Compare commits
7 commits
dcddb46d63
...
32e42626a1
Author | SHA1 | Date | |
---|---|---|---|
32e42626a1 | |||
4f1ab2ed7a | |||
1cfe1721a8 | |||
8c8ab389c3 | |||
1353ef643a | |||
ef1c412012 | |||
d89e1221fd |
12 changed files with 117 additions and 72 deletions
4
Makefile
4
Makefile
|
@ -62,5 +62,7 @@ all:
|
|||
$(MAKE) visualize
|
||||
|
||||
visualize:
|
||||
./visualize.py | d2 - infrastructure.svg
|
||||
./scripts/visualize.py | d2 - infrastructure.svg
|
||||
|
||||
new_role:
|
||||
./scripts/new_role.sh
|
||||
|
|
|
@ -31,7 +31,8 @@ terraform {
|
|||
locals {
|
||||
services_auth = {for key, val in var.services : key => val if val.auth}
|
||||
services_database = {for key, val in var.services : key => val if val.database}
|
||||
services_s3 = {for key, val in var.services : key => val if val.s3}
|
||||
services_s3 = {for key, val in var.services : key => (val.s3_buckets != null) ? val.s3_buckets : [key] if val.s3}
|
||||
buckets_s3 = merge([for key, val in local.services_s3 : {for bucket in val : bucket => key}]...)
|
||||
|
||||
hetzner_hosts = {for key, val in var.hosts : key => val if val.provider == "hetzner"}
|
||||
}
|
||||
|
|
|
@ -51,9 +51,9 @@ output "healthchecksio" {
|
|||
|
||||
output "scaleway_data" {
|
||||
value = {
|
||||
for key in keys(scaleway_iam_application.service_applications) : key => {
|
||||
"access_key" = scaleway_iam_api_key.service_keys[key].access_key
|
||||
"secret_key" = scaleway_iam_api_key.service_keys[key].secret_key
|
||||
for key, val in local.buckets_s3 : key => {
|
||||
"access_key" = scaleway_iam_api_key.service_keys[val].access_key
|
||||
"secret_key" = scaleway_iam_api_key.service_keys[val].secret_key
|
||||
"name" = scaleway_object_bucket.service_buckets[key].name
|
||||
"region" = scaleway_object_bucket.service_buckets[key].region
|
||||
"endpoint" = scaleway_object_bucket.service_buckets[key].endpoint
|
||||
|
|
|
@ -27,15 +27,15 @@ resource "scaleway_iam_policy" "service_storage_policies" {
|
|||
}
|
||||
|
||||
resource "scaleway_object_bucket" "service_buckets" {
|
||||
for_each = local.services_s3
|
||||
name = "${each.key}.serguzim.me"
|
||||
for_each = local.buckets_s3
|
||||
name = replace("${each.key}.serguzim.me", "_", "-")
|
||||
lifecycle {
|
||||
prevent_destroy = true
|
||||
}
|
||||
}
|
||||
|
||||
resource "scaleway_object_bucket_policy" "service_bucket_policies" {
|
||||
for_each = local.services_s3
|
||||
for_each = local.buckets_s3
|
||||
bucket = scaleway_object_bucket.service_buckets[each.key].id
|
||||
policy = jsonencode({
|
||||
Version = "2023-04-17",
|
||||
|
@ -58,7 +58,7 @@ resource "scaleway_object_bucket_policy" "service_bucket_policies" {
|
|||
Effect = "Allow"
|
||||
Action = "*"
|
||||
Principal = {
|
||||
SCW = "application_id:${scaleway_iam_application.service_applications[each.key].id}"
|
||||
SCW = "application_id:${scaleway_iam_application.service_applications[each.value].id}"
|
||||
}
|
||||
Resource = [
|
||||
"${scaleway_object_bucket.service_buckets[each.key].name}",
|
||||
|
|
|
@ -32,6 +32,7 @@ variable "services" {
|
|||
auth_cert = optional(string)
|
||||
auth_redirects = optional(list(string))
|
||||
s3 = bool
|
||||
s3_buckets = optional(list(string))
|
||||
database = bool
|
||||
}))
|
||||
}
|
||||
|
|
|
@ -82,7 +82,7 @@ forgejo_env:
|
|||
|
||||
