Updating base OS to Debian 12, updating Terraform version. - infra - Terraform IoC for my remote (Hetzner) and local (Incus) servers.
DIR Log
DIR Files
DIR Refs
DIR README
---
DIR commit 6e1286b5e3433c0dc66e2e643de7bdadb23e4486
DIR parent c689568e0318bc63c40fb0b47d1732ae902d7dd6
HTML Author: Jay Scott <me@jay.scot>
Date: Thu, 29 Jun 2023 17:06:22 +0100
Updating base OS to Debian 12, updating Terraform version.
I have also fixed a few issues with the ansible scripts that appeared
with the latest server build.
Diffstat:
M README | 4 ++--
M ansible/group_vars/all.yml | 1 +
M ansible/inventory.yml | 3 ---
M ansible/main.yml | 1 -
M ansible/roles/common/handlers/main… | 2 +-
M ansible/roles/common/tasks/main.yml | 5 +++++
M ansible/roles/finger/tasks/main.yml | 1 +
A terraform/id_rsa.pub | 1 +
M terraform/main.tf | 10 +++-------
M terraform/outputs.tf | 2 +-
M terraform/terraform.tfvars | 38 ++++++++++++++++----------------
M terraform/variables.tf | 24 ++++++++++++++----------
12 files changed, 48 insertions(+), 44 deletions(-)
---
DIR diff --git a/README b/README
@@ -7,7 +7,7 @@ Bootstrap Hetzner Cloud servers.
Provision X servers with desired configuration
Create custom firewall rules
Add reverse dns entry
- Userdata bootscript adding a ansible user account
+ Userdata bootscript adding an Ansible user account
If you actually want to use this for yourself then you might need to do
the following depending on your requirements.
@@ -17,7 +17,7 @@ the following depending on your requirements.
The user_data script is a standard cloud-init yaml config that creates
-an ansible user for further configuration the instances.
+an Ansible user for further configuration the instances.
terraform plan
DIR diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
@@ -1,3 +1,4 @@
default:
username: jay
comment: Jay Scott
+ hostname: jay.scot
DIR diff --git a/ansible/inventory.yml b/ansible/inventory.yml
@@ -8,6 +8,3 @@ all:
gopher:
hosts:
jay.scot
- git:
- hosts:
- jay.scot
DIR diff --git a/ansible/main.yml b/ansible/main.yml
@@ -16,7 +16,6 @@
become: true
roles:
- role: gopher
- - role: stagit
tags:
- gopher
DIR diff --git a/ansible/roles/common/handlers/main.yml b/ansible/roles/common/handlers/main.yml
@@ -1,4 +1,4 @@
- name: Restart sshd
ansible.builtin.service:
name: sshd
- state: restart
+ state: restarted
DIR diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml
@@ -40,3 +40,8 @@
state: present
nopassword: true
commands: ALL
+
+- name: Set the hostname
+ ansible.builtin.hostname:
+ name: "{{ default.hostname }}"
+ use: systemd
DIR diff --git a/ansible/roles/finger/tasks/main.yml b/ansible/roles/finger/tasks/main.yml
@@ -24,6 +24,7 @@
- list
- logo.txt
- morris.txt
+ - mcrae.txt
- log
- luser
- nouser
DIR diff --git a/terraform/id_rsa.pub b/terraform/id_rsa.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDCRWnkYAChsjuT/T/IoENtm8OT18tPereaw6OOqmZ5Kvx2W8wCLL8zaBK1ieYRTeDfNU6cnAEkZdn0B2/twWvDLwyTihkWKa6FxdZ8Pv+4BEDhUS5jpxUhpBbLMOKu1SRTu9cr3jv7CcK90ouMes4d9Mnm76C0yskCBTiXdNKZ0LEYf+7hbRN1UnF9tG+RNHpnqx/3uKSWEjAEwu0lXLzOsJhNZMUXaruoKVohvRS1h9C3CT5SKWjhVX7f0oVWtSt4BhExO9B4lOgfPFZ46Aj+AsFffk2TluQq9ChdJXmSxd6OBRUae4KuX4QykHty9cU+63O45PZp92Ay8Gk5tlSqlFn2DUc4gU68CKcAwQSM018ASQiWou4Gw9Dq8sKa6R1HIi7X3marVJW/wKLu7xFyIiWYddyUGNhuINpj+vx0fk5ET+dE+5i43kM6YVWSAyazyGRhholPFFh7y4+FbdG+lkMnU9ScvnB8j0nTMOptu9HwIAVhVqHK1s+aJgRp4QU= me@jay.scot
DIR diff --git a/terraform/main.tf b/terraform/main.tf
@@ -5,11 +5,8 @@ terraform {
version = "1.36.2"
}
}
-
- backend "local" {
- path = "/home/jay/.config/infra/terraform.tfstate"
+ cloud {
}
-
}
resource "hcloud_ssh_key" "this" {
@@ -21,12 +18,12 @@ resource "hcloud_ssh_key" "this" {
resource "hcloud_firewall" "this" {
- for_each = var.nodes
+ for_each = var.firewall_rules
name = each.key
dynamic "rule" {
- for_each = each.value.firewall_rules
+ for_each = each.value.rules
content {
description = rule.key
@@ -64,4 +61,3 @@ resource "hcloud_rdns" "this" {
ip_address = each.value.ipv4_address
dns_ptr = var.nodes[each.key].reverse_dns
}
-
DIR diff --git a/terraform/outputs.tf b/terraform/outputs.tf
@@ -1,3 +1,3 @@
output "public_ip_address" {
- value = {for name, server in hcloud_server.this: name => server.ipv4_address}
+ value = { for name, server in hcloud_server.this : name => server.ipv4_address }
}
DIR diff --git a/terraform/terraform.tfvars b/terraform/terraform.tfvars
@@ -1,16 +1,10 @@
public_ssh_keys = {
- main_key = "~/.ssh/id_rsa.pub"
+ main = "./id_rsa.pub"
}
-nodes = {
- "jay.scot" = {
- image = "debian-11"
- location = "hel1",
- server_type = "cx11",
- reverse_dns = "jay.scot"
- user_data = "user_data/boot.yml"
- public_key = "main_key"
- firewall_rules = {
+firewall_rules = {
+ "gopher" = {
+ rules = {
gopher = {
direction = "in"
protocol = "tcp"
@@ -23,12 +17,6 @@ nodes = {
source_ips = ["0.0.0.0/0", "::/0"]
port = "22"
}
- git = {
- direction = "in"
- protocol = "tcp"
- source_ips = ["0.0.0.0/0", "::/0"]
- port = "9418"
- }
fingerd = {
direction = "in"
protocol = "tcp"
@@ -36,10 +24,22 @@ nodes = {
port = "79"
}
}
- ipv4 = true
- ipv6 = true
+ }
+}
+
+nodes = {
+ "gopher" = {
+ image = "debian-12"
+ location = "hel1",
+ server_type = "cx11",
+ reverse_dns = "jay.scot"
+ user_data = "user_data/boot.yml"
+ public_key = "main"
+ ipv4 = true
+ ipv6 = true
labels = {
- git = "true"
+ gopher = "true"
+ finger = "true"
}
}
}
DIR diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -4,18 +4,22 @@ variable "public_ssh_keys" {
type = map(any)
}
+variable "firewall_rules" {
+ description = "Firewall configuration settings."
+ type = map(any)
+}
+
variable "nodes" {
description = "Configuration settings for each required node."
type = map(object({
- image = string
- location = string
- server_type = string
- reverse_dns = string
- user_data = string
- public_key = string
- labels = map(any)
- firewall_rules = map(any)
- ipv4 = bool
- ipv6 = bool
+ image = string
+ location = string
+ server_type = string
+ reverse_dns = string
+ user_data = string
+ public_key = string
+ labels = map(any)
+ ipv4 = bool
+ ipv6 = bool
}))
}