unifi

author: Trygve Laugstøl <trygvis@inamo.no> 2024-08-21 22:47:51 +0200
committer: Trygve Laugstøl <trygvis@inamo.no> 2024-08-21 22:47:51 +0200
commit: 06a9c241b2462e9819fd5ca58a519f4f538a85e4 (patch)
tree: 094465d7588003468eb956001e0255b9756c1f41
parent: 204a5bb09bbb5888621edb25de2b1faad34ab781 (diff)
download: infra-06a9c241b2462e9819fd5ca58a519f4f538a85e4.tar.gz
infra-06a9c241b2462e9819fd5ca58a519f4f538a85e4.tar.bz2
infra-06a9c241b2462e9819fd5ca58a519f4f538a85e4.tar.xz
infra-06a9c241b2462e9819fd5ca58a519f4f538a85e4.zip
9 files changed, 33 insertions, 12 deletions
diff --git a/ansible/group_vars/all/ipam.yml b/ansible/group_vars/all/ipam.yml
index 4d4017b..2f9bed1 100644
--- a/ansible/group_vars/all/ipam.yml
+++ b/ansible/group_vars/all/ipam.yml
@@ -15,6 +15,8 @@ ipam6:
       range: "fdb1:4242:3538:2001::/64"
       hosts:
         - conflatorio-ix: "fdb1:4242:3538:2001::ffff/64"
+    conflatorio_docker:
+      range: "fdb1:4242:3538:2001:1001::/112"
     node1_dn42:
       range: "fdb1:4242:3538:2002::/64"
     node2_dn42:
diff --git a/sops.yml b/sops.yml
index 03226ab..571a434 100644
--- a/sops.yml
+++ b/sops.yml
@@ -1,5 +1,5 @@
-#ENC[AES256_GCM,data:KE8haaNoCU7koejXB4F+UvE=,iv:M6s1LQBOlM97GAtZOGw7cnDcQZD/q4rNrEDF1FocxGs=,tag:mQszvgw+WNcEt9Czi+8hjg==,type:comment]
-linode_token: ENC[AES256_GCM,data:OaLHFMUozNiWb/YA+Nja7plMvHfRBbvr3UMrt+hGl88F7eDe5CLkEfkeNNRHcUy1lxNhX1j4YlVhBGxdTA2PoQ==,iv:gz31tnelnCg7Yw1CoHCrSaNXnlehnx4TWFHJq0VCc3g=,tag:sdeiTbUAkTCVAeyw78DIVA==,type:str]
+#ENC[AES256_GCM,data:VXrX0NUIHcFjmxHLuYzz9ekkR7N2IW/CF6a9U0dk/cvgtwoNLA==,iv:NIpefl6uO7c7ESxgCHXe3Y2x4cf9nLPjwDJo28xt5SY=,tag:U59KOg8Ny+O33Lf63Zjo1w==,type:comment]
+linode_token: ENC[AES256_GCM,data:PeLIxcZ5mQMnp1LZy4saSUWIpCxrGm+3/6PssmIE9yO81x2HcGrgxO0CNl1feOtPrI1PVcAfFnFlpSetELLZlg==,iv:ETBKZgmFdIHoUROHVUzhxRoLS2uIuGR0SXZ96C9FhDk=,tag:pzuS8RLQf1A5ctmrOanVgA==,type:str]
 knot_pdb_terraform_password: ENC[AES256_GCM,data:cu5aUZAVrmtzgBB2hGfBkd+TU4vB0cWnBNluTHptyV0YvZuq,iv:HT4Cmr9huuylVt2vwFcrWUlBmDE6V3n0bXq/telJNBM=,tag:2RSvWnAAM5seHv12HyDprA==,type:str]
 sops:
     kms: []
@@ -34,8 +34,8 @@ sops:
             a1E2c3VEaWR0K3U4dnpqdm5RU0VCZUkKiOtFMhim7qAe4kDU2gijcCChesM0qAGk
             Z2xNVfBy4HH58cgWrtCQ6PRvULwAQ6Bgq59iZ7H/C2IFVqVfliajmw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-10-23T13:22:29Z"
-    mac: ENC[AES256_GCM,data:XkWZD0Whj/5Zd/dGC20UyQxvvkrca6Ox58L2cXzLAgum/lYj6Q+GdRIIApz7Iwmj8ZkX4I8+jrF9epozJwS4ZiYW6qsmcNzpt3F3oiwYqe8OcLfOpdSVdy5QekiNtweqO9zTAO14hVbz+QYkTnCBqc8tBF2BFVxek6j8KKSbTTM=,iv:O8AU9xhhnfJ36NBfJkdB6YVtmL/sEXRfVrMBpCV5ufc=,tag:/g/I6C2t4+QWUfFXDbblKQ==,type:str]
+    lastmodified: "2024-08-21T18:05:07Z"
+    mac: ENC[AES256_GCM,data:Kxa9SCKy0pLCgqGd7f+xFbQz3Cpf9EfDYP1fwPiIweHhw8iFEeaI7WZCb9zXjsky1tuQ0nbJMHfVQaPSqLC+ACyrBioXIBjgITAfEg3xtpRYiSQRFVBtGA7HpEAKWeFquzTvBR/EAoDuEvFTkrup3JSE8sM3bWKVb2dy1uRyBIc=,iv:O5LO1TFJLlFdCOGWWk5xJlQtVF1+sZTCH2DUKQdvQGo=,tag:0USQg2+EYUVG3+FsjilssQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3
diff --git a/terraform/conflatorio-docker/main.tf b/terraform/conflatorio-docker/main.tf
index 8a01be6..5d52b4e 100644
--- a/terraform/conflatorio-docker/main.tf
+++ b/terraform/conflatorio-docker/main.tf
@@ -22,6 +22,12 @@ data "sops_file_entry" "linode_token" {
   data_key    = "linode_token"
 }
 
