aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTrygve Laugstøl <trygvis@inamo.no>2020-10-28 00:44:37 +0100
committerTrygve Laugstøl <trygvis@inamo.no>2020-10-28 00:44:37 +0100
commit032a4eece0c72a8111efda04766770de93b34cf8 (patch)
tree284ccca0d7d2f545c2449348a67cada7fd76d55c
parent22b0be766ce72a6449327cbf36d273886aa76ab3 (diff)
downloadinfra-032a4eece0c72a8111efda04766770de93b34cf8.tar.gz
infra-032a4eece0c72a8111efda04766770de93b34cf8.tar.bz2
infra-032a4eece0c72a8111efda04766770de93b34cf8.tar.xz
infra-032a4eece0c72a8111efda04766770de93b34cf8.zip
linode teraform <3.
-rw-r--r--ansible/group_vars/all/linode-dns.yml28
-rw-r--r--ansible/plays/wireguard-wg0-terraform.yml17
-rw-r--r--ansible/plays/wireguard-wg0.yml1
-rw-r--r--terraform/.gitignore3
-rw-r--r--terraform/.settings.sh1
-rw-r--r--terraform/Makefile41
-rw-r--r--terraform/README.md18
-rw-r--r--terraform/dns/main.tf21
l---------terraform/dns/terraform.d1
-rw-r--r--terraform/dns/trygvis.tf119
-rw-r--r--terraform/dns/versions.tf11
-rw-r--r--terraform/dns/vpn.tf66
12 files changed, 314 insertions, 13 deletions
diff --git a/ansible/group_vars/all/linode-dns.yml b/ansible/group_vars/all/linode-dns.yml
index 99d0d5f..8f4d14d 100644
--- a/ansible/group_vars/all/linode-dns.yml
+++ b/ansible/group_vars/all/linode-dns.yml
@@ -1,13 +1,17 @@
$ANSIBLE_VAULT;1.1;AES256
-62623736386330363663393335373462393837373030303932656338623037336433613563323763
-6332316437353338353832633031336533396235333638640a653666383835636635323938656134
-38633531303037643061363434646265336364613737376633646666376564656531333433663236
-3636646665613336620a663531313739663562313264306334393463323437643265616530653138
-62626230393139623233313930636137626233363737636435633737363432333235663035363634
-39343762346536343137653566616634363361396635656630633864616165646334623636376637
-62386465393339643139646437663531613063313635333064343432303137366664376637333930
-38303338616235313666383765636137656665363530393165313932623533663264333732646166
-34663163613031323263356333616336346261363530643438663262366364346437636537653061
-39663239393866396630326263653933363466343562313435373865613431633962643264353965
-65316536663566323930376335323635303634306434396136313366363130316231616431316331
-61643136303631333237
+32613137363737323032353466633435666631323539363839633637666636326337363665326666
+3436386634663232663533303063313430633061323737350a383137343930626439613835376465
+63306535373732363137393461353164333261633735646639363030343961643832633839613765
+3630313535616264660a316437326231656332313833343663383662623438666463613537363436
+31646663356231373036663335633361353633333134336664303230366664396432623763616531
+37643962383431663333616338303239343535303563303238363232323963643866653166373366
+33333535636163306666663539656236363439323936383831326336386134333963623861316263
+34313334363135373262663864333339376639333832363433636232626535316562663239656139
+39323266663062623461343062333436343262633736373830323733653561623336333535343136
+33643137323035376233636638366439366535383364333635643464323036613238653237666239
+34396661633233626265663965653666653333666365636331623062613034633164333437386534
+64373733386232303739646132613435666430313730626661636263613461393661613338626333
+61363032616339626330376533626461363231323833663131636661366465623063316537353731
+38376432393735656537313039623135653032343631333761666639633563636535616437393163
+31626433323061373338636162666334363937623339643364663263316535303336623338363337
