.me/infra/.terraform.lock.hcl create mode 100644 rss.jinwei.me/infra/README create mode 100644 rss.jinwei.me/infra/rds.tf create mode 100644 rss.jinwei.me/infra/ssm.tf create mode 100644 rss.jinwei.me/infra/variables.tf create mode 100644 rss.jinwei.me/infra/versions.tf diff --git a/jinwei.me/infra/rds.tf b/jinwei.me/infra/rds.tf index 3abac21..d55f688 100644 --- a/jinwei.me/infra/rds.tf +++ b/jinwei.me/infra/rds.tf @@ -1,4 +1,3 @@ - resource "aws_db_parameter_group" "jinwei-me" { name = var.name family = var.rds_parameter_group diff --git a/rss.jinwei.me/config/ansible.cfg b/rss.jinwei.me/config/ansible.cfg new file mode 100644 index 0000000..9345045 --- /dev/null +++ b/rss.jinwei.me/config/ansible.cfg @@ -0,0 +1,14 @@ +[defaults] +host_key_checking = False +transport = ssh +remote_user = admin +roles_path = roles +inventory = inventory +force_color = True +interpreter_python = auto_silent + +[connection] +pipelining = True + +[privilege_escalation] +become = True diff --git a/rss.jinwei.me/config/inventory/aws_ec2.yaml b/rss.jinwei.me/config/inventory/aws_ec2.yaml new file mode 100644 index 0000000..100d95b --- /dev/null +++ b/rss.jinwei.me/config/inventory/aws_ec2.yaml @@ -0,0 +1,7 @@ +plugin: aws_ec2 +regions: + - us-west-2 +hostnames: + - tag:Name +compose: + ansible_host: public_ip_address diff --git a/rss.jinwei.me/config/requirements.yaml b/rss.jinwei.me/config/requirements.yaml new file mode 100644 index 0000000..5229cc7 --- /dev/null +++ b/rss.jinwei.me/config/requirements.yaml @@ -0,0 +1,10 @@ +--- +collections: + - name: amazon.aws + version: 3.2.0 + - name: community.general + version: 4.7.0 + - name: ansible.posix + version: 1.3.0 + - name: community.docker + version: 3.2.1 diff --git a/rss.jinwei.me/config/role.yaml b/rss.jinwei.me/config/role.yaml new file mode 100644 index 0000000..ab3fca5 --- /dev/null +++ b/rss.jinwei.me/config/role.yaml @@ -0,0 +1,3 @@ +- hosts: "{{ target }}" + roles: + - role: "{{ role }}" diff --git a/rss.jinwei.me/config/roles/rss/defaults/main.yaml b/rss.jinwei.me/config/roles/rss/defaults/main.yaml new file mode 100644 index 0000000..28f1f39 --- /dev/null +++ b/rss.jinwei.me/config/roles/rss/defaults/main.yaml @@ -0,0 +1 @@ +rss_home: /opt/rss diff --git a/rss.jinwei.me/config/roles/rss/tasks/main.yaml b/rss.jinwei.me/config/roles/rss/tasks/main.yaml new file mode 100644 index 0000000..16091cb --- /dev/null +++ b/rss.jinwei.me/config/roles/rss/tasks/main.yaml @@ -0,0 +1,17 @@ +- name: render Dockerfile.rssbot + template: + src: Dockerfile.rssbot.j2 + dest: "{{ rss_home }}/Dockerfile.rssbot" + mode: 0644 + +- name: render docker-compose + template: + src: docker-compose.yaml.j2 + dest: "{{ rss_home }}/docker-compose.yaml" + mode: 0644 + +- name: Start rss toolchain using docker-compose + community.docker.docker_compose: + project_name: rss + project_src: "{{ rss_home }}" + register: output diff --git a/rss.jinwei.me/config/roles/rss/templates/Dockerfile.rssbot.j2 b/rss.jinwei.me/config/roles/rss/templates/Dockerfile.rssbot.j2 new file mode 100644 index 0000000..f7eab63 --- /dev/null +++ b/rss.jinwei.me/config/roles/rss/templates/Dockerfile.rssbot.j2 @@ -0,0 +1,12 @@ +FROM alpine:3.17 + +ENV VERSION={{ lookup('aws_ssm', '/jinwei-me/tgbot/version') }} +ENV TOKEN "" + +WORKDIR /app + +ADD https://github.com/iovxw/rssbot/releases/download/${VERSION}/rssbot-en-x86_64-unknown-linux-musl /app/rssbot + +RUN chmod +x /app/rssbot + +CMD ["sh", "-c", "./rssbot ${TOKEN}"] diff --git a/rss.jinwei.me/config/roles/rss/templates/docker-compose.yaml.j2 b/rss.jinwei.me/config/roles/rss/templates/docker-compose.yaml.j2 new file mode 100644 index 0000000..fd556dc --- /dev/null +++ b/rss.jinwei.me/config/roles/rss/templates/docker-compose.yaml.j2 @@ -0,0 +1,32 @@ +version: "3" +services: + ttrss: + image: wangqiru/ttrss:nightly-2022-08-09 + container_name: ttrss + environment: + - SELF_URL_PATH={{ lookup('aws_ssm', '/jinwei-me/ttrss/url') }} + - DB_HOST={{ lookup('aws_ssm', '/jinwei-me/mysql/host') }} + - DB_PORT={{ lookup('aws_ssm', '/jinwei-me/mysql/port') }} + - DB_NAME={{ lookup('aws_ssm', '/jinwei-me/mysql/ttrss_db_name') }} + - DB_USER={{ lookup('aws_ssm', '/jinwei-me/mysql/ttrss_db_user') }} + - DB_PASS={{ lookup('aws_ssm', '/jinwei-me/mysql/ttrss_db_password') }} + - PUID=1000 + - PGID=1000 + volumes: + - {{ rss_home }}/feed-icons:/var/www/feed-icons/ + stdin_open: true + tty: true + restart: always + + mercury: + image: wangqiru/mercury-parser-api:latest + container_name: ttrss_mercury + restart: always + + rssbot: + build: + dockerfile: ./Dockerfile.rssbot + container_name: ttrss_rssbot + restart: always + environment: + - TOKEN={{ lookup('aws_ssm', '/jinwei-me/tgbot/token') }} diff --git a/rss.jinwei.me/config/site.yaml b/rss.jinwei.me/config/site.yaml new file mode 100644 index 0000000..56e2355 --- /dev/null +++ b/rss.jinwei.me/config/site.yaml @@ -0,0 +1,3 @@ +- hosts: jinwei-me + roles: + - role: rss diff --git a/rss.jinwei.me/infra/.terraform.lock.hcl b/rss.jinwei.me/infra/.terraform.lock.hcl new file mode 100644 index 0000000..8ab32aa --- /dev/null +++ b/rss.jinwei.me/infra/.terraform.lock.hcl @@ -0,0 +1,66 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/cloudflare/cloudflare" { + version = "3.29.0" + constraints = "~> 3.29" + hashes = [ + "h1:iGDvVJ6kdlopyhR3ONeoh8gZWZg8+M/seP7VM7gOp1I=", + "zh:0947f7f9e0234aaeb6b5f344de4148a6379d05370937e1c255872697803c17cc", + "zh:17abb230abd852e0e4ed9921cd9aaf03336ad4a13a25b1040ed86cdbddf05123", + "zh:2ddf550dbdf5c58bbb8d14de6b2dc76627bb92787b99328300fb312c51e12d1f", + "zh:4645758bdefe52c1aa260368522aff6fcb4e508c918e9b2c263c9debd7d71684", + "zh:6047320a05d07045f7fb4b24c2540600473a94fc15a24ef99339a6690ab47dfe", + "zh:6db2d4e4