From 7ee547e760db3e776ab7ecd676ed4b8afca0f04b Mon Sep 17 00:00:00 2001
From: Trygve Laugstøl <trygvis@inamo.no>
Date: Sun, 3 Sep 2023 20:15:20 +0200
Subject: lhn

---
 ansible/ansible.cfg                                |  3 +-
 ansible/group_vars/all/wireguard_wg0.yml           |  6 ++++
 ansible/inventory                                  |  6 ++++
 .../plays/files/lhnix/etc/wireguard/public-wg0.key |  1 +
 .../plays/files/lhnpi/etc/wireguard/public-wg0.key |  1 +
 ansible/roles/wireguard/tasks/main.yml             | 14 ++++-----
 terraform-vault.yml                                |  9 ------
 terraform/dns/.terraform.lock.hcl                  | 34 +++++++++++-----------
 terraform/dns/main.tf                              |  2 +-
 terraform/dns/vpn.tf                               |  7 +++++
 10 files changed, 48 insertions(+), 35 deletions(-)
 create mode 100644 ansible/plays/files/lhnix/etc/wireguard/public-wg0.key
 create mode 100644 ansible/plays/files/lhnpi/etc/wireguard/public-wg0.key
 delete mode 100644 terraform-vault.yml

diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg
index 1904149..6da8010 100644
--- a/ansible/ansible.cfg
+++ b/ansible/ansible.cfg
@@ -1,7 +1,8 @@
 [defaults]
 become_method = sudo
 connection_plugins = ./connection_plugins
-inventory = ./inventory,./inventory-terraform
+inventory = ./inventory
+#,./inventory-terraform
 nocows = True
 stdout_callback = debug
 vault_password_file = ./.vault-password
diff --git a/ansible/group_vars/all/wireguard_wg0.yml b/ansible/group_vars/all/wireguard_wg0.yml
index 5d8e450..65d6520 100644
--- a/ansible/group_vars/all/wireguard_wg0.yml
+++ b/ansible/group_vars/all/wireguard_wg0.yml
@@ -44,3 +44,9 @@ wireguard_wg0:
       listen_port: 51821
       peers: all
       ipv6: fdf3:aad9:a885:0b3a::13
+    lhnpi:
+      state: present
+      ipv6: fdf3:aad9:a885:0b3a::14
+    lhnix:
+      state: present
+      ipv6: fdf3:aad9:a885:0b3a::15
diff --git a/ansible/inventory b/ansible/inventory
index 9078262..71b25fa 100644
--- a/ansible/inventory
+++ b/ansible/inventory
@@ -49,6 +49,10 @@ all:
       ansible_host: "fd56:1ae9:097d:3ddd:ecd7:7f0a:79cd:343c"
     conflatorio-test5:
       ansible_host: "fd56:1ae9:097d:3ddd:5375:e67b:7878:310d"
+    lhnpi:
+      ansible_host: 192.168.100.8
+    lhnix:
+      ansible_host: 192.168.100.7
 
     zh2569.rsync.net:
       ansible_user: zh2569
@@ -165,5 +169,7 @@ all:
         malabaricus:
         sweetzpot-macos:
         sweetzpot-mobile:
+        lhnpi:
+        lhnix:
 
 # vim: set filetype=yaml:
diff --git a/ansible/plays/files/lhnix/etc/wireguard/public-wg0.key b/ansible/plays/files/lhnix/etc/wireguard/public-wg0.key
new file mode 100644
index 0000000..588621e
--- /dev/null
+++ b/ansible/plays/files/lhnix/etc/wireguard/public-wg0.key
@@ -0,0 +1 @@
+qGGsJvvaZWjyjATnPKq/4rpCseuuqiWnS3qSpTntl04=
diff --git a/ansible/plays/files/lhnpi/etc/wireguard/public-wg0.key b/ansible/plays/files/lhnpi/etc/wireguard/public-wg0.key
new file mode 100644
index 0000000..df1ce0a
--- /dev/null
+++ b/ansible/plays/files/lhnpi/etc/wireguard/public-wg0.key
@@ -0,0 +1 @@
+Flf2BKoYAvE4oZc/+l0sn4GldkI/lKXObrJXdBpvakI=
diff --git a/ansible/roles/wireguard/tasks/main.yml b/ansible/roles/wireguard/tasks/main.yml
index a91aea5..193b549 100644
--- a/ansible/roles/wireguard/tasks/main.yml
+++ b/ansible/roles/wireguard/tasks/main.yml
@@ -3,8 +3,8 @@
   become: yes
   when: wireguard__state == 'present'
   vars:
-    wg_net: "{{ hostvars[ansible_hostname][wireguard__name] }}"
-    wg_host: "{{ wg_net.hosts[ansible_hostname] }}"
+    wg_net: "{{ hostvars[inventory_hostname][wireguard__name] }}"
+    wg_host: "{{ wg_net.hosts[inventory_hostname] }}"
     all_peers: "{{ wg_host.peers is defined and wg_host.peers == 'all' }}"
     netdev_path: "/etc/systemd/network/60-{{ wg_net.if }}.netdev"
     network_path: "/etc/systemd/network/61-{{ wg_net.if }}.network"
@@ -104,11 +104,11 @@
           Name={{ wg_net.if }}
 
