├── terraform-stack ├── mastodon_setup.sh ├── redis_setup.tftpl ├── provider.tf ├── postgres.tf ├── nfs.tf ├── mastodon.tf ├── redis.tf ├── object_storage.tf ├── network.tf ├── netsec.tf ├── variables.tf └── schema.yaml ├── README.md ├── ansible-scripts ├── hosts.yaml ├── mount-fs.yaml └── mastodon.yaml ├── .gitignore └── LICENSE /terraform-stack/mastodon_setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 80 -j ACCEPT 3 | sudo iptables -I INPUT 7 -m state --state NEW -p tcp --dport 443 -j ACCEPT 4 | sudo netfilter-persistent save -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # OCI Cloud Operations Professional 2 | 3 | This repository contains the code that was developed during the [OCI Cloud Operations Professional course](https://mylearn.oracle.com/ou/course/oracle-cloud-infrastructure-operations-professional/122066/) on Oracle University. It is intended for educational purposes only. 4 | -------------------------------------------------------------------------------- /terraform-stack/redis_setup.tftpl: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | sudo sed -i 's/^bind 127.0.0.1/bind 0.0.0.0/g' /etc/redis/redis.conf 4 | sudo sed -i 's/^# requirepass foobared/requirepass ${ redis_password }/g' /etc/redis/redis.conf 5 | sudo systemctl restart redis-server 6 | 7 | sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 6379 -j ACCEPT 8 | sudo netfilter-persistent save -------------------------------------------------------------------------------- /terraform-stack/provider.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved. 2 | # 3 | # This software is dual-licensed to you under the Universal Permissive License 4 | # (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 5 | # 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose 6 | # either license. 7 | 8 | terraform { 9 | required_version = "~> 1.2.0" 10 | required_providers { 11 | oci = { 12 | source = "oracle/oci" 13 | version = "~> 4.111.0" 14 | } 15 | } 16 | } 17 | 18 | provider "oci" { 19 | region = var.region 20 | } -------------------------------------------------------------------------------- /ansible-scripts/hosts.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved. 2 | # 3 | # This software is dual-licensed to you under the Universal Permissive License 4 | # (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 5 | # 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose 6 | # either license. 7 | 8 | all: 9 | children: 10 | mastodon: 11 | hosts: 12 | mastodon.app.mastodon.oraclevcn.com: 13 | redis: 14 | hosts: 15 | redis.data.mastodon.oraclevcn.com: 16 | postgres: 17 | hosts: 18 | postgres.data.mastodon.oraclevcn.com: 19 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Local .terraform directories 2 | **/.terraform/* 3 | 4 | # .tfstate files 5 | *.tfstate 6 | *.tfstate.* 7 | 8 | # Crash log files 9 | crash.log 10 | crash.*.log 11 | 12 | # Exclude all .tfvars files, which are likely to contain sensitive data, such as 13 | # password, private keys, and other secrets. These should not be part of version 14 | # control as they are data points which are potentially sensitive and subject 15 | # to change depending on the environment. 16 | *.tfvars 17 | *.tfvars.json 18 | 19 | # Ignore override files as they are usually used to override resources locally and so 20 | # are not checked in 21 | override.tf 22 | override.tf.json 23 | *_override.tf 24 | *_override.tf.json 25 | 26 | # Include override files you do wish to add to version control using negated pattern 27 | # !example_override.tf 28 | 29 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan 30 | # example: *tfplan* 31 | 32 | # Ignore CLI configuration files 33 | .terraformrc 34 | terraform.rc 35 | 36 | # Mac files 37 | .DS_Store 38 | -------------------------------------------------------------------------------- /ansible-scripts/mount-fs.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved. 2 | # 3 | # This software is dual-licensed to you under the Universal Permissive License 4 | # (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 5 | # 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose 6 | # either license. 7 | 8 | --- 9 | - name: Mount File Storage on all hosts 10 | hosts: all 11 | 12 | vars: 13 | file_storage_host: files.data.mastodon.oraclevcn.com 14 | export_path: /assets 15 | target_dir: /mnt/assets 16 | 17 | tasks: 18 | - name: Ensure nfs-common is installed 19 | ansible.builtin.apt: 20 | name: nfs-common 21 | become: true 22 | 23 | - name: Create directory to mount to 24 | ansible.builtin.file: 25 | path: '{{ target_dir }}' 26 | state: directory 27 | mode: u=rwx,g=rwx,o=rwx 28 | become: true 29 | 30 | - name: Mount file system 31 | ansible.posix.mount: 32 | path: '{{ target_dir }}' 33 | src: '{{ file_storage_host }}:{{ export_path }}' 34 | opts: defaults,nofail,nosuid,resvport 35 | fstype: nfs 36 | state: mounted 37 | become: true 38 | 39 | ... 40 | -------------------------------------------------------------------------------- /terraform-stack/postgres.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved. 2 | # 3 | # This software is dual-licensed to you under the Universal Permissive License 4 | # (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 5 | # 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose 6 | # either license. 7 | 8 | resource "oci_core_instance" "postgres_instance" { 9 | compartment_id = var.compartment_id 10 | availability_domain = var.postgres_availability_domain 11 | create_vnic_details { 12 | subnet_id = oci_core_subnet.mastodon_private_subnet.id 13 | hostname_label = var.postgres_instance_hostname 14 | nsg_ids = [ 15 | oci_core_network_security_group.postgres_nsg.id, 16 | oci_core_network_security_group.file_storage_nsg.id 17 | ] 18 | assign_public_ip = false 19 | } 20 | shape = var.postgres_instance_shape 21 | shape_config { 22 | ocpus = var.postgres_instance_ocpus 23 | memory_in_gbs = var.postgres_instance_memory_in_gbs 24 | } 25 | source_details { 26 | source_type = "image" 27 | source_id = var.postgres_instance_image_id 28 | } 29 | display_name = var.postgres_instance_display_name 30 | metadata = { 31 | ssh_authorized_keys = var.postgres_instance_ssh_keys 32 | } 33 | } -------------------------------------------------------------------------------- /terraform-stack/nfs.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved. 2 | # 3 | # This software is dual-licensed to you under the Universal Permissive License 4 | # (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 5 | # 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose 6 | # either license. 7 | 8 | resource "oci_file_storage_file_system" "mastodon_file_system" { 9 | compartment_id = var.compartment_id 10 | availability_domain = var.file_system_availability_domain 11 | display_name = var.file_system_display_name 12 | } 13 | resource "oci_file_storage_mount_target" "mastodon_mount_target" { 14 | compartment_id = var.compartment_id 15 | availability_domain = var.file_system_availability_domain 16 | 17 | subnet_id = oci_core_subnet.mastodon_private_subnet.id 18 | nsg_ids = [ 19 | oci_core_network_security_group.file_storage_nsg.id 20 | ] 21 | 22 | display_name = var.mount_target_display_name 23 | hostname_label = var.mount_target_hostname 24 | } 25 | resource "oci_file_storage_export" "mastodon_file_storage_export" { 26 | file_system_id = oci_file_storage_file_system.mastodon_file_system.id 27 | export_set_id = oci_file_storage_mount_target.mastodon_mount_target.export_set_id 28 | path = var.file_storage_export_path 29 | } -------------------------------------------------------------------------------- /terraform-stack/mastodon.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved. 2 | # 3 | # This software is dual-licensed to you under the Universal Permissive License 4 | # (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 5 | # 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose 6 | # either license. 7 | 8 | resource "oci_core_instance" "mastodon_instance" { 9 | compartment_id = var.compartment_id 10 | availability_domain = var.mastodon_availability_domain 11 | create_vnic_details { 12 | subnet_id = oci_core_subnet.mastodon_public_subnet.id 13 | hostname_label = var.mastodon_instance_hostname 14 | nsg_ids = [ 15 | oci_core_network_security_group.rails_nsg.id, 16 | oci_core_network_security_group.file_storage_nsg.id 17 | ] 18 | assign_public_ip = true 19 | } 20 | shape = var.mastodon_instance_shape 21 | shape_config { 22 | ocpus = var.mastodon_instance_ocpus 23 | memory_in_gbs = var.mastodon_instance_memory_in_gbs 24 | } 25 | source_details { 26 | source_type = "image" 27 | source_id = var.mastodon_instance_image_id 28 | } 29 | display_name = var.mastodon_instance_display_name 30 | metadata = { 31 | ssh_authorized_keys = var.mastodon_instance_ssh_keys 32 | user_data = data.cloudinit_config.mastodon_init.rendered 33 | } 34 | } 35 | 36 | data "cloudinit_config" "mastodon_init" { 37 | gzip = true 38 | base64_encode = true 39 | part { 40 | content_type = "text/x-shellscript" 41 | content = file("mastodon_setup.sh") 42 | filename = "mastodon_setup.sh" 43 | } 44 | } -------------------------------------------------------------------------------- /terraform-stack/redis.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved. 2 | # 3 | # This software is dual-licensed to you under the Universal Permissive License 4 | # (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 5 | # 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose 6 | # either license. 7 | 8 | resource "oci_core_instance" "redis_instance" { 9 | compartment_id = var.compartment_id 10 | availability_domain = var.redis_availability_domain 11 | create_vnic_details { 12 | subnet_id = oci_core_subnet.mastodon_private_subnet.id 13 | hostname_label = var.redis_instance_hostname 14 | nsg_ids = [ 15 | oci_core_network_security_group.redis_nsg.id, 16 | oci_core_network_security_group.file_storage_nsg.id 17 | ] 18 | assign_public_ip = false 19 | } 20 | shape = var.redis_instance_shape 21 | shape_config { 22 | ocpus = var.redis_instance_ocpus 23 | memory_in_gbs = var.redis_instance_memory_in_gbs 24 | } 25 | source_details { 26 | source_type = "image" 27 | source_id = var.redis_instance_image_id 28 | } 29 | display_name = var.redis_instance_display_name 30 | metadata = { 31 | ssh_authorized_keys = var.redis_instance_ssh_keys 32 | user_data = data.cloudinit_config.redis_init.rendered 33 | } 34 | } 35 | 36 | data "cloudinit_config" "redis_init" { 37 | gzip = true 38 | base64_encode = true 39 | part { 40 | content_type = "text/x-shellscript" 41 | content = templatefile("redis_setup.tftpl", { 42 | redis_password = var.redis_password 43 | }) 44 | filename = "redis_setup.tftpl" 45 | } 46 | } -------------------------------------------------------------------------------- /terraform-stack/object_storage.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved. 2 | # 3 | # This software is dual-licensed to you under the Universal Permissive License 4 | # (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 5 | # 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose 6 | # either license. 7 | 8 | # Buckets 9 | resource "oci_objectstorage_bucket" "mastodon_bucket" { 10 | compartment_id = var.compartment_id 11 | namespace = var.object_storage_namespace 12 | name = var.mastodon_bucket_name 13 | access_type = "NoPublicAccess" 14 | versioning = "Enabled" 15 | } 16 | resource "oci_objectstorage_bucket" "postgres_bucket" { 17 | compartment_id = var.compartment_id 18 | namespace = var.object_storage_namespace 19 | name = var.postgres_bucket_name 20 | access_type = "NoPublicAccess" 21 | versioning = "Enabled" 22 | } 23 | 24 | # Life Cycle Policies 25 | resource "oci_objectstorage_object_lifecycle_policy" "mastodon_bucket_lifecycle_policy" { 26 | namespace = var.object_storage_namespace 27 | bucket = oci_objectstorage_bucket.mastodon_bucket.name 28 | 29 | rules { 30 | name = "MastodonAutoInfrequentAccess" 31 | target = "objects" 32 | action = "INFREQUENT_ACCESS" 33 | time_unit = "DAYS" 34 | time_amount = var.mastodon_bucket_infrequent_access_days 35 | is_enabled = var.mastodon_bucket_infrequent_access_enabled 36 | } 37 | } 38 | resource "oci_objectstorage_object_lifecycle_policy" "postgres_bucket_lifecycle_policy" { 39 | namespace = var.object_storage_namespace 40 | bucket = oci_objectstorage_bucket.postgres_bucket.name 41 | rules { 42 | name = "PostgresAutoArchive" 43 | target = "previous-object-versions" 44 | action = "ARCHIVE" 45 | time_unit = "DAYS" 46 | time_amount = var.postgres_bucket_archive_days 47 | is_enabled = var.postgres_bucket_archive_enabled 48 | } 49 | rules { 50 | name = "PostgresAutoDelete" 51 | target = "previous-object-versions" 52 | action = "DELETE" 53 | time_unit = "YEARS" 54 | time_amount = var.postgres_bucket_delete_years 55 | is_enabled = var.postgres_bucket_delete_enabled 56 | } 57 | } -------------------------------------------------------------------------------- /terraform-stack/network.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved. 2 | # 3 | # This software is dual-licensed to you under the Universal Permissive License 4 | # (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 5 | # 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose 6 | # either license. 7 | 8 | # VCN 9 | resource "oci_core_vcn" "mastodon_vcn" { 10 | compartment_id = var.compartment_id 11 | cidr_blocks = var.vcn_cidr_blocks 12 | display_name = var.vcn_display_name 13 | dns_label = var.vcn_dns_label 14 | } 15 | 16 | # Gateways 17 | resource "oci_core_internet_gateway" "mastodon_internet_gateway" { 18 | compartment_id = var.compartment_id 19 | vcn_id = oci_core_vcn.mastodon_vcn.id 20 | display_name = var.internet_gateway_display_name 21 | } 22 | resource "oci_core_service_gateway" "mastodon_service_gateway" { 23 | compartment_id = var.compartment_id 24 | vcn_id = oci_core_vcn.mastodon_vcn.id 25 | display_name = var.service_gateway_display_name 26 | services { 27 | service_id = var.all_services_id 28 | } 29 | } 30 | resource "oci_core_nat_gateway" "mastodon_nat_gateway" { 31 | compartment_id = var.compartment_id 32 | vcn_id = oci_core_vcn.mastodon_vcn.id 33 | display_name = var.nat_gateway_display_name 34 | } 35 | 36 | # Route tables 37 | resource "oci_core_route_table" "public_route_table" { 38 | compartment_id = var.compartment_id 39 | vcn_id = oci_core_vcn.mastodon_vcn.id 40 | display_name = var.public_route_table_display_name 41 | route_rules { 42 | network_entity_id = oci_core_internet_gateway.mastodon_internet_gateway.id 43 | destination_type = "CIDR_BLOCK" 44 | destination = "0.0.0.0/0" 45 | } 46 | } 47 | resource "oci_core_route_table" "private_route_table" { 48 | compartment_id = var.compartment_id 49 | vcn_id = oci_core_vcn.mastodon_vcn.id 50 | display_name = var.private_route_table_display_name 51 | route_rules { 52 | network_entity_id = oci_core_nat_gateway.mastodon_nat_gateway.id 53 | destination_type = "CIDR_BLOCK" 54 | destination = "0.0.0.0/0" 55 | } 56 | route_rules { 57 | network_entity_id = oci_core_service_gateway.mastodon_service_gateway.id 58 | destination_type = "SERVICE_CIDR_BLOCK" 59 | destination = var.all_services_cidr 60 | } 61 | } 62 | 63 | # Subnets 64 | resource "oci_core_subnet" "mastodon_public_subnet" { 65 | compartment_id = var.compartment_id 66 | vcn_id = oci_core_vcn.mastodon_vcn.id 67 | cidr_block = var.public_subnet_cidr_block 68 | display_name = var.public_subnet_display_name 69 | dns_label = var.public_subnet_dns_label 70 | route_table_id = oci_core_route_table.public_route_table.id 71 | security_list_ids = [ 72 | oci_core_vcn.mastodon_vcn.default_security_list_id 73 | ] 74 | prohibit_public_ip_on_vnic = false 75 | } 76 | resource "oci_core_subnet" "mastodon_private_subnet" { 77 | compartment_id = var.compartment_id 78 | vcn_id = oci_core_vcn.mastodon_vcn.id 79 | cidr_block = var.private_subnet_cidr_block 80 | display_name = var.private_subnet_display_name 81 | dns_label = var.private_subnet_dns_label 82 | route_table_id = oci_core_route_table.private_route_table.id 83 | security_list_ids = [ 84 | oci_core_vcn.mastodon_vcn.default_security_list_id 85 | ] 86 | prohibit_public_ip_on_vnic = true 87 | } -------------------------------------------------------------------------------- /terraform-stack/netsec.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved. 2 | # 3 | # This software is dual-licensed to you under the Universal Permissive License 4 | # (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 5 | # 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose 6 | # either license. 7 | 8 | # Rails NSG 9 | resource "oci_core_network_security_group" "rails_nsg" { 10 | compartment_id = var.compartment_id 11 | vcn_id = oci_core_vcn.mastodon_vcn.id 12 | display_name = var.rails_nsg_display_name 13 | } 14 | resource "oci_core_network_security_group_security_rule" "rails_rule_0" { 15 | network_security_group_id = oci_core_network_security_group.rails_nsg.id 16 | direction = "INGRESS" 17 | source_type = "CIDR_BLOCK" 18 | source = "0.0.0.0/0" 19 | protocol = 6 # ICMP=1, TCP=6, UDP=17, ICMPv6=56 20 | tcp_options { 21 | destination_port_range { 22 | min = 80 23 | max = 80 24 | } 25 | } 26 | } 27 | resource "oci_core_network_security_group_security_rule" "rails_rule_1" { 28 | network_security_group_id = oci_core_network_security_group.rails_nsg.id 29 | direction = "INGRESS" 30 | source_type = "CIDR_BLOCK" 31 | source = "0.0.0.0/0" 32 | protocol = 6 # ICMP=1, TCP=6, UDP=17, ICMPv6=56 33 | tcp_options { 34 | destination_port_range { 35 | min = 443 36 | max = 443 37 | } 38 | } 39 | } 40 | 41 | # Redis NSG 42 | resource "oci_core_network_security_group" "redis_nsg" { 43 | compartment_id = var.compartment_id 44 | vcn_id = oci_core_vcn.mastodon_vcn.id 45 | display_name = var.redis_nsg_display_name 46 | } 47 | resource "oci_core_network_security_group_security_rule" "redis_rule" { 48 | network_security_group_id = oci_core_network_security_group.redis_nsg.id 49 | direction = "INGRESS" 50 | source_type = "NETWORK_SECURITY_GROUP" 51 | source = oci_core_network_security_group.rails_nsg.id 52 | protocol = 6 # ICMP=1, TCP=6, UDP=17, ICMPv6=56 53 | tcp_options { 54 | destination_port_range { 55 | min = 6379 56 | max = 6379 57 | } 58 | } 59 | } 60 | 61 | # PostgreSQL NSG 62 | resource "oci_core_network_security_group" "postgres_nsg" { 63 | compartment_id = var.compartment_id 64 | vcn_id = oci_core_vcn.mastodon_vcn.id 65 | display_name = var.postgres_nsg_display_name 66 | } 67 | resource "oci_core_network_security_group_security_rule" "postgres_rule" { 68 | network_security_group_id = oci_core_network_security_group.postgres_nsg.id 69 | direction = "INGRESS" 70 | source_type = "NETWORK_SECURITY_GROUP" 71 | source = oci_core_network_security_group.rails_nsg.id 72 | protocol = 6 # ICMP=1, TCP=6, UDP=17, ICMPv6=56 73 | tcp_options { 74 | destination_port_range { 75 | min = 5432 76 | max = 5432 77 | } 78 | } 79 | } 80 | 81 | # File Storage NSG 82 | resource "oci_core_network_security_group" "file_storage_nsg" { 83 | compartment_id = var.compartment_id 84 | vcn_id = oci_core_vcn.mastodon_vcn.id 85 | display_name = var.file_storage_nsg_display_name 86 | } 87 | resource "oci_core_network_security_group_security_rule" "file_storage_tcp_rule_0" { 88 | network_security_group_id = oci_core_network_security_group.file_storage_nsg.id 89 | direction = "INGRESS" 90 | source_type = "CIDR_BLOCK" 91 | source = var.vcn_cidr_blocks[0] 92 | # source = each.key 93 | protocol = 6 # ICMP=1, TCP=6, UDP=17, ICMPv6=56 94 | tcp_options { 95 | destination_port_range { 96 | min = 111 97 | max = 111 98 | } 99 | } 100 | # for_each = toset(var.vcn_cidr_blocks) 101 | } 102 | resource "oci_core_network_security_group_security_rule" "file_storage_tcp_rule_1" { 103 | network_security_group_id = oci_core_network_security_group.file_storage_nsg.id 104 | direction = "INGRESS" 105 | source_type = "CIDR_BLOCK" 106 | source = var.vcn_cidr_blocks[0] 107 | # source = each.key 108 | protocol = 6 # ICMP=1, TCP=6, UDP=17, ICMPv6=56 109 | tcp_options { 110 | destination_port_range { 111 | min = 2048 112 | max = 2050 113 | } 114 | } 115 | # for_each = toset(var.vcn_cidr_blocks) 116 | } 117 | resource "oci_core_network_security_group_security_rule" "file_storage_udp_rule" { 118 | network_security_group_id = oci_core_network_security_group.file_storage_nsg.id 119 | direction = "INGRESS" 120 | source_type = "CIDR_BLOCK" 121 | source = var.vcn_cidr_blocks[0] 122 | # source = each.key 123 | protocol = 17 # ICMP=1, TCP=6, UDP=17, ICMPv6=56 124 | udp_options { 125 | destination_port_range { 126 | min = 111 127 | max = 111 128 | } 129 | } 130 | # for_each = toset(var.vcn_cidr_blocks) 131 | } -------------------------------------------------------------------------------- /terraform-stack/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved. 2 | # 3 | # This software is dual-licensed to you under the Universal Permissive License 4 | # (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 5 | # 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose 6 | # either license. 7 | 8 | ### Common Variables ########################################################### 9 | 10 | variable "region" { 11 | description = "Region name. List regions with 'oci iam region list'" 12 | type = string 13 | } 14 | variable "compartment_id" { 15 | description = "Compartment OCID to place resources" 16 | type = string 17 | sensitive = true 18 | } 19 | variable "all_services_id" { 20 | description = <<-EOT 21 | Region-specific service OCID for all services in the Oracle Services Network. 22 | List with 'oci network service list' from the appropriate region. 23 | EOT 24 | type = string 25 | } 26 | variable "all_services_cidr" { 27 | description = <<-EOT 28 | Region-specific service CIDR for all services in the Oracle Services Network. 29 | List with 'oci network service list' from the appropriate region. 30 | EOT 31 | type = string 32 | } 33 | 34 | ### VCN ######################################################################## 35 | 36 | # VCN 37 | variable "vcn_cidr_blocks" { 38 | description = "List of CIDR blocks for the private IPv4s of the VCN" 39 | type = list(string) 40 | } 41 | variable "vcn_display_name" { 42 | description = "Display name for the VCN" 43 | type = string 44 | } 45 | variable "vcn_dns_label" { 46 | description = "Private DNS label for within the VCN" 47 | type = string 48 | } 49 | 50 | # Gateways 51 | variable "internet_gateway_display_name" { 52 | description = "Display name for the internet gateway" 53 | type = string 54 | } 55 | variable "service_gateway_display_name" { 56 | description = "Display name for the service gateway" 57 | type = string 58 | } 59 | variable "nat_gateway_display_name" { 60 | description = "Display name for the NAT gateway" 61 | type = string 62 | } 63 | 64 | # Route Tables 65 | variable "public_route_table_display_name" { 66 | description = "Display name for the public route table" 67 | type = string 68 | } 69 | variable "private_route_table_display_name" { 70 | description = "Display name for the private route table" 71 | type = string 72 | } 73 | 74 | # Public Subnet 75 | variable "public_subnet_cidr_block" { 76 | description = "Single private IPv4 CIDR block for the public subnet" 77 | type = string 78 | } 79 | variable "public_subnet_display_name" { 80 | description = "Display name for the public subnet" 81 | type = string 82 | } 83 | variable "public_subnet_dns_label" { 84 | description = "Private DNS label for within the public subnet" 85 | type = string 86 | } 87 | 88 | # Private Subnet 89 | variable "private_subnet_cidr_block" { 90 | description = "Single private IPv4 CIDR block for the private subnet" 91 | type = string 92 | } 93 | variable "private_subnet_display_name" { 94 | description = "Display name for the private subnet" 95 | type = string 96 | } 97 | variable "private_subnet_dns_label" { 98 | description = "Private DNS label for within the private subnet" 99 | type = string 100 | } 101 | 102 | ### Network Security Groups #################################################### 103 | 104 | variable "rails_nsg_display_name" { 105 | description = "Display name for the Rails NSG" 106 | type = string 107 | } 108 | variable "redis_nsg_display_name" { 109 | description = "Display name for the Redis NSG" 110 | type = string 111 | } 112 | variable "postgres_nsg_display_name" { 113 | description = "Display name for the PostgreSQL NSG" 114 | type = string 115 | } 116 | variable "file_storage_nsg_display_name" { 117 | description = "Display name for the File Storage NSG" 118 | type = string 119 | } 120 | 121 | ### PostgreSQL Instance ######################################################## 122 | 123 | variable "postgres_availability_domain" { 124 | type = string 125 | } 126 | variable "postgres_instance_shape" { 127 | type = string 128 | } 129 | variable "postgres_instance_ocpus" { 130 | type = number 131 | } 132 | variable "postgres_instance_memory_in_gbs" { 133 | type = number 134 | } 135 | variable "postgres_instance_image_id" { 136 | type = string 137 | } 138 | variable "postgres_instance_display_name" { 139 | type = string 140 | } 141 | variable "postgres_instance_hostname" { 142 | type = string 143 | } 144 | variable "postgres_instance_ssh_keys" { 145 | type = string 146 | } 147 | 148 | ### Redis Instance ############################################################# 149 | 150 | variable "redis_availability_domain" { 151 | type = string 152 | } 153 | variable "redis_instance_shape" { 154 | type = string 155 | } 156 | variable "redis_instance_ocpus" { 157 | type = number 158 | } 159 | variable "redis_instance_memory_in_gbs" { 160 | type = number 161 | } 162 | variable "redis_instance_image_id" { 163 | type = string 164 | } 165 | variable "redis_instance_display_name" { 166 | type = string 167 | } 168 | variable "redis_instance_hostname" { 169 | type = string 170 | } 171 | variable "redis_instance_ssh_keys" { 172 | type = string 173 | } 174 | variable "redis_password" { 175 | type = string 176 | sensitive = true 177 | } 178 | 179 | ### Mastodon Instance ########################################################## 180 | 181 | variable "mastodon_availability_domain" { 182 | type = string 183 | } 184 | variable "mastodon_instance_shape" { 185 | type = string 186 | } 187 | variable "mastodon_instance_ocpus" { 188 | type = number 189 | } 190 | variable "mastodon_instance_memory_in_gbs" { 191 | type = number 192 | } 193 | variable "mastodon_instance_image_id" { 194 | type = string 195 | } 196 | variable "mastodon_instance_display_name" { 197 | type = string 198 | } 199 | variable "mastodon_instance_hostname" { 200 | type = string 201 | } 202 | variable "mastodon_instance_ssh_keys" { 203 | type = string 204 | } 205 | 206 | ### File Storage ############################################################### 207 | 208 | variable "file_system_availability_domain" { 209 | type = string 210 | } 211 | variable "file_system_display_name" { 212 | type = string 213 | } 214 | variable "mount_target_display_name" { 215 | type = string 216 | } 217 | variable "mount_target_hostname" { 218 | type = string 219 | } 220 | variable "file_storage_export_path" { 221 | type = string 222 | } 223 | 224 | ### Object Storage ############################################################# 225 | 226 | variable "object_storage_namespace" { 227 | type = string 228 | sensitive = true 229 | } 230 | variable "mastodon_bucket_name" { 231 | type = string 232 | } 233 | variable "postgres_bucket_name" { 234 | type = string 235 | } 236 | variable "mastodon_bucket_infrequent_access_days" { 237 | type = number 238 | } 239 | variable "mastodon_bucket_infrequent_access_enabled" { 240 | type = bool 241 | } 242 | variable "postgres_bucket_archive_days" { 243 | type = number 244 | } 245 | variable "postgres_bucket_archive_enabled" { 246 | type = bool 247 | } 248 | variable "postgres_bucket_delete_years" { 249 | type = number 250 | } 251 | variable "postgres_bucket_delete_enabled" { 252 | type = bool 253 | } -------------------------------------------------------------------------------- /ansible-scripts/mastodon.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved. 2 | # 3 | # This software is dual-licensed to you under the Universal Permissive License 4 | # (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 5 | # 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose 6 | # either license. 7 | 8 | --- 9 | - name: Configure Mastodon 10 | hosts: mastodon 11 | 12 | vars: 13 | mastodon_config_file: # FILL # 14 | admin_email: # FILL # 15 | domain: # FILL # 16 | 17 | tasks: 18 | 19 | - name: Install Mastodon from GitHub 20 | ansible.builtin.git: 21 | repo: https://github.com/mastodon/mastodon.git 22 | dest: /home/ubuntu/live 23 | version: v4.1.2 24 | 25 | - name: Install Mastodon Ruby dependencies with Bundler 26 | community.general.bundler: 27 | state: present 28 | deployment_mode: true 29 | exclude_groups: development test 30 | chdir: /home/ubuntu/live 31 | vars: 32 | rbenv_root: /home/ubuntu/.rbenv 33 | rbenv_ruby_version: 3.0.6 34 | environment: 35 | CONFIGURE_OPTS: '--no-document' 36 | RBENV_ROOT: '{{ rbenv_root }}' 37 | PATH: '{{ rbenv_root }}/bin:{{ rbenv_root }}/shims:{{ ansible_env.PATH }}' 38 | 39 | - name: Install Mastodon NodeJS dependencies with Yarn 40 | community.general.yarn: 41 | state: present 42 | path: /home/ubuntu/live 43 | 44 | - name: Add configuration file 45 | ansible.builtin.template: 46 | src: '{{ mastodon_config_file }}' 47 | dest: '/home/ubuntu/live/.env.production' 48 | mode: u=rw,g=rw,o=rw 49 | register: config 50 | 51 | - name: Prepare database # noqa command-instead-of-shell no-changed-when ignore-errors 52 | ansible.builtin.shell: 53 | cmd: RAILS_ENV=production bundle exec rake db:setup 54 | chdir: /home/ubuntu/live 55 | vars: 56 | rbenv_root: /home/ubuntu/.rbenv 57 | rbenv_ruby_version: 3.0.6 58 | environment: 59 | RBENV_ROOT: '{{ rbenv_root }}' 60 | PATH: '{{ rbenv_root }}/bin:{{ rbenv_root }}/shims:{{ ansible_env.PATH }}' 61 | ignore_errors: true 62 | 63 | - name: Precompile assets # noqa command-instead-of-shell no-changed-when 64 | ansible.builtin.shell: 65 | cmd: RAILS_ENV=production bundle exec rake assets:precompile 66 | chdir: /home/ubuntu/live 67 | vars: 68 | rbenv_root: /home/ubuntu/.rbenv 69 | rbenv_ruby_version: 3.0.6 70 | environment: 71 | RBENV_ROOT: '{{ rbenv_root }}' 72 | PATH: '{{ rbenv_root }}/bin:{{ rbenv_root }}/shims:{{ ansible_env.PATH }}' 73 | 74 | - name: Add Mastodon to Nginx sites-available 75 | ansible.builtin.copy: 76 | src: /home/ubuntu/live/dist/nginx.conf 77 | dest: /etc/nginx/sites-available/mastodon 78 | remote_src: true 79 | mode: u=rw,g=rw,o=rw 80 | force: false 81 | become: true 82 | 83 | - name: Link Nginx sites-enabled/mastodon to sites-avalable/mastodon 84 | ansible.builtin.file: 85 | src: /etc/nginx/sites-available/mastodon 86 | dest: /etc/nginx/sites-enabled/mastodon 87 | state: link 88 | become: true 89 | 90 | - name: Create a directory for Nginx SSL 91 | ansible.builtin.file: 92 | path: /etc/nginx/ssl/ 93 | state: directory 94 | mode: u=rw,g=rw,o=rw 95 | become: true 96 | 97 | - name: Create temporary RSA key 98 | ansible.builtin.command: 99 | cmd: openssl genrsa -out /etc/nginx/ssl/{{ domain }}.key 2048 100 | creates: /etc/nginx/ssl/{{ domain }}.key 101 | become: true 102 | 103 | - name: Create temporary SSL certificate 104 | ansible.builtin.expect: 105 | command: openssl req -new -key /etc/nginx/ssl/{{ domain }}.key -x509 -days 365 -out /etc/nginx/ssl/{{ domain }}.crt 106 | creates: /etc/nginx/ssl/{{ domain }}.crt 107 | responses: 108 | 'Country Name': '' 109 | 'State or Province Name': '' 110 | 'Locality Name': '' 111 | 'Organization Name': '' 112 | 'Organizational Unit Name': '' 113 | 'Common Name': '{{ domain }}' 114 | 'Email Address': '{{ admin_email }}' 115 | become: true 116 | 117 | - name: Edits the server name in Nginx configuration 118 | ansible.builtin.replace: 119 | path: /etc/nginx/sites-available/mastodon 120 | regexp: 'server_name example.com' 121 | replace: 'server_name {{ domain }}' 122 | become: true 123 | 124 | - name: Sets the directory for the Mastodon application 125 | ansible.builtin.replace: 126 | path: /etc/nginx/sites-available/mastodon 127 | regexp: 'root /home/mastodon/live/public;' 128 | replace: 'root /home/ubuntu/live/public;' 129 | become: true 130 | 131 | - name: Adds temporary RSA key to Nginx configuration 132 | ansible.builtin.replace: 133 | path: /etc/nginx/sites-available/mastodon 134 | regexp: '# ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;' 135 | replace: 'ssl_certificate_key /etc/nginx/ssl/{{ domain }}.key;' 136 | become: true 137 | 138 | - name: Adds temporary SSL cert to Nginx configuration 139 | ansible.builtin.replace: 140 | path: /etc/nginx/sites-available/mastodon 141 | regexp: '# ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;' 142 | replace: 'ssl_certificate /etc/nginx/ssl/{{ domain }}.crt;' 143 | become: true 144 | 145 | - name: Restart Nginx 146 | ansible.builtin.service: 147 | name: nginx 148 | state: restarted 149 | become: true 150 | 151 | - name: Acquire Let's Encrypt certificate 152 | ansible.builtin.expect: 153 | command: certbot --nginx -d {{ domain }} -v 154 | responses: 155 | 'Enter email address': '{{ admin_email }}' 156 | 'Terms of Service': 'yes' 157 | 'share your email address': 'no' 158 | creates: '/etc/letsencrypt/live/{{ domain }}/fullchain.pem' 159 | become: true 160 | 161 | - name: Add mastodon-web.service 162 | ansible.builtin.copy: 163 | src: /home/ubuntu/live/dist/mastodon-web.service 164 | dest: /etc/systemd/system/ 165 | remote_src: true 166 | mode: u=rw,g=r,o=r 167 | force: false 168 | become: true 169 | 170 | - name: Add mastodon-streaming.service 171 | ansible.builtin.copy: 172 | src: /home/ubuntu/live/dist/mastodon-streaming.service 173 | dest: /etc/systemd/system/ 174 | remote_src: true 175 | mode: u=rw,g=r,o=r 176 | force: false 177 | become: true 178 | 179 | - name: Add mastodon-sidekiq.service 180 | ansible.builtin.copy: 181 | src: /home/ubuntu/live/dist/mastodon-sidekiq.service 182 | dest: /etc/systemd/system/ 183 | remote_src: true 184 | mode: u=rw,g=r,o=r 185 | force: false 186 | become: true 187 | 188 | - name: Reconfigure mastodon-web.service 189 | ansible.builtin.replace: 190 | path: /etc/systemd/system/mastodon-web.service 191 | regexp: '/home/mastodon' 192 | replace: '/home/ubuntu' 193 | become: true 194 | 195 | - name: Reconfigure mastodon-streaming.service 196 | ansible.builtin.replace: 197 | path: /etc/systemd/system/mastodon-streaming.service 198 | regexp: '/home/mastodon' 199 | replace: '/home/ubuntu' 200 | become: true 201 | 202 | - name: Reconfigure mastodon-sidekiq.service 203 | ansible.builtin.replace: 204 | path: /etc/systemd/system/mastodon-sidekiq.service 205 | regexp: '/home/mastodon' 206 | replace: '/home/ubuntu' 207 | become: true 208 | 209 | - name: Reconfigure mastodon-web.service 210 | ansible.builtin.replace: 211 | path: /etc/systemd/system/mastodon-web.service 212 | regexp: 'User=mastodon' 213 | replace: 'User=ubuntu' 214 | become: true 215 | 216 | - name: Reconfigure mastodon-streaming.service 217 | ansible.builtin.replace: 218 | path: /etc/systemd/system/mastodon-streaming.service 219 | regexp: 'User=mastodon' 220 | replace: 'User=ubuntu' 221 | become: true 222 | 223 | - name: Reconfigure mastodon-sidekiq.service 224 | ansible.builtin.replace: 225 | path: /etc/systemd/system/mastodon-sidekiq.service 226 | regexp: 'User=mastodon' 227 | replace: 'User=ubuntu' 228 | become: true 229 | 230 | - name: Reload systemd daemons 231 | ansible.builtin.systemd: 232 | daemon_reload: true 233 | become: true 234 | 235 | - name: Start mastodon-web service 236 | ansible.builtin.service: 237 | name: mastodon-web.service 238 | state: started 239 | enabled: true 240 | become: true 241 | 242 | - name: Start mastodon-sidekiq.service 243 | ansible.builtin.service: 244 | name: mastodon-sidekiq.service 245 | state: started 246 | enabled: true 247 | become: true 248 | 249 | - name: Start mastodon-streaming.service 250 | ansible.builtin.service: 251 | name: mastodon-streaming.service 252 | state: started 253 | enabled: true 254 | become: true 255 | ... 256 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. -------------------------------------------------------------------------------- /terraform-stack/schema.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved. 2 | # 3 | # This software is dual-licensed to you under the Universal Permissive License 4 | # (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 5 | # 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose 6 | # either license. 7 | 8 | title: Mastodon on OCI 9 | description: Case study for OCI Operations Professional 10 | schemaVersion: 1.1.0 11 | version: 20190304 12 | 13 | local: "en" 14 | variableGroups: 15 | - title: Common Variables 16 | variables: 17 | - compartment_id 18 | - region 19 | - all_services_id 20 | - all_services_cidr 21 | - title: VCN 22 | variables: 23 | - vcn_display_name 24 | - vcn_cidr_blocks 25 | - vcn_dns_label 26 | - title: Gateways 27 | variables: 28 | - internet_gateway_display_name 29 | - service_gateway_display_name 30 | - nat_gateway_display_name 31 | - title: Route Tables 32 | variables: 33 | - public_route_table_display_name 34 | - private_route_table_display_name 35 | - title: Public Subnet 36 | variables: 37 | - public_subnet_display_name 38 | - public_subnet_cidr_block 39 | - public_subnet_dns_label 40 | - title: Private Subnet 41 | variables: 42 | - private_subnet_display_name 43 | - private_subnet_cidr_block 44 | - private_subnet_dns_label 45 | - title: Network Security Groups 46 | variables: 47 | - rails_nsg_display_name 48 | - redis_nsg_display_name 49 | - postgres_nsg_display_name 50 | - file_storage_nsg_display_name 51 | - title: File Storage System 52 | variables: 53 | - file_system_availability_domain 54 | - file_system_display_name 55 | - mount_target_display_name 56 | - mount_target_hostname 57 | - file_storage_export_path 58 | - title: PostgreSQL Instance 59 | variables: 60 | - postgres_availability_domain 61 | - postgres_instance_shape 62 | - postgres_instance_ocpus 63 | - postgres_instance_memory_in_gbs 64 | - postgres_instance_image_id 65 | - postgres_instance_display_name 66 | - postgres_instance_hostname 67 | - postgres_instance_ssh_keys 68 | - title: Redis Instance 69 | variables: 70 | - redis_availability_domain 71 | - redis_instance_shape 72 | - redis_instance_ocpus 73 | - redis_instance_memory_in_gbs 74 | - redis_instance_image_id 75 | - redis_instance_display_name 76 | - redis_instance_hostname 77 | - redis_instance_ssh_keys 78 | - redis_password 79 | - title: Mastodon Instance 80 | variables: 81 | - mastodon_availability_domain 82 | - mastodon_instance_shape 83 | - mastodon_instance_ocpus 84 | - mastodon_instance_memory_in_gbs 85 | - mastodon_instance_image_id 86 | - mastodon_instance_display_name 87 | - mastodon_instance_hostname 88 | - mastodon_instance_ssh_keys 89 | - title: Object Storage 90 | variables: 91 | - object_storage_namespace 92 | - mastodon_bucket_name 93 | - mastodon_bucket_infrequent_access_days 94 | - mastodon_bucket_infrequent_access_enabled 95 | - postgres_bucket_name 96 | - postgres_bucket_archive_days 97 | - postgres_bucket_archive_enabled 98 | - postgres_bucket_delete_years 99 | - postgres_bucket_delete_enabled 100 | 101 | 102 | variables: 103 | 104 | region: 105 | title: Region 106 | description: Region name. List regions with 'oci iam region list' 107 | type: string 108 | required: true 109 | 110 | compartment_id: 111 | title: Comparment OCID 112 | description: Compartment OCID to place resources 113 | type: string 114 | required: true 115 | 116 | all_services_id: 117 | title: All Services OCID 118 | description: | 119 | Region-specific service OCID for all services in the Oracle Services Network. 120 | List with 'oci network service list' from the appropriate region. 121 | type: string 122 | required: true 123 | 124 | all_services_cidr: 125 | title: All Services CIDR 126 | description: | 127 | Region-specific service CIDR for all services in the Oracle Services Network. 128 | List with 'oci network service list' from the appropriate region. 129 | type: string 130 | required: true 131 | 132 | vcn_cidr_blocks: 133 | title: CIDR Blocks 134 | description: List of CIDR blocks for the private IPv4s of the VCN 135 | type: array 136 | items: 137 | type: string 138 | required: true 139 | 140 | vcn_display_name: 141 | title: VCN Display Name 142 | description: Display name for the VCN 143 | type: string 144 | required: true 145 | 146 | vcn_dns_label: 147 | title: VCN DNS Label 148 | description: Private DNS label for within the VCN 149 | type: string 150 | required: true 151 | 152 | internet_gateway_display_name: 153 | title: Internet Gateway Display Name 154 | description: Display name for the internet gateway 155 | type: string 156 | required: true 157 | 158 | service_gateway_display_name: 159 | title: Service Gateway Display Name 160 | description: Display name for the service gateway 161 | type: string 162 | required: true 163 | 164 | nat_gateway_display_name: 165 | title: NAT Gateway Display Name 166 | description: Display name for the NAT gateway 167 | type: string 168 | required: true 169 | 170 | public_route_table_display_name: 171 | title: Public Route Table Display Name 172 | description: Display name for the public route table 173 | type: string 174 | required: true 175 | 176 | private_route_table_display_name: 177 | title: Private Route Table Display Name 178 | description: Display name for the private route table 179 | type: string 180 | required: true 181 | 182 | public_subnet_cidr_block: 183 | title: Public Subnet CIDR Block 184 | description: Single private IPv4 CIDR block for the public subnet 185 | type: string 186 | required: true 187 | 188 | public_subnet_display_name: 189 | title: Public Subnet Display Name 190 | description: Single private IPv4 CIDR block for the public subnet 191 | type: string 192 | required: true 193 | 194 | public_subnet_dns_label: 195 | title: Public Subnet DNS Label 196 | description: Display name for the public subnet 197 | type: string 198 | required: true 199 | 200 | private_subnet_cidr_block: 201 | title: Private Subnet CIDR Block 202 | description: Private DNS label for within the public subnet 203 | type: string 204 | required: true 205 | 206 | private_subnet_display_name: 207 | title: Private Subnet Display Name 208 | description: Single private IPv4 CIDR block for the private subnet 209 | type: string 210 | required: true 211 | 212 | private_subnet_dns_label: 213 | title: Private Subnet DNS Label 214 | description: Display name for the private subnet 215 | type: string 216 | required: true 217 | 218 | rails_nsg_display_name: 219 | title: Rails NSG Display Name 220 | description: Diplay name for the Rails NSG 221 | type: string 222 | required: true 223 | 224 | redis_nsg_display_name: 225 | title: Redis NSG Display name 226 | description: Diplay name for the Redis NSG 227 | type: string 228 | required: true 229 | 230 | postgres_nsg_display_name: 231 | title: PostgreSQL NSG Display Name 232 | description: Diplay name for the PostgreSQL NSG 233 | type: string 234 | required: true 235 | 236 | file_storage_nsg_display_name: 237 | title: File Storage NSG Display Name 238 | description: Diplay name for the File Storage NSG 239 | type: string 240 | required: true 241 | 242 | postgres_availability_domain: 243 | title: PostgreSQL Instance AD 244 | description: Availability domain for the PostgreSQL instance 245 | type: string 246 | required: true 247 | 248 | postgres_instance_shape: 249 | title: PostgreSQL Instance Shape 250 | description: Instance shape for the PostgreSQL instance 251 | type: string 252 | required: true 253 | 254 | postgres_instance_ocpus: 255 | title: PostgreSQL Instance OCPUs 256 | description: Number of OCPUs for the PostgreSQL instance 257 | type: number 258 | required: true 259 | 260 | postgres_instance_memory_in_gbs: 261 | title: PostgreSQL Instance Memory 262 | description: Number of GB of memory for the PostgreSQL instance 263 | type: number 264 | required: true 265 | 266 | postgres_instance_image_id: 267 | title: PostgreSQL Instance Image 268 | description: Image OCID for the PostgreSQL instance 269 | type: string 270 | required: true 271 | 272 | postgres_instance_display_name: 273 | title: PostgreSQL Instance Display Name 274 | description: Display name for the PostgreSQL instance 275 | type: string 276 | required: true 277 | 278 | postgres_instance_hostname: 279 | title: PostgreSQL Instance Hostname 280 | description: Hostname for the PostgreSQL instance 281 | type: string 282 | required: true 283 | 284 | postgres_instance_ssh_keys: 285 | title: PostgreSQL Instance Authorized SSH Keys 286 | description: String of authorized public SSH keys 287 | type: string 288 | required: true 289 | 290 | redis_availability_domain: 291 | title: Redis Instance AD 292 | description: Availability domain for the Redis instance 293 | type: string 294 | required: true 295 | 296 | redis_instance_shape: 297 | title: Redis Instance Shape 298 | description: Instance shape for the Redis instance 299 | type: string 300 | required: true 301 | 302 | redis_instance_ocpus: 303 | title: Redis Instance OCPUs 304 | description: Number of OCPUs for the Redis instance 305 | type: number 306 | required: true 307 | 308 | redis_instance_memory_in_gbs: 309 | title: Redis Instance Memory 310 | description: Number of GB of memory for the Redis instance 311 | type: number 312 | required: true 313 | 314 | redis_instance_image_id: 315 | title: Redis Instance Image 316 | description: Image OCID for the Redis instance 317 | type: string 318 | required: true 319 | 320 | redis_instance_display_name: 321 | title: Redis Instance Display Name 322 | description: Display name for the Redis instance 323 | type: string 324 | required: true 325 | 326 | redis_instance_hostname: 327 | title: Redis Instance Hostname 328 | description: Hostname for the Redis instance 329 | type: string 330 | required: true 331 | 332 | redis_instance_ssh_keys: 333 | title: Redis Instance Authorized SSH Keys 334 | description: String of authorized public SSH keys 335 | type: string 336 | required: true 337 | 338 | redis_password: 339 | title: Redis Password 340 | description: Password to access Redis 341 | type: password 342 | required: true 343 | 344 | mastodon_availability_domain: 345 | title: Mastodon Instance AD 346 | description: Availability domain for the Mastodon instance 347 | type: string 348 | required: true 349 | 350 | mastodon_instance_shape: 351 | title: Mastodon Instance Shape 352 | description: Instance shape for the Mastodon instance 353 | type: string 354 | required: true 355 | 356 | mastodon_instance_ocpus: 357 | title: Mastodon Instance OCPUs 358 | description: Number of OCPUs for the Mastodon instance 359 | type: number 360 | required: true 361 | 362 | mastodon_instance_memory_in_gbs: 363 | title: Mastodon Instance Memory 364 | description: Number of GB of memory for the Mastodon instance 365 | type: number 366 | required: true 367 | 368 | mastodon_instance_image_id: 369 | title: Mastodon Instance Image 370 | description: Image OCID for the Mastodon instance 371 | type: string 372 | required: true 373 | 374 | mastodon_instance_display_name: 375 | title: Mastodon Instance Display Name 376 | description: Display name for the Mastodon instance 377 | type: string 378 | required: true 379 | 380 | mastodon_instance_hostname: 381 | title: Mastodon Instance Hostname 382 | description: Hostname for the Mastodon instance 383 | type: string 384 | required: true 385 | 386 | mastodon_instance_ssh_keys: 387 | title: Mastodon Instance Authorized SSH Keys 388 | description: String of authorized public SSH keys 389 | type: string 390 | required: true 391 | 392 | file_system_availability_domain: 393 | title: File System AD 394 | description: Availability domain of the file system 395 | type: string 396 | required: true 397 | 398 | file_system_display_name: 399 | title: File System Display Name 400 | description: Display name for the file system 401 | type: string 402 | required: true 403 | 404 | mount_target_display_name: 405 | title: Mount Target Display Name 406 | description: Display name for the mount target 407 | type: string 408 | required: true 409 | 410 | mount_target_hostname: 411 | title: Mount Target Hostname 412 | description: Hostname for the mount target 413 | type: string 414 | required: true 415 | 416 | file_storage_export_path: 417 | title: Export Path 418 | description: Export Path for the File System 419 | type: string 420 | required: true 421 | 422 | object_storage_namespace: 423 | title: Object Storage Namespace 424 | description: Find with `oci os ns get` 425 | type: string 426 | sensitive: true 427 | required: true 428 | 429 | mastodon_bucket_name: 430 | title: Mastodon Bucket Name 431 | type: string 432 | required: true 433 | 434 | mastodon_bucket_infrequent_access_days: 435 | title: 'Mastodon Bucket: Days to move objects to Infrequent Access' 436 | description: Days since object last modified 437 | type: number 438 | required: true 439 | 440 | mastodon_bucket_infrequent_access_enabled: 441 | title: 'Mastodon Bucket: Automatically move objects to Infrequent Access?' 442 | type: boolean 443 | required: true 444 | 445 | postgres_bucket_name: 446 | title: Postgres Bucket Name 447 | type: string 448 | required: true 449 | 450 | postgres_bucket_archive_days: 451 | title: 'Postgres Bucket: Days to previous versions to Archive' 452 | description: Days since version became a previous version 453 | type: number 454 | required: true 455 | 456 | postgres_bucket_archive_enabled: 457 | title: 'Postgres Bucket: Automatically move objects to Archive?' 458 | type: boolean 459 | required: true 460 | 461 | postgres_bucket_delete_years: 462 | title: 'Postgres Bucket: Years to delete previous versions' 463 | description: Years since version became a previous version 464 | type: number 465 | required: true 466 | 467 | postgres_bucket_delete_enabled: 468 | title: 'Postgres Bucket: Automatically delete old versions?' 469 | type: boolean 470 | required: true 471 | --------------------------------------------------------------------------------