darklang
diff --git a/‎classic-tf/.terraform.lock.hcl
+22 b/‎classic-tf/.terraform.lock.hcl
+22
diff --git a/‎classic-tf/README.md
+8 b/‎classic-tf/README.md
+8
diff --git a/‎classic-tf/apis.tf
+6 b/‎classic-tf/apis.tf
+6
diff --git a/‎classic-tf/cloudrun.tf
+84 b/‎classic-tf/cloudrun.tf
+84
diff --git a/‎classic-tf/cloudstorage.tf
+141 b/‎classic-tf/cloudstorage.tf
+141
@@ -0,0 +1,8 @@
+# Terraform config
+
+This is our production terraform. We have only started using it recently, and
+so we are slowly migrating it over, as we make changes to config.
+
+I made a deliberate choice not to just migrate everything over to reduce the
+risk of breaking something. Fortunately, if it's not imported into the state
+then terraform won't try to manage it (and hence won't try to delete it).
@@ -0,0 +1,6 @@
+# Cloud Run
+resource "google_project_service" "cloud_run_api" {
+  provider           = google
+  service            = "run.googleapis.com"
+  disable_on_destroy = false
+}
@@ -0,0 +1,84 @@
+
+# resource "google_cloud_run_service" "bwdserver" {
+#   name     = "bwdserver"
+#   location = "us-west1"
+
+#   template {
+
+#     metadata {
+#       annotations = {
+#         "autoscaling.knative.dev/minScale" : "0"
+#         "autoscaling.knative.dev/maxScale" : "0"
+#         "run.googleapis.com/startup-cpu-boost" : "true"
+#         "run.googleapis.com/cpu-throttling" : "true"
+#         "run.googleapis.com/execution-environment" : "gen2"
+#       }
+#     }
+
+#     spec {
+#       timeout_seconds      = 300
+#       service_account_name = "cloud-run-runner@balmy-ground-195100.iam.gserviceaccount.com"
+#       containers {
+#         image = "gcr.io/balmy-ground-195100/gcp-fsharp-bwdserver@sha256:ec7bbcd9e38d8965b76d5718359fac1242fefdcb11ae7250ed918415ecd829a3"
+#         ports {
+#           name           = "http1"
+#           container_port = 11001
+#         }
+#         resources {
+#           requests = {
+#             "cpu"    = "2.0"
+#             "memory" = "4000Mi"
+#           }
+#           limits = {
+#             cpu    = "2.0"
+#             memory = "6000Mi"
+#           }
+#         }
+#         # startup_probe {
+#         #   initial_delay_seconds = 0
+#         #   timeout_seconds = 1
+#         #   period_seconds = 3
+#         #   failure_threshold = 1
+#         #   tcp_socket {
+#         #     port = 8080
+#         #   }
+#         # }
+#         # liveness_probe {
+#         #   http_get {
+#         #     path = "/"
+#         #   }
+#         # }
+
+#         # secrets
+#         dynamic "env" {
+#           for_each = var.service_secrets
+#           content {
+#             name = env.key
+#             value_from {
+#               secret_key_ref {
+#                 name = env.value
+#                 key  = "latest"
+#               }
+#             }
+#           }
+#         }
+
+#         # Env vars
+#         dynamic "env" {
+#           for_each = var.service_env_vars
+#           content {
+#             name  = env.key
+#             value = env.value
+#           }
+#         }
+#       }
+#     }
+#   }
+
+#   traffic {
+#     percent         = 100
+#     latest_revision = true
+#   }
+
+#   depends_on = [google_project_service.cloud_run_api]
+# }
@@ -0,0 +1,141 @@
+##########################
+# Used by container registry
+##########################
+
+resource "google_storage_bucket" "artifacts_balmy_ground_195100_appspot_com" {
+  force_destroy            = false
+  location                 = "US"
+  name                     = "artifacts.balmy-ground-195100.appspot.com"
+  project                  = local.project_name
+  public_access_prevention = "inherited"
+  storage_class            = "STANDARD"
+}
+resource "google_storage_bucket" "us_artifacts_balmy_ground_195100_appspot_com" {
+  force_destroy            = false
+  location                 = "US"
+  name                     = "us.artifacts.balmy-ground-195100.appspot.com"
+  project                  = local.project_name
+  public_access_prevention = "inherited"
+  storage_class            = "STANDARD"
+}
+
+##########################
+# Darklang classic
+##########################
+
+# Bucket to download the rust-based static assets cli
+resource "google_storage_bucket" "dark_cli" {
+  force_destroy            = false
+  location                 = "US"
+  name                     = "dark-cli"
+  project                  = local.project_name
+  public_access_prevention = "inherited"
+  storage_class            = "STANDARD"
+  website {
+    main_page_suffix = "index.html"
+    not_found_page   = "404.html"
+  }
+}
+
+# For assets used as part of the osx cross-compilation used by the rust-based cli
+resource "google_storage_bucket" "dark_osxcross_files" {
+  force_destroy            = false
+  location                 = "US"
+  name                     = "dark-osxcross-files"
+  project                  = local.project_name
+  public_access_prevention = "inherited"
+  storage_class            = "STANDARD"
+}
+
+# Bucket for storing customer static assets on darklang-classic
+resource "google_storage_bucket" "dark_static_assets" {
+  cors {
+    max_age_seconds = 3600
+    method          = ["GET"]
+    origin          = ["*"]
+    response_header = ["Content-Type"]
+  }
+  force_destroy            = false
+  location                 = "US"
+  name                     = "dark-static-assets"
+  project                  = local.project_name
+  public_access_prevention = "inherited"
+  storage_class            = "STANDARD"
+  website {
+    main_page_suffix = "index.html"
+    not_found_page   = "404.html"
+  }
+}
+
+# Dev-environment bucket for testing static assets on darklang-classic
+resource "google_storage_bucket" "dark_static_assets_dev" {
+  force_destroy            = false
+  location                 = "US"
+  name                     = "dark-static-assets-dev"
+  project                  = local.project_name
+  public_access_prevention = "inherited"
+  storage_class            = "STANDARD"
+  website {
+    not_found_page = "404.html"
+  }
+}
+
+# Bucket for storing customer traces on darklang-classic
+resource "google_storage_bucket" "dark_traces" {
+  force_destroy               = false
+  location                    = "US-WEST1"
+  name                        = "dark-traces"
+  project                     = local.project_name
+  public_access_prevention    = "enforced"
+  storage_class               = "STANDARD"
+  uniform_bucket_level_access = true
+}
+
+# Bucket for static assets for the old editor (darklang-classic)
+resource "google_storage_bucket" "darklang_static_assets" {
+  cors {
+    max_age_seconds = 3600
+    method          = ["GET"]
+    origin          = ["https://*.darklang.com", "https://darklang.com"]
+    response_header = ["Content-Type"]
+  }
+  force_destroy               = false
+  location                    = "US"
+  name                        = "darklang-static-assets"
+  project                     = local.project_name
+  public_access_prevention    = "inherited"
+  storage_class               = "STANDARD"
+  uniform_bucket_level_access = true
+  website {
+    not_found_page = "404.html"
+  }
+}
+
+##########################
+# Darklang AI deployment
+##########################
+
+# Downloads for the new cli(s)
+resource "google_storage_bucket" "darklang_downloads" {
+  force_destroy               = false
+  location                    = "US"
+  name                        = "darklang-downloads"
+  project                     = local.project_name
+  public_access_prevention    = "inherited"
+  storage_class               = "STANDARD"
+  uniform_bucket_level_access = true
+  autoclass {
+    enabled = true
+  }
+}
+
+# Bucket for storing customer traces on darklang-classic
+resource "google_storage_bucket" "dark_traces_ai" {
+  force_destroy               = false
+  location                    = "US-WEST1"
+  name                        = "dark-traces-ai"
+  project                     = local.project_name
+  public_access_prevention    = "enforced"
+  storage_class               = "STANDARD"
+  uniform_bucket_level_access = true
+}