~damien/infrastructure

52593c418b76eb252a8e0bc14761dcdc45d09d70 — Damien Radtke 2 years ago 8bb418f v2
Finish initial v2 feature parity work
A policies/write => policies/write +5 -0
@@ 0,0 1,5 @@
#!/usr/bin/env bash
cd "$(dirname "${BASH_SOURCE[0]}")/.."
for policy in policies/*.hcl; do
	vault policy write "$(basename "${policy}" .hcl)" "${policy}"
done

M terraform/domain/input.tf => terraform/domain/input.tf +0 -4
@@ 14,8 14,4 @@ variable instances {
  }))
}

variable live_workspace {
  type = string
}

// vim: set expandtab shiftwidth=2 tabstop=2:

M terraform/domain/main.tf => terraform/domain/main.tf +2 -2
@@ 14,7 14,7 @@ data "linode_domain" "d" {
// Domains should only be applied in the default workspace to avoid clobbering DNS records in test deployments.

resource "linode_domain_record" "a" {
  for_each    = toset(terraform.workspace == var.live_workspace ? var.instances[*].ipv4 : [])
  for_each    = toset(var.instances[*].ipv4)
  domain_id   = data.linode_domain.d.id
  name        = var.name
  record_type = "A"


@@ 22,7 22,7 @@ resource "linode_domain_record" "a" {
}

resource "linode_domain_record" "aaaa" {
  for_each    = toset(terraform.workspace == var.live_workspace ? var.instances[*].ip : [])
  for_each    = toset(var.instances[*].ip)
  domain_id   = data.linode_domain.d.id
  name        = var.name
  record_type = "AAAA"

M terraform/main.tf => terraform/main.tf +9 -3
@@ 108,12 108,18 @@ output "vault-servers" {
  description = "Vault servers"
  value       = module.vault-server.instances
}
/*

module "module-damienradtkecom" {
  source = "./domain"
  count = terraform.workspace == var.live_workspace ? 1 : 0
  domain = "damienradtke.com"
  instances = module.nomad-client-ingress.instances
  live_workspace = var.live_workspace
}
  */

module "module-www-damienradtkecom" {
  source = "./domain"
  count = terraform.workspace == var.live_workspace ? 1 : 0
  domain = "damienradtke.com"
  name = "www"
  instances = module.nomad-client-ingress.instances
}

M tools/update-nomad-client-firewall => tools/update-nomad-client-firewall +6 -6
@@ 9,16 9,16 @@ if [[ ! -f terraform.tfstate ]]; then
	exit 1
fi

client_ips="$(terraform output -json nomad_client_ips | jq -r '.[]')"
for from_ip in ${client_ips}; do
all_clients="$(echo "$(terraform output -json nomad-clients) $(terraform output -json nomad-clients-ingress)" | jq -n '[inputs|.[]]')"
from_ips="$(echo "${all_clients}" | jq -r '.[].ip')"
to_ips="$(echo "${all_clients}" | jq -r '.[] | .ip, .ipv4')"

for from_ip in ${from_ips}; do
	echo "clearing existing values for ${from_ip}"
	# TODO: is there a firewalld command we could run to do this instead?
	ssh "${from_ip}" "sudo sed -i '/<source address/d' /etc/firewalld/zones/nomad-clients.xml"
	ssh "${from_ip}" "sudo firewall-cmd --reload"
	for to_ip in ${client_ips}; do
		if [[ "${from_ip}" = "${to_ip}" ]]; then
			continue
		fi
	for to_ip in ${to_ips}; do
		echo "from ${from_ip} trust ${to_ip}"
		ssh "${from_ip}" "sudo firewall-cmd --zone=nomad-clients --add-source='${to_ip}' --permanent"
	done