Provision a new caseyon Linode

2022-01-21 21:52:21 +00:00 · 2022-01-21 21:52:21 +00:00 · af396a21cb
commit af396a21cb
parent 188b7c9dd6
7 changed files with 91 additions and 22 deletions
--- a/ansible/group_vars/all/hosts.yml
+++ b/ansible/group_vars/all/hosts.yml
@ -1,5 +1,5 @@
 "hosts":
-  "casey_ip": "108.61.221.88"
+  "casey_ip": "213.219.38.11"
  "decker_ip": "192.46.233.9"
  "grimes_ip": "104.238.172.209"
  "walker_ip": "192.248.168.230"
--- a/terraform/0rng.one.tf
+++ b/terraform/0rng.one.tf
@ -29,7 +29,7 @@ resource "cloudflare_record" "orngone_img" {
 resource "cloudflare_record" "orngone_yourls" {
  zone_id = cloudflare_zone.orngone.id
  name    = "@"
-  value   = vultr_instance.casey.main_ip
+  value   = linode_instance.casey.ip_address
  type    = "A"
  ttl     = 1
 }
--- a/terraform/casey_vps.tf
+++ b/terraform/casey_vps.tf
@ -18,8 +18,77 @@ resource "vultr_instance" "casey" {
  firewall_group_id = module.casey_firewall.firewall_group.id
 }

-resource "vultr_reverse_ipv4" "casey_reverse_ipv4" {
-  instance_id = vultr_instance.casey.id
-  ip          = vultr_instance.casey.main_ip
-  reverse     = "casey.sys.theorangeone.net"
+# Linode
+
+resource "linode_instance" "casey" {
+  label      = "casey"
+  image      = "linode/arch"
+  region     = "eu-west"
+  type       = "g6-nanode-1"
+  private_ip = true
+}
+
+resource "linode_firewall" "casey" {
+  label           = "casey"
+  linodes         = [linode_instance.casey.id]
+  outbound_policy = "ACCEPT"
+  inbound_policy  = "DROP"
+
+  inbound {
+    label    = "allow-ping"
+    action   = "ACCEPT"
+    protocol = "ICMP"
+    ipv4     = ["0.0.0.0/0"]
+    ipv6     = ["::/0"]
+  }
+
+  inbound {
+    label    = "allow-inbound-https"
+    action   = "ACCEPT"
+    protocol = "TCP"
+    ports    = "443"
+    ipv4     = ["0.0.0.0/0"]
+    ipv6     = ["::/0"]
+  }
+
+  inbound {
+    label    = "allow-inbound-http"
+    action   = "ACCEPT"
+    protocol = "TCP"
+    ports    = "80"
+    ipv4     = ["0.0.0.0/0"]
+    ipv6     = ["::/0"]
+  }
+
+  inbound {
+    label    = "allow-inbound-wireguard"
+    action   = "ACCEPT"
+    protocol = "UDP"
+    ports    = "51820"
+    ipv4     = ["0.0.0.0/0"]
+    ipv6     = ["::/0"]
+  }
+
+  inbound {
+    label    = "allow-inbound-nebula"
+    action   = "ACCEPT"
+    protocol = "UDP"
+    ports    = "6328"
+    ipv4     = ["0.0.0.0/0"]
+    ipv6     = ["::/0"]
+  }
+
+  inbound {
+    label    = "allow-inbound-matrix"
+    action   = "ACCEPT"
+    protocol = "TCP"
+    ports    = "8448"
+    ipv4     = ["0.0.0.0/0"]
+    ipv6     = ["::/0"]
+  }
+}
+
+resource "linode_rdns" "casey_reverse_ipv4" {
+  address = linode_instance.casey.ip_address
+  rdns    = "casey.sys.theorangeone.net"
 }
--- a/terraform/context.tf
+++ b/terraform/context.tf
@ -1,7 +1,7 @@
 resource "local_file" "hosts" {
  content = yamlencode({
    hosts : {
-      casey_ip : vultr_instance.casey.main_ip,
+      casey_ip : linode_instance.casey.ip_address,
      walker_ip : vultr_instance.walker.main_ip,
      grimes_ip : vultr_instance.grimes.main_ip,
      decker_ip : linode_instance.decker.ip_address,
--- a/terraform/jakehoward.tech.tf
+++ b/terraform/jakehoward.tech.tf
@ -55,7 +55,7 @@ resource "cloudflare_record" "jakehowardtech_dkim_fm3" {
 resource "cloudflare_record" "jakehowardtech_wallabag" {
  zone_id = cloudflare_zone.jakehowardtech.id
  name    = "wallabag"
-  value   = vultr_instance.casey.main_ip
+  value   = linode_instance.casey.ip_address
  type    = "A"
  ttl     = 1
 }
@ -63,7 +63,7 @@ resource "cloudflare_record" "jakehowardtech_wallabag" {
 resource "cloudflare_record" "jakehowardtech_ttrss" {
  zone_id = cloudflare_zone.jakehowardtech.id
  name    = "tt-rss"
-  value   = vultr_instance.casey.main_ip
+  value   = linode_instance.casey.ip_address
  type    = "A"
  ttl     = 1
 }
@ -71,7 +71,7 @@ resource "cloudflare_record" "jakehowardtech_ttrss" {
 resource "cloudflare_record" "jakehowardtech_speed" {
  zone_id = cloudflare_zone.jakehowardtech.id
  name    = "speed"
-  value   = vultr_instance.casey.main_ip
+  value   = linode_instance.casey.ip_address
  type    = "A"
  ttl     = 1
 }
@ -79,7 +79,7 @@ resource "cloudflare_record" "jakehowardtech_speed" {
 resource "cloudflare_record" "jakehowardtech_quassel" {
  zone_id = cloudflare_zone.jakehowardtech.id
  name    = "quassel"
-  value   = vultr_instance.casey.main_ip
+  value   = linode_instance.casey.ip_address
  type    = "A"
  ttl     = 1
 }
@ -87,7 +87,7 @@ resource "cloudflare_record" "jakehowardtech_quassel" {
 resource "cloudflare_record" "jakehowardtech_media" {
  zone_id = cloudflare_zone.jakehowardtech.id
  name    = "media"
-  value   = vultr_instance.casey.main_ip
+  value   = linode_instance.casey.ip_address
  type    = "A"
  ttl     = 1
 }
@ -95,7 +95,7 @@ resource "cloudflare_record" "jakehowardtech_media" {
 resource "cloudflare_record" "jakehowardtech_matrix" {
  zone_id = cloudflare_zone.jakehowardtech.id
  name    = "matrix"
-  value   = vultr_instance.casey.main_ip
+  value   = linode_instance.casey.ip_address
  type    = "A"
  ttl     = 1
 }
@ -103,7 +103,7 @@ resource "cloudflare_record" "jakehowardtech_matrix" {
 resource "cloudflare_record" "jakehowardtech_intersect" {
  zone_id = cloudflare_zone.jakehowardtech.id
  name    = "intersect"
-  value   = vultr_instance.casey.main_ip
+  value   = linode_instance.casey.ip_address
  type    = "A"
  ttl     = 1
 }
@ -111,7 +111,7 @@ resource "cloudflare_record" "jakehowardtech_intersect" {
 resource "cloudflare_record" "jakehowardtech_calibre" {
  zone_id = cloudflare_zone.jakehowardtech.id
  name    = "calibre"
-  value   = vultr_instance.casey.main_ip
+  value   = linode_instance.casey.ip_address
  type    = "A"
  ttl     = 1
 }
@ -119,7 +119,7 @@ resource "cloudflare_record" "jakehowardtech_calibre" {
 resource "cloudflare_record" "jakehowardtech_homeassistant" {
  zone_id = cloudflare_zone.jakehowardtech.id
  name    = "homeassistant"
-  value   = vultr_instance.casey.main_ip
+  value   = linode_instance.casey.ip_address
  type    = "A"
  ttl     = 1
 }
@ -127,7 +127,7 @@ resource "cloudflare_record" "jakehowardtech_homeassistant" {
 resource "cloudflare_record" "jakehowardtech_grafana" {
  zone_id = cloudflare_zone.jakehowardtech.id
  name    = "grafana"
-  value   = vultr_instance.casey.main_ip
+  value   = linode_instance.casey.ip_address
  type    = "A"
  ttl     = 1
 }
@ -135,7 +135,7 @@ resource "cloudflare_record" "jakehowardtech_grafana" {
 resource "cloudflare_record" "jakehowardtech_vaultwarden" {
  zone_id = cloudflare_zone.jakehowardtech.id
  name    = "vaultwarden"
-  value   = vultr_instance.casey.main_ip
+  value   = linode_instance.casey.ip_address
  type    = "A"
  ttl     = 1
 }
--- a/terraform/sys_domains.tf
+++ b/terraform/sys_domains.tf
@ -1,7 +1,7 @@
 resource "cloudflare_record" "sys_domain_casey" {
  zone_id = cloudflare_zone.theorangeonenet.id
  name    = "casey.sys"
-  value   = vultr_instance.casey.main_ip
+  value   = linode_instance.casey.ip_address
  type    = "A"
  ttl     = 1
 }
--- a/terraform/theorangeone.net.tf
+++ b/terraform/theorangeone.net.tf
@ -5,7 +5,7 @@ resource "cloudflare_zone" "theorangeonenet" {
 resource "cloudflare_record" "theorangeonenet_git" {
  zone_id = cloudflare_zone.theorangeonenet.id
  name    = "git"
-  value   = vultr_instance.casey.main_ip
+  value   = linode_instance.casey.ip_address
  type    = "A"
  ttl     = 1
 }
@ -13,7 +13,7 @@ resource "cloudflare_record" "theorangeonenet_git" {
 resource "cloudflare_record" "theorangeonenet_whoami" {
  zone_id = cloudflare_zone.theorangeonenet.id
  name    = "whoami"
-  value   = vultr_instance.casey.main_ip
+  value   = linode_instance.casey.ip_address
  type    = "A"
  ttl     = 1
 }
@ -160,7 +160,7 @@ resource "cloudflare_record" "theorangeonenet_notes" {
 resource "cloudflare_record" "theorangeonenet_privatebin" {
  zone_id = cloudflare_zone.theorangeonenet.id
  name    = "bin"
-  value   = vultr_instance.casey.main_ip
+  value   = linode_instance.casey.ip_address
  type    = "A"
  ttl     = 1
 }