vpn.sudo.is and logstash.sudo.is

.gitignore

@@ -5,3 +5,5 @@ terraform.tfstate.backup
 *.plan
 terraform.tfstate
 \#*
+.\#*
+__pycache__

cloudflare.tf

@@ -155,13 +155,6 @@ resource "cloudflare_record" "mainframe-sudo-is" {
   value  = local.mainframe_ip
   ttl    = 60
 }
-resource "cloudflare_record" "mainframe-wg-sudo-is" {
-  zone_id = cloudflare_zone.sudois.id
-  type   = "A"
-  name   = "mainframe.wg"
-  value  = "10.102.47.128"
-  ttl    = 60
-}
 resource "cloudflare_record" "endor" {
   zone_id = cloudflare_zone.sudois.id
   type   = "A"
@@ -183,18 +176,11 @@ resource "cloudflare_record" "rvk1-sudo-is" {
   value  = "185.112.146.244"
   ttl    = 60
 }
-resource "cloudflare_record" "rvk1-wg-sudo-is" {
-  zone_id = cloudflare_zone.sudois.id
-  type   = "A"
-  name   = "rvk1.wg"
-  value  = "10.102.47.135"
-  ttl    = 60
-}
 resource "cloudflare_record" "dl-sudo-is" {
   zone_id = cloudflare_zone.sudois.id
   type     = "CNAME"
   name     = "dl"
-  value    = "rvk1.wg.sudo.is"
+  value    = "rvk1.vpn.sudo.is"
   proxied  = false
   ttl      = 60
 }
@@ -287,11 +273,19 @@ resource "cloudflare_record" "kibana-sudo-is" {
   proxied  = false
   ttl      = 60
 }
+resource "cloudflare_record" "logstash-sudo-is" {
+  zone_id = cloudflare_zone.sudois.id
+  type     = "CNAME"
+  name     = "logstash"
+  value    = "freespace.vpn.sudo.is"
+  proxied  = false
+  ttl      = 60
+}
 resource "cloudflare_record" "tools-sudo-is" {
   zone_id = cloudflare_zone.sudois.id
   type     = "CNAME"
   name     = "tools"
-  value    = "mainframe.wg.sudo.is"
+  value    = "mainframe.vpn.sudo.is"
   proxied  = false
   ttl      = 60
 }

sudois-net.tf

@@ -1,165 +0,0 @@
-resource "digitalocean_domain" "sudois-net" {
-  name       = "sudois.net"
-  ip_address = "10.102.47.1"
-}
-
-
-resource "digitalocean_record" "www-sudois-net" {
-  domain = digitalocean_domain.sudois-net.name
-  type   = "CNAME"
-  name   = "www"
-  value  = "sudois.net."
-  ttl    = 60
-}
-
-resource "digitalocean_record" "lon1" {
-  domain = digitalocean_domain.sudois-net.name
-  type   = "A"
-  name   = "lon1"
-  value  = "10.102.47.1"
-  ttl    = 60
-}
-
-resource "digitalocean_record" "lon0" {
-  domain = digitalocean_domain.sudois-net.name
-  type   = "A"
-  name   = "lon0"
-  value  = "10.102.47.13"
-  ttl    = 60
-}
-
-resource "digitalocean_record" "lon2" {
-  domain = digitalocean_domain.sudois-net.name
-  type   = "A"
-  name   = "lon2"
-  value  = "10.102.47.14"
-  ttl    = 60
-}
-
-resource "digitalocean_record" "lon3" {
-  domain = digitalocean_domain.sudois-net.name
-  type   = "A"
-  name   = "lon3"
-  value  = "10.102.47.15"
-  ttl    = 60
-}
-
-resource "digitalocean_record" "iphone-uk" {
-  domain = digitalocean_domain.sudois-net.name
-  type   = "A"
-  name   = "iphone-uk"
-  value  = "10.102.47.48"
-  ttl    = 60
-}
-
-resource "digitalocean_record" "personallaptop-uk" {
-  domain = digitalocean_domain.sudois-net.name
-  type   = "A"
-  name   = "personallaptop-uk"
-  value  = "10.102.47.49"
-  ttl    = 60
-}
-
-resource "digitalocean_record" "wifi001" {
-  domain = digitalocean_domain.sudois-net.name
-  type   = "A"
-  name   = "wifi001"
-  value  = "10.102.47.50"
-  ttl    = 60
-}
-
-resource "digitalocean_record" "wifi002" {
-  domain = digitalocean_domain.sudois-net.name
-  type   = "A"
-  name   = "wifi002"
-  value  = "10.102.47.51"
-  ttl    = 60
-}
-
-resource "digitalocean_record" "rvk0" {
-  domain = digitalocean_domain.sudois-net.name
-  type   = "A"
-  name   = "rvk0"
-  value  = "10.102.47.52"
-  ttl    = 60
-}
-
-resource "digitalocean_record" "pi1" {
-  domain = digitalocean_domain.sudois-net.name
-  type   = "A"
-  name   = "pi1"
-  value  = "10.102.47.21"
-  ttl    = 60
-}
-
-resource "digitalocean_record" "ber1" {
-  domain = digitalocean_domain.sudois-net.name
-  type   = "A"
-  name   = "ber1"
-  value  = "10.102.47.54"
-  ttl    = 60
-}
-
-resource "digitalocean_record" "mainframe" {
-  domain = digitalocean_domain.sudois-net.name
-  type   = "A"
-  name   = "mainframe"
-  value  = "10.102.47.128"
-  ttl    = 60
-}
-
-resource "digitalocean_record" "ber0" {
-  domain = digitalocean_domain.sudois-net.name
-  type   = "A"
-  name   = "ber0"
-  value  = "10.102.47.129"
-  ttl    = 60
-}
-
-resource "digitalocean_record" "mathom" {
-  domain = digitalocean_domain.sudois-net.name
-  type   = "A"
-  name   = "mathom"
-  value  = "10.102.47.130"
-  ttl    = 60
-}
-
-resource "digitalocean_record" "fra0" {
-  domain = digitalocean_domain.sudois-net.name
-  type   = "A"
-  name   = "fra0"
-  value  = "10.102.47.131"
-  ttl    = 60
-}
-
-resource "digitalocean_record" "iphone" {
-  domain = digitalocean_domain.sudois-net.name
-  type   = "A"
-  name   = "iphone"
-  value  = "10.102.47.132"
-  ttl    = 60
-}
-
-resource "digitalocean_record" "freespace" {
-  domain = digitalocean_domain.sudois-net.name
-  type   = "A"
-  name   = "freespace"
-  value  = "10.102.47.133"
-  ttl    = 60
-}
-
-resource "digitalocean_record" "personallaptop-de" {
-  domain = digitalocean_domain.sudois-net.name
-  type   = "A"
-  name   = "personallaptop-de"
-  value  = "10.102.47.134"
-  ttl    = 60
-}
-
-resource "digitalocean_record" "rvk1" {
-  domain = digitalocean_domain.sudois-net.name
-  type   = "A"
-  name   = "rvk1"
-  value  = "10.102.47.135"
-  ttl    = 60
-}

