deploy dev (#5)

* refactor: code base dev

* fix: stupid output...

* feat: add cloudflare for domain name configs

* feat: Refactor structure and add ansible playbook for deploying

.github/workflows/terraform.yml

@@ -0,0 +1,50 @@
+name: 'Terraform'
+
+on:
+ push:
+ branches: [ "main" ]
+ paths: [ "terraform/**"]
+ pull_request:
+ paths: [ "terraform/**"]
+
+permissions:
+ contents: read
+
+jobs:
+ terraform:
+ name: 'Terraform'
+ runs-on: ubuntu-latest
+
+ # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
+ defaults:
+ run:
+ shell: bash
+
+ steps:
+ # Checkout the repository to the GitHub Actions runner
+ - name: Checkout
+ uses: actions/checkout@v3
+
+ # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
+ - name: Setup Terraform
+ uses: hashicorp/setup-terraform@v1
+ with:
+ cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+
+ # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc.
+ - name: Terraform Init
+ run: terraform -chdir=terraform init
+
+ # Checks that all Terraform configuration files adhere to a canonical format
+ - name: Terraform Format
+ run: terraform -chdir=terraform fmt -check
+
+ # Generates an execution plan for Terraform
+ - name: Terraform Plan
+ run: terraform -chdir=terraform plan -no-color
+
+ # On push to "main", build or change infrastructure according to Terraform configuration files
+ # Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks
+ - name: Terraform Apply
+ if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+ run: terraform -chdir=terraform apply -auto-approve -no-color

.gitignore

@@ -32,4 +32,8 @@ override.tf.json
 
 # Ignore CLI configuration files
 .terraformrc
-terraform.rc
+terraform.rc
+
+*.pem
+inventory.yaml
+*.local*

Makefile

@@ -0,0 +1,15 @@
+output: setup ping deploy
+
+setup:
+ terraform -chdir=terraform output -raw ssh_private_keys > .local/ansible.pem
+ echo -e "[all]\n`terraform -chdir=terraform output -raw public_ip`" > .local/inventory
+ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 `terraform -chdir=terraform output -raw public_ip` >> ~/.ssh/known_hosts
+ sudo chmod 600 .local/ansible.pem
+ping:
+ ansible -i .local/inventory all -u root --private-key .local/ansible.pem -m ping
+
+deploy:
+ ansible-playbook -i .local/inventory -u root --private-key .local/ansible.pem ansible/playbooks/Profile-set-up.yaml
+
+connect:
+ ssh -i .local/ansible.pem root@`terraform -chdir=terraform output -raw public_ip`

README.md

@@ -1,5 +1,8 @@
 # Profile-deployment
 
 
-### Get ssh key:
-`terraform output -raw ssh_private_keys`
+### Deploy
+`make`
+
+### Connect through SSH:
+`make connect`

ansible/playbooks/Profile-set-up.yaml

@@ -0,0 +1,82 @@
+---
+
+- hosts: all
+ name: Setup server
+ become: true
+ tasks:
+ - name: Check If Docker Is Installed
+ ansible.builtin.command: docker --version
+ register: docker_valid
+ ignore_errors: true
+ changed_when: false
+
+ - name: Install aptitude
+ ansible.builtin.apt:
+ name: aptitude
+ state: present
+ update_cache: true
+
+ - name: Install packages to allow apt to use a repository over HTTPS
+ ansible.builtin.apt:
+ name:
+ - ca-certificates
+ - gnupg
+ - apt-transport-https
+ state: present
+ update_cache: true
+
+ - name: Add Docker's official GPG key
+ ansible.builtin.apt_key:
+ url: https://download.docker.com/linux/ubuntu/gpg
+ state: present
+ when: docker_valid.failed
+
+ - name: Get Ubuntu release version
+ ansible.builtin.command: lsb_release -cs
+ register: ubuntu_version
+ changed_when: false
+
+ - name: Get architecture
+ ansible.builtin.command: dpkg --print-architecture
+ register: architecture
+ changed_when: false
+
+ - name: Add Docker repository
+ ansible.builtin.apt_repository:
+ repo: "deb [arch={{ architecture.stdout }}] https://download.docker.com/linux/ubuntu {{ ubuntu_version.stdout }} stable"
+ state: present
+ filename: docker
+ when: docker_valid.failed
+
+ - name: Update apt packages
+ ansible.builtin.apt:
+ update_cache: "yes"
+ force_apt_get: "yes"
+
+ - name: Install Docker engine
+ ansible.builtin.apt:
+ name:
+ - docker-ce
+ - docker-ce-cli
+ - containerd.io
+ state: present
+ update_cache: true
+
+ - name: Copy .env file
+ ansible.builtin.copy:
+ src: ../../profile/.env
+ dest: .env
+ remote_src: false
+ mode: '0755'
+
+
+ - name: Copy docker compose file
+ ansible.builtin.copy:
+ src: ../../profile/docker-compose-dev.yml
+ dest: docker-compose-dev.yml
+ remote_src: false
+ mode: '0644'
+
+ - name: Run docker compose
+ ansible.builtin.command: docker compose --env-file .env -f docker-compose-dev.yml up -d
+ changed_when: true