           [Network]
-          {% if wg_net.hosts[ansible_hostname].ipv4 is defined %}
-          Address={{ wg_net.hosts[ansible_hostname].ipv4 }}/{{ wg_net.ipv4_prefix }}
+          {% if wg_net.hosts[inventory_hostname].ipv4 is defined %}
+          Address={{ wg_net.hosts[inventory_hostname].ipv4 }}/{{ wg_net.ipv4_prefix }}
           {% endif %}
-          {% if wg_net.hosts[ansible_hostname].ipv6 is defined %}
-          Address={{ wg_net.hosts[ansible_hostname].ipv6 }}/{{ wg_net.ipv6_prefix }}
+          {% if wg_net.hosts[inventory_hostname].ipv6 is defined %}
+          Address={{ wg_net.hosts[inventory_hostname].ipv6 }}/{{ wg_net.ipv6_prefix }}
           {% endif %}
           {% if wg_net.shared_routes is defined %}
 
@@ -124,7 +124,7 @@
   become: yes
   when: wireguard__state == 'absent'
   vars:
-    wg_net: "{{ hostvars[ansible_hostname][wireguard__name] }}"
+    wg_net: "{{ hostvars[inventory_hostname][wireguard__name] }}"
     netdev_path: "/etc/systemd/network/60-{{ wg_net.if }}.netdev"
     network_path: "/etc/systemd/network/61-{{ wg_net.if }}.network"
   block:
diff --git a/terraform-vault.yml b/terraform-vault.yml
deleted file mode 100644
index d239695..0000000
--- a/terraform-vault.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-64393634356337363035386362316539643735303634646139333266373134393039613535653662
-6530633965336532373562633665626534646232373161340a343135383963623238333862303766
-64646531343634383737373663666534356431393362396532323031393763663362373264373638
-3036336334313762300a323565336536353035333335626666396538646366356634353366636438
-31353063323635396637343037643565333537333366356134663062333437626435343933666438
-30616139636430396435383236346637643034326166373236663861306634323134326132393864
-61346632373331353131313562336134306337643032313339333731343231313234343964383264
-35643064323830633634
diff --git a/terraform/dns/.terraform.lock.hcl b/terraform/dns/.terraform.lock.hcl
index a1bcda0..ef3a34e 100644
--- a/terraform/dns/.terraform.lock.hcl
+++ b/terraform/dns/.terraform.lock.hcl
@@ -2,23 +2,23 @@
 # Manual edits may be lost in future updates.
 
