Compare commits

..

No commits in common. "7947e3791cc042cca2b587125e8ee32a86a4d378" and "2df78721e449b4d16c7d227834a965bf52a0051f" have entirely different histories.

12 changed files with 43 additions and 212 deletions

1
.gitignore vendored
View File

@ -20,4 +20,3 @@ playbooks/beta/files/*.pub
docker/beta/shockrah.xyz/
docker/beta/resume.shockrah.xyz/
k8s/config.yaml
infra/**/tfplan

View File

@ -1,22 +0,0 @@
networks:
gitea:
external: false
services:
gitea:
image: gitea/gitea:latest
container_name: gitea
environment:
- USER_UID=1000
- USER_GID=1000
restart: always
networks:
- gitea
volumes:
- /opt/containers/gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "2222:22"

View File

@ -1,13 +0,0 @@
What is this
============
Here we contain scripts to build out all the containers that are run.
All of these images are based on images that are made from other projects
docker-compose.yaml
===================
Services that are more/less "special" go here since most of the stuff that is
run on the main host are basically just static html websites

View File

@ -37,7 +37,6 @@ locals {
{ name = "www.shockrah.xyz", records = [ var.vultr_host ] },
{ name = "resume.shockrah.xyz", records = [ var.vultr_host ] },
{ name = "immich.shockrah.xyz", records = [ "45.32.92.196" ] },
{ name = "git.shockrah.xyz", records = [ var.vultr_host ] },
]
}

View File

@ -4,7 +4,6 @@
vars:
websites:
- shockrah.xyz
- git.shockrah.xyz
- temper.tv
- resume.shockrah.xyz
tasks:

View File

@ -1,7 +0,0 @@
---
- hosts: webhost
remote_user: webadmin
tasks:
- name: Run docker-compose up
community.docker.docker_compose_v2:
project_src: ../../../containers/

View File

@ -1,54 +0,0 @@
# This playbook is to be executed when first setting up
# the machine so we'll have to login as root, but in doing so
# we'll setup a user which can use sudo and use pem based authentication
# this should remove the ability to login as root with a janky password
---
- hosts: webhost
remote_user: root
tasks:
- name: Ensure sudo is available
apt:
state: present
update_cache: true
pkg:
- sudo
- zsh
- name: Create webadmin user
user:
name: webadmin
state: present
shell: /bin/zsh
groups:
- nginx
append: yes
- name: webadmin key copy
authorized_key:
user: webadmin
state: present
key: "{{ lookup('file', '~/.ssh/vultr/webadmin.pem.pub') }}"
- name: Add webadmin to sudoers
copy:
dest: "/etc/sudoers.d/webadmin"
content: "webadmin ALL=(ALL) NOPASSWD: ALL"
- name: Disable Password Authentication
lineinfile:
dest: /etc/ssh/sshd_config
line: PasswordAuthentication no
state: present
backup: yes
notify:
- restart ssh
- name: Disable root login
lineinfile:
dest: /etc/ssh/sshd_config
line: PermitRootLogin no
state: present
backup: yes
notify:
- restart ssh
handlers:
- name: restart ssh
service:
name: sshd
state: restarted

View File

@ -1,47 +0,0 @@
---
- hosts: webhost
remote_user: webadmin
become: true
tasks:
- name: Install docker and docker-compose
apt:
update_cache: true
pkg:
- ca-certificates
- curl
- name: Setup keyring
command:
cmd: "install -m 0755 -d /etc/apt/keyrings"
- name: Download docker gpg key
get_url:
url: https://download.docker.com/linux/ubuntu/gpg
dest: /etc/apt/keyrings/docker.asc
- name: Set perms on /etc/apt/keyrings/docker.asc
file:
dest: /etc/apt/keyrings/docker.asc
mode: a+r
- name: Ensure docker.lst exists
copy:
content: ''
dest: /etc/apt/sources.list.d/docker.list
force: false
group: root
owner: root
mode: 0644
- name: Ensure docker.lst is present for apt
lineinfile:
line: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu jammy stable\n"
dest: /etc/apt/sources.list.d/docker.list
state: present
- name: install docker packages
apt:
update_cache: true
pkg:
- docker-ce
- docker-ce-cli
- containerd.io
- docker-buildx-plugin
- docker-compose-plugin

View File

@ -33,13 +33,4 @@ resource vultr_firewall_rule ssh_v4 {
port = "22"
}
resource vultr_firewall_rule gitea_ssh {
firewall_group_id = vultr_firewall_group.host.id
protocol = "tcp"
ip_type = "v4"
subnet = "0.0.0.0"
subnet_size = 0
port = "2222"
}

View File

@ -1,50 +0,0 @@
resource kubernetes_ingress_v1 athens {
metadata {
name = var.shockrahxyz.name
namespace = kubernetes_namespace.websites.metadata.0.name
labels = {
app = "websites"
}
}
spec {
rule {
host = "test.shockrah.xyz"
http {
path {
backend {
service {
name = var.shockrahxyz.name
port {
number = 80
}
}
}
path = "/"
}
}
}
}
}
resource kubernetes_service athens_lb {
metadata {
name = "athens-websites"
namespace = kubernetes_namespace.websites.metadata.0.name
labels = {
app = "websites"
}
}
spec {
selector = {
app = kubernetes_ingress_v1.athens.metadata.0.labels.app
}
port {
port = 80
target_port = 80
}
type = "LoadBalancer"
external_ips = [ var.cluster.ip ]
}
}

View File

@ -1,4 +1,4 @@
Plain nginx for now so that we can test out reverse dns
# Plain nginx for now so that we can test out reverse dns
resource kubernetes_pod shockrah {
metadata {
name = var.shockrahxyz.name
@ -18,4 +18,46 @@ resource kubernetes_pod shockrah {
}
}
# Expose the pod above with a simple service
resource kubernetes_service shockrah {
metadata {
name = var.shockrahxyz.name
namespace = kubernetes_namespace.websites.metadata.0.name
}
spec {
selector = {
app = kubernetes_pod.shockrah.metadata.0.labels.app
}
port {
port = var.shockrahxyz.port
target_port = 80
}
type = "ExternalName"
external_name = var.shockrahxyz.dns
}
}
resource kubernetes_ingress_v1 shockrah {
metadata {
name = "shockrah"
}
spec {
rule {
http {
path {
path = "/"
backend {
service {
name = var.shockrahxyz.name
port {
number = var.shockrahxyz.port
}
}
}
}
}
}
}
}

View File

@ -27,9 +27,3 @@ variable shockrahxyz {
})
}
variable cluster {
type = object({
ip = string
})
}