Compare commits
10 Commits
162b8ff7a7
...
8dfe64f199
Author | SHA1 | Date |
---|---|---|
Renovate | 8dfe64f199 | |
Renovate | 6c8cab3ce7 | |
Jake Howard | 670ad78d44 | |
Jake Howard | 8929a22ce5 | |
Jake Howard | ee96e6ab08 | |
Jake Howard | ffbba254fb | |
Jake Howard | c472411801 | |
Jake Howard | 7564911da3 | |
Jake Howard | 7ff44ee238 | |
Jake Howard | 7c8d224c4a |
|
@ -1,5 +1,6 @@
|
|||
pve_hosts:
|
||||
internal_cidr: 10.23.1.0/24
|
||||
internal_cidr_ipv6: fde3:15e9:e883::1/48
|
||||
pve:
|
||||
ip: 10.23.1.1
|
||||
external_ip: 192.168.2.200
|
||||
|
@ -7,17 +8,19 @@ pve_hosts:
|
|||
ip: 10.23.1.11
|
||||
forrest:
|
||||
ip: 10.23.1.13
|
||||
ipv6: fde3:15e9:e883::103
|
||||
jellyfin:
|
||||
ip: 10.23.1.101
|
||||
dokku:
|
||||
ip: 10.23.1.102
|
||||
docker:
|
||||
ip: 10.23.1.103
|
||||
ipv6: fde3:15e9:e883::203
|
||||
ingress:
|
||||
ip: 10.23.1.10
|
||||
external_ip: 192.168.2.201
|
||||
external_ipv6: "{{ vault_ingress_ipv6 }}"
|
||||
link_local: fe80::d4e4:22ff:fe8b:429d
|
||||
ipv6: fde3:15e9:e883::100
|
||||
homeassistant:
|
||||
ip: 192.168.2.203
|
||||
qbittorrent:
|
||||
|
|
|
@ -4,6 +4,7 @@ traefik_provider_jellyfin: true
|
|||
traefik_provider_homeassistant: true
|
||||
traefik_provider_grafana: true
|
||||
traefik_provider_dokku: true
|
||||
traefik_provider_uptime_kuma: true
|
||||
|
||||
with_fail2ban: true
|
||||
|
||||
|
|
|
@ -17,6 +17,7 @@
|
|||
- fail2ban_ssh
|
||||
- restic
|
||||
- artis3n.tailscale
|
||||
- glinet_vpn
|
||||
|
||||
- hosts:
|
||||
- pve
|
||||
|
@ -95,7 +96,8 @@
|
|||
|
||||
- hosts: forrest
|
||||
roles:
|
||||
- forrest
|
||||
- prometheus
|
||||
- uptime_kuma
|
||||
- pve_nebula_route
|
||||
- pve_tailscale_route
|
||||
|
||||
|
|
|
@ -4,4 +4,4 @@ bantime = 600
|
|||
findtime = 30
|
||||
maxretry = 5
|
||||
port = {{ ssh_port }},ssh
|
||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ tailscale_cidr }}
|
||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ pve_hosts.internal_cidr_ipv6 }},{{ tailscale_cidr }}
|
||||
|
|
|
@ -13,7 +13,7 @@ services:
|
|||
- docker_proxy
|
||||
|
||||
docker_proxy:
|
||||
image: tecnativa/docker-socket-proxy:latest
|
||||
image: lscr.io/linuxserver/socket-proxy:latest
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- POST=1
|
||||
|
|
|
@ -6,9 +6,9 @@ maxretry = 100
|
|||
filter = nginx-tcp
|
||||
logpath = /var/log/nginx/ips.log
|
||||
port = http,https,8448
|
||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}
|
||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ pve_hosts.internal_cidr_ipv6 }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}
|
||||
|
||||
[traefik]
|
||||
enabled = true
|
||||
port = http,https,8448
|
||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}
|
||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ pve_hosts.internal_cidr_ipv6 }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
[Interface]
|
||||
Address = {{ client_cidr }}
|
||||
PrivateKey = {{ client_private_key }}
|
||||
|
||||
[Peer]
|
||||
PublicKey = {{ server_public_key }}
|
||||
Endpoint = {{ server_public_ip }}:53
|
||||
AllowedIPs = 0.0.0.0/0 ::/0
|
||||
|
||||
PersistentKeepalive = 25
|
|
@ -0,0 +1,14 @@
|
|||
[Interface]
|
||||
Address = {{ server_ip }}
|
||||
PrivateKey = {{ server_private_key }}
|
||||
ListenPort = 53
|
||||
|
||||
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
||||
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
|
||||
|
||||
PostUp = ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -A FORWARD -o %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
||||
PostDown = ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -D FORWARD -o %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
|
||||
|
||||
[Peer]
|
||||
PublicKey = {{ client_public_key }}
|
||||
AllowedIPs = {{ client_cidr }}
|
|
@ -0,0 +1,5 @@
|
|||
- name: restart wireguard
|
||||
service:
|
||||
name: wg-quick@glinet
|
||||
state: restarted
|
||||
become: true
|
|
@ -0,0 +1,34 @@
|
|||
- name: Include vault
|
||||
include_vars: vault.yml
|
||||
|
||||
- name: Install wireguard tools
|
||||
package:
|
||||
name: "{{ item }}"
|
||||
become: true
|
||||
loop:
|
||||
- wireguard-tools
|
||||
- qrencode
|
||||
|
||||
- name: Wireguard server config
|
||||
template:
|
||||
src: files/server.conf
|
||||
dest: /etc/wireguard/glinet.conf
|
||||
mode: "0600"
|
||||
backup: true
|
||||
become: true
|
||||
notify: restart wireguard
|
||||
|
||||
- name: Wireguard client config
|
||||
template:
|
||||
src: files/client.conf
|
||||
dest: "{{ me.home }}/glinet-vpn.conf"
|
||||
mode: "0600"
|
||||
owner: "{{ me.user }}"
|
||||
become: true
|
||||
notify: restart wireguard
|
||||
|
||||
- name: Enable wireguard
|
||||
service:
|
||||
name: wg-quick@glinet
|
||||
enabled: true
|
||||
become: true
|
|
@ -0,0 +1,8 @@
|
|||
client_public_key: "{{ vault_client_public_key }}"
|
||||
client_private_key: "{{ vault_client_private_key }}"
|
||||
client_cidr: 10.23.4.2/24
|
||||
|
||||
server_public_key: "{{ vault_server_public_key }}"
|
||||
server_private_key: "{{ vault_server_private_key }}"
|
||||
server_public_ip: "{{ ansible_default_ipv4.address }}"
|
||||
server_ip: 10.23.4.1
|
|
@ -0,0 +1,19 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
35366163656631633636333937333238346539653236323463316333356637623263326436623130
|
||||
3333616234643935306337386165623734333265663237610a326538636532643835373137316333
|
||||
30363133343035353235616639613637353435303863393130396261623063633836383430326530
|
||||
3634313639353264310a393266313230646132656561393737363834646566313765633235343139
|
||||
36303834353039303134393061386634373735316135656564386464363863376265633239313037
|
||||
62616535313239353233376163343437303933346264323266386533336138656135663664356164
|
||||
65643262303436343164613133333361393438616234616566336131636461383538326130623264
|
||||
62313134386430636665646539306661383039323339373838346164653836326536386332616634
|
||||
34313331623166356137363131356130623863313339663938386138643538323666616239656662
|
||||
36313534323237306631663931633830346565616139313864333762356330643131343630653535
|
||||
62323939376163363436336633386433323435316535623462353138386430333332653966383262
|
||||
33636534346466326631333362343638616332633163623533613364326665376565643739666261
|
||||
34646533613133313034366636623134613336623134356562393335313337336336623634336633
|
||||
66623365353866396564386536386330353537383866616665373762306530356333643265326537
|
||||
38353138626331623433643636623130613766616638343034633536306232316133303133356463
|
||||
36616665643264396137336234316466306238303461363531653461623834376361653334326235
|
||||
31366530636565383062313562663639393534373737363465656538393266363936333136636161
|
||||
3239303565613865633433313237393932306632633633373261
|
|
@ -0,0 +1,13 @@
|
|||
{
|
||||
"tagOwners": {
|
||||
"tag:client": []
|
||||
|
||||
},
|
||||
"acls": [
|
||||
{
|
||||
"action": "accept",
|
||||
"src": ["tag:client"],
|
||||
"dst": ["*:*"]
|
||||
}
|
||||
]
|
||||
}
|
|
@ -188,7 +188,7 @@ log:
|
|||
# Path to a file containg ACL policies.
|
||||
# ACLs can be defined as YAML or HUJSON.
|
||||
# https://tailscale.com/kb/1018/acls/
|
||||
acl_policy_path: ""
|
||||
acl_policy_path: /etc/headscale/acls.json
|
||||
|
||||
## DNS
|
||||
#
|
||||
|
|
|
@ -11,7 +11,16 @@
|
|||
src: files/headscale.yml
|
||||
dest: /etc/headscale/config.yaml
|
||||
owner: headscale
|
||||
mode: "0644"
|
||||
mode: "0600"
|
||||
notify: restart headscale
|
||||
become: true
|
||||
|
||||
- name: Install ACLs
|
||||
template:
|
||||
src: files/acls.json
|
||||
dest: /etc/headscale/acls.json
|
||||
owner: headscale
|
||||
mode: "0600"
|
||||
notify: restart headscale
|
||||
become: true
|
||||
|
||||
|
|
|
@ -2,8 +2,6 @@ modules:
|
|||
http:
|
||||
prober: http
|
||||
timeout: 10s
|
||||
http:
|
||||
preferred_ip_protocol: ip4 # Docker network is v4 only
|
||||
|
||||
https_redir:
|
||||
prober: http
|
||||
|
@ -16,7 +14,6 @@ modules:
|
|||
fail_if_header_not_matches:
|
||||
- header: Location
|
||||
regexp: ^https
|
||||
preferred_ip_protocol: ip4 # Docker network is v4 only
|
||||
|
||||
icmp:
|
||||
prober: icmp
|
|
@ -56,3 +56,5 @@ services:
|
|||
networks:
|
||||
grafana:
|
||||
external: true
|
||||
default:
|
||||
enable_ipv6: true
|
|
@ -28,7 +28,7 @@
|
|||
- add
|
||||
- "{{ vps_hosts.private_ipv6_range }}"
|
||||
- via
|
||||
- "{{ pve_hosts.ingress.link_local }}"
|
||||
- "{{ pve_hosts.ingress.ipv6 }}"
|
||||
- dev
|
||||
- eth0
|
||||
become: true
|
|
@ -25,7 +25,7 @@ services:
|
|||
- ./redis:/data
|
||||
|
||||
docker_proxy:
|
||||
image: tecnativa/docker-socket-proxy:latest
|
||||
image: lscr.io/linuxserver/socket-proxy:latest
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- POST=1
|
||||
|
|
|
@ -2,5 +2,6 @@ traefik_provider_jellyfin: false
|
|||
traefik_provider_homeassistant: false
|
||||
traefik_provider_grafana: false
|
||||
traefik_provider_dokku: false
|
||||
traefik_provider_uptime_kuma: false
|
||||
|
||||
with_fail2ban: false
|
||||
|
|
|
@ -23,7 +23,7 @@ services:
|
|||
- proxy_private
|
||||
|
||||
docker_proxy:
|
||||
image: tecnativa/docker-socket-proxy:latest
|
||||
image: lscr.io/linuxserver/socket-proxy:latest
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- CONTAINERS=1
|
||||
|
|
|
@ -6,5 +6,5 @@ maxretry = 5
|
|||
filter = traefik
|
||||
logpath = /tmp/traefik-logs/access.log
|
||||
port = http,https
|
||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}
|
||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ pve_hosts.internal_cidr_ipv6 }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}
|
||||
action = gateway
|
||||
|
|
|
@ -15,6 +15,7 @@ http:
|
|||
- "{{ tailscale_cidr }}"
|
||||
- "{{ tailscale_cidr_ipv6 }}"
|
||||
- "{{ pve_hosts.forrest.ip }}"
|
||||
- "{{ pve_hosts.forrest.ipv6 }}"
|
||||
|
||||
private-access:
|
||||
ipWhiteList:
|
||||
|
@ -23,3 +24,4 @@ http:
|
|||
- "{{ tailscale_cidr_ipv6 }}"
|
||||
- "{{ nebula.cidr }}"
|
||||
- "{{ pve_hosts.internal_cidr }}"
|
||||
- "{{ pve_hosts.internal_cidr_ipv6 }}"
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
http:
|
||||
routers:
|
||||
router-uptime-kuma:
|
||||
rule: Host(`uptime.jakehoward.tech`)
|
||||
service: service-uptime-kuma
|
||||
services:
|
||||
service-uptime-kuma:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: http://{{ pve_hosts.forrest.ip }}:3001
|
|
@ -101,6 +101,16 @@
|
|||
when: traefik_provider_dokku
|
||||
become: true
|
||||
|
||||
- name: Install dokku provider
|
||||
template:
|
||||
src: files/file-provider-uptime-kuma.yml
|
||||
dest: /opt/traefik/traefik/conf/uptime-kuma.yml
|
||||
mode: "{{ docker_compose_file_mask }}"
|
||||
owner: "{{ docker_user.name }}"
|
||||
notify: restart traefik
|
||||
when: traefik_provider_uptime_kuma
|
||||
become: true
|
||||
|
||||
- name: logrotate config
|
||||
template:
|
||||
src: files/logrotate.conf
|
||||
|
|
|
@ -0,0 +1,18 @@
|
|||
version: "2.3"
|
||||
|
||||
services:
|
||||
uptime-kuma:
|
||||
image: louislam/uptime-kuma:1.23.13-alpine
|
||||
environment:
|
||||
- TZ={{ timezone }}
|
||||
- PUID={{ docker_user.id }}
|
||||
- PGID={{ docker_user.id }}
|
||||
ports:
|
||||
- "{{ pve_hosts.forrest.ip }}:3001:3001"
|
||||
volumes:
|
||||
- "{{ app_data_dir }}/uptime-kuma:/app/data"
|
||||
restart: unless-stopped
|
||||
|
||||
networks:
|
||||
default:
|
||||
enable_ipv6: true
|
|
@ -0,0 +1,4 @@
|
|||
- name: restart uptime-kuma
|
||||
shell:
|
||||
chdir: /opt/uptime-kuma
|
||||
cmd: "{{ docker_update_command }}"
|
|
@ -0,0 +1,17 @@
|
|||
- name: Create install directory
|
||||
file:
|
||||
path: /opt/uptime-kuma
|
||||
state: directory
|
||||
owner: "{{ docker_user.name }}"
|
||||
mode: "{{ docker_compose_directory_mask }}"
|
||||
become: true
|
||||
|
||||
- name: Install compose file
|
||||
template:
|
||||
src: files/docker-compose.yml
|
||||
dest: /opt/uptime-kuma/docker-compose.yml
|
||||
mode: "{{ docker_compose_file_mask }}"
|
||||
owner: "{{ docker_user.name }}"
|
||||
validate: docker-compose -f %s config
|
||||
notify: restart uptime-kuma
|
||||
become: true
|
|
@ -83,38 +83,38 @@ provider "registry.terraform.io/go-gandi/gandi" {
|
|||
}
|
||||
|
||||
provider "registry.terraform.io/hashicorp/aws" {
|
||||
version = "5.46.0"
|
||||
constraints = "5.46.0"
|
||||
version = "5.47.0"
|
||||
constraints = "5.47.0"
|
||||
hashes = [
|
||||
"h1:5ZKYRgMGtlJmD1/6RZJdFARanH794PWc/s6nSwkFQaI=",
|
||||
"h1:7Ezs9Mc4Q9E+2mnGmsKy83Xgb+hR1vJ3vKYpbh7CNa8=",
|
||||
"h1:8A5GryYhkksQpyFMzFRf9r5sGQGjutgl1pVzVNdN/R0=",
|
||||
"h1:9sAksRRzhp/6+DETkVHYLQkBZHphLhwy5wOUVgMyjhk=",
|
||||
"h1:A9U3NAZnik9PWuJCMzSFFm1x2ogFkiVSyFu+cSNjnq8=",
|
||||
"h1:GK1y1qAGcPHPZxz01Ko6v+815T7kZPXt6POBsLg9c/k=",
|
||||
"h1:LsxgUPEX80bd4+2hj5y+jeK3kMSzFeu4qdVLF/9I6m0=",
|
||||
"h1:YRVTvSucPHiuLbtUvkbjka1hULwe/2gtuknZKZwXyZo=",
|
||||
"h1:bGEG0vS4seLpWWXVPnOqjhD1s6hkZB7etQIwOSSd00U=",
|
||||
"h1:d0Mf33mbbQujZ/JaYkqmH5gZGvP+iEIWf9yBSiOwimE=",
|
||||
"h1:gagAtniijwJRhsKRBWWZfmnPiqu4u1A5oI626+KA/1g=",
|
||||
"h1:j0qG09doLdsct8rFSlPFVYHFVWL5H7+8j9PPJNDPfb0=",
|
||||
"h1:t2QzxmqmIE5ZhEzmYqiB/i9tUarkx7yXohCQGCwimwY=",
|
||||
"h1:z5z80MeL9wrHfVmfikGPwiXGcDM0nhOtL9EdF+PogUI=",
|
||||
"zh:05ae6180a7f23071435f6e5e59c19af0b6c5da42ee600c6c1568c8660214d548",
|
||||
"zh:0d878d1565d5e57ce6b34ec5f04b28662044a50c999ec5770c374aa1f1020de2",
|
||||
"zh:25ef1467af2514d8011c44759307445f7057836ff87dfe4503c3e1c9776d5c1a",
|
||||
"zh:26c006df6200f0063b827aab05bec94f9f3f77848e82ed72e48a51d1170d1961",
|
||||
"zh:37cdf4292649a10f12858622826925e18ad4eca354c31f61d02c66895eb91274",
|
||||
"zh:4315b0433c2fc512666c74e989e2d95240934ef370bea1c690d36cb02d30c4ce",
|
||||
"zh:75df0b3f631b78aeff1832cc77d99b527c2a5e79d40f7aac40bdc4a66124dac2",
|
||||
"zh:90693d936c9a556d2bf945de4920ff82052002eb73139bd7164fafd02920f0ef",
|
||||
"h1:+/rfprjxG2nw+dBckcNAjnVplMI6iZRP5W5Rp/QuOOI=",
|
||||
"h1:49aEnvHJ/M8BRGAXKzU6W3zSbf7HgIrjXkXjC5DGEWY=",
|
||||
"h1:GZQJi9mfuKBkN5MCba5nHSG3kAJJf7OoxQcFgIpuPCw=",
|
||||
"h1:Hgmp83b9O0IWM6fZe24mG68qLqADc+zJWr9j1k0Y0yo=",
|
||||
"h1:QCSiGZUoSBrE6cKEfNgYMeWzMFKzhSxZm9+0LsFFgy8=",
|
||||
"h1:T0tupfn2Ubj18Y7xmO0pFMvti1Qns2K6EGXenR6Hg30=",
|
||||
"h1:YwFs04Ji9DNgFPsPzcI063GaAHSGWAjwza4hmRJ4/4s=",
|
||||
"h1:bCETSNoRRe780zsdTWW86HvDl2ZU/YSAcI1Aazk5sI8=",
|
||||
"h1:bZEm2TDCM7jmpNXK6QOWsT1YU8GiGGQaraUvwO887U8=",
|
||||
"h1:omGP1+g5q6PzAZp6+iOtphnpOkw30kN1M4ep8OyqHvY=",
|
||||
"h1:s3E1+BOjrtwcqDVWB0XKiM/sPQA5hCPK1DUvfz72eK4=",
|
||||
"h1:tz5Qe3Jcnjnx8HrjI8JnfWxE+qxBU5n5xtZ5Xnd3CJI=",
|
||||
"h1:wL18wmuA6Isu5XOtA8maC47FpHzcSKs0+FcTBghCx8Y=",
|
||||
"h1:ziBVN+ogKy/r9gcTz0A93axxRZ2YD6Aaf5KPN5TYFUE=",
|
||||
"zh:06037a14e47e8f82d0b3b326cd188566272b808b7970a9249a11db26d475b83d",
|
||||
"zh:116b7dd58ca964a1056249d2b6550f399b0a6bc9a7920b7ee134242114432c9f",
|
||||
