shockrah/infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: shockrah:37305fd74e0f457d333cff88e7ae6518f5d912f9
Branches Tags
shockrah:master shockrah:fix/ansible-workflows
..
compare: shockrah:master
Branches Tags
shockrah:master shockrah:fix/ansible-workflows

7 Commits
37305fd74e ... master

Author SHA1 Message Date
shockrah
eea4c61537 Quick A record for testing static website migration
Some checks failed
Ansible Linting / ansible-lint (push) Failing after 17s
Details
Secops Linting and Safety Checks / checkov-scan-s3 (push) Failing after 1m25s
Details
2026-01-31 12:29:49 -08:00
shockrah
ee860c6e1f Common names now line up with hostnames in certificate through the 1 ingress (fire emoji)
Some checks failed
Ansible Linting / ansible-lint (push) Failing after 8s
Details
Secops Linting and Safety Checks / checkov-scan-s3 (push) Failing after 21s
Details
2026-01-13 23:18:41 -08:00
shockrah
1c11410c2d More resource re-factors, upgrades and fixes for future work
Some checks failed
Ansible Linting / ansible-lint (push) Failing after 4s
Details
Secops Linting and Safety Checks / checkov-scan-s3 (push) Failing after 16s
Details 
Housekeeping but the wiki got hosed :((
 2026-01-07 00:53:11 -08:00
shockrah
4d71994b85 Upgrading provider versions
Some checks failed
Ansible Linting / ansible-lint (push) Failing after 4s
Details
Secops Linting and Safety Checks / checkov-scan-s3 (push) Failing after 18s
Details
2026-01-07 00:21:12 -08:00
shockrah
79cb4eb1a6 Cleaning up unused code
Some checks failed
Ansible Linting / ansible-lint (push) Failing after 4s
Details
Secops Linting and Safety Checks / checkov-scan-s3 (push) Failing after 18s
Details
2026-01-07 00:02:11 -08:00
shockrah
e8817fe093 Adding wiki to DNS and opening it up on the ingress for public read access 2026-01-06 19:12:31 -08:00
shockrah
97bffd2042 Adding note regarding git.shockrah.xyz & code.shockrah.xyz 2026-01-06 19:06:23 -08:00
10 changed files with 30 additions and 61 deletions
Expand all files Collapse all files

1
infra/dns/shockrah-xyz.tf
View File

@@ -40,6 +40,7 @@ locals {
{ name = "sanity.shockrah.xyz", records = [ var.vke_lb ] }, { name = "sanity.shockrah.xyz", records = [ var.vke_lb ] },
{ name = "uptime.shockrah.xyz", records = [ var.vke_lb ] }, { name = "uptime.shockrah.xyz", records = [ var.vke_lb ] },
{ name = "code.shockrah.xyz", records = [ var.vke_lb ] }, { name = "code.shockrah.xyz", records = [ var.vke_lb ] },
{ name = "wiki.shockrah.xyz", records = [ var.vke_lb ] },
] ]
} }

8
infra/dns/temper-tv.tf
View File

@@ -33,3 +33,11 @@ resource "aws_route53_record" "temper-tv-mx" {
"50 fb.mail.gandi.net.", "50 fb.mail.gandi.net.",
] ]
} }
resource "aws_route53_record" "temper-tv-test" {
zone_id = aws_route53_zone.temper-tv.id
name = "test.temper.tv"
type = "A"
ttl = 300
records = [ var.vke_lb ]
}

4
infra/vultr-kubernetes/backend.tf
View File

@@ -9,7 +9,7 @@ terraform {
required_providers { required_providers {
aws = { aws = {
source = "hashicorp/aws" source = "hashicorp/aws"
version = "5.98.0" version = "6.27.0"
} }
vultr = { vultr = {
source = "vultr/vultr" source = "vultr/vultr"
@@ -17,7 +17,7 @@ terraform {
} }
kubernetes = { kubernetes = {
source = "hashicorp/kubernetes" source = "hashicorp/kubernetes"
version = "2.37.1" version = "3.0.1"
} }
kubectl = { kubectl = {
source = "gavinbunney/kubectl" source = "gavinbunney/kubectl"

13
infra/vultr-kubernetes/firewall.tf
View File

@@ -8,16 +8,3 @@
# port = each.value # port = each.value
# } # }
resource vultr_firewall_group bastion {
description = "For connections into and out of the bastion host"
}
resource vultr_firewall_rule bastion_inbound {
firewall_group_id = vultr_firewall_group.bastion.id
protocol = "tcp"
ip_type = "v4"
subnet = "0.0.0.0"
subnet_size = 0
port = 22
}

3
infra/vultr-kubernetes/git.tf
View File

@@ -1,3 +1,6 @@
# NOTE: this is a simple deployment for demo purposes only.
# Currently it does support SSH access and lacks Gitea runners.
# However a fully working setup can be found at: https://git.shockrah.xyz
resource kubernetes_deployment gitea { resource kubernetes_deployment gitea {
metadata { metadata {
name = "gitea" name = "gitea"

4
infra/vultr-kubernetes/health.tf
View File

@@ -1,4 +1,4 @@
resource kubernetes_deployment health { resource kubernetes_deployment_v1 health {
metadata { metadata {
name = "health" name = "health"
namespace = var.playground.namespace namespace = var.playground.namespace
@@ -29,7 +29,7 @@ resource kubernetes_deployment health {
} }
} }
resource kubernetes_service health { resource kubernetes_service_v1 health {
metadata { metadata {
name = "health" name = "health"
namespace = var.playground.namespace namespace = var.playground.namespace

22
infra/vultr-kubernetes/ingress.tf
View File

@@ -1,8 +1,9 @@
locals { locals {
services = { services = {
code = kubernetes_service.gitea "code.shockrah.xyz" = kubernetes_service.gitea
sanity = kubernetes_service.health "sanity.shockrah.xyz" = kubernetes_service_v1.health
uptime = kubernetes_service.kuma "uptime.shockrah.xyz" = kubernetes_service.kuma
"wiki.shockrah.xyz" = kubernetes_service.otterwiki
} }
} }
resource kubernetes_ingress_v1 health { resource kubernetes_ingress_v1 health {
@@ -16,18 +17,17 @@ resource kubernetes_ingress_v1 health {
} }
spec { spec {
ingress_class_name = "nginx" ingress_class_name = "nginx"
tls { dynamic tls {
hosts = [ for_each = local.services
"sanity.shockrah.xyz", content {
"uptime.shockrah.xyz", hosts = [tls.key]
"code.shockrah.xyz" secret_name = "${tls.value.metadata[0].name}-secret"
] }
secret_name = "shockrah"
} }
dynamic "rule" { dynamic "rule" {
for_each = local.services for_each = local.services
content { content {
host = "${rule.key}.shockrah.xyz" host = "${rule.key}"
http { http {
path { path {
path = "/" path = "/"

8
infra/vultr-kubernetes/namespaces.tf
View File

@@ -7,12 +7,4 @@ resource kubernetes_namespace playground {
} }
} }
resource kubernetes_namespace openobserve {
metadata {
annotations = {
names = "openobserve"
}
name = "openobserve"
}
}

14
infra/vultr-kubernetes/variables.tf
View File

@@ -40,22 +40,10 @@ variable cluster {
variable playground { variable playground {
type = object({ type = object({
namespace = string namespace = string
health = object({ # TODO: Re-incorporate this var for templating later
dns = string
})
tls = object({ tls = object({
email = string email = string
}) })
}) })
} }
variable bastion {
type = object({
plan = string
os = string
label = string
})
}

14
infra/vultr-kubernetes/variables.tfvars
View File

@@ -1,11 +1,11 @@
cluster = { cluster = {
region = "lax" region = "lax"
label = "athens-cluster" label = "athens-cluster"
version = "v1.33.0+3" version = "v1.34.1+2"
pools = { pools = {
main = { main = {
node_quantity = 1 node_quantity = 1
plan = "vc2-2c-4gb" plan = "vc2-1c-2gb"
label = "main" label = "main"
min_nodes = 1 min_nodes = 1
max_nodes = 2 max_nodes = 2
@@ -18,17 +18,7 @@ playground = {
namespace = "playground" namespace = "playground"
# Sanity check service that is used purely for the sake of ensuring # Sanity check service that is used purely for the sake of ensuring
# things are ( at a basic level ) functional # things are ( at a basic level ) functional
health = {
dns = "health"
}
tls = { tls = {
email = "dev@shockrah.xyz" email = "dev@shockrah.xyz"
} }
} }
bastion = {
plan = "vc2-1c-2gb"
label = "bastion"
os = "1743"
}