From fe8cd972b5b72b8983c3f7fd6e7153c78ed278ea Mon Sep 17 00:00:00 2001
From: clarkzjw <i@jinwei.me>
Date: Mon, 12 Dec 2022 00:03:53 -0800
Subject: infra: add ttrss ssm resources

---
 jinwei.me/infra/rds.tf                             |  1 -
 rss.jinwei.me/config/ansible.cfg                   | 14 +++++
 rss.jinwei.me/config/inventory/aws_ec2.yaml        |  7 +++
 rss.jinwei.me/config/requirements.yaml             | 10 ++++
 rss.jinwei.me/config/role.yaml                     |  3 +
 rss.jinwei.me/config/roles/rss/defaults/main.yaml  |  1 +
 rss.jinwei.me/config/roles/rss/tasks/main.yaml     | 17 ++++++
 .../roles/rss/templates/Dockerfile.rssbot.j2       | 12 ++++
 .../roles/rss/templates/docker-compose.yaml.j2     | 32 +++++++++++
 rss.jinwei.me/config/site.yaml                     |  3 +
 rss.jinwei.me/infra/.terraform.lock.hcl            | 66 ++++++++++++++++++++++
 rss.jinwei.me/infra/README                         |  3 +
 rss.jinwei.me/infra/rds.tf                         |  4 ++
 rss.jinwei.me/infra/ssm.tf                         | 35 ++++++++++++
 rss.jinwei.me/infra/variables.tf                   | 37 ++++++++++++
 rss.jinwei.me/infra/versions.tf                    | 12 ++++
 16 files changed, 256 insertions(+), 1 deletion(-)
 create mode 100644 rss.jinwei.me/config/ansible.cfg
 create mode 100644 rss.jinwei.me/config/inventory/aws_ec2.yaml
 create mode 100644 rss.jinwei.me/config/requirements.yaml
 create mode 100644 rss.jinwei.me/config/role.yaml
 create mode 100644 rss.jinwei.me/config/roles/rss/defaults/main.yaml
 create mode 100644 rss.jinwei.me/config/roles/rss/tasks/main.yaml
 create mode 100644 rss.jinwei.me/config/roles/rss/templates/Dockerfile.rssbot.j2
 create mode 100644 rss.jinwei.me/config/roles/rss/templates/docker-compose.yaml.j2
 create mode 100644 rss.jinwei.me/config/site.yaml
 create mode 100644 rss.jinwei.me/infra/.terraform.lock.hcl
 create mode 100644 rss.jinwei.me/infra/README
 create mode 100644 rss.jinwei.me/infra/rds.tf
 create mode 100644 rss.jinwei.me/infra/ssm.tf
 create mode 100644 rss.jinwei.me/infra/variables.tf
 create mode 100644 rss.jinwei.me/infra/versions.tf

diff --git a/jinwei.me/infra/rds.tf b/jinwei.me/infra/rds.tf
index 3abac21..d55f688 100644
--- a/jinwei.me/infra/rds.tf
+++ b/jinwei.me/infra/rds.tf
@@ -1,4 +1,3 @@
-
 resource "aws_db_parameter_group" "jinwei-me" {
   name   = var.name
   family = var.rds_parameter_group
diff --git a/rss.jinwei.me/config/ansible.cfg b/rss.jinwei.me/config/ansible.cfg
new file mode 100644
index 0000000..9345045
--- /dev/null
+++ b/rss.jinwei.me/config/ansible.cfg
@@ -0,0 +1,14 @@
+[defaults]
+host_key_checking = False
+transport = ssh
+remote_user = admin
+roles_path = roles
+inventory = inventory
+force_color = True
+interpreter_python = auto_silent
+
+[connection]
+pipelining = True
+
+[privilege_escalation]
+become = True
diff --git a/rss.jinwei.me/config/inventory/aws_ec2.yaml b/rss.jinwei.me/config/inventory/aws_ec2.yaml
new file mode 100644
index 0000000..100d95b
--- /dev/null
+++ b/rss.jinwei.me/config/inventory/aws_ec2.yaml
@@ -0,0 +1,7 @@
+plugin: aws_ec2
+regions:
+  - us-west-2
+hostnames:
+  - tag:Name
+compose:
+  ansible_host: public_ip_address
diff --git a/rss.jinwei.me/config/requirements.yaml b/rss.jinwei.me/config/requirements.yaml
new file mode 100644
index 0000000..5229cc7
--- /dev/null
+++ b/rss.jinwei.me/config/requirements.yaml
@@ -0,0 +1,10 @@
+---
+collections:
+  - name: amazon.aws
+    version: 3.2.0
+  - name: community.general
+    version: 4.7.0
+  - name: ansible.posix
+    version: 1.3.0
+  - name: community.docker
+    version: 3.2.1
diff --git a/rss.jinwei.me/config/role.yaml b/rss.jinwei.me/config/role.yaml
