class BananasServerStack(Stack):
application_name = "BananasServer"
subdomain_name = "binaries"
path_pattern = "/bananas"
nlb_subdomain_name = "content"
def __init__(
self,
scope: Construct,
id: str,
*,
deployment: Deployment,
policy: Policy,
cluster: ICluster,
bucket: Bucket,
**kwargs,
) -> None:
super().__init__(scope, id, **kwargs)
Tags.of(self).add("Application", self.application_name)
Tags.of(self).add("Deployment", deployment.value)
policy.add_stack(self)
if deployment == Deployment.PRODUCTION:
desired_count = 2
priority = 44
memory = 256
github_url = "https://github.com/OpenTTD/BaNaNaS"
content_port = 3978
bootstrap_command = ["--bootstrap-unique-id", "4f474658"]
else:
desired_count = 1
priority = 144
memory = 128
github_url = "https://github.com/OpenTTD/BaNaNaS-staging"
content_port = 4978
bootstrap_command = []
cdn_fqdn = dns.subdomain_to_fqdn("bananas.cdn")
cdn_url = f"http://{cdn_fqdn}"
sentry_dsn = parameter_store.add_secure_string(f"/BananasServer/{deployment.value}/SentryDSN").parameter
reload_secret = parameter_store.add_secure_string(f"/BananasServer/{deployment.value}/ReloadSecret").parameter
command = [
"--storage",
"s3",
"--storage-s3-bucket",
bucket.bucket_name,
"--index",
"github",
"--index-github-url",
github_url,
"--cdn-url",
cdn_url,
"--bind",
"0.0.0.0",
"--content-port",
str(content_port),
"--proxy-protocol",
]
command.extend(bootstrap_command)
self.container = ECSHTTPSContainer(
self,
self.application_name,
subdomain_name=self.subdomain_name,
path_pattern=self.path_pattern,
allow_via_http=True,
deployment=deployment,
policy=policy,
application_name=self.application_name,
image_name="ghcr.io/openttd/bananas-server",
port=80,
memory_limit_mib=memory,
desired_count=desired_count,
cluster=cluster,
priority=priority,
command=command,
environment={
"BANANAS_SERVER_SENTRY_ENVIRONMENT": deployment.value.lower(),
},
secrets={
"BANANAS_SERVER_SENTRY_DSN": Secret.from_ssm_parameter(sentry_dsn),
"BANANAS_SERVER_RELOAD_SECRET": Secret.from_ssm_parameter(reload_secret),
},
)
self.container.add_port(content_port)
nlb.add_nlb(self, self.container.service, Port.tcp(content_port), self.nlb_subdomain_name, "BaNaNaS Server")
self.container.task_role.add_to_policy(
PolicyStatement(
actions=[
"s3:GetObject",
"s3:ListBucket",
],
resources=[
bucket.bucket_arn,
StringConcat().join(bucket.bucket_arn, "/*"),
],
)
)
class BananasApiStack(Stack):
application_name = "BananasApi"
subdomain_name = "api.bananas"
def __init__(
self,
scope: Construct,
id: str,
*,
deployment: Deployment,
policy: Policy,
cluster: ICluster,
bucket: Bucket,
**kwargs,
) -> None:
super().__init__(scope, id, **kwargs)
Tags.of(self).add("Application", self.application_name)
Tags.of(self).add("Deployment", deployment.value)
policy.add_stack(self)
if deployment == Deployment.PRODUCTION:
desired_count = 1 # Currently this pod is stateful, and as such cannot be run more than once
tus_priority = 40
priority = 42
memory = 256
github_url = "[email protected]:OpenTTD/BaNaNaS.git"
client_file = "clients-production.yaml"
else:
desired_count = 1
tus_priority = 140
priority = 142
memory = 96
github_url = "[email protected]:OpenTTD/BaNaNaS-staging.git"
client_file = "clients-staging.yaml"
sentry_dsn = parameter_store.add_secure_string(f"/BananasApi/{deployment.value}/SentryDSN").parameter
user_github_client_id = parameter_store.add_secure_string(f"/BananasApi/{deployment.value}/UserGithubClientId").parameter
user_github_client_secret = parameter_store.add_secure_string(f"/BananasApi/{deployment.value}/UserGithubClientSecret").parameter
index_github_private_key = parameter_store.add_secure_string(f"/BananasApi/{deployment.value}/IndexGithubPrivateKey").parameter
reload_secret = parameter_store.add_secure_string(f"/BananasApi/{deployment.value}/ReloadSecret").parameter
self.container = ECSHTTPSContainer(
self,
self.application_name,
subdomain_name=self.subdomain_name,
deployment=deployment,
policy=policy,
application_name=self.application_name,
image_name="ghcr.io/openttd/bananas-api",
port=80,
memory_limit_mib=memory,
desired_count=desired_count,
cluster=cluster,
priority=priority,
command=[
"--storage",
"s3",
"--storage-s3-bucket",
bucket.bucket_name,
"--index",
"github",
"--index-github-url",
github_url,
"--client-file",
client_file,
"--user",
"github",
"--bind",
"0.0.0.0",
"--behind-proxy",
],
environment={
"BANANAS_API_SENTRY_ENVIRONMENT": deployment.value.lower(),
},
secrets={
"BANANAS_API_SENTRY_DSN": Secret.from_ssm_parameter(sentry_dsn),
"BANANAS_API_USER_GITHUB_CLIENT_ID": Secret.from_ssm_parameter(user_github_client_id),
"BANANAS_API_USER_GITHUB_CLIENT_SECRET": Secret.from_ssm_parameter(user_github_client_secret),
"BANANAS_API_INDEX_GITHUB_PRIVATE_KEY": Secret.from_ssm_parameter(index_github_private_key),
"BANANAS_API_RELOAD_SECRET": Secret.from_ssm_parameter(reload_secret),
},
)
self.container.add_port(1080)
self.container.add_target(
subdomain_name=self.subdomain_name,
port=1080,
priority=tus_priority,
path_pattern="/new-package/tus/*",
)
self.container.task_role.add_to_policy(
PolicyStatement(
actions=[
"s3:PutObject",
"s3:PutObjectAcl",
],
resources=[
StringConcat().join(bucket.bucket_arn, "/*"),
],
)
)