init push - infrastructure - Unnamed repository; edit this file 'description' t… | |
Log | |
Files | |
Refs | |
README | |
--- | |
commit 1689e2eba4bdb38eac00a4dc51d5f98335431252 | |
Author: Jay Scott <[email protected]> | |
Date: Fri, 27 Jan 2023 22:16:52 +0000 | |
init push | |
Diffstat: | |
A .gitignore | 3 +++ | |
A .terraform.lock.hcl | 24 ++++++++++++++++++++++++ | |
A README | 4 ++++ | |
A main.tf | 54 +++++++++++++++++++++++++++++… | |
A terraform.tfvars | 41 +++++++++++++++++++++++++++++… | |
A user_data.yml | 58 ++++++++++++++++++++++++++++++ | |
A variables.tf | 25 +++++++++++++++++++++++++ | |
7 files changed, 209 insertions(+), 0 deletions(-) | |
--- | |
diff --git a/.gitignore b/.gitignore | |
@@ -0,0 +1,3 @@ | |
+ | |
+.terraform/ | |
+*tfstate* | |
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl | |
@@ -0,0 +1,24 @@ | |
+# This file is maintained automatically by "terraform init". | |
+# Manual edits may be lost in future updates. | |
+ | |
+provider "registry.terraform.io/hetznercloud/hcloud" { | |
+ version = "1.36.2" | |
+ constraints = "1.36.2" | |
+ hashes = [ | |
+ "h1:VO/dl+g5NfJd436hmT+9NOMQk6oRU4Z9TSJJJrNlN0M=", | |
+ "zh:0498ef4209924b30ce7b4a232dd6aee08feab2ebbc90064db699adc10c16707e", | |
+ "zh:292e3c0c55d320cf164cdd431ee31580dd86f435aec99721597204bab5de3970", | |
+ "zh:3ce8558658baa7c4b9f1eeb92427665b4b930e5b157fbf352977778c90e11aaa", | |
+ "zh:46abd0bdeeba46b86832ed31338ad837b584f7b2152f8a9bfa6c3802f481a6da", | |
+ "zh:5804e71d411577f06abc0986c8c2e475c49042a192efce5936e4d5bdd874fc22", | |
+ "zh:7cef0782e8198346bfe7b61601e1cf8f2158280a5cf665140b72838545ca3127", | |
+ "zh:be81782af391ff4cc0859d976637aa00e6fe34061fe4f1df1f5ab5d62ef94f82", | |
+ "zh:bf2660e70edf758305085698fc9d05306b174b99559cd0f3f61c0b705ba22275", | |
+ "zh:caf727b0a378dc8c9c3594bbf176865f87aa732077820ff045eb352f5a48aeed", | |
+ "zh:cf95fc3121b358c7b7b667193ab36b8cb6140e2f6dfbf6f1b4c55b7fec1bb6ef", | |
+ "zh:d6d3119f8b971e982b6421dfa3b86314ccaeceaf047a3b6505f79e1a30f8301e", | |
+ "zh:e6f7f65dced2e88e3082c57ddcd118412595678cf3c7289bc7e12c724b3bd892", | |
+ "zh:f41f59ca511ab1a591d5abdc7f6d32d2e03a1d6087d206a741f95b7b0dd2ea17", | |
+ "zh:fbe59fbb5f272a6b206a380f6dbf49837b199960dd038afca2e89b11f72fdfda", | |
+ ] | |
+} | |
diff --git a/README b/README | |
@@ -0,0 +1,4 @@ | |
+bootstrap my cloud servers. | |
+ | |
+ terraform plan -var="hcloud_token=$HCLOUD_TOKEN" | |
+ terraform apply -var="hcloud_token=$HCLOUD_TOKEN" | |
diff --git a/main.tf b/main.tf | |
@@ -0,0 +1,54 @@ | |
+terraform { | |
+ required_providers { | |
+ hcloud = { | |
+ source = "hetznercloud/hcloud" | |
+ version = "1.36.2" | |
+ } | |
+ } | |
+} | |
+ | |
+provider "hcloud" { | |
+ token = var.hcloud_token | |
+} | |
+ | |
+ | |
+resource "hcloud_ssh_key" "this" { | |
+ name = "main_key" | |
+ public_key = file("~/.ssh/id_rsa.pub") | |
+} | |
+ | |
+ | |
+resource "hcloud_firewall" "this" { | |
+ name = "firewallrules" | |
+ | |
+ dynamic "rule" { | |
+ for_each = var.firewall_rules | |
+ | |
+ content { | |
+ description = rule.key | |
+ direction = rule.value.direction | |
+ protocol = rule.value.protocol | |
+ source_ips = rule.value.source_ips | |
+ port = rule.value.port | |
+ } | |
+ } | |
+} | |
+ | |
+ | |
+resource "hcloud_server" "nodes" { | |
+ for_each = var.nodes | |
+ | |
+ name = each.key | |
+ image = each.value.image | |
+ server_type = each.value.server_type | |
+ location = each.value.location | |
+ labels = each.value.labels | |
+ ssh_keys = [hcloud_ssh_key.this.id] | |
+ user_data = file("user_data.yml") | |
+ firewall_ids = [hcloud_firewall.this.id] | |
+ | |
+ public_net { | |
+ ipv4_enabled = each.value.ipv4 | |
+ ipv6_enabled = each.value.ipv6 | |
+ } | |
+} | |
diff --git a/terraform.tfvars b/terraform.tfvars | |
@@ -0,0 +1,41 @@ | |
+nodes = { | |
+ node1 = { | |
+ image = "debian-11" | |
+ location = "hel1", | |
+ server_type = "cx11", | |
+ ipv4 = true | |
+ ipv6 = true | |
+ labels = { | |
+ services = "git" | |
+ } | |
+ } | |
+} | |
+ | |
+firewall_rules = { | |
+ gopher = { | |
+ direction = "in" | |
+ protocol = "tcp" | |
+ source_ips = ["0.0.0.0/0", "::/0"] | |
+ port = "70" | |
+ } | |
+ ssh = { | |
+ direction = "in" | |
+ protocol = "tcp" | |
+ source_ips = ["0.0.0.0/0", "::/0"] | |
+ port = "22" | |
+ } | |
+ git = { | |
+ direction = "in" | |
+ protocol = "tcp" | |
+ source_ips = ["0.0.0.0/0", "::/0"] | |
+ port = "9418" | |
+ } | |
+ fingerd = { | |
+ direction = "in" | |
+ protocol = "tcp" | |
+ source_ips = ["0.0.0.0/0", "::/0"] | |
+ port = "79" | |
+ } | |
+ | |
+ | |
+} | |
diff --git a/user_data.yml b/user_data.yml | |
@@ -0,0 +1,58 @@ | |
+#cloud-config | |
+users: | |
+ - name: jay | |
+ groups: users | |
+ sudo: ALL=(ALL) NOPASSWD:ALL | |
+ shell: /bin/bash | |
+ ssh_authorized_keys: | |
+ - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDCRWnkYAChsjuT/T/IoENtm8OT18tPer… | |
+ | |
+package_update: true | |
+package_upgrade: true | |
+ | |
+packages: | |
+ - openbsd-inetd | |
+ - efingerd | |
+ - libgit2-dev | |
+ - vim | |
+ - htop | |
+ - git | |
+ | |
+runcmd: | |
+ # SSH config | |
+ - sed -ie '/^PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config | |
+ - sed -ie '/^PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/… | |
+ - sed -ie '/^X11Forwarding/s/^.*$/X11Forwarding no/' /etc/ssh/sshd_config | |
+ - sed -ie '/^#MaxAuthTries/s/^.*$/MaxAuthTries 2/' /etc/ssh/sshd_config | |
+ - sed -ie '/^#AllowTcpForwarding/s/^.*$/AllowTcpForwarding no/' /etc/ssh/ssh… | |
+ - sed -ie '/^#AllowAgentForwarding/s/^.*$/AllowAgentForwarding no/' /etc/ssh… | |
+ - sed -ie '/^#AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh/authorized_k… | |
+ - systemctl restart ssh | |
+ # Git setup | |
+ - mkdir -p /srv/git | |
+ - chown -R git:git /srv/git | |
+ - systemctl enable git-daemon | |
+ - systemctl start git-daemon | |
+ | |
+write_files: | |
+ - content: | | |
+ [Unit] | |
+ Description=Start Git Daemon | |
+ | |
+ [Service] | |
+ ExecStart=/usr/bin/git daemon --reuseaddr --base-path=/srv/git/ /srv/git/ | |
+ | |
+ Restart=always | |
+ RestartSec=500ms | |
+ | |
+ StandardOutput=syslog | |
+ StandardError=syslog | |
+ SyslogIdentifier=git-daemon | |
+ | |
+ User=git | |
+ Group=git | |
+ | |
+ [Install] | |
+ WantedBy=multi-user.target | |
+ path: /etc/systemd/system/git-daemon.service | |
+ permissions: '0644' | |
diff --git a/variables.tf b/variables.tf | |
@@ -0,0 +1,25 @@ | |
+variable "hcloud_token" { | |
+ description = "Hetzner cloud personal API token." | |
+ type = string | |
+ sensitive = true | |
+} | |
+ | |
+variable "nodes" { | |
+ type = map(object({ | |
+ image = string | |
+ location = string | |
+ server_type = string | |
+ labels = map(any) | |
+ ipv4 = bool | |
+ ipv6 = bool | |
+ })) | |
+} | |
+ | |
+variable "firewall_rules" { | |
+ type = map(object({ | |
+ direction = string | |
+ protocol = string | |
+ source_ips = list(any) | |
+ port = string | |
+ })) | |
+} |