Compare commits
22 Commits
4e3ccf425a
...
4837602f67
| Author | SHA1 | Date |
|---|---|---|
 Renovate
|
4837602f67 | |
 Jake Howard
|
670ad78d44
|
|
|
Jake Howard
|
8929a22ce5
|
|
|
Jake Howard
|
ee96e6ab08
|
|
|
Jake Howard
|
ffbba254fb
|
|
|
Jake Howard
|
c472411801
|
|
|
Jake Howard
|
7564911da3
|
|
|
Jake Howard
|
7ff44ee238
|
|
|
Jake Howard
|
7c8d224c4a
|
|
|
Renovate
|
7bc0ebeb26 | |
|
Jake Howard
|
33f9c544fd
|
|
|
Jake Howard
|
b6583cc823
|
|
|
Jake Howard
|
9c02017fed
|
|
|
Renovate
|
91ec56717f | |
|
Renovate
|
3318656730 | |
|
Renovate
|
9d98d88089 | |
|
Renovate
|
c882e246ab | |
|
Renovate
|
67af033fcd | |
|
Renovate
|
cee3679504 | |
|
Renovate
|
5330fdc56f | |
|
Renovate
|
2e0b562f5d | |
|
Renovate
|
989a804bad |
|
|
@ -10,15 +10,15 @@ roles:
|
|||
- src: geerlingguy.docker
|
||||
version: 6.2.0
|
||||
- src: geerlingguy.ntp
|
||||
version: 2.3.3
|
||||
version: 2.4.0
|
||||
- src: realorangeone.reflector
|
||||
- src: ironicbadger.proxmox_nag_removal
|
||||
version: 1.0.2
|
||||
- src: ironicbadger.snapraid
|
||||
version: 1.0.0
|
||||
- src: dokku_bot.ansible_dokku
|
||||
version: v2022.10.17
|
||||
version: v2024.4.11
|
||||
- src: geerlingguy.certbot
|
||||
version: 5.1.0
|
||||
- src: artis3n.tailscale
|
||||
version: v4.4.2
|
||||
version: v4.4.4
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
pve_hosts:
|
||||
internal_cidr: 10.23.1.0/24
|
||||
internal_cidr_ipv6: fde3:15e9:e883::1/48
|
||||
pve:
|
||||
ip: 10.23.1.1
|
||||
external_ip: 192.168.2.200
|
||||
|
|
@ -7,17 +8,19 @@ pve_hosts:
|
|||
ip: 10.23.1.11
|
||||
forrest:
|
||||
ip: 10.23.1.13
|
||||
ipv6: fde3:15e9:e883::103
|
||||
jellyfin:
|
||||
ip: 10.23.1.101
|
||||
dokku:
|
||||
ip: 10.23.1.102
|
||||
docker:
|
||||
ip: 10.23.1.103
|
||||
ipv6: fde3:15e9:e883::203
|
||||
ingress:
|
||||
ip: 10.23.1.10
|
||||
external_ip: 192.168.2.201
|
||||
external_ipv6: "{{ vault_ingress_ipv6 }}"
|
||||
link_local: fe80::d4e4:22ff:fe8b:429d
|
||||
ipv6: fde3:15e9:e883::100
|
||||
homeassistant:
|
||||
ip: 192.168.2.203
|
||||
qbittorrent:
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ traefik_provider_jellyfin: true
|
|||
traefik_provider_homeassistant: true
|
||||
traefik_provider_grafana: true
|
||||
traefik_provider_dokku: true
|
||||
traefik_provider_uptime_kuma: true
|
||||
|
||||
with_fail2ban: true
|
||||
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@
|
|||
- fail2ban_ssh
|
||||
- restic
|
||||
- artis3n.tailscale
|
||||
- glinet_vpn
|
||||
|
||||
- hosts:
|
||||
- pve
|
||||
|
|
@ -95,7 +96,8 @@
|
|||
|
||||
- hosts: forrest
|
||||
roles:
|
||||
- forrest
|
||||
- prometheus
|
||||
- uptime_kuma
|
||||
- pve_nebula_route
|
||||
- pve_tailscale_route
|
||||
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ x-env: &env
|
|||
|
||||
services:
|
||||
server:
|
||||
image: ghcr.io/goauthentik/server:2023.10
|
||||
image: ghcr.io/goauthentik/server:2024.2
|
||||
restart: unless-stopped
|
||||
command: server
|
||||
user: "{{ docker_user.id }}"
|
||||
|
|
@ -44,7 +44,7 @@ services:
|
|||
- traefik
|
||||
|
||||
worker:
|
||||
image: ghcr.io/goauthentik/server:2023.10
|
||||
image: ghcr.io/goauthentik/server:2024.2
|
||||
restart: unless-stopped
|
||||
command: worker
|
||||
user: "{{ docker_user.id }}"
|
||||
|
|
|
|||
|
|
@ -4,4 +4,4 @@ bantime = 600
|
|||
findtime = 30
|
||||
maxretry = 5
|
||||
port = {{ ssh_port }},ssh
|
||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ tailscale_cidr }}
|
||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ pve_hosts.internal_cidr_ipv6 }},{{ tailscale_cidr }}
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ services:
|
|||
- docker_proxy
|
||||
|
||||
docker_proxy:
|
||||
image: tecnativa/docker-socket-proxy:latest
|
||||
image: lscr.io/linuxserver/socket-proxy:latest
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- POST=1
|
||||
|
|
|
|||
|
|
@ -6,9 +6,9 @@ maxretry = 100
|
|||
filter = nginx-tcp
|
||||
logpath = /var/log/nginx/ips.log
|
||||
port = http,https,8448
|
||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}
|
||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ pve_hosts.internal_cidr_ipv6 }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}
|
||||
|
||||
[traefik]
|
||||
enabled = true
|
||||
port = http,https,8448
|
||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}
|
||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ pve_hosts.internal_cidr_ipv6 }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,10 @@
|
|||
[Interface]
|
||||
Address = {{ client_cidr }}
|
||||
PrivateKey = {{ client_private_key }}
|
||||
|
||||
[Peer]
|
||||
PublicKey = {{ server_public_key }}
|
||||
Endpoint = {{ server_public_ip }}:53
|
||||
AllowedIPs = 0.0.0.0/0 ::/0
|
||||
|
||||
PersistentKeepalive = 25
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
[Interface]
|
||||
Address = {{ server_ip }}
|
||||
PrivateKey = {{ server_private_key }}
|
||||
ListenPort = 53
|
||||
|
||||
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
||||
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
|
||||
|
||||
PostUp = ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -A FORWARD -o %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
||||
PostDown = ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -D FORWARD -o %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
|
||||
|
||||
[Peer]
|
||||
PublicKey = {{ client_public_key }}
|
||||
AllowedIPs = {{ client_cidr }}
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
- name: restart wireguard
|
||||
service:
|
||||
name: wg-quick@glinet
|
||||
state: restarted
|
||||
become: true
|
||||
|
|
@ -0,0 +1,34 @@
|
|||
- name: Include vault
|
||||
include_vars: vault.yml
|
||||
|
||||
- name: Install wireguard tools
|
||||
package:
|
||||
name: "{{ item }}"
|
||||
become: true
|
||||
loop:
|
||||
- wireguard-tools
|
||||
- qrencode
|
||||
|
||||
- name: Wireguard server config
|
||||
template:
|
||||
src: files/server.conf
|
||||
dest: /etc/wireguard/glinet.conf
|
||||
mode: "0600"
|
||||
backup: true
|
||||
become: true
|
||||
notify: restart wireguard
|
||||
|
||||
- name: Wireguard client config
|
||||
template:
|
||||
src: files/client.conf
|
||||
dest: "{{ me.home }}/glinet-vpn.conf"
|
||||
mode: "0600"
|
||||
owner: "{{ me.user }}"
|
||||
become: true
|
||||
notify: restart wireguard
|
||||
|
||||
- name: Enable wireguard
|
||||
service:
|
||||
name: wg-quick@glinet
|
||||
enabled: true
|
||||
become: true
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
client_public_key: "{{ vault_client_public_key }}"
|
||||
client_private_key: "{{ vault_client_private_key }}"
|
||||
client_cidr: 10.23.4.2/24
|
||||
|
||||
server_public_key: "{{ vault_server_public_key }}"
|
||||
server_private_key: "{{ vault_server_private_key }}"
|
||||
server_public_ip: "{{ ansible_default_ipv4.address }}"
|
||||
server_ip: 10.23.4.1
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
35366163656631633636333937333238346539653236323463316333356637623263326436623130
|
||||
3333616234643935306337386165623734333265663237610a326538636532643835373137316333
|
||||
30363133343035353235616639613637353435303863393130396261623063633836383430326530
|
||||
3634313639353264310a393266313230646132656561393737363834646566313765633235343139
|
||||
36303834353039303134393061386634373735316135656564386464363863376265633239313037
|
||||
62616535313239353233376163343437303933346264323266386533336138656135663664356164
|
||||
65643262303436343164613133333361393438616234616566336131636461383538326130623264
|
||||
62313134386430636665646539306661383039323339373838346164653836326536386332616634
|
||||
34313331623166356137363131356130623863313339663938386138643538323666616239656662
|
||||
36313534323237306631663931633830346565616139313864333762356330643131343630653535
|
||||
62323939376163363436336633386433323435316535623462353138386430333332653966383262
|
||||
33636534346466326631333362343638616332633163623533613364326665376565643739666261
|
||||
34646533613133313034366636623134613336623134356562393335313337336336623634336633
|
||||
66623365353866396564386536386330353537383866616665373762306530356333643265326537
|
||||
38353138626331623433643636623130613766616638343034633536306232316133303133356463
|
||||
36616665643264396137336234316466306238303461363531653461623834376361653334326235
|
||||
31366530636565383062313562663639393534373737363465656538393266363936333136636161
|
||||
3239303565613865633433313237393932306632633633373261
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
{
|
||||
"tagOwners": {
|
||||
"tag:client": []
|
||||
|
||||
},
|
||||
"acls": [
|
||||
{
|
||||
"action": "accept",
|
||||
"src": ["tag:client"],
|
||||
"dst": ["*:*"]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
@ -188,7 +188,7 @@ log:
|
|||
# Path to a file containg ACL policies.
|
||||
# ACLs can be defined as YAML or HUJSON.
|
||||
# https://tailscale.com/kb/1018/acls/
|
||||
acl_policy_path: ""
|
||||
acl_policy_path: /etc/headscale/acls.json
|
||||
|
||||
## DNS
|
||||
#
|
||||
|
|
|
|||
|
|
@ -11,7 +11,16 @@
|
|||
src: files/headscale.yml
|
||||
dest: /etc/headscale/config.yaml
|
||||
owner: headscale
|
||||
mode: "0644"
|
||||
mode: "0600"
|
||||
notify: restart headscale
|
||||
become: true
|
||||
|
||||
- name: Install ACLs
|
||||
template:
|
||||
src: files/acls.json
|
||||
dest: /etc/headscale/acls.json
|
||||
owner: headscale
|
||||
mode: "0600"
|
||||
notify: restart headscale
|
||||
become: true
|
||||
|
||||
|
|
|
|||
|
|
@ -2,8 +2,6 @@ modules:
|
|||
http:
|
||||
prober: http
|
||||
timeout: 10s
|
||||
http:
|
||||
preferred_ip_protocol: ip4 # Docker network is v4 only
|
||||
|
||||
https_redir:
|
||||
prober: http
|
||||
|
|
@ -16,7 +14,6 @@ modules:
|
|||
fail_if_header_not_matches:
|
||||
- header: Location
|
||||
regexp: ^https
|
||||
preferred_ip_protocol: ip4 # Docker network is v4 only
|
||||
|
||||
icmp:
|
||||
prober: icmp
|
||||
|
|
@ -56,3 +56,5 @@ services:
|
|||
networks:
|
||||
grafana:
|
||||
external: true
|
||||
default:
|
||||
enable_ipv6: true
|
||||
|
|
@ -28,7 +28,7 @@
|
|||
- add
|
||||
- "{{ vps_hosts.private_ipv6_range }}"
|
||||
- via
|
||||
- "{{ pve_hosts.ingress.link_local }}"
|
||||
- "{{ pve_hosts.ingress.ipv6 }}"
|
||||
- dev
|
||||
- eth0
|
||||
become: true
|
||||
|
|
@ -19,7 +19,7 @@ $CONFIG = array (
|
|||
0 => 'intersect.jakehoward.tech',
|
||||
),
|
||||
'dbtype' => 'mysql',
|
||||
'version' => '28.0.2.5',
|
||||
'version' => '28.0.4.1',
|
||||
'overwrite.cli.url' => 'https://intersect.jakehoward.tech',
|
||||
'dbname' => 'nextcloud',
|
||||
'dbhost' => 'mariadb',
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ version: "2.3"
|
|||
|
||||
services:
|
||||
nextcloud:
|
||||
image: lscr.io/linuxserver/nextcloud:28.0.2
|
||||
image: lscr.io/linuxserver/nextcloud:28.0.4
|
||||
environment:
|
||||
- PUID={{ docker_user.id }}
|
||||
- PGID={{ docker_user.id }}
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ version: "2.3"
|
|||
services:
|
||||
|
||||
synapse:
|
||||
image: matrixdotorg/synapse:v1.101.0
|
||||
image: matrixdotorg/synapse:v1.104.0
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- SYNAPSE_CONFIG_PATH=/etc/homeserver.yaml
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ x-app: &app
|
|||
- TTRSS_DB_USER=tt-rss
|
||||
- TTRSS_DB_NAME=tt-rss
|
||||
- TTRSS_DB_PASS=tt-rss
|
||||
- TTRSS_SELF_URL_PATH=https://tt-rss.jakehoward.tech/tt-rss/
|
||||
- TTRSS_SELF_URL_PATH=https://tt-rss.jakehoward.tech
|
||||
- TTRSS_ENABLE_REGISTRATION=false
|
||||
- TTRSS_CHECK_FOR_UPDATES=false
|
||||
- TTRSS_ENABLE_GZIP_OUTPUT=true
|
||||
|
|
@ -16,6 +16,8 @@ x-app: &app
|
|||
- OWNER_GID={{ docker_user.id }}
|
||||
- PHP_WORKER_MAX_CHILDREN=50
|
||||
- PHP_WORKER_MEMORY_LIMIT=512M
|
||||
- APP_WEB_ROOT=/var/www/html/tt-rss
|
||||
- APP_BASE=
|
||||
volumes:
|
||||
- ./tt-rss:/var/www/html
|
||||
- "{{ app_data_dir }}/tt-rss/feed-icons:/var/www/html/tt-rss/feed-icons"
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ version: "2.3"
|
|||
|
||||
services:
|
||||
wallabag:
|
||||
image: wallabag/wallabag:2.6.8
|
||||
image: wallabag/wallabag:2.6.9
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- SYMFONY__ENV__SECRET={{ wallabag_secret }}
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ services:
|
|||
- ./redis:/data
|
||||
|
||||
docker_proxy:
|
||||
image: tecnativa/docker-socket-proxy:latest
|
||||
image: lscr.io/linuxserver/socket-proxy:latest
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- POST=1
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ version: "2.3"
|
|||
|
||||
services:
|
||||
tandoor:
|
||||
image: vabene1111/recipes:1.5.13
|
||||
image: vabene1111/recipes:latest
|
||||
environment:
|
||||
- TIMEZONE={{ timezone }}
|
||||
- DEBUG=0
|
||||
|
|
|
|||
|
|
@ -2,5 +2,6 @@ traefik_provider_jellyfin: false
|
|||
traefik_provider_homeassistant: false
|
||||
traefik_provider_grafana: false
|
||||
traefik_provider_dokku: false
|
||||
traefik_provider_uptime_kuma: false
|
||||
|
||||
with_fail2ban: false
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ version: "2.3"
|
|||
|
||||
services:
|
||||
traefik:
|
||||
image: traefik:v2.10
|
||||
image: traefik:v2.11
|
||||
user: "{{ docker_user.id }}"
|
||||
environment:
|
||||
- CF_DNS_API_TOKEN={{ vault_cloudflare_api_token }}
|
||||
|
|
@ -23,7 +23,7 @@ services:
|
|||
- proxy_private
|
||||
|
||||
docker_proxy:
|
||||
image: tecnativa/docker-socket-proxy:latest
|
||||
image: lscr.io/linuxserver/socket-proxy:latest
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- CONTAINERS=1
|
||||
|
|
|
|||
|
|
@ -6,5 +6,5 @@ maxretry = 5
|
|||
filter = traefik
|
||||
logpath = /tmp/traefik-logs/access.log
|
||||
port = http,https
|
||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}
|
||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ pve_hosts.internal_cidr_ipv6 }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}
|
||||
action = gateway
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ http:
|
|||
- "{{ tailscale_cidr }}"
|
||||
- "{{ tailscale_cidr_ipv6 }}"
|
||||
- "{{ pve_hosts.forrest.ip }}"
|
||||
- "{{ pve_hosts.forrest.ipv6 }}"
|
||||
|
||||
private-access:
|
||||
ipWhiteList:
|
||||
|
|
@ -23,3 +24,4 @@ http:
|
|||
- "{{ tailscale_cidr_ipv6 }}"
|
||||
- "{{ nebula.cidr }}"
|
||||
- "{{ pve_hosts.internal_cidr }}"
|
||||
- "{{ pve_hosts.internal_cidr_ipv6 }}"
|
||||
|
|
|
|||
|
|
@ -0,0 +1,10 @@
|
|||
http:
|
||||
routers:
|
||||
router-uptime-kuma:
|
||||
rule: Host(`uptime.jakehoward.tech`)
|
||||
service: service-uptime-kuma
|
||||
services:
|
||||
