~repos /website
git clone https://pyrossh.dev/repos/website.git
木 Personal website of pyrossh. Built with astrojs, shiki, vite.
194f6f6e
—
pyrossh 6 months ago
update terraform
- infra/main.tf +17 -27
- src/content.config.ts +0 -4
infra/main.tf
CHANGED
|
@@ -32,7 +32,7 @@ resource "aws_route53_zone" "main" {
|
|
|
32
32
|
name = "pyrossh.dev"
|
|
33
33
|
}
|
|
34
34
|
|
|
35
|
-
resource "aws_s3_bucket" "
|
|
35
|
+
resource "aws_s3_bucket" "website_bucket" {
|
|
36
36
|
bucket = "pyrossh-website"
|
|
37
37
|
}
|
|
38
38
|
|
|
@@ -40,32 +40,22 @@ resource "aws_s3_bucket" "repos_bucket" {
|
|
|
40
40
|
bucket = "pyrossh-repos"
|
|
41
41
|
}
|
|
42
42
|
|
|
43
|
-
resource "aws_s3_bucket_public_access_block" "
|
|
43
|
+
resource "aws_s3_bucket_public_access_block" "website_bucket_public_access" {
|
|
44
|
-
bucket = aws_s3_bucket.
|
|
44
|
+
bucket = aws_s3_bucket.website_bucket.id
|
|
45
45
|
block_public_acls = true
|
|
46
46
|
block_public_policy = true
|
|
47
47
|
ignore_public_acls = true
|
|
48
48
|
restrict_public_buckets = true
|
|
49
49
|
}
|
|
50
50
|
|
|
51
|
-
resource "aws_cloudfront_origin_access_control" "
|
|
51
|
+
resource "aws_cloudfront_origin_access_control" "s3_oac" {
|
|
52
|
-
name = "
|
|
52
|
+
name = "s3-oac"
|
|
53
|
-
description = "Grant cloudfront access to s3 bucket ${aws_s3_bucket.website.id}"
|
|
54
53
|
origin_access_control_origin_type = "s3"
|
|
55
54
|
signing_behavior = "always" // "no-override"
|
|
56
55
|
signing_protocol = "sigv4"
|
|
57
56
|
}
|
|
58
57
|
|
|
59
|
-
resource "aws_cloudfront_origin_access_control" "repos_bucket" {
|
|
60
|
-
name = "${aws_s3_bucket.repos_bucket.id}-oac"
|
|
61
|
-
description = "Grant cloudfront access to s3 bucket ${aws_s3_bucket.repos_bucket.id}"
|
|
62
|
-
origin_access_control_origin_type = "s3"
|
|
63
|
-
signing_behavior = "always" // "no-override"
|
|
64
|
-
signing_protocol = "sigv4"
|
|
65
|
-
}
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
data "aws_iam_policy_document" "
|
|
58
|
+
data "aws_iam_policy_document" "cloudfront_website_bucket_access" {
|
|
69
59
|
statement {
|
|
70
60
|
principals {
|
|
71
61
|
type = "Service"
|
|
@@ -77,8 +67,8 @@ data "aws_iam_policy_document" "cloudfront_website_access" {
|
|
|
77
67
|
]
|
|
78
68
|
|
|
79
69
|
resources = [
|
|
80
|
-
aws_s3_bucket.
|
|
70
|
+
aws_s3_bucket.website_bucket.arn,
|
|
81
|
-
"${aws_s3_bucket.
|
|
71
|
+
"${aws_s3_bucket.website_bucket.arn}/*",
|
|
82
72
|
]
|
|
83
73
|
|
|
84
74
|
condition {
|
|
@@ -89,9 +79,9 @@ data "aws_iam_policy_document" "cloudfront_website_access" {
|
|
|
89
79
|
}
|
|
90
80
|
}
|
|
91
81
|
|
|
92
|
-
resource "aws_s3_bucket_policy" "
|
|
82
|
+
resource "aws_s3_bucket_policy" "website_bucket_access_policy" {
|
|
93
|
-
bucket = aws_s3_bucket.
|
|
83
|
+
bucket = aws_s3_bucket.website_bucket.id
|
|
94
|
-
policy = data.aws_iam_policy_document.
|
|
84
|
+
policy = data.aws_iam_policy_document.cloudfront_website_bucket_access.json
|
|
95
85
|
}
|
|
96
86
|
|
|
97
87
|
data "aws_iam_policy_document" "cloudfront_repos_bucket_access" {
|
|
@@ -171,14 +161,14 @@ resource "aws_cloudfront_function" "zip_redirector" {
|
|
|
171
161
|
|
|
172
162
|
resource "aws_cloudfront_distribution" "s3_distribution" {
|
|
173
163
|
origin {
|
|
174
|
-
domain_name = aws_s3_bucket.
|
|
164
|
+
domain_name = aws_s3_bucket.website_bucket.bucket_regional_domain_name
|
|
175
|
-
origin_id = aws_s3_bucket.
|
|
165
|
+
origin_id = aws_s3_bucket.website_bucket.bucket_regional_domain_name
|
|
176
|
-
origin_access_control_id = aws_cloudfront_origin_access_control.
|
|
166
|
+
origin_access_control_id = aws_cloudfront_origin_access_control.s3_oac.id
|
|
177
167
|
}
|
|
178
168
|
origin {
|
|
179
169
|
domain_name = aws_s3_bucket.repos_bucket.bucket_regional_domain_name
|
|
180
170
|
origin_id = aws_s3_bucket.repos_bucket.bucket_regional_domain_name
|
|
181
|
-
origin_access_control_id = aws_cloudfront_origin_access_control.
|
|
171
|
+
origin_access_control_id = aws_cloudfront_origin_access_control.s3_oac.id
|
|
182
172
|
}
|
|
183
173
|
enabled = true
|
|
184
174
|
is_ipv6_enabled = true
|
|
@@ -222,7 +212,7 @@ resource "aws_cloudfront_distribution" "s3_distribution" {
|
|
|
222
212
|
path_pattern = "/*"
|
|
223
213
|
allowed_methods = ["GET", "HEAD"]
|
|
224
214
|
cached_methods = ["GET", "HEAD"]
|
|
225
|
-
target_origin_id = aws_s3_bucket.
|
|
215
|
+
target_origin_id = aws_s3_bucket.website_bucket.bucket_regional_domain_name
|
|
226
216
|
forwarded_values {
|
|
227
217
|
query_string = true
|
|
228
218
|
cookies {
|
|
@@ -242,7 +232,7 @@ resource "aws_cloudfront_distribution" "s3_distribution" {
|
|
|
242
232
|
default_cache_behavior {
|
|
243
233
|
allowed_methods = ["GET", "HEAD"]
|
|
244
234
|
cached_methods = ["GET", "HEAD"]
|
|
245
|
-
target_origin_id = aws_s3_bucket.
|
|
235
|
+
target_origin_id = aws_s3_bucket.website_bucket.bucket_regional_domain_name
|
|
246
236
|
forwarded_values {
|
|
247
237
|
query_string = true
|
|
248
238
|
cookies {
|
src/content.config.ts
CHANGED
|
@@ -4,10 +4,6 @@ import { glob } from 'astro/loaders';
|
|
|
4
4
|
import { defineCollection, z } from 'astro:content';
|
|
5
5
|
import { REPOS } from './consts';
|
|
6
6
|
|
|
7
|
-
|
|
8
|
-
// https://pyrossh.dev/zips/rp2350/refs/heads/master/repo.zip
|
|
9
|
-
// https://pyrossh-repos.s3.ap-south-1.amazonaws.com/rp2350/refs/heads/master/repo.zip
|
|
10
|
-
|
|
11
7
|
async function checkFileExists(filePath: string) {
|
|
12
8
|
try {
|
|
13
9
|
await fs.stat(filePath);
|