Create new walker
on Hetzner
This commit is contained in:
parent
ac36a6b323
commit
9fee5c01ef
8 changed files with 120 additions and 37 deletions
|
@ -2,4 +2,4 @@
|
||||||
"casey_ip": "213.219.38.11"
|
"casey_ip": "213.219.38.11"
|
||||||
"private_ipv6_marker": "2a01:7e00:e000:7f7::1"
|
"private_ipv6_marker": "2a01:7e00:e000:7f7::1"
|
||||||
"private_ipv6_range": "2a01:7e00:e000:7f7::1/128"
|
"private_ipv6_range": "2a01:7e00:e000:7f7::1/128"
|
||||||
"walker_ip": "192.248.168.230"
|
"walker_ip": "162.55.181.67"
|
||||||
|
|
|
@ -119,43 +119,43 @@ provider "registry.terraform.io/hashicorp/aws" {
|
||||||
}
|
}
|
||||||
|
|
||||||
provider "registry.terraform.io/hashicorp/local" {
|
provider "registry.terraform.io/hashicorp/local" {
|
||||||
version = "2.4.0"
|
version = "2.5.1"
|
||||||
hashes = [
|
hashes = [
|
||||||
"h1:R97FTYETo88sT2VHfMgkPU3lzCsZLunPftjSI5vfKe8=",
|
"h1:8oTPe2VUL6E2d3OcrvqyjI4Nn/Y/UEQN26WLk5O/B0g=",
|
||||||
"zh:53604cd29cb92538668fe09565c739358dc53ca56f9f11312b9d7de81e48fab9",
|
"zh:0af29ce2b7b5712319bf6424cb58d13b852bf9a777011a545fac99c7fdcdf561",
|
||||||
"zh:66a46e9c508716a1c98efbf793092f03d50049fa4a83cd6b2251e9a06aca2acf",
|
"zh:126063ea0d79dad1f68fa4e4d556793c0108ce278034f101d1dbbb2463924561",
|
||||||
"zh:70a6f6a852dd83768d0778ce9817d81d4b3f073fab8fa570bff92dcb0824f732",
|
"zh:196bfb49086f22fd4db46033e01655b0e5e036a5582d250412cc690fa7995de5",
|
||||||
|
"zh:37c92ec084d059d37d6cffdb683ccf68e3a5f8d2eb69dd73c8e43ad003ef8d24",
|
||||||
|
"zh:4269f01a98513651ad66763c16b268f4c2da76cc892ccfd54b401fff6cc11667",
|
||||||
|
"zh:51904350b9c728f963eef0c28f1d43e73d010333133eb7f30999a8fb6a0cc3d8",
|
||||||
|
"zh:73a66611359b83d0c3fcba2984610273f7954002febb8a57242bbb86d967b635",
|
||||||
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
|
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
|
||||||
"zh:82a803f2f484c8b766e2e9c32343e9c89b91997b9f8d2697f9f3837f62926b35",
|
"zh:7ae387993a92bcc379063229b3cce8af7eaf082dd9306598fcd42352994d2de0",
|
||||||
"zh:9708a4e40d6cc4b8afd1352e5186e6e1502f6ae599867c120967aebe9d90ed04",
|
"zh:9e0f365f807b088646db6e4a8d4b188129d9ebdbcf2568c8ab33bddd1b82c867",
|
||||||
"zh:973f65ce0d67c585f4ec250c1e634c9b22d9c4288b484ee2a871d7fa1e317406",
|
"zh:b5263acbd8ae51c9cbffa79743fbcadcb7908057c87eb22fd9048268056efbc4",
|
||||||
"zh:c8fa0f98f9316e4cfef082aa9b785ba16e36ff754d6aba8b456dab9500e671c6",
|
"zh:dfcd88ac5f13c0d04e24be00b686d069b4879cc4add1b7b1a8ae545783d97520",
|
||||||
"zh:cfa5342a5f5188b20db246c73ac823918c189468e1382cb3c48a9c0c08fc5bf7",
|
|
||||||
"zh:e0e2b477c7e899c63b06b38cd8684a893d834d6d0b5e9b033cedc06dd7ffe9e2",
|
|
||||||
"zh:f62d7d05ea1ee566f732505200ab38d94315a4add27947a60afa29860822d3fc",
|
|
||||||
"zh:fa7ce69dde358e172bd719014ad637634bbdabc49363104f4fca759b4b73f2ce",
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
provider "registry.terraform.io/hetznercloud/hcloud" {
|
provider "registry.terraform.io/hetznercloud/hcloud" {
|
||||||
version = "1.46.1"
|
version = "1.47.0"
|
||||||
constraints = "1.46.1"
|
constraints = "1.47.0"
|
||||||
hashes = [
|
hashes = [
|
||||||
"h1:cDJWhw9W+qj4ner9QX/+FBB6YvK9pnTVOugSAM+ejcM=",
|
"h1:aqEPcSpaWhKqbMs7c7Pf5ot6Tye7ntRitWsuNGPRPfk=",
|
||||||
"zh:0d8fb959c331b7cd9a13800198d65f61c604221b2fb05e0681c9cd432a6e2242",
|
"zh:0759f0c23d0e59baab3382320eef4eb314e0c5967b6ef67ff07135da07a97b34",
|
||||||
"zh:31ab652fb504bff3fdee0de8e06cb4c7d08805f4d3e8430dac6a4ee8a52b949f",
|