bc3ab8b6107aec80a8041388c2a7722472c5efa6caf8435a453b1f33", + "zh:8b6b75a75567ae44a788128aebcbb59cebd9a9dbc4ddc1b05f4455734363d55a", + "zh:90c51deb4e96690ed73d8b8498d5ab2d7bb78597861bbef23fab18764371deb0", + "zh:9b0f89952afb5d00e31fb745f1ebb4ef677591ca62c002c744d23bcaa0d51e9a", + "zh:9cfe38d8ef5515d164f59b5f4ddc14bb8817051ea4efed54cb7834c66492dd79", + "zh:acf89e44b8643d52186ef5155c8889845681471abb60a933017cda9bc38d86ef", + "zh:c09205c6f1e39994c2f707cce0758a2cd16949b33566a724644593d2a616ea41", + "zh:c5412f2868592db091b91361b7a85fa3a1a97282e9e6e1c5883dd5f6b5f2e86c", + "zh:ff93702ca9a99863914718ae4214acffa1a72d481c8e1d3254ccf5930a2d7e10", + ] +} + +provider "registry.terraform.io/hashicorp/aws" { + version = "4.46.0" + constraints = "~> 4.46" + hashes = [ + "h1:EZB4OgvytV38JpWyye9zoMQ0bfT9yB9xSXM5NY3Lrws=", + "zh:1678e6a4bdb3d81a6713adc62ca0fdb8250c584e10c10d1daca72316e9db8df2", + "zh:329903acf86ef6072502736dff4c43c2b50f762a958f76aa924e2d74c7fca1e3", + "zh:33db8131fe0ec7e1d9f30bc9f65c2440e9c1f708d681b6062757a351f1df7ce6", + "zh:3a3b010bc393784c16f4b6cdce7f76db93d5efa323fce4920bfea9e9ba6abe44", + "zh:979e2713a5759a7483a065e149e3cb69db9225326fc0457fa3fc3a48aed0c63f", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:9efcf0067e16ad53da7504178a05eb2118770b4ae00c193c10ecad4cbfce308e", + "zh:a10655bf1b6376ab7f3e55efadf54dc70f7bd07ca11369557c312095076f9d62", + "zh:b0394dd42cbd2a718a7dd7ae0283f04769aaf8b3d52664e141da59c0171a11ab", + "zh:b958e614c2cf6d9c05a6ad5e94dc5c04b97ebfb84415da068be5a081b5ebbe24", + "zh:ba5069e624210c63ad9e633a8eb0108b21f2322bc4967ba2b82d09168c466888", + "zh:d7dfa597a17186e7f4d741dd7111849f1c0dd6f7ebc983043d8262d2fb37b408", + "zh:e8a641ca2c99f96d64fa2725875e797273984981d3e54772a2823541c44e3cd3", + "zh:f89898b7067c4246293a8007f59f5cfcac7b8dd251d39886c7a53ba596251466", + "zh:fb1e1df1d5cc208e08a850f8e84423bce080f01f5e901791c79df369d3ed52f2", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.4.3" + hashes = [ + "h1:xZGZf18JjMS06pFa4NErzANI98qi59SEcBsOcS2P2yQ=", + "zh:41c53ba47085d8261590990f8633c8906696fa0a3c4b384ff6a7ecbf84339752", + "zh:59d98081c4475f2ad77d881c4412c5129c56214892f490adf11c7e7a5a47de9b", + "zh:686ad1ee40b812b9e016317e7f34c0d63ef837e084dea4a1f578f64a6314ad53", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:84103eae7251384c0d995f5a257c72b0096605048f757b749b7b62107a5dccb3", + "zh:8ee974b110adb78c7cd18aae82b2729e5124d8f115d484215fd5199451053de5", + "zh:9dd4561e3c847e45de603f17fa0c01ae14cae8c4b7b4e6423c9ef3904b308dda", + "zh:bb07bb3c2c0296beba0beec629ebc6474c70732387477a65966483b5efabdbc6", + "zh:e891339e96c9e5a888727b45b2e1bb3fcbdfe0fd7c5b4396e4695459b38c8cb1", + "zh:ea4739860c24dfeaac6c100b2a2e357106a89d18751f7693f3c31ecf6a996f8d", + "zh:f0c76ac303fd0ab59146c39bc121c5d7d86f878e9a69294e29444d4c653786f8", + "zh:f143a9a5af42b38fed328a161279906759ff39ac428ebcfe55606e05e1518b93", + ] +} diff --git a/rss.jinwei.me/infra/README b/rss.jinwei.me/infra/README new file mode 100644 index 0000000..fe02282 --- /dev/null +++ b/rss.jinwei.me/infra/README @@ -0,0 +1,3 @@ +rss.jinwei.me + +Currently, rss.jinwei.me reuses the same infrastructure as jinwei.me. diff --git a/rss.jinwei.me/infra/rds.tf b/rss.jinwei.me/infra/rds.tf new file mode 100644 index 0000000..ad719ea --- /dev/null +++ b/rss.jinwei.me/infra/rds.tf @@ -0,0 +1,4 @@ +resource "random_password" "ttrss_password" { + length = 16 + special = false +} diff --git a/rss.jinwei.me/infra/ssm.tf b/rss.jinwei.me/infra/ssm.tf new file mode 100644 index 0000000..62aaba7 --- /dev/null +++ b/rss.jinwei.me/infra/ssm.tf @@ -0,0 +1,35 @@ +resource "aws_ssm_parameter" "ttrss_site_url" { + name = "/${var.name}/ttrss/url" + type = "String" + value = var.ttrss_site_url +} + +resource "aws_ssm_parameter" "ttrss_db_name" { + name = "/${var.name}/mysql/ttrss_db_name" + type = "String" + value = var.ttrss_db_name +} + +resource "aws_ssm_parameter" "ttrss_db_user" { + name = "/${var.name}/mysql/ttrss_db_user" + type = "String" + value = var.ttrss_db_user +} + +resource "aws_ssm_parameter" "ttrss_db_password" { + name = "/${var.name}/mysql/ttrss_db_password" + type = "SecureString" + value = random_password.ttrss_password.result +} + +resource "aws_ssm_parameter" "ttrss_tgbot_token" { + name = "/${var.name}/tgbot/token" + type = "SecureString" + value = var.rss_tgbot_token +} + +resource "aws_ssm_parameter" "ttrss_tgbot_version" { + name = "/${var.name}/tgbot/version" + type = "String" + value = var.tg_bot_version +} diff --git a/rss.jinwei.me/infra/variables.tf b/rss.jinwei.me/infra/variables.tf new file mode 100644 index 0000000..64e6912 --- /dev/null +++ b/rss.jinwei.me/infra/variables.tf @@ -0,0 +1,37 @@ +provider "aws" { + region = var.region +} + +variable "name" { + description = "Name of the service. It will be used to name EC2, and RDS instances." + default = "jinwei-me" +} + +variable "region" { + default = "us-west-2" + description = "AWS region" +} + +variable "ttrss_db_name" { + default = "ttrss" +} + +variable "ttrss_db_user" { + default = "ttrss" +} + +variable "ttrss_site_url" { + default = "feed.jinwei.me" +} + +variable "rss_tgbot_token" { + description = "Telegram bot token for rssbot" + type = string + sensitive = true +} + +variable "tg_bot_version" { + description = "Telegram rss bot version, from https://github.com/iovxw/rssbot/releases" + default = "v2.0.0-alpha.11" + type = string +} diff --git a/rss.jinwei.me/infra/versions.tf b/rss.jinwei.me/infra/versions.tf new file mode 100644 index 0000000..844ac4b --- /dev/null +++ b/rss.jinwei.me/infra/versions.tf @@ -0,0 +1,12 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4.46" + } + cloudflare = { + source = "cloudflare/cloudflare" + version = "~> 3.29" + } + } +} -- cgit v1.2.3