Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(dns): adding xpto.io and moving lightsail to ghcr.io/alexpovel/… #22

Merged
merged 1 commit into from
Dec 9, 2024
Merged

chore(dns): adding xpto.io and moving lightsail to ghcr.io/alexpovel/… #22

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,11 @@ This project is designed to leverage the AWS Free Tier as much as possible:
- DynamoDB tables use on-demand capacity to minimize costs
- CloudWatch logs have a 7-day retention period to reduce storage costs

## Notes

### set credentials (and unset after push image)
aws lightsail push-container-image --service-name ansiv --label resume --image ghcr.io/alexpovel/ancv

## Contributing

Please refer to the `.pre-commit-config.yaml` file for code style and linting requirements before submitting pull requests.
Expand Down
126 changes: 122 additions & 4 deletions environments/prod/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -301,7 +301,125 @@ module "route53" {
ttl = 300
records = [module.lightsail_ansiv.domain_validation_records["ansiv.xpto.it"].value]
}

]
},
"xpto_io" = {
domain_name = "xpto.io"
comment = "xpto.io hosted zone"
enable_dnssec = true
records = [
# A record for root domain
{
name = ""
type = "A"
alias = {
name = "dpop20p5u4112.cloudfront.net"
zone_id = "Z2FDTNDATAQYW2"
evaluate_target_health = false
}
},
# AAAA record for root domain
{
name = ""
type = "AAAA"
alias = {
name = "dpop20p5u4112.cloudfront.net"
zone_id = "Z2FDTNDATAQYW2"
evaluate_target_health = false
}
},
# A record for www domain
{
name = "www"
type = "A"
alias = {
name = "dpop20p5u4112.cloudfront.net"
zone_id = "Z2FDTNDATAQYW2"
evaluate_target_health = false
}
},
# AAAA record for www domain
{
name = "www"
type = "AAAA"
alias = {
name = "dpop20p5u4112.cloudfront.net"
zone_id = "Z2FDTNDATAQYW2"
evaluate_target_health = false
}
},
# DS record
{
name = "www"
type = "DS"
ttl = 300
records = ["43125 13 2 78CE52B953F03915935782AFD14DCD2A43D2BFD4ABD94056568A1E21B9D474D3"]
},
# TLSA record
{
name = "_443._tcp"
type = "TXT"
ttl = 300
records = ["3 1 1 ${local.tlsa_hash_xpto_it}"]
},
# MX records for email routing
{
name = ""
type = "MX"
ttl = 300
records = ["10 mail.protonmail.ch", "20 mailsec.protonmail.ch"]
},
# TXT records for various verifications and SPF
{
name = ""
type = "TXT"
ttl = 300
records = [
# xpto.io
"protonmail-verification=153bcda22041823b28c81094503b81ae0dcb1e3b",
"v=spf1 include:_spf.protonmail.ch ~all"
]
},
# DMARC record
{
name = "_dmarc"
type = "TXT"
ttl = 300
records = ["v=DMARC1; p=quarantine"]
},
# DKIM records for ProtonMail
{
name = "protonmail._domainkey"
type = "CNAME"
ttl = 300
records = ["protonmail.domainkey.d3m6asxybpte3tu5js3kkqukmw7lwjn5y4kioct4nfcs5kqxohsja.domains.proton.ch."]
},
{
name = "protonmail2._domainkey"
type = "CNAME"
ttl = 300
records = ["protonmail2.domainkey.d3m6asxybpte3tu5js3kkqukmw7lwjn5y4kioct4nfcs5kqxohsja.domains.proton.ch."]
},
{
name = "protonmail3._domainkey"
type = "CNAME"
ttl = 300
records = ["protonmail3.domainkey.d3m6asxybpte3tu5js3kkqukmw7lwjn5y4kioct4nfcs5kqxohsja.domains.proton.ch."]
},
# lightsail
{
name = "ansiv"
type = "CNAME"
ttl = 300
records = [module.lightsail_ansiv.container_url]
},
# lightsail cert
{
name = module.lightsail_ansiv.domain_validation_records["ansiv.xpto.io"].name
type = module.lightsail_ansiv.domain_validation_records["ansiv.xpto.io"].type
ttl = 300
records = [module.lightsail_ansiv.domain_validation_records["ansiv.xpto.io"].value]
}
]
}
}
Expand All @@ -318,7 +436,7 @@ module "static_website" {
source = "../../modules/static_website"

bucket_name = "xpto-static-website-bucket"
domain_names = ["xpto.it", "kiraum.it"]
domain_names = ["xpto.it", "kiraum.it", "xpto.io"]
cloudfront_price_class = "PriceClass_100"

tags = {
Expand All @@ -339,9 +457,9 @@ module "lightsail_ansiv" {
source = "../../modules/lightsail_ansiv"

container_name = "ansiv"
container_image = ":ansiv.resume.9"
container_image = ":ansiv.resume.10"
availability_zone = "${var.aws_region}a"
bundle_id = "nano"
custom_domain_name = ["ansiv.xpto.it", "ansiv.kiraum.it"]
custom_domain_name = ["ansiv.xpto.it", "ansiv.kiraum.it", "ansiv.xpto.io"]
monthly_budget_limit = "10"
}
8 changes: 4 additions & 4 deletions scripts/set_aws_credentials.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,12 @@ aws configure set output json
aws configure list

# Get temporary credentials
#credentials=$(aws sts get-session-token --duration-seconds 3600)
credentials=$(aws sts get-session-token --duration-seconds 3600)

# Extract the values
#export AWS_ACCESS_KEY_ID=$(echo $credentials | jq -r .Credentials.AccessKeyId)
#export AWS_SECRET_ACCESS_KEY=$(echo $credentials | jq -r .Credentials.SecretAccessKey)
#export AWS_SESSION_TOKEN=$(echo $credentials | jq -r .Credentials.SessionToken)
export AWS_ACCESS_KEY_ID=$(echo $credentials | jq -r .Credentials.AccessKeyId)
export AWS_SECRET_ACCESS_KEY=$(echo $credentials | jq -r .Credentials.SecretAccessKey)
export AWS_SESSION_TOKEN=$(echo $credentials | jq -r .Credentials.SessionToken)

echo "Temporary credentials set. They will expire at $(echo $credentials | jq -r .Credentials.Expiration)"

Expand Down
Loading