feat: big refactor

main
Ricard Illa 2023-05-23 12:50:26 +02:00
parent c33a9f4bfa
commit caf0e395d9
12 changed files with 166 additions and 111 deletions

View File

@ -12,7 +12,7 @@ pipeline:
image: registry.monotremata.xyz/terraform image: registry.monotremata.xyz/terraform
pull: true pull: true
commands: commands:
- terraform -chdir=tf init -backend-config="conn_str=$BACKEND_CONN_STR" - terraform init -backend-config="conn_str=$BACKEND_CONN_STR"
secrets: secrets:
[backend_conn_str] [backend_conn_str]
@ -20,8 +20,8 @@ pipeline:
image: registry.monotremata.xyz/terraform image: registry.monotremata.xyz/terraform
pull: true pull: true
commands: commands:
- terraform -chdir=tf plan -out=tfplan - terraform plan -out=tfplan
- terraform -chdir=tf show -json tfplan - terraform show -json tfplan
environment: environment:
- HTTP_PROXY=caladan:8888 - HTTP_PROXY=caladan:8888
- HTTPS_PROXY=caladan:8888 - HTTPS_PROXY=caladan:8888
@ -34,7 +34,7 @@ pipeline:
image: registry.monotremata.xyz/terraform image: registry.monotremata.xyz/terraform
pull: true pull: true
commands: commands:
- terraform -chdir=tf apply tfplan - terraform apply tfplan
environment: environment:
- HTTP_PROXY=caladan:8888 - HTTP_PROXY=caladan:8888
- HTTPS_PROXY=caladan:8888 - HTTPS_PROXY=caladan:8888

View File

@ -9,7 +9,7 @@
in { in {
devShell = pkgs.mkShell { devShell = pkgs.mkShell {
nativeBuildInputs = nativeBuildInputs =
[ pkgs.bashInteractive pkgs.terraform pkgs.linode-cli ]; [ pkgs.bashInteractive pkgs.terraform pkgs.linode-cli pkgs.just ];
buildInputs = [ ]; buildInputs = [ ];
}; };
}); });

26
justfile Normal file
View File

@ -0,0 +1,26 @@
pg_user := "terraform"
# pg_host := "pg.monotremata.xyz"
pg_host := "narwhal"
pg_db := "terraform_backend"
pg_port := "5432"
passwd := `pass pg.monotremata.xyz/terraform`
# todo: I'll use this once string interpolation gets implenented in Just https://github.com/casey/just/issues/11
# conn_str := f"postgres://{{pg_user}}:{{passwd}}@{{pg_host}}:{{pg_port}}/{{pg_db}}"
export NAMECHEAP_API_KEY := `pass namecheap.com/api_key`
export LINODE_TOKEN := `pass linode.com/token`
export VULTR_API_KEY := `pass vultr.com/api_key`
export HTTP_PROXY := "caladan:8888"
export HTTPS_PROXY := "caladan:8888"
init:
terraform init -backend-config="conn_str=postgres://{{pg_user}}:{{passwd}}@{{pg_host}}:{{pg_port}}/{{pg_db}}"
plan *ARGS:
terraform plan {{ARGS}}
apply *ARGS:
terraform apply {{ARGS}}

62
main.tf Normal file
View File

@ -0,0 +1,62 @@
terraform {
backend "pg" {}
required_providers {
namecheap = {
source = "namecheap/namecheap"
version = ">= 2.0.0"
}
linode = {
source = "linode/linode"
version = ">= 1.29.0"
}
vultr = {
source = "vultr/vultr"
version = "2.11.4"
}
}
}
provider "namecheap" {
user_name = "gthar"
api_user = "gthar"
client_ip = "139.162.137.29" // caladan's public IP
use_sandbox = false
}
provider "vultr" {
}
module "dns" {
source = "./modules/dns"
domain = "monotremata.xyz"
caladan = {
ipv4 = "139.162.137.29"
ipv6 = "2a01:7e01::f03c:92ff:fea2:5d7c"
domains = toset([
"monotremata.xyz",
"git",
"gts",
"kb",
"keyoxide",
"matrix",
"pleroma",
"pg.caladan",
"xmpp",
"proxy.xmpp",
"upload.xmpp",
"groups.xmpp",
])
}
fugu = {
ipv4 = "217.69.5.52"
ipv6 = "2001:19f0:6801:1d34:5400:03ff:fe18:7588"
}
dkim_pub_key = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3dRTQXNdRNKjM/hnTIQ9d6h4qr7hDkoo3D8ySrV4tEcOC9cCD5fWiUzc560GuWPW5nm/VCDt6gHTGbkwsU/ULO+mjKJtvhZtEJnO4WqVG9Hr2whypODkGM9FSwh0yaWV96OJd51upsNRD/S5fKDMRcl09aBYe2rsn/877re/M0wIDAQAB"
}
module "vps" {
source = "./modules/vps"
}

