Introduction
Introduction Statistics Contact Development Disclaimer Help
Updating base OS to Debian 12, updating Terraform version. - infra - Terraform …
Log
Files
Refs
README
---
commit 6e1286b5e3433c0dc66e2e643de7bdadb23e4486
parent c689568e0318bc63c40fb0b47d1732ae902d7dd6
Author: Jay Scott <[email protected]>
Date: Thu, 29 Jun 2023 17:06:22 +0100
Updating base OS to Debian 12, updating Terraform version.
I have also fixed a few issues with the ansible scripts that appeared
with the latest server build.
Diffstat:
M README | 4 ++--
M ansible/group_vars/all.yml | 1 +
M ansible/inventory.yml | 3 ---
M ansible/main.yml | 1 -
M ansible/roles/common/handlers/main… | 2 +-
M ansible/roles/common/tasks/main.yml | 5 +++++
M ansible/roles/finger/tasks/main.yml | 1 +
A terraform/id_rsa.pub | 1 +
M terraform/main.tf | 10 +++-------
M terraform/outputs.tf | 2 +-
M terraform/terraform.tfvars | 38 ++++++++++++++++-------------…
M terraform/variables.tf | 24 ++++++++++++++----------
12 files changed, 48 insertions(+), 44 deletions(-)
---
diff --git a/README b/README
@@ -7,7 +7,7 @@ Bootstrap Hetzner Cloud servers.
Provision X servers with desired configuration
Create custom firewall rules
Add reverse dns entry
- Userdata bootscript adding a ansible user account
+ Userdata bootscript adding an Ansible user account
If you actually want to use this for yourself then you might need to do
the following depending on your requirements.
@@ -17,7 +17,7 @@ the following depending on your requirements.
The user_data script is a standard cloud-init yaml config that creates
-an ansible user for further configuration the instances.
+an Ansible user for further configuration the instances.
terraform plan
diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
@@ -1,3 +1,4 @@
default:
username: jay
comment: Jay Scott
+ hostname: jay.scot
diff --git a/ansible/inventory.yml b/ansible/inventory.yml
@@ -8,6 +8,3 @@ all:
gopher:
hosts:
jay.scot
- git:
- hosts:
- jay.scot
diff --git a/ansible/main.yml b/ansible/main.yml
@@ -16,7 +16,6 @@
become: true
roles:
- role: gopher
- - role: stagit
tags:
- gopher
diff --git a/ansible/roles/common/handlers/main.yml b/ansible/roles/common/hand…
@@ -1,4 +1,4 @@
- name: Restart sshd
ansible.builtin.service:
name: sshd
- state: restart
+ state: restarted
diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/m…
@@ -40,3 +40,8 @@
state: present
nopassword: true
commands: ALL
+
+- name: Set the hostname
+ ansible.builtin.hostname:
+ name: "{{ default.hostname }}"
+ use: systemd
diff --git a/ansible/roles/finger/tasks/main.yml b/ansible/roles/finger/tasks/m…
@@ -24,6 +24,7 @@
- list
- logo.txt
- morris.txt
+ - mcrae.txt
- log
- luser
- nouser
diff --git a/terraform/id_rsa.pub b/terraform/id_rsa.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDCRWnkYAChsjuT/T/IoENtm8OT18tPereaw6OOqm…
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -5,11 +5,8 @@ terraform {
version = "1.36.2"
}
}
-
- backend "local" {
- path = "/home/jay/.config/infra/terraform.tfstate"
+ cloud {
}
-
}
resource "hcloud_ssh_key" "this" {
@@ -21,12 +18,12 @@ resource "hcloud_ssh_key" "this" {
resource "hcloud_firewall" "this" {
- for_each = var.nodes
+ for_each = var.firewall_rules
name = each.key
dynamic "rule" {
- for_each = each.value.firewall_rules
+ for_each = each.value.rules
content {
description = rule.key
@@ -64,4 +61,3 @@ resource "hcloud_rdns" "this" {
ip_address = each.value.ipv4_address
dns_ptr = var.nodes[each.key].reverse_dns
}
-
diff --git a/terraform/outputs.tf b/terraform/outputs.tf
@@ -1,3 +1,3 @@
output "public_ip_address" {
- value = {for name, server in hcloud_server.this: name => server.ipv4_address}
+ value = { for name, server in hcloud_server.this : name => server.ipv4_addre…
}
diff --git a/terraform/terraform.tfvars b/terraform/terraform.tfvars
@@ -1,16 +1,10 @@
public_ssh_keys = {
- main_key = "~/.ssh/id_rsa.pub"
+ main = "./id_rsa.pub"
}
-nodes = {
- "jay.scot" = {
- image = "debian-11"
- location = "hel1",
- server_type = "cx11",
- reverse_dns = "jay.scot"
- user_data = "user_data/boot.yml"
- public_key = "main_key"
- firewall_rules = {
+firewall_rules = {
+ "gopher" = {
+ rules = {
gopher = {
direction = "in"
protocol = "tcp"
@@ -23,12 +17,6 @@ nodes = {
source_ips = ["0.0.0.0/0", "::/0"]
port = "22"
}
- git = {
- direction = "in"
- protocol = "tcp"
- source_ips = ["0.0.0.0/0", "::/0"]
- port = "9418"
- }
fingerd = {
direction = "in"
protocol = "tcp"
@@ -36,10 +24,22 @@ nodes = {
port = "79"
}
}
- ipv4 = true
- ipv6 = true
+ }
+}
+
+nodes = {
+ "gopher" = {
+ image = "debian-12"
+ location = "hel1",
+ server_type = "cx11",
+ reverse_dns = "jay.scot"
+ user_data = "user_data/boot.yml"
+ public_key = "main"
+ ipv4 = true
+ ipv6 = true
labels = {
- git = "true"
+ gopher = "true"
+ finger = "true"
}
}
}
diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -4,18 +4,22 @@ variable "public_ssh_keys" {
type = map(any)
}
+variable "firewall_rules" {
+ description = "Firewall configuration settings."
+ type = map(any)
+}
+
variable "nodes" {
description = "Configuration settings for each required node."
type = map(object({
- image = string
- location = string
- server_type = string
- reverse_dns = string
- user_data = string
- public_key = string
- labels = map(any)
- firewall_rules = map(any)
- ipv4 = bool
- ipv6 = bool
+ image = string
+ location = string
+ server_type = string
+ reverse_dns = string
+ user_data = string
+ public_key = string
+ labels = map(any)
+ ipv4 = bool
+ ipv6 = bool
}))
}
You are viewing proxied material from jay.scot. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.