Provision a new caseyon Linode

ansible/group_vars/all/hosts.yml

@@ -1,5 +1,5 @@
 "hosts":
-  "casey_ip": "108.61.221.88"
+  "casey_ip": "213.219.38.11"
   "decker_ip": "192.46.233.9"
   "grimes_ip": "104.238.172.209"
   "walker_ip": "192.248.168.230"

terraform/0rng.one.tf

@@ -29,7 +29,7 @@ resource "cloudflare_record" "orngone_img" {
 resource "cloudflare_record" "orngone_yourls" {
   zone_id = cloudflare_zone.orngone.id
   name    = "@"
-  value   = vultr_instance.casey.main_ip
+  value   = linode_instance.casey.ip_address
   type    = "A"
   ttl     = 1
 }

terraform/casey_vps.tf

@@ -18,8 +18,77 @@ resource "vultr_instance" "casey" {
   firewall_group_id = module.casey_firewall.firewall_group.id
 }
 
-resource "vultr_reverse_ipv4" "casey_reverse_ipv4" {
+# Linode
-  instance_id = vultr_instance.casey.id
+
-  ip          = vultr_instance.casey.main_ip
+resource "linode_instance" "casey" {
-  reverse     = "casey.sys.theorangeone.net"
+  label      = "casey"
+  image      = "linode/arch"
+  region     = "eu-west"
+  type       = "g6-nanode-1"
+  private_ip = true
+}
+
+resource "linode_firewall" "casey" {
+  label           = "casey"
+  linodes         = [linode_instance.casey.id]
+  outbound_policy = "ACCEPT"
+  inbound_policy  = "DROP"
+
+  inbound {
+    label    = "allow-ping"
+    action   = "ACCEPT"
+    protocol = "ICMP"
+    ipv4     = ["0.0.0.0/0"]
+    ipv6     = ["::/0"]
+  }
+
+  inbound {
+    label    = "allow-inbound-https"
+    action   = "ACCEPT"
+    protocol = "TCP"
+    ports    = "443"
+    ipv4     = ["0.0.0.0/0"]
+    ipv6     = ["::/0"]
+  }
+
+  inbound {
+    label    = "allow-inbound-http"
+    action   = "ACCEPT"
+    protocol = "TCP"
+    ports    = "80"
+    ipv4     = ["0.0.0.0/0"]
+    ipv6     = ["::/0"]
+  }
+
+  inbound {
+    label    = "allow-inbound-wireguard"
+    action   = "ACCEPT"
+    protocol = "UDP"
+    ports    = "51820"
+    ipv4     = ["0.0.0.0/0"]
+    ipv6     = ["::/0"]
+  }
+
+  inbound {
+    label    = "allow-inbound-nebula"
+    action   = "ACCEPT"
+    protocol = "UDP"
+    ports    = "6328"
+    ipv4     = ["0.0.0.0/0"]
+    ipv6     = ["::/0"]
+  }
+
+  inbound {
+    label    = "allow-inbound-matrix"
+    action   = "ACCEPT"
+    protocol = "TCP"
+    ports    = "8448"
+    ipv4     = ["0.0.0.0/0"]
+    ipv6     = ["::/0"]
+  }
+}
+
+resource "linode_rdns" "casey_reverse_ipv4" {
+  address = linode_instance.casey.ip_address
+  rdns    = "casey.sys.theorangeone.net"
 }

terraform/context.tf

@@ -1,7 +1,7 @@
 resource "local_file" "hosts" {
   content = yamlencode({
     hosts : {
-      casey_ip : vultr_instance.casey.main_ip,
+      casey_ip : linode_instance.casey.ip_address,
       walker_ip : vultr_instance.walker.main_ip,
       grimes_ip : vultr_instance.grimes.main_ip,
       decker_ip : linode_instance.decker.ip_address,

terraform/jakehoward.tech.tf

@@ -55,7 +55,7 @@ resource "cloudflare_record" "jakehowardtech_dkim_fm3" {
 resource "cloudflare_record" "jakehowardtech_wallabag" {
   zone_id = cloudflare_zone.jakehowardtech.id
   name    = "wallabag"
-  value   = vultr_instance.casey.main_ip
+  value   = linode_instance.casey.ip_address
   type    = "A"
   ttl     = 1
 }
@@ -63,7 +63,7 @@ resource "cloudflare_record" "jakehowardtech_wallabag" {
 resource "cloudflare_record" "jakehowardtech_ttrss" {
   zone_id = cloudflare_zone.jakehowardtech.id
   name    = "tt-rss"
-  value   = vultr_instance.casey.main_ip
+  value   = linode_instance.casey.ip_address
   type    = "A"
   ttl     = 1
 }
@@ -71,7 +71,7 @@ resource "cloudflare_record" "jakehowardtech_ttrss" {
 resource "cloudflare_record" "jakehowardtech_speed" {
   zone_id = cloudflare_zone.jakehowardtech.id
   name    = "speed"
-  value   = vultr_instance.casey.main_ip
+  value   = linode_instance.casey.ip_address
   type    = "A"
   ttl     = 1
 }
@@ -79,7 +79,7 @@ resource "cloudflare_record" "jakehowardtech_speed" {
 resource "cloudflare_record" "jakehowardtech_quassel" {
   zone_id = cloudflare_zone.jakehowardtech.id
   name    = "quassel"
-  value   = vultr_instance.casey.main_ip
+  value   = linode_instance.casey.ip_address
   type    = "A"
   ttl     = 1
 }
@@ -87,7 +87,7 @@ resource "cloudflare_record" "jakehowardtech_quassel" {
 resource "cloudflare_record" "jakehowardtech_media" {
   zone_id = cloudflare_zone.jakehowardtech.id
   name    = "media"
-  value   = vultr_instance.casey.main_ip
+  value   = linode_instance.casey.ip_address
   type    = "A"
   ttl     = 1
 }
@@ -95,7 +95,7 @@ resource "cloudflare_record" "jakehowardtech_media" {
 resource "cloudflare_record" "jakehowardtech_matrix" {
   zone_id = cloudflare_zone.jakehowardtech.id
   name    = "matrix"
-  value   = vultr_instance.casey.main_ip
+  value   = linode_instance.casey.ip_address
   type    = "A"
   ttl     = 1
 }
@@ -103,7 +103,7 @@ resource "cloudflare_record" "jakehowardtech_matrix" {
 resource "cloudflare_record" "jakehowardtech_intersect" {
   zone_id = cloudflare_zone.jakehowardtech.id
   name    = "intersect"
-  value   = vultr_instance.casey.main_ip
+  value   = linode_instance.casey.ip_address
   type    = "A"
   ttl     = 1
 }
@@ -111,7 +111,7 @@ resource "cloudflare_record" "jakehowardtech_intersect" {
 resource "cloudflare_record" "jakehowardtech_calibre" {
   zone_id = cloudflare_zone.jakehowardtech.id
   name    = "calibre"
-  value   = vultr_instance.casey.main_ip
+  value   = linode_instance.casey.ip_address
   type    = "A"
   ttl     = 1
 }
@@ -119,7 +119,7 @@ resource "cloudflare_record" "jakehowardtech_calibre" {
 resource "cloudflare_record" "jakehowardtech_homeassistant" {
   zone_id = cloudflare_zone.jakehowardtech.id
   name    = "homeassistant"
-  value   = vultr_instance.casey.main_ip
+  value   = linode_instance.casey.ip_address
   type    = "A"
   ttl     = 1
 }
@@ -127,7 +127,7 @@ resource "cloudflare_record" "jakehowardtech_homeassistant" {
 resource "cloudflare_record" "jakehowardtech_grafana" {
   zone_id = cloudflare_zone.jakehowardtech.id
   name    = "grafana"
-  value   = vultr_instance.casey.main_ip
+  value   = linode_instance.casey.ip_address
   type    = "A"
   ttl     = 1
 }
@@ -135,7 +135,7 @@ resource "cloudflare_record" "jakehowardtech_grafana" {
 resource "cloudflare_record" "jakehowardtech_vaultwarden" {
   zone_id = cloudflare_zone.jakehowardtech.id
   name    = "vaultwarden"
-  value   = vultr_instance.casey.main_ip
+  value   = linode_instance.casey.ip_address
   type    = "A"
   ttl     = 1
 }

terraform/sys_domains.tf

@@ -1,7 +1,7 @@
 resource "cloudflare_record" "sys_domain_casey" {
   zone_id = cloudflare_zone.theorangeonenet.id
   name    = "casey.sys"
-  value   = vultr_instance.casey.main_ip
+  value   = linode_instance.casey.ip_address
   type    = "A"
   ttl     = 1
 }

terraform/theorangeone.net.tf

@@ -5,7 +5,7 @@ resource "cloudflare_zone" "theorangeonenet" {
 resource "cloudflare_record" "theorangeonenet_git" {
   zone_id = cloudflare_zone.theorangeonenet.id
   name    = "git"
-  value   = vultr_instance.casey.main_ip
+  value   = linode_instance.casey.ip_address
   type    = "A"
   ttl     = 1
 }
@@ -13,7 +13,7 @@ resource "cloudflare_record" "theorangeonenet_git" {
 resource "cloudflare_record" "theorangeonenet_whoami" {
   zone_id = cloudflare_zone.theorangeonenet.id
   name    = "whoami"
-  value   = vultr_instance.casey.main_ip
+  value   = linode_instance.casey.ip_address
   type    = "A"
   ttl     = 1
 }
@@ -160,7 +160,7 @@ resource "cloudflare_record" "theorangeonenet_notes" {
 resource "cloudflare_record" "theorangeonenet_privatebin" {
   zone_id = cloudflare_zone.theorangeonenet.id
   name    = "bin"
-  value   = vultr_instance.casey.main_ip
+  value   = linode_instance.casey.ip_address
   type    = "A"
   ttl     = 1
 }