matrix bridges and redid the oracle stuff

main
Benedikt Kristinsson 5 months ago
parent 4c09e638d8
commit c11a60da8f
  1. 2
      hetznercloud.tf
  2. 150
      oracle-core.tf
  3. 66
      oracle-lb.tf
  4. 32
      oracle-matrix-bridges.tf
  5. 8
      sudoisnet/sudoisnet/wgdns.py
  6. 55
      vpn-dns.tf

@ -380,7 +380,7 @@ resource "hcloud_floating_ip" "fsn-lb" {
}
resource "hcloud_floating_ip_assignment" "fsn-lb" {
floating_ip_id = hcloud_floating_ip.fsn-lb.id
server_id = hcloud_server.fsn-lb-g0.id
server_id = hcloud_server.fsn-lb-g1.id
}
resource "hcloud_rdns" "floating_master" {

@ -8,20 +8,24 @@ variable "free_availability_domain" {
variable "vcn_cidr" {
default = "10.103.0.0/16"
}
variable "lon1_ad1_subnet_cidr" {
default = "10.103.1.0/24"
}
variable "lon1_ad2_subnet_cidr" {
default = "10.103.2.0/24"
}
variable "lon1_ad3_subnet_cidr" {
variable "ssh-https_cidr" {
default = "10.103.3.0/24"
}
variable "sshonly_cidr" {
default = "10.103.4.0/24"
}
variable "lon_instances_ips" {
default = {
lon-matrix-bridges-g0 = "10.103.3.26"
lon-matrix-bridges-b0 = "10.103.3.25"
lon-matrix-bridges-g0 = "10.103.4.26"
lon-matrix-bridges-b0 = "10.103.4.25"
lon-lb-g0 = "10.103.3.10"
lon-lb-b0 = "10.103.3.11"
lon-lb-g1 = "10.103.3.12"
lon-lb-b1 = "10.103.3.13"
}
}
@ -39,35 +43,21 @@ resource "oci_core_vcn" "lon1_vcn" {
display_name = "oci-lon1"
dns_label = "sudois"
}
resource "oci_core_subnet" "london1ad1" {
availability_domain = "JnpY:UK-LONDON-1-AD-2"
cidr_block = var.lon1_ad1_subnet_cidr
display_name = "london1ad1"
dns_label = "london1ad1"
security_list_ids = [
oci_core_security_list.ssh-https.id
]
compartment_id = var.compartment_ocid
vcn_id = oci_core_vcn.lon1_vcn.id
dhcp_options_id = oci_core_vcn.lon1_vcn.default_dhcp_options_id
}
resource "oci_core_subnet" "london1ad2" {
availability_domain = "JnpY:UK-LONDON-1-AD-2"
cidr_block = var.lon1_ad2_subnet_cidr
display_name = "london1ad2"
dns_label = "london1ad2"
resource "oci_core_subnet" "sshonly" {
cidr_block = var.sshonly_cidr
display_name = "sshonly"
dns_label = "sshonly"
security_list_ids = [
oci_core_security_list.ssh-https.id
oci_core_security_list.ssh.id
]
compartment_id = var.compartment_ocid
vcn_id = oci_core_vcn.lon1_vcn.id
dhcp_options_id = oci_core_vcn.lon1_vcn.default_dhcp_options_id
}
resource "oci_core_subnet" "london1ad3" {
availability_domain = "JnpY:UK-LONDON-1-AD-3"
cidr_block = var.lon1_ad3_subnet_cidr
display_name = "london1ad3"
dns_label = "london1ad3"
resource "oci_core_subnet" "ssh-https" {
cidr_block = var.ssh-https_cidr
display_name = "sshhttps"
dns_label = "internet"
security_list_ids = [
oci_core_security_list.ssh-https.id
]
@ -76,7 +66,6 @@ resource "oci_core_subnet" "london1ad3" {
dhcp_options_id = oci_core_vcn.lon1_vcn.default_dhcp_options_id
}
resource "oci_core_internet_gateway" "lon1_ig" {
compartment_id = var.compartment_ocid
display_name = "lon1"
@ -87,11 +76,11 @@ resource "oci_core_route_table" "route0" {
display_name = "route0"
vcn_id = oci_core_vcn.lon1_vcn.id
compartment_id = var.compartment_ocid
# route_rules {
# destination = var.wg_cidr
# destination_type = "CIDR_BLOCK"
# network_entity_id = oci_core_private_ip.lon3.id
# }
route_rules {
destination = var.wg_cidr
destination_type = "CIDR_BLOCK"
network_entity_id = oci_core_private_ip.lon-matrix-bridges-g0.id
}
route_rules {
destination = "0.0.0.0/0"
destination_type = "CIDR_BLOCK"
@ -99,19 +88,16 @@ resource "oci_core_route_table" "route0" {
}
}
resource "oci_core_route_table_attachment" "lon1ad1" {
subnet_id = oci_core_subnet.london1ad1.id
resource "oci_core_route_table_attachment" "sshonly" {
subnet_id = oci_core_subnet.sshonly.id
route_table_id = oci_core_route_table.route0.id
}
resource "oci_core_route_table_attachment" "lon1ad2" {
subnet_id = oci_core_subnet.london1ad2.id
route_table_id = oci_core_route_table.route0.id
}
resource "oci_core_route_table_attachment" "lon1ad3" {
subnet_id = oci_core_subnet.london1ad3.id
resource "oci_core_route_table_attachment" "ssh-https" {
subnet_id = oci_core_subnet.ssh-https.id
route_table_id = oci_core_route_table.route0.id
}
# need to do some more magic to open ports:
# https://stackoverflow.com/questions/54794217/opening-port-80-on-oracle-cloud-infrastructure-compute-node
# quick hack:
@ -197,6 +183,70 @@ resource "oci_core_security_list" "ssh-https" {
}
}
resource "oci_core_security_list" "ssh" {
compartment_id = var.compartment_ocid
vcn_id = oci_core_vcn.lon1_vcn.id
display_name = "ssh"
egress_security_rules {
destination = "0.0.0.0/0"
protocol = "all"
}
ingress_security_rules {
protocol = "all"
source = var.vcn_cidr
}
ingress_security_rules {
protocol = "6" // tcp
source = "${local.mainframe_ip}/32"
stateless = false
tcp_options {
source_port_range {
min = 1
max = 65535
}
min = 22
max = 22
}
}
ingress_security_rules {
protocol = "6" // tcp
source = "${local.freespace_ip}/32"
stateless = false
tcp_options {
source_port_range {
min = 1
max = 65535
}
min = 22
max = 22
}
}
ingress_security_rules {
protocol = "17" // udp
source = "0.0.0.0/0"
stateless = false
udp_options {
source_port_range {
min = 1
max = 65535
}
// These values correspond to the destination port range.
min = 4004
max = 4004
}
}
}
resource "oci_core_public_ip" "float" {
compartment_id = var.compartment_ocid
@ -212,11 +262,3 @@ resource "cloudflare_record" "oci_float" {
value = oci_core_public_ip.float.ip_address
ttl = 60
}
resource "cloudflare_record" "lon-matrix-bridges-g0" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "lon-matrix-bridges-g0"
value = oci_core_instance.lon-matrix-bridges-g0.public_ip
ttl = 60
}

@ -0,0 +1,66 @@
# resource "oci_core_instance" "lon-lb-g0" {
# availability_domain = "JnpY:UK-LONDON-1-AD-2"
# compartment_id = var.compartment_ocid
# display_name = "lon-lb-g0"
# shape = "VM.Standard.E2.1.Micro"
# # preserve the volume if instance is deleted
# preserve_boot_volume = true
# source_details {
# source_type = "image"
# # https://docs.oracle.com/en-us/iaas/images/ubuntu-2004/
# source_id = "ocid1.image.oc1.uk-london-1.aaaaaaaabtyai7rkxcirycov253c4bmju7zgi7lifl225255g3g2se2ez6wa"
# boot_volume_size_in_gbs = "50"
# }
# metadata = {
# ssh_authorized_keys = var.ssh_public_key
# }
# timeouts {
# create = "60m"
# }
# agent_config {
# are_all_plugins_disabled = true
# is_management_disabled = true
# is_monitoring_disabled = true
# }
# create_vnic_details {
# assign_public_ip = true
# private_ip = var.lon_instances_ips["lon-lb-g0"]
# skip_source_dest_check = true
# subnet_id = oci_core_subnet.sshonly.id
# display_name = "lon-lb-g0_vnic"
# hostname_label = "lon-lb-g0"
# }
# shape_config {
# memory_in_gbs = "1"
# ocpus = "1"
# }
# }
# # resource "oci_core_vnic_attachment" "lon-lb-g0_nic" {
# # instance_id = oci_core_instance.lon-lb-g0.id
# # create_vnic_details {
# # assign_public_ip = true
# # private_ip = var.lon_instances_ips["lon-lb-g0"]
# # skip_source_dest_check = true
# # subnet_id = oci_core_subnet.london1ad2.id
# # display_name = "lon-lb-g0_vnic"
# # hostname_label = "lon-lb-g0"
# # }
# # }
# data "oci_core_private_ip" "imported_lon-lb-g0" {
# private_ip_id = "ocid1.privateip.oc1.uk-london-1.abwgiljtsi7fz67cwg6lufhfdy7vukhld5vp7v4caur3qbpterwrsoqmg7ra"
# }
# resource "cloudflare_record" "lon-lb-g0" {
# zone_id = cloudflare_zone.sudois.id
# type = "A"
# name = "lon-lb-g0.lon"
# value = oci_core_instance.lon-lb-g0.public_ip
# ttl = 60
# }

