feat(terraform): Upgrade to Fedora 38

db93daf5 · Sheogorath · 327e057f · db93daf5 · db93daf5 · db93daf5
Verified Commit db93daf5 authored 1 year ago by Sheogorath
--- a/terraform/k8s01/.terraform.lock.hcl
+++ b/terraform/k8s01/.terraform.lock.hcl
-# This file is maintained automatically by "opentf init".
+# This file is maintained automatically by "terraform init".
 # Manual edits may be lost in future updates.
 provider "registry.terraform.io/cloudflare/cloudflare" {
-  version     = "4.12.0"
+  version     = "4.15.0"
-  constraints = "4.12.0"
+  constraints = "4.15.0"
  hashes = [
-    "h1:TgaRIjC8f5N3NgNNBlDLV3FeVObUu8auG8Fhh2zfVGQ=",
+    "h1:9SNRwKgXYFbef9ODbFcGMvHAzNwpsr29lqbwgttUNGU=",
-    "zh:1b0f11752b5e7539c9fc8f1dcea9ed01f5f4d71771999f50bcd238c35e99dc70",
+    "zh:12e7678cab172746b3acac66cd280a99a9b12a9af21c2a063242cf53c2c49f25",
-    "zh:2aae0370edea7e75ab5d128b75140c006b5ace22fc819735aa62ddcedc046169",
+    "zh:13e7086f3c444fe58b8495ecfd3c6cef8a200e5d91e758b833c7991a4b782605",
-    "zh:2ff3010ac107f055993db99d0879c069ee0f933a77383ac850d6be044be70e3f",
+    "zh:22bf57720c93c4c6e5a052719977d34b4cfeb6930a05b0ccd8e13562c45c1acc",
-    "zh:45f06373e18ace5a5c3a4bc23fc93a163bc11987b01125870f1abe859a964e8d",
+    "zh:371b5e5fc7f958f3698add96b45fd059b82c7412084113cac8e4ded27568959c",
-    "zh:5711e328cbd42c49ab9768d2127460001d398b00eb67185dbf7c5dd49f76c549",
+    "zh:376bc20158e4823b1ce28084167385f00d3e5e8419e499be2ddb1b9f0e2d677a",
-    "zh:5bd83bee6c2af907c4c75a5a0aaaebf908b6360629b80c2b80c3adebff8bc1ae",
+    "zh:6d3ffb50f54275926fe4fb82b56439b36eb9cac266a74f7c2eb46e13c0b9450a",
-    "zh:6591310951011ab429f787df2a2ec904c471c1b5b078195e385bb31297a5c02c",
+    "zh:726ad74feb174d9f03433fc77e8ec8690371fbe891c4d980f9db6382e790145b",
-    "zh:6fdac08b84b0a6e1ed52d1268aef0afbff6d0704e2188d928ce89e753643040c",
+    "zh:7572aaf85d3687fbac623f7c28aa27f22e827a39ebbf8e482f712a43f49de054",
+    "zh:8494fdbbdec365b6d04b8dd23dcaaba1038030af5496f10df3f73efdad257a3d",
    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
-    "zh:89a6fe1e4351186db6f9fbb36eb4510bcbc84c983fa2b160e938396440920c52",
+    "zh:8972f77c222e43f81512382149786c229a68de1f428ad27c1f7052886e1faea7",
-    "zh:89ee2382b4ee18445a848715469c9c8963a65b56f1373382b77968975926b0a3",
+    "zh:8eda83189beb5c6f220c97b49e683990447a020816aa71472077bbc1f48aab57",
-    "zh:8f66a3a135761839d53176efca4f3139449e34f1ce542c2a565ce1b22309a90b",
+    "zh:ab2be9910ce3f9a8a7eeeb6ba89fe60f933a9303925cac7ee41e3de764803fe6",
-    "zh:923b784179cbb1580984ec364865ea9edc21baffb5b328215f7c0a5740f8ba60",
+    "zh:bf8e782797ad63b6101a05707d976980c66cce846fac89d9017cba14fe0c14b2",
-    "zh:cdeb63e3704bbdcfd8feb533ba72ec4f278a2871c59a363447e783e04e6c6414",
+    "zh:ef8352c6bff9845fd498be018a70c67a61f22e7c4cc7c1e1e5e880e0f2d9dfd7",
-    "zh:df84a3fcdb71b75820f4f1da324c0be611a9b910dd005400f02f07caed69f073",
  ]
 }