new file mode 100644
index 0000000..ab3fca5
--- /dev/null
+++ b/rss.jinwei.me/config/role.yaml
@@ -0,0 +1,3 @@
+- hosts: "{{ target }}"
+  roles:
+    - role: "{{ role }}"
diff --git a/rss.jinwei.me/config/roles/rss/defaults/main.yaml b/rss.jinwei.me/config/roles/rss/defaults/main.yaml
new file mode 100644
index 0000000..28f1f39
--- /dev/null
+++ b/rss.jinwei.me/config/roles/rss/defaults/main.yaml
@@ -0,0 +1 @@
+rss_home: /opt/rss
diff --git a/rss.jinwei.me/config/roles/rss/tasks/main.yaml b/rss.jinwei.me/config/roles/rss/tasks/main.yaml
new file mode 100644
index 0000000..16091cb
--- /dev/null
+++ b/rss.jinwei.me/config/roles/rss/tasks/main.yaml
@@ -0,0 +1,17 @@
+- name: render Dockerfile.rssbot
+  template:
+    src: Dockerfile.rssbot.j2
+    dest: "{{ rss_home }}/Dockerfile.rssbot"
+    mode: 0644
+
+- name: render docker-compose
+  template:
+    src: docker-compose.yaml.j2
+    dest: "{{ rss_home }}/docker-compose.yaml"
+    mode: 0644
+
+- name: Start rss toolchain using docker-compose
+  community.docker.docker_compose:
+    project_name: rss
+    project_src: "{{ rss_home }}"
+  register: output
diff --git a/rss.jinwei.me/config/roles/rss/templates/Dockerfile.rssbot.j2 b/rss.jinwei.me/config/roles/rss/templates/Dockerfile.rssbot.j2
new file mode 100644
index 0000000..f7eab63
--- /dev/null
+++ b/rss.jinwei.me/config/roles/rss/templates/Dockerfile.rssbot.j2
@@ -0,0 +1,12 @@
+FROM alpine:3.17
+
+ENV VERSION={{ lookup('aws_ssm', '/jinwei-me/tgbot/version') }}
+ENV TOKEN ""
+
+WORKDIR /app
+
+ADD https://github.com/iovxw/rssbot/releases/download/${VERSION}/rssbot-en-x86_64-unknown-linux-musl /app/rssbot
+
+RUN chmod +x /app/rssbot
+
+CMD ["sh", "-c", "./rssbot ${TOKEN}"]
diff --git a/rss.jinwei.me/config/roles/rss/templates/docker-compose.yaml.j2 b/rss.jinwei.me/config/roles/rss/templates/docker-compose.yaml.j2
new file mode 100644
index 0000000..fd556dc
--- /dev/null
+++ b/rss.jinwei.me/config/roles/rss/templates/docker-compose.yaml.j2
@@ -0,0 +1,32 @@
+version: "3"
+services:
+  ttrss:
+    image: wangqiru/ttrss:nightly-2022-08-09
+    container_name: ttrss
+    environment:
+      - SELF_URL_PATH={{ lookup('aws_ssm', '/jinwei-me/ttrss/url') }}
+      - DB_HOST={{ lookup('aws_ssm', '/jinwei-me/mysql/host') }}
+      - DB_PORT={{ lookup('aws_ssm', '/jinwei-me/mysql/port') }}
+      - DB_NAME={{ lookup('aws_ssm', '/jinwei-me/mysql/ttrss_db_name') }}
+      - DB_USER={{ lookup('aws_ssm', '/jinwei-me/mysql/ttrss_db_user') }}
+      - DB_PASS={{ lookup('aws_ssm', '/jinwei-me/mysql/ttrss_db_password') }}
+      - PUID=1000
+      - PGID=1000
+    volumes:
+      - {{ rss_home }}/feed-icons:/var/www/feed-icons/
+    stdin_open: true
+    tty: true
+    restart: always
+
+  mercury:
+    image: wangqiru/mercury-parser-api:latest
+    container_name: ttrss_mercury
+    restart: always
+
+  rssbot:
+    build:
+      dockerfile: ./Dockerfile.rssbot
+    container_name: ttrss_rssbot
+    restart: always
+    environment:
+      - TOKEN={{ lookup('aws_ssm', '/jinwei-me/tgbot/token') }}
diff --git a/rss.jinwei.me/config/site.yaml b/rss.jinwei.me/config/site.yaml
new file mode 100644
index 0000000..56e2355
--- /dev/null
+++ b/rss.jinwei.me/config/site.yaml
@@ -0,0 +1,3 @@
+- hosts: jinwei-me
+  roles:
+    - role: rss
diff --git a/rss.jinwei.me/infra/.terraform.lock.hcl b/rss.jinwei.me/infra/.terraform.lock.hcl
new file mode 100644
index 0000000..8ab32aa
--- /dev/null
+++ b/rss.jinwei.me/infra/.terraform.lock.hcl
@@ -0,0 +1,66 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/cloudflare/cloudflare" {
+  version     = "3.29.0"
+  constraints = "~> 3.29"
+  hashes = [
+    "h1:iGDvVJ6kdlopyhR3ONeoh8gZWZg8+M/seP7VM7gOp1I=",
