From db93daf5f6882cfd72aac14a9136059ffe279e18 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Fri, 29 Sep 2023 18:03:59 +0200
Subject: [PATCH] feat(terraform): Upgrade to Fedora 38
---
terraform/k8s01/.terraform.lock.hcl | 36 ++++++-------
terraform/k8s01/main.tf | 9 +++-
terraform/k8s01/templates/cloud-init.tpl | 66 +++++++++++++++++++++++-
terraform/k8s01/variables.tf | 19 +++++++
4 files changed, 108 insertions(+), 22 deletions(-)
diff --git a/terraform/k8s01/.terraform.lock.hcl b/terraform/k8s01/.terraform.lock.hcl
index c8818c663..f4676835f 100644
--- a/terraform/k8s01/.terraform.lock.hcl
+++ b/terraform/k8s01/.terraform.lock.hcl
@@ -1,26 +1,26 @@
-# This file is maintained automatically by "opentf init".
+# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/cloudflare/cloudflare" {
- version = "4.12.0"
- constraints = "4.12.0"
+ version = "4.15.0"
+ constraints = "4.15.0"
hashes = [
- "h1:TgaRIjC8f5N3NgNNBlDLV3FeVObUu8auG8Fhh2zfVGQ=",
- "zh:1b0f11752b5e7539c9fc8f1dcea9ed01f5f4d71771999f50bcd238c35e99dc70",
- "zh:2aae0370edea7e75ab5d128b75140c006b5ace22fc819735aa62ddcedc046169",
- "zh:2ff3010ac107f055993db99d0879c069ee0f933a77383ac850d6be044be70e3f",
- "zh:45f06373e18ace5a5c3a4bc23fc93a163bc11987b01125870f1abe859a964e8d",
- "zh:5711e328cbd42c49ab9768d2127460001d398b00eb67185dbf7c5dd49f76c549",
- "zh:5bd83bee6c2af907c4c75a5a0aaaebf908b6360629b80c2b80c3adebff8bc1ae",
- "zh:6591310951011ab429f787df2a2ec904c471c1b5b078195e385bb31297a5c02c",
- "zh:6fdac08b84b0a6e1ed52d1268aef0afbff6d0704e2188d928ce89e753643040c",
+ "h1:9SNRwKgXYFbef9ODbFcGMvHAzNwpsr29lqbwgttUNGU=",
+ "zh:12e7678cab172746b3acac66cd280a99a9b12a9af21c2a063242cf53c2c49f25",
+ "zh:13e7086f3c444fe58b8495ecfd3c6cef8a200e5d91e758b833c7991a4b782605",
+ "zh:22bf57720c93c4c6e5a052719977d34b4cfeb6930a05b0ccd8e13562c45c1acc",
+ "zh:371b5e5fc7f958f3698add96b45fd059b82c7412084113cac8e4ded27568959c",
+ "zh:376bc20158e4823b1ce28084167385f00d3e5e8419e499be2ddb1b9f0e2d677a",
+ "zh:6d3ffb50f54275926fe4fb82b56439b36eb9cac266a74f7c2eb46e13c0b9450a",
+ "zh:726ad74feb174d9f03433fc77e8ec8690371fbe891c4d980f9db6382e790145b",
+ "zh:7572aaf85d3687fbac623f7c28aa27f22e827a39ebbf8e482f712a43f49de054",
+ "zh:8494fdbbdec365b6d04b8dd23dcaaba1038030af5496f10df3f73efdad257a3d",
"zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
- "zh:89a6fe1e4351186db6f9fbb36eb4510bcbc84c983fa2b160e938396440920c52",
- "zh:89ee2382b4ee18445a848715469c9c8963a65b56f1373382b77968975926b0a3",
- "zh:8f66a3a135761839d53176efca4f3139449e34f1ce542c2a565ce1b22309a90b",
- "zh:923b784179cbb1580984ec364865ea9edc21baffb5b328215f7c0a5740f8ba60",
- "zh:cdeb63e3704bbdcfd8feb533ba72ec4f278a2871c59a363447e783e04e6c6414",
- "zh:df84a3fcdb71b75820f4f1da324c0be611a9b910dd005400f02f07caed69f073",
+ "zh:8972f77c222e43f81512382149786c229a68de1f428ad27c1f7052886e1faea7",
+ "zh:8eda83189beb5c6f220c97b49e683990447a020816aa71472077bbc1f48aab57",
+ "zh:ab2be9910ce3f9a8a7eeeb6ba89fe60f933a9303925cac7ee41e3de764803fe6",
+ "zh:bf8e782797ad63b6101a05707d976980c66cce846fac89d9017cba14fe0c14b2",
+ "zh:ef8352c6bff9845fd498be018a70c67a61f22e7c4cc7c1e1e5e880e0f2d9dfd7",
]
}
diff --git a/terraform/k8s01/main.tf b/terraform/k8s01/main.tf
index 667ce1058..1083c0d54 100644
--- a/terraform/k8s01/main.tf
+++ b/terraform/k8s01/main.tf
@@ -6,8 +6,13 @@ module "gw" {
dns_domain = var.dns_domain
dns_zone_id = var.dns_zone_id
dns_record_aaaa = false
- image = "fedora-37"
- user_data = templatefile("templates/cloud-init.tpl", {netbird_key = "${var.netbird_key}"})
+ image = "fedora-38"
+ user_data = templatefile("templates/cloud-init.tpl", {
+ netbird_key = var.netbird_key,
+ netbird_sshkey = var.netbird_sshkey,
+ netbird_privatekey = var.netbird_privatekey,
+ netbird_presharedkey = var.netbird_presharedkey
+ })
ssh_keys = data.hcloud_ssh_keys.all_keys.ssh_keys.*.name
server_type = "cx11"
labels = {
diff --git a/terraform/k8s01/templates/cloud-init.tpl b/terraform/k8s01/templates/cloud-init.tpl
index ffab6aff7..683e6ee44 100644
--- a/terraform/k8s01/templates/cloud-init.tpl
+++ b/terraform/k8s01/templates/cloud-init.tpl
@@ -16,7 +16,69 @@ EOF
dnf install -y netbird
+%{ if netbird_privatekey != "" }
+mkdir -p /etc/netbird/
+cat > /etc/netbird/config.json <<EOF
+{
+ "PrivateKey": "${netbird_privatekey}",
+ "PreSharedKey": "${netbird_presharedkey}",
+ "ManagementURL": {
+ "Scheme": "https",
+ "Opaque": "",
+ "User": null,
+ "Host": "api.wiretrustee.com:443",
+ "Path": "",
+ "RawPath": "",
+ "OmitHost": false,
+ "ForceQuery": false,
+ "RawQuery": "",
+ "Fragment": "",
+ "RawFragment": ""
+ },
+ "AdminURL": {
+ "Scheme": "https",
+ "Opaque": "",
+ "User": null,
+ "Host": "app.netbird.io",
+ "Path": "",
+ "RawPath": "",
+ "OmitHost": false,
+ "ForceQuery": false,
+ "RawQuery": "",
+ "Fragment": "",
+ "RawFragment": ""
+ },
+ "WgIface": "wt0",
+ "WgPort": 51820,
+ "IFaceBlackList": [
+ "wt0",
+ "wt",
+ "utun",
+ "tun0",
+ "zt",
+ "ZeroTier",
+ "utun",
+ "wg",
+ "ts",
+ "Tailscale",
+ "tailscale",
+ "docker",
+ "veth",
+ "br-"
+ ],
+ "DisableIPv6Discovery": false,
+ "SSHKey": "${netbird_sshkey}",
+ "SSHKey": "",
+ "NATExternalIPs": null,
+ "CustomDNSAddress": ""
+}
+EOF
+
+systemctl enable --now netbird
+%{ else }
netbird up --setup-key ${netbird_key}
+%{ endif }
+
# Install and configure HAProxy
dnf install -y haproxy
@@ -41,7 +103,7 @@ listen l1
timeout connect 4s
timeout client 180s
timeout server 180s
- server srv1-http ingress.k8s01.si-infra.de:80 check inter 5s send-proxy-v2
+ server srv1-http ingress-proxy-protocol.k8s01.si-infra.de:80 check inter 5s send-proxy-v2
listen l2
bind 0.0.0.0:443
bind :::443
@@ -49,7 +111,7 @@ listen l2
timeout connect 4s
timeout client 180s
timeout server 180s
- server srv1-https ingress.k8s01.si-infra.de:443 check inter 5s send-proxy-v2
+ server srv1-https ingress-proxy-protocol.k8s01.si-infra.de:443 check inter 5s send-proxy-v2
listen submissions
bind 0.0.0.0:465
bind :::465
diff --git a/terraform/k8s01/variables.tf b/terraform/k8s01/variables.tf
index a11edbaeb..174a65725 100644
--- a/terraform/k8s01/variables.tf
+++ b/terraform/k8s01/variables.tf
@@ -30,4 +30,23 @@ variable "location" {
variable "netbird_key" {
type = string
description = "NetBird activation key"
+ sensitive = true
+}
+
+variable "netbird_privatekey" {
+ type = string
+ description = "NetBird private key for keeping the netbird identity"
+ sensitive = true
+}
+
+variable "netbird_presharedkey" {
+ type = string
+ description = "NetBird preshared key, to limit trust of netbird infrastructure"
+ sensitive = true
+}
+
+variable "netbird_sshkey" {
+ type = string
+ description = "NetBird ssh key, because it seems to be needed."
+ sensitive = true
}
\ No newline at end of file
--
GitLab