From af396a21cbdeb13dfb9d3430c718327c172ff832 Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Fri, 21 Jan 2022 21:52:21 +0000 Subject: [PATCH] Provision a new `casey`on Linode --- ansible/group_vars/all/hosts.yml | 2 +- terraform/0rng.one.tf | 2 +- terraform/casey_vps.tf | 77 ++++++++++++++++++++++++++++++-- terraform/context.tf | 2 +- terraform/jakehoward.tech.tf | 22 ++++----- terraform/sys_domains.tf | 2 +- terraform/theorangeone.net.tf | 6 +-- 7 files changed, 91 insertions(+), 22 deletions(-) diff --git a/ansible/group_vars/all/hosts.yml b/ansible/group_vars/all/hosts.yml index f02d3e6..59703fa 100755 --- a/ansible/group_vars/all/hosts.yml +++ b/ansible/group_vars/all/hosts.yml @@ -1,5 +1,5 @@ "hosts": - "casey_ip": "108.61.221.88" + "casey_ip": "213.219.38.11" "decker_ip": "192.46.233.9" "grimes_ip": "104.238.172.209" "walker_ip": "192.248.168.230" diff --git a/terraform/0rng.one.tf b/terraform/0rng.one.tf index 95fb3dd..4534b96 100644 --- a/terraform/0rng.one.tf +++ b/terraform/0rng.one.tf @@ -29,7 +29,7 @@ resource "cloudflare_record" "orngone_img" { resource "cloudflare_record" "orngone_yourls" { zone_id = cloudflare_zone.orngone.id name = "@" - value = vultr_instance.casey.main_ip + value = linode_instance.casey.ip_address type = "A" ttl = 1 } diff --git a/terraform/casey_vps.tf b/terraform/casey_vps.tf index ca20147..e20cd87 100644 --- a/terraform/casey_vps.tf +++ b/terraform/casey_vps.tf @@ -18,8 +18,77 @@ resource "vultr_instance" "casey" { firewall_group_id = module.casey_firewall.firewall_group.id } -resource "vultr_reverse_ipv4" "casey_reverse_ipv4" { - instance_id = vultr_instance.casey.id - ip = vultr_instance.casey.main_ip - reverse = "casey.sys.theorangeone.net" +# Linode + +resource "linode_instance" "casey" { + label = "casey" + image = "linode/arch" + region = "eu-west" + type = "g6-nanode-1" + private_ip = true +} + +resource "linode_firewall" "casey" { + label = "casey" + linodes = [linode_instance.casey.id] + outbound_policy = "ACCEPT" + inbound_policy = "DROP" + + inbound { + label = "allow-ping" + action = "ACCEPT" + protocol = "ICMP" + ipv4 = ["0.0.0.0/0"] + ipv6 = ["::/0"] + } + + inbound { + label = "allow-inbound-https" + action = "ACCEPT" + protocol = "TCP" + ports = "443" + ipv4 = ["0.0.0.0/0"] + ipv6 = ["::/0"] + } + + inbound { + label = "allow-inbound-http" + action = "ACCEPT" + protocol = "TCP" + ports = "80" + ipv4 = ["0.0.0.0/0"] + ipv6 = ["::/0"] + } + + inbound { + label = "allow-inbound-wireguard" + action = "ACCEPT" + protocol = "UDP" + ports = "51820" + ipv4 = ["0.0.0.0/0"] + ipv6 = ["::/0"] + } + + inbound { + label = "allow-inbound-nebula" + action = "ACCEPT" + protocol = "UDP" + ports = "6328" + ipv4 = ["0.0.0.0/0"] + ipv6 = ["::/0"] + } + + inbound { + label = "allow-inbound-matrix" + action = "ACCEPT" + protocol = "TCP" + ports = "8448" + ipv4 = ["0.0.0.0/0"] + ipv6 = ["::/0"] + } +} + +resource "linode_rdns" "casey_reverse_ipv4" { + address = linode_instance.casey.ip_address + rdns = "casey.sys.theorangeone.net" } diff --git a/terraform/context.tf b/terraform/context.tf index a5dc829..a24c446 100644 --- a/terraform/context.tf +++ b/terraform/context.tf @@ -1,7 +1,7 @@ resource "local_file" "hosts" { content = yamlencode({ hosts : { - casey_ip : vultr_instance.casey.main_ip, + casey_ip : linode_instance.casey.ip_address, walker_ip : vultr_instance.walker.main_ip, grimes_ip : vultr_instance.grimes.main_ip, decker_ip : linode_instance.decker.ip_address, diff --git a/terraform/jakehoward.tech.tf b/terraform/jakehoward.tech.tf index 76df96d..6f238fa 100644 --- a/terraform/jakehoward.tech.tf +++ b/terraform/jakehoward.tech.tf @@ -55,7 +55,7 @@ resource "cloudflare_record" "jakehowardtech_dkim_fm3" { resource "cloudflare_record" "jakehowardtech_wallabag" { zone_id = cloudflare_zone.jakehowardtech.id name = "wallabag" - value = vultr_instance.casey.main_ip + value = linode_instance.casey.ip_address type = "A" ttl = 1 } @@ -63,7 +63,7 @@ resource "cloudflare_record" "jakehowardtech_wallabag" { resource "cloudflare_record" "jakehowardtech_ttrss" { zone_id = cloudflare_zone.jakehowardtech.id name = "tt-rss" - value = vultr_instance.casey.main_ip + value = linode_instance.casey.ip_address type = "A" ttl = 1 } @@ -71,7 +71,7 @@ resource "cloudflare_record" "jakehowardtech_ttrss" { resource "cloudflare_record" "jakehowardtech_speed" { zone_id = cloudflare_zone.jakehowardtech.id name = "speed" - value = vultr_instance.casey.main_ip + value = linode_instance.casey.ip_address type = "A" ttl = 1 } @@ -79,7 +79,7 @@ resource "cloudflare_record" "jakehowardtech_speed" { resource "cloudflare_record" "jakehowardtech_quassel" { zone_id = cloudflare_zone.jakehowardtech.id name = "quassel" - value = vultr_instance.casey.main_ip + value = linode_instance.casey.ip_address type = "A" ttl = 1 } @@ -87,7 +87,7 @@ resource "cloudflare_record" "jakehowardtech_quassel" { resource "cloudflare_record" "jakehowardtech_media" { zone_id = cloudflare_zone.jakehowardtech.id name = "media" - value = vultr_instance.casey.main_ip + value = linode_instance.casey.ip_address type = "A" ttl = 1 } @@ -95,7 +95,7 @@ resource "cloudflare_record" "jakehowardtech_media" { resource "cloudflare_record" "jakehowardtech_matrix" { zone_id = cloudflare_zone.jakehowardtech.id name = "matrix" - value = vultr_instance.casey.main_ip + value = linode_instance.casey.ip_address type = "A" ttl = 1 } @@ -103,7 +103,7 @@ resource "cloudflare_record" "jakehowardtech_matrix" { resource "cloudflare_record" "jakehowardtech_intersect" { zone_id = cloudflare_zone.jakehowardtech.id name = "intersect" - value = vultr_instance.casey.main_ip + value = linode_instance.casey.ip_address type = "A" ttl = 1 } @@ -111,7 +111,7 @@ resource "cloudflare_record" "jakehowardtech_intersect" { resource "cloudflare_record" "jakehowardtech_calibre" { zone_id = cloudflare_zone.jakehowardtech.id name = "calibre" - value = vultr_instance.casey.main_ip + value = linode_instance.casey.ip_address type = "A" ttl = 1 } @@ -119,7 +119,7 @@ resource "cloudflare_record" "jakehowardtech_calibre" { resource "cloudflare_record" "jakehowardtech_homeassistant" { zone_id = cloudflare_zone.jakehowardtech.id name = "homeassistant" - value = vultr_instance.casey.main_ip + value = linode_instance.casey.ip_address type = "A" ttl = 1 } @@ -127,7 +127,7 @@ resource "cloudflare_record" "jakehowardtech_homeassistant" { resource "cloudflare_record" "jakehowardtech_grafana" { zone_id = cloudflare_zone.jakehowardtech.id name = "grafana" - value = vultr_instance.casey.main_ip + value = linode_instance.casey.ip_address type = "A" ttl = 1 } @@ -135,7 +135,7 @@ resource "cloudflare_record" "jakehowardtech_grafana" { resource "cloudflare_record" "jakehowardtech_vaultwarden" { zone_id = cloudflare_zone.jakehowardtech.id name = "vaultwarden" - value = vultr_instance.casey.main_ip + value = linode_instance.casey.ip_address type = "A" ttl = 1 } diff --git a/terraform/sys_domains.tf b/terraform/sys_domains.tf index f46c677..a251fe6 100644 --- a/terraform/sys_domains.tf +++ b/terraform/sys_domains.tf @@ -1,7 +1,7 @@ resource "cloudflare_record" "sys_domain_casey" { zone_id = cloudflare_zone.theorangeonenet.id name = "casey.sys" - value = vultr_instance.casey.main_ip + value = linode_instance.casey.ip_address type = "A" ttl = 1 } diff --git a/terraform/theorangeone.net.tf b/terraform/theorangeone.net.tf index 45f6597..3463679 100644 --- a/terraform/theorangeone.net.tf +++ b/terraform/theorangeone.net.tf @@ -5,7 +5,7 @@ resource "cloudflare_zone" "theorangeonenet" { resource "cloudflare_record" "theorangeonenet_git" { zone_id = cloudflare_zone.theorangeonenet.id name = "git" - value = vultr_instance.casey.main_ip + value = linode_instance.casey.ip_address type = "A" ttl = 1 } @@ -13,7 +13,7 @@ resource "cloudflare_record" "theorangeonenet_git" { resource "cloudflare_record" "theorangeonenet_whoami" { zone_id = cloudflare_zone.theorangeonenet.id name = "whoami" - value = vultr_instance.casey.main_ip + value = linode_instance.casey.ip_address type = "A" ttl = 1 } @@ -160,7 +160,7 @@ resource "cloudflare_record" "theorangeonenet_notes" { resource "cloudflare_record" "theorangeonenet_privatebin" { zone_id = cloudflare_zone.theorangeonenet.id name = "bin" - value = vultr_instance.casey.main_ip + value = linode_instance.casey.ip_address type = "A" ttl = 1 }