+    "zh:0947f7f9e0234aaeb6b5f344de4148a6379d05370937e1c255872697803c17cc",
+    "zh:17abb230abd852e0e4ed9921cd9aaf03336ad4a13a25b1040ed86cdbddf05123",
+    "zh:2ddf550dbdf5c58bbb8d14de6b2dc76627bb92787b99328300fb312c51e12d1f",
+    "zh:4645758bdefe52c1aa260368522aff6fcb4e508c918e9b2c263c9debd7d71684",
+    "zh:6047320a05d07045f7fb4b24c2540600473a94fc15a24ef99339a6690ab47dfe",
+    "zh:6db2d4e4bc3ab8b6107aec80a8041388c2a7722472c5efa6caf8435a453b1f33",
+    "zh:8b6b75a75567ae44a788128aebcbb59cebd9a9dbc4ddc1b05f4455734363d55a",
+    "zh:90c51deb4e96690ed73d8b8498d5ab2d7bb78597861bbef23fab18764371deb0",
+    "zh:9b0f89952afb5d00e31fb745f1ebb4ef677591ca62c002c744d23bcaa0d51e9a",
+    "zh:9cfe38d8ef5515d164f59b5f4ddc14bb8817051ea4efed54cb7834c66492dd79",
+    "zh:acf89e44b8643d52186ef5155c8889845681471abb60a933017cda9bc38d86ef",
+    "zh:c09205c6f1e39994c2f707cce0758a2cd16949b33566a724644593d2a616ea41",
+    "zh:c5412f2868592db091b91361b7a85fa3a1a97282e9e6e1c5883dd5f6b5f2e86c",
+    "zh:ff93702ca9a99863914718ae4214acffa1a72d481c8e1d3254ccf5930a2d7e10",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version     = "4.46.0"
+  constraints = "~> 4.46"
+  hashes = [
+    "h1:EZB4OgvytV38JpWyye9zoMQ0bfT9yB9xSXM5NY3Lrws=",
+    "zh:1678e6a4bdb3d81a6713adc62ca0fdb8250c584e10c10d1daca72316e9db8df2",
+    "zh:329903acf86ef6072502736dff4c43c2b50f762a958f76aa924e2d74c7fca1e3",
+    "zh:33db8131fe0ec7e1d9f30bc9f65c2440e9c1f708d681b6062757a351f1df7ce6",
+    "zh:3a3b010bc393784c16f4b6cdce7f76db93d5efa323fce4920bfea9e9ba6abe44",
+    "zh:979e2713a5759a7483a065e149e3cb69db9225326fc0457fa3fc3a48aed0c63f",
+    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+    "zh:9efcf0067e16ad53da7504178a05eb2118770b4ae00c193c10ecad4cbfce308e",
+    "zh:a10655bf1b6376ab7f3e55efadf54dc70f7bd07ca11369557c312095076f9d62",
+    "zh:b0394dd42cbd2a718a7dd7ae0283f04769aaf8b3d52664e141da59c0171a11ab",
+    "zh:b958e614c2cf6d9c05a6ad5e94dc5c04b97ebfb84415da068be5a081b5ebbe24",
+    "zh:ba5069e624210c63ad9e633a8eb0108b21f2322bc4967ba2b82d09168c466888",
+    "zh:d7dfa597a17186e7f4d741dd7111849f1c0dd6f7ebc983043d8262d2fb37b408",
+    "zh:e8a641ca2c99f96d64fa2725875e797273984981d3e54772a2823541c44e3cd3",
+    "zh:f89898b7067c4246293a8007f59f5cfcac7b8dd251d39886c7a53ba596251466",
+    "zh:fb1e1df1d5cc208e08a850f8e84423bce080f01f5e901791c79df369d3ed52f2",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/random" {
+  version = "3.4.3"
+  hashes = [
+    "h1:xZGZf18JjMS06pFa4NErzANI98qi59SEcBsOcS2P2yQ=",
+    "zh:41c53ba47085d8261590990f8633c8906696fa0a3c4b384ff6a7ecbf84339752",
+    "zh:59d98081c4475f2ad77d881c4412c5129c56214892f490adf11c7e7a5a47de9b",
+    "zh:686ad1ee40b812b9e016317e7f34c0d63ef837e084dea4a1f578f64a6314ad53",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:84103eae7251384c0d995f5a257c72b0096605048f757b749b7b62107a5dccb3",
+    "zh:8ee974b110adb78c7cd18aae82b2729e5124d8f115d484215fd5199451053de5",
+    "zh:9dd4561e3c847e45de603f17fa0c01ae14cae8c4b7b4e6423c9ef3904b308dda",
+    "zh:bb07bb3c2c0296beba0beec629ebc6474c70732387477a65966483b5efabdbc6",
+    "zh:e891339e96c9e5a888727b45b2e1bb3fcbdfe0fd7c5b4396e4695459b38c8cb1",
+    "zh:ea4739860c24dfeaac6c100b2a2e357106a89d18751f7693f3c31ecf6a996f8d",
+    "zh:f0c76ac303fd0ab59146c39bc121c5d7d86f878e9a69294e29444d4c653786f8",
+    "zh:f143a9a5af42b38fed328a161279906759ff39ac428ebcfe55606e05e1518b93",
+  ]
+}
diff --git a/rss.jinwei.me/infra/README b/rss.jinwei.me/infra/README
new file mode 100644
index 0000000..fe02282
--- /dev/null
+++ b/rss.jinwei.me/infra/README
@@ -0,0 +1,3 @@
+rss.jinwei.me
+
+Currently, rss.jinwei.me reuses the same infrastructure as jinwei.me.