service-uptime-kuma:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: http://{{ pve_hosts.forrest.ip }}:3001
|
||||
|
|
@ -101,6 +101,16 @@
|
|||
when: traefik_provider_dokku
|
||||
become: true
|
||||
|
||||
- name: Install dokku provider
|
||||
template:
|
||||
src: files/file-provider-uptime-kuma.yml
|
||||
dest: /opt/traefik/traefik/conf/uptime-kuma.yml
|
||||
mode: "{{ docker_compose_file_mask }}"
|
||||
owner: "{{ docker_user.name }}"
|
||||
notify: restart traefik
|
||||
when: traefik_provider_uptime_kuma
|
||||
become: true
|
||||
|
||||
- name: logrotate config
|
||||
template:
|
||||
src: files/logrotate.conf
|
||||
|
|
|
|||
|
|
@ -0,0 +1,18 @@
|
|||
version: "2.3"
|
||||
|
||||
services:
|
||||
uptime-kuma:
|
||||
image: louislam/uptime-kuma:1.23.11-alpine
|
||||
environment:
|
||||
- TZ={{ timezone }}
|
||||
- PUID={{ docker_user.id }}
|
||||
- PGID={{ docker_user.id }}
|
||||
ports:
|
||||
- "{{ pve_hosts.forrest.ip }}:3001:3001"
|
||||
volumes:
|
||||
- "{{ app_data_dir }}/uptime-kuma:/app/data"
|
||||
restart: unless-stopped
|
||||
|
||||
networks:
|
||||
default:
|
||||
enable_ipv6: true
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
- name: restart uptime-kuma
|
||||
shell:
|
||||
chdir: /opt/uptime-kuma
|
||||
cmd: "{{ docker_update_command }}"
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
- name: Create install directory
|
||||
file:
|
||||
path: /opt/uptime-kuma
|
||||
state: directory
|
||||
owner: "{{ docker_user.name }}"
|
||||
mode: "{{ docker_compose_directory_mask }}"
|
||||
become: true
|
||||
|
||||
- name: Install compose file
|
||||
template:
|
||||
src: files/docker-compose.yml
|
||||
dest: /opt/uptime-kuma/docker-compose.yml
|
||||
mode: "{{ docker_compose_file_mask }}"
|
||||
owner: "{{ docker_user.name }}"
|
||||
validate: docker-compose -f %s config
|
||||
notify: restart uptime-kuma
|
||||
become: true
|
||||
|
|
@ -2,17 +2,17 @@
|
|||
# Manual edits may be lost in future updates.
|
||||
|
||||
provider "registry.terraform.io/backblaze/b2" {
|
||||
version = "0.8.7"
|
||||
constraints = "0.8.7"
|
||||
version = "0.8.9"
|
||||
constraints = "0.8.9"
|
||||
hashes = [
|
||||
"h1:00oWKpRLaWlwNwebBlsy4ZDN9dsYPZv6G3VoYxz5SSE=",
|
||||
"h1:GLJrlMQ3CxORGarOlpbdKNjfdVxwWF7D1Sa5Svtsi2Q=",
|
||||
"h1:R+Ota2rVe+KaYwJIrlVGgRxtTGgkqXgsMRApg6r/+5M=",
|
||||
"h1:hSsgVZdn6G7G8Zp03Ij9lLQYEQ0aWGy3j3loEsjkJMQ=",
|
||||
"zh:832081241cdf62ea27af5e9999c7c94bbec1816dc552c53da1caa8a2ff7b987f",
|
||||
"zh:c130917d8da3e85392fb3c8c7b2be3b2fd1d1eb5023993d33e3d0838e8375d05",
|
||||
"zh:f9f7dbf09d818c5a05570d73facaf0bb840c541de07439b0891381df4c75875a",
|
||||
"zh:fc142bb2370c541ae14ea4f8f8c5437efa07911a8c36be60820cba6671fa6c81",
|
||||
"h1:2I1FrwnkverfdRHyoCMHeoLJcWIdoLw0uSyvFJDj+40=",
|
||||
"h1:Gp0no9DUhxEAPPED0/AG8wSaaT6023dtA1Q8oIPmgz0=",
|
||||
"h1:N5oxkisGmkDIdAmncwcmcN5KilDdOG1kJu2+k0ARj80=",
|
||||
"h1:PSLTea0VOv61sttOED7lEvonSQuIik2CFDXyljVpeHU=",
|
||||
"zh:3534b7737d5d555187faec4db6abeb202a90559f2f68e569e48b0acbbdaabe9d",
|
||||
"zh:372e97f55308babb98e175e3464d7088c8182d649e899e3067bb042e655a62c8",
|
||||
"zh:59935a938882daccf93a76ddfdd24113aac7349e0ae555028f340acb211cbaff",
|
||||
"zh:da2d510b081ed9683acd201318f096ea6848843f325eaf8db555702244149532",
|
||||
]
|
||||
}
|
||||
|
||||
|
|
@ -52,22 +52,33 @@ provider "registry.terraform.io/cloudflare/cloudflare" {
|
|||
}
|
||||
|
||||
provider "registry.terraform.io/go-gandi/gandi" {
|
||||
version = "2.2.3"
|
||||
constraints = "2.2.3"
|
||||
version = "2.3.0"
|
||||
constraints = "2.3.0"
|
||||
hashes = [
|
||||
"h1:2SFGp4KWheP2bjuD0sIzbcuM91uSFiMVr2qYBRUJ7HU=",
|
||||
"zh:1059865208c4ce9a827d0e1fa09a74297476d064d5aebd598633b10036cdff5d",
|
||||
"zh:1e912145a1819fc7516353369332a41558a3c6e9edac8bdcc09aa8c2735d29e3",
|
||||
"zh:2977e335cb1df04baa200933679048a7b4151f48cbd551917abe45dc3b62f85d",
|
||||
"zh:4211fa55947c3b7841931a2f944fe02fa50d2dca5fe850113d7dc5713574c0de",
|
||||
"zh:509f2262f4d682504eb412eeb58968c23208ddab8ebd0b0371a9eb1332b57f33",
|
||||
"zh:784ee8dd57193dfcb38fe06fedc2931b02a887ce887744ce92b856f121d6fb50",
|
||||
"zh:81a9bcbae602d32d71fa8ff3b2140c3d86692736a4c3379ebcfa06c858fae549",
|
||||
"zh:9e296c6b33a4b3042c030a44368a45c95a531b7c6c369db30a7fd2e9503bb4d8",
|
||||
"zh:a030027413d3dc7695691917f328fecb9b15d6b9e0d72b35439534cc22abb782",
|
||||
"zh:a5019df0ce14c20483f397eef4e91d9f60ad78644acb3134130c4ebbc26059b5",
|
||||
"zh:d03f6bd478f2b57091f2e82dde17a4adfe0b423eaaa0f99c59838fc64dd965ab",
|
||||
"zh:e1b23742e9d98391fb84a4fad4e577ca2827bb25c40e310f3faaa3dcbde3a508",
|
||||
"h1:+QRivNRiQfXbOzSJwIKOmpqRLjfSbgGTVIot5HHaxzU=",
|
||||
"h1:9kqWL+eFk/ogrQSltL9zVqjMcOqbvs3EgIJEeyNPb8U=",
|
||||
"h1:Fv/rdRU74oVDL6Tmu63qNl3fUrlOfMVPUFeLaPfWAGY=",
|
||||
"h1:GC+kfSRx3FdF0dhh0LZrWXV+hLSFQd3cQ3mjQ3lBloU=",
|
||||
"h1:M6MNub0wFKc/2MKOns9uWsgkFEjqNx1oucz+wGemBRM=",
|
||||
"h1:Os/cyXb2LCyYLvaQ7inZPBdgjR7Ie5AsyIIHvYaMZB4=",
|
||||
"h1:PH6KI61eli5OL/aN3Oi7NV9qkNbjGLoOYjJK3gvULj4=",
|
||||
"h1:ZYWkA1hdIjQySftM5bWAQjiH50V5qMl9nJroYzCoqb0=",
|
||||
"h1:aRZN5KmJwfLJ+sSYo4xd6MHS2oNk3Zlk417md3e9ry0=",
|
||||
"h1:iTw/xbYXtScXLdhbjzF15Bf9wWu/r41ZertHYl9vDec=",
|
||||
"h1:q/JXh50l2WZKxRpVTXzWp7nToqaU4TXD883k6Xi+8Jk=",
|
||||
"h1:sSjatD9sHwGI8jJYF7Ps7BTBbmmCmLAdlUPDs3i/vQA=",
|
||||
"zh:0936d011cf75bb5162c6027d00575a586807adc9008f4152def157b6ad22bae9",
|
||||
"zh:2170e671f04d3346ea416fcc404be6d05f637eab7df77e289a6898a928885f0b",
|
||||
"zh:250329baae3cb09cfb88dd004d45f003ba76fbe7b8daf9d18fd640b93a2b7252",
|
||||
"zh:2ccd9f253424738ca5fbbcb2127bf3713c20e87bfb3829f8c4565569424fd0bd",
|
||||
"zh:3607b48bc4691cd209528f9ffe16a6cc666bd284b0d0bdfe8c4e1d538559a408",
|
||||
"zh:3bc1d2b770fe0f50027da59c405b2468d1322243235367014f75f765124f458d",
|
||||
"zh:6c8a9092847ee2e2890825432b54424c456638d494e49b7d1845f055214714f5",
|
||||
"zh:8e0b62a330876005d52bcd65d7b1d9a679a7ac79c626e0f86661519e8f9b5698",
