Simplify example config

.github/workflows/lint.yaml

@@ -0,0 +1,23 @@
+name: Lint
+on:
+  pull_request:
+jobs:
+  lint:
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: terraform-linters/setup-tflint@v4
+      - name: Init TFLint
+        run: tflint --init
+        env:
+          # https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting
+          GITHUB_TOKEN: ${{ github.token }}
+      - name: Run TFLint
+        run: tflint -f compact --recursive --config "$(pwd)/.tflint.hcl"
+  fmt:
+    name: fmt
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - run: terraform fmt -check -recursive

.tflint.hcl

@@ -0,0 +1,15 @@
+tflint {
+  required_version = ">= 0.50"
+}
+
+rule "terraform_typed_variables" {
+  enabled = false
+}
+
+rule "terraform_required_providers" {
+  enabled = false
+}
+
+rule "terraform_required_version" {
+  enabled = false
+}

terraform/aws/fargate-task-definition/_variables.tf

@@ -51,10 +51,6 @@ variable "command" {
   type        = list(string)
 }
 
-variable "env" {
-  description = "Environment name"
-}
-
 variable "additional_task_role_statements" {
   type = list(object({
     Effect   = string

terraform/aws/xmtp-validation-service/main.tf

@@ -47,7 +47,6 @@ module "task_definition" {
 
   ports = [local.service_port, local.health_check_port]
   image = var.docker_image
-  env   = var.env
   health_check_config = {
     # CMD-SHELL tells ECS to use the container's default shell to run the command
     # https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_HealthCheck.html

terraform/aws/xmtpd-api/_outputs.tf

@@ -0,0 +1,9 @@
+output "load_balancer_address" {
+  description = "The full address for the load balancer"
+  value       = aws_lb.public.dns_name
+}
+
+output "load_balancer_port" {
+  description = "The port for the load balancer"
+  value       = local.public_port
+}

terraform/examples/validation-service-aws/network/_terraform.tf → terraform/aws/xmtpd-api/_terraform.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 5.62.0"
+      version = ">= 5.62.0"
     }
   }
 }

terraform/aws/xmtpd-api/_variables.tf

@@ -26,10 +26,6 @@ variable "public_subnets" {
   type        = list(string)
 }
 
-variable "env" {
-  description = "The environment we're deploying to"
-}
-
 variable "vpc_id" {
   description = "VPC ID for the service"
 }

terraform/aws/xmtpd-api/main.tf

@@ -48,7 +48,6 @@ module "api_task_definition" {
 
   ports = [local.service_port]
   image = var.docker_image
-  env   = var.env
 
   command = local.xmtp_node_command
 

terraform/aws/xmtpd-worker/_terraform.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.62.0"
+    }
+  }
+}

terraform/aws/xmtpd-worker/_variables.tf

@@ -21,10 +21,6 @@ variable "public_subnets" {
   type        = list(string)
 }
 
-variable "env" {
-  description = "The environment we're deploying to"
-}
-
 variable "vpc_id" {
   description = "VPC ID for the service"
 }

terraform/aws/xmtpd-worker/main.tf

@@ -44,7 +44,6 @@ module "task_definition" {
 
   ports = []
   image = var.docker_image
-  env   = var.env
 
   command = local.xmtp_node_command
 
@@ -62,13 +61,13 @@ resource "aws_ecs_service" "worker" {
   cluster                            = var.cluster_id
   task_definition                    = module.task_definition.task_definition_arn
   enable_execute_command             = false
-  desired_count                      = 1
+  desired_count                      = 1 # Set the worker to run on a single instance except during deployments
   deployment_maximum_percent         = 200
   deployment_minimum_healthy_percent = 100
   wait_for_steady_state              = true
 
   network_configuration {
-    subnets         = var.public_subnets
+    subnets         = var.public_subnets # To avoid the NAT gateway we deploy the worker into the public subnets. This increases available bandwidth and reduces costs.
     security_groups = [aws_security_group.ecs_service.id]
   }
 

terraform/examples/aws-complete/_outputs.tf

@@ -0,0 +1,18 @@
+################################################################################
+# VPC
+################################################################################
+
+output "vpc_id" {
+  description = "The ID of the vpc"
+  value       = module.vpc.vpc_id
+}
+
+
+#############################################
+###############      API      ###############
+#############################################
+
+output "api_load_balancer_address" {
+  description = "The full address for the API load balancer"
+  value       = module.xmtpd_api.load_balancer_address
+}

terraform/examples/aws-complete/_variables.tf

@@ -0,0 +1,55 @@
+variable "mls_validation_service_docker_image" {
+  description = "Docker image for mls validation service"
+  default     = "ghcr.io/xmtp/mls-validation-service:main"
+}
+
+variable "verifier_chain_rpc_urls" {
+  description = "RPC URLs for the smart contract verifier"
+  sensitive   = true
+  type = object({
+    chain_rpc_1     = string
+    chain_rpc_8453  = string
+    chain_rpc_42161 = string
+    chain_rpc_10    = string
+    chain_rpc_137   = string
+    chain_rpc_324   = string
+    chain_rpc_59144 = string
+  })
+}
+
+variable "xmtpd_docker_image" {
+  description = "Docker image for xmtpd"
+  default     = "ghcr.io/xmtp/xmtpd:main"
+}
+
+variable "chain_id" {
+  description = "The chain ID of the XMTP chain"
+  default     = "241320161"
+}
+
+variable "nodes_contract_address" {
+  description = "The address of the nodes contract"
+  type        = string
+}
+
+variable "messages_contract_address" {
+  description = "The address of the messages contract"
+  type        = string
+}
+
+variable "identity_updates_contract_address" {
+  description = "The address of the identity updates contract"
+  type        = string
+}
+
+variable "chain_rpc_url" {
+  description = "The RPC URL to connect to the XMTP chain"
+  sensitive   = true
+  type        = string
+}
+
+variable "signer_private_key" {
+  description = "The private key of the node's signer"
+  sensitive   = true
+  type        = string
+}

terraform/examples/aws-complete/aws

@@ -0,0 +1 @@
+../../aws

terraform/examples/aws-complete/main.tf

@@ -0,0 +1,72 @@
+
+module "mls_validation_service" {
+  source     = "./aws/xmtp-validation-service" # TODO: Replace with git URL once merged to main
+  depends_on = [module.vpc, aws_service_discovery_private_dns_namespace.xmtp]
+
+  env                              = terraform.workspace
+  cluster_id                       = aws_ecs_cluster.this.id
+  vpc_id                           = module.vpc.vpc_id
+  private_subnets                  = module.vpc.private_subnets
+  allowed_ingress_cidr_blocks      = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)]
+  docker_image                     = var.mls_validation_service_docker_image
+  service_discovery_namespace_name = aws_service_discovery_private_dns_namespace.xmtp.name
+  chain_rpc_urls                   = var.verifier_chain_rpc_urls
+
+  providers = {
+    aws = aws
+  }
+}
+
+module "xmtpd_api" {
+  source = "./aws/xmtpd-api" # TODO: Replace with git URL once merged to main
+
+  vpc_id          = module.vpc.vpc_id
+  public_subnets  = module.vpc.public_subnets
+  private_subnets = module.vpc.private_subnets
+  docker_image    = var.xmtpd_docker_image
+  cluster_id      = aws_ecs_cluster.this.id
+
+  service_config = {
+    validation_service_grpc_address   = module.mls_validation_service.grpc_service_address
+    chain_id                          = var.chain_id
+    nodes_contract_address            = var.nodes_contract_address
+    messages_contract_address         = var.messages_contract_address
+    identity_updates_contract_address = var.identity_updates_contract_address
+  }
+  service_secrets = {
+    signer_private_key = var.signer_private_key
+    chain_rpc_url      = var.chain_rpc_url
+    database_url       = "CHANGE_ME" # TODO:nm add database
+  }
+  enable_debug_logs = false
+
+  providers = {
+    aws = aws
+  }
+}
+
+module "xmtpd_worker" {
+  source = "./aws/xmtpd-worker" # TODO: Replace with git URL once merged to main
+
+  vpc_id         = module.vpc.vpc_id
+  public_subnets = module.vpc.public_subnets
+  docker_image   = var.xmtpd_docker_image
+  cluster_id     = aws_ecs_cluster.this.id
+  service_config = {
+    validation_service_grpc_address   = module.mls_validation_service.grpc_service_address
+    chain_id                          = var.chain_id
+    nodes_contract_address            = var.nodes_contract_address
+    messages_contract_address         = var.messages_contract_address
+    identity_updates_contract_address = var.identity_updates_contract_address
+  }
+  service_secrets = {
+    signer_private_key = var.signer_private_key
+    chain_rpc_url      = var.chain_rpc_url
+    database_url       = "CHANGE_ME" # TODO:nm add database
+  }
+  enable_debug_logs = false
+
+  providers = {
+    aws = aws
+  }
+}

terraform/examples/aws-complete/network.tf

@@ -0,0 +1,20 @@
+locals {
+  vpc_cidr = "10.1.0.0/16"
+  vpc_name = "x-${basename(path.cwd)}"
+  azs      = slice(data.aws_availability_zones.available.names, 0, 3)
+}
+
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "~> 5.12.1"
+
+  name = local.vpc_name
+  cidr = local.vpc_cidr
+
+  azs             = local.azs
+  private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)]
+  public_subnets  = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
+
+  enable_nat_gateway = true
+  single_nat_gateway = true
+}

terraform/examples/validation-service-aws/service_discovery.tf → terraform/examples/aws-complete/service-discovery.tf

@@ -1,5 +1,5 @@
 resource "aws_service_discovery_private_dns_namespace" "xmtp" {
   name        = "xmtp.private"
   description = "The AWS service discovery namespace"
-  vpc         = module.network.vpc_id
+  vpc         = module.vpc.vpc_id
 }