-
-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: whole bunch of website and cms changes
- Loading branch information
Showing
227 changed files
with
19,138 additions
and
27 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,4 @@ | ||
export CLOUDFLARE_ACCOUNT_ID="0aeb879de8e3cdde5fb3d413025222ce" | ||
export TERRAFORM_BACKEND_URL="https://terraform-state-backend.rawkode-academy.workers.dev" | ||
export TERRAFORM_BACKEND_BUCKET_NAME="rawkode-cloud-tfstate" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,10 @@ | ||
.vscode | ||
build | ||
dist | ||
node_modules | ||
docker-compose.yaml | ||
Dockerfile | ||
Justfile | ||
README.md | ||
rome.json | ||
/.vscode | ||
/build | ||
/deploy | ||
/dist | ||
/docker-compose.yaml | ||
/Dockerfile | ||
/Justfile | ||
/node_modules | ||
/README.md | ||
/rome.json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,10 +1,11 @@ | ||
op signin --account rawkodeacademy | ||
|
||
export NODE_ENV="dev" | ||
export SERVER_URL="http://localhost:3000" | ||
export CLOUDFLARE_API_TOKEN=op://sa.rawkode.academy/cloudflare/api | ||
export MONGODB_URI=mongodb://127.0.0.1/cms | ||
export PAYLOAD_SECRET=super-secret | ||
export OAUTH_CLIENT_ID="op://cms.rawkode.academy/GitHub/username" | ||
export OAUTH_CLIENT_SECRET="op://cms.rawkode.academy/GitHub/password" | ||
export OAUTH_BASE_URL="https://github.com" | ||
|
||
export APPSETTING_SERVER_URL="http://localhost:3000" | ||
export APPSETTING_MONGODB_URI=mongodb://127.0.0.1/cms | ||
export APPSETTING_PAYLOAD_SECRET=super-secret | ||
export APPSETTING_OAUTH_BASE_URL="https://github.com" | ||
export APPSETTING_OAUTH_CLIENT_ID="op://cms.rawkode.academy/GitHub/username" | ||
export APPSETTING_OAUTH_CLIENT_SECRET="op://cms.rawkode.academy/GitHub/password" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
source_up ../../../.envrc | ||
source_up | ||
|
||
op signin --account rawkodeacademy.1password.eu | ||
|
||
export TF_HTTP_PASSWORD="op://sa-core-infrastructure/cloudflare/terraform-state-backend/password" | ||
export CLOUDFLARE_API_TOKEN="op://private/cloudflare/api-tokens/all-access" | ||
|
||
export ARM_SUBSCRIPTION_ID="op://sa-core-infrastructure/azure/subscriptionid" | ||
export ARM_TENANT_ID="op://sa-core-infrastructure/azure/tenantid" | ||
export ARM_CLIENT_ID="op://sa-core-infrastructure/azure/appid" | ||
export ARM_CLIENT_SECRET="op://sa-core-infrastructure/azure/password" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
*.d.ts | ||
*.js | ||
node_modules | ||
cdktf.out | ||
cdktf.log | ||
*terraform.*.tfstate* | ||
.gen | ||
.terraform | ||
tsconfig.tsbuildinfo | ||
!jest.config.js | ||
!setup.js |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
{ | ||
"app": "npx ts-node main.ts", | ||
"context": {}, | ||
"language": "typescript", | ||
"projectId": "a50eaad7-f318-4b9f-a7b5-76c059b44d67", | ||
"sendCrashReports": "false", | ||
"terraformModules": [], | ||
"terraformProviders": [ | ||
"hashicorp/azurerm@~>3.65.0", | ||
"hashicorp/random", | ||
"cloudflare/cloudflare@~>4.10.0" | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,229 @@ | ||
import { App, Fn, HttpBackend, TerraformStack } from "cdktf"; | ||
import { AppServiceCertificateBinding } from "./.gen/providers/azurerm/app-service-certificate-binding"; | ||
import { AppServiceCustomHostnameBinding } from "./.gen/providers/azurerm/app-service-custom-hostname-binding"; | ||
import { AppServiceManagedCertificate } from "./.gen/providers/azurerm/app-service-managed-certificate"; | ||
import { CosmosdbAccount } from "./.gen/providers/azurerm/cosmosdb-account"; | ||
import { CosmosdbMongoDatabase } from "./.gen/providers/azurerm/cosmosdb-mongo-database"; | ||
import { DataAzurermClientConfig } from "./.gen/providers/azurerm/data-azurerm-client-config"; | ||
import { KeyVault } from "./.gen/providers/azurerm/key-vault"; | ||
import { KeyVaultAccessPolicyA } from "./.gen/providers/azurerm/key-vault-access-policy"; | ||
import { KeyVaultSecret } from "./.gen/providers/azurerm/key-vault-secret"; | ||
import { LinuxWebApp } from "./.gen/providers/azurerm/linux-web-app"; | ||
import { AzurermProvider } from "./.gen/providers/azurerm/provider"; | ||
import { ResourceGroup } from "./.gen/providers/azurerm/resource-group"; | ||
import { ServicePlan } from "./.gen/providers/azurerm/service-plan"; | ||
import { DataCloudflareZone } from "./.gen/providers/cloudflare/data-cloudflare-zone"; | ||
import { CloudflareProvider } from "./.gen/providers/cloudflare/provider"; | ||
import { Record } from "./.gen/providers/cloudflare/record"; | ||
import { Password } from "./.gen/providers/random/password"; | ||
import { RandomProvider } from "./.gen/providers/random/provider"; | ||
|
||
const terraformBackendUrl = `${ | ||
process.env.TERRAFORM_BACKEND_URL || "" | ||
}/states/cms.rawkode.academy`; | ||
|
||
class MyStack extends TerraformStack { | ||
constructor(scope: App, name: string) { | ||
super(scope, name); | ||
|
||
new AzurermProvider(this, "azure", { | ||
features: {}, | ||
}); | ||
|
||
new CloudflareProvider(this, "cloudflare", {}); | ||
|
||
const cloudflareZone = new DataCloudflareZone(this, "cloudflare-zone", { | ||
name: "rawkode.academy", | ||
}); | ||
|
||
new RandomProvider(this, "random", {}); | ||
|
||
const azureClientConfig = new DataAzurermClientConfig( | ||
this, | ||
"azure-client-config", | ||
{}, | ||
); | ||
|
||
const resourceGroup = new ResourceGroup(this, "resource-group", { | ||
name: "cms.rawkode.academy", | ||
location: "West Europe", | ||
}); | ||
|
||
const servicePlan = new ServicePlan(this, "service-plan", { | ||
name: "rawkode-academy-cms", | ||
resourceGroupName: resourceGroup.name, | ||
location: resourceGroup.location, | ||
osType: "Linux", | ||
skuName: "B1", | ||
}); | ||
|
||
const keyVault = new KeyVault(this, "key-vault", { | ||
name: "rawkode-academy-cms", | ||
location: resourceGroup.location, | ||
resourceGroupName: resourceGroup.name, | ||
skuName: "standard", | ||
tenantId: azureClientConfig.tenantId, | ||
}); | ||
|
||
const cosmosDbAccount = new CosmosdbAccount(this, "cosmosdb-account", { | ||
name: "rawkode-academy-cms", | ||
resourceGroupName: resourceGroup.name, | ||
location: resourceGroup.location, | ||
offerType: "Standard", | ||
kind: "MongoDB", | ||
enableAutomaticFailover: false, | ||
consistencyPolicy: { | ||
consistencyLevel: "BoundedStaleness", | ||
maxIntervalInSeconds: 300, | ||
maxStalenessPrefix: 10000, | ||
}, | ||
geoLocation: [ | ||
{ | ||
location: resourceGroup.location, | ||
failoverPriority: 0, | ||
}, | ||
], | ||
}); | ||
|
||
new CosmosdbMongoDatabase(this, "cosmosdb-mongo-database", { | ||
name: "rawkode-academy-cms", | ||
resourceGroupName: resourceGroup.name, | ||
accountName: cosmosDbAccount.name, | ||
throughput: 400, | ||
}); | ||
|
||
const payloadSecret = new Password(this, "payload-secret", { | ||
length: 32, | ||
special: true, | ||
minSpecial: 4, | ||
upper: true, | ||
minUpper: 4, | ||
lower: true, | ||
minLower: 4, | ||
numeric: true, | ||