sudoisnet/sudoisnet/wgdns.py

@@ -25,12 +25,23 @@ A_RECORD = """resource "digitalocean_record" "{hostname}" {{
   name   = "{hostname}"
   value  = "{wg_ip}"
   ttl    = 60
-}}"""
+}}
+
+resource "cloudflare_record" "{hostname}-vpn-sudo-is" {{
+  zone_id = cloudflare_zone.sudois.id
+  type     = "A"
+  name     = "{hostname}.vpn"
+  value    = "{wg_ip}"
+  proxied  = false
+  ttl      = 60
+}}
+"""
 
 
 def main():
 
     varsfile = "/home/ben/infra/private/group_vars/all"
+    tffile = "../vpn-dns.tf"
     logger.info(f"reading {varsfile}")
     with open(varsfile, 'r') as f:
         allvars = yaml.safe_load(f)
@@ -41,10 +52,12 @@ def main():
     for fqdn_hostname, v in wg_clients.items():
 
         hostname = fqdn_hostname.split('.')[0]
+        logger.debug(f"{hostname}: {v['ip']}")
 
         records.append(A_RECORD.format(hostname=hostname, wg_ip=v['ip']))
-        logger.info(f"{hostname}: {v['ip']}")
 
 
-    with open("../sudois-net.tf", 'w') as f:
+    with open(tffile, 'w') as f:
         f.write("\n\n".join(records))
+
+    logger.info(f"wrote '{tffile}'")

vpn-dns.tf

@@ -0,0 +1,354 @@
+resource "digitalocean_domain" "sudois-net" {
+  name       = "sudois.net"
+  ip_address = "10.102.47.1"
+}
+
+
+resource "digitalocean_record" "www-sudois-net" {
+  domain = digitalocean_domain.sudois-net.name
+  type   = "CNAME"
+  name   = "www"
+  value  = "sudois.net."
+  ttl    = 60
+}
+
+resource "digitalocean_record" "lon1" {
+  domain = digitalocean_domain.sudois-net.name
+  type   = "A"
+  name   = "lon1"
+  value  = "10.102.47.1"
+  ttl    = 60
+}
+
+resource "cloudflare_record" "lon1-vpn-sudo-is" {
+  zone_id = cloudflare_zone.sudois.id
+  type     = "A"
+  name     = "lon1.vpn"
+  value    = "10.102.47.1"
+  proxied  = false
+  ttl      = 60
+}
+
+
+resource "digitalocean_record" "lon0" {
+  domain = digitalocean_domain.sudois-net.name
+  type   = "A"
+  name   = "lon0"
+  value  = "10.102.47.13"
+  ttl    = 60
+}
+
+resource "cloudflare_record" "lon0-vpn-sudo-is" {
+  zone_id = cloudflare_zone.sudois.id
+  type     = "A"
+  name     = "lon0.vpn"
+  value    = "10.102.47.13"
+  proxied  = false
+  ttl      = 60
+}
+
+
+resource "digitalocean_record" "lon2" {
+  domain = digitalocean_domain.sudois-net.name
+  type   = "A"
+  name   = "lon2"
+  value  = "10.102.47.14"
+  ttl    = 60
+}
+
+resource "cloudflare_record" "lon2-vpn-sudo-is" {
+  zone_id = cloudflare_zone.sudois.id
+  type     = "A"
+  name     = "lon2.vpn"
+  value    = "10.102.47.14"
+  proxied  = false
+  ttl      = 60
+}
+
+
+resource "digitalocean_record" "lon3" {
+  domain = digitalocean_domain.sudois-net.name
+  type   = "A"
+  name   = "lon3"
+  value  = "10.102.47.15"
+  ttl    = 60
+}
+
+resource "cloudflare_record" "lon3-vpn-sudo-is" {
+  zone_id = cloudflare_zone.sudois.id
+  type     = "A"
+  name     = "lon3.vpn"
+  value    = "10.102.47.15"
+  proxied  = false
+  ttl      = 60
+}
+
+
+resource "digitalocean_record" "iphone-uk" {
+  domain = digitalocean_domain.sudois-net.name
+  type   = "A"
+  name   = "iphone-uk"
+  value  = "10.102.47.48"
+  ttl    = 60
+}
+
+resource "cloudflare_record" "iphone-uk-vpn-sudo-is" {
+  zone_id = cloudflare_zone.sudois.id
+  type     = "A"
+  name     = "iphone-uk.vpn"
+  value    = "10.102.47.48"
+  proxied  = false
+  ttl      = 60
+}
+
+
+resource "digitalocean_record" "personallaptop-uk" {
+  domain = digitalocean_domain.sudois-net.name
+  type   = "A"
+  name   = "personallaptop-uk"
+  value  = "10.102.47.49"
+  ttl    = 60
+}
+
+resource "cloudflare_record" "personallaptop-uk-vpn-sudo-is" {
+  zone_id = cloudflare_zone.sudois.id
+  type     = "A"
+  name     = "personallaptop-uk.vpn"
+  value    = "10.102.47.49"
+  proxied  = false
+  ttl      = 60
+}
+
+
+resource "digitalocean_record" "wifi001" {
+  domain = digitalocean_domain.sudois-net.name
+  type   = "A"
+  name   = "wifi001"
+  value  = "10.102.47.50"
+  ttl    = 60
+}
+
+resource "cloudflare_record" "wifi001-vpn-sudo-is" {
+  zone_id = cloudflare_zone.sudois.id
+  type     = "A"
+  name     = "wifi001.vpn"
+  value    = "10.102.47.50"
+  proxied  = false
+  ttl      = 60
+}
+
+
+resource "digitalocean_record" "wifi002" {
+  domain = digitalocean_domain.sudois-net.name
+  type   = "A"
+  name   = "wifi002"
+  value  = "10.102.47.51"
+  ttl    = 60
+}
+
+resource "cloudflare_record" "wifi002-vpn-sudo-is" {
+  zone_id = cloudflare_zone.sudois.id
+  type     = "A"
+  name     = "wifi002.vpn"
+  value    = "10.102.47.51"
+  proxied  = false
+  ttl      = 60
+}
+
+
+resource "digitalocean_record" "rvk0" {
+  domain = digitalocean_domain.sudois-net.name
+  type   = "A"
+  name   = "rvk0"
+  value  = "10.102.47.52"
+  ttl    = 60
+}
+
+resource "cloudflare_record" "rvk0-vpn-sudo-is" {
+  zone_id = cloudflare_zone.sudois.id
+  type     = "A"
+  name     = "rvk0.vpn"
+  value    = "10.102.47.52"
+  proxied  = false
+  ttl      = 60
+}
+
+
+resource "digitalocean_record" "pi1" {
+  domain = digitalocean_domain.sudois-net.name
+  type   = "A"
+  name   = "pi1"
+  value  = "10.102.47.21"
+  ttl    = 60
+}
+
+resource "cloudflare_record" "pi1-vpn-sudo-is" {
+  zone_id = cloudflare_zone.sudois.id
+  type     = "A"
+  name     = "pi1.vpn"
+  value    = "10.102.47.21"
+  proxied  = false
+  ttl      = 60
+}
+
+
+resource "digitalocean_record" "ber1" {
+  domain = digitalocean_domain.sudois-net.name
+  type   = "A"
+  name   = "ber1"
+  value  = "10.102.47.54"
+  ttl    = 60
+}
+
+resource "cloudflare_record" "ber1-vpn-sudo-is" {
+  zone_id = cloudflare_zone.sudois.id
+  type     = "A"
+  name     = "ber1.vpn"
+  value    = "10.102.47.54"
+  proxied  = false
+  ttl      = 60
+}
+
+
+resource "digitalocean_record" "mainframe" {
+  domain = digitalocean_domain.sudois-net.name
+  type   = "A"
+  name   = "mainframe"
+  value  = "10.102.47.128"
+  ttl    = 60
+}
+
+resource "cloudflare_record" "mainframe-vpn-sudo-is" {
+  zone_id = cloudflare_zone.sudois.id
+  type     = "A"
+  name     = "mainframe.vpn"
+  value    = "10.102.47.128"
+  proxied  = false
+  ttl      = 60
+}
+
+
+resource "digitalocean_record" "ber0" {
+  domain = digitalocean_domain.sudois-net.name
+  type   = "A"
+  name   = "ber0"
+  value  = "10.102.47.129"
+  ttl    = 60
+}
+
+resource "cloudflare_record" "ber0-vpn-sudo-is" {
+  zone_id = cloudflare_zone.sudois.id
+  type     = "A"
+  name     = "ber0.vpn"
+  value    = "10.102.47.129"
+  proxied  = false
+  ttl      = 60
+}
+
+
+resource "digitalocean_record" "mathom" {
+  domain = digitalocean_domain.sudois-net.name
+  type   = "A"
+  name   = "mathom"
+  value  = "10.102.47.130"
+  ttl    = 60
+}
+
+resource "cloudflare_record" "mathom-vpn-sudo-is" {
+  zone_id = cloudflare_zone.sudois.id
+  type     = "A"
+  name     = "mathom.vpn"
+  value    = "10.102.47.130"
+  proxied  = false
+  ttl      = 60
+}
+
+
+resource "digitalocean_record" "fra0" {
+  domain = digitalocean_domain.sudois-net.name
+  type   = "A"
+  name   = "fra0"
+  value  = "10.102.47.131"
+  ttl    = 60
+}
+
+resource "cloudflare_record" "fra0-vpn-sudo-is" {
+  zone_id = cloudflare_zone.sudois.id
+  type     = "A"
+  name     = "fra0.vpn"
+  value    = "10.102.47.131"
+  proxied  = false
+  ttl      = 60
+}
+
+
+resource "digitalocean_record" "iphone" {
+  domain = digitalocean_domain.sudois-net.name
+  type   = "A"
+  name   = "iphone"
+  value  = "10.102.47.132"
+  ttl    = 60
+}
+
+resource "cloudflare_record" "iphone-vpn-sudo-is" {
+  zone_id = cloudflare_zone.sudois.id
+  type     = "A"
+  name     = "iphone.vpn"
+  value    = "10.102.47.132"
+  proxied  = false
+  ttl      = 60
+}
+
+
+resource "digitalocean_record" "freespace" {
+  domain = digitalocean_domain.sudois-net.name
+  type   = "A"
+  name   = "freespace"
+  value  = "10.102.47.133"
+  ttl    = 60
+}
+
+resource "cloudflare_record" "freespace-vpn-sudo-is" {
+  zone_id = cloudflare_zone.sudois.id
+  type     = "A"
+  name     = "freespace.vpn"
+  value    = "10.102.47.133"
+  proxied  = false
+  ttl      = 60
+}
+
+
+resource "digitalocean_record" "personallaptop-de" {
+  domain = digitalocean_domain.sudois-net.name
+  type   = "A"
+  name   = "personallaptop-de"
+  value  = "10.102.47.134"
+  ttl    = 60
+}
+
+resource "cloudflare_record" "personallaptop-de-vpn-sudo-is" {
+  zone_id = cloudflare_zone.sudois.id
+  type     = "A"
+  name     = "personallaptop-de.vpn"
+  value    = "10.102.47.134"
+  proxied  = false
+  ttl      = 60
+}
+
+
+resource "digitalocean_record" "rvk1" {
+  domain = digitalocean_domain.sudois-net.name
+  type   = "A"
+  name   = "rvk1"
+  value  = "10.102.47.135"
+  ttl    = 60
+}
+
+resource "cloudflare_record" "rvk1-vpn-sudo-is" {
+  zone_id = cloudflare_zone.sudois.id
+  type     = "A"
+  name     = "rvk1.vpn"
+  value    = "10.102.47.135"
+  proxied  = false
+  ttl      = 60
+}