[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/02: cdn: Remove unused berlin-mirror.
From: |
Chris Marusich |
Subject: |
01/02: cdn: Remove unused berlin-mirror. |
Date: |
Sat, 4 May 2019 05:03:35 -0400 (EDT) |
marusich pushed a commit to branch master
in repository maintenance.
commit 9e804142b1b584196e0b95f279c2214785dcd205
Author: Chris Marusich <address@hidden>
Date: Sat May 4 01:34:25 2019 -0700
cdn: Remove unused berlin-mirror.
The berlin-mirror CloudFront distribution is safe to delete because it
is not currently being used. The charlie-distribution CloudFront
distribution has replaced it.
* cdn/terraform/cloudfront.tf (berlin-mirror, berlin-mirror-id)
(berlin-mirror-enabled, berlin-mirror-status)
(berlin-mirror-domain-name): Remove these.
---
cdn/terraform/cloudfront.tf | 104 --------------------------------------------
1 file changed, 104 deletions(-)
diff --git a/cdn/terraform/cloudfront.tf b/cdn/terraform/cloudfront.tf
index d9cadda..7d5a4ab 100644
--- a/cdn/terraform/cloudfront.tf
+++ b/cdn/terraform/cloudfront.tf
@@ -62,110 +62,6 @@ locals {
}
}
-resource "aws_cloudfront_distribution" "berlin-mirror" {
- enabled = true
- comment = "Distributed caching proxy for berlin.guixsd.org"
- origin {
- domain_name = "berlin.guixsd.org"
- origin_id = "berlin.guixsd.org"
- custom_origin_config {
- http_port = 80 # Required, but not used.
- https_port = 443
- # Always use TLS when forwarding requests to the origin.
- origin_protocol_policy = "https-only"
- origin_ssl_protocols = ["TLSv1.2"]
- origin_keepalive_timeout = 60
- origin_read_timeout = 60
- }
- }
- # The CNAME that will point to this CloudFront distribution.
- aliases = ["ci.guix.info"]
- is_ipv6_enabled = true
- # This is actually the_maximum HTTP version to support. See:
- #
https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html#http_version
- http_version = "http2"
- # Serve requests from all edge locations.
- price_class = "PriceClass_All"
- # Do not restrict access.
- restrictions { geo_restriction { restriction_type = "none" }}
- # When deleting the distribution, actually delete it. See:
- #
https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html#retain_on_delete
- retain_on_delete = false
- # By default, don't cache anything. This is useful because on
- # berlin.guixsd.org, we run Cuirass, which has many URLs we don't
- # want to cache.
- default_cache_behavior = ["${local.do_not_cache_behavior}"]
- # Cache all the relevant paths published by "guix publish". See
- # guix/scripts/publish.scm in the Guix source for details.
- ordered_cache_behavior = [
- # /nix-cache-info
- "${merge(
- local.default_behavior,
- map("path_pattern", "/nix-cache-info")
- )}",
- # /<hash>.narinfo
- "${merge(
- local.default_behavior,
- map("path_pattern", "/*.narinfo")
- )}",
- # /file/<name>/sha256/<hash>
- "${merge(
- local.default_behavior,
- map("path_pattern", "/file/*")
- )}",
- # /log/<output>
- "${merge(
- local.default_behavior,
- map("path_pattern", "/log/*")
- )}",
- # /nar/gzip/<store-item>
- # /nar/<store-item>
- "${merge(
- local.default_behavior,
- map("path_pattern", "/nar/*")
- )}",
- # Static files for the Cuirass website - this is not part of "guix
publish".
- "${merge(
- local.default_behavior,
- map("path_pattern", "/static/*")
- )}"
- ]
- # TODO: Maybe set a caching behavior for error responses.
- # custom_error_response {}
- viewer_certificate {
- # Note that "terraform apply" will fail until this certificate is
- # valid. See the comment in the definition of
- # berlin-mirror-certificate for more information.
- acm_certificate_arn =
"${aws_acm_certificate.berlin-mirror-certificate.arn}"
- # This is the recommended value as of 2018-12-28. See:
- #
https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ViewerCertificate.html
- #
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html#secure-connections-supported-ciphers
- minimum_protocol_version = "TLSv1.1_2016"
- # Use SNI. Don't use the "vip" (i.e., dedicated IP address)
- # method, since it's expensive and unnecessary. See:
- #
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cnames-https-dedicated-ip-or-sni.html
- ssl_support_method = "sni-only"
- }
-}
-
-output "berlin-mirror-id" {
- value = "${aws_cloudfront_distribution.berlin-mirror.id}"
-}
-output "berlin-mirror-enabled" {
- value = "${aws_cloudfront_distribution.berlin-mirror.enabled}"
-}
-output "berlin-mirror-status" {
- value = "${aws_cloudfront_distribution.berlin-mirror.status}"
-}
-output "berlin-mirror-domain-name" {
- value = "${aws_cloudfront_distribution.berlin-mirror.domain_name}"
-}
-
-# We plan to migrate to ci.guix.gnu.org. During the migration, we'll
-# need to have two distributions. Since the name "berlin mirror"
-# is already taken, let's use something unique. Since "C" comes after
-# "B", let's use the name "charlie". B for berlin, C for charlie.
-
resource "aws_cloudfront_distribution" "charlie-distribution" {
enabled = true
comment = "Distributed caching proxy for berlin.guixsd.org"