diff --git a/Makefile b/Makefile index 23d6333..1353048 100644 --- a/Makefile +++ b/Makefile @@ -10,7 +10,6 @@ PG_PORT=5432 PG_PASSWD=$(shell pass "$(PG_HOST)/$(PG_USER)") PG_CONN_STR=postgres://$(PG_USER):$(PG_PASSWD)@$(PG_HOST):$(PG_PORT)/$(PG_DB) -NAMECHEAP_API_KEY=$(shell pass namecheap.com/api_key) LINODE_TOKEN=$(shell pass linode.com/token) VULTR_API_KEY=$(shell pass vultr.com/api_key) @@ -20,7 +19,6 @@ HTTPS_PROXY=caladan:8888 export HTTP_PROXY export HTTPS_PROXY -export NAMECHEAP_API_KEY export LINODE_TOKEN export VULTR_API_KEY diff --git a/flake.nix b/flake.nix index b7eedfc..9d343dc 100644 --- a/flake.nix +++ b/flake.nix @@ -17,6 +17,7 @@ pkgs.just pkgs.postgresql pkgs.tfk8s + pkgs.minio-client ]; buildInputs = [ ]; }; diff --git a/lan/justfile b/justfile similarity index 56% rename from lan/justfile rename to justfile index 0ccb29f..052a176 100644 --- a/lan/justfile +++ b/justfile @@ -1,11 +1,17 @@ export TF_VAR_hetzner_token := `pass hetzner.com/tokens/suricata` export TF_VAR_pg_passwd := `pass pg.monotremata.xyz/terraform` +export LINODE_TOKEN := `pass linode.com/token` +export VULTR_API_KEY := `pass vultr.com/api_key` +export HETZNER_DNS_API_TOKEN := `pass hetzner.com/tokens/terraform` + minio_access_key := `pass minio.monotremata.xyz/terraform/access_key` minio_secret_key := `pass minio.monotremata.xyz/terraform/secret_key` init: - terraform init -backend-config="access_key={{minio_access_key}}" -backend-config="secret_key={{minio_secret_key}}" + terraform init \ + -backend-config="access_key={{minio_access_key}}" \ + -backend-config="secret_key={{minio_secret_key}}" plan *ARGS: terraform plan {{ARGS}} diff --git a/lan/main.tf b/lan/main.tf deleted file mode 100644 index d1ae45c..0000000 --- a/lan/main.tf +++ /dev/null @@ -1,29 +0,0 @@ -terraform { - backend "s3" { - endpoint = "https://minio.monotremata.xyz" - bucket = "terraform" - key = "terraform.state" - region = "main" - force_path_style = true - skip_credentials_validation = true - skip_metadata_api_check = true - skip_region_validation = true - } -} - -module "cert-manager" { - source = "../modules/cert-manager" - hetzner_token = var.hetzner_token - email = var.email - zone_name = var.zone_name - dns_common_name = var.dns_common_name - dns_names = var.dns_names -} - -module "postgresql" { - source = "../modules/postgresql" - host = "pg.monotremata.xyz" - password = var.pg_passwd - username = "terraform" - db_owner = "rilla" -} diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..af3ce7e --- /dev/null +++ b/main.tf @@ -0,0 +1,72 @@ +terraform { + backend "s3" { + endpoint = "https://minio.monotremata.xyz" + bucket = "terraform" + key = "terraform.state" + region = "main" + force_path_style = true + skip_credentials_validation = true + skip_metadata_api_check = true + skip_region_validation = true + } +} + +module "cert-manager" { + source = "./modules/cert-manager" + hetzner_token = var.hetzner_token + email = var.email + zone_name = var.zone_name + dns_common_name = var.dns_common_name + dns_names = var.dns_names +} + +module "postgresql" { + source = "./modules/postgresql" + host = "pg.monotremata.xyz" + password = var.pg_passwd + username = "terraform" + db_owner = "rilla" +} + +module "dns" { + source = "./modules/dns" + + # this variable is currently not used because I don't have an IP to whitelist + # for namecheap's API + nameservers = [ + "hydrogen.ns.hetzner.com", + "oxygen.ns.hetzner.com", + "helium.ns.hetzner.de" + ] + + domain = "monotremata.xyz" + + caladan = { + ipv4 = "139.162.137.29" + ipv6 = "2a01:7e01::f03c:92ff:fea2:5d7c" + domains = toset([ + "git", + "gts", + "kb", + "keyoxide", + "matrix", + "pleroma", + "pg.caladan", + "xmpp", + "proxy.xmpp", + "upload.xmpp", + "groups.xmpp", + ]) + } + + fugu = { + ipv4 = "217.69.5.52" + ipv6 = "2001:19f0:6801:1d34:5400:03ff:fe18:7588" + } + + dkim_pub_key = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3dRTQXNdRNKjM/hnTIQ9d6h4qr7hDkoo3D8ySrV4tEcOC9cCD5fWiUzc560GuWPW5nm/VCDt6gHTGbkwsU/ULO+mjKJtvhZtEJnO4WqVG9Hr2whypODkGM9FSwh0yaWV96OJd51upsNRD/S5fKDMRcl09aBYe2rsn/877re/M0wIDAQAB" +} + +module "vps" { + source = "./modules/vps" +} diff --git a/modules/dns/main.tf b/modules/dns/main.tf index 1751356..b18a081 100644 --- a/modules/dns/main.tf +++ b/modules/dns/main.tf @@ -4,10 +4,6 @@ terraform { source = "linode/linode" version = ">= 1.29.0" } - namecheap = { - source = "namecheap/namecheap" - version = ">= 2.0.0" - } hetznerdns = { source = "timohirt/hetznerdns" version = ">=2.2.0" diff --git a/modules/dns/namecheap.tf b/modules/dns/namecheap.tf deleted file mode 100644 index 6f91080..0000000 --- a/modules/dns/namecheap.tf +++ /dev/null @@ -1,12 +0,0 @@ -provider "namecheap" { - user_name = "gthar" - api_user = "gthar" - client_ip = var.caladan.ipv4 // caladan's public IP - use_sandbox = false -} - -resource "namecheap_domain_records" "namecheap-monotremata-xyz" { - domain = var.domain - mode = "OVERWRITE" - nameservers = var.nameservers -} diff --git a/remote/justfile b/remote/justfile deleted file mode 100644 index 382f3f4..0000000 --- a/remote/justfile +++ /dev/null @@ -1,28 +0,0 @@ -pg_user := "terraform" -# pg_host := "pg.monotremata.xyz" -pg_host := "pg.monotremata.xyz" -pg_db := "terraform_backend" -pg_port := "5432" - -passwd := `pass pg.monotremata.xyz/terraform` -# todo: I'll use this once string interpolation gets implenented in Just https://github.com/casey/just/issues/11 -# conn_str := f"postgres://{{pg_user}}:{{passwd}}@{{pg_host}}:{{pg_port}}/{{pg_db}}" - -export NAMECHEAP_API_KEY := `pass namecheap.com/api_key` -export LINODE_TOKEN := `pass linode.com/token` -export VULTR_API_KEY := `pass vultr.com/api_key` -export HTTP_PROXY := "caladan:8888" -export HTTPS_PROXY := "caladan:8888" -export HETZNER_DNS_API_TOKEN := `pass hetzner.com/tokens/terraform` - -init: - terraform init -backend-config="conn_str=postgres://{{pg_user}}:{{passwd}}@{{pg_host}}:{{pg_port}}/{{pg_db}}" - -plan *ARGS: - terraform plan {{ARGS}} - -apply *ARGS: - terraform apply {{ARGS}} - -terraform *ARGS: - terraform {{ARGS}} diff --git a/remote/main.tf b/remote/main.tf deleted file mode 100644 index 4dc4805..0000000 --- a/remote/main.tf +++ /dev/null @@ -1,80 +0,0 @@ -terraform { - backend "pg" {} - required_providers { - namecheap = { - source = "namecheap/namecheap" - version = ">= 2.0.0" - } - linode = { - source = "linode/linode" - version = ">= 1.29.0" - } - vultr = { - source = "vultr/vultr" - version = "2.11.4" - } - hetznerdns = { - source = "timohirt/hetznerdns" - version = ">=2.2.0" - } - } -} - -provider "namecheap" { - user_name = "gthar" - api_user = "gthar" - client_ip = "139.162.137.29" // caladan's public IP - use_sandbox = false -} - -provider "vultr" { -} - -module "dns" { - source = "../modules/dns" - - #nameservers = [ - # "ns1.linode.com", - # "ns2.linode.com", - # "ns3.linode.com", - # "ns4.linode.com", - # "ns5.linode.com" - #] - - nameservers = [ - "hydrogen.ns.hetzner.com", - "oxygen.ns.hetzner.com", - "helium.ns.hetzner.de" - ] - - domain = "monotremata.xyz" - - caladan = { - ipv4 = "139.162.137.29" - ipv6 = "2a01:7e01::f03c:92ff:fea2:5d7c" - domains = toset([ - "git", - "gts", - "kb", - "keyoxide", - "matrix", - "pleroma", - "pg.caladan", - "xmpp", - "proxy.xmpp", - "upload.xmpp", - "groups.xmpp", - ]) - } - - fugu = { - ipv4 = "217.69.5.52" - ipv6 = "2001:19f0:6801:1d34:5400:03ff:fe18:7588" - } - - dkim_pub_key = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3dRTQXNdRNKjM/hnTIQ9d6h4qr7hDkoo3D8ySrV4tEcOC9cCD5fWiUzc560GuWPW5nm/VCDt6gHTGbkwsU/ULO+mjKJtvhZtEJnO4WqVG9Hr2whypODkGM9FSwh0yaWV96OJd51upsNRD/S5fKDMRcl09aBYe2rsn/877re/M0wIDAQAB" -} - -module "vps" { - source = "../modules/vps" -} diff --git a/lan/variables.tf b/variables.tf similarity index 100% rename from lan/variables.tf rename to variables.tf