tjo-space/infrastructure-ng
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(id.tjo.space): changes

Browse source
This commit is contained in:
Tine 2025-03-06 21:11:57 +01:00
parent dbe532d360
commit a9c11f352f
Signed by: mentos1386
SSH key fingerprint: SHA256:MNtTsLbihYaWF8j1fkOHfkKNlnN1JQfxEU/rBU8nCGw
6 changed files with 53 additions and 25 deletions
id.tjo.space
configs/caddy
Caddyfile
containers
caddy.container
install.sh
terraform
main.tfouputs.tfvariables.tf

5
id.tjo.space/configs/caddy/Caddyfile Normal file
View file

@ -0,0 +1,5 @@
next.id.tjo.space
respond /tjo-space/status "OK"
reverse_proxy authentik-server:9000

1
id.tjo.space/containers/caddy.container
View file

@ -5,6 +5,7 @@ Description=A Caddy Container
Image=docker.io/caddy:2.9
PublishPort=443
Volume=/etc/caddy:/etc/caddy
EnvironmentFile=/etc/caddy/env
[Service]
Restart=always

21
id.tjo.space/install.sh
View file

@ -23,15 +23,26 @@ fi
echo "=== Installing Dependencies"
apt update -y
apt install -y \
git \
rsync \
jq \
podman
echo "=== Configure Firewall"
ufw allow 22/tcp # SSH
ufw allow 443/tcp # HTTPS
ufw allow 636/tcp # LDAPS
ufw enable
ufw --force enable
echo "=== Setup Containers"
cp -r /id.tjo.space/configs /etc/
cp -r /id.tjo.space/containers /etc/containers/systemd/
echo "== Configure Metadata"
DOMAIN_NAME=$(jq -r ".domain" /etc/tjo.space/meta.json)
echo "=== Copy Configuration Files"
rsync -av id.tjo.space/containers/ /etc/containers/systemd/
rsync -av id.tjo.space/configs/ /etc/
echo "=== Setup Caddy"
cat <<EOF >/etc/caddy/env
DOMAIN_NAME=${DOMAIN_NAME}
EOF
systemctl enable --now caddy

43
id.tjo.space/terraform/main.tf
View file

@ -1,34 +1,45 @@
resource "hcloud_ssh_key" "main" {
for_each = var.ssh_keys
for_each = var.ssh_keys
name = each.key
public_key = each.value
}
resource "hcloud_server" "main" {
for_each = toset(var.nodes)
locals {
nodes = {
for k in var.nodes : k => {
meta = {
name = k
domain = "next.id.tjo.space"
}
}
}
}
name = "${each.key}.id.tjo.space"
resource "hcloud_server" "main" {
for_each = local.nodes
name = "${each.value.meta.name}.${each.value.meta.domain}"
image = "ubuntu-24.04"
server_type = "cax11"
datacenter = "hel1-dc2"
datacenter = "hel1-dc2"
public_net {
ipv4_enabled = true
ipv6_enabled = true
}
backups = true
backups = true
ssh_keys = [for key, value in var.ssh_keys : hcloud_ssh_key.main[key].id]
user_data = <<-EOF
#cloud-config
hostname: "${each.key}"
fqdn: id.tjo.space
hostname: "${each.value.meta.name}"
fqdn: "${each.value.meta.name}.${each.value.meta.domain}"
prefer_fqdn_over_hostname: true
write_files:
- path: /etc/tjo.space/meta.json
encoding: base64
content: ${base64encode(jsonencode(each.value.meta))}
packages:
- git
- curl
@ -45,20 +56,20 @@ resource "hcloud_server" "main" {
}
resource "dnsimple_zone_record" "a" {
for_each = toset(var.nodes)
for_each = local.nodes
zone_name = "tjo.space"
name = "next.id"
name = trimsuffix(each.value.meta.domain, ".tjo.space")
value = hcloud_server.main[each.key].ipv4_address
type = "A"
ttl = 300
}
resource "dnsimple_zone_record" "aaaa" {
for_each = toset(var.nodes)
for_each = local.nodes
zone_name = "tjo.space"
name = "next.id"
name = trimsuffix(each.value.meta.domain, ".tjo.space")
value = hcloud_server.main[each.key].ipv6_address
type = "AAAA"
ttl = 300

4
id.tjo.space/terraform/ouputs.tf
View file

@ -1,7 +1,7 @@
output "ipv4" {
value = { for node in var.nodes: node => hcloud_server.main[node].ipv4_address }
value = { for node in var.nodes : node => hcloud_server.main[node].ipv4_address }
}
output "ipv6" {
value = { for node in var.nodes: node => hcloud_server.main[node].ipv6_address }
value = { for node in var.nodes : node => hcloud_server.main[node].ipv6_address }
}

4
id.tjo.space/terraform/variables.tf
View file

@ -1,11 +1,11 @@
variable "hcloud_token" {
sensitive = true
type = string
type = string
}
variable "dnsimple_token" {
sensitive = true
type = string
type = string
}
variable "dnsimple_account_id" {