@ -31,12 +31,42 @@ resource "oci_core_instance" "lon-matrix-bridges-g0" {
assign_public_ip = true
private_ip = var.lon_instances_ips["lon-matrix-bridges-g0"]
skip_source_dest_check = true
subnet_id = oci_core_subnet.london1ad3.id
subnet_id = oci_core_subnet.sshonly.id
display_name = "lon-matrix-bridges-g0_vnic"
hostname_label = "lon-matrix-bridges-g0"
#nsg_ids = [ oci_core_security_list.ssh.id ]
}
shape_config {
memory_in_gbs = "6"
ocpus = "1"
}
}
# terraform import "oci_core_vnic_attachment.lon-matrix-bridges-g0_vnic" ocid1.vnicattachment.oc1.uk-london-1.anwgiljsyefuk7ycqco7uueex7n3yzwlenaxlh2rthm4dszrqwcfgsur4enq
resource "oci_core_vnic_attachment" "lon-matrix-bridges-g0_vnic" {
instance_id = oci_core_instance.lon-matrix-bridges-g0.id
create_vnic_details {
assign_public_ip = true
private_ip = var.lon_instances_ips["lon-matrix-bridges-g0"]
skip_source_dest_check = true
subnet_id = oci_core_subnet.sshonly.id
display_name = "lon-matrix-bridges-g0_vnic"
hostname_label = "lon-matrix-bridges-g0"
}
}
# terraform import "oci_core_private_ip.lon-matrix-bridges-g0" ocid1.privateip.oc1.uk-london-1.abwgiljsdbqpvyvgyczxzqtdqndalgibmcc4vbocklvbji2v4fuzk2idrifq
resource "oci_core_private_ip" "lon-matrix-bridges-g0" {
ip_address = var.lon_instances_ips["lon-matrix-bridges-g0"]
vnic_id = oci_core_vnic_attachment.lon-matrix-bridges-g0_vnic.vnic_id
}
resource "cloudflare_record" "lon-matrix-bridges-g0" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "lon-matrix-bridges-g0.lon"
value = oci_core_instance.lon-matrix-bridges-g0.public_ip
ttl = 60
}
# data "oci_core_private_ip" "imported_lon-matrix-bridges-g0" {
# private_ip_id = "ocid1.privateip.oc1.uk-london-1.abwgiljsswdgcav62ktbc4lgu3dctjd5y7534hkusyhl67el57pce3p3arpq"
# }

@ -50,12 +50,6 @@ vpn_names = {
'matrix-bridge-smtp': 'fra2.sudo.is',
'logstash': 'fsn-g0.sudo.is',
'origin-matrix': 'fra2.sudo.is',
'origin-login': 'fra1-auth-g0.sudo.is',
'origin-ldap': 'fra1-auth-g0.sudo.is',
'origin-nextcloud': 'mainframe.sudo.is',
# get rid of these
'pibuilder': 'ber1.sudo.is',
}
@ -89,7 +83,7 @@ def main():
vpn_ip = wg_clients[vpntarget]['ip']
records.append(a_record(hostname, vpn_ip, "."))
for var_filename in ["fsn-lb", "lon-lb"]:
for var_filename in ["fsnlb", "lonlb"]:
with open(os.path.join(varfiles, var_filename + ".yml"), 'r') as f:
lbvars = yaml.safe_load(f)

@ -373,50 +373,6 @@ resource "cloudflare_record" "logstash-sudo-is" {
resource "cloudflare_record" "origin-matrix-sudo-is" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "origin-matrix"
value = "10.102.47.144"
proxied = false
ttl = 60
}
resource "cloudflare_record" "origin-login-sudo-is" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "origin-login"
value = "10.102.47.143"
proxied = false
ttl = 60
}
resource "cloudflare_record" "origin-ldap-sudo-is" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "origin-ldap"
value = "10.102.47.143"
proxied = false
ttl = 60
}
resource "cloudflare_record" "origin-nextcloud-sudo-is" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "origin-nextcloud"
value = "10.102.47.128"
proxied = false
ttl = 60
}
resource "cloudflare_record" "pibuilder-sudo-is" {
zone_id = cloudflare_zone.sudois.id
type = "A"
@ -604,6 +560,17 @@ resource "cloudflare_record" "notflix-sudo-is" {
resource "cloudflare_record" "matrix-bridges-sudo-is" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "matrix-bridges"
value = "78.46.252.187"
proxied = false
ttl = 60
}
resource "cloudflare_record" "matrix-sudo-is" {
zone_id = cloudflare_zone.sudois.id
type = "A"

Loading…
Cancel
Save