This commit is contained in:
parent
b4e76f9325
commit
7fb16ee116
@ -2,22 +2,37 @@
|
|||||||
# Manual edits may be lost in future updates.
|
# Manual edits may be lost in future updates.
|
||||||
|
|
||||||
provider "registry.terraform.io/hetznercloud/hcloud" {
|
provider "registry.terraform.io/hetznercloud/hcloud" {
|
||||||
version = "1.35.2"
|
version = "1.42.1"
|
||||||
hashes = [
|
hashes = [
|
||||||
"h1:a/DH+2jHvgikSDajup5feRZRUwNw8OT9NBPKezjgM5g=",
|
"h1:1AGk4CAeqdyF1D4vNyjarKSBoN2z+Y6ubUxzqiyc7qI=",
|
||||||
"zh:1a7cb8f9cbd51b62bdbb4f36cdb070dd99059d86115c4777193e0f8536798d4d",
|
"zh:002e2e57c1425bb4cf620c6a80732ee071726d0d82d0523c5258dde3222113df",
|
||||||
"zh:29c104aae7f7a4e1a4aea32febc9caa2d7d86589cd9d01d5b93dbe2cb0a73220",
|
"zh:03213d79fc2bcd94ac812ca22c1d1d6678132ab957d26a65c84ee52853059c02",
|
||||||
"zh:29f082195d8f4e4cfb4050fae2ed62ed5616659c6dfaa7b5f1eb42d94d130864",
|
"zh:0785429efdb084cb4e5a0d899112764c21d2260391e82897d7e67c9e5deccc31",
|
||||||
"zh:3cfe3876763659e27696adcb945e6da2dc2ec014ff8a2e8f0f3e610e3bfd9b73",
|
"zh:12a5653b7a00f458b65b89b15d4517f785322ebb65b5a689fa8766042a09184c",
|
||||||
"zh:3d967f4b1aef78ffce389dd32cdea4b558ef826cec96ceb4bdafde4bb4a9b655",
|
"zh:2dc7464290a623eb599cfbf731d13554448a7a824c2b1db16275f482d9059670",
|
||||||
"zh:3e160f581f7912c2053f86d6d8a3e3470fcf1fe8228b59ac216a7e40a1dd444c",
|
"zh:35a7e19868a304d77ab192871ccaa45418c13a3aac301df8d9f57c1259913051",
|
||||||
"zh:5138022c8b4c8a572e8097749241d929a96d3522e67ce25f86bb9fd51c4b343c",
|
"zh:368202d94a1104895c1d566e3f16edd55e05a09881fd4a20cd4854ca3593fee9",
|
||||||
"zh:5783febc4d8ac4b7fdb49607cab92ad13509d87ad4ca1999067ac3d20e815d12",
|
"zh:431503e5055979aabf520675bb465496d934979c7a687e1cd3c8d2ae27bfa649",
|
||||||
"zh:7f8ce9268d48beb5fa0103a8510d4fe644aaac6cd328fc4441dd37e8bdbfadab",
|
"zh:45cede3c2147cfdc76d53853e07395c05b1feff8dca16a2f8f7f1fd151e2449f",
|
||||||
"zh:8ab6aea82657fd6f97d79b41e6cd129a33a47ce727a7d0b52205590fa3785ce1",
|
"zh:8b57869af18982af21f6f816e65e6057ec5055481b220147fdbe0959917ae112",
|
||||||
"zh:9e4bebe3bbee7875dc2e3ceca3cf0fec3254a8b481c7b96ba9a5d65647ea9092",
|
"zh:be9ba4813dcf640c0df04543a3c74b0db117fbd3dcc26140e252cf5157734945",
|
||||||
"zh:af2a912db9a6fce844ac8c0e695a5d92a5625f2df126129940051a6b1021443d",
|
"zh:d3fb9ca398a153dc894caa94f95ef2e989350cf2bbfa29bc93ff2608cab44c1f",
|
||||||
"zh:bfe86d80e55f44a99dbbdca9d1caf0c837fe21d91e78674ee36263b7de71fd38",
|
"zh:fc690be8cbada1e99063ed1c6148f9a70ab341100a97ad2886f4826a951780d3",
|
||||||
"zh:d9538a361bd8979c4a87273a82fc5dec7110f3aa7ec69fffb8c70fe8937bc1f4",
|
"zh:ffa9470e41fa04ac667d4d830987aeed2070767d57f2414692c2dd395a405fba",
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "registry.terraform.io/timohirt/hetznerdns" {
|
||||||
|
version = "2.2.0"
|
||||||
|
hashes = [
|
||||||
|
"h1:HyskQAglrOueur79gSCBgx9MNDOs0tz39aNYQiFgxz8=",
|
||||||
|
"zh:5bb0ab9f62be3ed92070235e507f3c290491d51391ef4edcc70df53b65a83019",
|
||||||
|
"zh:5ccdfac7284f5515ac3cff748336b77f21c64760e429e811a1eeefa8ebb86e12",
|
||||||
|
"zh:687c35665139ae37c291e99085be2e38071f6b355c4e1e8957c5a6a3bcdf9caf",
|
||||||
|
"zh:6de27f0d0d1513b3a4b7e81923b4a8506c52759bd466e2b4f8156997b0478931",
|
||||||
|
"zh:85770a9199a4c2d16ca41538d7a0f7a7bfc060678104a1faac19213e6f0a800c",
|
||||||
|
"zh:a5ff723774a9ccfb27d5766c5e6713537f74dd94496048c89c5d64dba597e59e",
|
||||||
|
"zh:bf9ab76fd37cb8aebb6868d73cbe8c08cee36fc25224cc1ef5949efa3c34b06c",
|
||||||
|
"zh:db998fe3bdcd4902e99fa470bb3f355883170cf4c711c8da0b5f1f4510f1be41",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
197
infra/dns.tf
Normal file
197
infra/dns.tf
Normal file
@ -0,0 +1,197 @@
|
|||||||
|
locals {
|
||||||
|
defaultCname=hcloud_server.HomeLab2[0].name
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "hetznerdns_zone" "externalZone" {
|
||||||
|
name = "ducamps.win"
|
||||||
|
ttl = 1700
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
resource "hetznerdns_record" "rootalias" {
|
||||||
|
zone_id = hetznerdns_zone.externalZone.id
|
||||||
|
name = "@"
|
||||||
|
value = hcloud_server.HomeLab2[0].ipv4_address
|
||||||
|
type = "A"
|
||||||
|
}
|
||||||
|
resource "hetznerdns_record" "MX1" {
|
||||||
|
zone_id = hetznerdns_zone.externalZone.id
|
||||||
|
name = "@"
|
||||||
|
value = "20 spool.mail.gandi.net."
|
||||||
|
type = "MX"
|
||||||
|
}
|
||||||
|
resource "hetznerdns_record" "MX2" {
|
||||||
|
zone_id = hetznerdns_zone.externalZone.id
|
||||||
|
name = "@"
|
||||||
|
value = "50 fb.mail.gandi.net"
|
||||||
|
type = "MX"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "hetznerdns_record" "spf" {
|
||||||
|
zone_id = hetznerdns_zone.externalZone.id
|
||||||
|
name = "@"
|
||||||
|
value = "\"v=spf1 include:_mailcust.gandi.net ~all\""
|
||||||
|
type = "TXT"
|
||||||
|
}
|
||||||
|
resource "hetznerdns_record" "caldav" {
|
||||||
|
zone_id = hetznerdns_zone.externalZone.id
|
||||||
|
name = "_caldavs_tcp"
|
||||||
|
value = "10 20 443 www.${hetznerdns_zone.externalZone.name}"
|
||||||
|
type = "SRV"
|
||||||
|
}
|
||||||
|
resource "hetznerdns_record" "carddavs" {
|
||||||
|
zone_id = hetznerdns_zone.externalZone.id
|
||||||
|
name = "_carddavs_tcp"
|
||||||
|
value = "10 20 443 www.${hetznerdns_zone.externalZone.name}"
|
||||||
|
type = "SRV"
|
||||||
|
}
|
||||||
|
resource "hetznerdns_record" "server" {
|
||||||
|
zone_id = hetznerdns_zone.externalZone.id
|
||||||
|
name = local.defaultCname
|
||||||
|
value = hcloud_server.HomeLab2[0].ipv4_address
|
||||||
|
type = "A"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "hetznerdns_record" "dendrite" {
|
||||||
|
zone_id = hetznerdns_zone.externalZone.id
|
||||||
|
name = "dendrite"
|
||||||
|
value = local.defaultCname
|
||||||
|
type = "CNAME"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "hetznerdns_record" "diskstation" {
|
||||||
|
zone_id = hetznerdns_zone.externalZone.id
|
||||||
|
name = "diskstation"
|
||||||
|
value = local.defaultCname
|
||||||
|
type = "CNAME"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "hetznerdns_record" "drone" {
|
||||||
|
zone_id = hetznerdns_zone.externalZone.id
|
||||||
|
name = "drone"
|
||||||
|
value = local.defaultCname
|
||||||
|
type = "CNAME"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "hetznerdns_record" "file" {
|
||||||
|
zone_id = hetznerdns_zone.externalZone.id
|
||||||
|
name = "file"
|
||||||
|
value = local.defaultCname
|
||||||
|
type = "CNAME"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "hetznerdns_record" "ghostfolio" {
|
||||||
|
zone_id = hetznerdns_zone.externalZone.id
