wow this is a lot

main
Benedikt Kristinsson 5 months ago
parent 95d51429b8
commit 4c09e638d8
  1. 88
      .terraform.lock.hcl
  2. 311
      cloudflare.tf
  3. 199
      hetznercloud.tf
  4. 222
      oracle-core.tf
  5. 42
      oracle-matrix-bridges.tf
  6. 447
      oracle.tf
  7. 26
      outputs.tf
  8. 60
      sudoisnet/sudoisnet/wgdns.py
  9. 4
      variables.tf
  10. 474
      vpn-dns.tf

@ -0,0 +1,88 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/cloudflare/cloudflare" {
version = "3.11.0"
hashes = [
"h1:oTTfUShNNcDCOxlXP2XiNleQYHmWswesQFCuicwQztw=",
"zh:0dd08c3336b3198e30158b61605674eefbc0b8e331ad8f25322ce1889fd2d8a7",
"zh:196d80c7ae594f1b6140de02ecb101ec1afd7e45877be849ace73866f3fcb689",
"zh:37bc087b5e858a92faf03c994cfbc4c906b0afecb7df2ff25961b394f3013cc0",
"zh:3910c38a3f001879e67aede543ac1de44beab2249704fd016f51b14875815bed",
"zh:6092e395636b673b8ee26dce9356331ac6ceaa6b62de17203dd151a22b9d9858",
"zh:96167bd63b49df0d4921f30d81cda5162b03af2bd20a6c1da65ba15bd28a2d30",
"zh:c168cab43707b4acdb8366074802df630cc4427a7c2e55c9489cdf56907d23fc",
"zh:ccdde1cd64fbce75a9266e3df8a8f3dbd481cf72de53fa3a5fb15c78304843ea",
"zh:db850c7627a312065867896c2bf0266b187beb24f3f898849c28364682f0646c",
"zh:ddbd2d93f7a8ecd131b63a3336e5e1fed00258a9312c218f6fcf3e0f04733160",
"zh:e8f02ec1dbf8dc0bcb4fcc29441fde52900f2182f88e1544074f8fb646ae89db",
"zh:eef9d202238b76925e28fefd79621d4e5e9d3927cbcbce918222856300aa206b",
"zh:f0ad67f42c4d8f3d20ca4e357ead759f651ac4bfbe0cd5006099deead8316e85",
"zh:f1a2d6f4a26e193172b8c3a9411582ed3909df93b62314a1460b31d32a782bc6",
]
}
provider "registry.terraform.io/digitalocean/digitalocean" {
version = "2.18.0"
hashes = [
"h1:xbr9QP1XPwMC6oyK/eobl82m3/ep20BHNwNjBTM4Nz8=",
"zh:2c5322ea6de0aff88dd5c19634bc01c1907a0777d926149ea3f86bf3f2047ff8",
"zh:4d3a363d5d16362756042f9461a9bb68c6ddd45d16f7da972d696fa3a1d03d5d",
"zh:5fc0374435e01d9b8a87351ab91ac384464a71f083ec1d59342da15ffadeb1a6",
"zh:6e07f148cf0820d8780d2b5569d7c1817f546bc0a2757d6b42c112f3f8f8d46c",
"zh:705326caa2cdf5e4a370cdc27fd29be380c207e4e6c8a411e5494af1155817dc",
"zh:8f36faacfa2013750ede964577f9d5c273929ad43b082ca4e31641260f8b5730",
"zh:a10e20d534ee12ea8a8aceeb3a96e0d946a511f4981d7ce5bbf479aaff8768ba",
"zh:b23d21b59e174a2f02ee1aa95b9cff9f88da0ac2f42765ed6be2b8891cbff7e9",
"zh:be9bd194fadcae235910ac08c90d6359a8a51dd76b0897ab3475d1b08e6a50b9",
"zh:c093148fbeacddc7b7e08c2c015e413a4ec4805d07349d06e51162460445c05c",
"zh:cc3e7b6d21f652f14919a7338aae59e4f181f64583d311f32b440361b933b05b",
"zh:ea0096068f2b4c7b11a954469b7f9823cbd6670f92837cd76b0716a3fba83b71",
"zh:eeb18c2d2ef7cd95ec0d7b7a57f3d2e0d91de29931aaa44ab9588689695723e2",
"zh:f883ba115683a2f126ec78aca3bea6c7aca0c4a8a316f44129dbb5cdc798d46a",
"zh:f8aa7e15c90aa231532ed5f2d809acbaf4f3bcff24bb040e185e64cca541f99b",
]
}
provider "registry.terraform.io/hashicorp/oci" {
version = "4.69.0"
hashes = [
"h1:OwRvgIpHYd7j3boiAV7QkIYH70Kmoeuyfc2AApYE3Jw=",
"zh:2f90d428bc4d99e85e17fb9b7fe38ccb56d17003c0a4c5f9acfcbed00513b348",
"zh:36387ab9a8dcd75a84783975e0f71d57a10efe0a4cd9eef6b4b29fcafca2c730",
"zh:800520c1a4ee45101c59168a39f96b375d001cbcb0729c62cd7594de448ff42f",
"zh:864e33b73297a55b107d57781cacf4fed0ae69823f114be0ca5e3d38fa8ff2bf",
"zh:98b336234afad333aae3bbd2f9771b41d2c495977c265701f57481ef83a5ec58",
"zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
"zh:9f7c17db474a0017f9885f8bc927047e2627a03b4ef327da8ff8ac513859b71c",
"zh:a69ca46f5d008186c364388a496f64ba37b211623ac23d3e01fb2e50f47e9009",
"zh:b184875ebf5d1ade4753d8562682ddde2332e2e5a3bc8b958e15c665f7bbd206",
"zh:b1da08f95d518d77cb8ca7fb958300c44d6f7b8bac1c5121b968399331479e08",
"zh:c1f494f153aed6e94b2a78d7da7415c7cf6f50f675330048b9523a51b7ebded1",
"zh:c32b9877eb5e596f2d039a3e399aa8a08f82ce132aa2ea2c688a592e7738dc43",
"zh:cd9020bb675881b5e112708cad7a6373bad5a787bcf22b195a59c8766cc3b75c",
"zh:e12a5dfc8944c2389c0b78b415ba971ac46a0670fc85e043c9b185fd55eba9a1",
"zh:e9ff5656e2fa4709ab63aa2fc739d840016ef1e84d3ab191b8657370c9d89990",
]
}
provider "registry.terraform.io/hetznercloud/hcloud" {
version = "1.33.1"
hashes = [
"h1:qvQGDcw11niyogj5fNPmGUlkXc/QTJh+UgfwUwZfDeM=",
"zh:0e30919099010a0f6f83631c634512ad27cd02bb119d434a62d0f25061fcffd0",
"zh:121ae06c2d313616f1c4dffd54b0586b48a9a0996117ca45cfc43b6077be0c34",
"zh:18ab43acedcebece7ba2f839d8147371200f9c62c616b2bd8ee730352663cb7d",
"zh:24ffe93b2d9bcf0c7944c178497456f43c6096c80032ca15a7b7fe13021bac5c",
"zh:2f5eb2dba69bff9386ecc675ceb725c4d23f20c8359492666b4469afc8b25930",
"zh:57597aee1fb118c794b67aec4d676447596343959b5de03bc3403ebd2d9ecfd6",
"zh:70c910987bd61e6129d87071766524967fd9336d3b67a5af3e2aee93b896fbd0",
"zh:7250145e6ac09fe5d915c2c09b785062d0d2695557b2f856197b952955781bdc",
"zh:7903ec07eba0db779aec46eaed0605aa9d5be360cd44fc6ed9267bed593ec02f",
"zh:85a101fa71bbec512a7f015aaa18837f2e1218c9279429a110bd01b69dac3acf",
"zh:9470dbb7adfaec8c4996844ac1aa1701341c56de37b570bf811b55529b43697a",
"zh:ad5ffed22254eeafa59bac49fac52bd30bb559d3958b443884affecd5f631dcd",
"zh:d1e6c2d1c07f496cdbde1eac4a6fb96a41edd6f8dbfbacabe33646eb78dbe15e",
"zh:ee0ddda6131b80a2308b2c76addbede27f7739f03e59a4665aff4f83e1e2ef4e",
]
}

@ -39,39 +39,14 @@ resource "cloudflare_record" "wwwdeadops" {
ttl = 1
proxied = true
}
resource "cloudflare_record" "staticdeadops" {
zone_id = cloudflare_zone.deadopsde.id
name = "static"
value = "deadops.de"
type = "CNAME"
ttl = 1
proxied = true
}
resource "cloudflare_record" "ytdldeadops" {
zone_id = cloudflare_zone.deadopsde.id
name = "ytdl"
value = local.freespace_ip
value = local.fsn_g0_ip
type = "A"
ttl = 1
proxied = true
}
resource "cloudflare_record" "sudois" {
zone_id = cloudflare_zone.sudois.id
name = ""
value = oci_core_instance.lon3.public_ip
type = "A"
ttl = 1
proxied = true # www.sudo.is
}
resource "cloudflare_record" "www" {
zone_id = cloudflare_zone.sudois.id
name = "www"
value = "sudo.is"
type = "CNAME"
ttl = 1
proxied = true # www.sudo.is
}
resource "cloudflare_record" "mx" {
zone_id = cloudflare_zone.sudois.id
type = "MX"
@ -192,6 +167,20 @@ resource "cloudflare_record" "fra2-sudo-is" {
value = local.fra2_ip
ttl = 60
}
resource "cloudflare_record" "fsn-g0-sudo-is" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "fsn-g0"
value = local.fsn_g0_ip
ttl = 60
}
resource "cloudflare_record" "fsn-g0-h-sudo-is" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "fsn-g0.h"
value = local.fsn_g0_ip
ttl = 60
}
# resource "cloudflare_record" "fra2-sudo-is6" {
# zone_id = cloudflare_zone.sudois.id
# type = "AAAA"
@ -258,62 +247,6 @@ resource "cloudflare_record" "broker-vpn-sudois" {
proxied = false
ttl = 60
}
resource "cloudflare_record" "mayan-sudois" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "mayan"
value = local.fra2_ip
proxied = false
ttl = 60
}
# resource "cloudflare_record" "bitcoind-sudois" {
# zone_id = cloudflare_zone.sudois.id
# type = "A"
# name = "docs"
# value = local.freespace_ip
# proxied = false
# ttl = 60
# }
resource "cloudflare_record" "git-sudois" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "git"
value = local.fra2_ip
proxied = false
ttl = 60
}
resource "cloudflare_record" "matrix-sudois" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "matrix"
value = local.fra2_ip
proxied = false
ttl = 60
}
resource "cloudflare_record" "archives-sudois" {
zone_id = cloudflare_zone.sudois.id
type = "CNAME"
name = "archives"
value = "fra4.sudo.is"
proxied = false
ttl = 60
}
resource "cloudflare_record" "turn-sudois" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "turn"
value = local.freespace_ip
proxied = false
ttl = 60
}
resource "cloudflare_record" "turn-sudois6" {
zone_id = cloudflare_zone.sudois.id
type = "AAAA"
name = "turn"
value = local.freespace_ip6
proxied = false
ttl = 60
}
resource "cloudflare_record" "edge-s21-sudois" {
zone_id = cloudflare_zone.sudois.id
type = "A"
@ -342,7 +275,24 @@ resource "cloudflare_record" "unifi-sudois" {
zone_id = cloudflare_zone.sudois.id
type = "CNAME"
name = "unifi"
value = "ber0.s21.sudo.is"
value = "bear.s21.sudo.is"
proxied = false
ttl = 60
}
resource "cloudflare_record" "unifi-s21-sudois" {
zone_id = cloudflare_zone.sudois.id
type = "CNAME"
name = "unifi.s21"
value = "bear.s21.sudo.is"
proxied = false
ttl = 60
}
resource "cloudflare_record" "unifi-ls54-sudois" {
zone_id = cloudflare_zone.sudois.id
type = "CNAME"
name = "unifi.ls54"
value = "ber1.sudo.is"
#value = "ber0.sudo.is"
proxied = false
ttl = 60
}
@ -404,51 +354,19 @@ resource "cloudflare_record" "broker-sudois" {
ttl = 60
}
resource "cloudflare_record" "jenkins-sudo-is" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "jenkins"
value = local.freespace_ip
proxied = false
ttl = 60
}
resource "cloudflare_record" "pirate-sudo-is" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "pirate"
value = local.freespace_ip
proxied = false
ttl = 60
}
resource "cloudflare_record" "apt-sudo-is" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "apt"
value = local.freespace_ip
proxied = false
ttl = 60
}
resource "cloudflare_record" "tools-sudo-is" {
zone_id = cloudflare_zone.sudois.id
type = "CNAME"
type = "A"
name = "tools"
value = "mainframe.vpn.sudo.is"
value = local.mainframe_ip_2
proxied = false
ttl = 60
}
resource "cloudflare_record" "kibana" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "kibana"
value = local.freespace_ip
ttl = 60
proxied = false
}
resource "cloudflare_record" "builds-sudo-is" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "builds"
value = local.freespace_ip
value = local.fsn_g0_ip
proxied = false
ttl = 60
}
@ -463,85 +381,66 @@ resource "cloudflare_record" "pihole-deadops-de" {
}
# services
resource "cloudflare_record" "testcloud" {
zone_id = cloudflare_zone.sudois.id
type = "A"
value = local.mainframe_ip_2
name = "testcloud"
ttl = 60
proxied = false
}
resource "cloudflare_record" "nextcloud" {
zone_id = cloudflare_zone.sudois.id
type = "A"
value = local.mainframe_ip_2
name = "nextcloud"
ttl = 60
proxied = false
}
resource "cloudflare_record" "login-sudo-is" {
resource "cloudflare_record" "vpn-de" {
zone_id = cloudflare_zone.sudois.id
type = "A"
value = hcloud_server.fra1-auth-g0.ipv4_address
name = "login"
value = local.mainframe_ip
name = "vpn-de"
ttl = 60
proxied = false
}
resource "cloudflare_record" "notflix" {
# resource "cloudflare_record" "static" {
# zone_id = cloudflare_zone.sudois.id
# name = element(["static", "benedikt"], count.index)
# count = 2
# type = "A"
# value = local.fsn_lb_ip
# ttl = 1
# proxied = true
# }
resource "cloudflare_record" "sudois" {
zone_id = cloudflare_zone.sudois.id
name = ""
value = local.fsn_lb_ip
type = "A"
value = local.fra2_ip
name = "notflix"
ttl = 60
proxied = false
ttl = 1
proxied = true # www.sudo.is
}
resource "cloudflare_record" "youbahn" {
resource "cloudflare_record" "www" {
zone_id = cloudflare_zone.sudois.id
type = "A"
value = local.fra2_ip
name = "youbahn"
ttl = 60
proxied = false
name = "www"
value = "sudo.is"
type = "CNAME"
ttl = 1
proxied = true # www.sudo.is
}
resource "cloudflare_record" "vpn-de" {
resource "cloudflare_record" "benedikt-sudo-is" {
zone_id = cloudflare_zone.sudois.id
name = "benedikt"
type = "A"
value = local.mainframe_ip
name = "vpn-de"
ttl = 60
proxied = false
value = local.fsn_lb_ip
ttl = 1
proxied = true
}
resource "cloudflare_record" "static" {
resource "cloudflare_record" "static-sudo-is" {
zone_id = cloudflare_zone.sudois.id
name = element(["static", "benedikt"], count.index)
count = 2
# type = "CNAME"
# value = "f.sudo.is"
name = "static"
type = "A"
value = oci_core_instance.lon3.public_ip
value = local.fsn_lb_ip
ttl = 1
proxied = true
}
resource "cloudflare_record" "mirrors" {
zone_id = cloudflare_zone.deadopsde.id
name = "mirrors"
type = "CNAME"
value = "freespace.sudo.is"
name = "mirrors"
type = "A"
#value = hcloud_floating_ip.fsn-lb.ip_address
value = local.fsn_lb_ip
ttl = 1
proxied = true
}
resource "cloudflare_record" "talk" {
