From 7dec0f8ff321c8bf22bfab2a7af2e8daf123a56e Mon Sep 17 00:00:00 2001 From: oscarpocock Date: Sun, 28 Aug 2022 17:55:59 +0100 Subject: [PATCH] Initial neko project --- .../Development/neko/.terraform.lock.hcl | 24 +++++++++ .../Development/neko/cloud-config.tpl | 13 +++++ hetzner/Projects/Development/neko/firewall.tf | 52 +++++++++++++++++++ hetzner/Projects/Development/neko/install.sh | 36 +++++++++++++ hetzner/Projects/Development/neko/main.tf | 8 +++ hetzner/Projects/Development/neko/network.tf | 4 ++ hetzner/Projects/Development/neko/outputs.tf | 7 +++ hetzner/Projects/Development/neko/provider.tf | 8 +++ hetzner/Projects/Development/neko/server.tf | 18 +++++++ .../Development/neko/server_network.tf | 5 ++ hetzner/Projects/Development/neko/subnet.tf | 6 +++ .../Projects/Development/neko/variables.tf | 32 ++++++++++++ 12 files changed, 213 insertions(+) create mode 100644 hetzner/Projects/Development/neko/.terraform.lock.hcl create mode 100644 hetzner/Projects/Development/neko/cloud-config.tpl create mode 100644 hetzner/Projects/Development/neko/firewall.tf create mode 100644 hetzner/Projects/Development/neko/install.sh create mode 100644 hetzner/Projects/Development/neko/main.tf create mode 100644 hetzner/Projects/Development/neko/network.tf create mode 100644 hetzner/Projects/Development/neko/outputs.tf create mode 100644 hetzner/Projects/Development/neko/provider.tf create mode 100644 hetzner/Projects/Development/neko/server.tf create mode 100644 hetzner/Projects/Development/neko/server_network.tf create mode 100644 hetzner/Projects/Development/neko/subnet.tf create mode 100644 hetzner/Projects/Development/neko/variables.tf diff --git a/hetzner/Projects/Development/neko/.terraform.lock.hcl b/hetzner/Projects/Development/neko/.terraform.lock.hcl new file mode 100644 index 0000000..ed70c08 --- /dev/null +++ b/hetzner/Projects/Development/neko/.terraform.lock.hcl @@ -0,0 +1,24 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hetznercloud/hcloud" { + version = "1.35.1" + constraints = "~> 1.35.1" + hashes = [ + "h1:FgSVN8CkqWt+iHhTYPPVQgoltoO8FGI+quB0PZucfj4=", + "zh:055161a3bec0b09db32b2488ac9036e46e7867c3319af182329157a1ff72ca00", + "zh:08f0d5b31dfac682df21a3f193aac93522a05e83e8eca26c547d2baa2858238b", + "zh:16d4c4a194d056947820680a116bf23227d4ee527d33831d7a7df52c5c0c3c4b", + "zh:46b528a76968599e1a6c45d8264b86fe9602070a42fd2d2db32899b5161e44dc", + "zh:502b16a56bb6780b86913ad3f4f573ae3f29f7a3d99335d7fd120c1b607537e8", + "zh:5fa5114d101e9d7c1915b1f136cc2b48a83c9ace7c994545940f11ccabf1f036", + "zh:6ac8ff28f145ef20c595faf81ff9c478be4d469cdd5b7aeaf2feefcc80a3dd36", + "zh:8ced6aec0546784eea6a9e56082af3af5c9917459351ef2951a9742125d4aab9", + "zh:927b0c39de0b368e52c7491859948082aaa84d877f0fed7ef483892c844875bf", + "zh:9d9c0fb5e862e47d24cdb007afad0215ccff9da65cf8a6cfa66030e844f5403c", + "zh:ae5475cae11806a93bb4adb3c87007ce9c0211d16c9c7a87ae5e9d58a68fcc0b", + "zh:d01600e67abc7ce7c59bc8567b7a650bc5ce817723a354f401a803d421610641", + "zh:f3487f1c49145b560fd19c8c681cb9eaaa85fc3700ea9b675f649f5f5d8b1e3c", + "zh:f5257b83287156effecb0f43fe80b6cbcc02c89f35ceda1b845d4e3dcf757dca", + ] +} diff --git a/hetzner/Projects/Development/neko/cloud-config.tpl b/hetzner/Projects/Development/neko/cloud-config.tpl new file mode 100644 index 0000000..9f3aa21 --- /dev/null +++ b/hetzner/Projects/Development/neko/cloud-config.tpl @@ -0,0 +1,13 @@ +#cloud-config + +package_update: true + +package_upgrade: true + +packages: + - vim + +runcmd: + - curl -L https:// | bash + +final_message: "The system is finally up, after $UPTIME seconds" \ No newline at end of file diff --git a/hetzner/Projects/Development/neko/firewall.tf b/hetzner/Projects/Development/neko/firewall.tf new file mode 100644 index 0000000..58d9113 --- /dev/null +++ b/hetzner/Projects/Development/neko/firewall.tf @@ -0,0 +1,52 @@ +resource "hcloud_firewall" "firewall" { + name = "${var.project_name}-fw" + # ICMP + rule { + direction = "in" + protocol = "icmp" + source_ips = [ + "0.0.0.0/0", + "::/0" + ] + } + # SSH + rule { + direction = "in" + protocol = "tcp" + port = 22 + source_ips = [ + "0.0.0.0/0", + "::/0" + ] + } + # HTTP + rule { + direction = "in" + protocol = "tcp" + port = 80 + source_ips = [ + "0.0.0.0/0", + "::/0" + ] + } + # HTTPS + rule { + direction = "in" + protocol = "tcp" + port = 443 + source_ips = [ + "0.0.0.0/0", + "::/0" + ] + } + # NEKO UDP + rule { + direction = "in" + protocol = "udp" + port = "59000-59100" + source_ips = [ + "0.0.0.0/0", + "::/0" + ] + } +} diff --git a/hetzner/Projects/Development/neko/install.sh b/hetzner/Projects/Development/neko/install.sh new file mode 100644 index 0000000..d2cef43 --- /dev/null +++ b/hetzner/Projects/Development/neko/install.sh @@ -0,0 +1,36 @@ +# Install Docker +curl -fsSL https://get.docker.com | sh + +# Install dependencies +apt install wget curl apache2-utils docker-compose sed -y + +# Images to download +NEKO_IMAGES=(m1k1o/neko:firefox m1k1o/neko:vlc) + +# Set environmental variables +{ +echo "TZ=${TZ}" +echo "NEKO_ROOMS_EPR=${NEKO_ROOMS_EPR}" +echo "NEKO_ROOMS_TRAEFIK_DOMAIN=${NEKO_ROOMS_TRAEFIK_DOMAIN}" +echo "NEKO_ROOMS_TRAEFIK_ENTRYPOINT=websecure" +echo "NEKO_ROOMS_TRAEFIK_NETWORK=neko-rooms-traefik" +echo "NEKO_ROOMS_TRAEFIK_CERTRESOLVER=lets-encrypt" +echo "NEKO_ROOMS_NEKO_IMAGES=${NEKO_IMAGES[*]}" +} > /neko/.env + +mkdir -p "/neko/config" +touch /neko/usersfile +htpasswd -nb admin admin >> /neko/usersfile +wget -O "/neko/traefik.yml" "https://raw.githubusercontent.com/m1k1o/neko-rooms/master/traefik/traefik.yml" +sed -i "s/yourname@example.com/${TRAEFIK_EMAIL}/g" "/neko/traefik.yml" +wget -O "/neko/config/middlewares.yml" "https://raw.githubusercontent.com/m1k1o/neko-rooms/master/traefik/config/middlewares.yml" +wget -O "/neko/config/routers.yml" "https://raw.githubusercontent.com/m1k1o/neko-rooms/master/traefik/config/routers.yml" +wget -O "/neko/config/tls.yml" "https://raw.githubusercontent.com/m1k1o/neko-rooms/master/traefik/config/tls.yml" +touch "/neko/acme.json" +chmod 600 "/neko/acme.json" +wget -O "/neko/docker-compose.yml" "https://raw.githubusercontent.com/m1k1o/neko-rooms/master/traefik/docker-compose.yml" + +# Pull neko images +for NEKO_IMAGE in "${NEKO_IMAGES[@]}"; do + docker pull "${NEKO_IMAGE}" +done \ No newline at end of file diff --git a/hetzner/Projects/Development/neko/main.tf b/hetzner/Projects/Development/neko/main.tf new file mode 100644 index 0000000..602dcb9 --- /dev/null +++ b/hetzner/Projects/Development/neko/main.tf @@ -0,0 +1,8 @@ +terraform { + required_providers { + hcloud = { + source = "hetznercloud/hcloud" + version = "~> 1.35.1" + } + } +} diff --git a/hetzner/Projects/Development/neko/network.tf b/hetzner/Projects/Development/neko/network.tf new file mode 100644 index 0000000..400fd41 --- /dev/null +++ b/hetzner/Projects/Development/neko/network.tf @@ -0,0 +1,4 @@ +resource "hcloud_network" "network" { + name = "${var.project_name}-vnet" + ip_range = "10.0.0.0/16" +} diff --git a/hetzner/Projects/Development/neko/outputs.tf b/hetzner/Projects/Development/neko/outputs.tf new file mode 100644 index 0000000..a471efc --- /dev/null +++ b/hetzner/Projects/Development/neko/outputs.tf @@ -0,0 +1,7 @@ +output "public_ip" { + value = hcloud_server.server.ipv4_address +} + +output "private_ip" { + value = hcloud_server_network.server_network.ip +} diff --git a/hetzner/Projects/Development/neko/provider.tf b/hetzner/Projects/Development/neko/provider.tf new file mode 100644 index 0000000..a42c014 --- /dev/null +++ b/hetzner/Projects/Development/neko/provider.tf @@ -0,0 +1,8 @@ +# Set the variable value in *.tfvars file +# or using the -var="hcloud_token=..." CLI option +variable "hcloud_token" {} + +# Configure the Hetzner Cloud Provider +provider "hcloud" { + token = var.hcloud_token +} diff --git a/hetzner/Projects/Development/neko/server.tf b/hetzner/Projects/Development/neko/server.tf new file mode 100644 index 0000000..f10d1cc --- /dev/null +++ b/hetzner/Projects/Development/neko/server.tf @@ -0,0 +1,18 @@ +resource "hcloud_server" "server" { + name = "${var.project_name}-vm" + server_type = var.server_type + image = var.image + location = var.location + backups = var.backups + firewall_ids = [hcloud_firewall.firewall.id] + labels = local.labels + ssh_keys = [data.hcloud_ssh_key.ssh_key.id] + user_data = file("${path.module}/cloud-config.tpl") + depends_on = [ + hcloud_network_subnet.network-subnet + ] +} + +data "hcloud_ssh_key" "ssh_key" { + name = "dev-noble@noir" +} diff --git a/hetzner/Projects/Development/neko/server_network.tf b/hetzner/Projects/Development/neko/server_network.tf new file mode 100644 index 0000000..41616b9 --- /dev/null +++ b/hetzner/Projects/Development/neko/server_network.tf @@ -0,0 +1,5 @@ +resource "hcloud_server_network" "server_network" { + server_id = hcloud_server.server.id + network_id = hcloud_network.network.id + ip = "10.0.1.5" +} diff --git a/hetzner/Projects/Development/neko/subnet.tf b/hetzner/Projects/Development/neko/subnet.tf new file mode 100644 index 0000000..49dbc21 --- /dev/null +++ b/hetzner/Projects/Development/neko/subnet.tf @@ -0,0 +1,6 @@ +resource "hcloud_network_subnet" "network-subnet" { + type = "cloud" + network_id = hcloud_network.network.id + network_zone = "eu-central" + ip_range = "10.0.1.0/24" +} diff --git a/hetzner/Projects/Development/neko/variables.tf b/hetzner/Projects/Development/neko/variables.tf new file mode 100644 index 0000000..dfbb925 --- /dev/null +++ b/hetzner/Projects/Development/neko/variables.tf @@ -0,0 +1,32 @@ +variable "project_name" { + type = string + default = "neko" +} + +variable "server_type" { + type = string + default = "cx11" +} + +variable "image" { + type = string + default = "debian-11" +} + +variable "location" { + type = string + default = "nbg1" +} + +variable "backups" { + type = bool + default = false +} + +locals { + labels = { + "Project" = "${var.project_name}" + "Owner" = "Oscar" + "Environment" = "Development" + } +}