|
||||||
|
name = "ghostfolio"
|
||||||
|
value = local.defaultCname
|
||||||
|
type = "CNAME"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "hetznerdns_record" "git" {
|
||||||
|
zone_id = hetznerdns_zone.externalZone.id
|
||||||
|
name = "git"
|
||||||
|
value = local.defaultCname
|
||||||
|
type = "CNAME"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "hetznerdns_record" "grafana" {
|
||||||
|
zone_id = hetznerdns_zone.externalZone.id
|
||||||
|
name = "grafana"
|
||||||
|
value = local.defaultCname
|
||||||
|
type = "CNAME"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "hetznerdns_record" "hass" {
|
||||||
|
zone_id = hetznerdns_zone.externalZone.id
|
||||||
|
name = "hass"
|
||||||
|
value = local.defaultCname
|
||||||
|
type = "CNAME"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "hetznerdns_record" "jellyfin" {
|
||||||
|
zone_id = hetznerdns_zone.externalZone.id
|
||||||
|
name = "jellyfin"
|
||||||
|
value = local.defaultCname
|
||||||
|
type = "CNAME"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "hetznerdns_record" "supysonic" {
|
||||||
|
zone_id = hetznerdns_zone.externalZone.id
|
||||||
|
name = "supysonic"
|
||||||
|
value = local.defaultCname
|
||||||
|
type = "CNAME"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "hetznerdns_record" "syno" {
|
||||||
|
zone_id = hetznerdns_zone.externalZone.id
|
||||||
|
name = "syno"
|
||||||
|
value = local.defaultCname
|
||||||
|
type = "CNAME"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "hetznerdns_record" "vault" {
|
||||||
|
zone_id = hetznerdns_zone.externalZone.id
|
||||||
|
name = "vault"
|
||||||
|
value = local.defaultCname
|
||||||
|
type = "CNAME"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "hetznerdns_record" "vikunja" {
|
||||||
|
zone_id = hetznerdns_zone.externalZone.id
|
||||||
|
name = "vikunja"
|
||||||
|
value = local.defaultCname
|
||||||
|
type = "CNAME"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "hetznerdns_record" "www" {
|
||||||
|
zone_id = hetznerdns_zone.externalZone.id
|
||||||
|
name = "www"
|
||||||
|
value = local.defaultCname
|
||||||
|
type = "CNAME"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "hetznerdns_record" "ww" {
|
||||||
|
zone_id = hetznerdns_zone.externalZone.id
|
||||||
|
name = "ww"
|
||||||
|
value = local.defaultCname
|
||||||
|
type = "CNAME"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "hetznerdns_record" "gm1" {
|
||||||
|
zone_id = hetznerdns_zone.externalZone.id
|
||||||
|
name = "gm1._domainkey"
|
||||||
|
value = "gm1.gandimail.net"
|
||||||
|
type = "CNAME"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "hetznerdns_record" "gm2" {
|
||||||
|
zone_id = hetznerdns_zone.externalZone.id
|
||||||
|
name = "gm2._domainkey"
|
||||||
|
value = "gm2.gandimail.net"
|
||||||
|
type = "CNAME"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "hetznerdns_record" "gm3" {
|
||||||
|
zone_id = hetznerdns_zone.externalZone.id
|
||||||
|
name = "gm3._domainkey"
|
||||||
|
value = "gm3.gandimail.net"
|
||||||
|
type = "CNAME"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
resource "hetznerdns_record" "imap" {
|
||||||
|
zone_id = hetznerdns_zone.externalZone.id
|
||||||
|
name = "imap"
|
||||||
|
value = "mail.gandi.net."
|
||||||
|
type = "CNAME"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "hetznerdns_record" "smtp" {
|
||||||
|
zone_id = hetznerdns_zone.externalZone.id
|
||||||
|
name = "smtp"
|
||||||
|
value = "mail.gandi.net"
|
||||||
|
type = "CNAME"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -1,8 +1,12 @@
|
|||||||
terraform {
|
terraform {
|
||||||
|
|
||||||
required_providers {
|
required_providers {
|
||||||
hcloud = {
|
hcloud = {
|
||||||
source = "hetznercloud/hcloud"
|
source = "hetznercloud/hcloud"
|
||||||
}
|
}
|
||||||
|
hetznerdns = {
|
||||||
|
source="timohirt/hetznerdns"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
backend "consul" {
|
backend "consul" {
|
||||||
path = "terraform/infra"
|
path = "terraform/infra"
|
||||||
@ -13,3 +17,6 @@ terraform {
|
|||||||
provider "hcloud" {
|
provider "hcloud" {
|
||||||
token = var.hcloud_token
|
token = var.hcloud_token
|
||||||
}
|
}
|
||||||
|
provider "hetznerdns" {
|
||||||
|
apitoken = var.hdns_token
|
||||||
|
}
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
resource "hcloud_server" "HomeLab2" {
|
resource "hcloud_server" "HomeLab2" {
|
||||||
count = var.instances
|
count = var.instances
|
||||||
name = "corwin"
|
name = "corwin"
|
||||||
image = "rocky-9"
|
image = var.os_type
|
||||||
server_type = var.server_type
|
server_type = var.server_type
|
||||||
location = var.location
|
location = var.location
|
||||||
ssh_keys = [hcloud_ssh_key.default.id]
|
ssh_keys = [hcloud_ssh_key.default.id]
|
||||||
|
@ -1,19 +1,26 @@
|
|||||||
variable "hcloud_token" {
|
variable "hcloud_token" {
|
||||||
|
type = string
|
||||||
# default = <your-api-token>
|
# default = <your-api-token>
|
||||||
}
|
}
|
||||||
|
variable "hdns_token" {
|
||||||
|
type=string
|
||||||
|
}
|
||||||
variable "location" {
|
variable "location" {
|
||||||
|
type=string
|
||||||
default = "hel1"
|
default = "hel1"
|
||||||
}
|
}
|
||||||
variable "instances" {
|
variable "instances" {
|
||||||
|
type=number
|
||||||
default = "1"
|
default = "1"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "server_type" {
|
variable "server_type" {
|
||||||
|
type=string
|
||||||
default = "cpx11"
|
default = "cpx11"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "os_type" {
|
variable "os_type" {
|
||||||
default = "rocky-8"
|
type=string
|
||||||
|
default = "rocky-9"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -27,7 +27,7 @@ job "traefik-ingress" {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
vault {
|
vault {
|
||||||
policies = ["gandi"]
|
policies = ["traefik"]
|
||||||
}
|
}
|
||||||
task "traefik" {
|
task "traefik" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
@ -74,7 +74,7 @@ job "traefik-ingress" {
|
|||||||
}
|
}
|
||||||
template {
|
template {
|
||||||
data = <<EOH
|
data = <<EOH
|
||||||
GANDIV5_API_KEY = "{{with secret "secrets/data/nomad/gandi"}}{{.Data.data.API_KEY}}{{end}}"
|
HETZNER_API_KEY = "{{with secret "secrets/data/nomad/traefik"}}{{.Data.data.hetznerdnstoken}}{{end}}"
|
||||||
EOH
|
EOH
|
||||||
destination = "secrets/gandi.env"
|
destination = "secrets/gandi.env"
|
||||||
env = true
|
env = true
|
||||||
|
@ -20,7 +20,7 @@ job "traefik-local" {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
vault {
|
vault {
|
||||||
policies = ["gandi"]
|
policies = ["traefik"]
|
||||||
}
|
}
|
||||||
|
|
||||||
task "traefik" {
|
task "traefik" {
|
||||||
@ -68,7 +68,7 @@ job "traefik-local" {
|
|||||||
}
|
}
|
||||||
template {
|
template {
|
||||||
data = <<EOH
|
data = <<EOH
|
||||||
GANDIV5_API_KEY = "{{with secret "secrets/data/nomad/gandi"}}{{.Data.data.API_KEY}}{{end}}"
|
HETZNER_API_KEY = "{{with secret "secrets/data/nomad/traefik"}}{{.Data.data.hetznerdnstoken}}{{end}}"
|
||||||
EOH
|
EOH
|
||||||
destination = "secrets/gandi.env"
|
destination = "secrets/gandi.env"
|
||||||
env = true
|
env = true
|
||||||
@ -108,9 +108,9 @@ job "traefik-local" {
|
|||||||
email = "vincent@ducamps.win"
|
email = "vincent@ducamps.win"
|
||||||
storage = "acme.json"
|
storage = "acme.json"
|
||||||
[certificatesResolvers.myresolver.acme.dnsChallenge]
|
[certificatesResolvers.myresolver.acme.dnsChallenge]
|
||||||
provider = "gandiv5"
|
provider = "hetzner"
|
||||||
delayBeforeCheck = 0
|
delayBeforeCheck = 0
|
||||||
resolvers = ["173.246.100.133:53"]
|
resolvers = ["hydrogen.ns.hetzner.com"]
|
||||||
[metrics]
|
[metrics]
|
||||||
[metrics.prometheus]
|
[metrics.prometheus]
|
||||||
|
|
||||||
|
@ -7,7 +7,7 @@ locals {
|
|||||||
"dump",
|
"dump",
|
||||||
"dentrite",
|
"dentrite",
|
||||||
"droneci",
|
"droneci",
|
||||||
"gandi",
|
"traefik",
|
||||||
"gitea",
|
"gitea",
|
||||||
"nextcloud",
|
"nextcloud",
|
||||||
"paperless",
|
"paperless",
|
||||||
|
Loading…
Reference in New Issue
Block a user