zone_id = cloudflare_zone.sudois.id
name = "talk"
type = "CNAME"
value = "fra2.sudo.is"
ttl = 60
proxied = false
}
resource "cloudflare_record" "parler-archive" {
zone_id = cloudflare_zone.deadopsde.id
name = "parler-archive"
@ -550,14 +449,14 @@ resource "cloudflare_record" "parler-archive" {
ttl = 1
proxied = true
}
resource "cloudflare_record" "nkscans" {
zone_id = cloudflare_zone.sudois.id
name = "nk-scans"
type = "A"
value = oci_core_instance.lon3.public_ip
ttl = 1
proxied = true
}
# resource "cloudflare_record" "nkscans" {
# zone_id = cloudflare_zone.sudois.id
# name = "nk-scans"
# type = "A"
# value = oci_core_instance.lon3.public_ip
# ttl = 1
# proxied = true
# }
# eyjabakki.sudo.is
# legacy record :(
@ -595,8 +494,6 @@ resource "cloudflare_record" "mathom" {
ttl = 60
}
# VPN
resource "cloudflare_record" "vpn" {
zone_id = cloudflare_zone.sudois.id
@ -635,15 +532,22 @@ resource "cloudflare_record" "rvk0-vpn" {
ttl = 60
}
resource "cloudflare_record" "monitoring" {
zone_id = cloudflare_zone.sudois.id
type = "CNAME"
name = element(["ingest", "grafana"], count.index)
count = 2
value = "fra0.sudo.is"
ttl = 1
proxied = false
}
# resource "cloudflare_record" "grafana" {
# zone_id = cloudflare_zone.sudois.id
# type = "A"
# name = "grafana"
# value = digitalocean_droplet.fra0.ipv4_address
# ttl = 1
# proxied = false
# }
# resource "cloudflare_record" "nextcloud-sudo-is" {
# zone_id = cloudflare_zone.sudois.id
# type = "A"
# name = "nextcloud"
# value = local.mainframe_ip_2
# ttl = 1
# proxied = false
# }
resource "cloudflare_record" "weblate" {
zone_id = cloudflare_zone.sudois.id
type = "A"
@ -652,19 +556,18 @@ resource "cloudflare_record" "weblate" {
ttl = 60
}
# resource "cloudflare_filter" "nextcloud_strict_countries" {
# zone_id = cloudflare_zone.sudois.id
# description = "filter countries"
# expression = "(not ip.geoip.country in {\"DE\" \"SE\" \"IS\" \"NO\"} and http.host eq \"nextcloud.sudo.is\")"
# }
resource "cloudflare_filter" "nextcloud_strict_countries" {
zone_id = cloudflare_zone.sudois.id
description = "filter countries"
expression = "(not ip.geoip.country in {\"DE\" \"SE\" \"IS\" \"NO\"} and http.host eq \"nextcloud.sudo.is\")"
}
resource "cloudflare_firewall_rule" "nextcloud" {
zone_id = cloudflare_zone.sudois.id
description = "allowlist nextcloud"
filter_id = cloudflare_filter.nextcloud_strict_countries.id
action = "block"
}
# resource "cloudflare_firewall_rule" "nextcloud" {
# zone_id = cloudflare_zone.sudois.id
# description = "allowlist nextcloud"
# filter_id = cloudflare_filter.nextcloud_strict_countries.id
# action = "block"
# }
resource "cloudflare_filter" "bypass-well-known" {
zone_id = cloudflare_zone.sudois.id

@ -35,6 +35,9 @@ resource "hcloud_firewall" "fw0" {
"${local.mainframe_ip6}/128",
"${local.freespace_ip}/32",
"${local.freespace_ip6}/128",
"${local.fsn_g0_ip}/32",
#"${local.ora1_ip6}/128",
]
}
rule {
@ -65,8 +68,30 @@ resource "hcloud_firewall" "fw0" {
]
}
}
resource "hcloud_firewall" "fw1" {
name = "fw1"
resource "hcloud_firewall" "fw-lb" {
name = "fw-lb"
rule {
direction = "in"
protocol = "tcp"
port = "80"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
rule {
direction = "in"
protocol = "tcp"
port = "443"
source_ips = [
"0.0.0.0/0",
"::/0"
]
}
}
resource "hcloud_firewall" "fw-open" {
name = "fw-open"
rule {
direction = "in"
@ -78,6 +103,8 @@ resource "hcloud_firewall" "fw1" {
}
}
## MONITORING
# resource "hcloud_server" "fra0-monitoring-g0" {
# name = "fra0-monitoring-g0"
@ -120,6 +147,7 @@ resource "hcloud_firewall" "fw1" {
# ttl = 60
#}
# AUTH
resource "hcloud_server" "fra1-auth-g0" {
name = "fra1-auth-g0"
@ -154,6 +182,14 @@ resource "cloudflare_record" "fra1-auth-g0" {
value = hcloud_server.fra1-auth-g0.ipv4_address
ttl = 60
}
resource "cloudflare_record" "fra1-auth-g0-hcloud" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "fra1-auth-g0.hcloud"
value = "10.101.0.11"
ttl = 60
}
resource "cloudflare_record" "fra1" {
