From 29d70cac0ef47f24326940548d281ae00c28dcea Mon Sep 17 00:00:00 2001 From: vincent Date: Tue, 30 Jan 2024 20:54:08 +0100 Subject: [PATCH] migrate to merlin --- ansible/host_vars/corwin | 13 ++++++------- ansible/host_vars/merlin | 26 +++++++++++++++++--------- terraform/cloud/server.tf | 31 +++++++++++++++++++++++++++++++ terraform/cloud/variable.tf | 2 +- terraform/dns/variable.tf | 2 +- 5 files changed, 56 insertions(+), 18 deletions(-) diff --git a/ansible/host_vars/corwin b/ansible/host_vars/corwin index ce2a222..f8a7be6 100644 --- a/ansible/host_vars/corwin +++ b/ansible/host_vars/corwin @@ -1,24 +1,23 @@ --- -ansible_host: 10.0.0.1 -#ansible_host: 135.181.150.203 +#ansible_host: 10.0.0.1 +ansible_host: 135.181.150.203 +default_interface: "eth0" wireguard_address: "10.0.0.1/24" wireguard_endpoint: "135.181.150.203" wireguard_persistent_keepalive: "20" -wireguard_byhost_allowed_ips: - gerard: 10.0.0.1,10.0.0.3,10.0.0.5 -wireguard_allowed_ips: "0.0.0.0/0" +wireguard_allowed_ips: 10.0.0.1 wireguard_postup: - iptables -A FORWARD -o %i -j ACCEPT - iptables -A FORWARD -i %i -j ACCEPT - - iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE + - iptables -t nat -A POSTROUTING -o {{ default_interface }} -j MASQUERADE - sysctl -w net.ipv4.ip_forward=1 - resolvectl dns %i 192.168.1.4 192.168.1.41; resolvectl domain %i '~ducamps.win' '~ducamps.eu' '~{{ consul_domain }}' wireguard_postdown: - iptables -D FORWARD -i %i -j ACCEPT - iptables -D FORWARD -o %i -j ACCEPT - - iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE + - iptables -t nat -D POSTROUTING -o {{ default_interface }} -j MASQUERADE - sysctl -w net.ipv4.ip_forward=0 wireguard_unmanaged_peers: diff --git a/ansible/host_vars/merlin b/ansible/host_vars/merlin index 626f12e..7bbf51f 100644 --- a/ansible/host_vars/merlin +++ b/ansible/host_vars/merlin @@ -1,31 +1,38 @@ --- ansible_host: 10.0.0.4 - +#ansible_host: 65.21.2.14 +default_interface: "ens3" wireguard_address: "10.0.0.4/24" -wireguard_endpoint: "95.216.217.5" -wireguard_persistent_keepalive: "30" -wireguard_allowed_ips: "10.0.0.4/32,10.0.0.3/32,10.0.0.5/32" +wireguard_endpoint: "65.21.2.14" +wireguard_persistent_keepalive: "20" +wireguard_byhost_allowed_ips: + oscar: "0.0.0.0/0" + bleys: "0.0.0.0/0" +wireguard_allowed_ips: "10.0.0.4/32,10.0.0.3,10.0.0.5" wireguard_postup: - iptables -A FORWARD -o %i -j ACCEPT - iptables -A FORWARD -i %i -j ACCEPT - - iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE + - iptables -t nat -A POSTROUTING -o {{ default_interface }} -j MASQUERADE + - sysctl -w net.ipv4.ip_forward=1 + - resolvectl dns %i 192.168.1.4 192.168.1.41; resolvectl domain %i '~ducamps.win' '~ducamps.eu' '~{{ consul_domain }}' wireguard_postdown: - iptables -D FORWARD -i %i -j ACCEPT - iptables -D FORWARD -o %i -j ACCEPT - - iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE + - iptables -t nat -D POSTROUTING -o {{ default_interface }} -j MASQUERADE + - sysctl -w net.ipv4.ip_forward=0 wireguard_unmanaged_peers: phone: - public_key: ioG35kDFTtip+Acfq+je9qDHYbZij+J6+Pg3T6Z4N0w= + public_key: IYKgrQ2VJUbOnupSqedOfIilsbmBBABZUTRF9ZoTrkc= allowed_ips: 10.0.0.3/32 persistent_keepalive: 0 zen: public_key: rYYljQw8InmM95pxCP9KyZ8R+kcicgnjr6E9qtkI1Ag= allowed_ips: 10.0.0.5/32 persistent_keepalive: 0 -wireguard_dns: "192.168.1.41,192.168.1.4" +wireguard_dns: "192.168.1.4,192.168.1.41" consul_client_addr: "127.0.0.1 10.0.0.4" consul_bind_address: "10.0.0.4" consul_ui: True @@ -35,7 +42,8 @@ nomad_host_networks: - name: "private" interface: wg0 - name: "public" - interface: eth0 + interface: ens3 - name: "default" interface: wg0 vault_listener_address: 10.0.0.4 +nomad_plugins_podman: True diff --git a/terraform/cloud/server.tf b/terraform/cloud/server.tf index ad9a704..e92b0ae 100644 --- a/terraform/cloud/server.tf +++ b/terraform/cloud/server.tf @@ -20,3 +20,34 @@ resource "hcloud_server" "HomeLab2" { ] } } + +data "hcloud_image" "arch" { + with_selector = "os-flavor=archlinux" + most_recent = true + with_status = ["available"] + +} + +resource "hcloud_server" "merlin" { + count = var.instances + name = "merlin" + image = data.hcloud_image.arch.id + server_type = "cx11" + location = var.location + ssh_keys = [hcloud_ssh_key.default.id] + firewall_ids = [ + hcloud_firewall.prod.id, + hcloud_firewall.Gitea_SSH.id, + hcloud_firewall.torrent.id, + hcloud_firewall.mail.id, + hcloud_firewall.ssh.id, + ] + labels = { + } + + lifecycle { + ignore_changes = [ + ssh_keys, + ] + } +} diff --git a/terraform/cloud/variable.tf b/terraform/cloud/variable.tf index c96da95..00da00b 100644 --- a/terraform/cloud/variable.tf +++ b/terraform/cloud/variable.tf @@ -16,7 +16,7 @@ variable "instances" { variable "server_type" { type=string - default = "CPX21" + default = "cpx21" } variable "os_type" { diff --git a/terraform/dns/variable.tf b/terraform/dns/variable.tf index 181b0f6..d8739bf 100644 --- a/terraform/dns/variable.tf +++ b/terraform/dns/variable.tf @@ -45,5 +45,5 @@ variable localEndpoint{ } variable cloudEndpoint{ type= string - default= "135.181.150.203" + default= "65.21.2.14" }