migrate to merlin
This commit is contained in:
parent
4117bd80c5
commit
29d70cac0e
@ -1,24 +1,23 @@
|
|||||||
---
|
---
|
||||||
ansible_host: 10.0.0.1
|
#ansible_host: 10.0.0.1
|
||||||
#ansible_host: 135.181.150.203
|
ansible_host: 135.181.150.203
|
||||||
|
default_interface: "eth0"
|
||||||
wireguard_address: "10.0.0.1/24"
|
wireguard_address: "10.0.0.1/24"
|
||||||
wireguard_endpoint: "135.181.150.203"
|
wireguard_endpoint: "135.181.150.203"
|
||||||
wireguard_persistent_keepalive: "20"
|
wireguard_persistent_keepalive: "20"
|
||||||
wireguard_byhost_allowed_ips:
|
wireguard_allowed_ips: 10.0.0.1
|
||||||
gerard: 10.0.0.1,10.0.0.3,10.0.0.5
|
|
||||||
wireguard_allowed_ips: "0.0.0.0/0"
|
|
||||||
|
|
||||||
wireguard_postup:
|
wireguard_postup:
|
||||||
- iptables -A FORWARD -o %i -j ACCEPT
|
- iptables -A FORWARD -o %i -j ACCEPT
|
||||||
- iptables -A FORWARD -i %i -j ACCEPT
|
- iptables -A FORWARD -i %i -j ACCEPT
|
||||||
- iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
- iptables -t nat -A POSTROUTING -o {{ default_interface }} -j MASQUERADE
|
||||||
- sysctl -w net.ipv4.ip_forward=1
|
- sysctl -w net.ipv4.ip_forward=1
|
||||||
- resolvectl dns %i 192.168.1.4 192.168.1.41; resolvectl domain %i '~ducamps.win' '~ducamps.eu' '~{{ consul_domain }}'
|
- resolvectl dns %i 192.168.1.4 192.168.1.41; resolvectl domain %i '~ducamps.win' '~ducamps.eu' '~{{ consul_domain }}'
|
||||||
|
|
||||||
wireguard_postdown:
|
wireguard_postdown:
|
||||||
- iptables -D FORWARD -i %i -j ACCEPT
|
- iptables -D FORWARD -i %i -j ACCEPT
|
||||||
- iptables -D FORWARD -o %i -j ACCEPT
|
- iptables -D FORWARD -o %i -j ACCEPT
|
||||||
- iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
|
- iptables -t nat -D POSTROUTING -o {{ default_interface }} -j MASQUERADE
|
||||||
- sysctl -w net.ipv4.ip_forward=0
|
- sysctl -w net.ipv4.ip_forward=0
|
||||||
|
|
||||||
wireguard_unmanaged_peers:
|
wireguard_unmanaged_peers:
|
||||||
|
@ -1,31 +1,38 @@
|
|||||||
---
|
---
|
||||||
ansible_host: 10.0.0.4
|
ansible_host: 10.0.0.4
|
||||||
|
#ansible_host: 65.21.2.14
|
||||||
|
default_interface: "ens3"
|
||||||
wireguard_address: "10.0.0.4/24"
|
wireguard_address: "10.0.0.4/24"
|
||||||
wireguard_endpoint: "95.216.217.5"
|
wireguard_endpoint: "65.21.2.14"
|
||||||
wireguard_persistent_keepalive: "30"
|
wireguard_persistent_keepalive: "20"
|
||||||
wireguard_allowed_ips: "10.0.0.4/32,10.0.0.3/32,10.0.0.5/32"
|
wireguard_byhost_allowed_ips:
|
||||||
|
oscar: "0.0.0.0/0"
|
||||||
|
bleys: "0.0.0.0/0"
|
||||||
|
wireguard_allowed_ips: "10.0.0.4/32,10.0.0.3,10.0.0.5"
|
||||||
|
|
||||||
wireguard_postup:
|
wireguard_postup:
|
||||||
- iptables -A FORWARD -o %i -j ACCEPT
|
- iptables -A FORWARD -o %i -j ACCEPT
|
||||||
- iptables -A FORWARD -i %i -j ACCEPT
|
- iptables -A FORWARD -i %i -j ACCEPT
|
||||||
- iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
- iptables -t nat -A POSTROUTING -o {{ default_interface }} -j MASQUERADE
|
||||||
|
- sysctl -w net.ipv4.ip_forward=1
|
||||||
|
- resolvectl dns %i 192.168.1.4 192.168.1.41; resolvectl domain %i '~ducamps.win' '~ducamps.eu' '~{{ consul_domain }}'
|
||||||
|
|
||||||
wireguard_postdown:
|
wireguard_postdown:
|
||||||