zone_id = cloudflare_zone.sudois.id
@ -163,6 +199,44 @@ resource "cloudflare_record" "fra1" {
ttl = 60
}
# resource "hcloud_server" "fra1-auth-g1" {
# name = "fra1-auth-g1"
# image = "ubuntu-20.04"
# server_type = "cx11"
# ssh_keys = [hcloud_ssh_key.default.id]
# location = "fsn1"
# firewall_ids = [hcloud_firewall.fw0.id]
# network {
# network_id = hcloud_network.net0.id
# ip = "10.101.0.12"
# }
# depends_on = [
# hcloud_network_subnet.subnet0
# ]
# }
# resource "hcloud_rdns" "fra1-auth-g1" {
# server_id = hcloud_server.fra1-auth-g1.id
# ip_address = hcloud_server.fra1-auth-g1.ipv4_address
# dns_ptr = "fra1-auth-g1.sudo.is"
# }
# resource "cloudflare_record" "fra1-auth-g1" {
# zone_id = cloudflare_zone.sudois.id
# type = "A"
# name = "fra1-auth-g1"
# value = hcloud_server.fra1-auth-g1.ipv4_address
# ttl = 60
# }
## WEBLATE
resource "hcloud_server" "fra3-weblate-g0" {
name = "fra3-weblate-g0"
image = "ubuntu-20.04"
@ -196,6 +270,13 @@ resource "cloudflare_record" "fra3-weblate-g0" {
value = hcloud_server.fra3-weblate-g0.ipv4_address
ttl = 60
}
resource "cloudflare_record" "fra3-weblate-g0-hcloud" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "fra3-weblate-g0.hcloud"
value = "10.101.0.3"
ttl = 60
}
resource "cloudflare_record" "fra3" {
zone_id = cloudflare_zone.sudois.id
@ -204,3 +285,117 @@ resource "cloudflare_record" "fra3" {
value = "fra3-weblate-g0.sudo.is"
ttl = 60
}
# # LB
resource "hcloud_server" "fsn-lb-g0" {
name = "fsn-lb-g0"
image = "ubuntu-20.04"
server_type = "cx11"
ssh_keys = [hcloud_ssh_key.default.id]
location = "fsn1"
firewall_ids = [hcloud_firewall.fw0.id]
network {
network_id = hcloud_network.net0.id
ip = "10.101.0.4"
}
depends_on = [
hcloud_network_subnet.subnet0
]
}
resource "hcloud_rdns" "fsn-lb-g0" {
server_id = hcloud_server.fsn-lb-g0.id
ip_address = hcloud_server.fsn-lb-g0.ipv4_address
dns_ptr = "fsn-lb-g0.sudo.is"
}
resource "cloudflare_record" "fsn-lb-g0" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "fsn-lb-g0"
value = hcloud_server.fsn-lb-g0.ipv4_address
ttl = 60
}
resource "cloudflare_record" "fsn-lb-g0-hcloud" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "fsn-lb-g0.hcloud"
value = "10.101.0.4"
ttl = 60
}
resource "hcloud_server" "fsn-lb-g1" {
name = "fsn-lb-g1"
image = "ubuntu-20.04"
server_type = "cx11"
ssh_keys = [hcloud_ssh_key.default.id]
location = "fsn1"
firewall_ids = [hcloud_firewall.fw0.id]
network {
network_id = hcloud_network.net0.id
ip = "10.101.0.5"
}
depends_on = [
hcloud_network_subnet.subnet0
]
}
resource "hcloud_rdns" "fsn-lb-g1" {
server_id = hcloud_server.fsn-lb-g1.id
ip_address = hcloud_server.fsn-lb-g1.ipv4_address
dns_ptr = "fsn-lb-g1.sudo.is"
}
resource "cloudflare_record" "fsn-lb-g1" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "fsn-lb-g1"
value = hcloud_server.fsn-lb-g1.ipv4_address
ttl = 60
}
resource "cloudflare_record" "fsn-lb-g1-hcloud" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "fsn-lb-g1.hcloud"
value = "10.101.0.5"
ttl = 60
}
resource "hcloud_floating_ip" "fsn-lb" {
type = "ipv4"
home_location = "fsn1"
#delete_protectection = true
}
resource "hcloud_floating_ip_assignment" "fsn-lb" {
floating_ip_id = hcloud_floating_ip.fsn-lb.id
server_id = hcloud_server.fsn-lb-g0.id
}
resource "hcloud_rdns" "floating_master" {
floating_ip_id = hcloud_floating_ip.fsn-lb.id
ip_address = hcloud_floating_ip.fsn-lb.ip_address
dns_ptr = "fsn-lb.sudo.is"
}
resource "cloudflare_record" "fsn-lb" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "fsn-lb"
value = hcloud_floating_ip.fsn-lb.ip_address
ttl = 60
}
output "fsn-lb_ip" {
value = hcloud_floating_ip.fsn-lb.ip_address
}

@ -0,0 +1,222 @@
variable "region" {
default = "uk-london-1"
}
variable "free_availability_domain" {
default = "JnpY:UK-LONDON-1-AD-2"
}
variable "vcn_cidr" {
default = "10.103.0.0/16"
}
variable "lon1_ad1_subnet_cidr" {
default = "10.103.1.0/24"
}
variable "lon1_ad2_subnet_cidr" {
default = "10.103.2.0/24"
}
variable "lon1_ad3_subnet_cidr" {
default = "10.103.3.0/24"
}
variable "lon_instances_ips" {
default = {
lon-matrix-bridges-g0 = "10.103.3.26"
lon-matrix-bridges-b0 = "10.103.3.25"
}
}
provider "oci" {
tenancy_ocid = var.tenancy_ocid
user_ocid = var.user_ocid
fingerprint = var.oracle_api_key_fingerprint
private_key_path = var.oracle_api_private_key_path
region = var.region
}
resource "oci_core_vcn" "lon1_vcn" {
cidr_block = var.vcn_cidr
compartment_id = var.compartment_ocid
display_name = "oci-lon1"
dns_label = "sudois"
}
resource "oci_core_subnet" "london1ad1" {
availability_domain = "JnpY:UK-LONDON-1-AD-2"
cidr_block = var.lon1_ad1_subnet_cidr
display_name = "london1ad1"
dns_label = "london1ad1"
security_list_ids = [
oci_core_security_list.ssh-https.id
]
compartment_id = var.compartment_ocid
vcn_id = oci_core_vcn.lon1_vcn.id
dhcp_options_id = oci_core_vcn.lon1_vcn.default_dhcp_options_id
}
resource "oci_core_subnet" "london1ad2" {
availability_domain = "JnpY:UK-LONDON-1-AD-2"
cidr_block = var.lon1_ad2_subnet_cidr
display_name = "london1ad2"
dns_label = "london1ad2"
security_list_ids = [
oci_core_security_list.ssh-https.id
]
compartment_id = var.compartment_ocid
vcn_id = oci_core_vcn.lon1_vcn.id
dhcp_options_id = oci_core_vcn.lon1_vcn.default_dhcp_options_id
}
resource "oci_core_subnet" "london1ad3" {
availability_domain = "JnpY:UK-LONDON-1-AD-3"
cidr_block = var.lon1_ad3_subnet_cidr
display_name = "london1ad3"
dns_label = "london1ad3"
security_list_ids = [
oci_core_security_list.ssh-https.id
]
compartment_id = var.compartment_ocid
vcn_id = oci_core_vcn.lon1_vcn.id
dhcp_options_id = oci_core_vcn.lon1_vcn.default_dhcp_options_id
}
resource "oci_core_internet_gateway" "lon1_ig" {
compartment_id = var.compartment_ocid
display_name = "lon1"
vcn_id = oci_core_vcn.lon1_vcn.id
}
resource "oci_core_route_table" "route0" {
display_name = "route0"
vcn_id = oci_core_vcn.lon1_vcn.id
compartment_id = var.compartment_ocid
# route_rules {
# destination = var.wg_cidr
# destination_type = "CIDR_BLOCK"
# network_entity_id = oci_core_private_ip.lon3.id
# }
route_rules {
destination = "0.0.0.0/0"
destination_type = "CIDR_BLOCK"
network_entity_id = oci_core_internet_gateway.lon1_ig.id
}
}
resource "oci_core_route_table_attachment" "lon1ad1" {
subnet_id = oci_core_subnet.london1ad1.id
route_table_id = oci_core_route_table.route0.id
}
resource "oci_core_route_table_attachment" "lon1ad2" {
subnet_id = oci_core_subnet.london1ad2.id
route_table_id = oci_core_route_table.route0.id
}
resource "oci_core_route_table_attachment" "lon1ad3" {
subnet_id = oci_core_subnet.london1ad3.id
route_table_id = oci_core_route_table.route0.id
}
# need to do some more magic to open ports:
# https://stackoverflow.com/questions/54794217/opening-port-80-on-oracle-cloud-infrastructure-compute-node
# quick hack:
# apt: firewalld
# sudo firewall-cmd --zone=public --permanent --add-port=443/tcp
# sudo firewall-cmd --reload
resource "oci_core_security_list" "ssh-https" {
compartment_id = var.compartment_ocid
vcn_id = oci_core_vcn.lon1_vcn.id
display_name = "ssh-https"
egress_security_rules {
destination = "0.0.0.0/0"
protocol = "all"
}
ingress_security_rules {
protocol = "all"
source = var.vcn_cidr
}
ingress_security_rules {
protocol = "6" // tcp
source = "${local.mainframe_ip}/32"
stateless = false
tcp_options {
source_port_range {
min = 1
max = 65535
}
min = 22
max = 22
}
}
ingress_security_rules {
protocol = "6" // tcp
source = "${local.freespace_ip}/32"
stateless = false
tcp_options {
source_port_range {
min = 1
max = 65535
}
min = 22
max = 22
}
}
ingress_security_rules {
protocol = "6" // tcp
source = "0.0.0.0/0"
stateless = false
tcp_options {
source_port_range {
min = 1
max = 65535
}
min = 443
max = 443
}
}
ingress_security_rules {
protocol = "17" // udp
source = "0.0.0.0/0"
stateless = false
udp_options {
source_port_range {
min = 1
max = 65535
}
// These values correspond to the destination port range.