+locals {
+  public_ip = "fdb1:4242:3538:2001::ffff"
+  network_addr = "fdb1:4242:3538:2001:1001::"
+  network_range = 112
+}
+
 output "foo" {
   value = "foo!"
 }
diff --git a/terraform/conflatorio-docker/network.tf b/terraform/conflatorio-docker/network.tf
index 32e1bfb..b548fef 100644
--- a/terraform/conflatorio-docker/network.tf
+++ b/terraform/conflatorio-docker/network.tf
@@ -4,6 +4,6 @@ resource "docker_network" "public" {
   ipv6 = true
 
   ipam_config {
-    subnet  = "fdf3:aad9:a885:77dd:bbbb::/120"
+    subnet  = "${local.network_addr}/${local.network_range}"
   }
 }
diff --git a/terraform/conflatorio-docker/traefik.tf b/terraform/conflatorio-docker/traefik.tf
index d15ac5c..98f7e7e 100644
--- a/terraform/conflatorio-docker/traefik.tf
+++ b/terraform/conflatorio-docker/traefik.tf
@@ -23,20 +23,20 @@ resource "docker_container" "traefik" {
   ports {
     internal = 80
     external = 80
-    ip       = "fdf3:aad9:a885:77dd::2"
+    ip       = "${local.public_ip}"
   }
 
   ports {
     internal = 443
     external = 443
-    ip       = "fdf3:aad9:a885:77dd::2"
+    ip       = "${local.public_ip}"
   }
 
   # for buildfarm-server
   ports {
     internal = 8980
     external = 8980
-    ip       = "fdf3:aad9:a885:77dd::2"
+    ip       = "${local.public_ip}"
   }
 
   command = [
diff --git a/terraform/dns/vpn-cname.tf b/terraform/dns/vpn-cname.tf
index 8887988..ebb6a4b 100644
--- a/terraform/dns/vpn-cname.tf
+++ b/terraform/dns/vpn-cname.tf
@@ -5,11 +5,18 @@
 #  target      = "fdf3:aad9:a885:77dd::2"
 #}
 
+resource "linode_domain_record" "net-conflatorio" {
+  domain_id   = linode_domain.root.id
+  name        = "conflatorio.net"
+  record_type = "AAAA"
+  target      = "fdb1:4242:3538:2001::ffff"
+}
+
 resource "linode_domain_record" "vpn-unifi" {
   domain_id   = linode_domain.root.id
   name        = "unifi.vpn"
   record_type = "CNAME"
-  target      = "${linode_domain_record.vpn-conflatorio.name}.trygvis.io"
+  target      = "${linode_domain_record.net-conflatorio.name}.trygvis.io"
 }
 
 resource "linode_domain_record" "vpn-grafana" {
diff --git a/terraform/unifi-controller/main.tf b/terraform/unifi-controller/main.tf
index f5f7b0a..55c133c 100644
--- a/terraform/unifi-controller/main.tf
+++ b/terraform/unifi-controller/main.tf
@@ -28,8 +28,10 @@ provider "docker" {
 locals {
   domain_name = "unifi.vpn.trygvis.io"
 
+  public_ip = "fdb1:4242:3538:2001::ffff"
+
   docker_image_controller = "lscr.io/linuxserver/unifi-controller:8.0.24-mongoless"
-  docker_image_mongo = "mongo:7.0"
+  docker_image_mongo      = "mongo:7.0"
 
   mongo_database = "unifi"
   mongo_username = "unifi"
diff --git a/terraform/unifi-controller/mongo.tf b/terraform/unifi-controller/mongo.tf
index 98b4e36..2b83691 100644
--- a/terraform/unifi-controller/mongo.tf
+++ b/terraform/unifi-controller/mongo.tf
@@ -24,15 +24,18 @@ resource "docker_container" "unifi-mongo" {
     name = docker_network.unifi.name
   }
 
+  network_mode = "bridge"
+
   volumes {
     volume_name    = docker_volume.unifi-mongo.name
+    read_only      = false
     container_path = "/data/db"
   }
 }
 
 output "mongo_init_js" {
   sensitive = true
-  value = <<-EOF
+  value     = <<-EOF
   db.getSiblingDB("${local.mongo_database}").
     createUser({
       user: "${local.mongo_database}",
diff --git a/terraform/unifi-controller/unifi.tf b/terraform/unifi-controller/unifi.tf
index 8e6c7d7..4b0f1c6 100644
--- a/terraform/unifi-controller/unifi.tf
+++ b/terraform/unifi-controller/unifi.tf
@@ -52,12 +52,13 @@ resource "docker_container" "unifi-controller" {
       internal = ports.value["port"]
       external = ports.value["port"]
       protocol = ports.value["proto"]
-      ip       = "fdf3:aad9:a885:77dd::2"
+      ip       = local.public_ip
     }
   }
 
   volumes {
     volume_name    = docker_volume.unifi-controller.name
+    read_only      = false
     container_path = "/config"
   }
author	Trygve Laugstøl <trygvis@inamo.no>	2024-08-21 22:47:51 +0200
committer	Trygve Laugstøl <trygvis@inamo.no>	2024-08-21 22:47:51 +0200
commit	06a9c241b2462e9819fd5ca58a519f4f538a85e4 (patch)
tree	094465d7588003468eb956001e0255b9756c1f41
parent	204a5bb09bbb5888621edb25de2b1faad34ab781 (diff)
download	infra-06a9c241b2462e9819fd5ca58a519f4f538a85e4.tar.gz infra-06a9c241b2462e9819fd5ca58a519f4f538a85e4.tar.bz2 infra-06a9c241b2462e9819fd5ca58a519f4f538a85e4.tar.xz infra-06a9c241b2462e9819fd5ca58a519f4f538a85e4.zip