- iptables -D FORWARD -i %i -j ACCEPT
|
- iptables -D FORWARD -i %i -j ACCEPT
|
||||||
- iptables -D FORWARD -o %i -j ACCEPT
|
- iptables -D FORWARD -o %i -j ACCEPT
|
||||||
- iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
|
- iptables -t nat -D POSTROUTING -o {{ default_interface }} -j MASQUERADE
|
||||||
|
- sysctl -w net.ipv4.ip_forward=0
|
||||||
|
|
||||||
wireguard_unmanaged_peers:
|
wireguard_unmanaged_peers:
|
||||||
phone:
|
phone:
|
||||||
public_key: ioG35kDFTtip+Acfq+je9qDHYbZij+J6+Pg3T6Z4N0w=
|
public_key: IYKgrQ2VJUbOnupSqedOfIilsbmBBABZUTRF9ZoTrkc=
|
||||||
allowed_ips: 10.0.0.3/32
|
allowed_ips: 10.0.0.3/32
|
||||||
persistent_keepalive: 0
|
persistent_keepalive: 0
|
||||||
zen:
|
zen:
|
||||||
public_key: rYYljQw8InmM95pxCP9KyZ8R+kcicgnjr6E9qtkI1Ag=
|
public_key: rYYljQw8InmM95pxCP9KyZ8R+kcicgnjr6E9qtkI1Ag=
|
||||||
allowed_ips: 10.0.0.5/32
|
allowed_ips: 10.0.0.5/32
|
||||||
persistent_keepalive: 0
|
persistent_keepalive: 0
|
||||||
wireguard_dns: "192.168.1.41,192.168.1.4"
|
wireguard_dns: "192.168.1.4,192.168.1.41"
|
||||||
consul_client_addr: "127.0.0.1 10.0.0.4"
|
consul_client_addr: "127.0.0.1 10.0.0.4"
|
||||||
consul_bind_address: "10.0.0.4"
|
consul_bind_address: "10.0.0.4"
|
||||||
consul_ui: True
|
consul_ui: True
|
||||||
@ -35,7 +42,8 @@ nomad_host_networks:
|
|||||||
- name: "private"
|
- name: "private"
|
||||||
interface: wg0
|
interface: wg0
|
||||||
- name: "public"
|
- name: "public"
|
||||||
interface: eth0
|
interface: ens3
|
||||||
- name: "default"
|
- name: "default"
|
||||||
interface: wg0
|
interface: wg0
|
||||||
vault_listener_address: 10.0.0.4
|
vault_listener_address: 10.0.0.4
|
||||||
|
nomad_plugins_podman: True
|
||||||
|
@ -20,3 +20,34 @@ resource "hcloud_server" "HomeLab2" {
|
|||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
data "hcloud_image" "arch" {
|
||||||
|
with_selector = "os-flavor=archlinux"
|
||||||
|
most_recent = true
|
||||||
|
with_status = ["available"]
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "hcloud_server" "merlin" {
|
||||||
|
count = var.instances
|
||||||
|
name = "merlin"
|
||||||
|
image = data.hcloud_image.arch.id
|
||||||
|
server_type = "cx11"
|
||||||
|
location = var.location
|
||||||
|
ssh_keys = [hcloud_ssh_key.default.id]
|
||||||
|
firewall_ids = [
|
||||||
|
hcloud_firewall.prod.id,
|
||||||
|
hcloud_firewall.Gitea_SSH.id,
|
||||||
|
hcloud_firewall.torrent.id,
|
||||||
|
hcloud_firewall.mail.id,
|
||||||
|
hcloud_firewall.ssh.id,
|
||||||
|
]
|
||||||
|
labels = {
|
||||||
|
}
|
||||||
|
|
||||||
|
lifecycle {
|
||||||
|
ignore_changes = [
|
||||||
|
ssh_keys,
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@ -16,7 +16,7 @@ variable "instances" {
|
|||||||
|
|
||||||
variable "server_type" {
|
variable "server_type" {
|
||||||
type=string
|
type=string
|
||||||
default = "CPX21"
|
default = "cpx21"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "os_type" {
|
variable "os_type" {
|
||||||
|
@ -45,5 +45,5 @@ variable localEndpoint{
|
|||||||
}
|
}
|
||||||
variable cloudEndpoint{
|
variable cloudEndpoint{
|
||||||
type= string
|
type= string
|
||||||
default= "135.181.150.203"
|
default= "65.21.2.14"
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user