-
Notifications
You must be signed in to change notification settings - Fork 21
/
Copy pathghost.bicep
225 lines (199 loc) · 6.82 KB
/
ghost.bicep
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
targetScope = 'resourceGroup'
@description('Prefix to use when creating the resources in this deployment.')
param applicationNamePrefix string = 'ghost'
@description('App Service Plan pricing tier')
param appServicePlanSku string = 'B1'
@description('Log Analytics workspace pricing tier')
param logAnalyticsWorkspaceSku string = 'PerGB2018'
@description('Storage account pricing tier')
param storageAccountSku string = 'Standard_LRS'
@description('Location to deploy the resources')
param location string = resourceGroup().location
@description('MySQL server SKU')
param mySQLServerSku string = 'Standard_B1ms'
@description('MySQL server password')
@secure()
param databasePassword string
@description('Ghost container full image name and tag')
param ghostContainerName string = 'andrewmatveychuk/ghost-ai:latest'
@description('Container registry where the image is hosted')
param containerRegistryUrl string = 'https://index.docker.io/v1'
@allowed([
'Web app only'
'Web app with Azure Front Door'
])
param deploymentConfiguration string = 'Web app only'
@description('Virtual network address prefix to use')
param vnetAddressPrefix string = '10.0.0.0/26'
@description('Address prefix for web app integration subnet')
param webAppIntegrationSubnetPrefix string = '10.0.0.0/28'
@description('Address prefix for private links subnet')
param privateEndpointsSubnetPrefix string = '10.0.0.16/28'
var vNetName = '${applicationNamePrefix}-vnet-${uniqueString(resourceGroup().id)}'
var privateEndpointsSubnetName = 'privateEndpointsSubnet'
var webAppIntegrationSubnetName = 'webAppIntegrationSubnet'
var webAppName = '${applicationNamePrefix}-web-${uniqueString(resourceGroup().id)}'
var appServicePlanName = '${applicationNamePrefix}-asp-${uniqueString(resourceGroup().id)}'
var logAnalyticsWorkspaceName = '${applicationNamePrefix}-la-${uniqueString(resourceGroup().id)}'
var applicationInsightsName = '${applicationNamePrefix}-ai-${uniqueString(resourceGroup().id)}'
var keyVaultName = '${applicationNamePrefix}-kv-${uniqueString(resourceGroup().id)}'
var storageAccountName = '${applicationNamePrefix}stor${uniqueString(resourceGroup().id)}'
var mySQLServerName = '${applicationNamePrefix}-mysql-${uniqueString(resourceGroup().id)}'
var databaseLogin = 'ghost'
var databaseName = 'ghost'
var ghostContentFileShareName = 'contentfiles'
var ghostContentFilesMountPath = '/var/lib/ghost/content_files'
var siteUrl = (deploymentConfiguration == 'Web app with Azure Front Door')
? 'https://${frontDoor.outputs.frontDoorEndpointHostName}'
: 'https://${webApp.outputs.hostName}'
//Web app with Azure Front Door
var frontDoorName = '${applicationNamePrefix}-afd-${uniqueString(resourceGroup().id)}'
module vNet 'modules/virtualNetwork.bicep' = {
name: 'vNetDeploy'
params: {
vNetName: vNetName
vNetAddressPrefix: vnetAddressPrefix
privateEndpointsSubnetName: privateEndpointsSubnetName
privateEndpointsSubnetPrefix: privateEndpointsSubnetPrefix
webAppIntegrationSubnetName: webAppIntegrationSubnetName
webAppIntegrationSubnetPrefix: webAppIntegrationSubnetPrefix
location: location
}
}
module logAnalyticsWorkspace './modules/logAnalyticsWorkspace.bicep' = {
name: 'logAnalyticsWorkspaceDeploy'
params: {
logAnalyticsWorkspaceName: logAnalyticsWorkspaceName
logAnalyticsWorkspaceSku: logAnalyticsWorkspaceSku
location: location
}
}
module storageAccount 'modules/storageAccount.bicep' = {
name: 'storageAccountDeploy'
params: {
storageAccountName: storageAccountName
storageAccountSku: storageAccountSku
fileShareFolderName: ghostContentFileShareName
logAnalyticsWorkspaceName: logAnalyticsWorkspaceName
location: location
vNetName: vNetName
privateEndpointsSubnetName: privateEndpointsSubnetName
}
dependsOn: [
vNet
logAnalyticsWorkspace
]
}
module keyVault './modules/keyVault.bicep' = {
name: 'keyVaultDeploy'
params: {
keyVaultName: keyVaultName
keyVaultSecretName: 'databasePassword'
keyVaultSecretValue: databasePassword
logAnalyticsWorkspaceName: logAnalyticsWorkspaceName
location: location
vNetName: vNetName
privateEndpointsSubnetName: privateEndpointsSubnetName
webAppName: webAppName
}
dependsOn: [
webApp
vNet
logAnalyticsWorkspace
]
}
module webApp './modules/webApp.bicep' = {
name: 'webAppDeploy'
params: {
webAppName: webAppName
appServicePlanName: appServicePlanName
location: location
logAnalyticsWorkspaceName: logAnalyticsWorkspaceName
vNetName: vNetName
webAppIntegrationSubnetName: webAppIntegrationSubnetName
}
dependsOn: [
appServicePlan
vNet
logAnalyticsWorkspace
]
}
module webAppSettings 'modules/webAppSettings.bicep' = {
name: 'webAppSettingsDeploy'
params: {
webAppName: webAppName
containerRegistryUrl: containerRegistryUrl
ghostContainerImage: ghostContainerName
containerMountPath: ghostContentFilesMountPath
mySQLServerName: mySQLServerName
databaseName: databaseName
databaseLogin: databaseLogin
databasePasswordSecretUri: keyVault.outputs.secretUri
siteUrl: siteUrl
applicationInsightsName: applicationInsightsName
fileShareName: storageAccount.outputs.fileShareFullName
storageAccountName: storageAccountName
}
dependsOn: [
webApp
frontDoor
mySQLServer
]
}
module appServicePlan './modules/appServicePlan.bicep' = {
name: 'appServicePlanDeploy'
params: {
appServicePlanName: appServicePlanName
appServicePlanSku: appServicePlanSku
location: location
logAnalyticsWorkspaceName: logAnalyticsWorkspaceName
}
dependsOn: [
logAnalyticsWorkspace
]
}
module applicationInsights './modules/applicationInsights.bicep' = {
name: 'applicationInsightsDeploy'
params: {
applicationInsightsName: applicationInsightsName
location: location
logAnalyticsWorkspaceName: logAnalyticsWorkspaceName
webAppName: webAppName
}
dependsOn: [
webApp
logAnalyticsWorkspace
]
}
module mySQLServer 'modules/mySQLServer.bicep' = {
name: 'mySQLServerDeploy'
params: {
administratorLogin: databaseLogin
administratorPassword: databasePassword
location: location
logAnalyticsWorkspaceName: logAnalyticsWorkspaceName
mySQLServerName: mySQLServerName
mySQLServerSku: mySQLServerSku
vNetName: vNetName
privateEndpointsSubnetName: privateEndpointsSubnetName
}
dependsOn: [
vNet
logAnalyticsWorkspace
]
}
module frontDoor 'modules/frontDoor.bicep' = if (deploymentConfiguration == 'Web app with Azure Front Door') {
name: 'FrontDoorDeploy'
params: {
frontDoorProfileName: frontDoorName
applicationName: applicationNamePrefix
webAppName: webAppName
logAnalyticsWorkspaceName: logAnalyticsWorkspaceName
}
dependsOn: [
webApp
logAnalyticsWorkspace
]
}
output webAppHostName string = webApp.outputs.hostName
output endpointHostName string = siteUrl