profile/docker-compose-dev.yml

@@ -0,0 +1,87 @@
+version: "3.8"
+
+services:
+ frontend:
+ image: profileorg/profile-fe-dev
+ expose:
+ - 80
+ restart: unless-stopped
+ networks:
+ - internet
+ labels:
+ - "traefik.http.routers.frontend.rule=Host(`${DOMAIN_FRONTEND}`)"
+ - "traefik.http.routers.frontend.entrypoints=https"
+ - "traefik.http.routers.frontend.tls=true"
+ - "traefik.http.routers.frontend.tls.certresolver=letsencrypt"
+
+ reverse-proxy:
+ image: traefik:v2.10
+ # Enables the web UI and tells Traefik to listen to docker
+ restart: unless-stopped
+ command: 
+ - "--entrypoints.http.address=:80"
+ - "--entrypoints.https.address=:443"
+ - "--api.insecure=true"
+ - "--providers.docker"
+ - "--api=true"
+ - "--certificatesresolvers.letsencrypt.acme.email=${CF_API_EMAIL}"
+ - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
+ - "--certificatesresolvers.letsencrypt.acme.dnschallenge=true"
+ - "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"
+ - "--certificatesresolvers.letsencrypt.acme.dnschallenge.delaybeforecheck=0"
+ - "--certificatesresolvers.letsencrypt.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53"
+ environment:
+ - CF_API_EMAIL=${CF_API_EMAIL}
+ - CF_API_KEY=${CF_API_KEY}
+ ports:
+ # The HTTP port
+ - "80:80"
+ - "443:443"
+ # The Web UI (enabled by --api.insecure=true)
+ - "8080:8080"
+ volumes:
+ # So that Traefik can listen to the Docker events
+ - /var/run/docker.sock:/var/run/docker.sock:ro
+ - ./letsencrypt:/letsencrypt
+ networks:
+ - internet
+
+ backend:
+ image: profileorg/profile-be-dev
+ expose:
+ - 80
+ labels:
+ - "traefik.http.routers.backend.rule=Host(`${DOMAIN_BACKEND}`)"
+ - "traefik.http.routers.backend.entrypoints=https"
+ - "traefik.http.routers.backend.tls=true"
+ - "traefik.http.routers.backend.tls.certresolver=letsencrypt"
+ restart: unless-stopped
+ environment:
+ - ASPNETCORE_ENVIRONMENT=Development
+ - PROFILE_DatabaseSettings__ConnectionString=Server=postgres;Port=5432;Database=${PG_DATABASE};User ID=${PG_USERNAME};Password=${PG_PASSWORD};
+ - BASE_FRONTEND_URL=https://${DOMAIN_FRONTEND}
+ networks:
+ - internet
+ - no-internet
+
+ postgres:
+ image: postgres:alpine
+ restart: unless-stopped
+ expose:
+ - 5432
+ environment:
+ - POSTGRES_USER=${PG_USERNAME}
+ - POSTGRES_PASSWORD=${PG_PASSWORD}
+ - POSTGRES_DB=${PG_DATABASE}
+ volumes:
+ - pg_data:/var/lib/postgresql/data
+ networks:
+ - no-internet
+
+volumes:
+ pg_data:
+
+networks:
+ internet: {}
+ no-internet:
+ internal: true

terraform/locals.tf

@@ -0,0 +1,12 @@
+locals {
+ instance = {
+ image = "ubuntu-22-04-x64"
+ name = "ProFileOrg-dev"
+ region = "sgp1"
+ size = "s-4vcpu-8gb"
+ dns_record = {
+ base = "dev-profileorg"
+ api = "api-dev-profileorg"
+ }
+ }
+}

main.tf → terraform/main.tf

@@ -22,7 +22,7 @@ resource "cloudflare_record" "profileorg_dev" {
  name = local.instance.dns_record.base
  value = digitalocean_droplet.profileorg_dev.ipv4_address
  type = "A"
- proxied = true
+ proxied  = true
 }
 
 resource "cloudflare_record" "profileorg_dev_api" {
@@ -31,5 +31,5 @@ resource "cloudflare_record" "profileorg_dev_api" {
  name = local.instance.dns_record.api
  value = digitalocean_droplet.profileorg_dev.ipv4_address
  type = "A"
- proxied = true
+ proxied  = true
 }

output.tf → terraform/output.tf

@@ -1,5 +1,5 @@
 output "public_ip" {
- value = digitalocean_droplet.profileorg_dev.ipv4_address
+ value  = digitalocean_droplet.profileorg_dev.ipv4_address
  sensitive = true
 }