Compare commits
2 commits
7fe118d878
...
d47b2e90ea
Author | SHA1 | Date | |
---|---|---|---|
Gabriel Simmer | d47b2e90ea | ||
Gabriel Simmer | bea6c26961 |
32
homelab/configs/webdev-support-bot
Normal file
32
homelab/configs/webdev-support-bot
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
apiVersion: v1
|
||||||
|
data:
|
||||||
|
ADMIN_ROLE_ID: "449317401482231808"
|
||||||
|
API_CACHE_ENTRIES_LIMIT: "100"
|
||||||
|
API_CACHE_EXPIRATION_IN_SECONDS: "10800"
|
||||||
|
API_CACHE_REVALIDATION_WINDOW_IN_SECONDS: "300"
|
||||||
|
AWAIT_MESSAGE_TIMEOUT: "600"
|
||||||
|
CACHE_REVALIDATION_IN_SECONDS: "5"
|
||||||
|
FINAL_CACHE_EXPIRATION_IN_SECONDS: "30"
|
||||||
|
HELPFUL_ROLE_EXEMPT_ID: "734887151056978025"
|
||||||
|
HELPFUL_ROLE_ID: "725027785424240671"
|
||||||
|
HELPFUL_ROLE_POINT_THRESHOLD: "40"
|
||||||
|
INTRO_CHANNEL: "561171851556945920"
|
||||||
|
INTRO_ROLE: "992891679579324498"
|
||||||
|
JOB_POSTINGS_CHANNEL: "598513460019462144"
|
||||||
|
JOIN_LOG_CHANNEL: "452597959066910724"
|
||||||
|
MINIMAL_AMOUNT_OF_WORDS: "5"
|
||||||
|
MINIMAL_COMPENSATION: "15.00"
|
||||||
|
MOD_CHANNEL: "482153306567737345"
|
||||||
|
MOD_ROLE_ID: "465222496891699200"
|
||||||
|
NEW_USER_ROLE: "992891582334382230"
|
||||||
|
NUMBER_OF_ALLOWED_MESSAGES: "5"
|
||||||
|
ONBOARDING_CHANNEL: "963568922026717214"
|
||||||
|
POINT_DECAY_TIMER: "24"
|
||||||
|
POINT_LIMITER_IN_MINUTES: "30"
|
||||||
|
POST_LIMITER_IN_HOURS: "1"
|
||||||
|
REPO_LINK: https://github.com/r-webdev/webdev-support-bot
|
||||||
|
VAR_DETECT_LIMIT: "7200000"
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: webdev-support-bot
|
||||||
|
namespace: default
|
BIN
homelab/configs/webdev-support-bot-secret.age
Normal file
BIN
homelab/configs/webdev-support-bot-secret.age
Normal file
Binary file not shown.
|
@ -26,7 +26,7 @@ resource "aws_cloudfront_distribution" "api-by-becki" {
|
||||||
enabled = true
|
enabled = true
|
||||||
is_ipv6_enabled = true
|
is_ipv6_enabled = true
|
||||||
|
|
||||||
aliases = ["api-by-becki.gmem.ca", "api.artbybecki.com"]
|
aliases = ["api.artbybecki.com"]
|
||||||
viewer_certificate {
|
viewer_certificate {
|
||||||
acm_certificate_arn = aws_acm_certificate.api-artbybecki-com.arn
|
acm_certificate_arn = aws_acm_certificate.api-artbybecki-com.arn
|
||||||
ssl_support_method = "sni-only"
|
ssl_support_method = "sni-only"
|
||||||
|
@ -61,21 +61,9 @@ resource "aws_cloudfront_cache_policy" "api" {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_acm_certificate" "api-by-becki" {
|
|
||||||
domain_name = "api-by-becki.gmem.ca"
|
|
||||||
validation_method = "DNS"
|
|
||||||
provider = aws.virginia
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "aws_acm_certificate" "api-artbybecki-com" {
|
resource "aws_acm_certificate" "api-artbybecki-com" {
|
||||||
domain_name = "api.artbybecki.com"
|
domain_name = "api.artbybecki.com"
|
||||||
validation_method = "DNS"
|
validation_method = "DNS"
|
||||||
provider = aws.virginia
|
provider = aws.virginia
|
||||||
subject_alternative_names = ["api-by-becki.gmem.ca"]
|
subject_alternative_names = ["art-by-becki.gmem.ca"]
|
||||||
}
|
|
||||||
|
|
||||||
resource "aws_acm_certificate_validation" "api-by-becki" {
|
|
||||||
certificate_arn = aws_acm_certificate.api-artbybecki-com.arn
|
|
||||||
validation_record_fqdns = flatten([[for record in aws_route53_record.api-by-becki-acm : record.fqdn], [for record in cloudflare_record.api-artbybecki-acm : record.hostname]])
|
|
||||||
provider = aws.virginia
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -60,12 +60,35 @@ resource "aws_route53_record" "gabrielsimmercom-github-verification" {
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_route53_record" "gabrielsimmercom-keybase-verification" {
|
resource "aws_route53_record" "gabrielsimmercom-txt-verifications" {
|
||||||
zone_id = aws_route53_zone.gabrielsimmercom.zone_id
|
zone_id = aws_route53_zone.gabrielsimmercom.zone_id
|
||||||
name = "gabrielsimmer.com"
|
name = "gabrielsimmer.com"
|
||||||
type = "TXT"
|
type = "TXT"
|
||||||
ttl = 300
|
ttl = 300
|
||||||
records = [
|
records = [
|
||||||
"keybase-site-verification=f2MAsoM3HCGQAsYNcWzCy4Ul2kvh79j6etJbL7aQwv8"
|
"keybase-site-verification=f2MAsoM3HCGQAsYNcWzCy4Ul2kvh79j6etJbL7aQwv8",
|
||||||
|
"v=spf1 include:spf.messagingengine.com ?all"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "aws_route53_record" "gabrielsimmer-com-mx" {
|
||||||
|
zone_id = aws_route53_zone.gabrielsimmercom.zone_id
|
||||||
|
name = "gabrielsimmer.com"
|
||||||
|
type = "MX"
|
||||||
|
records = ["10 in1-smtp.messagingengine.com", "20 in2-smtp.messagingengine.com"]
|
||||||
|
ttl = 300
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_route53_record" "gabrielsimmer-com-mail-cname" {
|
||||||
|
for_each = {
|
||||||
|
"fm1._domainkey" = "fm1.gabrielsimmer.com.dkim.fmhosted.com"
|
||||||
|
"fm2._domainkey" = "fm2.gabrielsimmer.com.dkim.fmhosted.com"
|
||||||
|
"fm3._domainkey" = "fm3.gabrielsimmer.com.dkim.fmhosted.com"
|
||||||
|
}
|
||||||
|
|
||||||
|
zone_id = aws_route53_zone.gabrielsimmercom.zone_id
|
||||||
|
name = each.key
|
||||||
|
records = [each.value]
|
||||||
|
type = "CNAME"
|
||||||
|
ttl = 300
|
||||||
|
}
|
||||||
|
|
|
@ -2,12 +2,37 @@ resource "aws_route53_zone" "gmemca" {
|
||||||
name = "gmem.ca"
|
name = "gmem.ca"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "aws_route53_record" "fursona" {
|
||||||
|
zone_id = aws_route53_zone.gmemca.zone_id
|
||||||
|
name = "fursona"
|
||||||
|
type = "CNAME"
|
||||||
|
ttl = 300
|
||||||
|
records = ["cname.vercel-dns.com."]
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_route53_record" "atuin" {
|
||||||
|
zone_id = aws_route53_zone.gmemca.zone_id
|
||||||
|
name = "atuin"
|
||||||
|
type = "A"
|
||||||
|
ttl = 3600
|
||||||
|
records = ["100.77.43.133"]
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_route53_record" "n8n" {
|
||||||
|
zone_id = aws_route53_zone.gmemca.zone_id
|
||||||
|
name = "n8n"
|
||||||
|
type = "A"
|
||||||
|
ttl = 3600
|
||||||
|
records = ["100.116.48.47"]
|
||||||
|
}
|
||||||
|
|
||||||
resource "aws_route53_record" "hb" {
|
resource "aws_route53_record" "hb" {
|
||||||
zone_id = aws_route53_zone.gmemca.zone_id
|
zone_id = aws_route53_zone.gmemca.zone_id
|
||||||
name = "hb"
|
name = "hb"
|
||||||
type = "A"
|
type = "A"
|
||||||
ttl = 300
|
ttl = 300
|
||||||
records = ["100.120.232.77"]
|
records = ["100.77.43.133"]
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_route53_record" "freshrss" {
|
resource "aws_route53_record" "freshrss" {
|
||||||
|
@ -15,7 +40,7 @@ resource "aws_route53_record" "freshrss" {
|
||||||
name = "freshrss"
|
name = "freshrss"
|
||||||
type = "A"
|
type = "A"
|
||||||
ttl = 300
|
ttl = 300
|
||||||
records = ["100.120.232.77"]
|
records = ["100.77.43.133"]
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_route53_record" "ntfy" {
|
resource "aws_route53_record" "ntfy" {
|
||||||
|
@ -23,7 +48,7 @@ resource "aws_route53_record" "ntfy" {
|
||||||
name = "ntfy"
|
name = "ntfy"
|
||||||
type = "A"
|
type = "A"
|
||||||
ttl = 300
|
ttl = 300
|
||||||
records = ["100.120.232.77"]
|
records = ["100.77.43.133"]
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_route53_record" "dref" {
|
resource "aws_route53_record" "dref" {
|
||||||
|
@ -31,44 +56,7 @@ resource "aws_route53_record" "dref" {
|
||||||
name = "dref"
|
name = "dref"
|
||||||
type = "A"
|
type = "A"
|
||||||
ttl = 300
|
ttl = 300
|
||||||
records = ["100.120.232.77"]
|
records = ["100.77.43.133"]
|
||||||
}
|
|
||||||
|
|
||||||
resource "aws_route53_record" "api-by-becki" {
|
|
||||||
zone_id = aws_route53_zone.gmemca.zone_id
|
|
||||||
name = "abb"
|
|
||||||
type = "A"
|
|
||||||
ttl = 300
|
|
||||||
records = ["168.119.154.189"]
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "aws_route53_record" "api-by-becki-primary" {
|
|
||||||
zone_id = aws_route53_zone.gmemca.zone_id
|
|
||||||
name = "api-by-becki"
|
|
||||||
type = "A"
|
|
||||||
|
|
||||||
alias {
|
|
||||||
name = aws_cloudfront_distribution.api-by-becki.domain_name
|
|
||||||
zone_id = aws_cloudfront_distribution.api-by-becki.hosted_zone_id
|
|
||||||
evaluate_target_health = false
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "aws_route53_record" "api-by-becki-acm" {
|
|
||||||
for_each = {
|
|
||||||
for dvo in aws_acm_certificate.api-artbybecki-com.domain_validation_options : dvo.domain_name => {
|
|
||||||
name = dvo.resource_record_name
|
|
||||||
record = dvo.resource_record_value
|
|
||||||
type = dvo.resource_record_type
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
allow_overwrite = true
|
|
||||||
name = each.value.name
|
|
||||||
records = [each.value.record]
|
|
||||||
ttl = 60
|
|
||||||
type = each.value.type
|
|
||||||
zone_id = aws_route53_zone.gmemca.zone_id
|
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_route53_record" "gmem-ca-mx" {
|
resource "aws_route53_record" "gmem-ca-mx" {
|
||||||
|
@ -99,3 +87,186 @@ resource "aws_route53_record" "gmem-ca-mail-txt" {
|
||||||
records = ["v=spf1 include:spf.messagingengine.com ?all"]
|
records = ["v=spf1 include:spf.messagingengine.com ?all"]
|
||||||
ttl = 300
|
ttl = 300
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# S3 bucket static site
|
||||||
|
resource "aws_s3_bucket" "gmem-ca-static_site" {
|
||||||
|
bucket = "gmem.ca"
|
||||||
|
|
||||||
|
tags = {
|
||||||
|
Name = "gmem.ca"
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_cloudfront_origin_access_identity" "oai" {
|
||||||
|
comment = "OAI for the static site"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
resource "aws_s3_bucket_policy" "gmem-ca-static_site" {
|
||||||
|
bucket = aws_s3_bucket.gmem-ca-static_site.id
|
||||||
|
policy = jsonencode({
|
||||||
|
Version = "2012-10-17"
|
||||||
|
Statement = [
|
||||||
|
{
|
||||||
|
Sid = "Restrict access to CloudFront OAI"
|
||||||
|
Effect = "Allow"
|
||||||
|
Principal = {
|
||||||
|
AWS = "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ${aws_cloudfront_origin_access_identity.oai.id}"
|
||||||
|
}
|
||||||
|
Action = "s3:GetObject"
|
||||||
|
Resource = "arn:aws:s3:::${aws_s3_bucket.gmem-ca-static_site.bucket}/*"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_s3_bucket_website_configuration" "gmem-ca-static_site" {
|
||||||
|
bucket = aws_s3_bucket.gmem-ca-static_site.id
|
||||||
|
|
||||||
|
index_document {
|
||||||
|
suffix = "index.html"
|
||||||
|
}
|
||||||
|
|
||||||
|
error_document {
|
||||||
|
key = "error.html"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
output "website_endpoint" {
|
||||||
|
value = aws_s3_bucket_website_configuration.gmem-ca-static_site.website_domain
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_acm_certificate" "gmem-ca-cert" {
|
||||||
|
domain_name = aws_route53_zone.gmemca.name
|
||||||
|
validation_method = "DNS"
|
||||||
|
provider = aws.virginia
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_route53_record" "gmem-ca-cert_validation" {
|
||||||
|
for_each = {
|
||||||
|
for dvo in aws_acm_certificate.gmem-ca-cert.domain_validation_options : dvo.domain_name => {
|
||||||
|
name = dvo.resource_record_name
|
||||||
|
record = dvo.resource_record_value
|
||||||
|
type = dvo.resource_record_type
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
name = each.value.name
|
||||||
|
records = [each.value.record]
|
||||||
|
ttl = 60
|
||||||
|
type = each.value.type
|
||||||
|
zone_id = aws_route53_zone.gmemca.zone_id
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_acm_certificate_validation" "gmem-ca-cert" {
|
||||||
|
certificate_arn = aws_acm_certificate.gmem-ca-cert.arn
|
||||||
|
validation_record_fqdns = [for record in aws_route53_record.gmem-ca-cert_validation : record.fqdn]
|
||||||
|
provider = aws.virginia
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_cloudfront_distribution" "gmem-ca-s3_distribution" {
|
||||||
|
origin {
|
||||||
|
domain_name = aws_s3_bucket.gmem-ca-static_site.bucket_regional_domain_name
|
||||||
|
origin_id = "S3-${aws_s3_bucket.gmem-ca-static_site.id}"
|
||||||
|
|
||||||
|
s3_origin_config {
|
||||||
|
origin_access_identity = aws_cloudfront_origin_access_identity.oai.cloudfront_access_identity_path
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
origin {
|
||||||
|
connection_attempts = 3
|
||||||
|
connection_timeout = 10
|
||||||
|
domain_name = "8vs70xammd.execute-api.eu-west-2.amazonaws.com"
|
||||||
|
origin_id = "8vs70xammd.execute-api.eu-west-2.amazonaws.com"
|
||||||
|
|
||||||
|
custom_origin_config {
|
||||||
|
http_port = 80
|
||||||
|
https_port = 443
|
||||||
|
origin_keepalive_timeout = 5
|
||||||
|
origin_protocol_policy = "https-only"
|
||||||
|
origin_read_timeout = 30
|
||||||
|
origin_ssl_protocols = [
|
||||||
|
"TLSv1.2"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
enabled = true
|
||||||
|
is_ipv6_enabled = true
|
||||||
|
comment = "S3 Static Site Distribution for gmem.ca"
|
||||||
|
default_root_object = "index.html"
|
||||||
|
|
||||||
|
aliases = [aws_acm_certificate.gmem-ca-cert.domain_name]
|
||||||
|
|
||||||
|
default_cache_behavior {
|
||||||
|
allowed_methods = ["GET", "HEAD", "OPTIONS"]
|
||||||
|
cached_methods = ["GET", "HEAD", "OPTIONS"]
|
||||||
|
target_origin_id = "S3-${aws_s3_bucket.gmem-ca-static_site.id}"
|
||||||
|
response_headers_policy_id = "60669652-455b-4ae9-85a4-c4c02393f86c"
|
||||||
|
|
||||||
|
forwarded_values {
|
||||||
|
query_string = false
|
||||||
|
|
||||||
|
cookies {
|
||||||
|
forward = "none"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
viewer_protocol_policy = "redirect-to-https"
|
||||||
|
min_ttl = 0
|
||||||
|
default_ttl = 3600
|
||||||
|
max_ttl = 86400
|
||||||
|
}
|
||||||
|
|
||||||
|
ordered_cache_behavior {
|
||||||
|
path_pattern = "/.well-known/webfinger*"
|
||||||
|
allowed_methods = ["GET", "HEAD", "OPTIONS"]
|
||||||
|
cached_methods = ["GET", "HEAD", "OPTIONS"]
|
||||||
|
target_origin_id = "8vs70xammd.execute-api.eu-west-2.amazonaws.com"
|
||||||
|
|
||||||
|
forwarded_values {
|
||||||
|
query_string = true
|
||||||
|
headers = ["Origin", "Accept", "Content-Type"]
|
||||||
|
|
||||||
|
cookies {
|
||||||
|
forward = "all"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
viewer_protocol_policy = "redirect-to-https"
|
||||||
|
min_ttl = 0
|
||||||
|
default_ttl = 3600
|
||||||
|
max_ttl = 86400
|
||||||
|
}
|
||||||
|
|
||||||
|
viewer_certificate {
|
||||||
|
acm_certificate_arn = aws_acm_certificate_validation.gmem-ca-cert.certificate_arn
|
||||||
|
ssl_support_method = "sni-only"
|
||||||
|
minimum_protocol_version = "TLSv1.2_2021"
|
||||||
|
}
|
||||||
|
|
||||||
|
restrictions {
|
||||||
|
geo_restriction {
|
||||||
|
restriction_type = "none"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
tags = {
|
||||||
|
Name = "gmem.ca"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_route53_record" "gmem-ca" {
|
||||||
|
zone_id = aws_route53_zone.gmemca.zone_id
|
||||||
|
name = aws_route53_zone.gmemca.name
|
||||||
|
type = "A"
|
||||||
|
|
||||||
|
alias {
|
||||||
|
name = aws_cloudfront_distribution.gmem-ca-s3_distribution.domain_name
|
||||||
|
zone_id = aws_cloudfront_distribution.gmem-ca-s3_distribution.hosted_zone_id
|
||||||
|
evaluate_target_health = false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue