kaansoral · NexusNull · Oct 28, 2023 · Oct 28, 2023 · Oct 28, 2023 · Oct 28, 2023
diff --git a/.github/workflows/setup_servers.yml b/.github/workflows/setup_servers.yml
@@ -0,0 +1,47 @@
+name: Deploy Infrastructure and Run Ansible
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  deploy:
+    concurrency: staging_environment
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Set up Terraform
+        uses: hashicorp/[email protected]
+        with:
+          terraform_version: 1.1.0 # You can specify the version you want to use
+
+      - uses: terraform-cache/terraform-cache@v1
+
+      - name: Initialize Terraform
+        working-directory: ./cicd/infra
+        run: terraform init
+        env:
+          TF_HTTP_ADDRESS: ${{ secrets.TF_HTTP_ADDRESS }}
+          TF_HTTP_USERNAME: ${{ secrets.TF_HTTP_USERNAME }}
+          TF_HTTP_PASSWORD: ${{ secrets.TF_HTTP_PASSWORD }}
+
+      - name: Terraform Apply
+        working-directory: ./cicd/infra
+        run: terraform apply -auto-approve -input=false
+        env:
+          TF_VAR_hcloud_token: ${{ secrets.hcloud_token }}
+          TF_VAR_base_url: ${{ secrets.TF_VAR_base_url }}
+          TF_HTTP_ADDRESS: ${{ secrets.TF_HTTP_ADDRESS }}
+          TF_HTTP_USERNAME: ${{ secrets.TF_HTTP_USERNAME }}
+          TF_HTTP_PASSWORD: ${{ secrets.TF_HTTP_PASSWORD }}
+
+      - name: Run Ansible Playbook
+        uses: dawidd6/action-ansible-playbook@v2
+        with:
+          playbook: ./cicd/setup/playbook.yml
+          key: ${{ secrets.HETZNER_PRIVATE_KEY }}
+          options: |
+            --inventory ./cicd/setup/inventory.yml
diff --git a/.gitignore b/.gitignore
@@ -14,3 +14,12 @@
 # System Files
 .DS_Store
 Thumbs.db
+# Terraform secrets
+*.tfvars
+.terraform
+.terraform.lock.hcl
+*.tfstate
+*.tfstate.backup
+**/.terraform
+# Editor files
+.idea
diff --git a/.vscode/extensions.json b/.vscode/extensions.json
@@ -1,3 +1,3 @@
 {
   "recommendations": ["dbaeumer.vscode-eslint", "esbenp.prettier-vscode"]
-}
+}
diff --git a/api.py b/api.py
@@ -5,7 +5,7 @@ def signup_or_login_api(**args):
 	#time.sleep(10)
 	self,domain,email,password,only_login,only_signup,mobile=gdmuld(args,"self","domain","email","password","only_login","only_signup","mobile")
 	logging.info("Signup or Login")
-	
+
 	try: email=purify_email(email)
 	except: return jhtmle(self,"Invalid Email")
 
@@ -20,7 +20,7 @@ def signup_or_login_api(**args):
 		if msince(existing.last_online)>15 and msince(gf(existing,"last_auth",really_old))>15: pass # [15/05/22]
 		else: jhtmle(self,"Can't login while inside the bank"); return
 	if not domain.electron and not only_login and not domain.is_sdk: jhtmle(self,"Can't signup on web"); return
-	
+
 	if existing and not only_signup:
 		if existing.password==hash_password(password,gf(existing,"salt","5")):
 			def login_transaction():
@@ -48,7 +48,7 @@ def login_transaction():
 	if not email: return jhtmle(self,"No Email Entered")
 
 	if only_login: return jhtmle(self,"Email Not Found In Records")
-	
+
 	signupth=get_signupth()
 	ip=get_ip_info(self)
 	referrer=get_referrer(self,ip)
@@ -79,7 +79,7 @@ def signup_transaction():
 	user=ndb.transaction(signup_transaction,xg=True,retries=12)
 
 	if not user: return jhtmle(self,"Signup Failed")
-	
+
 	user,auth=user
 	set_cookie(self,"auth","%s-%s"%(user.k(),auth))
 	send_verification_email(domain,user)
@@ -227,12 +227,12 @@ def servers_and_characters_api(**args):
 
 	characters_data=get_characters(user)
 	characters=characters_to_client(characters_data)
-	
+
 	servers_data=get_servers()
 	servers=servers_to_client(domain,servers_data)
 
 	mail=gf(user_data,"mail",0)
-	
+
 	logging.info("servers_and_characters")
 	jhtml(self,[{"type":"servers_and_characters","servers":servers,"characters":characters,"tutorial":data_to_tutorial(user_data),"code_list":gf(user_data,"code_list",{}),"mail":mail,"rewards":gf(user,"rewards",[])}])
 
@@ -379,7 +379,7 @@ def load_map_api(**args):
 def load_article_api(**args):
 	#logging.info(col)
 	self,domain,user,name,func,tutorial,guide,url=gdmuld(args,"self","domain","user","name","func","tutorial","guide","url")
-	if tutorial: jjson(self,{"type":"article","html":shtml("docs/tutorial/%s.html"%name),"tutorial":tutorial,"url":url}) 
+	if tutorial: jjson(self,{"type":"article","html":shtml("docs/tutorial/%s.html"%name),"tutorial":tutorial,"url":url})
 	elif guide:
 		from docs.directory import docs
 		col=[]; prev=None; next=None; found=False
@@ -401,9 +401,9 @@ def traverse(entry):
 				break
 			prev=col[i]
 		#logging.info([prev,next])
-		try: jjson(self,{"type":"article","html":shtml("docs/guide/%s.html"%name),"guide":guide,"url":url,"prev":found and prev,"next":found and next}) 
+		try: jjson(self,{"type":"article","html":shtml("docs/guide/%s.html"%name),"guide":guide,"url":url,"prev":found and prev,"next":found and next})
 		except: jjson(self,{"type":"article","html":shtml("docs/articles/%s.html"%name),"url":url,"prev":found and prev,"next":found and next})
-	elif func: jjson(self,{"type":"article","html":shtml("docs/functions/%s.html"%name),"func":name,"url":url}) 
+	elif func: jjson(self,{"type":"article","html":shtml("docs/functions/%s.html"%name),"func":name,"url":url})
 	else: jjson(self,{"type":"article","html":shtml("docs/articles/%s.html"%name),"url":url})
 	jhtml(self)
 
@@ -577,7 +577,7 @@ def rename_character_api(**args):
 	if character.owner!=user.k(): return jhtmle(self,"You don't own that character.")
 	if is_in_game(character): return jhtmle(self,"Character is in game.")
 	if hsince(gf(character,"last_rename",really_old))<32: return jhtmle(self,"You can rename once every 32 hours!")
-	
+
 	if not nname or not is_name_xallowed(nname): return jhtmle(self,"Invalid name")
 	if get_character(nname,phrase_check=True): return jhtmle(self,"%s is used"%nname)
 
@@ -591,7 +591,7 @@ def rename_character_api(**args):
 	else:
 		if not gf(character,"last_rename",None) and (character.level<60 or hsince(character.created)<72): price=0
 		price=640
-		
+
 	if user.cash<price: return jhtmle(self,"Not enough shells")
 
 	def rename_character_transaction():
@@ -800,7 +800,7 @@ def is_first_api(**args):
 	self,domain,user,server,auth_id=gdmuld(args,"self","domain","user","server","auth_id")
 	if not server: jhtml(self,{"failed":1,"reason":"noserver"}); return
 	if not user: jhtml(self,{"failed":1,"reason":"nouser"}); return
-	
+
 	def first_transaction():
 		markedphrase=get_by_iid("markedphrase|%s"%dgt("auth",auth_id))
 		if markedphrase: return False
@@ -1083,7 +1083,7 @@ def pull_messages_api(**args):
 def log_chat_api(**args):
 	self,domain,server,fro,to,type,message,author=gdmuld(args,"self","domain","server","fro","to","type","message","author")
 	if not server: return jhtml(self,{"failed":1,"reason":"noserver"})
-	
+
 	if type=="server":
 		Message(owner="~%s"%server.k(),author=author,fro=fro,type="server",info=cGG(message=message),server=server.k()).put()
 		Message(owner="~global",author=author,fro=fro,type="server",info=cGG(message=message),server=server.k()).put()
@@ -1735,4 +1735,4 @@ def post(self):
 
 application = webapp.WSGIApplication([
 	('/api.*',APICall),
-    ],debug=is_sdk)
+    ],debug=is_sdk)
diff --git a/cicd/infra/main.tf b/cicd/infra/main.tf
@@ -0,0 +1,65 @@
+module "master" {
+  name         = "master"
+  source       = "./modules/al_server"
+  datacenter   = "nbg1-dc3"
+  hcloud_token = var.hcloud_token
+  ssh_keys     = data.hcloud_ssh_keys.admin.ssh_keys.*.name
+  master = {
+    enabled = true
+  }
+}
+
+module "eu_1_server" {
+  name         = "EU-I"
+  source       = "./modules/al_server"
+  datacenter   = "nbg1-dc3"
+  hcloud_token = var.hcloud_token
+  ssh_keys     = data.hcloud_ssh_keys.admin.ssh_keys.*.name
+  server = {
+    enabled = true
+    region  = "EU"
+    name    = "I"
+  }
+}
+
+module "us_1_server" {
+  name         = "US-I"
+  source       = "./modules/al_server"
+  datacenter   = "hil-dc1"
+  hcloud_token = var.hcloud_token
+  ssh_keys     = data.hcloud_ssh_keys.admin.ssh_keys.*.name
+  server = {
+    enabled = true
+    region  = "US"
+    name    = "I"
+  }
+}
+
+data "hcloud_ssh_keys" "admin" {
+  with_selector = "role=admin"
+}
+
+resource "local_file" "inventory" {
+  content  = templatefile("./templates/inventory.tpl", {
+    base_url = local.secrets.base_url
+    keyword = local.secrets.keyword
+    master = local.secrets.master
+    bot_key = local.secrets.bot_key
+    master_server = module.master
+    game_servers = local.servers
+  })
+  filename = "../setup/inventory.yml"
+}
+
+locals {
+  secrets = {
+    base_url      = var.base_url
+    keyword       = random_password.keyword.result
+    master        = random_password.master.result
+    bot_key       = random_password.bot_key.result
+  }
+  servers = [
+    module.us_1_server.details,
+    module.eu_1_server.details,
+  ]
+}
diff --git a/cicd/infra/modules/al_server/main.tf b/cicd/infra/modules/al_server/main.tf
@@ -0,0 +1,44 @@
+resource "hcloud_server" "server" {
+  name        = var.name
+  image       = "debian-11"
+  server_type = "cpx21"
+  datacenter  = var.datacenter
+  ssh_keys    = var.ssh_keys
+  public_net {
+    ipv4         = hcloud_primary_ip.ip.id
+    ipv6_enabled = false
+  }
+}
+
+resource "hcloud_primary_ip" "ip" {
+  name              = "${var.name}-ip"
+  type              = "ipv4"
+  datacenter        = var.datacenter
+  assignee_type     = "server"
+  auto_delete       = false
+  delete_protection = true
+}
+
+resource "hcloud_volume_attachment" "main" {
+  count     = var.master.enabled ? 1 : 0
+  volume_id = hcloud_volume.storage[0].id
+  server_id = hcloud_server.server.id
+  automount = true
+}
+
+
+resource "hcloud_volume" "storage" {
+  count             = var.master.enabled ? 1 : 0
+  name              = "${var.name}-storage"
+  size              = 40
+  format            = "ext4"
+  delete_protection = true
+}
+
+output "details" {
+  value = {
+    ip: hcloud_primary_ip.ip.ip_address
+    name: var.server.name
+    region: var.server.region
+  }
+}
diff --git a/cicd/infra/modules/al_server/providers.tf b/cicd/infra/modules/al_server/providers.tf
@@ -0,0 +1,28 @@
+terraform {
+  required_providers {
+    tls = {
+      source  = "hashicorp/tls"
+      version = "4.0.4"
+    }
+    ssh = {
+      source  = "loafoe/ssh"
+      version = "2.3.0"
+    }
+    hcloud = {
+      source  = "hetznercloud/hcloud"
+      version = "1.38.2"
+    }
+    cloudinit = {
+      source  = "hashicorp/cloudinit"
+      version = "2.2.0"
+    }
+    template = {
+      source  = "hashicorp/template"
+      version = "2.2.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "3.5.1"
+    }
+  }
+}
diff --git a/cicd/infra/modules/al_server/variables.tf b/cicd/infra/modules/al_server/variables.tf
@@ -0,0 +1,38 @@
+variable "hcloud_token" {
+  sensitive = true
+}
+
+variable "datacenter" {
+  type    = string
+  default = "nbg1-dc3"
+}
+
+variable "ssh_keys" {
+  type = list(string)
+}
+
+variable "name" {
+  type = string
+}
+
+variable "master" {
+  type = object({
+    enabled = bool
+  })
+  default = {
+    enabled = false
+  }
+}
+
+variable "server" {
+  type = object({
+    enabled = bool
+    region  = string
+    name    = string
+  })
+  default = {
+    enabled = false
+    region  = "Undefined"
+    name    = "Undefined"
+  }
+}