Set up google cloud server

backend/api/README.md

@@ -4,7 +4,31 @@ One function to rule them all, one docker image to bind them
 
 ## Setup
 
-You must have set up the `gcloud` cli
+You must have set up the `gcloud` cli.
+
+```bash
+gcloud artifacts repositories create builds \
+  --repository-format=docker \
+  --location=us-west1 \
+  --description="Docker images for API"
+gcloud auth configure-docker us-west1-docker.pkg.dev
+gcloud config set project compass-130ba
+gcloud projects add-iam-policy-binding compass-130ba \
+  --member="user:YOUR_EMAIL@gmail.com" \
+  --role="roles/artifactregistry.writer"
+gcloud projects add-iam-policy-binding compass-130ba \
+  --member="user:YOUR_EMAIL@gmail.com" \
+  --role="roles/storage.objectAdmin"
+gsutil mb -l us-west1 gs://compass-130ba-terraform-state
+gsutil uniformbucketlevelaccess set on gs://compass-130ba-terraform-state
+gsutil iam ch user:YOUR_EMAIL@gmail.com:roles/storage.admin gs://compass-130ba-terraform-state
+tofu init
+gcloud auth print-access-token | docker login -u oauth2accesstoken --password-stdin us-west1-docker.pkg.dev
+gcloud projects add-iam-policy-binding compass-130ba \
+    --member="serviceAccount:253367029065-compute@developer.gserviceaccount.com" \
+    --role="roles/secretmanager.secretAccessor"
+
+```
 
 ## Test
 

backend/api/debug.sh

@@ -13,14 +13,14 @@ fi
 
 SERVICE_NAME="api"
 SERVICE_GROUP="${SERVICE_NAME}-group"
-ZONE="us-west1-b"
+ZONE="us-west1-c"
 ENV=${1:-dev}
 
 case $ENV in
     dev)
-        GCLOUD_PROJECT=polylove ;;
+        GCLOUD_PROJECT=compass-130ba ;;
     prod)
-        GCLOUD_PROJECT=polylove ;;
+        GCLOUD_PROJECT=compass-130ba ;;
     *)
         echo "Invalid environment; must be dev or prod."
         exit 1

backend/api/deploy-api.sh

@@ -11,16 +11,12 @@
 
 set -e
 
-if [[ ! "$1" =~ ^(dev|prod)$ ]]; then
-  echo "Usage: $0 [dev|prod]"
-  exit 1
-fi
+ENV=${1:-prod}
 
 # Config
-ENV=$1
 REGION="us-west1"
 ZONE="us-west1-b"
-PROJECT="polylove"
+PROJECT="compass-130ba"
 SERVICE_NAME="api"
 
 GIT_REVISION=$(git rev-parse --short HEAD)
@@ -31,6 +27,7 @@ IMAGE_URL="${REGION}-docker.pkg.dev/${PROJECT}/builds/${SERVICE_NAME}:${IMAGE_TA
 echo "🚀 Deploying ${SERVICE_NAME} to ${ENV} ($(date "+%Y-%m-%d %I:%M:%S %p"))"
 yarn build
 docker build . --tag ${IMAGE_URL} --platform linux/amd64
+echo "docker push ${IMAGE_URL}"
 docker push ${IMAGE_URL}
 
 export TF_VAR_image_url=$IMAGE_URL

backend/api/ecosystem.config.js

@@ -2,7 +2,7 @@ module.exports = {
   apps: [
     {
       name: 'serve',
-      script: 'backend/api/src/serve.ts',
+      script: 'backend/api/lib/serve.js',
       instances: 1,
       exec_mode: 'fork',
       autorestart: true,

backend/api/main.tf

@@ -1,9 +1,7 @@
-# written by claude 3.7 lol
-
 variable "image_url" {
   description = "Docker image URL"
   type        = string
-  default     = "us-west1-docker.pkg.dev/polylove/builds/api:latest"
+  default     = "us-west1-docker.pkg.dev/compass-130ba/builds/api:latest"
 }
 
 variable "env" {
@@ -13,7 +11,7 @@ variable "env" {
 }
 
 locals {
-  project = "polylove"
+  project = "compass-130ba"
   region  = "us-west1"
   zone         = "us-west1-b"
   service_name = "api"
@@ -22,7 +20,7 @@ locals {
 
 terraform {
   backend "gcs" {
-    bucket = "polylove-terraform-state"
+    bucket = "compass-130ba-terraform-state"
     prefix = "api"
   }
 }
@@ -36,8 +34,8 @@ provider "google" {
 # Firebase Storage Buckets
 # Note you still have to deploy the rules: `firebase deploy --only storage`
 resource "google_storage_bucket" "public_storage" {
-  name          = "polylove.firebasestorage.app"
-  location      = "US-WEST1"
+  name          = "compass-130ba-public"
+  location      = "US"
   force_destroy = false
 
   uniform_bucket_level_access = true
@@ -50,6 +48,7 @@ resource "google_storage_bucket" "public_storage" {
   }
 }
 
+
 # static IPs
 resource "google_compute_global_address" "api_lb_ip" {
   name = "api-lb-ip-2"
@@ -60,7 +59,7 @@ resource "google_compute_managed_ssl_certificate" "api_cert" {
   name = "api-lb-cert-2"
 
   managed {
-    domains = ["api.poly.love"]
+    domains = ["api.compassmeet.com"]
   }
 }
 
@@ -99,6 +98,16 @@ spec:
         value: ${upper(var.env)}
       - name: GOOGLE_CLOUD_PROJECT
         value: ${local.project}
+      - name: SUPABASE_PASSWORD
+        valueFrom:
+          secretKeyRef:
+            name: "SUPABASE_PASSWORD"
+            key: "latest"
+      - name: GEODB_API_KEY
+        valueFrom:
+          secretKeyRef:
+            name: "GEODB_API_KEY"
+            key: "latest"
       ports:
         - containerPort: 80
 EOF
@@ -253,53 +262,53 @@ resource "google_compute_firewall" "default_allow_https" {
   source_ranges = ["0.0.0.0/0"]
 }
 
-resource "google_compute_firewall" "default_allow_ssh" {
-  name        = "default-allow-ssh"
-  network     = "default"
-  priority    = 65534
-  direction   = "INGRESS"
-
-  allow {
-    protocol = "tcp"
-    ports    = ["22"]
-  }
-
-  source_ranges = ["0.0.0.0/0"]
-}
-
-resource "google_compute_firewall" "default_allow_internal" {
-  name        = "default-allow-internal"
-  network     = "default"
-  priority    = 65534
-  direction   = "INGRESS"
-
-  allow {
-    protocol = "tcp"
-    ports    = ["0-65535"]
-  }
-
-  allow {
-    protocol = "udp"
-    ports    = ["0-65535"]
-  }
-
-  allow {
-    protocol = "icmp"
-  }
-
-  source_ranges = ["10.128.0.0/9"]
-}
-
-# Allow ICMP (ping)
-resource "google_compute_firewall" "default_allow_icmp" {
-  name        = "default-allow-icmp"
-  network     = "default"
-  priority    = 65534
-  direction   = "INGRESS"
-
-  allow {
-    protocol = "icmp"
-  }
-
-  source_ranges = ["0.0.0.0/0"]
-}
+# resource "google_compute_firewall" "default_allow_ssh" {
+#   name        = "default-allow-ssh"
+#   network     = "default"
+#   priority    = 65534
+#   direction   = "INGRESS"
+#
+#   allow {
+#     protocol = "tcp"
+#     ports    = ["22"]
+#   }
+#
+#   source_ranges = ["0.0.0.0/0"]
+# }
+#
+# resource "google_compute_firewall" "default_allow_internal" {
+#   name        = "default-allow-internal"
+#   network     = "default"
+#   priority    = 65534
+#   direction   = "INGRESS"
+#
+#   allow {
+#     protocol = "tcp"
+#     ports    = ["0-65535"]
+#   }
+#
+#   allow {
+#     protocol = "udp"
+#     ports    = ["0-65535"]
+#   }
+#
+#   allow {
+#     protocol = "icmp"
+#   }
+#
+#   source_ranges = ["10.128.0.0/9"]
+# }
+#
+# # Allow ICMP (ping)
+# resource "google_compute_firewall" "default_allow_icmp" {
+#   name        = "default-allow-icmp"
+#   network     = "default"
+#   priority    = 65534
+#   direction   = "INGRESS"
+#
+#   allow {
+#     protocol = "icmp"
+#   }
+#
+#   source_ranges = ["0.0.0.0/0"]
+# }

backend/firebase/.firebaserc

@@ -1,7 +1,7 @@
 {
   "projects": {
-    "default": "polylove",
-    "prod": "polylove",
-    "dev": "polylove-dev"
+    "default": "compass-130ba",
+    "prod": "compass-130ba",
+    "dev": "compass-130ba"
   }
 }

backend/firebase/firebase.json

@@ -1,11 +1,11 @@
 {
   "storage": [
     {
-      "bucket": "polylove.firebasestorage.app",
+      "bucket": "compass-130ba-public",
       "rules": "storage.rules"
     },
     {
-      "bucket": "polylove-private.firebasestorage.app",
+      "bucket": "compass-130ba-private.firebasestorage.app",
       "rules": "private-storage.rules"
     }
   ]

common/src/envs/constants.ts

@@ -33,25 +33,11 @@ export const AUTH_COOKIE_NAME = `FBUSER_${PROJECT_ID.toUpperCase().replace(
 )}`
 
 export const MOD_IDS = [
-  'HTbxWFlzWGeHUTiwZvvF0qm8W433', // Conflux
-  '9dAaZrNSx5OT0su6rpusDoG9WPN2', // dglid
-  '5XMvQhA3YgcTzyoJRiNqGWyuB9k2', // dreev
-  '2VhlvfTaRqZbFn2jqxk2Am9jgsE2', // Gabrielle
-  'XeQf3ygmrGM1MxdsE3JSlmq8vL42', // Jacy
-  'JlVpsgzLsbOUT4pajswVMr0ZzmM2', // Joshua
-  'sA7V30Ic73XZtniboy2eKr6ekkn1', // MartinRandall
-  'jO7sUhIDTQbAJ3w86akzncTlpRG2', // MichaelWheatley
-  'lkkqZxiWCpOgtJ9ztJcAKz4d9y33', // NathanpmYoung
-  'YOILpFNyg0gGj79zBIBUpJigHQ83', // SneakySly
-  'KHX2ThSFtLQlau58hrjtCX7OL2h2', // shankypanky (stefanie)
+  '...',
 ]
 
 export const VERIFIED_USERNAMES = [
-  'ScottAlexander',
-  'Aella',
-  'Roko',
-  'KatjaGrace',
-  'patrissimo',
+  'Martin',
 ]
 
 export const TEN_YEARS_SECS = 60 * 60 * 24 * 365 * 10

common/src/envs/dev.ts

@@ -7,7 +7,7 @@ export const DEV_CONFIG: EnvConfig = {
     apiKey: "AIzaSyAxzhj6bZuZ1TCw9xzibGccRHXiRWq6iy0",
     authDomain: "compass-130ba.firebaseapp.com",
     projectId: "compass-130ba",
-    storageBucket: "compass-130ba.firebasestorage.app",
+    storageBucket: "compass-130ba-public",
     messagingSenderId: "253367029065",
     appId: "1:253367029065:web:b338785af99d4145095e98",
     measurementId: "G-2LSQYJQE6P",

common/src/envs/prod.ts

@@ -36,7 +36,7 @@ export const PROD_CONFIG: EnvConfig = {
     apiKey: "AIzaSyAxzhj6bZuZ1TCw9xzibGccRHXiRWq6iy0",
     authDomain: "compass-130ba.firebaseapp.com",
     projectId: "compass-130ba",
-    storageBucket: "compass-130ba.firebasestorage.app",
+    storageBucket: "compass-130ba-public",
     messagingSenderId: "253367029065",
     appId: "1:253367029065:web:b338785af99d4145095e98",
     measurementId: "G-2LSQYJQE6P",

firebase.json

@@ -1,7 +1,7 @@
 {
   "storage": [
     {
-      "bucket": "compass-130ba.firebasestorage.app",
+      "bucket": "compass-130ba-public",
       "rules": "storage.rules"
     },
     {

supabase.ts

@@ -744,7 +744,7 @@ export const ENV_CONFIG = {
     apiKey: "AIzaSyAxzhj6bZuZ1TCw9xzibGccRHXiRWq6iy0",
     authDomain: "compass-130ba.firebaseapp.com",
     projectId: "compass-130ba",
-    storageBucket: "compass-130ba.firebasestorage.app",
+    storageBucket: "compass-130ba-public",
     messagingSenderId: "253367029065",
     appId: "1:253367029065:web:b338785af99d4145095e98",
     measurementId: "G-2LSQYJQE6P",