"zh:0e9ca84c4059d6d7e2c9f13d3c2b1cd91f7d9a47bedcb4b80c7c77d536eff887",
|
||||||
"zh:493770ce314fc4f7b9536da077b217aa5af77b1d8c969639a257fda3dbd3e38b",
|
"zh:17a033ac4650a39ddacf3265a449edabaea528f81542c4e63e254272d5aac340",
|
||||||
"zh:4c25ee2977d359db15c044a8bfeb00f64ca94a6bdea00774307768a9bad97996",
|
"zh:2997c76a500e42b7519b24fa1f8646d9baab70c68277f80394560d3e1fd06e6d",
|
||||||
"zh:605c8e776cb69b1928c516ab1a9be9ea793c9405f038f224de5586db4983e621",
|
"zh:37f3fe7bb34cac63c69123e43e5426bab75816b3665dbe7125276a8d2ee6b2d8",
|
||||||
"zh:8c9b966a881f177199738253003dc1ee4944034598be4dfbb5465f6d28349c66",
|
"zh:45d4b04dc470f24ad96c1c0b6636ea5422c659004f3e472c863bc50130fabf25",
|
||||||
"zh:8e6ec6e0f0572222f5a2d5748948c229a426408418c6500707711b1ae82fff1c",
|
"zh:46df99d972a78af6875565e53a73df66d870c474a20cd90e9e0a3092aa25197f",
|
||||||
"zh:a63e3ac7f84f0ad0c27399fb2ae4469570d9b216bbc06a89edeca6ff569f0ea0",
|
"zh:4b5bb8d49366ad895c6c767efe16a1b8143802414abfe3fdb1184cbbecf424eb",
|
||||||
"zh:b03e6050ce2054665d824a02fcbe450cdfad29c082cf1d8adb29f8c138023457",
|
"zh:55c6199eb401c4b0a6c948ceac8b50f352e252e1c985903ed173bf26ad0f109e",
|
||||||
"zh:b40e03710694792cff0eb5ca3f7dc80ff0befd2957b0af3b248d36a4ac77293e",
|
"zh:7b6efe897bffa37248064155a699e67953350b5b9a5476456c0160ce59254557",
|
||||||
"zh:bbd264b083a3f5e80a90c02ea3ec377231d030f4d9035bb0f1627f3b09504b00",
|
"zh:7bc004bcb649ce1ec70e2cf848392e10a1edbcbf11b3292a4cc5c5d49bd769e4",
|
||||||
"zh:de2b119e4c39b3454199c34f4ce0fd60af11bd9012c46e2c907db53fd5969278",
|
"zh:e1b17b7595f158fbb3021afa8869b541b5c10bdd2d8d2b2b3eaa82200b104ddd",
|
||||||
"zh:e845750317897e45ab68e71326a43a7f143e0b5312aa9eba4fec907a3800a7f2",
|
"zh:f741ca40e8e99a3e4114ad108ea2b5a5bccbedb008326c7f647f250580e69c0e",
|
||||||
"zh:eebc0085e7fa25d4eaf4e47be00dd7f64259f725ed86581d0acef8b8fde31b49",
|
"zh:fae9c7f8d08a447bb0972529f6db06999c35391046320206041a988aeca6b54c",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -4,7 +4,7 @@ resource "local_file" "hosts" {
|
||||||
casey_ip : linode_instance.casey.ip_address,
|
casey_ip : linode_instance.casey.ip_address,
|
||||||
private_ipv6_marker : local.private_ipv6_marker,
|
private_ipv6_marker : local.private_ipv6_marker,
|
||||||
private_ipv6_range : local.private_ipv6_range,
|
private_ipv6_range : local.private_ipv6_range,
|
||||||
walker_ip : vultr_instance.walker.main_ip,
|
walker_ip : hcloud_server.walker.ipv4_address,
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
filename = "${path.module}/../ansible/group_vars/all/vps-hosts.yml"
|
filename = "${path.module}/../ansible/group_vars/all/vps-hosts.yml"
|
||||||
|
|
52
terraform/hetzner_firewall.tf
Normal file
52
terraform/hetzner_firewall.tf
Normal file
|
@ -0,0 +1,52 @@
|
||||||
|
resource "hcloud_firewall" "base" {
|
||||||
|
name = "base"
|
||||||
|
|
||||||
|
rule {
|
||||||
|
direction = "in"
|
||||||
|
protocol = "icmp"
|
||||||
|
source_ips = [
|
||||||
|
"0.0.0.0/0",
|
||||||
|
"::/0"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "hcloud_firewall" "tailscale" {
|
||||||
|
name = "tailscale"
|
||||||
|
|
||||||
|
rule {
|
||||||
|
direction = "in"
|
||||||
|
protocol = "udp"
|
||||||
|
port = "41641"
|
||||||
|
source_ips = [
|
||||||
|
"0.0.0.0/0",
|
||||||
|
"::/0"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "hcloud_firewall" "web" {
|
||||||
|
name = "web"
|
||||||
|
|
||||||
|
# HTTP
|
||||||
|
rule {
|
||||||
|
direction = "in"
|
||||||
|
protocol = "tcp"
|
||||||
|
port = "80"
|
||||||
|
source_ips = [
|
||||||
|
"0.0.0.0/0",
|
||||||
|
"::/0"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
# HTTPS
|
||||||
|
rule {
|
||||||
|
direction = "in"
|
||||||
|
protocol = "tcp"
|
||||||
|
port = "443"
|
||||||
|
source_ips = [
|
||||||
|
"0.0.0.0/0",
|
||||||
|
"::/0"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
|
@ -25,3 +25,7 @@ provider "b2" {
|
||||||
application_key = var.backblaze_application_key
|
application_key = var.backblaze_application_key
|
||||||
application_key_id = var.backblaze_application_key_id
|
application_key_id = var.backblaze_application_key_id
|
||||||
}
|
}
|
||||||
|
|
||||||
|
provider "hcloud" {
|
||||||
|
token = var.hetzner_token
|
||||||
|
}
|
||||||
|
|
|
@ -9,7 +9,7 @@ resource "cloudflare_record" "sys_domain_casey" {
|
||||||
resource "cloudflare_record" "sys_domain_walker" {
|
resource "cloudflare_record" "sys_domain_walker" {
|
||||||
zone_id = cloudflare_zone.theorangeonenet.id
|
zone_id = cloudflare_zone.theorangeonenet.id
|
||||||
name = "walker.sys"
|
name = "walker.sys"
|
||||||
value = vultr_instance.walker.main_ip
|
value = hcloud_server.walker.ipv4_address
|
||||||
type = "A"
|
type = "A"
|
||||||
ttl = 1
|
ttl = 1
|
||||||
}
|
}
|
||||||
|
@ -25,7 +25,7 @@ resource "cloudflare_record" "sys_domain_casey_v6" {
|
||||||
resource "cloudflare_record" "sys_domain_walker_v6" {
|
resource "cloudflare_record" "sys_domain_walker_v6" {
|
||||||
zone_id = cloudflare_zone.theorangeonenet.id
|
zone_id = cloudflare_zone.theorangeonenet.id
|
||||||
name = "walker.sys"
|
name = "walker.sys"
|
||||||
value = vultr_instance.walker.v6_main_ip
|
value = hcloud_server.walker.ipv6_address
|
||||||
type = "AAAA"
|
type = "AAAA"
|
||||||
ttl = 1
|
ttl = 1
|
||||||
}
|
}
|
||||||
|
|
|
@ -24,9 +24,9 @@ terraform {
|
||||||
source = "Backblaze/b2"
|
source = "Backblaze/b2"
|
||||||
version = "0.8.9"
|
version = "0.8.9"
|
||||||
}
|
}
|
||||||
hetzner = {
|
hcloud = {
|
||||||
source = "hetznercloud/hcloud"
|
source = "hetznercloud/hcloud"
|
||||||
version = "1.46.1"
|
version = "1.47.0"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -27,3 +27,30 @@ resource "vultr_reverse_ipv6" "walker_reverse_ipv6" {
|
||||||
ip = vultr_instance.walker.v6_main_ip
|
ip = vultr_instance.walker.v6_main_ip
|
||||||
reverse = cloudflare_record.sys_domain_walker.hostname
|
reverse = cloudflare_record.sys_domain_walker.hostname
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "hcloud_server" "walker" {
|
||||||
|
name = "walker"
|
||||||
|
image = "debian-12" # Not true - that was just the initial install.
|
||||||
|
server_type = "cpx11"
|
||||||
|
location = "nbg1"
|
||||||
|
delete_protection = true
|
||||||
|
rebuild_protection = true
|
||||||
|
|
||||||
|
firewall_ids = [
|
||||||
|
hcloud_firewall.base.id,
|
||||||
|
hcloud_firewall.tailscale.id,
|
||||||
|
hcloud_firewall.web.id,
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "hcloud_rdns" "walker_reverse_ipv4" {
|
||||||
|
server_id = hcloud_server.walker.id
|
||||||
|
ip_address = hcloud_server.walker.ipv4_address
|
||||||
|
dns_ptr = cloudflare_record.sys_domain_walker.hostname
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "hcloud_rdns" "walker_reverse_ipv6" {
|
||||||
|
server_id = hcloud_server.walker.id
|
||||||
|
ip_address = hcloud_server.walker.ipv6_address
|
||||||
|
dns_ptr = cloudflare_record.sys_domain_walker.hostname
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue