Replace tailscale with netbird
This commit is contained in:
parent
fc745fa8b4
commit
8afa6f5c7a
GPG key ID:
13AD60C237A28DFE
13 changed files with 89 additions and 141 deletions
|
|
@ -35,9 +35,9 @@ resource "hcloud_server" "nodes" {
|
|||
server_type = each.value.server_type
|
||||
ssh_keys = [hcloud_ssh_key.default.id]
|
||||
user_data = templatefile("./templates/cloud-init.yaml.tpl", {
|
||||
tailscale_authkey = each.value.ephemeral ? tailscale_tailnet_key.cloud_init_ephemeral_key.key : tailscale_tailnet_key.cloud_init_key.key,
|
||||
default_ssh_key = var.default_ssh_key.public_key
|
||||
hostname = each.value.hostname
|
||||
netbird_setup_key = each.value.ephemeral ? netbird_setup_key.cloud_init_ephemeral_key.key : netbird_setup_key.cloud_init_key.key,
|
||||
default_ssh_key = var.default_ssh_key.public_key
|
||||
hostname = each.value.hostname
|
||||
})
|
||||
placement_group_id = hcloud_placement_group.default.id
|
||||
public_net {
|
||||
|
|
|
|||
|
|
@ -12,6 +12,10 @@ terraform {
|
|||
source = "kristofferahl/healthchecksio"
|
||||
version = "~> 1.6.0"
|
||||
}
|
||||
netbird = {
|
||||
source = "netbirdio/netbird"
|
||||
version = "0.0.7"
|
||||
}
|
||||
ovh = {
|
||||
source = "ovh/ovh"
|
||||
version = "~> 0.48.0"
|
||||
|
|
@ -20,10 +24,6 @@ terraform {
|
|||
source = "scaleway/scaleway"
|
||||
version = "~> 2.53.0"
|
||||
}
|
||||
tailscale = {
|
||||
source = "tailscale/tailscale"
|
||||
version = "~> 0.16.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
30
modules/infrastructure/netbird.tf
Normal file
30
modules/infrastructure/netbird.tf
Normal file
|
|
@ -0,0 +1,30 @@
|
|||
data "netbird_group" "servers" {
|
||||
name = "servers"
|
||||
}
|
||||
|
||||
resource "netbird_setup_key" "cloud_init_key" {
|
||||
name = "Cloud-init key used by opentofu"
|
||||
ephemeral = false
|
||||
auto_groups = [data.netbird_group.servers.id]
|
||||
type = "reusable"
|
||||
expiry_seconds = 21600 # 6 hours
|
||||
}
|
||||
resource "netbird_setup_key" "cloud_init_ephemeral_key" {
|
||||
name = "Ephemeral cloud-init key used by opentofu"
|
||||
ephemeral = true
|
||||
auto_groups = [data.netbird_group.servers.id]
|
||||
type = "reusable"
|
||||
expiry_seconds = 21600 # 6 hours
|
||||
}
|
||||
|
||||
resource "time_sleep" "wait_for_hosts" {
|
||||
for_each = var.hosts
|
||||
depends_on = [hcloud_server.nodes]
|
||||
create_duration = "60s"
|
||||
}
|
||||
|
||||
data "netbird_peer" "nodes" {
|
||||
for_each = var.hosts
|
||||
depends_on = [time_sleep.wait_for_hosts]
|
||||
name = each.value.hostname
|
||||
}
|
||||
|
|
@ -16,11 +16,7 @@ output "hosts" {
|
|||
)
|
||||
|
||||
"ipv4_address_vpn" = try(
|
||||
local.tailscale_host_addresses_ipv4[key],
|
||||
null
|
||||
)
|
||||
"ipv6_address_vpn" = try(
|
||||
local.tailscale_host_addresses_ipv6[key],
|
||||
data.netbird_peer.nodes[key].ip,
|
||||
null
|
||||
)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,26 +22,6 @@ locals {
|
|||
},
|
||||
}
|
||||
]...)
|
||||
|
||||
tailscale_host_addresses_ipv4 = merge([
|
||||
for host, _ in var.hosts : {
|
||||
"${host}" = [
|
||||
for address in data.tailscale_device.nodes[host].addresses :
|
||||
address
|
||||
if !strcontains(address, ":")
|
||||
][0]
|
||||
}
|
||||
]...)
|
||||
|
||||
tailscale_host_addresses_ipv6 = merge([
|
||||
for host, _ in var.hosts : {
|
||||
"${host}" = [
|
||||
for address in data.tailscale_device.nodes[host].addresses :
|
||||
address
|
||||
if strcontains(address, ":")
|
||||
][0]
|
||||
}
|
||||
]...)
|
||||
}
|
||||
|
||||
resource "ovh_domain_zone_record" "server_records" {
|
||||
|
|
@ -53,22 +33,13 @@ resource "ovh_domain_zone_record" "server_records" {
|
|||
target = each.value.address
|
||||
}
|
||||
|
||||
resource "ovh_domain_zone_record" "tailscale_vpn_ipv4" {
|
||||
for_each = local.tailscale_host_addresses_ipv4
|
||||
resource "ovh_domain_zone_record" "netbird_vpn_ipv4" {
|
||||
for_each = data.netbird_peer.nodes
|
||||
zone = "serguzim.net"
|
||||
subdomain = "${each.key}.vpn"
|
||||
subdomain = "${each.value.name}.vpn"
|
||||
fieldtype = "A"
|
||||
ttl = 600
|
||||
target = each.value
|
||||
}
|
||||
|
||||
resource "ovh_domain_zone_record" "tailscale_vpn_ipv6" {
|
||||
for_each = local.tailscale_host_addresses_ipv6
|
||||
zone = "serguzim.net"
|
||||
subdomain = "${each.key}.vpn"
|
||||
fieldtype = "AAAA"
|
||||
ttl = 600
|
||||
target = each.value
|
||||
target = each.value.ip
|
||||
}
|
||||
|
||||
resource "ovh_domain_zone_record" "gpg_verify" {
|
||||
|
|
|
|||
|
|
@ -1,27 +0,0 @@
|
|||
resource "tailscale_tailnet_key" "cloud_init_key" {
|
||||
reusable = true
|
||||
ephemeral = false
|
||||
preauthorized = true
|
||||
expiry = 21600 # 6 hours
|
||||
description = "Cloud-init key used by opentofu"
|
||||
}
|
||||
resource "tailscale_tailnet_key" "cloud_init_ephemeral_key" {
|
||||
reusable = true
|
||||
ephemeral = true
|
||||
preauthorized = true
|
||||
expiry = 21600 # 6 hours
|
||||
description = "Ephemeral cloud-init key used by opentofu"
|
||||
}
|
||||
|
||||
resource "time_sleep" "wait_for_hosts" {
|
||||
for_each = var.hosts
|
||||
depends_on = [hcloud_server.nodes]
|
||||
create_duration = "60s"
|
||||
}
|
||||
|
||||
data "tailscale_device" "nodes" {
|
||||
for_each = var.hosts
|
||||
depends_on = [time_sleep.wait_for_hosts]
|
||||
hostname = each.value.hostname
|
||||
wait_for = "60s"
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue