You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

119 lines
3.1 KiB

resource "digitalocean_droplet" "lon1" {
image = "ubuntu-20-04-x64" # ubuntu-18.04.x64 (terraform got angry if this name was used)
region = "lon1"
size = "s-1vcpu-1gb"
name = "lon1.${cloudflare_zone.sudois.zone}"
#ssh_keys = ["cb:79:d0:73:55:b1:79:60:a4:a9:d5:48:53:e2:67:13"]
# A remote-exec wait untils the instance is ready
# (also, we need python for ansible)
# A remote-exec wait untils the instance is ready
# (also, we need python for ansible)
provisioner "remote-exec" {
inline = [
"sudo apt-get update",
"sleep 3",
"sudo apt-get install -y python",
]
}
# provisioner "local-exec" {
# command = "ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root -i '${self.ipv4_address},' ../ansible/lon-vpn.yml"
# }
private_networking = true
}
resource "digitalocean_droplet" "lon0" {
image = "ubuntu-20-04-x64"
region = "lon1"
size = "s-1vcpu-1gb"
name = "lon0.sudo.is"
ssh_keys = ["cb:79:d0:73:55:b1:79:60:a4:a9:d5:48:53:e2:67:13"]
private_networking = true
}
resource "digitalocean_droplet" "fra0" {
image = "ubuntu-20-04-x64"
region = "fra1"
size = "s-1vcpu-1gb"
name = "fra0.sudo.is"
ssh_keys = ["cb:79:d0:73:55:b1:79:60:a4:a9:d5:48:53:e2:67:13"]
private_networking = true
ipv6 = true
}
# resource "digitalocean_droplet" "fra1" {
# image = "ubuntu-20-04-x64"
# region = "fra1"
# size = "s-1vcpu-1gb"
# name = "fra1"
# ssh_keys = ["cb:79:d0:73:55:b1:79:60:a4:a9:d5:48:53:e2:67:13"]
# private_networking = true
# ipv6 = true
# }
resource "digitalocean_firewall" "default-fw" {
name = "default-fw"
droplet_ids = [
digitalocean_droplet.lon0.id,
digitalocean_droplet.lon1.id,
digitalocean_droplet.fra0.id
]
inbound_rule {
protocol = "tcp"
port_range = "22"
source_addresses = [
"${local.mainframe_ip}/32",
"${local.mainframe_ip6}/128",
"${local.freespace_ip}/32",
"${local.freespace_ip6}/128",
]
}
inbound_rule {
protocol = "tcp"
port_range = "80"
source_addresses = ["0.0.0.0/0", "::/0"]
}
inbound_rule {
protocol = "tcp"
port_range = "443"
source_addresses = ["0.0.0.0/0", "::/0"]
}
inbound_rule {
protocol = "udp"
port_range = "4004"
source_addresses = ["0.0.0.0/0", "::/0"]
}
outbound_rule {
protocol = "icmp"
destination_addresses = ["0.0.0.0/0", "::/0"]
}
outbound_rule {
protocol = "udp"
port_range = "1-65535"
destination_addresses = ["0.0.0.0/0", "::/0"]
}
outbound_rule {
protocol = "tcp"
port_range = "1-65535"
destination_addresses = ["0.0.0.0/0", "::/0"]
}
}
resource "cloudflare_record" "lon0" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "lon0"
value = digitalocean_droplet.lon0.ipv4_address
ttl = 60
}
resource "cloudflare_record" "lon1" {
name = "lon1"
ttl = 60
type = "A"
value = digitalocean_droplet.lon1.ipv4_address
zone_id = cloudflare_zone.sudois.id
}