# Always use devbox environment to run commands. set shell := ["devbox", "run"] # Load dotenv set dotenv-load default: @just --list lint: @tofu fmt -check -recursive . @tflint --recursive format: @tofu fmt -recursive . @tflint --recursive deploy: #!/usr/bin/env sh cd {{justfile_directory()}}/terraform tofu init tofu apply destroy: #!/usr/bin/env sh cd {{justfile_directory()}}/terraform tofu destroy # Create a list of blocked IP ranges. Traffic we don't want. ingress-blocked-list: #!/usr/bin/env bash GOOGLE_BOT_IPV4=$(curl -s https://raw.githubusercontent.com/lord-alfred/ipranges/main/googlebot/ipv4_merged.txt) GOOGLE_BOT_IPV6=$(curl -s https://raw.githubusercontent.com/lord-alfred/ipranges/main/googlebot/ipv6_merged.txt) echo "# GOOGLE_BOT IPV4 $(echo $GOOGLE_BOT_IPV4 | wc -w)" echo "# GOOGLE_BOT IPV6 $(echo $GOOGLE_BOT_IPV6 | wc -w)" BING_BOT_IPV4=$(curl -s https://raw.githubusercontent.com/lord-alfred/ipranges/main/bing/ipv4_merged.txt) echo "# BING_BOT IPV4 $(echo $BING_BOT_IPV4 | wc -w)" OPENAI_IPV4=$(curl -s https://raw.githubusercontent.com/lord-alfred/ipranges/main/openai/ipv4_merged.txt) echo "# OPENAI IPV4 $(echo $OPENAI_IPV4 | wc -w)" FACEBOOK_IPV4=$(curl -s https://raw.githubusercontent.com/lord-alfred/ipranges/main/facebook/ipv4_merged.txt) FACEBOOK_IPV6=$(curl -s https://raw.githubusercontent.com/lord-alfred/ipranges/main/facebook/ipv6_merged.txt) echo "# FACEBOOK IPV4 $(echo $FACEBOOK_IPV4 | wc -w)" echo "# FACEBOOK IPV6 $(echo $FACEBOOK_IPV6 | wc -w)" IP_RANGES=$(echo -e "$GOOGLE_BOT_IPV4\n$GOOGLE_BOT_IPV6\n$BING_BOT_IPV4\n$BING_BOT_IPV6\n$OPENAI_IPV4\n$FACEBOOK_IPV4\n$FACEBOOK_IPV6" | sort | uniq) echo "#!!DO NOT EDIT!! Generated by using just ingress-blocked-list command." > root/etc/nginx/partials/blocked.conf for ip in $IP_RANGES; do echo "deny $ip;" >> root/etc/nginx/partials/blocked.conf done provision: #!/usr/bin/env sh set -eou pipefail pushd {{justfile_directory()}}/terraform > /dev/null NODES=$(tofu output -json | jq -r '.nodes.value[]') popd > /dev/null for NODE in $NODES do echo "Provisioning node ${NODE}" ssh ubuntu@${NODE} 'sudo rm -rf /srv && sudo mkdir /srv && sudo chown ubuntu:ubuntu /srv' cat install.sh | ssh ubuntu@${NODE} 'sudo bash -s' done list-servers: @cd terraform && tofu output -json | jq -r '.nodes.value[]'