diff --git a/rss.jinwei.me/infra/rds.tf b/rss.jinwei.me/infra/rds.tf
new file mode 100644
index 0000000..ad719ea
--- /dev/null
+++ b/rss.jinwei.me/infra/rds.tf
@@ -0,0 +1,4 @@
+resource "random_password" "ttrss_password" {
+  length  = 16
+  special = false
+}
diff --git a/rss.jinwei.me/infra/ssm.tf b/rss.jinwei.me/infra/ssm.tf
new file mode 100644
index 0000000..62aaba7
--- /dev/null
+++ b/rss.jinwei.me/infra/ssm.tf
@@ -0,0 +1,35 @@
+resource "aws_ssm_parameter" "ttrss_site_url" {
+  name  = "/${var.name}/ttrss/url"
+  type  = "String"
+  value = var.ttrss_site_url
+}
+
+resource "aws_ssm_parameter" "ttrss_db_name" {
+  name  = "/${var.name}/mysql/ttrss_db_name"
+  type  = "String"
+  value = var.ttrss_db_name
+}
+
+resource "aws_ssm_parameter" "ttrss_db_user" {
+  name  = "/${var.name}/mysql/ttrss_db_user"
+  type  = "String"
+  value = var.ttrss_db_user
+}
+
+resource "aws_ssm_parameter" "ttrss_db_password" {
+  name  = "/${var.name}/mysql/ttrss_db_password"
+  type  = "SecureString"
+  value = random_password.ttrss_password.result
+}
+
+resource "aws_ssm_parameter" "ttrss_tgbot_token" {
+  name  = "/${var.name}/tgbot/token"
+  type  = "SecureString"
+  value = var.rss_tgbot_token
+}
+
+resource "aws_ssm_parameter" "ttrss_tgbot_version" {
+  name  = "/${var.name}/tgbot/version"
+  type  = "String"
+  value = var.tg_bot_version
+}
diff --git a/rss.jinwei.me/infra/variables.tf b/rss.jinwei.me/infra/variables.tf
new file mode 100644
index 0000000..64e6912
--- /dev/null
+++ b/rss.jinwei.me/infra/variables.tf
@@ -0,0 +1,37 @@
+provider "aws" {
+  region = var.region
+}
+
+variable "name" {
+  description = "Name of the service. It will be used to name EC2, and RDS instances."
+  default     = "jinwei-me"
+}
+
+variable "region" {
+  default     = "us-west-2"
+  description = "AWS region"
+}
+
+variable "ttrss_db_name" {
+  default = "ttrss"
+}
+
+variable "ttrss_db_user" {
+  default = "ttrss"
+}
+
+variable "ttrss_site_url" {
+  default = "feed.jinwei.me"
+}
+
+variable "rss_tgbot_token" {
+  description = "Telegram bot token for rssbot"
+  type        = string
+  sensitive   = true
+}
+
+variable "tg_bot_version" {
+  description = "Telegram rss bot version, from https://github.com/iovxw/rssbot/releases"
+  default = "v2.0.0-alpha.11"
+  type = string
+}
diff --git a/rss.jinwei.me/infra/versions.tf b/rss.jinwei.me/infra/versions.tf
new file mode 100644
index 0000000..844ac4b
--- /dev/null
+++ b/rss.jinwei.me/infra/versions.tf
@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.46"
+    }
+    cloudflare = {
+      source  = "cloudflare/cloudflare"
+      version = "~> 3.29"
+    }
+  }
+}
-- 
cgit v1.2.3