|
||||
"zh:8f44f4d52583ff249e2001ea2a8b8841010489dd43e1a01a9ec3a6813d121c28",
|
||||
"zh:9a617927d4a3a2897ff10999a19a6d1f0ef634b8c6b8fc3be12cf53948cfd9cf",
|
||||
"zh:cab3c82c54e38e6001eed5b80a2d16b7824921f8f8b3909049e174c48e6e8804",
|
||||
"zh:f78cc685aa4ba5056ea53a7f8ce585f87a911f0a8a387a44a33d7dfb69db7663",
|
||||
]
|
||||
}
|
||||
|
||||
|
|
@ -127,37 +138,37 @@ provider "registry.terraform.io/hashicorp/local" {
|
|||
}
|
||||
|
||||
provider "registry.terraform.io/linode/linode" {
|
||||
version = "2.19.0"
|
||||
constraints = "2.19.0"
|
||||
version = "2.20.0"
|
||||
constraints = "2.20.0"
|
||||
hashes = [
|
||||
"h1:Aljt7dhW1XwtxDaGyc2gZ46eLAbjix7E1qYXxYqgbbU=",
|
||||
"h1:BN3Dom+rZ8Xy/rQsjut3Oa4ug7uKAT+0OHKls8902OU=",
|
||||
"h1:EQ7FeEVWKswJ3/ATDk0azs9jJ5Jm9Zgch/qmGPuOUMU=",
|
||||
"h1:Ffm15Iu1XjVFUVc3NpdIE0YjoZISVNOJPUKbOlYdSB8=",
|
||||
"h1:H3eY00bUbfpEJD3WSqtpJ7hCD+hmiXIo2wWenhxNW6o=",
|
||||
"h1:HpYbpJzogDdK8is1dsZvd0MxpRDaDqTzheKsT7GeEiI=",
|
||||
"h1:KKadsEER+BVuTGwh/BM1Kmy0jDOxiNQmYlJbTFsxtGU=",
|
||||
"h1:MFV2JG/DHGO0IdRIMi6e7RkLEJ4laaUD24QrUOKaMLk=",
|
||||
"h1:UJ+/KyZX5xKU+GOUslbIpQLih9vkEjIMjcElw19Hnqg=",
|
||||
"h1:UyWZ+cA6vcA7Uj2KM6AGOAjKYMlBXFVAtHitheHL6mY=",
|
||||
"h1:kRBXisxnnpMUMFEQrXHy3bL3lu7GvMJf32RgoYJg4C8=",
|
||||
"h1:m8CL3NIDWcuxiJTVFMkKWoOCV70gbRgKkjNv9AAhm6E=",
|
||||
"h1:qnj2eGbSlmsyLNti6Ya/I2Myy7Uy0/LLvkmNO8sSnDc=",
|
||||
"h1:vff9zjH2m2uRYiK5FAnAAWuESm99YGw7QOWsdSqAHIE=",
|
||||
"zh:0902b129119d4b2b5ad8b40796c73453efa4250af9c83ab110988b2786ddf077",
|
||||
"zh:2b953ecdf1dfeb66e5dbb420a6c16f944be37e8436062546d714928fd6c137da",
|
||||
"zh:336d750c34875ed04e30cd3e0b4ddfefbc3c4eec66ee81849d4becd6680c1b78",
|
||||
"zh:3403e1d1da78ef55e73c473d53d90af3025fbdf826ac30786b3082a8a96cde0d",
|
||||
"zh:3923876d57838f115f770e29ddc6113c634ecb5a0ef6745ecfdef265d606e48f",
|
||||
"zh:47f7e0bb0e01bc6e6dfd13a371dfab2df5d545fc37148d655fd2bb394b1102c6",
|
||||
"zh:59726409d8877d3336705fcd0fafc67b5d34de318340694c5f5546cc6c15e7c8",
|
||||
"zh:6711e4b6b5a6895a0429b7d91ac8a20c439bafa486782f5724ed30c696c81d99",
|
||||
"zh:728e75d6637e52f371ea316a9fc2c2e16b5cf154af58d5cddb656da3b8b87a9c",
|
||||
"zh:7be53e746828bbcc2533f418e33efa6cf4bad749f20c412d23222b52c77d7779",
|
||||
"zh:8647837eb549dec604399659b3fc5508749157b1b8cc3f98e09654279be7cd87",
|
||||
"zh:abc9cf0879b0318baa8bec61c0225235af0b7a8d4eb3dce0d82fcbbc75dcfc98",
|
||||
"zh:c6665a13be6231acf78dcbdbddad6e0cc27f4ec28716ca8946c15847568eeb4a",
|
||||
"zh:cf033cc78046bdf2a12873c53d5e4d7b6f0275b2d5e50cf17b3be8e5103bfe2e",
|
||||
"h1:6/o4LoVz52eWw2yxa1/Vhi8iBUoo9jK7HDBuTcaX30Y=",
|
||||
"h1:8LYKyN2DlXn1qmkY1XhodyM3GHzMZKt7F8ev1agQcVk=",
|
||||
"h1:8jkWRVdYws+9xfIwtvAjId6opsqF68gWvkan0UNmW9o=",
|
||||
"h1:Flghk8gw63R42l9cbMtChRmU3n74WvqNXwh+pKuqhFw=",
|
||||
"h1:OreqQcttXFzLkp/4ozOeLnrbJjUoUrlcVcTqh9uorSI=",
|
||||
"h1:PYIu5UNRhiVNZfSFKmUztA2ayh92V54iLfoEPsZubcI=",
|
||||
"h1:QXruhT9Ah4tjRpfexy3+o3vGsXVZcGvkuzZsyrK4P4c=",
|
||||
"h1:UUXMr/o7UQfbhKdUW9dAfAOfbC1Y3cwOZZORGfMZc24=",
|
||||
"h1:aZ9UaS3BabFgwpZMkaRfaveJ4Uw+NRhJJDiQ2Yl/CWA=",
|
||||
"h1:eZiXmPJ4gVsgAckjNDkpL9Voj4RPbfXXTBeVgxTLD/s=",
|
||||
"h1:fZdu/J4nChpOTXbnMzii9Y0lHZdPK+OKw2gQYHGGzNU=",
|
||||
"h1:k5B51NjPFG4tNoSwVy8e/5mJYlxBTJWi1t9uIOAm8JY=",
|
||||
"h1:nIy2MvYWgydmsXlnuUV2QG9PK+j0GVbePcxev6AyVd0=",
|
||||
"h1:rcbkGtAPQDQenU1oaG+E0lyUKrvR73X9Xva7E1lDW0Q=",
|
||||
"zh:116ab7c6096172745ba91b2ec46bb7a43647f6b674ed241087cb26db3361483c",
|
||||
"zh:1e35f3747586440473387a5730c0f68bf068810ca561b35dde8f2c0bebd2278d",
|
||||
"zh:290e342a9fa19747a82ac364967e82b979a50504c6f9dbcb9ddf926de2f4c4f7",
|
||||
"zh:58caa5475f63d7f3920117e81b3da2943f20bf16a23d48ce01a5eacd7bd18ced",
|
||||
"zh:5a0e923da975a83d10d0810afb0b329f617866bcfeac15a21d89b44816882f97",
|
||||
"zh:786292479f7ec5568c78bded3ea5410d3adff4df5023b5ea65ce338814de357d",
|
||||
"zh:9d89c5828fd7733e38b5181b7df294802c46e1b639482ec0ea028b7dbbbcd5ad",
|
||||
"zh:9f5ba60b6d99dcab3a3ab3ac65ac96baa23640a1c1cdeeb6682ca5bbac74127d",
|
||||
"zh:a408871c74e759dbacba6719db167152cf2dd4d02c98a34990b20d58d13f91b3",
|
||||
"zh:a97a0e0f760369d0a6ce44e5adb0c1d8c5a81912a864eea926d7bf78f6e53744",
|
||||
"zh:acc1ada03a0df90ebbd6110d16637d56ec7340f4695702a592e7ef6b90094c7a",
|
||||
"zh:b231b766cf81ac8d6237dfa95802497400a1997c0498036629b159818cb4680d",
|
||||
"zh:c9930f4768636418660f81e5fa4edd422ad8e92ad3e418c026448cfb12d236e7",
|
||||
"zh:cf4ea823de02a00cf57b9f51ac483c0ce0b0e450aeb3014722e57e602dc147ef",
|
||||
]
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -101,15 +101,6 @@ resource "linode_firewall" "casey" {
|
|||
ipv4 = ["0.0.0.0/0"]
|
||||
ipv6 = ["::/0"]
|
||||
}
|
||||
|
||||
inbound {
|
||||
label = "allow-inbound-tailscale"
|
||||
action = "ACCEPT"
|
||||
protocol = "UDP"
|
||||
ports = "41641"
|
||||
ipv4 = ["0.0.0.0/0"]
|
||||
ipv6 = ["::/0"]
|
||||
}
|
||||
}
|
||||
|
||||
resource "linode_rdns" "casey_reverse_ipv4" {
|
||||
|
|
|
|||
|
|
@ -261,6 +261,14 @@ resource "cloudflare_record" "jakehowardtech_slides" {
|
|||
ttl = 1
|
||||
}
|
||||
|
||||
resource "cloudflare_record" "jakehowardtech_uptime" {
|
||||
zone_id = cloudflare_zone.jakehowardtech.id
|
||||
name = "uptime"
|
||||
value = cloudflare_record.sys_domain_pve.hostname
|
||||
type = "CNAME"
|
||||
ttl = 1
|
||||
}
|
||||
|
||||
resource "cloudflare_record" "jakehowardtech_caa" {
|
||||
zone_id = cloudflare_zone.jakehowardtech.id
|
||||
name = "@"
|
||||
|
|
|
|||
|
|
@ -14,15 +14,15 @@ terraform {
|
|||
}
|
||||
linode = {
|
||||
source = "linode/linode"
|
||||
version = "2.19.0"
|
||||
version = "2.20.0"
|
||||
}
|
||||
gandi = {
|
||||
source = "go-gandi/gandi"
|
||||
version = "2.2.3"
|
||||
version = "2.3.0"
|
||||
}
|
||||
b2 = {
|
||||
source = "Backblaze/b2"
|
||||
version = "0.8.7"
|
||||
version = "0.8.9"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue