3 files changed, 216 insertions, 23 deletions

diff --git a/org-buetow-ecs/syncthingservice.tf b/org-buetow-ecs/syncthingservice.tf
new file mode 100644
index 0000000..6389d6d
--- /dev/null
+++ b/org-buetow-ecs/syncthingservice.tf
@@ -0,0 +1,216 @@
+resource "aws_lb" "syncthing_nlb" {
+  name               = "syncthing-nlb"
+  internal           = false
+  load_balancer_type = "network"
+  ip_address_type    = "dualstack"
+  subnets = [
+    data.terraform_remote_state.base.outputs.public_subnet_a_id,
+    data.terraform_remote_state.base.outputs.public_subnet_b_id,
+    data.terraform_remote_state.base.outputs.public_subnet_c_id,
+  ]
+}
+
+resource "aws_lb_listener" "syncthing_8384" {
+  load_balancer_arn = aws_lb.syncthing_nlb.arn
+  protocol          = "TCP"
+  port              = 8384
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.syncthing_ui.arn
+  }
+}
+
+resource "aws_lb_target_group" "syncthing_ui" {
+  name     = "syncthing-ui-tg"
+  port     = 8384
+  protocol = "TCP"
+  vpc_id   = data.terraform_remote_state.base.outputs.vpc_id
+  target_type = "ip"
+}
+
+resource "aws_route53_record" "a_record_syncthing" {
+  zone_id = data.terraform_remote_state.base.outputs.buetow_cloud_zone_id
+  name    = "syncthing.buetow.cloud."
+  type    = "A"
+
+  alias {
+    name                   = aws_lb.syncthing_nlb.dns_name
+    zone_id                = aws_lb.syncthing_nlb.zone_id
+    evaluate_target_health = true
+  }
+}
+
+resource "aws_route53_record" "aaaa_record_syncthing" {
+  zone_id = data.terraform_remote_state.base.outputs.buetow_cloud_zone_id
+  name    = "syncthing.buetow.cloud."
+  type    = "AAAA"
+
+  alias {
+    name                   = aws_lb.syncthing_nlb.dns_name
+    zone_id                = aws_lb.syncthing_nlb.zone_id
+    evaluate_target_health = true
+  }
+}
+
+resource "aws_ecs_task_definition" "syncthing" {
+  family                   = "syncthing"
+  network_mode             = "awsvpc"
+  requires_compatibilities = ["FARGATE"]
+  cpu                      = "256"
+  memory                   = "512"
+  execution_role_arn       = aws_iam_role.ecs_execution_role.arn
+
+  volume {
+    name = "syncthing-config-efs-volume"
+    efs_volume_configuration {
+      file_system_id = data.terraform_remote_state.base.outputs.self_hosted_services_efs_id
+      root_directory = "/ecs/syncthing/config"
+    }
+  }
+
+  volume {
+    name = "syncthing-data1-efs-volume"
+    efs_volume_configuration {
+      file_system_id = data.terraform_remote_state.base.outputs.self_hosted_services_efs_id
+      root_directory = "/ecs/syncthing/data1"
+    }
+  }
+
+  volume {
+    name = "syncthing-data2-efs-volume"
+    efs_volume_configuration {
+      file_system_id = data.terraform_remote_state.base.outputs.self_hosted_services_efs_id
+      root_directory = "/ecs/syncthing/data2"
+    }
+  }
+
+  container_definitions = jsonencode([{
+    name  = "syncthing",
+    image = "lscr.io/linuxserver/syncthing:latest",
+    portMappings = [
+      {
+        containerPort = 8384,
+        hostPort      = 8384,
+        protocol      = "tcp"
+      },
+      {
+        containerPort = 22000,
+        hostPort      = 22000,
+        protocol      = "tcp"
+      },
+      {
+        containerPort = 22000,
+        hostPort      = 22000,
+        protocol      = "udp"
+      },
+      {
+        containerPort = 21027,
+        hostPort      = 21027,
+        protocol      = "udp"
+      }
+    ],
+    mountPoints = [
+      {
+        sourceVolume  = "syncthing-config-efs-volume"
+        containerPath = "/config"
+        readOnly      = false
+      },
+      {
+        sourceVolume  = "syncthing-data1-efs-volume"
