From 9fee5c01ef2c796fdfef8876762f1f42f6919aee Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Sat, 4 May 2024 13:20:15 +0100 Subject: [PATCH] Create new `walker` on Hetzner --- ansible/group_vars/all/vps-hosts.yml | 2 +- terraform/.terraform.lock.hcl | 60 ++++++++++++++-------------- terraform/context.tf | 2 +- terraform/hetzner_firewall.tf | 52 ++++++++++++++++++++++++ terraform/providers.tf | 4 ++ terraform/sys_domains.tf | 4 +- terraform/terraform.tf | 6 +-- terraform/walker_vps.tf | 27 +++++++++++++ 8 files changed, 120 insertions(+), 37 deletions(-) create mode 100644 terraform/hetzner_firewall.tf diff --git a/ansible/group_vars/all/vps-hosts.yml b/ansible/group_vars/all/vps-hosts.yml index 1e0fd83..5c1da5e 100755 --- a/ansible/group_vars/all/vps-hosts.yml +++ b/ansible/group_vars/all/vps-hosts.yml @@ -2,4 +2,4 @@ "casey_ip": "213.219.38.11" "private_ipv6_marker": "2a01:7e00:e000:7f7::1" "private_ipv6_range": "2a01:7e00:e000:7f7::1/128" - "walker_ip": "192.248.168.230" + "walker_ip": "162.55.181.67" diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl index fc98f7d..3f15716 100644 --- a/terraform/.terraform.lock.hcl +++ b/terraform/.terraform.lock.hcl @@ -119,43 +119,43 @@ provider "registry.terraform.io/hashicorp/aws" { } provider "registry.terraform.io/hashicorp/local" { - version = "2.4.0" + version = "2.5.1" hashes = [ - "h1:R97FTYETo88sT2VHfMgkPU3lzCsZLunPftjSI5vfKe8=", - "zh:53604cd29cb92538668fe09565c739358dc53ca56f9f11312b9d7de81e48fab9", - "zh:66a46e9c508716a1c98efbf793092f03d50049fa4a83cd6b2251e9a06aca2acf", - "zh:70a6f6a852dd83768d0778ce9817d81d4b3f073fab8fa570bff92dcb0824f732", + "h1:8oTPe2VUL6E2d3OcrvqyjI4Nn/Y/UEQN26WLk5O/B0g=", + "zh:0af29ce2b7b5712319bf6424cb58d13b852bf9a777011a545fac99c7fdcdf561", + "zh:126063ea0d79dad1f68fa4e4d556793c0108ce278034f101d1dbbb2463924561", + "zh:196bfb49086f22fd4db46033e01655b0e5e036a5582d250412cc690fa7995de5", + "zh:37c92ec084d059d37d6cffdb683ccf68e3a5f8d2eb69dd73c8e43ad003ef8d24", + "zh:4269f01a98513651ad66763c16b268f4c2da76cc892ccfd54b401fff6cc11667", + "zh:51904350b9c728f963eef0c28f1d43e73d010333133eb7f30999a8fb6a0cc3d8", + "zh:73a66611359b83d0c3fcba2984610273f7954002febb8a57242bbb86d967b635", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:82a803f2f484c8b766e2e9c32343e9c89b91997b9f8d2697f9f3837f62926b35", - "zh:9708a4e40d6cc4b8afd1352e5186e6e1502f6ae599867c120967aebe9d90ed04", - "zh:973f65ce0d67c585f4ec250c1e634c9b22d9c4288b484ee2a871d7fa1e317406", - "zh:c8fa0f98f9316e4cfef082aa9b785ba16e36ff754d6aba8b456dab9500e671c6", - "zh:cfa5342a5f5188b20db246c73ac823918c189468e1382cb3c48a9c0c08fc5bf7", - "zh:e0e2b477c7e899c63b06b38cd8684a893d834d6d0b5e9b033cedc06dd7ffe9e2", - "zh:f62d7d05ea1ee566f732505200ab38d94315a4add27947a60afa29860822d3fc", - "zh:fa7ce69dde358e172bd719014ad637634bbdabc49363104f4fca759b4b73f2ce", + "zh:7ae387993a92bcc379063229b3cce8af7eaf082dd9306598fcd42352994d2de0", + "zh:9e0f365f807b088646db6e4a8d4b188129d9ebdbcf2568c8ab33bddd1b82c867", + "zh:b5263acbd8ae51c9cbffa79743fbcadcb7908057c87eb22fd9048268056efbc4", + "zh:dfcd88ac5f13c0d04e24be00b686d069b4879cc4add1b7b1a8ae545783d97520", ] } provider "registry.terraform.io/hetznercloud/hcloud" { - version = "1.46.1" - constraints = "1.46.1" + version = "1.47.0" + constraints = "1.47.0" hashes = [ - "h1:cDJWhw9W+qj4ner9QX/+FBB6YvK9pnTVOugSAM+ejcM=", - "zh:0d8fb959c331b7cd9a13800198d65f61c604221b2fb05e0681c9cd432a6e2242", - "zh:31ab652fb504bff3fdee0de8e06cb4c7d08805f4d3e8430dac6a4ee8a52b949f", - "zh:493770ce314fc4f7b9536da077b217aa5af77b1d8c969639a257fda3dbd3e38b", - "zh:4c25ee2977d359db15c044a8bfeb00f64ca94a6bdea00774307768a9bad97996", - "zh:605c8e776cb69b1928c516ab1a9be9ea793c9405f038f224de5586db4983e621", - "zh:8c9b966a881f177199738253003dc1ee4944034598be4dfbb5465f6d28349c66", - "zh:8e6ec6e0f0572222f5a2d5748948c229a426408418c6500707711b1ae82fff1c", - "zh:a63e3ac7f84f0ad0c27399fb2ae4469570d9b216bbc06a89edeca6ff569f0ea0", - "zh:b03e6050ce2054665d824a02fcbe450cdfad29c082cf1d8adb29f8c138023457", - "zh:b40e03710694792cff0eb5ca3f7dc80ff0befd2957b0af3b248d36a4ac77293e", - "zh:bbd264b083a3f5e80a90c02ea3ec377231d030f4d9035bb0f1627f3b09504b00", - "zh:de2b119e4c39b3454199c34f4ce0fd60af11bd9012c46e2c907db53fd5969278", - "zh:e845750317897e45ab68e71326a43a7f143e0b5312aa9eba4fec907a3800a7f2", - "zh:eebc0085e7fa25d4eaf4e47be00dd7f64259f725ed86581d0acef8b8fde31b49", + "h1:aqEPcSpaWhKqbMs7c7Pf5ot6Tye7ntRitWsuNGPRPfk=", + "zh:0759f0c23d0e59baab3382320eef4eb314e0c5967b6ef67ff07135da07a97b34", + "zh:0e9ca84c4059d6d7e2c9f13d3c2b1cd91f7d9a47bedcb4b80c7c77d536eff887", + "zh:17a033ac4650a39ddacf3265a449edabaea528f81542c4e63e254272d5aac340", + "zh:2997c76a500e42b7519b24fa1f8646d9baab70c68277f80394560d3e1fd06e6d", + "zh:37f3fe7bb34cac63c69123e43e5426bab75816b3665dbe7125276a8d2ee6b2d8", + "zh:45d4b04dc470f24ad96c1c0b6636ea5422c659004f3e472c863bc50130fabf25", + "zh:46df99d972a78af6875565e53a73df66d870c474a20cd90e9e0a3092aa25197f", + "zh:4b5bb8d49366ad895c6c767efe16a1b8143802414abfe3fdb1184cbbecf424eb", + "zh:55c6199eb401c4b0a6c948ceac8b50f352e252e1c985903ed173bf26ad0f109e", + "zh:7b6efe897bffa37248064155a699e67953350b5b9a5476456c0160ce59254557", + "zh:7bc004bcb649ce1ec70e2cf848392e10a1edbcbf11b3292a4cc5c5d49bd769e4", + "zh:e1b17b7595f158fbb3021afa8869b541b5c10bdd2d8d2b2b3eaa82200b104ddd", + "zh:f741ca40e8e99a3e4114ad108ea2b5a5bccbedb008326c7f647f250580e69c0e", + "zh:fae9c7f8d08a447bb0972529f6db06999c35391046320206041a988aeca6b54c", ] } diff --git a/terraform/context.tf b/terraform/context.tf index a82119a..8eac0f1 100644 --- a/terraform/context.tf +++ b/terraform/context.tf @@ -4,7 +4,7 @@ resource "local_file" "hosts" { casey_ip : linode_instance.casey.ip_address, private_ipv6_marker : local.private_ipv6_marker, private_ipv6_range : local.private_ipv6_range, - walker_ip : vultr_instance.walker.main_ip, + walker_ip : hcloud_server.walker.ipv4_address, } }) filename = "${path.module}/../ansible/group_vars/all/vps-hosts.yml" diff --git a/terraform/hetzner_firewall.tf b/terraform/hetzner_firewall.tf new file mode 100644 index 0000000..5ad833a --- /dev/null +++ b/terraform/hetzner_firewall.tf @@ -0,0 +1,52 @@ +resource "hcloud_firewall" "base" { + name = "base" + + rule { + direction = "in" + protocol = "icmp" + source_ips = [ + "0.0.0.0/0", + "::/0" + ] + } +} + +resource "hcloud_firewall" "tailscale" { + name = "tailscale" + + rule { + direction = "in" + protocol = "udp" + port = "41641" + source_ips = [ + "0.0.0.0/0", + "::/0" + ] + } +} + +resource "hcloud_firewall" "web" { + name = "web" + + # HTTP + rule { + direction = "in" + protocol = "tcp" + port = "80" + source_ips = [ + "0.0.0.0/0", + "::/0" + ] + } + + # HTTPS + rule { + direction = "in" + protocol = "tcp" + port = "443" + source_ips = [ + "0.0.0.0/0", + "::/0" + ] + } +} diff --git a/terraform/providers.tf b/terraform/providers.tf index 7bbc680..fab6ffc 100644 --- a/terraform/providers.tf +++ b/terraform/providers.tf @@ -25,3 +25,7 @@ provider "b2" { application_key = var.backblaze_application_key application_key_id = var.backblaze_application_key_id } + +provider "hcloud" { + token = var.hetzner_token +} diff --git a/terraform/sys_domains.tf b/terraform/sys_domains.tf index f352d79..95570b0 100644 --- a/terraform/sys_domains.tf +++ b/terraform/sys_domains.tf @@ -9,7 +9,7 @@ resource "cloudflare_record" "sys_domain_casey" { resource "cloudflare_record" "sys_domain_walker" { zone_id = cloudflare_zone.theorangeonenet.id name = "walker.sys" - value = vultr_instance.walker.main_ip + value = hcloud_server.walker.ipv4_address type = "A" ttl = 1 } @@ -25,7 +25,7 @@ resource "cloudflare_record" "sys_domain_casey_v6" { resource "cloudflare_record" "sys_domain_walker_v6" { zone_id = cloudflare_zone.theorangeonenet.id name = "walker.sys" - value = vultr_instance.walker.v6_main_ip + value = hcloud_server.walker.ipv6_address type = "AAAA" ttl = 1 } diff --git a/terraform/terraform.tf b/terraform/terraform.tf index 475c401..62d6b6f 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -24,9 +24,9 @@ terraform { source = "Backblaze/b2" version = "0.8.9" } - hetzner = { - source = "hetznercloud/hcloud" - version = "1.46.1" + hcloud = { + source = "hetznercloud/hcloud" + version = "1.47.0" } } } diff --git a/terraform/walker_vps.tf b/terraform/walker_vps.tf index 5a79b91..438d14f 100644 --- a/terraform/walker_vps.tf +++ b/terraform/walker_vps.tf @@ -27,3 +27,30 @@ resource "vultr_reverse_ipv6" "walker_reverse_ipv6" { ip = vultr_instance.walker.v6_main_ip reverse = cloudflare_record.sys_domain_walker.hostname } + +resource "hcloud_server" "walker" { + name = "walker" + image = "debian-12" # Not true - that was just the initial install. + server_type = "cpx11" + location = "nbg1" + delete_protection = true + rebuild_protection = true + + firewall_ids = [ + hcloud_firewall.base.id, + hcloud_firewall.tailscale.id, + hcloud_firewall.web.id, + ] +} + +resource "hcloud_rdns" "walker_reverse_ipv4" { + server_id = hcloud_server.walker.id + ip_address = hcloud_server.walker.ipv4_address + dns_ptr = cloudflare_record.sys_domain_walker.hostname +} + +resource "hcloud_rdns" "walker_reverse_ipv6" { + server_id = hcloud_server.walker.id + ip_address = hcloud_server.walker.ipv6_address + dns_ptr = cloudflare_record.sys_domain_walker.hostname +}