forgejo_compose:
|
||||
watchtower: update
|
||||
image: codeberg.org/forgejo/forgejo:9
|
||||
image: codeberg.org/forgejo/forgejo:11
|
||||
volumes:
|
||||
- data:/data
|
||||
- ./templates:/data/gitea/templates
|
||||
|
|
3
playbooks/roles/software/files/systemd-resolved.conf
Normal file
3
playbooks/roles/software/files/systemd-resolved.conf
Normal file
|
@ -0,0 +1,3 @@
|
|||
[Resolve]
|
||||
DNSOverTLS=opportunistic
|
||||
DNSStubListenerExtra=172.17.0.1
|
|
@ -6,10 +6,20 @@
|
|||
update_cache: true
|
||||
become: true
|
||||
|
||||
- name: Enable systemd-resolved
|
||||
- name: Copy systemd config
|
||||
ansible.builtin.copy:
|
||||
src: systemd-resolved.conf
|
||||
dest: /etc/systemd/resolved.conf
|
||||
mode: "0644"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
become: true
|
||||
register: systemd_resolved_config
|
||||
|
||||
- name: Enable systemd-resolved and (re)start
|
||||
ansible.builtin.systemd_service:
|
||||
name: systemd-resolved.service
|
||||
state: started
|
||||
state: "{{ 'restarted' if systemd_resolved_config.changed else 'started' }}"
|
||||
enabled: true
|
||||
daemon_reload: true
|
||||
become: true
|
||||
|
|
19
scripts/new_role.sh
Executable file
19
scripts/new_role.sh
Executable file
|
@ -0,0 +1,19 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
roles_dir="./playbooks/roles"
|
||||
|
||||
read -p "Enter the new role name: " new_role
|
||||
|
||||
if [ -z "$new_role" ]; then
|
||||
echo "Usage: $0 <role_name>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -d "$roles_dir/$new_role" ]; then
|
||||
echo "Role $new_role already exists."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
cp -r "$roles_dir/_TEMPLATE" "$roles_dir/$new_role"
|
||||
|
||||
sed -i "s/NAME_/${new_role}_/g" "$roles_dir/$new_role"/**/*.yml
|
|
@ -14,11 +14,13 @@ icon_overrides = {
|
|||
"healthcheck": "healthchecks",
|
||||
"lego": "lets-encrypt",
|
||||
"mailcowdockerized": "mailcow",
|
||||
"minecraft_3": "minecraft",
|
||||
"reitanlage_oranienburg": "grav",
|
||||
"tandoor": "tandoor-recipes",
|
||||
"tinytinyrss": "tiny-tiny-rss",
|
||||
"webdis": "redis",
|
||||
"wiki_js": "wiki-js",
|
||||
"woodpecker": "woodpecker-ci"
|
||||
}
|
||||
|
||||
icon_format = {
|
||||
|
@ -26,14 +28,12 @@ icon_format = {
|
|||
"linkwarden": "webp",
|
||||
"telegraf": "webp",
|
||||
"tiny-tiny-rss": "webp",
|
||||
"watchtower": "webp", # TODO revert when icon is fixed
|
||||
}
|
||||
|
||||
icon_url = {
|
||||
"dokku": "https://avatars.githubusercontent.com/u/13455795?s=200&v=4",
|
||||
"factorio": "https://avatars.githubusercontent.com/u/50074624?s=200&v=4",
|
||||
"mimir": "https://raw.githubusercontent.com/grafana/mimir/refs/heads/main/images/logo.png",
|
||||
"teamspeak_fallback": "https://avatars.githubusercontent.com/u/136759148?s=200&v=4",
|
||||
"woodpecker": "https://avatars.githubusercontent.com/u/84780935?s=200&v=4",
|
||||
}
|
||||
|
||||
def get_icon(svc):
|
|
@ -1,3 +1,11 @@
|
|||
# Groups:
|
||||
## 1-hosts
|
||||
## 3-services
|
||||
## 4-websites
|
||||
## 7-support
|
||||
## 8-backup
|
||||
## 9-external
|
||||
|
||||
services = {
|
||||
"acme_dns" = {
|
||||
host = "node001"
|
||||
|
@ -34,7 +42,7 @@ services = {
|
|||
}]
|
||||
monitoring = {
|
||||
url = "/-/health/live/"
|
||||
group = "4-services"
|
||||
group = "3-services"
|
||||
}
|
||||
certificates = ["auth.serguzim.me"]
|
||||
auth = false
|
||||
|
@ -57,7 +65,7 @@ services = {
|
|||
}]
|
||||
monitoring = {
|
||||
url = "/"
|
||||
group = "4-services"
|
||||
group = "3-services"
|
||||
}
|
||||
auth = false
|
||||
database = false
|
||||
|
@ -142,42 +150,42 @@ services = {
|
|||
s3 = false
|
||||
},
|
||||
|
||||
"factorio" = {
|
||||
host = "node002"
|
||||
dns = [{
|
||||
domain = "factorio.serguzim.me"
|
||||
}]
|
||||
backup = [{
|
||||
name = "factorio_data"
|
||||
type = "docker"
|
||||
}]
|
||||
monitoring = {
|
||||
url = "https://multiplayer.factorio.com/get-game-details/91.107.211.57:34197"
|
||||
group = "4-services"
|
||||
interval = "5m"
|
||||
conditions = [
|
||||
"DEFAULT",
|
||||
"[BODY].name == StammtischOnAutomation"
|
||||
]
|
||||
}
|
||||
ports = [
|
||||
{
|
||||
description = "Game port for factorio"
|
||||
port = 34197
|
||||
protocol = "udp"
|
||||
type = "firewall"
|
||||
},
|
||||
{
|
||||
description = "RCON port for factorio"
|
||||
port = 27015
|
||||
protocol = "tcp"
|
||||
type = "firewall"
|
||||
}
|
||||
]
|
||||
auth = false
|
||||
database = false
|
||||
s3 = false
|
||||
}
|
||||
#"factorio" = {
|
||||
# host = "node002"
|
||||
# dns = [{
|
||||
# domain = "factorio.serguzim.me"
|
||||
# }]
|
||||
# backup = [{
|
||||
# name = "factorio_data"
|
||||
# type = "docker"
|
||||
# }]
|
||||
# monitoring = {
|
||||
# url = "https://multiplayer.factorio.com/get-game-details/91.107.211.57:34197"
|
||||
# group = "3-services"
|
||||
# interval = "5m"
|
||||
# conditions = [
|
||||
# "DEFAULT",
|
||||
# "[BODY].name == StammtischOnAutomation"
|
||||
# ]
|
||||
# }
|
||||
# ports = [
|
||||
# {
|
||||
# description = "Game port for factorio"
|
||||
# port = 34197
|
||||
# protocol = "udp"
|
||||
# type = "firewall"
|
||||
# },
|
||||
# {
|
||||
# description = "RCON port for factorio"
|
||||
# port = 27015
|
||||
# protocol = "tcp"
|
||||
# type = "firewall"
|
||||
# }
|
||||
# ]
|
||||
# auth = false
|
||||
# database = false
|
||||
# s3 = false
|
||||
#}
|
||||
|
||||
"forgejo" = {
|
||||
host = "node001"
|
||||
|
@ -190,7 +198,7 @@ services = {
|
|||
}]
|
||||
monitoring = {
|
||||
url = "/api/v1/version"
|
||||
group = "4-services"
|
||||
group = "3-services"
|
||||
}
|
||||
ports = [
|
||||
{
|
||||
|
@ -247,7 +255,7 @@ services = {
|
|||
}]
|
||||
monitoring = {
|
||||
url = "/api/v1/status"
|
||||
group = "4-services"
|
||||
group = "3-services"
|
||||
conditions = [
|
||||
"DEFAULT",
|
||||
"[BODY].health == true"
|
||||
|
@ -275,7 +283,7 @@ services = {
|
|||
}
|
||||
]
|
||||
monitoring = {
|
||||
group = "4-services"
|
||||
group = "3-services"
|
||||
}
|
||||
auth = true
|
||||
auth_redirects = ["https://gallery.serguzim.me/auth/login"]
|
||||
|
@ -294,7 +302,7 @@ services = {
|
|||
}]
|
||||
monitoring = {
|
||||
url = "/health"
|
||||
group = "4-services"
|
||||
group = "3-services"
|
||||
conditions = [
|
||||
"DEFAULT",
|
||||
"[BODY].status == pass"
|
||||
|
@ -322,7 +330,7 @@ services = {
|
|||
]
|
||||
monitoring = {
|
||||
url = "/health"
|
||||
group = "4-services"
|
||||
group = "3-services"
|
||||
conditions = [
|
||||
"DEFAULT",
|
||||
"[BODY] == Healthy"
|
||||
|
@ -347,7 +355,7 @@ services = {
|
|||
}]
|
||||
monitoring = {
|
||||
url = "/api/v1/logins"
