infrastructure/ingress.tjo.cloud/justfile

default:
  @just --list

apply:
  #!/usr/bin/env sh
  cd {{source_directory()}}/terraform
  tofu init
  tofu apply

apply-only node:
  #!/usr/bin/env sh
  cd {{source_directory()}}/terraform
  tofu init
  tofu apply --target 'proxmox_virtual_environment_vm.nodes["{{node}}"]'

destroy:
  #!/usr/bin/env sh
  cd {{source_directory()}}/terraform
  tofu  destroy

destroy-only node:
  #!/usr/bin/env sh
  cd {{source_directory()}}/terraform
  tofu init
  tofu destroy --target 'proxmox_virtual_environment_vm.nodes["{{node}}"]'

configure:
  #!/usr/bin/env sh
  set -eou pipefail

  pushd {{source_directory()}}/terraform > /dev/null
  NODES=$(tofu output -json | jq -r '.nodes.value[]')
  popd > /dev/null

  for NODE in $NODES
  do
    echo "= Provisioning node ${NODE}"
    cat install.sh | tailscale ssh ubuntu@${NODE} 'sudo bash -s'
  done

configure-only node:
  #!/usr/bin/env sh
  set -eou pipefail

  pushd {{source_directory()}}/terraform > /dev/null
  NODES=$(tofu output -json | jq -r '.nodes.value[]')
  popd > /dev/null

  for NODE in $NODES
  do
    if [ "$NODE" = "{{node}}-ingress-tjo-cloud" ]
    then
      echo "= Provisioning node ${NODE}"
      cat install.sh | tailscale ssh ubuntu@${NODE} 'sudo bash -s'
    fi
  done

# Create a list of blocked IP ranges. Traffic we don't want.
update-blocked-list:
  #!/usr/bin/env bash
  GOOGLE_BOT_IPV4=$(curl -s https://raw.githubusercontent.com/lord-alfred/ipranges/main/googlebot/ipv4_merged.txt)
  GOOGLE_BOT_IPV6=$(curl -s https://raw.githubusercontent.com/lord-alfred/ipranges/main/googlebot/ipv6_merged.txt)
  echo "# GOOGLE_BOT IPV4 $(echo $GOOGLE_BOT_IPV4 | wc -w)"
  echo "# GOOGLE_BOT IPV6 $(echo $GOOGLE_BOT_IPV6 | wc -w)"

  BING_BOT_IPV4=$(curl -s https://raw.githubusercontent.com/lord-alfred/ipranges/main/bing/ipv4_merged.txt)
  echo "# BING_BOT IPV4 $(echo $BING_BOT_IPV4 | wc -w)"

  OPENAI_IPV4=$(curl -s https://raw.githubusercontent.com/lord-alfred/ipranges/main/openai/ipv4_merged.txt)
  echo "# OPENAI IPV4 $(echo $OPENAI_IPV4 | wc -w)"

  FACEBOOK_IPV4=$(curl -s https://raw.githubusercontent.com/lord-alfred/ipranges/main/facebook/ipv4_merged.txt)
  FACEBOOK_IPV6=$(curl -s https://raw.githubusercontent.com/lord-alfred/ipranges/main/facebook/ipv6_merged.txt)
  echo "# FACEBOOK IPV4 $(echo $FACEBOOK_IPV4 | wc -w)"
  echo "# FACEBOOK IPV6 $(echo $FACEBOOK_IPV6 | wc -w)"

  IP_RANGES=$(echo -e "$GOOGLE_BOT_IPV4\n$GOOGLE_BOT_IPV6\n$BING_BOT_IPV4\n$BING_BOT_IPV6\n$OPENAI_IPV4\n$FACEBOOK_IPV4\n$FACEBOOK_IPV6" | sort | uniq)
  echo "#!!DO NOT EDIT!! Generated by using just ingress-blocked-list command." > root/etc/nginx/partials/blocked.conf
  for ip in $IP_RANGES; do
    echo "deny $ip;" >> root/etc/nginx/partials/blocked.conf
  done