 provider "registry.terraform.io/linode/linode" {
-  version     = "1.29.4"
-  constraints = "1.29.4"
+  version     = "2.7.1"
+  constraints = "2.7.1"
   hashes = [
-    "h1:M6/1OYoR8fb/4cMCILgQMGyHypEf3plTzxyivTu3jxo=",
-    "zh:06ccda35d968429a1184aaf981c8104394fa1d719de86b718c56d93c27c1fcd6",
-    "zh:1fb2497917094e77bde90fe6ee781e20cee739142b891391480c1b3376d81dbb",
-    "zh:27960e9c07e995aad07a9c5ebfd7fe0304fffd4cb159fd215e82932b798c6d55",
-    "zh:4ed29807c423c77aab1338972aa1ec3cc16c6b14f4c25c86f4427e8a86bfc467",
-    "zh:7a39103dc0dc8538f5258d3b64db1e6c91335640763bd05da0478e99748a4949",
-    "zh:95b3e418e6fcb4b826be9b289a834f1b9893977bd330ac418e0285e56a4644c1",
-    "zh:ac69c992a5cbaaa6ed9bb65206309ab2c71b5eb17740b7a5295532f9840c67fd",
-    "zh:ae943e8975075cd9664f00a028838566fdf879c772e518b7adcc82e757916a67",
-    "zh:b3a85a52489bc3777b5e8c4428b8ea42ae8e0f2398077699c1eb99acea931a34",
-    "zh:c1a2e945f5691ed97b9cf01351dd3a99c2f9871f172bd71ba0c8a810c75740cd",
-    "zh:ce86a03d73ee3d2ed58c6fe853cd2a9d0974710d94a0aeb4c195a9d1e78a3481",
-    "zh:d34afbbf848d8b541a068d64fa04ace13c3bd37ad19fd8b0796662f553ca9652",
-    "zh:e13b4847098d295cd8216eeec55d940cfc4544672fdc89e0048dd067e69b63f8",
-    "zh:fc62e9f8fc5d37d28aba2077db10355839cae6d7770eaf8711f97877bac046ab",
+    "h1:8akvMLrJyf7tmS43+TWvsRaToLObodc5qDkryE5woYI=",
+    "zh:055858744ed5196438c4000db6bd82b30131f9f76264698ea357084640eabc5b",
+    "zh:09f2639910f2c669076382854c76d0557654ec81edbe8f61ce8760f5522d59be",
+    "zh:17aab8037b70b7ee3edee2b4f9fc4d9a6025dcfef5c4c355a00c51f3848dbe6c",
+    "zh:20763f097c84105bc4739d6d93da8c6b4b41581bca9b43e4a1500edfc750162f",
+    "zh:296e2dc74b972b332659e96230bdcdaef8546096f963480352f705d6eb65a03c",
+    "zh:3153fe2cbd86720615b4cee3c1714ccd1a889770789e767c18b584e80b95574f",
+    "zh:4691dd097bad1fb9ebd764631fdef20b33fc2fd07444434919313d0381273c86",
+    "zh:5ab726ff6496c968ef5c5edd311a5b5aa7a6fc2eda078c95257237656bc8c7a0",
+    "zh:8b97b364c70a19374aa7be12847f72492d5fbc32f15f1bb80f972aa10288e815",
+    "zh:929d0c9f39533aef5c9b0166875f225446b79409982156feefc3d7e981f9b9e6",
+    "zh:c1daca5088612b8777f6009758e555a8eb23d9f836a2ea09f566dbee9d82db80",
+    "zh:c4e3aab311224910feeaa22fe3f62b61ec1c28a27ed7601b400d797015a11900",
+    "zh:e90c08ac5fee840a521141cfb439555a2e616d2d13424530f0516f962d5d421b",
+    "zh:ecd64705e3679342830e6cb64b60767ae917e74fb83fe32b728a53b25f3d3b35",
   ]
 }
diff --git a/terraform/dns/main.tf b/terraform/dns/main.tf
index 5ebe7d7..c67944e 100644
--- a/terraform/dns/main.tf
+++ b/terraform/dns/main.tf
@@ -13,7 +13,7 @@ terraform {
 
   required_providers {
     linode = {
-      version = "1.29.4"
+      version = "2.7.1"
       source = "linode/linode"
     }
   }
diff --git a/terraform/dns/vpn.tf b/terraform/dns/vpn.tf
index 59847f3..c94fb72 100644
--- a/terraform/dns/vpn.tf
+++ b/terraform/dns/vpn.tf
@@ -64,6 +64,13 @@ resource "linode_domain_record" "vpn-hash" { # 16341443
   record_type = "AAAA"
   target      = "fdf3:aad9:a885:0b3a::13"
 }
+resource "linode_domain_record" "vpn-lhnpi" {
+  domain_id   = linode_domain.root.id
+  name        = "lhnpi.vpn"
+  record_type = "AAAA"
+  target      = "fdf3:aad9:a885:0b3a::14"
+}
+
 resource "linode_domain_record" "vpn-unifi" {
   domain_id   = linode_domain.root.id
   name        = "unifi.vpn"
-- 
cgit v1.2.3