min = 4004
max = 4004
}
}
}
resource "oci_core_public_ip" "float" {
compartment_id = var.compartment_ocid
lifetime = "RESERVED"
display_name = "float"
#private_ip_id = oci_core_private_ip.lon3.id
}
resource "cloudflare_record" "oci_float" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "lon-lb"
value = oci_core_public_ip.float.ip_address
ttl = 60
}
resource "cloudflare_record" "lon-matrix-bridges-g0" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "lon-matrix-bridges-g0"
value = oci_core_instance.lon-matrix-bridges-g0.public_ip
ttl = 60
}

@ -0,0 +1,42 @@
resource "oci_core_instance" "lon-matrix-bridges-g0" {
availability_domain = "JnpY:UK-LONDON-1-AD-3"
compartment_id = var.compartment_ocid
display_name = "lon-matrix-bridges-matrix-g0"
shape = "VM.Standard.A1.Flex"
# preserve the volume if instance is deleted
preserve_boot_volume = true
source_details {
source_type = "image"
# https://docs.oracle.com/en-us/iaas/images/ubuntu-2004/
source_id = "ocid1.image.oc1.uk-london-1.aaaaaaaaajga6k2rnywbyuyvwpw446vcfcokumn4ddrjpdvrddqhhlfvanuq"
boot_volume_size_in_gbs = "50"
}
metadata = {
ssh_authorized_keys = var.ssh_public_key
}
timeouts {
create = "60m"
}
agent_config {
are_all_plugins_disabled = true
is_management_disabled = true
is_monitoring_disabled = true
}
create_vnic_details {
assign_public_ip = true
private_ip = var.lon_instances_ips["lon-matrix-bridges-g0"]
skip_source_dest_check = true
subnet_id = oci_core_subnet.london1ad3.id
display_name = "lon-matrix-bridges-g0_vnic"
hostname_label = "lon-matrix-bridges-g0"
}
shape_config {
memory_in_gbs = "6"
ocpus = "1"
}
}

@ -1,347 +1,154 @@
variable "region" {
default = "uk-london-1"
}
variable "free_availability_domain" {
default = "JnpY:UK-LONDON-1-AD-2"
}
variable "vcn_cidr" {
default = "192.168.24.0/23"
}
variable "lon1_subnet_cidr" {
default = "192.168.24.0/24"
}
variable "lon_instances_ips" {
default = {
# green
lon2-einlass-g0 = "192.168.24.214", # change to .2 if i have a chance
lon3-www-g0 = "192.168.24.3", # .3
lon3 = "192.168.24.3"
# blue
lon2-einlass-b0 = "192.168.24.4", # .4
lon3-www-b0 = "192.168.24.5" #. 5
}
}
variable "lon_instances" {
default = {
"lon2" = "lon2-einlass-g0",
"lon3" = "lon3-www-g0"
}
}
provider "oci" {
tenancy_ocid = var.tenancy_ocid
user_ocid = var.user_ocid
fingerprint = var.oracle_api_key_fingerprint
private_key_path = var.oracle_api_private_key_path
region = var.region
}
resource "oci_core_vcn" "lon1_vcn" {
cidr_block = var.vcn_cidr
compartment_id = var.compartment_ocid
display_name = "oci-lon1"
dns_label = "sudois"
}
# need to do some more magic to open ports:
# https://stackoverflow.com/questions/54794217/opening-port-80-on-oracle-cloud-infrastructure-compute-node
# quick hack:
# apt: firewalld
# sudo firewall-cmd --zone=public --permanent --add-port=443/tcp
# sudo firewall-cmd --reload
resource "oci_core_security_list" "ssh-https" {
compartment_id = var.compartment_ocid
vcn_id = oci_core_vcn.lon1_vcn.id
display_name = "ssh-https"
egress_security_rules {
destination = "0.0.0.0/0"
protocol = "all"
}
ingress_security_rules {
protocol = "all"
source = var.lon1_subnet_cidr
}
ingress_security_rules {
protocol = "all"
source = var.wg_cidr
}
ingress_security_rules {
protocol = "6" // tcp
source = "${local.mainframe_ip}/32"
stateless = false
tcp_options {
source_port_range {
min = 1
max = 65535
}
min = 22
max = 22
}
}
ingress_security_rules {
protocol = "6" // tcp
source = "${local.freespace_ip}/32"
stateless = false
tcp_options {
source_port_range {
min = 1
max = 65535
}
min = 22
max = 22
}
}
ingress_security_rules {
protocol = "6" // tcp
source = "0.0.0.0/0"
stateless = false
tcp_options {
source_port_range {
min = 1
max = 65535
}
min = 443
max = 443
}
}
ingress_security_rules {
protocol = "17" // udp
source = "0.0.0.0/0"
stateless = false
udp_options {
source_port_range {
min = 1
max = 65535
}
// These values correspond to the destination port range.
min = 4004
max = 4004
}
}
}
resource "oci_core_subnet" "london1" {
availability_domain = var.free_availability_domain
cidr_block = var.lon1_subnet_cidr
display_name = "london1"
dns_label = "london1"
security_list_ids = [
oci_core_security_list.ssh-https.id
]
compartment_id = var.compartment_ocid
vcn_id = oci_core_vcn.lon1_vcn.id
dhcp_options_id = oci_core_vcn.lon1_vcn.default_dhcp_options_id
}
resource "oci_core_internet_gateway" "lon1_ig" {
compartment_id = var.compartment_ocid
display_name = "lon1"
vcn_id = oci_core_vcn.lon1_vcn.id
}
# resource "oci_core_instance" "lon_arm_instances" {
# shape = "VM.Standard.A1.Flex"
resource "oci_core_instance" "lon2" {
#for_each = var.lon_instances
#each.value, each.key
# resource "oci_core_instance" "lon2" {
# #for_each = var.lon_instances
# #each.value, each.key
availability_domain = var.free_availability_domain
compartment_id = var.compartment_ocid
display_name = var.lon_instances["lon2"]
shape = var.instance_shape
# availability_domain = var.free_availability_domain
# compartment_id = var.compartment_ocid
# display_name = var.lon_instances["lon2"]
# shape = var.instance_shape
source_details {
source_type = "image"
source_id = var.instance_image_ocid[var.region]
}
# source_details {
# source_type = "image"
# source_id = var.instance_image_ocid[var.region]
# }
metadata = {
ssh_authorized_keys = var.ssh_public_key
}
# metadata = {
# ssh_authorized_keys = var.ssh_public_key
# }
timeouts {
create = "60m"
}
agent_config {
is_management_disabled = true
is_monitoring_disabled = true
}
}
resource "oci_core_instance" "lon3" {
#for_each = var.lon_instances
#each.value, each.key
availability_domain = var.free_availability_domain
compartment_id = var.compartment_ocid
display_name = var.lon_instances["lon3"]
shape = var.instance_shape
source_details {
source_type = "image"
source_id = var.instance_image_ocid[var.region]
}
metadata = {
ssh_authorized_keys = var.ssh_public_key
}
timeouts {
create = "60m"
}
agent_config {
is_management_disabled = true
is_monitoring_disabled = true
}
}
# timeouts {
# create = "60m"
# }
# agent_config {
# is_management_disabled = true
# is_monitoring_disabled = true
# }
# }
# resource "oci_core_instance" "lon3" {
# #for_each = var.lon_instances
# #each.value, each.key
# availability_domain = var.free_availability_domain
# compartment_id = var.compartment_ocid
# display_name = var.lon_instances["lon3"]
# shape = var.instance_shape
# source_details {
# source_type = "image"
# source_id = var.instance_image_ocid[var.region]
# }
# metadata = {
# ssh_authorized_keys = var.ssh_public_key
# }
# timeouts {
# create = "60m"
# }
# agent_config {
# is_management_disabled = true
# is_monitoring_disabled = true
# }
# }
resource "oci_core_vnic_attachment" "lon2_vnic" {
instance_id = oci_core_instance.lon2.id
create_vnic_details {
subnet_id = oci_core_subnet.london1.id
display_name = "lon2_vnic"
assign_public_ip = true
skip_source_dest_check = true
hostname_label = oci_core_instance.lon2.display_name
}
}
resource "oci_core_vnic_attachment" "lon3_vnic" {
instance_id = oci_core_instance.lon3.id
# resource "oci_core_vnic_attachment" "lon2_vnic" {
# instance_id = oci_core_instance.lon2.id
create_vnic_details {
subnet_id = oci_core_subnet.london1.id
display_name = "lon3_vnic"
assign_public_ip = true
skip_source_dest_check = true
hostname_label = oci_core_instance.lon3.display_name
}
}
resource "oci_core_private_ip" "lon3" {
display_name = "lon3_vnic"
hostname_label = var.lon_instances["lon3"]
ip_address = var.lon_instances_ips[var.lon_instances["lon3"]]
vnic_id = oci_core_vnic_attachment.lon3_vnic.vnic_id
}
resource "oci_core_private_ip" "lon2" {
display_name = "lon2_vnic"
hostname_label = var.lon_instances["lon2"]
ip_address = var.lon_instances_ips[var.lon_instances["lon2"]]
vnic_id = oci_core_vnic_attachment.lon2_vnic.vnic_id
}
# create_vnic_details {
# subnet_id = oci_core_subnet.london1.id
# display_name = "lon2_vnic"
# assign_public_ip = true
# skip_source_dest_check = true
# hostname_label = oci_core_instance.lon2.display_name
# }
# }
# resource "oci_core_vnic_attachment" "lon3_vnic" {
# instance_id = oci_core_instance.lon3.id
# create_vnic_details {
# subnet_id = oci_core_subnet.london1.id
# display_name = "lon3_vnic"
# assign_public_ip = true
# skip_source_dest_check = true
# hostname_label = oci_core_instance.lon3.display_name
# }
# }
# resource "oci_core_private_ip" "lon3" {
# display_name = "lon3_vnic"
# hostname_label = var.lon_instances["lon3"]
# ip_address = var.lon_instances_ips[var.lon_instances["lon3"]]
# vnic_id = oci_core_vnic_attachment.lon3_vnic.vnic_id
# }
# resource "oci_core_private_ip" "lon2" {
# display_name = "lon2_vnic"
# hostname_label = var.lon_instances["lon2"]
# ip_address = var.lon_instances_ips[var.lon_instances["lon2"]]
# vnic_id = oci_core_vnic_attachment.lon2_vnic.vnic_id
# }
# resource "oci_core_instance_console_connection" "lon1connection" {
# #Required
# instance_id = oci_core_instance.lon1.id
# public_key = var.ssh_public_key
# }
resource "oci_core_route_table" "route0" {
display_name = "route0"
vcn_id = oci_core_vcn.lon1_vcn.id
compartment_id = var.compartment_ocid
route_rules {
destination = var.wg_cidr
destination_type = "CIDR_BLOCK"
network_entity_id = oci_core_private_ip.lon3.id
}
route_rules {
destination = "0.0.0.0/0"
destination_type = "CIDR_BLOCK"
network_entity_id = oci_core_internet_gateway.lon1_ig.id
}
}
resource "oci_core_route_table_attachment" "route0" {
subnet_id = oci_core_subnet.london1.id
route_table_id = oci_core_route_table.route0.id
}
# total 200 gb block storage for free
# boot volumes are minimum 50gb
# 2x instances = 100gb
# 200gb-100gb=100gb
# this uses the full quote
resource "oci_core_volume" "lon3" {
compartment_id = var.compartment_ocid
availability_domain = var.free_availability_domain
display_name = "lon3_volume"
is_auto_tune_enabled = true
size_in_gbs = "100"
}
resource "oci_core_volume_attachment" "lon3" {
attachment_type = "paravirtualized"
instance_id = oci_core_instance.lon3.id
volume_id = oci_core_volume.lon3.id
#device = "/dev/sdd"
display_name = "lon3_volume_attachment"
is_read_only = false
is_shareable = false
}
# resource "oci_core_volume" "lon3" {
# compartment_id = var.compartment_ocid
# availability_domain = var.free_availability_domain
# display_name = "lon3_volume"
# is_auto_tune_enabled = true
# size_in_gbs = "100"
# }
# resource "oci_core_volume_attachment" "lon3" {
# attachment_type = "paravirtualized"
# instance_id = oci_core_instance.lon3.id
# volume_id = oci_core_volume.lon3.id