minNumeric: 4, | ||
}); | ||
|
||
const azurePayloadSecret = new KeyVaultSecret( | ||
this, | ||
"azure-payload-secret", | ||
{ | ||
keyVaultId: keyVault.id, | ||
name: "payload-secret", | ||
value: payloadSecret.result, | ||
}, | ||
); | ||
|
||
const azureGitHubClientSecret = new KeyVaultSecret( | ||
this, | ||
"azure-github-client-secret", | ||
{ | ||
keyVaultId: keyVault.id, | ||
name: "github-client-secret", | ||
value: process.env.APPSETTING_GITHUB_CLIENT_SECRET || "", | ||
}, | ||
); | ||
|
||
const linuxWebApp = new LinuxWebApp(this, "linux-web-app", { | ||
name: "rawkode-academy-cms", | ||
enabled: true, | ||
servicePlanId: servicePlan.id, | ||
location: resourceGroup.location, | ||
resourceGroupName: resourceGroup.name, | ||
httpsOnly: true, | ||
identity: { | ||
type: "SystemAssigned", | ||
}, | ||
siteConfig: { | ||
alwaysOn: true, | ||
applicationStack: { | ||
dockerRegistryUrl: "https://ghcr.io", | ||
dockerImageName: "rawkodeacademy/cms", | ||
}, | ||
}, | ||
appSettings: { | ||
WEBSITES_PORT: "3000", | ||
SERVER_URL: "https://cms.rawkode.academy", | ||
MONGODB_URI: Fn.element(cosmosDbAccount.connectionStrings, 0), | ||
OAUTH_BASE_URL: process.env.APPSETTING_OAUTH_BASE_URL || "", | ||
OAUTH_CLIENT_ID: process.env.APPSETTING_OAUTH_CLIENT_ID || "", | ||
OAUTH_CLIENT_SECRET: `@Microsoft.KeyVault(SecretUri=${azureGitHubClientSecret.versionlessId})`, | ||
PAYLOAD_SECRET: `@Microsoft.KeyVault(SecretUri=${azurePayloadSecret.versionlessId})`, | ||
}, | ||
}); | ||
|
||
const domainVerification = new Record( | ||
this, | ||
"cloudflare-record-verification", | ||
{ | ||
zoneId: cloudflareZone.id, | ||
name: "asuid.cms.rawkode.academy", | ||
type: "TXT", | ||
value: linuxWebApp.customDomainVerificationId, | ||
ttl: 300, | ||
proxied: false, | ||
comment: "Managed by Terraform", | ||
}, | ||
); | ||
|
||
const dnsRecord = new Record(this, "cloudflare-record", { | ||
zoneId: cloudflareZone.id, | ||
name: "cms", | ||
type: "CNAME", | ||
value: linuxWebApp.defaultHostname, | ||
ttl: 300, | ||
proxied: false, | ||
comment: "Managed by Terraform", | ||
}); | ||
|
||
const hostnameBinding = new AppServiceCustomHostnameBinding( | ||
this, | ||
"app-service-custom-hostname-binding", | ||
{ | ||
hostname: dnsRecord.hostname, | ||
appServiceName: linuxWebApp.name, | ||
resourceGroupName: resourceGroup.name, | ||
timeouts: { | ||
create: "10m", | ||
}, | ||
dependsOn: [domainVerification], | ||
}, | ||
); | ||
|
||
const appServiceCertificate = new AppServiceManagedCertificate( | ||
this, | ||
"app-service-managed-certificate", | ||
{ | ||
customHostnameBindingId: hostnameBinding.id, | ||
}, | ||
); | ||
|
||
new AppServiceCertificateBinding(this, "app-service-certificate-binding", { | ||
hostnameBindingId: hostnameBinding.id, | ||
sslState: "SniEnabled", | ||
certificateId: appServiceCertificate.id, | ||
}); | ||
|
||
new KeyVaultAccessPolicyA(this, "key-vault-access-policy", { | ||
keyVaultId: keyVault.id, | ||
tenantId: azureClientConfig.tenantId, | ||
objectId: linuxWebApp.identity.principalId, | ||
secretPermissions: ["Get"], | ||
}); | ||
} | ||
} | ||
|
||
const app = new App(); | ||
|
||
const stack = new MyStack(app, "deploy"); | ||
|
||
new HttpBackend(stack, { | ||
address: terraformBackendUrl, | ||
username: "rawkodeacademy", | ||
lockMethod: "PUT", | ||
lockAddress: `${terraformBackendUrl}/lock`, | ||
unlockMethod: "DELETE", | ||
unlockAddress: `${terraformBackendUrl}/lock`, | ||
}); | ||
|
||
app.synth(); |
Oops, something went wrong.