A policies/write => policies/write +5 -0
@@ 0,0 1,5 @@
+#!/usr/bin/env bash
+cd "$(dirname "${BASH_SOURCE[0]}")/.."
+for policy in policies/*.hcl; do
+ vault policy write "$(basename "${policy}" .hcl)" "${policy}"
+done
M terraform/domain/input.tf => terraform/domain/input.tf +0 -4
@@ 14,8 14,4 @@ variable instances {
}))
}
-variable live_workspace {
- type = string
-}
-
// vim: set expandtab shiftwidth=2 tabstop=2:
M terraform/domain/main.tf => terraform/domain/main.tf +2 -2
@@ 14,7 14,7 @@ data "linode_domain" "d" {
// Domains should only be applied in the default workspace to avoid clobbering DNS records in test deployments.
resource "linode_domain_record" "a" {
- for_each = toset(terraform.workspace == var.live_workspace ? var.instances[*].ipv4 : [])
+ for_each = toset(var.instances[*].ipv4)
domain_id = data.linode_domain.d.id
name = var.name
record_type = "A"
@@ 22,7 22,7 @@ resource "linode_domain_record" "a" {
}
resource "linode_domain_record" "aaaa" {
- for_each = toset(terraform.workspace == var.live_workspace ? var.instances[*].ip : [])
+ for_each = toset(var.instances[*].ip)
domain_id = data.linode_domain.d.id
name = var.name
record_type = "AAAA"
M terraform/main.tf => terraform/main.tf +9 -3
@@ 108,12 108,18 @@ output "vault-servers" {
description = "Vault servers"
value = module.vault-server.instances
}
-/*
module "module-damienradtkecom" {
source = "./domain"
+ count = terraform.workspace == var.live_workspace ? 1 : 0
domain = "damienradtke.com"
instances = module.nomad-client-ingress.instances
- live_workspace = var.live_workspace
}
- */
+
+module "module-www-damienradtkecom" {
+ source = "./domain"
+ count = terraform.workspace == var.live_workspace ? 1 : 0
+ domain = "damienradtke.com"
+ name = "www"
+ instances = module.nomad-client-ingress.instances
+}
M tools/update-nomad-client-firewall => tools/update-nomad-client-firewall +6 -6
@@ 9,16 9,16 @@ if [[ ! -f terraform.tfstate ]]; then
exit 1
fi
-client_ips="$(terraform output -json nomad_client_ips | jq -r '.[]')"
-for from_ip in ${client_ips}; do
+all_clients="$(echo "$(terraform output -json nomad-clients) $(terraform output -json nomad-clients-ingress)" | jq -n '[inputs|.[]]')"
+from_ips="$(echo "${all_clients}" | jq -r '.[].ip')"
+to_ips="$(echo "${all_clients}" | jq -r '.[] | .ip, .ipv4')"
+
+for from_ip in ${from_ips}; do
echo "clearing existing values for ${from_ip}"
# TODO: is there a firewalld command we could run to do this instead?
ssh "${from_ip}" "sudo sed -i '/<source address/d' /etc/firewalld/zones/nomad-clients.xml"
ssh "${from_ip}" "sudo firewall-cmd --reload"
- for to_ip in ${client_ips}; do
- if [[ "${from_ip}" = "${to_ip}" ]]; then
- continue
- fi
+ for to_ip in ${to_ips}; do
echo "from ${from_ip} trust ${to_ip}"
ssh "${from_ip}" "sudo firewall-cmd --zone=nomad-clients --add-source='${to_ip}' --permanent"
done