migrate to merlin

This commit is contained in:
vincent 2024-01-30 20:54:08 +01:00
parent 4117bd80c5
commit 29d70cac0e
5 changed files with 56 additions and 18 deletions

View File

@ -1,24 +1,23 @@
--- ---
ansible_host: 10.0.0.1 #ansible_host: 10.0.0.1
#ansible_host: 135.181.150.203 ansible_host: 135.181.150.203
default_interface: "eth0"
wireguard_address: "10.0.0.1/24" wireguard_address: "10.0.0.1/24"
wireguard_endpoint: "135.181.150.203" wireguard_endpoint: "135.181.150.203"
wireguard_persistent_keepalive: "20" wireguard_persistent_keepalive: "20"
wireguard_byhost_allowed_ips: wireguard_allowed_ips: 10.0.0.1
gerard: 10.0.0.1,10.0.0.3,10.0.0.5
wireguard_allowed_ips: "0.0.0.0/0"
wireguard_postup: wireguard_postup:
- iptables -A FORWARD -o %i -j ACCEPT - iptables -A FORWARD -o %i -j ACCEPT
- iptables -A FORWARD -i %i -j ACCEPT - iptables -A FORWARD -i %i -j ACCEPT
- iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE - iptables -t nat -A POSTROUTING -o {{ default_interface }} -j MASQUERADE
- sysctl -w net.ipv4.ip_forward=1 - sysctl -w net.ipv4.ip_forward=1
- resolvectl dns %i 192.168.1.4 192.168.1.41; resolvectl domain %i '~ducamps.win' '~ducamps.eu' '~{{ consul_domain }}' - resolvectl dns %i 192.168.1.4 192.168.1.41; resolvectl domain %i '~ducamps.win' '~ducamps.eu' '~{{ consul_domain }}'
wireguard_postdown: wireguard_postdown:
- iptables -D FORWARD -i %i -j ACCEPT - iptables -D FORWARD -i %i -j ACCEPT
- iptables -D FORWARD -o %i -j ACCEPT - iptables -D FORWARD -o %i -j ACCEPT
- iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE - iptables -t nat -D POSTROUTING -o {{ default_interface }} -j MASQUERADE
- sysctl -w net.ipv4.ip_forward=0 - sysctl -w net.ipv4.ip_forward=0
wireguard_unmanaged_peers: wireguard_unmanaged_peers:

View File

@ -1,31 +1,38 @@
--- ---
ansible_host: 10.0.0.4 ansible_host: 10.0.0.4
#ansible_host: 65.21.2.14
default_interface: "ens3"
wireguard_address: "10.0.0.4/24" wireguard_address: "10.0.0.4/24"
wireguard_endpoint: "95.216.217.5" wireguard_endpoint: "65.21.2.14"
wireguard_persistent_keepalive: "30" wireguard_persistent_keepalive: "20"
wireguard_allowed_ips: "10.0.0.4/32,10.0.0.3/32,10.0.0.5/32" wireguard_byhost_allowed_ips:
oscar: "0.0.0.0/0"
bleys: "0.0.0.0/0"
wireguard_allowed_ips: "10.0.0.4/32,10.0.0.3,10.0.0.5"
wireguard_postup: wireguard_postup:
- iptables -A FORWARD -o %i -j ACCEPT - iptables -A FORWARD -o %i -j ACCEPT
- iptables -A FORWARD -i %i -j ACCEPT - iptables -A FORWARD -i %i -j ACCEPT
- iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE - iptables -t nat -A POSTROUTING -o {{ default_interface }} -j MASQUERADE
- sysctl -w net.ipv4.ip_forward=1
- resolvectl dns %i 192.168.1.4 192.168.1.41; resolvectl domain %i '~ducamps.win' '~ducamps.eu' '~{{ consul_domain }}'
wireguard_postdown: wireguard_postdown:
- iptables -D FORWARD -i %i -j ACCEPT - iptables -D FORWARD -i %i -j ACCEPT
- iptables -D FORWARD -o %i -j ACCEPT - iptables -D FORWARD -o %i -j ACCEPT
- iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE - iptables -t nat -D POSTROUTING -o {{ default_interface }} -j MASQUERADE
- sysctl -w net.ipv4.ip_forward=0
wireguard_unmanaged_peers: wireguard_unmanaged_peers:
phone: phone:
public_key: ioG35kDFTtip+Acfq+je9qDHYbZij+J6+Pg3T6Z4N0w= public_key: IYKgrQ2VJUbOnupSqedOfIilsbmBBABZUTRF9ZoTrkc=
allowed_ips: 10.0.0.3/32 allowed_ips: 10.0.0.3/32
persistent_keepalive: 0 persistent_keepalive: 0
zen: zen:
public_key: rYYljQw8InmM95pxCP9KyZ8R+kcicgnjr6E9qtkI1Ag= public_key: rYYljQw8InmM95pxCP9KyZ8R+kcicgnjr6E9qtkI1Ag=
allowed_ips: 10.0.0.5/32 allowed_ips: 10.0.0.5/32
persistent_keepalive: 0 persistent_keepalive: 0
wireguard_dns: "192.168.1.41,192.168.1.4" wireguard_dns: "192.168.1.4,192.168.1.41"
consul_client_addr: "127.0.0.1 10.0.0.4" consul_client_addr: "127.0.0.1 10.0.0.4"
consul_bind_address: "10.0.0.4" consul_bind_address: "10.0.0.4"
consul_ui: True consul_ui: True
@ -35,7 +42,8 @@ nomad_host_networks:
- name: "private" - name: "private"
interface: wg0 interface: wg0
- name: "public" - name: "public"
interface: eth0 interface: ens3
- name: "default" - name: "default"
interface: wg0 interface: wg0
vault_listener_address: 10.0.0.4 vault_listener_address: 10.0.0.4
nomad_plugins_podman: True

View File

@ -20,3 +20,34 @@ resource "hcloud_server" "HomeLab2" {
] ]
} }
} }
data "hcloud_image" "arch" {
with_selector = "os-flavor=archlinux"
most_recent = true
with_status = ["available"]
}
resource "hcloud_server" "merlin" {
count = var.instances
name = "merlin"
image = data.hcloud_image.arch.id
server_type = "cx11"
location = var.location
ssh_keys = [hcloud_ssh_key.default.id]
firewall_ids = [
hcloud_firewall.prod.id,
hcloud_firewall.Gitea_SSH.id,
hcloud_firewall.torrent.id,
hcloud_firewall.mail.id,
hcloud_firewall.ssh.id,
]
labels = {
}
lifecycle {
ignore_changes = [
ssh_keys,
]
}
}

View File

@ -16,7 +16,7 @@ variable "instances" {
variable "server_type" { variable "server_type" {
type=string type=string
default = "CPX21" default = "cpx21"
} }
variable "os_type" { variable "os_type" {

View File

@ -45,5 +45,5 @@ variable localEndpoint{
} }
variable cloudEndpoint{ variable cloudEndpoint{
type= string type= string
default= "135.181.150.203" default= "65.21.2.14"
} }