class BananasServerStack(Stack): application_name = "BananasServer" subdomain_name = "binaries" path_pattern = "/bananas" nlb_subdomain_name = "content" def __init__( self, scope: Construct, id: str, *, deployment: Deployment, policy: Policy, cluster: ICluster, bucket: Bucket, **kwargs, ) -> None: super().__init__(scope, id, **kwargs) Tags.of(self).add("Application", self.application_name) Tags.of(self).add("Deployment", deployment.value) policy.add_stack(self) if deployment == Deployment.PRODUCTION: desired_count = 2 priority = 44 memory = 256 github_url = "https://github.com/OpenTTD/BaNaNaS" content_port = 3978 bootstrap_command = ["--bootstrap-unique-id", "4f474658"] else: desired_count = 1 priority = 144 memory = 128 github_url = "https://github.com/OpenTTD/BaNaNaS-staging" content_port = 4978 bootstrap_command = [] cdn_fqdn = dns.subdomain_to_fqdn("bananas.cdn") cdn_url = f"http://{cdn_fqdn}" sentry_dsn = parameter_store.add_secure_string(f"/BananasServer/{deployment.value}/SentryDSN").parameter reload_secret = parameter_store.add_secure_string(f"/BananasServer/{deployment.value}/ReloadSecret").parameter command = [ "--storage", "s3", "--storage-s3-bucket", bucket.bucket_name, "--index", "github", "--index-github-url", github_url, "--cdn-url", cdn_url, "--bind", "0.0.0.0", "--content-port", str(content_port), "--proxy-protocol", ] command.extend(bootstrap_command) self.container = ECSHTTPSContainer( self, self.application_name, subdomain_name=self.subdomain_name, path_pattern=self.path_pattern, allow_via_http=True, deployment=deployment, policy=policy, application_name=self.application_name, image_name="ghcr.io/openttd/bananas-server", port=80, memory_limit_mib=memory, desired_count=desired_count, cluster=cluster, priority=priority, command=command, environment={ "BANANAS_SERVER_SENTRY_ENVIRONMENT": deployment.value.lower(), }, secrets={ "BANANAS_SERVER_SENTRY_DSN": Secret.from_ssm_parameter(sentry_dsn), "BANANAS_SERVER_RELOAD_SECRET": Secret.from_ssm_parameter(reload_secret), }, ) self.container.add_port(content_port) nlb.add_nlb(self, self.container.service, Port.tcp(content_port), self.nlb_subdomain_name, "BaNaNaS Server") self.container.task_role.add_to_policy( PolicyStatement( actions=[ "s3:GetObject", "s3:ListBucket", ], resources=[ bucket.bucket_arn, StringConcat().join(bucket.bucket_arn, "/*"), ], ) )
class BananasApiStack(Stack): application_name = "BananasApi" subdomain_name = "api.bananas" def __init__( self, scope: Construct, id: str, *, deployment: Deployment, policy: Policy, cluster: ICluster, bucket: Bucket, **kwargs, ) -> None: super().__init__(scope, id, **kwargs) Tags.of(self).add("Application", self.application_name) Tags.of(self).add("Deployment", deployment.value) policy.add_stack(self) if deployment == Deployment.PRODUCTION: desired_count = 1 # Currently this pod is stateful, and as such cannot be run more than once tus_priority = 40 priority = 42 memory = 256 github_url = "[email protected]:OpenTTD/BaNaNaS.git" client_file = "clients-production.yaml" else: desired_count = 1 tus_priority = 140 priority = 142 memory = 96 github_url = "[email protected]:OpenTTD/BaNaNaS-staging.git" client_file = "clients-staging.yaml" sentry_dsn = parameter_store.add_secure_string(f"/BananasApi/{deployment.value}/SentryDSN").parameter user_github_client_id = parameter_store.add_secure_string(f"/BananasApi/{deployment.value}/UserGithubClientId").parameter user_github_client_secret = parameter_store.add_secure_string(f"/BananasApi/{deployment.value}/UserGithubClientSecret").parameter index_github_private_key = parameter_store.add_secure_string(f"/BananasApi/{deployment.value}/IndexGithubPrivateKey").parameter reload_secret = parameter_store.add_secure_string(f"/BananasApi/{deployment.value}/ReloadSecret").parameter self.container = ECSHTTPSContainer( self, self.application_name, subdomain_name=self.subdomain_name, deployment=deployment, policy=policy, application_name=self.application_name, image_name="ghcr.io/openttd/bananas-api", port=80, memory_limit_mib=memory, desired_count=desired_count, cluster=cluster, priority=priority, command=[ "--storage", "s3", "--storage-s3-bucket", bucket.bucket_name, "--index", "github", "--index-github-url", github_url, "--client-file", client_file, "--user", "github", "--bind", "0.0.0.0", "--behind-proxy", ], environment={ "BANANAS_API_SENTRY_ENVIRONMENT": deployment.value.lower(), }, secrets={ "BANANAS_API_SENTRY_DSN": Secret.from_ssm_parameter(sentry_dsn), "BANANAS_API_USER_GITHUB_CLIENT_ID": Secret.from_ssm_parameter(user_github_client_id), "BANANAS_API_USER_GITHUB_CLIENT_SECRET": Secret.from_ssm_parameter(user_github_client_secret), "BANANAS_API_INDEX_GITHUB_PRIVATE_KEY": Secret.from_ssm_parameter(index_github_private_key), "BANANAS_API_RELOAD_SECRET": Secret.from_ssm_parameter(reload_secret), }, ) self.container.add_port(1080) self.container.add_target( subdomain_name=self.subdomain_name, port=1080, priority=tus_priority, path_pattern="/new-package/tus/*", ) self.container.task_role.add_to_policy( PolicyStatement( actions=[ "s3:PutObject", "s3:PutObjectAcl", ], resources=[ StringConcat().join(bucket.bucket_arn, "/*"), ], ) )