Skip to content

Commit

Permalink
chore(dns): adding xpto.io and moving lightsail to ghcr.io/alexpovel/…
Browse files Browse the repository at this point in the history 
…ancv
  • Loading branch information
@kiraum
kiraum committed Dec 9, 2024
1 parent 8b608c7 commit 8c9e6fd
Show file tree
Hide file tree
Showing 3 changed files with 131 additions and 8 deletions.
5 changes: 5 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,11 @@ This project is designed to leverage the AWS Free Tier as much as possible:
- DynamoDB tables use on-demand capacity to minimize costs
- CloudWatch logs have a 7-day retention period to reduce storage costs

## Notes

### set credentials (and unset after push image)
aws lightsail push-container-image --service-name ansiv --label resume --image ghcr.io/alexpovel/ancv

## Contributing

Please refer to the `.pre-commit-config.yaml` file for code style and linting requirements before submitting pull requests.
Expand Down
126 changes: 122 additions & 4 deletions environments/prod/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -301,7 +301,125 @@ module "route53" {
ttl = 300
records = [module.lightsail_ansiv.domain_validation_records["ansiv.xpto.it"].value]
}

]
},
"xpto_io" = {
domain_name = "xpto.io"
comment = "xpto.io hosted zone"
enable_dnssec = true
records = [
# A record for root domain
{
name = ""
type = "A"
alias = {
name = "dpop20p5u4112.cloudfront.net"
zone_id = "Z2FDTNDATAQYW2"
evaluate_target_health = false
}
},
# AAAA record for root domain
{
name = ""
type = "AAAA"
alias = {
name = "dpop20p5u4112.cloudfront.net"
zone_id = "Z2FDTNDATAQYW2"
evaluate_target_health = false
}
},
# A record for www domain
{
name = "www"
type = "A"
alias = {
name = "dpop20p5u4112.cloudfront.net"
zone_id = "Z2FDTNDATAQYW2"
evaluate_target_health = false
}
},
# AAAA record for www domain
{
name = "www"
type = "AAAA"
alias = {
name = "dpop20p5u4112.cloudfront.net"
zone_id = "Z2FDTNDATAQYW2"
evaluate_target_health = false
}
},
# DS record
{
name = "www"
type = "DS"
ttl = 300
records = ["43125 13 2 78CE52B953F03915935782AFD14DCD2A43D2BFD4ABD94056568A1E21B9D474D3"]
},
# TLSA record
{
name = "_443._tcp"
type = "TXT"
ttl = 300
records = ["3 1 1 ${local.tlsa_hash_xpto_it}"]
},
# MX records for email routing
{
name = ""
type = "MX"
ttl = 300
records = ["10 mail.protonmail.ch", "20 mailsec.protonmail.ch"]
},
# TXT records for various verifications and SPF
{
name = ""
type = "TXT"
ttl = 300
records = [
# xpto.io
"protonmail-verification=153bcda22041823b28c81094503b81ae0dcb1e3b",
"v=spf1 include:_spf.protonmail.ch ~all"
]
},
# DMARC record
{
name = "_dmarc"
type = "TXT"
ttl = 300
records = ["v=DMARC1; p=quarantine"]
},
# DKIM records for ProtonMail
{
name = "protonmail._domainkey"
type = "CNAME"
ttl = 300
records = ["protonmail.domainkey.d3m6asxybpte3tu5js3kkqukmw7lwjn5y4kioct4nfcs5kqxohsja.domains.proton.ch."]
},
{
name = "protonmail2._domainkey"
type = "CNAME"
ttl = 300
records = ["protonmail2.domainkey.d3m6asxybpte3tu5js3kkqukmw7lwjn5y4kioct4nfcs5kqxohsja.domains.proton.ch."]
},
{
name = "protonmail3._domainkey"
type = "CNAME"
ttl = 300
records = ["protonmail3.domainkey.d3m6asxybpte3tu5js3kkqukmw7lwjn5y4kioct4nfcs5kqxohsja.domains.proton.ch."]
},
# lightsail
{
name = "ansiv"
type = "CNAME"
ttl = 300
records = [module.lightsail_ansiv.container_url]
},
# lightsail cert
{
name = module.lightsail_ansiv.domain_validation_records["ansiv.xpto.io"].name
type = module.lightsail_ansiv.domain_validation_records["ansiv.xpto.io"].type
ttl = 300
records = [module.lightsail_ansiv.domain_validation_records["ansiv.xpto.io"].value]
}
]
}
}
Expand All @@ -318,7 +436,7 @@ module "static_website" {
source = "../../modules/static_website"

bucket_name = "xpto-static-website-bucket"
domain_names = ["xpto.it", "kiraum.it"]
domain_names = ["xpto.it", "kiraum.it", "xpto.io"]
cloudfront_price_class = "PriceClass_100"

tags = {
Expand All @@ -339,9 +457,9 @@ module "lightsail_ansiv" {
source = "../../modules/lightsail_ansiv"

container_name = "ansiv"
container_image = ":ansiv.resume.9"
container_image = ":ansiv.resume.10"
availability_zone = "${var.aws_region}a"
bundle_id = "nano"
custom_domain_name = ["ansiv.xpto.it", "ansiv.kiraum.it"]
custom_domain_name = ["ansiv.xpto.it", "ansiv.kiraum.it", "ansiv.xpto.io"]
monthly_budget_limit = "10"
}
8 changes: 4 additions & 4 deletions scripts/set_aws_credentials.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,12 @@ aws configure set output json
aws configure list

# Get temporary credentials
#credentials=$(aws sts get-session-token --duration-seconds 3600)
credentials=$(aws sts get-session-token --duration-seconds 3600)

# Extract the values
#export AWS_ACCESS_KEY_ID=$(echo $credentials | jq -r .Credentials.AccessKeyId)
#export AWS_SECRET_ACCESS_KEY=$(echo $credentials | jq -r .Credentials.SecretAccessKey)
#export AWS_SESSION_TOKEN=$(echo $credentials | jq -r .Credentials.SessionToken)
export AWS_ACCESS_KEY_ID=$(echo $credentials | jq -r .Credentials.AccessKeyId)
export AWS_SECRET_ACCESS_KEY=$(echo $credentials | jq -r .Credentials.SecretAccessKey)
export AWS_SESSION_TOKEN=$(echo $credentials | jq -r .Credentials.SessionToken)

echo "Temporary credentials set. They will expire at $(echo $credentials | jq -r .Credentials.Expiration)"

Expand Down

0 comments on commit 8c9e6fd

Please sign in to comment.