feat: codify the infra

infra/.gitignore

@@ -0,0 +1,15 @@
+
+**/.terraform/*
+*.tfstate
+*.tfstate.*
+crash.log
+crash.*.log
+*.tfvars
+*.tfvars.json
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+.terraform.tfstate.lock.info
+.terraformrc
+terraform.rc

infra/Makefile

@@ -0,0 +1,12 @@
+.PHONY: fmt
+fmt:
+	@terraform fmt ./**/*.tf
+
+.PHONY: check
+check:
+	@terraform validate
+
+.PHONY: yolo
+yolo:
+	@echo "Wise, you are not..."
+	@terraform apply -auto-approve

infra/cdn/README.md

@@ -0,0 +1,49 @@
+# Fastly CDN Config
+
+This module creates Fastly services for the Python.org CDN.
+
+## Usage
+# Fastly VCL Terraform Module
+
+This Terraform module configures a Fastly service using VCL (Varnish Configuration Language) for Python.org. It sets up a robust CDN configuration with various features to optimize performance, security, and logging.
+
+## Features
+
+- Configures Fastly VCL service for Python.org
+- Supports multiple domains (primary and extra domains)
+- Sets up backends with health checks
+- Implements caching strategies and TTL configurations
+- Configures HTTPS and HSTS
+- Implements rate limiting
+- Sets up logging to Datadog and S3
+- Configures various headers and request/response manipulations
+- Implements IP blocking capabilities
+
+## Usage
+
+```hcl
+module "fastly_production" {
+  source = "./cdn"
+
+  name            = "CoolPythonApp.org"
+  domain          = "CoolPythonApp.org"
+  extra_domains   = ["www.CoolPythonApp.org"]
+  backend_address = "service.CoolPythonApp.org"
+  default_ttl     = 3600
+
+  datadog_key         = var.DATADOG_API_KEY
+  fastly_key          = var.FASTLY_API_KEY
+  fastly_header_token = var.FASTLY_HEADER_TOKEN
+  fastly_s3_logging   = var.fastly_s3_logging
+}
+```
+
+## Outputs
+
+N/A
+
+## Requirements
+
+Tested on 
+- Tested on Terraform 1.8.5
+- Fastly provider 5.13.0

infra/cdn/certs/psf.io.pem

@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEQzCCAyugAwIBAgIUYH38nEb2KLRgscKhjcNpBLRUz+UwDQYJKoZIhvcNAQEL
+BQAwgbAxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xEjAQBgNVBAcMCUJl
+YXZlcnRvbjEjMCEGA1UECgwaUHl0aG9uIFNvZnR3YXJlIEZvdW5kYXRpb24xHDAa
+BgNVBAsME0luZnJhc3RydWN0dXJlIFRlYW0xDzANBgNVBAMMBlBTRl9DQTEoMCYG
+CSqGSIb3DQEJARYZaW5mcmFzdHJ1Y3R1cmVAcHl0aG9uLm9yZzAeFw0yNDAyMTIx
+NzU0MDZaFw0yOTAyMTAxNzU0MDZaMIGwMQswCQYDVQQGEwJVUzEPMA0GA1UECAwG
+T3JlZ29uMRIwEAYDVQQHDAlCZWF2ZXJ0b24xIzAhBgNVBAoMGlB5dGhvbiBTb2Z0
+d2FyZSBGb3VuZGF0aW9uMRwwGgYDVQQLDBNJbmZyYXN0cnVjdHVyZSBUZWFtMQ8w
+DQYDVQQDDAZQU0ZfQ0ExKDAmBgkqhkiG9w0BCQEWGWluZnJhc3RydWN0dXJlQHB5
+dGhvbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXAZagv2UK
+AEnnnnrK/WWcZIKo/l+HTgL01XhReu9CDNs3f3ESlRT3Y4Hbla/pYRu9VM8tMGYS
+xG5FGJQ2JPVnKCb3mIEC7wy9+VOaQIp3l8+o0lDQhsOZs78ZA8XQpNLD5OURsUHJ
+re1U6WOTryMJwxpO+DzSBU+oSwfdn2k0BAJqSeIU45hHXeHO24z7GePuk3I1wb+E
+vfhtdIF/tHvF1I6h7ntmHUeUWYrTKXKB9meMAFwEC1ZNoN1z05X68cSeK8dAsxYh
+ghmQnUZ4hHH8pLlhYW/QBTol0nutwgHPyC9FIJnZzX50xAMRx3TKP1IbIehWBwF2
+CYJq6pRBZ1mfAgMBAAGjUzBRMB0GA1UdDgQWBBQrAQVRNWd6eVr6ZGn8vshzgS09
+qDAfBgNVHSMEGDAWgBQrAQVRNWd6eVr6ZGn8vshzgS09qDAPBgNVHRMBAf8EBTAD
+AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBmtyljZ1q2manMvIMEtXtc9lq3gwxIP4Pq
+ic5hKuEHDSy5iN0vZRhoqfgPzXMy61zCrvLmvxv8nN2B4Us44KQRzWwDvi8SavfQ
+LxRZ4KLe5Bg7MNfIKM/ZqYqHIt1FtVFYR7UyEILN/yDCyQC+8n6s8RLmT5OtZHPL
+0YAyHgdao4qCICkZShbCukq81ULvkq7i6QvHWZrVGAIc/1nN71QNEUMr9KtlTKO3
+TeSd+l13+CDGwMXUpglDiFL329TmG5pKr/zoTCGDmRvEfRPtICwY3FgqGDpmIwhw
+dXq0JPGHrFODeVrchUMSGqXhAZ+k/9YdJlGLbv3WJmD1GwFTs3Wf
+-----END CERTIFICATE-----