Migrate to using service module, support multiple regions

.modules/service/ecs.tf

@@ -56,4 +56,4 @@ resource "aws_ecs_task_definition" "task" {
       }
     }, var.container_definitions)
   ])
-}
+}

.modules/webservice/dns.tf

@@ -5,8 +5,8 @@ data "cloudflare_zone" "dns_zone" {
 resource "cloudflare_record" "instance_dns" {
   zone_id = data.cloudflare_zone.dns_zone.id
   name    = coalesce(var.subdomain, lower(var.service_name))
-  value   = lower(aws_alb.main.dns_name)
+  content = lower(aws_alb.main.dns_name)
   type    = "CNAME"
   ttl     = 1
   proxied = var.cloudflare_proxy
-}
+}

infrastructure/main.tf

@@ -18,3 +18,17 @@ module "us_east_1" {
   ecs_policy   = aws_iam_instance_profile.ecs_instance_profile.arn
   network_cidr = var.network_cidr["us-east-1"]
 }
+
+module "eu_central_1" {
+  source       = "./region"
+  region       = "eu-central-1"
+  ecs_policy   = aws_iam_instance_profile.ecs_instance_profile.arn
+  network_cidr = var.network_cidr["eu-central-1"]
+}
+
+module "ap_southeast_1" {
+  source       = "./region"
+  region       = "ap-southeast-1"
+  ecs_policy   = aws_iam_instance_profile.ecs_instance_profile.arn
+  network_cidr = var.network_cidr["ap-southeast-1"]
+}

infrastructure/outputs.tf

@@ -12,3 +12,23 @@ output "us-east-1" {
     "network_id" : module.us_east_1.network_id,
   }
 }
+
+output "eu-central-1" {
+  description = "Outputs for the eu-central-1 region"
+  value = {
+    "public_subnets" : module.eu_central_1.public_subnets,
+    "private_subnets" : module.eu_central_1.private_subnets,
+    "ecs_cluster" : module.eu_central_1.ecs_cluster,
+    "network_id" : module.eu_central_1.network_id,
+  }
+}
+
+output "ap-southeast-1" {
+  description = "Outputs for the ap-southeast-1 region"
+  value = {
+    "public_subnets" : module.ap_southeast_1.public_subnets,
+    "private_subnets" : module.ap_southeast_1.private_subnets,
+    "ecs_cluster" : module.ap_southeast_1.ecs_cluster,
+    "network_id" : module.ap_southeast_1.network_id,
+  }
+}

stun_server/main.tf

@@ -12,7 +12,29 @@ provider "aws" {
   region = "us-east-1"
 }
 
-data "tfe_outputs" "infrastructure" {
-  organization = "home_assistant"
-  workspace    = "infrastructure"
+module "us_east_1" {
+  source = "./region"
+
+  region      = "us-east-1"
+  domain_name = var.domain_name
+  subdomain   = "stun-us"
+  image_tag   = var.image_tag
+}
+
+module "eu_central_1" {
+  source = "./region"
+
+  region      = "eu-central-1"
+  domain_name = var.domain_name
+  subdomain   = "stun-eu"
+  image_tag   = var.image_tag
+}
+
+module "ap_southeast_1" {
+  source = "./region"
+
+  region      = "ap-southeast-1"
+  domain_name = var.domain_name
+  subdomain   = "stun-ap"
+  image_tag   = var.image_tag
 }

stun_server/dns.tf → stun_server/region/dns.tf

@@ -4,8 +4,8 @@ data "cloudflare_zone" "dns_zone" {
 
 resource "cloudflare_record" "instance_dns" {
   zone_id = data.cloudflare_zone.dns_zone.id
-  name    = "" # TODO: Add the subdomain
-  content = data.aws_network_interface.stun_server_interface.association[0].public_ip
+  name    = var.subdomain
+  content = module.stun_server.aws_network_interface.stun_server_interface.association[0].public_ip
   type    = "A"
   proxied = true
 }

stun_server/region/ecs.tf

@@ -0,0 +1,30 @@
+resource "aws_ecs_service" "stun-server" {
+  name                               = local.service_name
+  cluster                            = data.tfe_outputs.infrastructure.values[var.region].ecs_cluster
+  task_definition                    = module.stun_server.task_definition
+  desired_count                      = 1
+  deployment_minimum_healthy_percent = 100
+  deployment_maximum_percent         = 200
+  health_check_grace_period_seconds  = 90
+  launch_type                        = local.launch_type
+
+  # Required to fetch the public IP address of the ECS service
+  enable_ecs_managed_tags = true
+  wait_for_steady_state   = true
+
+  network_configuration {
+    assign_public_ip = true
+    security_groups  = [aws_security_group.stun_sg.id]
+    subnets = [
+      data.tfe_outputs.infrastructure.values.public_subnets[0],
+      data.tfe_outputs.infrastructure.values.public_subnets[1]
+    ]
+  }
+}
+
+data "aws_network_interface" "stun_server_interface" {
+  filter {
+    name   = "tag:aws:ecs:serviceName"
+    values = [aws_ecs_service.stun-server.name]
+  }
+}

stun_server/region/module.tf

@@ -0,0 +1,37 @@
+locals {
+  service_name = "stun-server"
+  launch_type  = "FARGATE"
+}
+
+data "tfe_outputs" "infrastructure" {
+  organization = "home_assistant"
+  workspace    = "infrastructure"
+}
+
+module "stun_server" {
+  source = "../../.modules/service"
+
+  service_name      = local.service_name
+  container_image   = "ghcr.io/home-assistant/stun-server"
+  container_version = var.image_tag
+  launch_type       = local.launch_type
+  region            = var.region
+  ecs_cpu           = 2048
+  ecs_memory        = 4096
+  container_definitions = {
+    portMappings = [
+      {
+        containerPort = 3478
+        hostPort      = 3478
+        protocol      = "tcp"
+      },
+      {
+        containerPort = 3478
+        hostPort      = 3478
+        protocol      = "udp"
+      }
+    ],
+  }
+  webservice      = true
+  rolling_updates = true
+}

stun_server/network.tf → stun_server/region/network.tf

@@ -1,5 +1,5 @@
 resource "aws_security_group" "stun_sg" {
-  vpc_id = data.tfe_outputs.infrastructure.values["us-east-1"].network_id
+  vpc_id = data.tfe_outputs.infrastructure.values[var.region].network_id
 
   egress {
     from_port   = 0

stun_server/region/variables.tf

@@ -0,0 +1,19 @@
+variable "region" {
+  description = "The region to deploy the STUN server to"
+  type        = string
+
+}
+
+variable "domain_name" {
+  description = "The base domain name"
+  type        = string
+}
+
+variable "subdomain" {
+  description = "The subdomain to use for the STUN server"
+  type        = string
+}
+variable "image_tag" {
+  description = "Version of the Stun server to deploy"
+  type        = string
+}