View File

@ -3,40 +3,24 @@
# I decided to manage that subdomain outside of terraform because it has a # I decided to manage that subdomain outside of terraform because it has a
# dynamic IP that I update with a cron job # dynamic IP that I update with a cron job
locals { terraform {
domain = "monotremata.xyz" required_providers {
namecheap = {
// Alpine VPS hosted on Linode source = "namecheap/namecheap"
caladan = { version = ">= 2.0.0"
ipv4 = "139.162.137.29"
ipv6 = "2a01:7e01::f03c:92ff:fea2:5d7c"
// These are subdomains for services hosted on the host named `caladan`.
// Both A and AAAA records should be made for them pointing to caladan's ipv4
// and ipv6 respectively
domains = toset([
local.domain,
"git",
"gts",
"kb",
"keyoxide",
"matrix",
"pleroma",
"pg.caladan",
"xmpp",
"proxy.xmpp",
"upload.xmpp",
"groups.xmpp",
])
} }
linode = {
// OpenBSD VPS hosted on Vultr source = "linode/linode"
fugu = { version = ">= 1.29.0"
ipv4 = "217.69.5.52"
ipv6 = "2001:19f0:6801:1d34:5400:03ff:fe18:7588"
} }
}
}
dkim_pub_key = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3dRTQXNdRNKjM/hnTIQ9d6h4qr7hDkoo3D8ySrV4tEcOC9cCD5fWiUzc560GuWPW5nm/VCDt6gHTGbkwsU/ULO+mjKJtvhZtEJnO4WqVG9Hr2whypODkGM9FSwh0yaWV96OJd51upsNRD/S5fKDMRcl09aBYe2rsn/877re/M0wIDAQAB" provider "namecheap" {
user_name = "gthar"
api_user = "gthar"
client_ip = "139.162.137.29" // caladan's public IP
use_sandbox = false
} }
resource "namecheap_domain_records" "namecheap-monotremata-xyz" { resource "namecheap_domain_records" "namecheap-monotremata-xyz" {
@ -53,24 +37,24 @@ resource "namecheap_domain_records" "namecheap-monotremata-xyz" {
resource "linode_domain" "monotremata_xyz" { resource "linode_domain" "monotremata_xyz" {
type = "master" type = "master"
domain = local.domain domain = var.domain
soa_email = format("admin@%s", local.domain) soa_email = format("admin@%s", var.domain)
} }
resource "linode_domain_record" "caladan_a" { resource "linode_domain_record" "caladan_a" {
domain_id = linode_domain.monotremata_xyz.id domain_id = linode_domain.monotremata_xyz.id
name = each.key name = each.key
record_type = "A" record_type = "A"
target = local.caladan.ipv4 target = var.caladan.ipv4
for_each = local.caladan.domains for_each = var.caladan.domains
} }
resource "linode_domain_record" "caladan_aaaa" { resource "linode_domain_record" "caladan_aaaa" {
domain_id = linode_domain.monotremata_xyz.id domain_id = linode_domain.monotremata_xyz.id
name = each.key name = each.key
record_type = "AAAA" record_type = "AAAA"
target = local.caladan.ipv6 target = var.caladan.ipv6
for_each = local.caladan.domains for_each = var.caladan.domains
} }
resource "linode_domain_record" "mx" { resource "linode_domain_record" "mx" {
@ -82,17 +66,17 @@ resource "linode_domain_record" "mx" {
for_each = { for_each = {
A = { A = {
name = "mail" name = "mail"
target = local.fugu.ipv4 target = var.fugu.ipv4
priority = null priority = null
} }
AAAA = { AAAA = {
name = "mail" name = "mail"
target = local.fugu.ipv6 target = var.fugu.ipv6
priority = null priority = null
} }
MX = { MX = {
name = local.domain, name = var.domain,
target = format("mail.%s", local.domain) target = format("mail.%s", var.domain)
priority = 0 priority = 0
} }
} }
@ -107,17 +91,17 @@ resource "linode_domain_record" "mx2" {
for_each = { for_each = {
A = { A = {
name = "mx2" name = "mx2"
target = local.caladan.ipv4 target = var.caladan.ipv4
priority = null priority = null
} }
AAAA = { AAAA = {
name = "mx2" name = "mx2"
target = local.caladan.ipv6 target = var.caladan.ipv6
priority = null priority = null
} }
MX = { MX = {
name = local.domain name = var.domain
target = format("mx2.%s", local.domain) target = format("mx2.%s", var.domain)
priority = 5 priority = 5
} }
} }
@ -130,16 +114,16 @@ resource "linode_domain_record" "mail_txt" {
target = each.value.target target = each.value.target
for_each = { for_each = {
spf = { spf = {
name = local.domain name = var.domain
target = "v=spf1 mx -all" target = "v=spf1 mx -all"
} }
dmarc = { dmarc = {
name = "_dmarc" name = "_dmarc"
target = format("v=DMARC1;p=quarantine;pct=100;rua=mailto:postmaster@%s;;", local.domain) target = format("v=DMARC1;p=quarantine;pct=100;rua=mailto:postmaster@%s;;", var.domain)
} }
dkim = { dkim = {
name = "20201210._domainkey" name = "20201210._domainkey"
target = format("v=DKIM1;k=rsa;p=%s;", local.dkim_pub_key) target = format("v=DKIM1;k=rsa;p=%s;", var.dkim_pub_key)
} }
} }
} }
@ -152,7 +136,7 @@ resource "linode_domain_record" "matrix_srv" {
priority = 0 priority = 0
weight = 10 weight = 10
port = 443 port = 443
target = format("matrix.%s", local.domain) target = format("matrix.%s", var.domain)
ttl_sec = 1800 // 30 min ttl_sec = 1800 // 30 min
} }
@ -164,7 +148,7 @@ resource "linode_domain_record" "xmpp_srv" {
port = each.value.port port = each.value.port
priority = 5 priority = 5
weight = 0 weight = 0
target = format("xmpp.%s", local.domain) target = format("xmpp.%s", var.domain)
ttl_sec = 1800 // 30 min ttl_sec = 1800 // 30 min
for_each = { for_each = {
xmpp-client = { xmpp-client = {