|
||||
group = "4-services"
|
||||
group = "3-services"
|
||||
}
|
||||
auth = true
|
||||
auth_cert = "rsa"
|
||||
|
@ -366,7 +374,7 @@ services = {
|
|||
type = "hook"
|
||||
}]
|
||||
monitoring = {
|
||||
group = "4-services"
|
||||
group = "3-services"
|
||||
}
|
||||
ports = [
|
||||
{
|
||||
|
@ -428,7 +436,7 @@ services = {
|
|||
]
|
||||
monitoring = {
|
||||
url = "tcp://minecraft.serguzim.me:25565"
|
||||
group = "4-services"
|
||||
group = "3-services"
|
||||
conditions = [
|
||||
"[CONNECTED] == true"
|
||||
]
|
||||
|
@ -479,7 +487,7 @@ services = {
|
|||
}]
|
||||
monitoring = {
|
||||
url = "/v1/health"
|
||||
group = "4-services"
|
||||
group = "3-services"
|
||||
conditions = [
|
||||
"DEFAULT",
|
||||
"[BODY].healthy == true"
|
||||
|
@ -529,7 +537,7 @@ services = {
|
|||
type = "docker"
|
||||
}]
|
||||
monitoring = {
|
||||
group = "5-websites"
|
||||
group = "4-websites"
|
||||
}
|
||||
auth = false
|
||||
database = false
|
||||
|
@ -555,7 +563,7 @@ services = {
|
|||
]
|
||||
monitoring = {
|
||||
url = "/rest/health"
|
||||
group = "4-services"
|
||||
group = "3-services"
|
||||
conditions = [
|
||||
"DEFAULT",
|
||||
"[BODY].status == pass"
|
||||
|
@ -584,7 +592,7 @@ services = {
|
|||
}]
|
||||
monitoring = {
|
||||
url = "/_matrix/client/versions"
|
||||
group = "4-services"
|
||||
group = "3-services"
|
||||
}
|
||||
ports = [
|
||||
{
|
||||
|
@ -612,7 +620,7 @@ services = {
|
|||
}]
|
||||
monitoring = {
|
||||
url = "/accounts/login/"
|
||||
group = "4-services"
|
||||
group = "3-services"
|
||||
}
|
||||
auth = false
|
||||
database = true
|
||||
|
@ -677,7 +685,7 @@ services = {
|
|||
}]
|
||||
monitoring = {
|
||||
url = "/tt-rss/"
|
||||
group = "4-services"
|
||||
group = "3-services"
|
||||
}
|
||||
auth = false
|
||||
database = true
|
||||
|
@ -691,7 +699,7 @@ services = {
|
|||
}]
|
||||
monitoring = {
|
||||
url = "/api/heartbeat"
|
||||
group = "4-services"
|
||||
group = "3-services"
|
||||
}
|
||||
auth = false
|
||||
database = true
|
||||
|
@ -709,7 +717,7 @@ services = {
|
|||
}]
|
||||
monitoring = {
|
||||
url = "/api/v1/info"
|
||||
group = "4-services"
|
||||
group = "3-services"
|
||||
}
|
||||
auth = true
|
||||
auth_redirects = ["https://todo.serguzim.me/auth/openid/authserguzimme"]
|
||||
|
@ -733,7 +741,7 @@ services = {
|
|||
}]
|
||||
monitoring = {
|
||||
url = "/info"
|
||||
group = "4-services"
|
||||
group = "3-services"
|
||||
}
|
||||
auth = false
|
||||
database = false
|
||||
|
@ -746,7 +754,7 @@ services = {
|
|||
domain = "wiki.serguzim.me"
|
||||
}]
|
||||
monitoring = {
|
||||
group = "4-services"
|
||||
group = "3-services"
|
||||
}
|
||||
auth = true
|
||||
auth_redirects = ["https://wiki.serguzim.me/login/f792bc7d-1a25-4437-944e-55eaf0111102/callback"]
|
||||
|
@ -769,7 +777,7 @@ services = {
|
|||
]
|
||||
monitoring = {
|
||||
url = "/healthz"
|
||||
group = "4-services"
|
||||
group = "3-services"
|
||||
}
|
||||
auth = false
|
||||
database = true
|
||||
|
|
|
@ -162,6 +162,7 @@ variable "services" {
|
|||
auth_cert = optional(string)
|
||||
auth_redirects = optional(list(string))
|
||||
s3 = bool
|
||||
s3_buckets = optional(list(string))
|
||||
database = bool
|
||||
mail = optional(string)
|
||||
}))
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue