Browse Source

feat: move to terraform for managing services

pull/3/head
Karan Sharma 1 year ago
parent
commit
6ce3797919
  1. 34
      digitalocean-infra/main.tf
  2. 12
      digitalocean-infra/outputs.tf
  3. 0
      floyd/ansible/Makefile
  4. 9
      floyd/ansible/README.md
  5. 7
      floyd/ansible/ansible.cfg
  6. 0
      floyd/ansible/inventory.sample
  7. 16
      floyd/ansible/playbook.yml
  8. 7
      floyd/ansible/roles/bootstrap-node/handlers/main.yml
  9. 1
      floyd/ansible/roles/bootstrap-node/tasks/apt.yml
  10. 0
      floyd/ansible/roles/bootstrap-node/tasks/hostname.yml
  11. 0
      floyd/ansible/roles/bootstrap-node/tasks/locale.yml
  12. 12
      floyd/ansible/roles/bootstrap-node/tasks/main.yml
  13. 0
      floyd/ansible/roles/bootstrap-node/tasks/node-exporter.yml
  14. 0
      floyd/ansible/roles/bootstrap-node/tasks/ssh.yml
  15. 0
      floyd/ansible/roles/bootstrap-node/tasks/timezone.yml
  16. 2
      floyd/ansible/roles/bootstrap-node/tasks/user.yml
  17. 0
      floyd/ansible/roles/bootstrap-node/templates/ssh-banner.j2
  18. 0
      floyd/ansible/roles/bootstrap-node/vars/main.yml
  19. 0
      floyd/ansible/roles/gantsign.antigen/.editorconfig
  20. 0
      floyd/ansible/roles/gantsign.antigen/.gitattributes
  21. 0
      floyd/ansible/roles/gantsign.antigen/.gitignore
  22. 0
      floyd/ansible/roles/gantsign.antigen/.moleculew/ansible_version
  23. 0
      floyd/ansible/roles/gantsign.antigen/.moleculew/docker_lib_version
  24. 0
      floyd/ansible/roles/gantsign.antigen/.moleculew/molecule_version
  25. 0
      floyd/ansible/roles/gantsign.antigen/.moleculew/python_version
  26. 0
      floyd/ansible/roles/gantsign.antigen/.travis.yml
  27. 0
      floyd/ansible/roles/gantsign.antigen/.yamllint
  28. 0
      floyd/ansible/roles/gantsign.antigen/LICENSE
  29. 0
      floyd/ansible/roles/gantsign.antigen/README.md
  30. 0
      floyd/ansible/roles/gantsign.antigen/defaults/main.yml
  31. 0
      floyd/ansible/roles/gantsign.antigen/handlers/main.yml
  32. 0
      floyd/ansible/roles/gantsign.antigen/meta/.galaxy_install_info
  33. 0
      floyd/ansible/roles/gantsign.antigen/meta/main.yml
  34. 0
      floyd/ansible/roles/gantsign.antigen/molecule/centos/Dockerfile.j2
  35. 0
      floyd/ansible/roles/gantsign.antigen/molecule/centos/INSTALL.rst
  36. 0
      floyd/ansible/roles/gantsign.antigen/molecule/centos/molecule.yml
  37. 0
      floyd/ansible/roles/gantsign.antigen/molecule/debian_max/Dockerfile.j2
  38. 0
      floyd/ansible/roles/gantsign.antigen/molecule/debian_max/INSTALL.rst
  39. 0
      floyd/ansible/roles/gantsign.antigen/molecule/debian_max/molecule.yml
  40. 0
      floyd/ansible/roles/gantsign.antigen/molecule/debian_min/Dockerfile.j2
  41. 0
      floyd/ansible/roles/gantsign.antigen/molecule/debian_min/INSTALL.rst
  42. 0
      floyd/ansible/roles/gantsign.antigen/molecule/debian_min/molecule.yml
  43. 0
      floyd/ansible/roles/gantsign.antigen/molecule/default/Dockerfile.j2
  44. 0
      floyd/ansible/roles/gantsign.antigen/molecule/default/INSTALL.rst
  45. 0
      floyd/ansible/roles/gantsign.antigen/molecule/default/molecule.yml
  46. 0
      floyd/ansible/roles/gantsign.antigen/molecule/default/playbook.yml
  47. 0
      floyd/ansible/roles/gantsign.antigen/molecule/default/tests/console-setup.sh
  48. 0
      floyd/ansible/roles/gantsign.antigen/molecule/default/tests/test_role.py
  49. 0
      floyd/ansible/roles/gantsign.antigen/molecule/fedora/Dockerfile.j2
  50. 0
      floyd/ansible/roles/gantsign.antigen/molecule/fedora/INSTALL.rst
  51. 0
      floyd/ansible/roles/gantsign.antigen/molecule/fedora/molecule.yml
  52. 0
      floyd/ansible/roles/gantsign.antigen/molecule/opensuse/Dockerfile.j2
  53. 0
      floyd/ansible/roles/gantsign.antigen/molecule/opensuse/INSTALL.rst
  54. 0
      floyd/ansible/roles/gantsign.antigen/molecule/opensuse/molecule.yml
  55. 0
      floyd/ansible/roles/gantsign.antigen/molecule/ubuntu_max/Dockerfile.j2
  56. 0
      floyd/ansible/roles/gantsign.antigen/molecule/ubuntu_max/INSTALL.rst
  57. 0
      floyd/ansible/roles/gantsign.antigen/molecule/ubuntu_max/molecule.yml
  58. 0
      floyd/ansible/roles/gantsign.antigen/molecule/ubuntu_min/Dockerfile.j2
  59. 0
      floyd/ansible/roles/gantsign.antigen/molecule/ubuntu_min/INSTALL.rst
  60. 0
      floyd/ansible/roles/gantsign.antigen/molecule/ubuntu_min/molecule.yml
  61. 0
      floyd/ansible/roles/gantsign.antigen/moleculew
  62. 0
      floyd/ansible/roles/gantsign.antigen/tasks/configure-debian-console.yml
  63. 0
      floyd/ansible/roles/gantsign.antigen/tasks/configure.yml
  64. 0
      floyd/ansible/roles/gantsign.antigen/tasks/install-oh-my-zsh.yml
  65. 0
      floyd/ansible/roles/gantsign.antigen/tasks/install.yml
  66. 0
      floyd/ansible/roles/gantsign.antigen/tasks/main.yml
  67. 0
      floyd/ansible/roles/gantsign.antigen/templates/antigenrc.j2
  68. 0
      floyd/ansible/roles/gantsign.antigen/templates/bundle.zsh.j2
  69. 0
      floyd/ansible/roles/gantsign.antigen/templates/theme.zsh.j2
  70. 0
      floyd/ansible/roles/gantsign.antigen/templates/use.zsh.j2
  71. 0
      floyd/ansible/roles/gantsign.antigen/vars/main.yml
  72. 24
      floyd/ansible/roles/setup-caddy/tasks/main.yml
  73. 6
      floyd/ansible/roles/setup-caddy/templates/Caddyfile.j2
  74. 17
      floyd/ansible/roles/setup-caddy/templates/caddy-docker-compose.yml.j2
  75. 8
      floyd/ansible/roles/setup-docker/handlers/main.yml
  76. 0
      floyd/ansible/roles/setup-docker/tasks/main.yml
  77. 0
      floyd/ansible/roles/setup-docker/templates/daemon.json
  78. 0
      floyd/ansible/roles/setup-gitea/tasks/main.yml
  79. 8
      floyd/ansible/roles/setup-gitea/templates/gitea-docker-compose.yml.j2
  80. 0
      floyd/ansible/roles/setup-tailscale/handlers/main.yml
  81. 0
      floyd/ansible/roles/setup-tailscale/tasks/main.yml
  82. 0
      floyd/terraform/digitalocean-infra/README.md
  83. 24
      floyd/terraform/digitalocean-infra/firewalls.tf
  84. 36
      floyd/terraform/digitalocean-infra/main.tf
  85. 8
      floyd/terraform/digitalocean-infra/versions.tf
  86. 13
      floyd/terraform/main.tf
  87. 58
      floyd/terraform/pihole/container.tf
  88. 8
      floyd/terraform/pihole/image.tf
  89. 3
      floyd/terraform/pihole/variables.tf
  90. 8
      floyd/terraform/pihole/versions.tf
  91. 9
      floyd/terraform/providers.tf
  92. 32
      floyd/terraform/unbound/container.tf
  93. 8
      floyd/terraform/unbound/image.tf
  94. 3
      floyd/terraform/unbound/variables.tf
  95. 8
      floyd/terraform/unbound/versions.tf
  96. 8
      floyd/terraform/variables.tf
  97. 11
      floyd/terraform/versions.tf
  98. 7
      hetzner/ansible/ansible.cfg
  99. 23
      hetzner/ansible/roles/bootstrap-node/tasks/ufw.yml

