diff options
| author | Trygve Laugstøl <trygvis@inamo.no> | 2023-09-03 20:15:20 +0200 |
|---|---|---|
| committer | Trygve Laugstøl <trygvis@inamo.no> | 2023-09-03 20:15:20 +0200 |
| commit | 7ee547e760db3e776ab7ecd676ed4b8afca0f04b (patch) | |
| tree | 956d4d855148c5c5011fc5704b1e924c2d04c294 | |
| parent | 2db366457d598ab7fa0d86b57b40b12bf1779964 (diff) | |
| download | infra-7ee547e760db3e776ab7ecd676ed4b8afca0f04b.tar.gz infra-7ee547e760db3e776ab7ecd676ed4b8afca0f04b.tar.bz2 infra-7ee547e760db3e776ab7ecd676ed4b8afca0f04b.tar.xz infra-7ee547e760db3e776ab7ecd676ed4b8afca0f04b.zip | |
lhn
| -rw-r--r-- | ansible/ansible.cfg | 3 | ||||
| -rw-r--r-- | ansible/group_vars/all/wireguard_wg0.yml | 6 | ||||
| -rw-r--r-- | ansible/inventory | 6 | ||||
| -rw-r--r-- | ansible/plays/files/lhnix/etc/wireguard/public-wg0.key | 1 | ||||
| -rw-r--r-- | ansible/plays/files/lhnpi/etc/wireguard/public-wg0.key | 1 | ||||
| -rw-r--r-- | ansible/roles/wireguard/tasks/main.yml | 14 | ||||
| -rw-r--r-- | terraform-vault.yml | 9 | ||||
| -rw-r--r-- | terraform/dns/.terraform.lock.hcl | 34 | ||||
| -rw-r--r-- | terraform/dns/main.tf | 2 | ||||
| -rw-r--r-- | terraform/dns/vpn.tf | 7 |
10 files changed, 48 insertions, 35 deletions
diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg index 1904149..6da8010 100644 --- a/ansible/ansible.cfg +++ b/ansible/ansible.cfg @@ -1,7 +1,8 @@ [defaults] become_method = sudo connection_plugins = ./connection_plugins -inventory = ./inventory,./inventory-terraform +inventory = ./inventory +#,./inventory-terraform nocows = True stdout_callback = debug vault_password_file = ./.vault-password diff --git a/ansible/group_vars/all/wireguard_wg0.yml b/ansible/group_vars/all/wireguard_wg0.yml index 5d8e450..65d6520 100644 --- a/ansible/group_vars/all/wireguard_wg0.yml +++ b/ansible/group_vars/all/wireguard_wg0.yml @@ -44,3 +44,9 @@ wireguard_wg0: listen_port: 51821 peers: all ipv6: fdf3:aad9:a885:0b3a::13 + lhnpi: + state: present + ipv6: fdf3:aad9:a885:0b3a::14 + lhnix: + state: present + ipv6: fdf3:aad9:a885:0b3a::15 diff --git a/ansible/inventory b/ansible/inventory index 9078262..71b25fa 100644 --- a/ansible/inventory +++ b/ansible/inventory @@ -49,6 +49,10 @@ all: ansible_host: "fd56:1ae9:097d:3ddd:ecd7:7f0a:79cd:343c" conflatorio-test5: ansible_host: "fd56:1ae9:097d:3ddd:5375:e67b:7878:310d" + lhnpi: + ansible_host: 192.168.100.8 + lhnix: + ansible_host: 192.168.100.7 zh2569.rsync.net: ansible_user: zh2569 @@ -165,5 +169,7 @@ all: malabaricus: sweetzpot-macos: sweetzpot-mobile: + lhnpi: + lhnix: # vim: set filetype=yaml: diff --git a/ansible/plays/files/lhnix/etc/wireguard/public-wg0.key b/ansible/plays/files/lhnix/etc/wireguard/public-wg0.key new file mode 100644 index 0000000..588621e --- /dev/null +++ b/ansible/plays/files/lhnix/etc/wireguard/public-wg0.key @@ -0,0 +1 @@ +qGGsJvvaZWjyjATnPKq/4rpCseuuqiWnS3qSpTntl04= diff --git a/ansible/plays/files/lhnpi/etc/wireguard/public-wg0.key b/ansible/plays/files/lhnpi/etc/wireguard/public-wg0.key new file