From 6f4d14dcf18a6e423af9107a3b90c9def019a76f Mon Sep 17 00:00:00 2001
From: Mark Bundschuh <mark@mbund.dev>
Date: Sun, 2 Feb 2025 23:47:16 -0500
Subject: [PATCH] misc

---
 .github/workflows/terraform.yaml | 34 ++++++++++++++++++++++++++++++++
 README.md                        |  1 +
 ctfd.tf                          |  2 +-
 traefik.tf                       | 17 ----------------
 4 files changed, 36 insertions(+), 18 deletions(-)
 create mode 100644 .github/workflows/terraform.yaml

diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml
new file mode 100644
index 0000000..d8c85bf
--- /dev/null
+++ b/.github/workflows/terraform.yaml
@@ -0,0 +1,34 @@
+name: Terraform
+on:
+  - push
+  - pull_request
+jobs:
+  validate:
+    name: Validate
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+
+      - name: Init
+        run: terraform init -backend=false
+
+      - name: Validate
+        run: terraform validate
+
+  format:
+    name: Format
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+
+      - name: Init
+        run: terraform init -backend=false
+
+      - name: Format
+        run: terraform fmt
diff --git a/README.md b/README.md
index d05bb20..d90e0c4 100644
--- a/README.md
+++ b/README.md
@@ -25,6 +25,7 @@
 - Least privileges
     - Use IAM to scope permissions as tightly as possible.
     - Allow only the ports you need through security groups.
+    - Avoid baking secrets.
 
 ## Infrastructure Diagram
 
diff --git a/ctfd.tf b/ctfd.tf
index 18df12f..9160f65 100644
--- a/ctfd.tf
+++ b/ctfd.tf
@@ -211,7 +211,7 @@ resource "aws_ecs_task_definition" "ctfd" {
         retries = 3
         command = [
           "CMD-SHELL",
-          "true"
+          "healthcheck.sh --connect --innodb_initialized"
         ]
         timeout  = 3
         interval = 10
diff --git a/traefik.tf b/traefik.tf
index 2aac902..eb9878d 100644
--- a/traefik.tf
+++ b/traefik.tf
@@ -117,12 +117,6 @@ resource "aws_ecs_task_definition" "traefik" {
         },
       ]
 
-      dockerLabels = {
-        "traefik.enable"                                       = "true"
-        "traefik.http.middlewares.retry.retry.attempts"        = "4"
-        "traefik.http.middlewares.retry.retry.initialInterval" = "100ms"
-      }
-
       logConfiguration = {
         logDriver = "awslogs"
         options = {
@@ -226,17 +220,6 @@ data "aws_iam_policy_document" "assume_role_policy" {
   }
 }
 
-# resource "aws_iam_policy_attachment" "traefik" {
-#   name       = "iam-policy-attachment-traefik"
-#   roles      = [aws_iam_role.task_role.name]
-#   policy_arn = aws_iam_policy.traefik.arn
-# }
-
-# resource "aws_iam_policy" "traefik" {
-#   name   = "iam-policy-traefik"
-#   policy = data.aws_iam_policy_document.traefik.json
-# }
-
 resource "aws_iam_role_policy" "traefik" {
   role   = aws_iam_role.task_role.id
   policy = data.aws_iam_policy_document.traefik.json