26
modules/dns/variables.tf Normal file
View File

@ -0,0 +1,26 @@
variable "domain" {
type = string
description = "main domain"
}
variable "caladan" {
type = object({
ipv4 = string
ipv6 = string
domains = set(string)
})
description = "configuration values specific to caladan (my Alpine VPS hosted on linode)"
}
variable "fugu" {
type = object({
ipv4 = string
ipv6 = string
})
description = "configuration values specific to fugu (my OpenBSD VPS hosted on vultr)"
}
variable "dkim_pub_key" {
type = string
description = "dkim public key"
}

12
modules/vps/main.tf Normal file
View File

@ -0,0 +1,12 @@
terraform {
required_providers {
linode = {
source = "linode/linode"
version = ">= 1.29.0"
}
vultr = {
source = "vultr/vultr"
version = "2.11.4"
}
}
}

View File

@ -1,11 +0,0 @@
#!/bin/sh
PG_USER=terraform
PG_HOST=pg.monotremata.xyz
PG_DB=terraform_backend
PG_PORT=5432
passwd=$(pass "${PG_HOST}/${PG_USER}")
conn_str="postgres://${PG_USER}:${passwd}@${PG_HOST}:${PG_PORT}/${PG_DB}"
terraform -chdir=./tf init -backend-config="conn_str=${conn_str}"

View File

@ -1,14 +0,0 @@
#!/bin/sh
NAMECHEAP_API_KEY=$(pass namecheap.com/api_key)
LINODE_TOKEN=$(pass linode.com/token)
VULTR_API_KEY=$(pass vultr.com/api_key)
export HTTP_PROXY=caladan:8888
export HTTPS_PROXY=caladan:8888
export NAMECHEAP_API_KEY
export LINODE_TOKEN
export VULTR_API_KEY
terraform -chdir=./tf "$@"

View File

@ -1,30 +0,0 @@
terraform {
backend "pg" {}
required_providers {
namecheap = {
source = "namecheap/namecheap"
version = ">= 2.0.0"
}
linode = {
source = "linode/linode"
version = ">= 1.29.0"
}
vultr = {
source = "vultr/vultr"
version = "2.11.4"
}
}
}
provider "namecheap" {
user_name = "gthar"
api_user = "gthar"
client_ip = "139.162.137.29" // caladan's public IP
use_sandbox = false
}
provider "linode" {
}
provider "vultr" {
}