"zh:1aa089c81459071c1d65ba7454f1122159e1fa1b5384e6e9ef85c8264f8a9ecb",
|
||||
"zh:2c1471acba40c4944aa88dda761093c0c969db6408bdc1a4fb62417788cd6bb6",
|
||||
"zh:3b950bea06ea4bf1ec359a97a4f1745b7efca7fc2da368843666020dd0ebc5d4",
|
||||
"zh:7191c5c2fce834d584153dcd5269ed3042437f224d341ad85df06b2247bd09b2",
|
||||
"zh:76d841b3f247f9bb3899dec3b4d871613a4ae8a83a581a827655d34b1bbee0ee",
|
||||
"zh:7c656ce252fafc2c915dad43a0a7da17dba975207d75841a02f3f2b92d51ec25",
|
||||
"zh:8ec97118cbdef64139c52b719e4e22443e67a1f37ea1597cd45b2e9b97332a35",
|
||||
"zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
|
||||
"zh:c9177ad09804c60fd2ed25950570407b6bdcdf0fcc309e1673b584f06a827fae",
|
||||
"zh:ca8e8db24a4d62d92afd8d3d383b81a08693acac191a2e0a110fb46deeff56a3",
|
||||
"zh:d5fa3a36e13957d63bfe9bbd6df0426a2422214403aac9f20b60c36f8d9ebec6",
|
||||
"zh:e4ede44a112296c9cc77b15e439e41ee15c0e8b3a0dec94ae34df5ebba840e8b",
|
||||
"zh:f2d4de8d8cde69caffede1544ebea74e69fcc4552e1b79ae053519a05c060706",
|
||||
"zh:fc19e9266b1841d4a3aeefa8a5b5ad6988baed6540f85a373b6c2d0dc1ca5830",
|
||||
"zh:a369deca7938236a7da59f7ad1fe18137f736764c9015ed10e88edb6e8505980",
|
||||
"zh:a743882fb099401eae0c86d9388a6faadbbc27b2ac9477aeef643e5de4eec3f9",
|
||||
"zh:d5f960f58aff06fc58e244fea6e665800384cacb8cd64a556f8e145b98650372",
|
||||
"zh:e31ffcfd560132ffbff2f574928ba392e663202a750750ed39a8950031b75623",
|
||||
"zh:ebd9061b92a772144564f35a63d5a08cb45e14a9d39294fda185f2e0de9c8e28",
|
||||
]
|
||||
}
|
||||
|
||||
|
|
|
@ -101,15 +101,6 @@ resource "linode_firewall" "casey" {
|
|||
ipv4 = ["0.0.0.0/0"]
|
||||
ipv6 = ["::/0"]
|
||||
}
|
||||
|
||||
inbound {
|
||||
label = "allow-inbound-tailscale"
|
||||
action = "ACCEPT"
|
||||
protocol = "UDP"
|
||||
ports = "41641"
|
||||
ipv4 = ["0.0.0.0/0"]
|
||||
ipv6 = ["::/0"]
|
||||
}
|
||||
}
|
||||
|
||||
resource "linode_rdns" "casey_reverse_ipv4" {
|
||||
|
|
|
@ -261,6 +261,14 @@ resource "cloudflare_record" "jakehowardtech_slides" {
|
|||
ttl = 1
|
||||
}
|
||||
|
||||
resource "cloudflare_record" "jakehowardtech_uptime" {
|
||||
zone_id = cloudflare_zone.jakehowardtech.id
|
||||
name = "uptime"
|
||||
value = cloudflare_record.sys_domain_pve.hostname
|
||||
type = "CNAME"
|
||||
ttl = 1
|
||||
}
|
||||
|
||||
resource "cloudflare_record" "jakehowardtech_caa" {
|
||||
zone_id = cloudflare_zone.jakehowardtech.id
|
||||
name = "@"
|
||||
|
|
|
@ -10,7 +10,7 @@ terraform {
|
|||
}
|
||||
aws = {
|
||||
source = "hashicorp/aws"
|
||||
version = "5.46.0"
|
||||
version = "5.47.0"
|
||||
}
|
||||
linode = {
|
||||
source = "linode/linode"
|
||||
|
|
Loading…
Reference in New Issue