Create new walker on Hetzner
All checks were successful
/ terraform (push) Successful in 1m30s
/ ansible (push) Successful in 2m48s

This commit is contained in:
Jake Howard 2024-05-04 13:20:15 +01:00
parent ac36a6b323
commit 9fee5c01ef
Signed by: jake
GPG key ID: 57AFB45680EDD477
8 changed files with 120 additions and 37 deletions

View file

@ -2,4 +2,4 @@
"casey_ip": "213.219.38.11" "casey_ip": "213.219.38.11"
"private_ipv6_marker": "2a01:7e00:e000:7f7::1" "private_ipv6_marker": "2a01:7e00:e000:7f7::1"
"private_ipv6_range": "2a01:7e00:e000:7f7::1/128" "private_ipv6_range": "2a01:7e00:e000:7f7::1/128"
"walker_ip": "192.248.168.230" "walker_ip": "162.55.181.67"

View file

@ -119,43 +119,43 @@ provider "registry.terraform.io/hashicorp/aws" {
} }
provider "registry.terraform.io/hashicorp/local" { provider "registry.terraform.io/hashicorp/local" {
version = "2.4.0" version = "2.5.1"
hashes = [ hashes = [
"h1:R97FTYETo88sT2VHfMgkPU3lzCsZLunPftjSI5vfKe8=", "h1:8oTPe2VUL6E2d3OcrvqyjI4Nn/Y/UEQN26WLk5O/B0g=",
"zh:53604cd29cb92538668fe09565c739358dc53ca56f9f11312b9d7de81e48fab9", "zh:0af29ce2b7b5712319bf6424cb58d13b852bf9a777011a545fac99c7fdcdf561",
"zh:66a46e9c508716a1c98efbf793092f03d50049fa4a83cd6b2251e9a06aca2acf", "zh:126063ea0d79dad1f68fa4e4d556793c0108ce278034f101d1dbbb2463924561",
"zh:70a6f6a852dd83768d0778ce9817d81d4b3f073fab8fa570bff92dcb0824f732", "zh:196bfb49086f22fd4db46033e01655b0e5e036a5582d250412cc690fa7995de5",
"zh:37c92ec084d059d37d6cffdb683ccf68e3a5f8d2eb69dd73c8e43ad003ef8d24",
"zh:4269f01a98513651ad66763c16b268f4c2da76cc892ccfd54b401fff6cc11667",
"zh:51904350b9c728f963eef0c28f1d43e73d010333133eb7f30999a8fb6a0cc3d8",
"zh:73a66611359b83d0c3fcba2984610273f7954002febb8a57242bbb86d967b635",
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
"zh:82a803f2f484c8b766e2e9c32343e9c89b91997b9f8d2697f9f3837f62926b35", "zh:7ae387993a92bcc379063229b3cce8af7eaf082dd9306598fcd42352994d2de0",
"zh:9708a4e40d6cc4b8afd1352e5186e6e1502f6ae599867c120967aebe9d90ed04", "zh:9e0f365f807b088646db6e4a8d4b188129d9ebdbcf2568c8ab33bddd1b82c867",
"zh:973f65ce0d67c585f4ec250c1e634c9b22d9c4288b484ee2a871d7fa1e317406", "zh:b5263acbd8ae51c9cbffa79743fbcadcb7908057c87eb22fd9048268056efbc4",
"zh:c8fa0f98f9316e4cfef082aa9b785ba16e36ff754d6aba8b456dab9500e671c6", "zh:dfcd88ac5f13c0d04e24be00b686d069b4879cc4add1b7b1a8ae545783d97520",
"zh:cfa5342a5f5188b20db246c73ac823918c189468e1382cb3c48a9c0c08fc5bf7",
"zh:e0e2b477c7e899c63b06b38cd8684a893d834d6d0b5e9b033cedc06dd7ffe9e2",
"zh:f62d7d05ea1ee566f732505200ab38d94315a4add27947a60afa29860822d3fc",
"zh:fa7ce69dde358e172bd719014ad637634bbdabc49363104f4fca759b4b73f2ce",
] ]
} }
provider "registry.terraform.io/hetznercloud/hcloud" { provider "registry.terraform.io/hetznercloud/hcloud" {
version = "1.46.1" version = "1.47.0"
constraints = "1.46.1" constraints = "1.47.0"
hashes = [ hashes = [
"h1:cDJWhw9W+qj4ner9QX/+FBB6YvK9pnTVOugSAM+ejcM=", "h1:aqEPcSpaWhKqbMs7c7Pf5ot6Tye7ntRitWsuNGPRPfk=",
"zh:0d8fb959c331b7cd9a13800198d65f61c604221b2fb05e0681c9cd432a6e2242", "zh:0759f0c23d0e59baab3382320eef4eb314e0c5967b6ef67ff07135da07a97b34",
"zh:31ab652fb504bff3fdee0de8e06cb4c7d08805f4d3e8430dac6a4ee8a52b949f", "zh:0e9ca84c4059d6d7e2c9f13d3c2b1cd91f7d9a47bedcb4b80c7c77d536eff887",
"zh:493770ce314fc4f7b9536da077b217aa5af77b1d8c969639a257fda3dbd3e38b", "zh:17a033ac4650a39ddacf3265a449edabaea528f81542c4e63e254272d5aac340",
"zh:4c25ee2977d359db15c044a8bfeb00f64ca94a6bdea00774307768a9bad97996", "zh:2997c76a500e42b7519b24fa1f8646d9baab70c68277f80394560d3e1fd06e6d",
"zh:605c8e776cb69b1928c516ab1a9be9ea793c9405f038f224de5586db4983e621", "zh:37f3fe7bb34cac63c69123e43e5426bab75816b3665dbe7125276a8d2ee6b2d8",
"zh:8c9b966a881f177199738253003dc1ee4944034598be4dfbb5465f6d28349c66", "zh:45d4b04dc470f24ad96c1c0b6636ea5422c659004f3e472c863bc50130fabf25",
"zh:8e6ec6e0f0572222f5a2d5748948c229a426408418c6500707711b1ae82fff1c", "zh:46df99d972a78af6875565e53a73df66d870c474a20cd90e9e0a3092aa25197f",
"zh:a63e3ac7f84f0ad0c27399fb2ae4469570d9b216bbc06a89edeca6ff569f0ea0", "zh:4b5bb8d49366ad895c6c767efe16a1b8143802414abfe3fdb1184cbbecf424eb",
"zh:b03e6050ce2054665d824a02fcbe450cdfad29c082cf1d8adb29f8c138023457", "zh:55c6199eb401c4b0a6c948ceac8b50f352e252e1c985903ed173bf26ad0f109e",
"zh:b40e03710694792cff0eb5ca3f7dc80ff0befd2957b0af3b248d36a4ac77293e", "zh:7b6efe897bffa37248064155a699e67953350b5b9a5476456c0160ce59254557",
"zh:bbd264b083a3f5e80a90c02ea3ec377231d030f4d9035bb0f1627f3b09504b00", "zh:7bc004bcb649ce1ec70e2cf848392e10a1edbcbf11b3292a4cc5c5d49bd769e4",
"zh:de2b119e4c39b3454199c34f4ce0fd60af11bd9012c46e2c907db53fd5969278", "zh:e1b17b7595f158fbb3021afa8869b541b5c10bdd2d8d2b2b3eaa82200b104ddd",
"zh:e845750317897e45ab68e71326a43a7f143e0b5312aa9eba4fec907a3800a7f2", "zh:f741ca40e8e99a3e4114ad108ea2b5a5bccbedb008326c7f647f250580e69c0e",
"zh:eebc0085e7fa25d4eaf4e47be00dd7f64259f725ed86581d0acef8b8fde31b49", "zh:fae9c7f8d08a447bb0972529f6db06999c35391046320206041a988aeca6b54c",
] ]
} }

View file

@ -4,7 +4,7 @@ resource "local_file" "hosts" {
casey_ip : linode_instance.casey.ip_address, casey_ip : linode_instance.casey.ip_address,
private_ipv6_marker : local.private_ipv6_marker, private_ipv6_marker : local.private_ipv6_marker,
private_ipv6_range : local.private_ipv6_range, private_ipv6_range : local.private_ipv6_range,
walker_ip : vultr_instance.walker.main_ip, walker_ip : hcloud_server.walker.ipv4_address,
} }
}) })
filename = "${path.module}/../ansible/group_vars/all/vps-hosts.yml" filename = "${path.module}/../ansible/group_vars/all/vps-hosts.yml"

View file

@ -0,0 +1,52 @@
resource "hcloud_firewall" "base" {
name = "base"
rule {
direction = "in"
protocol = "icmp"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
}
resource "hcloud_firewall" "tailscale" {
name = "tailscale"
rule {
direction = "in"
protocol = "udp"
port = "41641"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
}
resource "hcloud_firewall" "web" {
name = "web"
# HTTP
rule {
direction = "in"
protocol = "tcp"
port = "80"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
# HTTPS
rule {
direction = "in"
protocol = "tcp"
port = "443"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
}

View file

@ -25,3 +25,7 @@ provider "b2" {
application_key = var.backblaze_application_key application_key = var.backblaze_application_key
application_key_id = var.backblaze_application_key_id application_key_id = var.backblaze_application_key_id
} }
provider "hcloud" {
token = var.hetzner_token
}

View file

@ -9,7 +9,7 @@ resource "cloudflare_record" "sys_domain_casey" {
resource "cloudflare_record" "sys_domain_walker" { resource "cloudflare_record" "sys_domain_walker" {
zone_id = cloudflare_zone.theorangeonenet.id zone_id = cloudflare_zone.theorangeonenet.id
name = "walker.sys" name = "walker.sys"
value = vultr_instance.walker.main_ip value = hcloud_server.walker.ipv4_address
type = "A" type = "A"
ttl = 1 ttl = 1
} }
@ -25,7 +25,7 @@ resource "cloudflare_record" "sys_domain_casey_v6" {
resource "cloudflare_record" "sys_domain_walker_v6" { resource "cloudflare_record" "sys_domain_walker_v6" {
zone_id = cloudflare_zone.theorangeonenet.id zone_id = cloudflare_zone.theorangeonenet.id
name = "walker.sys" name = "walker.sys"
value = vultr_instance.walker.v6_main_ip value = hcloud_server.walker.ipv6_address
type = "AAAA" type = "AAAA"
ttl = 1 ttl = 1
} }

View file

@ -24,9 +24,9 @@ terraform {
source = "Backblaze/b2" source = "Backblaze/b2"
version = "0.8.9" version = "0.8.9"
} }
hetzner = { hcloud = {
source = "hetznercloud/hcloud" source = "hetznercloud/hcloud"
version = "1.46.1" version = "1.47.0"
} }
} }
} }

View file

@ -27,3 +27,30 @@ resource "vultr_reverse_ipv6" "walker_reverse_ipv6" {
ip = vultr_instance.walker.v6_main_ip ip = vultr_instance.walker.v6_main_ip
reverse = cloudflare_record.sys_domain_walker.hostname reverse = cloudflare_record.sys_domain_walker.hostname
} }
resource "hcloud_server" "walker" {
name = "walker"
image = "debian-12" # Not true - that was just the initial install.
server_type = "cpx11"
location = "nbg1"
delete_protection = true
rebuild_protection = true
firewall_ids = [
hcloud_firewall.base.id,
hcloud_firewall.tailscale.id,
hcloud_firewall.web.id,
]
}
resource "hcloud_rdns" "walker_reverse_ipv4" {
server_id = hcloud_server.walker.id
ip_address = hcloud_server.walker.ipv4_address
dns_ptr = cloudflare_record.sys_domain_walker.hostname
}
resource "hcloud_rdns" "walker_reverse_ipv6" {
server_id = hcloud_server.walker.id
ip_address = hcloud_server.walker.ipv6_address
dns_ptr = cloudflare_record.sys_domain_walker.hostname
}