From a9f4e95b771feb32beb28968c0b677805cfa66d7 Mon Sep 17 00:00:00 2001 From: MartinBraquet Date: Thu, 28 Aug 2025 22:16:42 +0200 Subject: [PATCH] Set up google cloud server --- backend/api/README.md | 26 ++++++- backend/api/debug.sh | 6 +- backend/api/deploy-api.sh | 9 +-- backend/api/ecosystem.config.js | 2 +- backend/api/main.tf | 125 +++++++++++++++++--------------- backend/firebase/.firebaserc | 6 +- backend/firebase/firebase.json | 4 +- common/src/envs/constants.ts | 18 +---- common/src/envs/dev.ts | 2 +- common/src/envs/prod.ts | 2 +- firebase.json | 2 +- supabase.ts | 2 +- 12 files changed, 110 insertions(+), 94 deletions(-) diff --git a/backend/api/README.md b/backend/api/README.md index a6d818fa..6be18ea9 100644 --- a/backend/api/README.md +++ b/backend/api/README.md @@ -4,7 +4,31 @@ One function to rule them all, one docker image to bind them ## Setup -You must have set up the `gcloud` cli +You must have set up the `gcloud` cli. + +```bash +gcloud artifacts repositories create builds \ + --repository-format=docker \ + --location=us-west1 \ + --description="Docker images for API" +gcloud auth configure-docker us-west1-docker.pkg.dev +gcloud config set project compass-130ba +gcloud projects add-iam-policy-binding compass-130ba \ + --member="user:YOUR_EMAIL@gmail.com" \ + --role="roles/artifactregistry.writer" +gcloud projects add-iam-policy-binding compass-130ba \ + --member="user:YOUR_EMAIL@gmail.com" \ + --role="roles/storage.objectAdmin" +gsutil mb -l us-west1 gs://compass-130ba-terraform-state +gsutil uniformbucketlevelaccess set on gs://compass-130ba-terraform-state +gsutil iam ch user:YOUR_EMAIL@gmail.com:roles/storage.admin gs://compass-130ba-terraform-state +tofu init +gcloud auth print-access-token | docker login -u oauth2accesstoken --password-stdin us-west1-docker.pkg.dev +gcloud projects add-iam-policy-binding compass-130ba \ + --member="serviceAccount:253367029065-compute@developer.gserviceaccount.com" \ + --role="roles/secretmanager.secretAccessor" + +``` ## Test diff --git a/backend/api/debug.sh b/backend/api/debug.sh index f44f51b2..e27eb7f5 100755 --- a/backend/api/debug.sh +++ b/backend/api/debug.sh @@ -13,14 +13,14 @@ fi SERVICE_NAME="api" SERVICE_GROUP="${SERVICE_NAME}-group" -ZONE="us-west1-b" +ZONE="us-west1-c" ENV=${1:-dev} case $ENV in dev) - GCLOUD_PROJECT=polylove ;; + GCLOUD_PROJECT=compass-130ba ;; prod) - GCLOUD_PROJECT=polylove ;; + GCLOUD_PROJECT=compass-130ba ;; *) echo "Invalid environment; must be dev or prod." exit 1 diff --git a/backend/api/deploy-api.sh b/backend/api/deploy-api.sh index eb95dc0d..6e399443 100755 --- a/backend/api/deploy-api.sh +++ b/backend/api/deploy-api.sh @@ -11,16 +11,12 @@ set -e -if [[ ! "$1" =~ ^(dev|prod)$ ]]; then - echo "Usage: $0 [dev|prod]" - exit 1 -fi +ENV=${1:-prod} # Config -ENV=$1 REGION="us-west1" ZONE="us-west1-b" -PROJECT="polylove" +PROJECT="compass-130ba" SERVICE_NAME="api" GIT_REVISION=$(git rev-parse --short HEAD) @@ -31,6 +27,7 @@ IMAGE_URL="${REGION}-docker.pkg.dev/${PROJECT}/builds/${SERVICE_NAME}:${IMAGE_TA echo "🚀 Deploying ${SERVICE_NAME} to ${ENV} ($(date "+%Y-%m-%d %I:%M:%S %p"))" yarn build docker build . --tag ${IMAGE_URL} --platform linux/amd64 +echo "docker push ${IMAGE_URL}" docker push ${IMAGE_URL} export TF_VAR_image_url=$IMAGE_URL diff --git a/backend/api/ecosystem.config.js b/backend/api/ecosystem.config.js index 2b2a941f..1e4196bf 100644 --- a/backend/api/ecosystem.config.js +++ b/backend/api/ecosystem.config.js @@ -2,7 +2,7 @@ module.exports = { apps: [ { name: 'serve', - script: 'backend/api/src/serve.ts', + script: 'backend/api/lib/serve.js', instances: 1, exec_mode: 'fork', autorestart: true, diff --git a/backend/api/main.tf b/backend/api/main.tf index 0952d31a..132d843a 100644 --- a/backend/api/main.tf +++ b/backend/api/main.tf @@ -1,9 +1,7 @@ -# written by claude 3.7 lol - variable "image_url" { description = "Docker image URL" type = string - default = "us-west1-docker.pkg.dev/polylove/builds/api:latest" + default = "us-west1-docker.pkg.dev/compass-130ba/builds/api:latest" } variable "env" { @@ -13,7 +11,7 @@ variable "env" { } locals { - project = "polylove" + project = "compass-130ba" region = "us-west1" zone = "us-west1-b" service_name = "api" @@ -22,7 +20,7 @@ locals { terraform { backend "gcs" { - bucket = "polylove-terraform-state" + bucket = "compass-130ba-terraform-state" prefix = "api" } } @@ -36,8 +34,8 @@ provider "google" { # Firebase Storage Buckets # Note you still have to deploy the rules: `firebase deploy --only storage` resource "google_storage_bucket" "public_storage" { - name = "polylove.firebasestorage.app" - location = "US-WEST1" + name = "compass-130ba-public" + location = "US" force_destroy = false uniform_bucket_level_access = true @@ -50,6 +48,7 @@ resource "google_storage_bucket" "public_storage" { } } + # static IPs resource "google_compute_global_address" "api_lb_ip" { name = "api-lb-ip-2" @@ -60,7 +59,7 @@ resource "google_compute_managed_ssl_certificate" "api_cert" { name = "api-lb-cert-2" managed { - domains = ["api.poly.love"] + domains = ["api.compassmeet.com"] } } @@ -99,6 +98,16 @@ spec: value: ${upper(var.env)} - name: GOOGLE_CLOUD_PROJECT value: ${local.project} + - name: SUPABASE_PASSWORD + valueFrom: + secretKeyRef: + name: "SUPABASE_PASSWORD" + key: "latest" + - name: GEODB_API_KEY + valueFrom: + secretKeyRef: + name: "GEODB_API_KEY" + key: "latest" ports: - containerPort: 80 EOF @@ -253,53 +262,53 @@ resource "google_compute_firewall" "default_allow_https" { source_ranges = ["0.0.0.0/0"] } -resource "google_compute_firewall" "default_allow_ssh" { - name = "default-allow-ssh" - network = "default" - priority = 65534 - direction = "INGRESS" - - allow { - protocol = "tcp" - ports = ["22"] - } - - source_ranges = ["0.0.0.0/0"] -} - -resource "google_compute_firewall" "default_allow_internal" { - name = "default-allow-internal" - network = "default" - priority = 65534 - direction = "INGRESS" - - allow { - protocol = "tcp" - ports = ["0-65535"] - } - - allow { - protocol = "udp" - ports = ["0-65535"] - } - - allow { - protocol = "icmp" - } - - source_ranges = ["10.128.0.0/9"] -} - -# Allow ICMP (ping) -resource "google_compute_firewall" "default_allow_icmp" { - name = "default-allow-icmp" - network = "default" - priority = 65534 - direction = "INGRESS" - - allow { - protocol = "icmp" - } - - source_ranges = ["0.0.0.0/0"] -} +# resource "google_compute_firewall" "default_allow_ssh" { +# name = "default-allow-ssh" +# network = "default" +# priority = 65534 +# direction = "INGRESS" +# +# allow { +# protocol = "tcp" +# ports = ["22"] +# } +# +# source_ranges = ["0.0.0.0/0"] +# } +# +# resource "google_compute_firewall" "default_allow_internal" { +# name = "default-allow-internal" +# network = "default" +# priority = 65534 +# direction = "INGRESS" +# +# allow { +# protocol = "tcp" +# ports = ["0-65535"] +# } +# +# allow { +# protocol = "udp" +# ports = ["0-65535"] +# } +# +# allow { +# protocol = "icmp" +# } +# +# source_ranges = ["10.128.0.0/9"] +# } +# +# # Allow ICMP (ping) +# resource "google_compute_firewall" "default_allow_icmp" { +# name = "default-allow-icmp" +# network = "default" +# priority = 65534 +# direction = "INGRESS" +# +# allow { +# protocol = "icmp" +# } +# +# source_ranges = ["0.0.0.0/0"] +# } diff --git a/backend/firebase/.firebaserc b/backend/firebase/.firebaserc index 453b3678..a76d12fe 100644 --- a/backend/firebase/.firebaserc +++ b/backend/firebase/.firebaserc @@ -1,7 +1,7 @@ { "projects": { - "default": "polylove", - "prod": "polylove", - "dev": "polylove-dev" + "default": "compass-130ba", + "prod": "compass-130ba", + "dev": "compass-130ba" } } diff --git a/backend/firebase/firebase.json b/backend/firebase/firebase.json index 326e01e6..dcf79863 100644 --- a/backend/firebase/firebase.json +++ b/backend/firebase/firebase.json @@ -1,11 +1,11 @@ { "storage": [ { - "bucket": "polylove.firebasestorage.app", + "bucket": "compass-130ba-public", "rules": "storage.rules" }, { - "bucket": "polylove-private.firebasestorage.app", + "bucket": "compass-130ba-private.firebasestorage.app", "rules": "private-storage.rules" } ] diff --git a/common/src/envs/constants.ts b/common/src/envs/constants.ts index 89e4bbde..ae30a654 100644 --- a/common/src/envs/constants.ts +++ b/common/src/envs/constants.ts @@ -33,25 +33,11 @@ export const AUTH_COOKIE_NAME = `FBUSER_${PROJECT_ID.toUpperCase().replace( )}` export const MOD_IDS = [ - 'HTbxWFlzWGeHUTiwZvvF0qm8W433', // Conflux - '9dAaZrNSx5OT0su6rpusDoG9WPN2', // dglid - '5XMvQhA3YgcTzyoJRiNqGWyuB9k2', // dreev - '2VhlvfTaRqZbFn2jqxk2Am9jgsE2', // Gabrielle - 'XeQf3ygmrGM1MxdsE3JSlmq8vL42', // Jacy - 'JlVpsgzLsbOUT4pajswVMr0ZzmM2', // Joshua - 'sA7V30Ic73XZtniboy2eKr6ekkn1', // MartinRandall - 'jO7sUhIDTQbAJ3w86akzncTlpRG2', // MichaelWheatley - 'lkkqZxiWCpOgtJ9ztJcAKz4d9y33', // NathanpmYoung - 'YOILpFNyg0gGj79zBIBUpJigHQ83', // SneakySly - 'KHX2ThSFtLQlau58hrjtCX7OL2h2', // shankypanky (stefanie) + '...', ] export const VERIFIED_USERNAMES = [ - 'ScottAlexander', - 'Aella', - 'Roko', - 'KatjaGrace', - 'patrissimo', + 'Martin', ] export const TEN_YEARS_SECS = 60 * 60 * 24 * 365 * 10 diff --git a/common/src/envs/dev.ts b/common/src/envs/dev.ts index 1dde1caf..0d3413e5 100644 --- a/common/src/envs/dev.ts +++ b/common/src/envs/dev.ts @@ -7,7 +7,7 @@ export const DEV_CONFIG: EnvConfig = { apiKey: "AIzaSyAxzhj6bZuZ1TCw9xzibGccRHXiRWq6iy0", authDomain: "compass-130ba.firebaseapp.com", projectId: "compass-130ba", - storageBucket: "compass-130ba.firebasestorage.app", + storageBucket: "compass-130ba-public", messagingSenderId: "253367029065", appId: "1:253367029065:web:b338785af99d4145095e98", measurementId: "G-2LSQYJQE6P", diff --git a/common/src/envs/prod.ts b/common/src/envs/prod.ts index 43b64475..179f8cea 100644 --- a/common/src/envs/prod.ts +++ b/common/src/envs/prod.ts @@ -36,7 +36,7 @@ export const PROD_CONFIG: EnvConfig = { apiKey: "AIzaSyAxzhj6bZuZ1TCw9xzibGccRHXiRWq6iy0", authDomain: "compass-130ba.firebaseapp.com", projectId: "compass-130ba", - storageBucket: "compass-130ba.firebasestorage.app", + storageBucket: "compass-130ba-public", messagingSenderId: "253367029065", appId: "1:253367029065:web:b338785af99d4145095e98", measurementId: "G-2LSQYJQE6P", diff --git a/firebase.json b/firebase.json index f41fee6b..dcf79863 100644 --- a/firebase.json +++ b/firebase.json @@ -1,7 +1,7 @@ { "storage": [ { - "bucket": "compass-130ba.firebasestorage.app", + "bucket": "compass-130ba-public", "rules": "storage.rules" }, { diff --git a/supabase.ts b/supabase.ts index cc90254d..abd0594c 100644 --- a/supabase.ts +++ b/supabase.ts @@ -744,7 +744,7 @@ export const ENV_CONFIG = { apiKey: "AIzaSyAxzhj6bZuZ1TCw9xzibGccRHXiRWq6iy0", authDomain: "compass-130ba.firebaseapp.com", projectId: "compass-130ba", - storageBucket: "compass-130ba.firebasestorage.app", + storageBucket: "compass-130ba-public", messagingSenderId: "253367029065", appId: "1:253367029065:web:b338785af99d4145095e98", measurementId: "G-2LSQYJQE6P",