+37626330626338353733
diff --git a/ansible/plays/wireguard-wg0-terraform.yml b/ansible/plays/wireguard-wg0-terraform.yml
new file mode 100644
index 0000000..33b4b47
--- /dev/null
+++ b/ansible/plays/wireguard-wg0-terraform.yml
@@ -0,0 +1,17 @@
+- hosts: localhost
+ connection: local
+ tasks:
+ - tags: terraform
+ copy:
+ dest: ../../terraform/dns/vpn.tf
+ content: |
+ # Generated from ansible data
+ {% for host, data in wireguard_wg0.hosts.items() %}
+ resource "linode_domain_record" "vpn-{{ host }}" {
+ domain_id = linode_domain.root.id
+ name = "{{ host }}.vpn"
+ record_type = "AAAA"
+ target = "{{ data.ipv6 }}"
+ }
+ {% endfor %}
+
diff --git a/ansible/plays/wireguard-wg0.yml b/ansible/plays/wireguard-wg0.yml
index 578fc81..a6f6653 100644
--- a/ansible/plays/wireguard-wg0.yml
+++ b/ansible/plays/wireguard-wg0.yml
@@ -3,4 +3,3 @@
roles:
- role: wireguard
wireguard__name: wireguard_wg0
-
diff --git a/terraform/.gitignore b/terraform/.gitignore
new file mode 100644
index 0000000..5458a76
--- /dev/null
+++ b/terraform/.gitignore
@@ -0,0 +1,3 @@
+.terraform
+terraform.d
+state/
diff --git a/terraform/.settings.sh b/terraform/.settings.sh
new file mode 100644
index 0000000..dcbb42e
--- /dev/null
+++ b/terraform/.settings.sh
@@ -0,0 +1 @@
+alias terraform="ANSIBLE_VAULT_PASS=\$($(pwd)/../ansible/.vault-password) $(pwd)/.terraform/bin/terraform"
diff --git a/terraform/Makefile b/terraform/Makefile
new file mode 100644
index 0000000..c26c670
--- /dev/null
+++ b/terraform/Makefile
@@ -0,0 +1,41 @@
+terraform_version=0.13.5
+terraform_url=https://releases.hashicorp.com/terraform/$(terraform_version)/terraform_$(terraform_version)_linux_amd64.zip
+terraform_unzip=.terraform/unzip/$(terraform_version)/
+terraform_zip=.terraform/zip/terraform_$(terraform_version)_linux_amd64.zip
+terraform_bin=.terraform/bin/terraform
+
+ansiblevault_version=2.0.1
+ansiblevault_url=https://github.com/MeilleursAgents/terraform-provider-ansiblevault/releases/download/v$(ansiblevault_version)/terraform-provider-ansiblevault_linux_amd64_v$(ansiblevault_version)
+ansiblevault_path=terraform.d/plugins/linux_amd64/terraform-provider-ansiblevault_v$(ansiblevault_version)_x4
+
+all: $(terraform_bin) $(ansiblevault_path) setup
+
+$(terraform_bin): $(terraform_zip)
+ rm -rf $(dir $(terraform_unzip))
+ mkdir -p $(terraform_unzip)
+ mkdir -p $(dir $(terraform_bin))
+ unzip $(terraform_zip) -d $(terraform_unzip)
+ ln -sf $(PWD)/$(terraform_unzip)/terraform $(terraform_bin)
+ touch $(PWD)/$(terraform_unzip)/terraform
+
+$(terraform_zip):
+ mkdir -p $(dir $@)
+ curl -L -o "$@" $(terraform_url)
+
+$(ansiblevault_path): terraform.d
+ mkdir -p $(dir $@)
+ curl -L -o "$@" $(ansiblevault_url)
+ chmod +x $(@)
+
+terraform.d:
+ mkdir $@
+
+MAIN=$(patsubst %/main.tf,%,$(wildcard */main.tf))
+setup: $(patsubst %,%/terraform.d,$(MAIN))
+.PHONY: setup
+
+%/terraform.d: terraform.d
+ ln -s ../terraform.d $@
+
+.terraform/plugins/linux_amd64:
+ mkdir -p $@
diff --git a/terraform/README.md b/terraform/README.md
new file mode 100644
index 0000000..825cc94
--- /dev/null
+++ b/terraform/README.md
@@ -0,0 +1,18 @@
+# Setup
+
+ # Downloads terraform and plugins
+ make
+
+ # Do this in every new terminal
+ source .settings.sh
+
+ # This is needed once (or when Terraform lets you know)
+ terraform init
+
+## Scaleway
+
+You need an ansible vault in `../ansible/terraform-local.yml` with the following contents:
+
+ scaleway_organization: "..."
+ scaleway_access_key: "..."
+ scaleway_secret_key: "..."
diff --git a/terraform/dns/main.tf b/terraform/dns/main.tf
new file mode 100644
index 0000000..d80fb70
--- /dev/null
+++ b/terraform/dns/main.tf
@@ -0,0 +1,21 @@
+terraform {
+ backend "local" {
+ path = "../state/dns"
+ }
+}
+
+provider "linode" {
+ version = "~> 1.13"
+
+ token = data.ansiblevault_path.linode_token.value
+}
+
+provider "ansiblevault" {
+ version = "~> 2.2"
+ root_folder = "../../ansible"
+}
+
+data "ansiblevault_path" "linode_token" {
+ path = "group_vars/all/linode-dns.yml"
+ key = "linode_token_v4"
+}
diff --git a/terraform/dns/terraform.d b/terraform/dns/terraform.d
new file mode 120000
index 0000000..11a3f4b
--- /dev/null
+++ b/terraform/dns/terraform.d
@@ -0,0 +1 @@
+../terraform.d \ No newline at end of file
diff --git a/terraform/dns/trygvis.tf b/terraform/dns/trygvis.tf
new file mode 100644
index 0000000..659d56a
--- /dev/null
+++ b/terraform/dns/trygvis.tf
@@ -0,0 +1,119 @@
+resource "linode_domain" "root" {
+ type = "master"
+ domain = "trygvis.io"
+
+ refresh_sec = 300
+ retry_sec = 300
+ soa_email = "root@trygvis.io"
+ status = "active"
+ tags = []
+ ttl_sec = 300
+}
+
+resource "linode_domain_record" "root-a" {
+ domain_id = linode_domain.root.id
+ name = ""
+ record_type = "A"
+ target = "176.58.112.84"
+}
+
+resource "linode_domain_record" "root-txt-google" {
+ domain_id = linode_domain.root.id
+ name = ""
+ record_type = "TXT"
+ target = "google-site-verification=fuNmCULxODJMSSlfa8w0SF-DLt2oTWCAGBvSNsUEB8k"
+ ttl_sec = 300
+}
+
+resource "linode_domain_record" "root-txt-amazon-ses" {
+ domain_id = linode_domain.root.id
+ name = "_amazonses"
+ record_type = "TXT"
+ target = "c3k5WNcOHhgLn27ed1s7YBq6xB4C/OoWuyKfqyeG31E="
+}
+
+resource "linode_domain_record" "root-txt-keybase" {
+ domain_id = linode_domain.root.id
+ name = "_keybase"
+ record_type = "TXT"
+ target = "keybase-site-verification=gcoO7zav4G2IK5KQdrWOgz_PD9wpZhz-0afIb1Kodrk"
+}
+
+resource "linode_domain_record" "root-cname-ses-1" {
+ domain_id = linode_domain.root.id
+ name = "k5o5gjadej2kkfncu36i3ef5gt473sxy._domainkey"
+ record_type = "CNAME"
+ target = "k5o5gjadej2kkfncu36i3ef5gt473sxy.dkim.amazonses.com"
+}
+
+resource "linode_domain_record" "root-cname-ses-2" {
+ domain_id = linode_domain.root.id
+ name = "imtuzw2lnfktlc7uongw433qbwjxxatg._domainkey"
+ record_type = "CNAME"
+ target = "imtuzw2lnfktlc7uongw433qbwjxxatg.dkim.amazonses.com"
+}
+
+resource "linode_domain_record" "dlock" {
+ domain_id = linode_domain.root.id
+ name = "dlock"
+ record_type = "A"
+ target = "35.205.192.14"
+}
+
+resource "linode_domain_record" "hash" {
+ domain_id = linode_domain.root.id
+ name = "hash"
+ record_type = "A"
+ target = "138.201.33.16"
+}
+
+resource "linode_domain_record" "hash-aaaa" {
+ domain_id = linode_domain.root.id
+ name = "hash"
+ record_type = "AAAA"
+ target = "2a01:4f8:171:34ad::2"
+}
+
+resource "linode_domain_record" "numquam" {
+ domain_id = linode_domain.root.id
+ name = "numquam"
+ record_type = "A"
+ target = "163.172.160.56"
+}
+
+# Aliases for trygvis.io
+resource "linode_domain_record" "mw" {
+ domain_id = linode_domain.root.id
+ name = "mw"
+ record_type = "CNAME"
+ target = "trygvis.io"
+}
+
+# Aliases for vs.trygvis.io
+resource "linode_domain_record" "nextcloud" {
+ domain_id = linode_domain.root.id
+ name = "nextcloud"
+ record_type = "CNAME"
+ target = "vs.trygvis.io"
+}
+
+resource "linode_domain_record" "grafana" {
+ domain_id = linode_domain.root.id
+ name = "grafana"
+ record_type = "CNAME"
+ target = "vs.trygvis.io"
+}
+
+resource "linode_domain_record" "owncloud" {
+ domain_id = linode_domain.root.id
+ name = "owncloud"
+ record_type = "CNAME"
+ target = "vs.trygvis.io"
+}
+
+resource "linode_domain_record" "unifi" {
+ domain_id = linode_domain.root.id
+ name = "unifi"
+ record_type = "CNAME"
+ target = "vs.trygvis.io"
+}
diff --git a/terraform/dns/versions.tf b/terraform/dns/versions.tf
new file mode 100644
index 0000000..f98850f
--- /dev/null
+++ b/terraform/dns/versions.tf
@@ -0,0 +1,11 @@
+terraform {
+ required_providers {
+ linode = {
+ source = "linode/linode"
+ }
+ ansiblevault = {
+ source = "MeilleursAgents/ansiblevault"
+ }
+ }
+ required_version = ">= 0.13"
+}
diff --git a/terraform/dns/vpn.tf b/terraform/dns/vpn.tf
new file mode 100644
index 0000000..1fb8cdd
--- /dev/null
+++ b/terraform/dns/vpn.tf
@@ -0,0 +1,66 @@
+resource "linode_domain_record" "vpn-knot" { # 7590078
+ domain_id = linode_domain.root.id
+ name = "knot.vpn"
+ record_type = "AAAA"
+ target = "fdf3:aad9:a885:0b3a::1"
+}
+resource "linode_domain_record" "vpn-birgitte" { # 7212930
+ domain_id = linode_domain.root.id
+ name = "birgitte.vpn"
+ record_type = "AAAA"
+ target = "fdf3:aad9:a885:0b3a::2"
+}
+resource "linode_domain_record" "vpn-conflatorio" { # 7212931
+ domain_id = linode_domain.root.id
+ name = "conflatorio.vpn"
+ record_type = "AAAA"
+ target = "fdf3:aad9:a885:0b3a::3"
+}
+resource "linode_domain_record" "vpn-arius" { # 11907869
+ domain_id = linode_domain.root.id
+ name = "arius.vpn"
+ record_type = "AAAA"
+ target = "fdf3:aad9:a885:0b3a::6"
+}
+resource "linode_domain_record" "vpn-akili" { # 7212932
+ domain_id = linode_domain.root.id
+ name = "akili.vpn"
+ record_type = "AAAA"
+ target = "fdf3:aad9:a885:0b3a::7"
+}
+resource "linode_domain_record" "vpn-malabaricus" { # 11506469
+ domain_id = linode_domain.root.id
+ name = "malabaricus.vpn"
+ record_type = "AAAA"
+ target = "fdf3:aad9:a885:0b3a::8"
+}
+resource "linode_domain_record" "vpn-sweetzpot-mobile" { # 15103674
+ domain_id = linode_domain.root.id
+ name = "sweetzpot-mobile.vpn"
+ record_type = "AAAA"
+ target = "fdf3:aad9:a885:0b3a::9"
+}
+resource "linode_domain_record" "vpn-astyanax" { # 15103679
+ domain_id = linode_domain.root.id
+ name = "astyanax.vpn"
+ record_type = "AAAA"
+ target = "fdf3:aad9:a885:0b3a::10"
+}
+resource "linode_domain_record" "vpn-sweetzpot-macos" {
+ domain_id = linode_domain.root.id
+ name = "sweetzpot-macos.vpn"
+ record_type = "AAAA"
+ target = "fdf3:aad9:a885:0b3a::11"
+}
+resource "linode_domain_record" "vpn-android-trygvis" {
+ domain_id = linode_domain.root.id
+ name = "android-trygvis.vpn"
+ record_type = "AAAA"
+ target = "fdf3:aad9:a885:0b3a::12"
+}
+resource "linode_domain_record" "vpn-hash" { # 16341443
+ domain_id = linode_domain.root.id
+ name = "hash.vpn"
+ record_type = "AAAA"
+ target = "fdf3:aad9:a885:0b3a::13"
+}