34
digitalocean-infra/main.tf

@ -1,34 +0,0 @@
provider "digitalocean" {
# You need to set this in your .bashrc
# export DIGITALOCEAN_TOKEN="Your API TOKEN"
#
}
# Create a new SSH key
resource "digitalocean_ssh_key" "mrkaran" {
name = "mrkaran.dev"
public_key = file("~/.ssh/mrkaran_rsa.pub")
}
# Create a new droplet in the blr1 region (master node)
resource "digitalocean_droplet" "alphard" {
image = "ubuntu-18-04-x64"
name = "alphard"
region = "blr1"
monitoring = true
size = "s-1vcpu-2gb"
ipv6 = true
private_networking = true
tags = [
"hydra",
"k8s-master",
"vpn",
]
ssh_keys = [digitalocean_ssh_key.mrkaran.fingerprint]
}
# Attach the floating ip to droplet
resource "digitalocean_floating_ip" "alphard" {
droplet_id = digitalocean_droplet.alphard.id
region = digitalocean_droplet.alphard.region
}

12
digitalocean-infra/outputs.tf

@ -1,12 +0,0 @@
# Record some meta about droplet created
output "alphard_ipv4" {
value = digitalocean_droplet.alphard.ipv4_address
}
output "alphard_droplet_name" {
value = digitalocean_droplet.alphard.name
}
output "alphard_droplet_id" {
value = digitalocean_droplet.alphard.id
}

0
hetzner/ansible/Makefile → floyd/ansible/Makefile

9
hetzner/ansible/README.md → floyd/ansible/README.md

@ -4,9 +4,14 @@
## Imp things to keep in mind
1) `ansible_ssh_user` for the first run is `root` since there is no user in the instance.
1) `ansible_ssh_user` for the first run should `root` since there is no user in the instance.
You must ensure that `bootstrap-nodes` role is first run before continuing. It disables the `root` SSH login to the instance and only
the `username` supplied in `inventory` has access to SSH. If you fail at this step, you need to debug before proceeding.
the `username` supplied in `inventory` has access to SSH.
**Bootstrap**: `ansible-playbook -i inventory playbook.yml --tag=bootstrap`
If you fail at this step, you need to debug before proceeding.
2) For Tailscale, it is recommended to generate `Pre Authorisation Keys` and encrypt them in vault:

7
floyd/ansible/ansible.cfg

@ -0,0 +1,7 @@
[defaults]
roles_path = ./roles
inventory = ./inventory
# strategy_plugins = /home/karan/.local/lib/python3.8/site-packages/ansible_mitogen/plugins/strategy
# strategy = mitogen_linear
[ssh_connection]
scp_if_ssh = True

0
hetzner/ansible/inventory.sample → floyd/ansible/inventory.sample

16
hetzner/ansible/playbook.yml → floyd/ansible/playbook.yml

@ -5,28 +5,26 @@
- role: bootstrap-node
tags:
- bootstrap
- role: setup-gitea
- role: setup-docker
become: true
tags:
- gitea
vars:
- gitea_image_tag: 1.12.3
- gitea_project_dir: "{{ansible_env.HOME}}/services/gitea"
- docker
- role: setup-tailscale
become: yes
# vars:
# tailscale_auth_key: !vault |
tags:
- tailscale
- role: gantsign.antigen
tags:
- bootstrap
- zsh
users:
- username: "{{username}}"
antigen_libraries:
- name: oh-my-zsh
antigen_theme:
name: cloud
name: agnoster
antigen_bundles:
# Bundles from the default repo (robbyrussell's oh-my-zsh).
- name: git

7
floyd/ansible/roles/bootstrap-node/handlers/main.yml

@ -0,0 +1,7 @@
- name: restart sshd
service:
name: ssh
state: restarted
- name: reboot
reboot:

1
hetzner/ansible/roles/bootstrap-node/tasks/apt.yml → floyd/ansible/roles/bootstrap-node/tasks/apt.yml

@ -19,7 +19,6 @@
- python3-pip
- python-apt
- python3-apt
- python-is-python3
- gnupg2
- gnupg-agent

0
hetzner/ansible/roles/bootstrap-node/tasks/hostname.yml → floyd/ansible/roles/bootstrap-node/tasks/hostname.yml

0
hetzner/ansible/roles/bootstrap-node/tasks/locale.yml → floyd/ansible/roles/bootstrap-node/tasks/locale.yml

12
hetzner/ansible/roles/bootstrap-node/tasks/main.yml → floyd/ansible/roles/bootstrap-node/tasks/main.yml

@ -16,20 +16,10 @@
tags:
- ssh
- import_tasks: ufw.yml
become: yes
tags:
- ufw
- import_tasks: timezone.yml
tags:
- timezone
- import_tasks: docker.yml
become: yes
tags:
- docker
- import_tasks: hostname.yml
tags:
- hostname
- hostname

0
hetzner/ansible/roles/bootstrap-node/tasks/node-exporter.yml → floyd/ansible/roles/bootstrap-node/tasks/node-exporter.yml

0
hetzner/ansible/roles/bootstrap-node/tasks/ssh.yml → floyd/ansible/roles/bootstrap-node/tasks/ssh.yml

0
hetzner/ansible/roles/bootstrap-node/tasks/timezone.yml → floyd/ansible/roles/bootstrap-node/tasks/timezone.yml

2
hetzner/ansible/roles/bootstrap-node/tasks/user.yml → floyd/ansible/roles/bootstrap-node/tasks/user.yml

@ -30,4 +30,4 @@
user: "{{username}}"
state: present
key: "{{github_ssh_key_url}}"
when: github_ssh_key_url != None and ansible_user == username
when: github_ssh_key_url != None

0
hetzner/ansible/roles/bootstrap-node/templates/ssh-banner.j2 → floyd/ansible/roles/bootstrap-node/templates/ssh-banner.j2

0
hetzner/ansible/roles/bootstrap-node/vars/main.yml → floyd/ansible/roles/bootstrap-node/vars/main.yml

0
hetzner/ansible/roles/gantsign.antigen/.editorconfig → floyd/ansible/roles/gantsign.antigen/.editorconfig

0
hetzner/ansible/roles/gantsign.antigen/.gitattributes → floyd/ansible/roles/gantsign.antigen/.gitattributes

0
hetzner/ansible/roles/gantsign.antigen/.gitignore → floyd/ansible/roles/gantsign.antigen/.gitignore

0
hetzner/ansible/roles/gantsign.antigen/.moleculew/ansible_version → floyd/ansible/roles/gantsign.antigen/.moleculew/ansible_version

0
hetzner/ansible/roles/gantsign.antigen/.moleculew/docker_lib_version → floyd/ansible/roles/gantsign.antigen/.moleculew/docker_lib_version

0
hetzner/ansible/roles/gantsign.antigen/.moleculew/molecule_version → floyd/ansible/roles/gantsign.antigen/.moleculew/molecule_version

0
hetzner/ansible/roles/gantsign.antigen/.moleculew/python_version → floyd/ansible/roles/gantsign.antigen/.moleculew/python_version

0
hetzner/ansible/roles/gantsign.antigen/.travis.yml → floyd/ansible/roles/gantsign.antigen/.travis.yml

0
hetzner/ansible/roles/gantsign.antigen/.yamllint → floyd/ansible/roles/gantsign.antigen/.yamllint

0
hetzner/ansible/roles/gantsign.antigen/LICENSE → floyd/ansible/roles/gantsign.antigen/LICENSE

0
hetzner/ansible/roles/gantsign.antigen/README.md → floyd/ansible/roles/gantsign.antigen/README.md

0
hetzner/ansible/roles/gantsign.antigen/defaults/main.yml → floyd/ansible/roles/gantsign.antigen/defaults/main.yml

0
hetzner/ansible/roles/gantsign.antigen/handlers/main.yml → floyd/ansible/roles/gantsign.antigen/handlers/main.yml

0
hetzner/ansible/roles/gantsign.antigen/meta/.galaxy_install_info → floyd/ansible/roles/gantsign.antigen/meta/.galaxy_install_info

0
hetzner/ansible/roles/gantsign.antigen/meta/main.yml → floyd/ansible/roles/gantsign.antigen/meta/main.yml

0
hetzner/ansible/roles/gantsign.antigen/molecule/centos/Dockerfile.j2 → floyd/ansible/roles/gantsign.antigen/molecule/centos/Dockerfile.j2

0
hetzner/ansible/roles/gantsign.antigen/molecule/centos/INSTALL.rst → floyd/ansible/roles/gantsign.antigen/molecule/centos/INSTALL.rst

0
hetzner/ansible/roles/gantsign.antigen/molecule/centos/molecule.yml → floyd/ansible/roles/gantsign.antigen/molecule/centos/molecule.yml

0
hetzner/ansible/roles/gantsign.antigen/molecule/debian_max/Dockerfile.j2 → floyd/ansible/roles/gantsign.antigen/molecule/debian_max/Dockerfile.j2

0
hetzner/ansible/roles/gantsign.antigen/molecule/debian_max/INSTALL.rst → floyd/ansible/roles/gantsign.antigen/molecule/debian_max/INSTALL.rst

