Initial neko project

2022-08-28 17:55:59 +01:00 · 2022-08-28 17:55:59 +01:00 · 7dec0f8ff3
commit 7dec0f8ff3
parent 4d3c74ab70
12 changed files with 213 additions and 0 deletions
--- a/hetzner/Projects/Development/neko/.terraform.lock.hcl
+++ b/hetzner/Projects/Development/neko/.terraform.lock.hcl
@ -0,0 +1,24 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hetznercloud/hcloud" {
+  version     = "1.35.1"
+  constraints = "~> 1.35.1"
+  hashes = [
+    "h1:FgSVN8CkqWt+iHhTYPPVQgoltoO8FGI+quB0PZucfj4=",
+    "zh:055161a3bec0b09db32b2488ac9036e46e7867c3319af182329157a1ff72ca00",
+    "zh:08f0d5b31dfac682df21a3f193aac93522a05e83e8eca26c547d2baa2858238b",
+    "zh:16d4c4a194d056947820680a116bf23227d4ee527d33831d7a7df52c5c0c3c4b",
+    "zh:46b528a76968599e1a6c45d8264b86fe9602070a42fd2d2db32899b5161e44dc",
+    "zh:502b16a56bb6780b86913ad3f4f573ae3f29f7a3d99335d7fd120c1b607537e8",
+    "zh:5fa5114d101e9d7c1915b1f136cc2b48a83c9ace7c994545940f11ccabf1f036",
+    "zh:6ac8ff28f145ef20c595faf81ff9c478be4d469cdd5b7aeaf2feefcc80a3dd36",
+    "zh:8ced6aec0546784eea6a9e56082af3af5c9917459351ef2951a9742125d4aab9",
+    "zh:927b0c39de0b368e52c7491859948082aaa84d877f0fed7ef483892c844875bf",
+    "zh:9d9c0fb5e862e47d24cdb007afad0215ccff9da65cf8a6cfa66030e844f5403c",
+    "zh:ae5475cae11806a93bb4adb3c87007ce9c0211d16c9c7a87ae5e9d58a68fcc0b",
+    "zh:d01600e67abc7ce7c59bc8567b7a650bc5ce817723a354f401a803d421610641",
+    "zh:f3487f1c49145b560fd19c8c681cb9eaaa85fc3700ea9b675f649f5f5d8b1e3c",
+    "zh:f5257b83287156effecb0f43fe80b6cbcc02c89f35ceda1b845d4e3dcf757dca",
+  ]
+}
--- a/hetzner/Projects/Development/neko/cloud-config.tpl
+++ b/hetzner/Projects/Development/neko/cloud-config.tpl
@ -0,0 +1,13 @@
+#cloud-config
+
+package_update: true
+
+package_upgrade: true
+
+packages:
+  - vim
+
+runcmd:
+  - curl -L https:// | bash
+
+final_message: "The system is finally up, after $UPTIME seconds"
--- a/hetzner/Projects/Development/neko/firewall.tf
+++ b/hetzner/Projects/Development/neko/firewall.tf
@ -0,0 +1,52 @@
+resource "hcloud_firewall" "firewall" {
+  name = "${var.project_name}-fw"
+  # ICMP
+  rule {
+    direction = "in"
+    protocol  = "icmp"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+  # SSH
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    port      = 22
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+  # HTTP
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    port      = 80
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+  # HTTPS
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    port      = 443
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+  # NEKO UDP
+  rule {
+    direction = "in"
+    protocol  = "udp"
+    port      = "59000-59100"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+}
--- a/hetzner/Projects/Development/neko/install.sh
+++ b/hetzner/Projects/Development/neko/install.sh
@ -0,0 +1,36 @@
+# Install Docker
+curl -fsSL https://get.docker.com | sh
+
+# Install dependencies
+apt install wget curl apache2-utils docker-compose sed -y
+
+# Images to download
+NEKO_IMAGES=(m1k1o/neko:firefox m1k1o/neko:vlc)
+
+# Set environmental variables
+{
+echo "TZ=${TZ}"
+echo "NEKO_ROOMS_EPR=${NEKO_ROOMS_EPR}"
+echo "NEKO_ROOMS_TRAEFIK_DOMAIN=${NEKO_ROOMS_TRAEFIK_DOMAIN}"
+echo "NEKO_ROOMS_TRAEFIK_ENTRYPOINT=websecure"
+echo "NEKO_ROOMS_TRAEFIK_NETWORK=neko-rooms-traefik"
+echo "NEKO_ROOMS_TRAEFIK_CERTRESOLVER=lets-encrypt"
+echo "NEKO_ROOMS_NEKO_IMAGES=${NEKO_IMAGES[*]}"
+} > /neko/.env
+
+mkdir -p "/neko/config"
+touch /neko/usersfile
+htpasswd -nb admin admin >> /neko/usersfile
+wget -O "/neko/traefik.yml" "https://raw.githubusercontent.com/m1k1o/neko-rooms/master/traefik/traefik.yml"
+sed -i "s/yourname@example.com/${TRAEFIK_EMAIL}/g" "/neko/traefik.yml"
+wget -O "/neko/config/middlewares.yml" "https://raw.githubusercontent.com/m1k1o/neko-rooms/master/traefik/config/middlewares.yml"
+wget -O "/neko/config/routers.yml" "https://raw.githubusercontent.com/m1k1o/neko-rooms/master/traefik/config/routers.yml"
+wget -O "/neko/config/tls.yml" "https://raw.githubusercontent.com/m1k1o/neko-rooms/master/traefik/config/tls.yml"
+touch "/neko/acme.json"
+chmod 600 "/neko/acme.json"
+wget -O "/neko/docker-compose.yml" "https://raw.githubusercontent.com/m1k1o/neko-rooms/master/traefik/docker-compose.yml"
+
+# Pull neko images
+for NEKO_IMAGE in "${NEKO_IMAGES[@]}"; do
+  docker pull "${NEKO_IMAGE}"
+done
--- a/hetzner/Projects/Development/neko/main.tf
+++ b/hetzner/Projects/Development/neko/main.tf
@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    hcloud = {
+      source  = "hetznercloud/hcloud"
+      version = "~> 1.35.1"
+    }
+  }
+}
--- a/hetzner/Projects/Development/neko/network.tf
+++ b/hetzner/Projects/Development/neko/network.tf
@ -0,0 +1,4 @@
+resource "hcloud_network" "network" {
+  name     = "${var.project_name}-vnet"
+  ip_range = "10.0.0.0/16"
+}
--- a/hetzner/Projects/Development/neko/outputs.tf
+++ b/hetzner/Projects/Development/neko/outputs.tf
@ -0,0 +1,7 @@
+output "public_ip" {
+  value = hcloud_server.server.ipv4_address
+}
+
+output "private_ip" {
+  value = hcloud_server_network.server_network.ip
+}
--- a/hetzner/Projects/Development/neko/provider.tf
+++ b/hetzner/Projects/Development/neko/provider.tf
@ -0,0 +1,8 @@
+# Set the variable value in *.tfvars file
+# or using the -var="hcloud_token=..." CLI option
+variable "hcloud_token" {}
+
+# Configure the Hetzner Cloud Provider
+provider "hcloud" {
+  token = var.hcloud_token
+}
--- a/hetzner/Projects/Development/neko/server.tf
+++ b/hetzner/Projects/Development/neko/server.tf
@ -0,0 +1,18 @@
+resource "hcloud_server" "server" {
+  name         = "${var.project_name}-vm"
+  server_type  = var.server_type
+  image        = var.image
+  location     = var.location
+  backups      = var.backups
+  firewall_ids = [hcloud_firewall.firewall.id]
+  labels       = local.labels
+  ssh_keys     = [data.hcloud_ssh_key.ssh_key.id]
+  user_data    = file("${path.module}/cloud-config.tpl")
+  depends_on = [
+    hcloud_network_subnet.network-subnet
+  ]
+}
+
+data "hcloud_ssh_key" "ssh_key" {
+  name = "dev-noble@noir"
+}
--- a/hetzner/Projects/Development/neko/server_network.tf
+++ b/hetzner/Projects/Development/neko/server_network.tf
@ -0,0 +1,5 @@
+resource "hcloud_server_network" "server_network" {
+  server_id  = hcloud_server.server.id
+  network_id = hcloud_network.network.id
+  ip         = "10.0.1.5"
+}
--- a/hetzner/Projects/Development/neko/subnet.tf
+++ b/hetzner/Projects/Development/neko/subnet.tf
@ -0,0 +1,6 @@
+resource "hcloud_network_subnet" "network-subnet" {
+  type         = "cloud"
+  network_id   = hcloud_network.network.id
+  network_zone = "eu-central"
+  ip_range     = "10.0.1.0/24"
+}
--- a/hetzner/Projects/Development/neko/variables.tf
+++ b/hetzner/Projects/Development/neko/variables.tf
@ -0,0 +1,32 @@
+variable "project_name" {
+  type    = string
+  default = "neko"
+}
+
+variable "server_type" {
+  type    = string
+  default = "cx11"
+}
+
+variable "image" {
+  type    = string
+  default = "debian-11"
+}
+
+variable "location" {
+  type    = string
+  default = "nbg1"
+}
+
+variable "backups" {
+  type    = bool
+  default = false
+}
+
+locals {
+  labels = {
+    "Project"     = "${var.project_name}"
+    "Owner"       = "Oscar"
+    "Environment" = "Development"
+  }
+}