68 lines
2.3 KiB
Makefile
68 lines
2.3 KiB
Makefile
# Always use devbox environment to run commands.
|
|
set shell := ["devbox", "run"]
|
|
# Load dotenv
|
|
set dotenv-load
|
|
|
|
default:
|
|
@just --list
|
|
|
|
lint:
|
|
@tofu fmt -check -recursive .
|
|
@tflint --recursive
|
|
|
|
format:
|
|
@tofu fmt -recursive .
|
|
@tflint --recursive
|
|
|
|
deploy:
|
|
#!/usr/bin/env sh
|
|
cd {{justfile_directory()}}/terraform
|
|
tofu init
|
|
tofu apply
|
|
|
|
destroy:
|
|
#!/usr/bin/env sh
|
|
cd {{justfile_directory()}}/terraform
|
|
tofu destroy
|
|
|
|
# Create a list of blocked IP ranges. Traffic we don't want.
|
|
ingress-blocked-list:
|
|
#!/usr/bin/env bash
|
|
GOOGLE_BOT_IPV4=$(curl -s https://raw.githubusercontent.com/lord-alfred/ipranges/main/googlebot/ipv4_merged.txt)
|
|
GOOGLE_BOT_IPV6=$(curl -s https://raw.githubusercontent.com/lord-alfred/ipranges/main/googlebot/ipv6_merged.txt)
|
|
echo "# GOOGLE_BOT IPV4 $(echo $GOOGLE_BOT_IPV4 | wc -w)"
|
|
echo "# GOOGLE_BOT IPV6 $(echo $GOOGLE_BOT_IPV6 | wc -w)"
|
|
|
|
BING_BOT_IPV4=$(curl -s https://raw.githubusercontent.com/lord-alfred/ipranges/main/bing/ipv4_merged.txt)
|
|
echo "# BING_BOT IPV4 $(echo $BING_BOT_IPV4 | wc -w)"
|
|
|
|
OPENAI_IPV4=$(curl -s https://raw.githubusercontent.com/lord-alfred/ipranges/main/openai/ipv4_merged.txt)
|
|
echo "# OPENAI IPV4 $(echo $OPENAI_IPV4 | wc -w)"
|
|
|
|
FACEBOOK_IPV4=$(curl -s https://raw.githubusercontent.com/lord-alfred/ipranges/main/facebook/ipv4_merged.txt)
|
|
FACEBOOK_IPV6=$(curl -s https://raw.githubusercontent.com/lord-alfred/ipranges/main/facebook/ipv6_merged.txt)
|
|
echo "# FACEBOOK IPV4 $(echo $FACEBOOK_IPV4 | wc -w)"
|
|
echo "# FACEBOOK IPV6 $(echo $FACEBOOK_IPV6 | wc -w)"
|
|
|
|
IP_RANGES=$(echo -e "$GOOGLE_BOT_IPV4\n$GOOGLE_BOT_IPV6\n$BING_BOT_IPV4\n$BING_BOT_IPV6\n$OPENAI_IPV4\n$FACEBOOK_IPV4\n$FACEBOOK_IPV6" | sort | uniq)
|
|
echo "#!!DO NOT EDIT!! Generated by using just ingress-blocked-list command." > root/etc/nginx/partials/blocked.conf
|
|
for ip in $IP_RANGES; do
|
|
echo "deny $ip;" >> root/etc/nginx/partials/blocked.conf
|
|
done
|
|
|
|
provision:
|
|
#!/usr/bin/env sh
|
|
set -eou pipefail
|
|
|
|
pushd {{justfile_directory()}}/terraform > /dev/null
|
|
NODES=$(tofu output -json | jq -r '.nodes.value[]')
|
|
popd > /dev/null
|
|
|
|
for NODE in $NODES
|
|
do
|
|
echo "= Provisioning node ${NODE}"
|
|
cat install.sh | tailscale ssh ubuntu@${NODE} 'sudo bash -s'
|
|
done
|
|
|
|
list-servers:
|
|
@cd terraform && tofu output -json | jq -r '.nodes.value[]'
|