0
hetzner/ansible/roles/gantsign.antigen/molecule/debian_max/molecule.yml → floyd/ansible/roles/gantsign.antigen/molecule/debian_max/molecule.yml

0
hetzner/ansible/roles/gantsign.antigen/molecule/debian_min/Dockerfile.j2 → floyd/ansible/roles/gantsign.antigen/molecule/debian_min/Dockerfile.j2

0
hetzner/ansible/roles/gantsign.antigen/molecule/debian_min/INSTALL.rst → floyd/ansible/roles/gantsign.antigen/molecule/debian_min/INSTALL.rst

0
hetzner/ansible/roles/gantsign.antigen/molecule/debian_min/molecule.yml → floyd/ansible/roles/gantsign.antigen/molecule/debian_min/molecule.yml

0
hetzner/ansible/roles/gantsign.antigen/molecule/default/Dockerfile.j2 → floyd/ansible/roles/gantsign.antigen/molecule/default/Dockerfile.j2

0
hetzner/ansible/roles/gantsign.antigen/molecule/default/INSTALL.rst → floyd/ansible/roles/gantsign.antigen/molecule/default/INSTALL.rst

0
hetzner/ansible/roles/gantsign.antigen/molecule/default/molecule.yml → floyd/ansible/roles/gantsign.antigen/molecule/default/molecule.yml

0
hetzner/ansible/roles/gantsign.antigen/molecule/default/playbook.yml → floyd/ansible/roles/gantsign.antigen/molecule/default/playbook.yml

0
hetzner/ansible/roles/gantsign.antigen/molecule/default/tests/console-setup.sh → floyd/ansible/roles/gantsign.antigen/molecule/default/tests/console-setup.sh

0
hetzner/ansible/roles/gantsign.antigen/molecule/default/tests/test_role.py → floyd/ansible/roles/gantsign.antigen/molecule/default/tests/test_role.py

0
hetzner/ansible/roles/gantsign.antigen/molecule/fedora/Dockerfile.j2 → floyd/ansible/roles/gantsign.antigen/molecule/fedora/Dockerfile.j2

0
hetzner/ansible/roles/gantsign.antigen/molecule/fedora/INSTALL.rst → floyd/ansible/roles/gantsign.antigen/molecule/fedora/INSTALL.rst

0
hetzner/ansible/roles/gantsign.antigen/molecule/fedora/molecule.yml → floyd/ansible/roles/gantsign.antigen/molecule/fedora/molecule.yml

0
hetzner/ansible/roles/gantsign.antigen/molecule/opensuse/Dockerfile.j2 → floyd/ansible/roles/gantsign.antigen/molecule/opensuse/Dockerfile.j2

0
hetzner/ansible/roles/gantsign.antigen/molecule/opensuse/INSTALL.rst → floyd/ansible/roles/gantsign.antigen/molecule/opensuse/INSTALL.rst

0
hetzner/ansible/roles/gantsign.antigen/molecule/opensuse/molecule.yml → floyd/ansible/roles/gantsign.antigen/molecule/opensuse/molecule.yml

0
hetzner/ansible/roles/gantsign.antigen/molecule/ubuntu_max/Dockerfile.j2 → floyd/ansible/roles/gantsign.antigen/molecule/ubuntu_max/Dockerfile.j2

0
hetzner/ansible/roles/gantsign.antigen/molecule/ubuntu_max/INSTALL.rst → floyd/ansible/roles/gantsign.antigen/molecule/ubuntu_max/INSTALL.rst

0
hetzner/ansible/roles/gantsign.antigen/molecule/ubuntu_max/molecule.yml → floyd/ansible/roles/gantsign.antigen/molecule/ubuntu_max/molecule.yml

0
hetzner/ansible/roles/gantsign.antigen/molecule/ubuntu_min/Dockerfile.j2 → floyd/ansible/roles/gantsign.antigen/molecule/ubuntu_min/Dockerfile.j2

0
hetzner/ansible/roles/gantsign.antigen/molecule/ubuntu_min/INSTALL.rst → floyd/ansible/roles/gantsign.antigen/molecule/ubuntu_min/INSTALL.rst

0
hetzner/ansible/roles/gantsign.antigen/molecule/ubuntu_min/molecule.yml → floyd/ansible/roles/gantsign.antigen/molecule/ubuntu_min/molecule.yml

0
hetzner/ansible/roles/gantsign.antigen/moleculew → floyd/ansible/roles/gantsign.antigen/moleculew

0
hetzner/ansible/roles/gantsign.antigen/tasks/configure-debian-console.yml → floyd/ansible/roles/gantsign.antigen/tasks/configure-debian-console.yml

0
hetzner/ansible/roles/gantsign.antigen/tasks/configure.yml → floyd/ansible/roles/gantsign.antigen/tasks/configure.yml

0
hetzner/ansible/roles/gantsign.antigen/tasks/install-oh-my-zsh.yml → floyd/ansible/roles/gantsign.antigen/tasks/install-oh-my-zsh.yml

0
hetzner/ansible/roles/gantsign.antigen/tasks/install.yml → floyd/ansible/roles/gantsign.antigen/tasks/install.yml

0
hetzner/ansible/roles/gantsign.antigen/tasks/main.yml → floyd/ansible/roles/gantsign.antigen/tasks/main.yml

0
hetzner/ansible/roles/gantsign.antigen/templates/antigenrc.j2 → floyd/ansible/roles/gantsign.antigen/templates/antigenrc.j2

0
hetzner/ansible/roles/gantsign.antigen/templates/bundle.zsh.j2 → floyd/ansible/roles/gantsign.antigen/templates/bundle.zsh.j2

0
hetzner/ansible/roles/gantsign.antigen/templates/theme.zsh.j2 → floyd/ansible/roles/gantsign.antigen/templates/theme.zsh.j2

0
hetzner/ansible/roles/gantsign.antigen/templates/use.zsh.j2 → floyd/ansible/roles/gantsign.antigen/templates/use.zsh.j2

0
hetzner/ansible/roles/gantsign.antigen/vars/main.yml → floyd/ansible/roles/gantsign.antigen/vars/main.yml

24
floyd/ansible/roles/setup-caddy/tasks/main.yml

@ -0,0 +1,24 @@
- name: Clouflare auth token required
fail:
msg: "You must include a Clouflare auth token. Set a `cloudflare_api_token` ansible-vault encrypted variable."
when: cloudflare_api_token is not defined
- name: Create caddy project directory if it does not exist
file:
path: "{{caddy_project_dir}}"
state: directory
- name: Copy caddy docker-compose
template:
src: Caddyfile.j2
dest: "{{caddy_project_dir}}/Caddyfile"
- name: Copy caddy docker-compose
template:
src: caddy-docker-compose.yml.j2
dest: "{{caddy_project_dir}}/docker-compose.yml"
- name: Start docker-compose
shell:
cmd: docker-compose up -d
chdir: "{{caddy_project_dir}}"

6
floyd/ansible/roles/setup-caddy/templates/Caddyfile.j2

@ -0,0 +1,6 @@
git.mrkaran.dev {
reverse_proxy gitea:3000
tls {
dns cloudflare {{cloudflare_api_token}}
}
}

17
floyd/ansible/roles/setup-caddy/templates/caddy-docker-compose.yml.j2

@ -0,0 +1,17 @@
version: "3.8"
services:
caddy:
image: mrkaran/caddy:{{caddy_image_tag}}
restart: always
volumes:
- /data/caddy:/data
- $PWD/Caddyfile:/etc/caddy/Caddyfile
ports:
- "80:80"
- "443:443"
networks:
default:
external:
name: {{docker_external_network}}

8
hetzner/ansible/roles/bootstrap-node/handlers/main.yml → floyd/ansible/roles/setup-docker/handlers/main.yml

@ -1,11 +1,3 @@
- name: restart sshd
service:
name: ssh
state: restarted
- name: reboot
reboot:
- name: Start docker on boot
systemd:
name: docker

0
hetzner/ansible/roles/bootstrap-node/tasks/docker.yml → floyd/ansible/roles/setup-docker/tasks/main.yml

0
hetzner/ansible/roles/bootstrap-node/templates/daemon.json → floyd/ansible/roles/setup-docker/templates/daemon.json

0
hetzner/ansible/roles/setup-gitea/tasks/main.yml → floyd/ansible/roles/setup-gitea/tasks/main.yml

8
hetzner/ansible/roles/setup-gitea/templates/gitea-docker-compose.yml.j2 → floyd/ansible/roles/setup-gitea/templates/gitea-docker-compose.yml.j2

@ -1,14 +1,12 @@
version: "3.8"
services:
server:
gitea:
image: gitea/gitea:{{gitea_image_tag}}
environment:
- USER_UID=1000
- USER_GID=1000
restart: always
networks:
- gitea
volumes:
- /data/gitea:/data
- /etc/timezone:/etc/timezone:ro
@ -18,4 +16,6 @@ services:
- "2221:22"
networks:
gitea:
default:
external:
name: {{docker_external_network}}

0
hetzner/ansible/roles/setup-tailscale/handlers/main.yml → floyd/ansible/roles/setup-tailscale/handlers/main.yml

0
hetzner/ansible/roles/setup-tailscale/tasks/main.yml → floyd/ansible/roles/setup-tailscale/tasks/main.yml

0
digitalocean-infra/README.md → floyd/terraform/digitalocean-infra/README.md

24
digitalocean-infra/firewalls.tf → floyd/terraform/digitalocean-infra/firewalls.tf

@ -1,7 +1,7 @@
resource "digitalocean_firewall" "web" {
name = "web-inbound"
name = "allow-http-https-cf-inbound"
droplet_ids = [digitalocean_droplet.alphard.id]
droplet_ids = [digitalocean_droplet.floyd.id]
inbound_rule {
protocol = "tcp"
port_range = "80"
@ -16,21 +16,9 @@ resource "digitalocean_firewall" "web" {
}
resource "digitalocean_firewall" "vpn" {
name = "vpn-inbound"
name = "allow-all-tailscale-inbound"
droplet_ids = [digitalocean_droplet.alphard.id]
inbound_rule {
protocol = "udp"
port_range = "1-65535"
source_addresses = ["0.0.0.0/0", "::/0"]
}
inbound_rule {
protocol = "tcp"
port_range = "853"
source_addresses = ["0.0.0.0/0", "::/0"]
}
droplet_ids = [digitalocean_droplet.floyd.id]
inbound_rule {
protocol = "tcp"
@ -49,7 +37,7 @@ resource "digitalocean_firewall" "vpn" {
resource "digitalocean_firewall" "ssh" {
name = "ssh-inbound"
droplet_ids = [digitalocean_droplet.alphard.id]
droplet_ids = [digitalocean_droplet.floyd.id]
inbound_rule {
protocol = "tcp"
@ -62,7 +50,7 @@ resource "digitalocean_firewall" "ssh" {
resource "digitalocean_firewall" "outbound-all" {
name = "allow-all-outbound"
droplet_ids = [digitalocean_droplet.alphard.id]
droplet_ids = [digitalocean_droplet.floyd.id]
outbound_rule {
protocol = "tcp"

36
floyd/terraform/digitalocean-infra/main.tf

@ -0,0 +1,36 @@
# Create a new SSH key
resource "digitalocean_ssh_key" "mrkaran" {
name = "mrkaran.dev"
public_key = file("~/.ssh/mrkaran_rsa.pub")
}
# Create a new droplet in the blr1 region (master node)
resource "digitalocean_droplet" "floyd" {
image = "ubuntu-20-04-x64"
name = "floyd"
region = "blr1"
monitoring = true
size = "s-1vcpu-2gb"
ipv6 = true
private_networking = true
tags = [
"hydra",
"floyd",
]
ssh_keys = [digitalocean_ssh_key.mrkaran.fingerprint]
}
# Attach the floating ip to droplet
resource "digitalocean_floating_ip" "floyd" {
droplet_id = digitalocean_droplet.floyd.id
region = digitalocean_droplet.floyd.region
}
# Create a project for the entire homelab setup
resource "digitalocean_project" "hydra" {
name = "hydra"
description = "Homelab by mrkaran"
purpose = "Web Application"
environment = "Development"
resources = [digitalocean_droplet.floyd.urn, digitalocean_floating_ip.floyd.urn]
}

8
floyd/terraform/digitalocean-infra/versions.tf

@ -0,0 +1,8 @@
terraform {
required_providers {
digitalocean = {
source = "terraform-providers/digitalocean"
}
}
required_version = ">= 0.13"
}

13
floyd/terraform/main.tf

@ -0,0 +1,13 @@
module "hydra-infra" {
source = "./digitalocean-infra"
}
module "pihole" {
source = "./pihole"
ips = var.ips
}
module "unbound" {
source = "./unbound"
ips = var.ips
}

58
floyd/terraform/pihole/container.tf

@ -0,0 +1,58 @@
# Referred to https://github.com/pi-hole/docker-pi-hole#quick-start
# for config.
resource "docker_container" "pihole" {
name = "pihole"
image = docker_image.pihole.latest
volumes {
host_path = "/data/pihole/etc-pihole/"
container_path = "/etc/pihole/"
}
volumes {
host_path = "/data/pihole/etc-dnsmasq.d/"
container_path = "/etc/dnsmasq.d/"
}
# https://tools.ietf.org/html/rfc5966
# mentions to support TCP for DNS.
ports {
internal = 53
external = 53
ip = var.ips["tailscale_floyd"]
protocol = "tcp"
}
# DNS on UDP
ports {
internal = 53
external = 53
ip = var.ips["tailscale_floyd"]
protocol = "udp"
}
# Admin Interface (HTTP)
ports {
internal = 80
external = 3000
ip = var.ips["tailscale_floyd"]
protocol = "tcp"
}
# Admin Interface (HTTPS)
ports {
internal = 443
external = 3001
ip = var.ips["tailscale_floyd"]
protocol = "tcp"
}
# Set timezone
env = [
"TZ=Asia/Kolkata",
]
restart = "unless-stopped"
destroy_grace_seconds = 30
must_run = true
}

8
floyd/terraform/pihole/image.tf

@ -0,0 +1,8 @@
data "docker_registry_image" "pihole" {
name = "pihole/pihole:v5.1.2"
}
resource "docker_image" "pihole" {
name = data.docker_registry_image.pihole.name
pull_triggers = [data.docker_registry_image.pihole.sha256_digest]
}

3
floyd/terraform/pihole/variables.tf

@ -0,0 +1,3 @@
variable "ips" {
type = map
}

8
floyd/terraform/pihole/versions.tf

@ -0,0 +1,8 @@
terraform {
required_providers {
docker = {
source = "terraform-providers/docker"
}
}
required_version = ">= 0.13"
}

9
floyd/terraform/providers.tf

@ -0,0 +1,9 @@
provider "docker" {
host = "ssh://floyd:22"
}
provider "digitalocean" {
# You need to set this in your .bashrc
# export DIGITALOCEAN_TOKEN="Your API TOKEN"
#
}

32
floyd/terraform/unbound/container.tf

@ -0,0 +1,32 @@
# Referred to https://github.com/pi-hole/docker-pi-hole#quick-start
# for config.
resource "docker_container" "unbound" {
name = "unbound"
image = docker_image.unbound.latest
# volumes {
# host_path = "/data/unbound"
# container_path = "/opt/unbound/etc/unbound/"
# }
# https://tools.ietf.org/html/rfc5966
# mentions to support TCP for DNS.
ports {
internal = 53
external = 5353
ip = var.ips["tailscale_floyd"]
protocol = "tcp"
}
# DNS on UDP
ports {
internal = 53
external = 5353
ip = var.ips["tailscale_floyd"]
protocol = "udp"
}
restart = "unless-stopped"
destroy_grace_seconds = 30
must_run = true
}

8
floyd/terraform/unbound/image.tf

@ -0,0 +1,8 @@
data "docker_registry_image" "unbound" {
name = "mvance/unbound:latest"
}
resource "docker_image" "unbound" {
name = data.docker_registry_image.unbound.name
pull_triggers = [data.docker_registry_image.unbound.sha256_digest]
}

3
floyd/terraform/unbound/variables.tf

@ -0,0 +1,3 @@
variable "ips" {
type = map
}

8
floyd/terraform/unbound/versions.tf

@ -0,0 +1,8 @@
terraform {
required_providers {
docker = {
source = "terraform-providers/docker"
}
}
required_version = ">= 0.13"
}

8
floyd/terraform/variables.tf

@ -0,0 +1,8 @@
variable "ips" {
type = map
default = {
tailscale_floyd = "100.101.134.59"
eth1 = "10.139.120.134"
}
}

11
floyd/terraform/versions.tf

@ -0,0 +1,11 @@
terraform {
required_providers {
digitalocean = {
source = "terraform-providers/digitalocean"
}
docker = {
source = "terraform-providers/docker"
}
}
required_version = ">= 0.13"
}

7
hetzner/ansible/ansible.cfg

@ -1,7 +0,0 @@
[defaults]
roles_path = ./roles
inventory = ./inventory
strategy_plugins = /home/karan/.local/lib/python3.8/site-packages/ansible_mitogen/plugins/strategy
strategy = mitogen_linear
[ssh_connection]
scp_if_ssh = True

23
hetzner/ansible/roles/bootstrap-node/tasks/ufw.yml

@ -1,23 +0,0 @@
- name: Deny all incoming traffic and enable UFW
ufw:
state: enabled
policy: deny
direction: incoming
- name: Set logging
ufw:
logging: 'on'
- name: UFW - Allow SSH connections
ufw:
rule: allow
name: OpenSSH
- name: Allow access to tcp port 80 from Tailscale CIDR
ufw:
rule: allow
port: "80"
src: "{{item}}"
proto: tcp
loop:
- 100.64.0.0/10
Loading…
Cancel
Save