mode 100644 index 0000000..df1ce0a --- /dev/null +++ b/ansible/plays/files/lhnpi/etc/wireguard/public-wg0.key @@ -0,0 +1 @@ +Flf2BKoYAvE4oZc/+l0sn4GldkI/lKXObrJXdBpvakI= diff --git a/ansible/roles/wireguard/tasks/main.yml b/ansible/roles/wireguard/tasks/main.yml index a91aea5..193b549 100644 --- a/ansible/roles/wireguard/tasks/main.yml +++ b/ansible/roles/wireguard/tasks/main.yml @@ -3,8 +3,8 @@ become: yes when: wireguard__state == 'present' vars: - wg_net: "{{ hostvars[ansible_hostname][wireguard__name] }}" - wg_host: "{{ wg_net.hosts[ansible_hostname] }}" + wg_net: "{{ hostvars[inventory_hostname][wireguard__name] }}" + wg_host: "{{ wg_net.hosts[inventory_hostname] }}" all_peers: "{{ wg_host.peers is defined and wg_host.peers == 'all' }}" netdev_path: "/etc/systemd/network/60-{{ wg_net.if }}.netdev" network_path: "/etc/systemd/network/61-{{ wg_net.if }}.network" @@ -104,11 +104,11 @@ Name={{ wg_net.if }} [Network] - {% if wg_net.hosts[ansible_hostname].ipv4 is defined %} - Address={{ wg_net.hosts[ansible_hostname].ipv4 }}/{{ wg_net.ipv4_prefix }} + {% if wg_net.hosts[inventory_hostname].ipv4 is defined %} + Address={{ wg_net.hosts[inventory_hostname].ipv4 }}/{{ wg_net.ipv4_prefix }} {% endif %} - {% if wg_net.hosts[ansible_hostname].ipv6 is defined %} - Address={{ wg_net.hosts[ansible_hostname].ipv6 }}/{{ wg_net.ipv6_prefix }} + {% if wg_net.hosts[inventory_hostname].ipv6 is defined %} + Address={{ wg_net.hosts[inventory_hostname].ipv6 }}/{{ wg_net.ipv6_prefix }} {% endif %} {% if wg_net.shared_routes is defined %} @@ -124,7 +124,7 @@ become: yes when: wireguard__state == 'absent' vars: - wg_net: "{{ hostvars[ansible_hostname][wireguard__name] }}" + wg_net: "{{ hostvars[inventory_hostname][wireguard__name] }}" netdev_path: "/etc/systemd/network/60-{{ wg_net.if }}.netdev" network_path: "/etc/systemd/network/61-{{ wg_net.if }}.network" block: diff --git a/terraform-vault.yml b/terraform-vault.yml deleted file mode 100644 index d239695..0000000 --- a/terraform-vault.yml +++ /dev/null @@ -1,9 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -64393634356337363035386362316539643735303634646139333266373134393039613535653662 -6530633965336532373562633665626534646232373161340a343135383963623238333862303766 -64646531343634383737373663666534356431393362396532323031393763663362373264373638 -3036336334313762300a323565336536353035333335626666396538646366356634353366636438 -31353063323635396637343037643565333537333366356134663062333437626435343933666438 -30616139636430396435383236346637643034326166373236663861306634323134326132393864 -61346632373331353131313562336134306337643032313339333731343231313234343964383264 -35643064323830633634 diff --git a/terraform/dns/.terraform.lock.hcl b/terraform/dns/.terraform.lock.hcl index a1bcda0..ef3a34e 100644 --- a/terraform/dns/.terraform.lock.hcl +++ b/terraform/dns/.terraform.lock.hcl @@ -2,23 +2,23 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/linode/linode" { - version = "1.29.4" - constraints = "1.29.4" + version = "2.7.1" + constraints = "2.7.1" hashes = [ - "h1:M6/1OYoR8fb/4cMCILgQMGyHypEf3plTzxyivTu3jxo=", - "zh:06ccda35d968429a1184aaf981c8104394fa1d719de86b718c56d93c27c1fcd6", - "zh:1fb2497917094e77bde90fe6ee781e20cee739142b891391480c1b3376d81dbb", - "zh:27960e9c07e995aad07a9c5ebfd7fe0304fffd4cb159fd215e82932b798c6d55", - "zh:4ed29807c423c77aab1338972aa1ec3cc16c6b14f4c25c86f4427e8a86bfc467", - "zh:7a39103dc0dc8538f5258d3b64db1e6c91335640763bd05da0478e99748a4949", - "zh:95b3e418e6fcb4b826be9b289a834f1b9893977bd330ac418e0285e56a4644c1", - "zh:ac69c992a5cbaaa6ed9bb65206309ab2c71b5eb17740b7a5295532f9840c67fd", - "zh:ae943e8975075cd9664f00a028838566fdf879c772e518b7adcc82e757916a67", - "zh:b3a85a52489bc3777b5e8c4428b8ea42ae8e0f2398077699c1eb99acea931a34", - "zh:c1a2e945f5691ed97b9cf01351dd3a99c2f9871f172bd71ba0c8a810c75740cd", - "zh:ce86a03d73ee3d2ed58c6fe853cd2a9d0974710d94a0aeb4c195a9d1e78a3481", - "zh:d34afbbf848d8b541a068d64fa04ace13c3bd37ad19fd8b0796662f553ca9652", - "zh:e13b4847098d295cd8216eeec55d940cfc4544672fdc89e0048dd067e69b63f8", - "zh:fc62e9f8fc5d37d28aba2077db10355839cae6d7770eaf8711f97877bac046ab", + "h1:8akvMLrJyf7tmS43+TWvsRaToLObodc5qDkryE5woYI=", + "zh:055858744ed5196438c4000db6bd82b30131f9f76264698ea357084640eabc5b", + "zh:09f2639910f2c669076382854c76d0557654ec81edbe8f61ce8760f5522d59be", + "zh:17aab8037b70b7ee3edee2b4f9fc4d9a6025dcfef5c4c355a00c51f3848dbe6c", + "zh:20763f097c84105bc4739d6d93da8c6b4b41581bca9b43e4a1500edfc750162f", + "zh:296e2dc74b972b332659e96230bdcdaef8546096f963480352f705d6eb65a03c", + "zh:3153fe2cbd86720615b4cee3c1714ccd1a889770789e767c18b584e80b95574f", + "zh:4691dd097bad1fb9ebd764631fdef20b33fc2fd07444434919313d0381273c86", + "zh:5ab726ff6496c968ef5c5edd311a5b5aa7a6fc2eda078c95257237656bc8c7a0", + "zh:8b97b364c70a19374aa7be12847f72492d5fbc32f15f1bb80f972aa10288e815", + "zh:929d0c9f39533aef5c9b0166875f225446b79409982156feefc3d7e981f9b9e6", + "zh:c1daca5088612b8777f6009758e555a8eb23d9f836a2ea09f566dbee9d82db80", + "zh:c4e3aab311224910feeaa22fe3f62b61ec1c28a27ed7601b400d797015a11900", + "zh:e90c08ac5fee840a521141cfb439555a2e616d2d13424530f0516f962d5d421b", + "zh:ecd64705e3679342830e6cb64b60767ae917e74fb83fe32b728a53b25f3d3b35", ] } diff --git a/terraform/dns/main.tf b/terraform/dns/main.tf index 5ebe7d7..c67944e 100644 --- a/terraform/dns/main.tf +++ b/terraform/dns/main.tf @@ -13,7 +13,7 @@ terraform { required_providers { linode = { - version = "1.29.4" + version = "2.7.1" source = "linode/linode" } } diff --git a/terraform/dns/vpn.tf b/terraform/dns/vpn.tf index 59847f3..c94fb72 100644 --- a/terraform/dns/vpn.tf +++ b/terraform/dns/vpn.tf @@ -64,6 +64,13 @@ resource "linode_domain_record" "vpn-hash" { # 16341443 record_type = "AAAA" target = "fdf3:aad9:a885:0b3a::13" } +resource "linode_domain_record" "vpn-lhnpi" { + domain_id = linode_domain.root.id + name = "lhnpi.vpn" + record_type = "AAAA" + target = "fdf3:aad9:a885:0b3a::14" +} + resource "linode_domain_record" "vpn-unifi" { domain_id = linode_domain.root.id name = "unifi.vpn" |