+        containerPath = "/data1"
+        readOnly      = false
+      },
+      {
+        sourceVolume  = "syncthing-data2-efs-volume"
+        containerPath = "/data2",
+        readOnly      = false
+      }
+    ],
+    "logConfiguration" : {
+      "logDriver" : "awslogs",
+      "options" : {
+        "awslogs-group" : "/ecs/containers",
+        "awslogs-region" : "eu-central-1",
+        "awslogs-stream-prefix" : "syncthing"
+      }
+    }
+  }])
+}
+
+resource "aws_security_group" "syncthing" {
+  name        = "allow_8384"
+  description = "Allow traffic on syncthing ports"
+  vpc_id      = data.terraform_remote_state.base.outputs.vpc_id
+
+  ingress {
+    description      = "Allow inbound TCP traffic on port 8384"
+    from_port        = 8384
+    to_port          = 8384
+    protocol         = "tcp"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = ["::/0"]
+  }
+
+  ingress {
+    description      = "Allow inbound TCP traffic on port 22000"
+    from_port        = 22000
+    to_port          = 22000
+    protocol         = "tcp"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = ["::/0"]
+  }
+
+  ingress {
+    description      = "Allow inbound UDP traffic on port 22000"
+    from_port        = 22000
+    to_port          = 22000
+    protocol         = "udp"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = ["::/0"]
+  }
+
+  ingress {
+    description      = "Allow inbound UDP traffic on port 21027"
+    from_port        = 21027
+    to_port          = 21027
+    protocol         = "udp"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = ["::/0"]
+  }
+
+  egress {
+    from_port        = 0
+    to_port          = 0
+    protocol         = "-1" # Allows all outbound traffic
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = ["::/0"]
+  }
+
+  tags = {
+    Name = "allow-syncthing"
+  }
+}
+resource "aws_ecs_service" "syncthing" {
+  name            = "syncthing"
+  cluster         = aws_ecs_cluster.ecs_cluster.id
+  task_definition = aws_ecs_task_definition.syncthing.arn
+  launch_type     = "FARGATE"
+  desired_count   = 1
+
+  load_balancer {
+    target_group_arn = aws_lb_target_group.syncthing_ui.arn
+    container_name   = "syncthing" # Must match the name in your container definition
+    container_port   = 8384        # The port your container is listening on
+  }
+
+  network_configuration {
+    subnets = [
+      data.terraform_remote_state.base.outputs.public_subnet_a_id,
+      data.terraform_remote_state.base.outputs.public_subnet_b_id,
+      data.terraform_remote_state.base.outputs.public_subnet_c_id,
+    ]
+    security_groups  = [aws_security_group.syncthing.id]
+    assign_public_ip = true
+  }
+}
diff --git a/org-buetow-elb/nlb.tf b/org-buetow-elb/nlb.tf
deleted file mode 100644
index 07889ec..0000000
--- a/org-buetow-elb/nlb.tf
+++ /dev/null
@@ -1,11 +0,0 @@
-resource "aws_lb" "nlb" {
-  name               = "nlb"
-  internal           = false
-  load_balancer_type = "network"
-  ip_address_type    = "dualstack"
-  subnets = [
-    data.terraform_remote_state.base.outputs.public_subnet_a_id,
-    data.terraform_remote_state.base.outputs.public_subnet_b_id,
-    data.terraform_remote_state.base.outputs.public_subnet_c_id,
-  ]
-}
diff --git a/org-buetow-elb/outputs.tf b/org-buetow-elb/outputs.tf
index 5d9269d..a96409c 100644
--- a/org-buetow-elb/outputs.tf
+++ b/org-buetow-elb/outputs.tf
@@ -9,15 +9,3 @@ output "alb_zone_id" {
 output "alb_https_listener_arn" {
   value = aws_lb_listener.https_listener.arn
 }
-
-output "nlb_arn" {
-  value = aws_lb.nlb.arn
-}
-
-output "nlb_dns_name" {
-  value = aws_lb.nlb.dns_name
-}
-
-output "nlb_zone_id" {
-  value = aws_lb.nlb.zone_id
-}