misc

cscosu · Feb 3, 2025 · 6f4d14d · 6f4d14d
1 parent 0ffd430
commit 6f4d14d
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 18 deletions.
diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml
@@ -0,0 +1,34 @@
+name: Terraform
+on:
+  - push
+  - pull_request
+jobs:
+  validate:
+    name: Validate
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+
+      - name: Init
+        run: terraform init -backend=false
+
+      - name: Validate
+        run: terraform validate
+
+  format:
+    name: Format
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+
+      - name: Init
+        run: terraform init -backend=false
+
+      - name: Format
+        run: terraform fmt
diff --git a/README.md b/README.md
@@ -25,6 +25,7 @@
 - Least privileges
     - Use IAM to scope permissions as tightly as possible.
     - Allow only the ports you need through security groups.
+    - Avoid baking secrets.
 
 ## Infrastructure Diagram
 

diff --git a/ctfd.tf b/ctfd.tf
@@ -211,7 +211,7 @@ resource "aws_ecs_task_definition" "ctfd" {
         retries = 3
         command = [
           "CMD-SHELL",
-          "true"
+          "healthcheck.sh --connect --innodb_initialized"
         ]
         timeout  = 3
         interval = 10

diff --git a/traefik.tf b/traefik.tf
@@ -117,12 +117,6 @@ resource "aws_ecs_task_definition" "traefik" {
         },
       ]
 
-      dockerLabels = {
-        "traefik.enable"                                       = "true"
-        "traefik.http.middlewares.retry.retry.attempts"        = "4"
-        "traefik.http.middlewares.retry.retry.initialInterval" = "100ms"
-      }
-
       logConfiguration = {
         logDriver = "awslogs"
         options = {
@@ -226,17 +220,6 @@ data "aws_iam_policy_document" "assume_role_policy" {
   }
 }
 
-# resource "aws_iam_policy_attachment" "traefik" {
-#   name       = "iam-policy-attachment-traefik"
-#   roles      = [aws_iam_role.task_role.name]
-#   policy_arn = aws_iam_policy.traefik.arn
-# }
-
-# resource "aws_iam_policy" "traefik" {
-#   name   = "iam-policy-traefik"
-#   policy = data.aws_iam_policy_document.traefik.json
-# }
-
 resource "aws_iam_role_policy" "traefik" {
   role   = aws_iam_role.task_role.id
   policy = data.aws_iam_policy_document.traefik.json