Now that ci.guix.info points directly to berlin, we can avoid
depending on the guixsd.org zone by using ci.guix.info as the origin.
* cdn/terraform/cloudfront.tf (locals) <default_behavior>
<do_not_cache_behavior>: Change target_origin_id to "ci.guix.info".
The berlin-mirror-certificate ACM certificate is safe to delete, since
it was only used by the berlin-mirror CloudFront distribution, which
has already been removed.
* cdn/terraform/acm.tf (berlin-mirror-certificate): Remove it.
The berlin-mirror CloudFront distribution is safe to delete because it
is not currently being used. The charlie-distribution CloudFront
distribution has replaced it.
* cdn/terraform/cloudfront.tf (berlin-mirror, berlin-mirror-id)
(berlin-mirror-enabled, berlin-mirror-status)
(berlin-mirror-domain-name): Remove these.
Note that this only turns on the CloudFront distribution. It does not
cause client requests to be sent to the distribution. That will only
happen after we flip the DNS record for ci.guix.info, also.
* cdn/terraform/cloudfront.tf (berlin-mirror) <enabled>: Change to true.
This is safe to do because at the time of this change, the
ci.guix.info DNS entry was not pointing at the CloudFront
distribution, and nobody was using the CloudFront distribution.
* cdn/terraform/cloudfront.tf (berlin-mirror) <enabled>: Change to
false.
* cdn/terraform/cloudfront.tf (locals) <do_not_cache_behavior>: New
variable.
(berlin-mirror) <default_cache_behavior>: Use the new
do_not_cache_behavior.
(origin) <empty-origin>: Remove it.
* cdn/README.org: Remove the section explaining that Cuirass will no
longer be accessible via ci.guix.info.
* cdn/terraform/cloudfront.tf (locals) <default_behavior>: New
variable.
(berlin-mirror) <origin>: Add empty-origin, pointing to
guix-empty-bucket.
<default_cache_behavior>: Update its target_origin_id to point to the
empty-origin.
<ordered_cache_behavior>: New field. Add one behavior for each
substitute-related path published by "guix publish".
* cdn/terraform/s3.tf (guix-empty-bucket): New bucket.
* cdn/terraform/main.tf: Remove all service-specific configuration.
* cdn/terraform/acm.tf: New file.
* cdn/terraform/cloudfront.tf: New file.
* cdn/terraform/cloudwatch.tf: New file.
* cdn/terraform/dynamodb.tf: New file.
* cdn/terraform/iam.tf: New file.
* cdn/terraform/s3.tf: New file.
* cdn/terraform/main.tf (guix-terraform-state) <lifecycle_rule>:
Update abort_incomplete_multipart_upload_days to 7 and
noncurrent_version_expiration to 14 days.
* cdn/README.org: Mention that Terraform does not support email
subscriptions to SNS topics.
* cdn/terraform/main.tf (guix-billing-alarms): New SNS topic.
(alarm-estimated-charges-150-usd, alarm-estimated-charges-140-usd)
(alarm-estimated-charges-100-usd): New alarms.
* cdn/README.org: Mention that certificate validation requires manual
action outside of Terraform.
* cdn/terraform/main.tf (berlin-mirror-certificate): New certificate.
(berlin-mirror): Use it with SNI in the CloudFront distribution.
Before doing this, I destroyed all Terraform-managed AWS resources and
locally stored Terraform state, so we can rebuild it fresh.
* cdn/README.org: Update us-west-2 references to us-east-1.
* cdn/terraform/main.tf (terraform, guix-terraform-state): Likewise.
This is not the final version, but it gives us a good starting point.
* cdn/terraform/main.tf (berlin-mirror): New resource.
(berlin-mirror-id, berlin-mirror-status, berlin-mirror-domain-name):
New outputs.
* cdn/README.org: Update accordingly.
* cdn/terraform/main.tf (civodul, rekado): New users.
(administrators-membership): Add civodul and rekado as members of the
administrators group.
(civodul-access-key-1, rekado-access-key-1) New access keys.
(civodul-login-profile, rekado-login-profile): New login profiles.
(civodul-name, civodul-password, civodul-access-key-1-id)
(civodul-access-key-1-secret, rekado-name, rekado-password)
(rekado-access-key-1-id, rekado-access-key-1-secret): New outputs.
* cdn/terraform/variables.tf (pgp_key_civodul, pgp_key_rekado): New
variables.
* .gitignore (/cdn/terraform/terraform.tfstate)
(/cdn/terraform/terraform.tfstate.backup, /cdn/terraform/.terraform):
New ignore patterns.
* cdn/README.org: New file.
* cdn/terraform/main.tf: New file.
* cdn/terraform/variables.tf: New file.