From 06a9c241b2462e9819fd5ca58a519f4f538a85e4 Mon Sep 17 00:00:00 2001 From: Trygve Laugstøl Date: Wed, 21 Aug 2024 22:47:51 +0200 Subject: unifi --- ansible/group_vars/all/ipam.yml | 2 ++ sops.yml | 8 ++++---- terraform/conflatorio-docker/main.tf | 6 ++++++ terraform/conflatorio-docker/network.tf | 2 +- terraform/conflatorio-docker/traefik.tf | 6 +++--- terraform/dns/vpn-cname.tf | 9 ++++++++- terraform/unifi-controller/main.tf | 4 +++- terraform/unifi-controller/mongo.tf | 5 ++++- terraform/unifi-controller/unifi.tf | 3 ++- 9 files changed, 33 insertions(+), 12 deletions(-) diff --git a/ansible/group_vars/all/ipam.yml b/ansible/group_vars/all/ipam.yml index 4d4017b..2f9bed1 100644 --- a/ansible/group_vars/all/ipam.yml +++ b/ansible/group_vars/all/ipam.yml @@ -15,6 +15,8 @@ ipam6: range: "fdb1:4242:3538:2001::/64" hosts: - conflatorio-ix: "fdb1:4242:3538:2001::ffff/64" + conflatorio_docker: + range: "fdb1:4242:3538:2001:1001::/112" node1_dn42: range: "fdb1:4242:3538:2002::/64" node2_dn42: diff --git a/sops.yml b/sops.yml index 03226ab..571a434 100644 --- a/sops.yml +++ b/sops.yml @@ -1,5 +1,5 @@ -#ENC[AES256_GCM,data:KE8haaNoCU7koejXB4F+UvE=,iv:M6s1LQBOlM97GAtZOGw7cnDcQZD/q4rNrEDF1FocxGs=,tag:mQszvgw+WNcEt9Czi+8hjg==,type:comment] -linode_token: ENC[AES256_GCM,data:OaLHFMUozNiWb/YA+Nja7plMvHfRBbvr3UMrt+hGl88F7eDe5CLkEfkeNNRHcUy1lxNhX1j4YlVhBGxdTA2PoQ==,iv:gz31tnelnCg7Yw1CoHCrSaNXnlehnx4TWFHJq0VCc3g=,tag:sdeiTbUAkTCVAeyw78DIVA==,type:str] +#ENC[AES256_GCM,data:VXrX0NUIHcFjmxHLuYzz9ekkR7N2IW/CF6a9U0dk/cvgtwoNLA==,iv:NIpefl6uO7c7ESxgCHXe3Y2x4cf9nLPjwDJo28xt5SY=,tag:U59KOg8Ny+O33Lf63Zjo1w==,type:comment] +linode_token: ENC[AES256_GCM,data:PeLIxcZ5mQMnp1LZy4saSUWIpCxrGm+3/6PssmIE9yO81x2HcGrgxO0CNl1feOtPrI1PVcAfFnFlpSetELLZlg==,iv:ETBKZgmFdIHoUROHVUzhxRoLS2uIuGR0SXZ96C9FhDk=,tag:pzuS8RLQf1A5ctmrOanVgA==,type:str] knot_pdb_terraform_password: ENC[AES256_GCM,data:cu5aUZAVrmtzgBB2hGfBkd+TU4vB0cWnBNluTHptyV0YvZuq,iv:HT4Cmr9huuylVt2vwFcrWUlBmDE6V3n0bXq/telJNBM=,tag:2RSvWnAAM5seHv12HyDprA==,type:str] sops: kms: [] @@ -34,8 +34,8 @@ sops: a1E2c3VEaWR0K3U4dnpqdm5RU0VCZUkKiOtFMhim7qAe4kDU2gijcCChesM0qAGk Z2xNVfBy4HH58cgWrtCQ6PRvULwAQ6Bgq59iZ7H/C2IFVqVfliajmw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-23T13:22:29Z" - mac: ENC[AES256_GCM,data:XkWZD0Whj/5Zd/dGC20UyQxvvkrca6Ox58L2cXzLAgum/lYj6Q+GdRIIApz7Iwmj8ZkX4I8+jrF9epozJwS4ZiYW6qsmcNzpt3F3oiwYqe8OcLfOpdSVdy5QekiNtweqO9zTAO14hVbz+QYkTnCBqc8tBF2BFVxek6j8KKSbTTM=,iv:O8AU9xhhnfJ36NBfJkdB6YVtmL/sEXRfVrMBpCV5ufc=,tag:/g/I6C2t4+QWUfFXDbblKQ==,type:str] + lastmodified: "2024-08-21T18:05:07Z" + mac: ENC[AES256_GCM,data:Kxa9SCKy0pLCgqGd7f+xFbQz3Cpf9EfDYP1fwPiIweHhw8iFEeaI7WZCb9zXjsky1tuQ0nbJMHfVQaPSqLC+ACyrBioXIBjgITAfEg3xtpRYiSQRFVBtGA7HpEAKWeFquzTvBR/EAoDuEvFTkrup3JSE8sM3bWKVb2dy1uRyBIc=,iv:O5LO1TFJLlFdCOGWWk5xJlQtVF1+sZTCH2DUKQdvQGo=,tag:0USQg2+EYUVG3+FsjilssQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/terraform/conflatorio-docker/main.tf b/terraform/conflatorio-docker/main.tf index 8a01be6..5d52b4e 100644 --- a/terraform/conflatorio-docker/main.tf +++ b/terraform/conflatorio-docker/main.tf @@ -22,6 +22,12 @@ data "sops_file_entry" "linode_token" { data_key = "linode_token" } +locals { + public_ip = "fdb1:4242:3538:2001::ffff" + network_addr = "fdb1:4242:3538:2001:1001::" + network_range = 112 +} + output "foo" { value = "foo!" } diff --git a/terraform/conflatorio-docker/network.tf b/terraform/conflatorio-docker/network.tf index 32e1bfb..b548fef 100644 --- a/terraform/conflatorio-docker/network.tf +++ b/terraform/conflatorio-docker/network.tf @@ -4,6 +4,6 @@ resource "docker_network" "public" { ipv6 = true ipam_config { - subnet = "fdf3:aad9:a885:77dd:bbbb::/120" + subnet = "${local.network_addr}/${local.network_range}" } } diff --git a/terraform/conflatorio-docker/traefik.tf b/terraform/conflatorio-docker/traefik.tf index d15ac5c..98f7e7e 100644 --- a/terraform/conflatorio-docker/traefik.tf +++ b/terraform/conflatorio-docker/traefik.tf @@ -23,20 +23,20 @@ resource "docker_container" "traefik" { ports { internal = 80 external = 80 - ip = "fdf3:aad9:a885:77dd::2" + ip = "${local.public_ip}" } ports { internal = 443 external = 443 - ip = "fdf3:aad9:a885:77dd::2" + ip = "${local.public_ip}" } # for buildfarm-server ports { internal = 8980 external = 8980 - ip = "fdf3:aad9:a885:77dd::2" + ip = "${local.public_ip}" } command = [ diff --git a/terraform/dns/vpn-cname.tf b/terraform/dns/vpn-cname.tf index 8887988..ebb6a4b 100644 --- a/terraform/dns/vpn-cname.tf +++ b/terraform/dns/vpn-cname.tf @@ -5,11 +5,18 @@ # target = "fdf3:aad9:a885:77dd::2" #} +resource "linode_domain_record" "net-conflatorio" { + domain_id = linode_domain.root.id + name = "conflatorio.net" + record_type = "AAAA" + target = "fdb1:4242:3538:2001::ffff" +} + resource "linode_domain_record" "vpn-unifi" { domain_id = linode_domain.root.id name = "unifi.vpn" record_type = "CNAME" - target = "${linode_domain_record.vpn-conflatorio.name}.trygvis.io" + target = "${linode_domain_record.net-conflatorio.name}.trygvis.io" } resource "linode_domain_record" "vpn-grafana" { diff --git a/terraform/unifi-controller/main.tf b/terraform/unifi-controller/main.tf index f5f7b0a..55c133c 100644 --- a/terraform/unifi-controller/main.tf +++ b/terraform/unifi-controller/main.tf @@ -28,8 +28,10 @@ provider "docker" { locals { domain_name = "unifi.vpn.trygvis.io" + public_ip = "fdb1:4242:3538:2001::ffff" + docker_image_controller = "lscr.io/linuxserver/unifi-controller:8.0.24-mongoless" - docker_image_mongo = "mongo:7.0" + docker_image_mongo = "mongo:7.0" mongo_database = "unifi" mongo_username = "unifi" diff --git a/terraform/unifi-controller/mongo.tf b/terraform/unifi-controller/mongo.tf index 98b4e36..2b83691 100644 --- a/terraform/unifi-controller/mongo.tf +++ b/terraform/unifi-controller/mongo.tf @@ -24,15 +24,18 @@ resource "docker_container" "unifi-mongo" { name = docker_network.unifi.name } + network_mode = "bridge" + volumes { volume_name = docker_volume.unifi-mongo.name + read_only = false container_path = "/data/db" } } output "mongo_init_js" { sensitive = true - value = <<-EOF + value = <<-EOF db.getSiblingDB("${local.mongo_database}"). createUser({ user: "${local.mongo_database}", diff --git a/terraform/unifi-controller/unifi.tf b/terraform/unifi-controller/unifi.tf index 8e6c7d7..4b0f1c6 100644 --- a/terraform/unifi-controller/unifi.tf +++ b/terraform/unifi-controller/unifi.tf @@ -52,12 +52,13 @@ resource "docker_container" "unifi-controller" { internal = ports.value["port"] external = ports.value["port"] protocol = ports.value["proto"] - ip = "fdf3:aad9:a885:77dd::2" + ip = local.public_ip } } volumes { volume_name = docker_volume.unifi-controller.name + read_only = false container_path = "/config" } -- cgit v1.2.3