From 5a210cfb1223326492556b77489547cd604deb94 Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Mon, 8 Jan 2024 19:57:19 +0000
Subject: [PATCH] Bootstrap a config

---
 .gitignore              |  5 +++--
 justfile                | 16 +++++++++++++++
 src/.terraform.lock.hcl | 25 ++++++++++++++++++++++++
 src/main.tf             | 43 +++++++++++++++++++++++++++++++++++++++++
 src/providers.tf        |  6 ++++++
 src/terraform.tf        | 24 +++++++++++++++++++++++
 src/variables.tf        | 13 +++++++++++++
 7 files changed, 130 insertions(+), 2 deletions(-)
 create mode 100644 justfile
 create mode 100644 src/.terraform.lock.hcl
 create mode 100644 src/main.tf
 create mode 100644 src/providers.tf
 create mode 100644 src/terraform.tf
 create mode 100644 src/variables.tf

diff --git a/.gitignore b/.gitignore
index a9e8a0c..c0679ba 100644
--- a/.gitignore
+++ b/.gitignore
@@ -11,8 +11,8 @@ crash.log
 crash.*.log
 
 # Exclude all .tfvars files, which are likely to contain sensitive data, such as
-# password, private keys, and other secrets. These should not be part of version 
-# control as they are data points which are potentially sensitive and subject 
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
 # to change depending on the environment.
 *.tfvars
 *.tfvars.json
@@ -34,3 +34,4 @@ override.tf.json
 .terraformrc
 terraform.rc
 
+.env
diff --git a/justfile b/justfile
new file mode 100644
index 0000000..a17463a
--- /dev/null
+++ b/justfile
@@ -0,0 +1,16 @@
+# Run terraform with required environment
+terraform +ARGS:
+    #!/usr/bin/env bash
+
+    # Load secrets from env file (if it exists)
+    set -a
+    source ./.env || true
+    set +a
+
+    cd src/
+
+    terraform {{ ARGS }}
+
+terraform-lint:
+    just terraform validate
+    just terraform fmt -check -recursive
diff --git a/src/.terraform.lock.hcl b/src/.terraform.lock.hcl
new file mode 100644
index 0000000..d02e816
--- /dev/null
+++ b/src/.terraform.lock.hcl
@@ -0,0 +1,25 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/gmichels/adguard" {
+  version     = "1.1.3"
+  constraints = "1.1.3"
+  hashes = [
+    "h1:fDQLALdZK0HxtJkuNyBkNIw9zo5TF9XYWYSvMyl/hZc=",
+    "zh:082bee13197cd9e08ff8075a13aedf7748a2db19c01330b52392f8544d48a519",
+    "zh:1605f0495354291f3c9efc97d288f9ad503626035fbb75e5c802d7530938142c",
+    "zh:1d6532b8f3624f10d0d4ec77d5d40ef4018085c06c8824c0815d329659ea4c98",
+    "zh:23476033a56cbab898224e9a1815815051561b0d41dad77433d0244329097734",
+    "zh:3032e675072417594c7c795b3bad49b181948f941145164394effb5104e6f153",
+    "zh:382b3d356e320ed441ef46742ca8280947b2d21c2f373ce16c05e58b8b894f4d",
+    "zh:4379a0de8523c08a8e0d6a66d8db55ae5ecf8b70bd089d9cd5b9750999a91726",
+    "zh:70e06f4f5274ba788e93e82dbb3811b97d086bb5b9f9be37555baad496c4d98a",
+    "zh:c98dbe0be18f036721af17fd4d77f0067911d106ca87337ee8089ed4c18d3899",
+    "zh:efff411878f10b279496e0f7c7d619123e1c8a06d52faf0e4f0984f8a337f017",
+    "zh:f3cb868ffce6a7b72629261f4e58b14a3793505a57e5541404792d8e6f9f2c40",
+    "zh:f5a4bf2cc0a128395de5928fbe18de2d47e99349b64aa4ef27c47da6236134da",
+    "zh:f809ab383cca0a5f83072981c64208cbd7fa67e986a86ee02dd2c82333221e32",
+    "zh:fa91214f28374536f17394704cb7b3295c7a1f1f05a6d6243d981fe81d23bf9b",
+    "zh:fb49db6e752ac8513e77eb43e78e6bf446d0a04f3d17f2bdfa2caf3712835d77",
+  ]
+}
diff --git a/src/main.tf b/src/main.tf
new file mode 100644
index 0000000..8419074
--- /dev/null
+++ b/src/main.tf
@@ -0,0 +1,43 @@
+resource "adguard_config" "config" {
+  dhcp = {
+    interface = "enp2s0"
+    enabled   = true
+
+    ipv4_settings = {
+      gateway_ip     = "192.168.1.1"
+      subnet_mask    = "255.255.252.0"
+      range_start    = "192.168.1.10"
+      range_end      = "192.168.1.199"
+      lease_duration = 86400
+    }
+
+    static_leases = [
+      {
+        hostname = "tang"
+        ip       = "192.168.1.53"
+        mac      = "18:66:da:00:70:d8"
+      }
+    ]
+  }
+
+  stats = {
+    interval = 168
+  }
+
+  querylog = {
+    interval = 168
+  }
+
+  dns = {
+    rate_limit                 = 50
+    blocked_response_ttl       = 30
+    rate_limit_subnet_len_ipv4 = 22
+
+
+    upstream_dns = [
+      "https://dns10.quad9.net:443/dns-query",
+      "[/theorangeone.net/]${local.coredns_host}",
+      "[/jakehoward.tech/]${local.coredns_host}"
+    ]
+  }
+}
diff --git a/src/providers.tf b/src/providers.tf
new file mode 100644
index 0000000..abe6fd0
--- /dev/null
+++ b/src/providers.tf
@@ -0,0 +1,6 @@
+provider "adguard" {
+  host     = "192.168.1.53"
+  username = var.adguardhome_username
+  password = var.adguardhome_password
+  scheme   = "http"
+}
diff --git a/src/terraform.tf b/src/terraform.tf
new file mode 100644
index 0000000..3f99c9a
--- /dev/null
+++ b/src/terraform.tf
@@ -0,0 +1,24 @@
+terraform {
+  backend "s3" {
+    bucket = "adguardhome"
+    key    = "terraform.tfstate"
+    region = "main"
+
+    endpoints = {
+      s3 = "https://s3.jakehoward.tech"
+    }
+
+    skip_region_validation      = true
+    skip_requesting_account_id  = true
+    skip_credentials_validation = true
+    skip_metadata_api_check     = true
+    force_path_style            = true
+  }
+
+  required_providers {
+    adguard = {
+      source  = "gmichels/adguard"
+      version = "1.1.3"
+    }
+  }
+}
diff --git a/src/variables.tf b/src/variables.tf
new file mode 100644
index 0000000..cacbf5a
--- /dev/null
+++ b/src/variables.tf
@@ -0,0 +1,13 @@
+locals {
+  coredns_host = "127.0.0.53:5353"
+}
+
+variable "adguardhome_username" {
+  type      = string
+  sensitive = true
+}
+
+variable "adguardhome_password" {
+  type      = string
+  sensitive = true
+}