--- a/terraform/k8s01/main.tf
+++ b/terraform/k8s01/main.tf
@@ -6,8 +6,13 @@ module "gw" {
  dns_domain     = var.dns_domain
  dns_zone_id    = var.dns_zone_id
  dns_record_aaaa = false
-  image          = "fedora-37"
+  image          = "fedora-38"
-  user_data      = templatefile("templates/cloud-init.tpl", {netbird_key = "${var.netbird_key}"})
+  user_data      = templatefile("templates/cloud-init.tpl", {
+                      netbird_key = var.netbird_key,
+                      netbird_sshkey = var.netbird_sshkey,
+                      netbird_privatekey = var.netbird_privatekey,
+                      netbird_presharedkey = var.netbird_presharedkey
+                    })
  ssh_keys       = data.hcloud_ssh_keys.all_keys.ssh_keys.*.name
  server_type    = "cx11"
  labels         = {

--- a/terraform/k8s01/templates/cloud-init.tpl
+++ b/terraform/k8s01/templates/cloud-init.tpl
@@ -16,7 +16,69 @@ EOF
 dnf install -y netbird
+%{ if netbird_privatekey != "" }
+mkdir -p /etc/netbird/
+cat > /etc/netbird/config.json <<EOF
+{
+    "PrivateKey": "${netbird_privatekey}",
+    "PreSharedKey": "${netbird_presharedkey}",
+    "ManagementURL": {
+        "Scheme": "https",
+        "Opaque": "",
+        "User": null,
+        "Host": "api.wiretrustee.com:443",
+        "Path": "",
+        "RawPath": "",
+        "OmitHost": false,
+        "ForceQuery": false,
+        "RawQuery": "",
+        "Fragment": "",
+        "RawFragment": ""
+    },
+    "AdminURL": {
+        "Scheme": "https",
+        "Opaque": "",
+        "User": null,
+        "Host": "app.netbird.io",
+        "Path": "",
+        "RawPath": "",
+        "OmitHost": false,
+        "ForceQuery": false,
+        "RawQuery": "",
+        "Fragment": "",
+        "RawFragment": ""
+    },
+    "WgIface": "wt0",
+    "WgPort": 51820,
+    "IFaceBlackList": [
+        "wt0",
+        "wt",
+        "utun",
+        "tun0",
+        "zt",
+        "ZeroTier",
+        "utun",
+        "wg",
+        "ts",
+        "Tailscale",
+        "tailscale",
+        "docker",
+        "veth",
+        "br-"
+    ],
+    "DisableIPv6Discovery": false,
+    "SSHKey": "${netbird_sshkey}",
+    "SSHKey": "",
+    "NATExternalIPs": null,
+    "CustomDNSAddress": ""
+}
+EOF
+systemctl enable --now netbird
+%{ else }
 netbird up --setup-key ${netbird_key}
+%{ endif }
 # Install and configure HAProxy
 dnf install -y haproxy
@@ -41,7 +103,7 @@ listen l1
    timeout connect  4s
    timeout client   180s
    timeout server   180s
-    server srv1-http ingress.k8s01.si-infra.de:80 check inter 5s send-proxy-v2
+    server srv1-http ingress-proxy-protocol.k8s01.si-infra.de:80 check inter 5s send-proxy-v2
 listen l2
    bind 0.0.0.0:443
    bind :::443
@@ -49,7 +111,7 @@ listen l2
    timeout connect  4s
    timeout client   180s
    timeout server   180s
-    server srv1-https ingress.k8s01.si-infra.de:443 check inter 5s send-proxy-v2
+    server srv1-https ingress-proxy-protocol.k8s01.si-infra.de:443 check inter 5s send-proxy-v2
 listen submissions
    bind 0.0.0.0:465
    bind :::465

--- a/terraform/k8s01/variables.tf
+++ b/terraform/k8s01/variables.tf
@@ -30,4 +30,23 @@ variable "location" {
 variable "netbird_key" {
  type        = string
  description = "NetBird activation key"
+  sensitive = true
+}
+variable "netbird_privatekey" {
+  type        = string
+  description = "NetBird private key for keeping the netbird identity"
+  sensitive = true
+}
+variable "netbird_presharedkey" {
+  type        = string
+  description = "NetBird preshared key, to limit trust of netbird infrastructure"
+  sensitive = true
+}
+variable "netbird_sshkey" {
+  type        = string
+  description = "NetBird ssh key, because it seems to be needed."
+  sensitive = true
 }
\ No newline at end of file