ee

pythonitalia · Sep 8, 2024 · ec5e252 · ec5e252
1 parent 335ab98
commit ec5e252
Show file tree

Hide file tree

Showing 10 changed files with 133 additions and 87 deletions.
diff --git a/infrastructure/applications/applications.tf b/infrastructure/applications/applications.tf
@@ -54,6 +54,11 @@ module "emails" {
 module "server" {
   source      = "./server"
   ecs_arm_ami = local.ecs_arm_ami
+
+  providers = {
+    aws    = aws
+    aws.us = aws.us
+  }
 }
 
 module "pretix_arm" {

diff --git a/infrastructure/applications/pretix_arm/main.tf b/infrastructure/applications/pretix_arm/main.tf
diff --git a/infrastructure/applications/pretix_arm/task_web.tf b/infrastructure/applications/pretix_arm/task_web.tf
@@ -1,4 +1,6 @@
 locals {
+  domain = local.is_prod ? "tickets.pycon.it" : "${terraform.workspace}-tickets.pycon.it"
+
   env_vars = [
     {
       name  = "VIRTUAL_ENV",
@@ -94,7 +96,7 @@ locals {
     },
     {
       name  = "PRETIX_PRETIX_URL",
-      value = "https://tickets.pycon.it/"
+      value = "https://${local.domain}/"
     },
     {
       name  = "PRETIX_PRETIX_TRUST_X_FORWARDED_PROTO",
@@ -173,8 +175,9 @@ resource "aws_ecs_task_definition" "pretix_web" {
       user             = "pretixuser"
 
       dockerLabels = {
-        "traefik.enable"                    = "true"
-        "traefik.http.routers.pretix-web.rule" = "Host(`tickets.pycon.it`)"
+        "traefik.enable" = "true"
+        "traefik.http.routers.pretix-web.rule" = "Host(`${local.domain}`)"
+        "traefik.http.routers.pretix-web.service" = "pretix-web"
       }
 
       systemControls = [

diff --git a/infrastructure/applications/pycon_backend/cdn.tf b/infrastructure/applications/pycon_backend/cdn.tf
@@ -6,6 +6,13 @@ data "aws_cloudfront_cache_policy" "caching_optimized" {
   name = "Managed-CachingOptimized"
 }
 
+data "aws_acm_certificate" "cert" {
+  domain   = "*.pycon.it"
+  statuses = ["ISSUED"]
+  provider = aws.us
+}
+
+
 resource "aws_cloudfront_distribution" "media_cdn" {
   enabled             = true
   is_ipv6_enabled     = true

diff --git a/infrastructure/applications/pycon_backend/main.tf b/infrastructure/applications/pycon_backend/main.tf
@@ -1,8 +1,8 @@
 locals {
   is_prod           = terraform.workspace == "production"
-  admin_domain = local.is_prod ? "admin.pycon.it" : "${terraform.workspace}-admin.pycon.it"
   db_connection     = var.enable_proxy ? "postgres://${data.aws_db_instance.database.master_username}:${module.common_secrets.value.database_password}@${data.aws_db_proxy.proxy[0].endpoint}:${data.aws_db_instance.database.port}/pycon" : "postgres://${data.aws_db_instance.database.master_username}:${module.common_secrets.value.database_password}@${data.aws_db_instance.database.address}:${data.aws_db_instance.database.port}/pycon"
   cdn_url           = local.is_prod ? "cdn.pycon.it" : "${terraform.workspace}-cdn.pycon.it"
+  web_domain = local.is_prod ? "admin.pycon.it" : "${terraform.workspace}-admin.pycon.it"
 }
 
 data "aws_vpc" "default" {
@@ -44,12 +44,6 @@ data "aws_db_proxy" "proxy" {
   name  = "pythonit-${terraform.workspace}-database-proxy"
 }
 
-data "aws_acm_certificate" "cert" {
-  domain   = "*.pycon.it"
-  statuses = ["ISSUED"]
-  provider = aws.us
-}
-
 data "aws_lambda_function" "forward_host_header" {
   function_name = "forward_host_header"
   provider      = aws.us
@@ -124,79 +118,3 @@ module "lambda" {
     AWS_SES_CONFIGURATION_SET = data.aws_sesv2_configuration_set.main.configuration_set_name
   }
 }
-
-data "aws_instance" "server" {
-  instance_tags = {
-    Name = "pythonit-${terraform.workspace}-server"
-  }
-
-  filter {
-    name   = "instance-state-name"
-    values = ["running"]
-  }
-}
-
-data "aws_cloudfront_origin_request_policy" "all_viewer" {
-  name = "Managed-AllViewer"
-}
-
-data "aws_cloudfront_cache_policy" "caching_disabled" {
-  name = "Managed-CachingDisabled"
-}
-
-resource "aws_cloudfront_distribution" "application" {
-  enabled             = true
-  is_ipv6_enabled     = true
-  comment             = "${terraform.workspace}-${local.application}"
-  wait_for_deployment = false
-  aliases             = [local.admin_domain]
-
-  origin {
-    domain_name = data.aws_instance.server.public_dns
-    origin_id   = "default"
-
-    custom_origin_config {
-      origin_protocol_policy = "http-only"
-      http_port              = "80"
-      https_port             = "443"
-      origin_ssl_protocols   = ["TLSv1"]
-    }
-  }
-
-  viewer_certificate {
-    cloudfront_default_certificate = false
-    minimum_protocol_version       = "TLSv1"
-    ssl_support_method             = "sni-only"
-    acm_certificate_arn            = data.aws_acm_certificate.cert.arn
-  }
-
-  default_cache_behavior {
-    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
-    cached_methods   = ["GET", "HEAD"]
-    target_origin_id = "default"
-
-    cache_policy_id          = data.aws_cloudfront_cache_policy.caching_disabled.id
-    origin_request_policy_id = data.aws_cloudfront_origin_request_policy.all_viewer.id
-
-    viewer_protocol_policy = "redirect-to-https"
-    compress               = true
-  }
-
-  restrictions {
-    geo_restriction {
-      restriction_type = "none"
-    }
-  }
-}
-
-resource "aws_route53_record" "record" {
-  zone_id = data.aws_route53_zone.pycon_zone.zone_id
-  name    = local.admin_domain
-  type    = "A"
-
-  alias {
-    name                   = aws_cloudfront_distribution.application.domain_name
-    zone_id                = aws_cloudfront_distribution.application.hosted_zone_id
-    evaluate_target_health = false
-  }
-}
diff --git a/infrastructure/applications/pycon_backend/task_web.tf b/infrastructure/applications/pycon_backend/task_web.tf
@@ -26,7 +26,7 @@ resource "aws_ecs_task_definition" "backend" {
 
       dockerLabels = {
         "traefik.enable" = "true"
-        "traefik.http.routers.backend-web.rule" = "Host(`${local.admin_domain}`)"
+        "traefik.http.routers.backend-web.rule" = "Host(`${local.web_domain}`)"
       }
 
       environment = local.env_vars

diff --git a/infrastructure/applications/server/cloudfront.tf b/infrastructure/applications/server/cloudfront.tf
@@ -0,0 +1,77 @@
+locals {
+  pycon_web_domain = local.is_prod ? "admin.pycon.it" : "${terraform.workspace}-admin.pycon.it"
+  pretix_web_domain = local.is_prod ? "tickets.pycon.it" : "${terraform.workspace}-tickets.pycon.it"
+}
+
+data "aws_instance" "server" {
+  instance_tags = {
+    Name = "pythonit-${terraform.workspace}-server"
+  }
+
+  filter {
+    name   = "instance-state-name"
+    values = ["running"]
+  }
+}
+
+data "aws_cloudfront_origin_request_policy" "all_viewer" {
+  name = "Managed-AllViewer"
+}
+
+data "aws_cloudfront_cache_policy" "caching_disabled" {
+  name = "Managed-CachingDisabled"
+}
+
+data "aws_acm_certificate" "cert" {
+  domain   = "*.pycon.it"
+  statuses = ["ISSUED"]
+  provider = aws.us
+}
+
+resource "aws_cloudfront_distribution" "application" {
+  enabled             = true
+  is_ipv6_enabled     = true
+  comment             = "${terraform.workspace} server"
+  wait_for_deployment = false
+  aliases             = [
+    local.pycon_web_domain,
+    local.pretix_web_domain
+  ]
+
+  origin {
+    domain_name = data.aws_instance.server.public_dns
+    origin_id   = "default"
+
+    custom_origin_config {
+      origin_protocol_policy = "http-only"
+      http_port              = "80"
+      https_port             = "443"
+      origin_ssl_protocols   = ["TLSv1"]
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = false
+    minimum_protocol_version       = "TLSv1"
+    ssl_support_method             = "sni-only"
+    acm_certificate_arn            = data.aws_acm_certificate.cert.arn
+  }
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = "default"
+
+    cache_policy_id          = data.aws_cloudfront_cache_policy.caching_disabled.id
+    origin_request_policy_id = data.aws_cloudfront_origin_request_policy.all_viewer.id
+
+    viewer_protocol_policy = "redirect-to-https"
+    compress               = true
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "none"
+    }
+  }
+}
diff --git a/infrastructure/applications/server/domains.tf b/infrastructure/applications/server/domains.tf
@@ -0,0 +1,27 @@
+data "aws_route53_zone" "pyconit" {
+  name = "pycon.it"
+}
+
+resource "aws_route53_record" "pycon_web" {
+  zone_id = data.aws_route53_zone.pyconit.zone_id
+  name    = local.pycon_web_domain
+  type    = "A"
+
+  alias {
+    name                   = aws_cloudfront_distribution.application.domain_name
+    zone_id                = aws_cloudfront_distribution.application.hosted_zone_id
+    evaluate_target_health = false
+  }
+}
+
+resource "aws_route53_record" "pretix_web" {
+  zone_id = data.aws_route53_zone.pyconit.zone_id
+  name    = local.pretix_web_domain
+  type    = "A"
+
+  alias {
+    name                   = aws_cloudfront_distribution.application.domain_name
+    zone_id                = aws_cloudfront_distribution.application.hosted_zone_id
+    evaluate_target_health = false
+  }
+}
diff --git a/infrastructure/applications/server/providers.tf b/infrastructure/applications/server/providers.tf
@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    aws = {
+      source                = "hashicorp/aws"
+      configuration_aliases = [aws.us]
+    }
+  }
+}
diff --git a/pretix/settings.py b/pretix/settings.py
@@ -14,4 +14,5 @@
     INSTALLED_APPS.insert(0, "pretix_fattura_elettronica")  # noqa
 
 STORAGES["default"]["BACKEND"] = "storages.backends.s3.S3Storage"
+STORAGES["staticfiles"]["BACKEND"] = "storages.backends.s3.S3Storage"
 AWS_STORAGE_BUCKET_NAME = config.get("pycon", "storage_bucket_name", fallback="")