From 26b9228cf7891699f9e85dc8c21d2f93c6c27b2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?H=C3=A9ctor=20Molinero=20Fern=C3=A1ndez?= Date: Thu, 30 Jan 2020 21:33:16 +0100 Subject: [PATCH] Refactor --- packer/.gitignore | 6 +++ .../build.pkr.hcl | 0 {qemu => packer/qemu}/http/seed/meta-data | 0 {qemu => packer/qemu}/http/seed/user-data | 0 {qemu => packer/qemu}/start-vm.sh | 0 .../etc/apt/apt.conf.d/20auto-upgrades | 0 .../etc/apt/apt.conf.d/50unattended-upgrades | 0 .../rootfs}/etc/fail2ban/jail.d/sshd.conf | 0 {rootfs => packer/rootfs}/etc/ssh/sshd_config | 0 .../rootfs}/etc/unbound/unbound.conf | 0 .../rootfs}/etc/wireguard/client-sample.conf | 0 .../rootfs}/etc/wireguard/wg0-peers.conf | 0 .../rootfs}/etc/wireguard/wg0.conf | 0 .../sources.pkr.hcl | 4 +- .gitignore => terraform/.gitignore | 9 ++-- terraform/main.tf | 30 +++++++++++++ terraform/outputs.tf | 9 ++++ terraform/templates/user-data.tpl | 17 ++++++++ terraform/terraform.tfvars.sample | 11 +++++ terraform/variables.tf | 42 +++++++++++++++++++ wireguard.tf | 35 ---------------- 21 files changed, 123 insertions(+), 40 deletions(-) create mode 100644 packer/.gitignore rename wireguard.build.pkr.hcl => packer/build.pkr.hcl (100%) rename {qemu => packer/qemu}/http/seed/meta-data (100%) rename {qemu => packer/qemu}/http/seed/user-data (100%) rename {qemu => packer/qemu}/start-vm.sh (100%) rename {rootfs => packer/rootfs}/etc/apt/apt.conf.d/20auto-upgrades (100%) rename {rootfs => packer/rootfs}/etc/apt/apt.conf.d/50unattended-upgrades (100%) rename {rootfs => packer/rootfs}/etc/fail2ban/jail.d/sshd.conf (100%) rename {rootfs => packer/rootfs}/etc/ssh/sshd_config (100%) rename {rootfs => packer/rootfs}/etc/unbound/unbound.conf (100%) rename {rootfs => packer/rootfs}/etc/wireguard/client-sample.conf (100%) rename {rootfs => packer/rootfs}/etc/wireguard/wg0-peers.conf (100%) rename {rootfs => packer/rootfs}/etc/wireguard/wg0.conf (100%) rename wireguard.sources.pkr.hcl => packer/sources.pkr.hcl (91%) rename .gitignore => terraform/.gitignore (68%) create mode 100644 terraform/main.tf create mode 100644 terraform/outputs.tf create mode 100644 terraform/templates/user-data.tpl create mode 100644 terraform/terraform.tfvars.sample create mode 100644 terraform/variables.tf delete mode 100644 wireguard.tf diff --git a/packer/.gitignore b/packer/.gitignore new file mode 100644 index 0000000..c372e46 --- /dev/null +++ b/packer/.gitignore @@ -0,0 +1,6 @@ +packer_cache/ +dist/ + +*.box + +crash.log diff --git a/wireguard.build.pkr.hcl b/packer/build.pkr.hcl similarity index 100% rename from wireguard.build.pkr.hcl rename to packer/build.pkr.hcl diff --git a/qemu/http/seed/meta-data b/packer/qemu/http/seed/meta-data similarity index 100% rename from qemu/http/seed/meta-data rename to packer/qemu/http/seed/meta-data diff --git a/qemu/http/seed/user-data b/packer/qemu/http/seed/user-data similarity index 100% rename from qemu/http/seed/user-data rename to packer/qemu/http/seed/user-data diff --git a/qemu/start-vm.sh b/packer/qemu/start-vm.sh similarity index 100% rename from qemu/start-vm.sh rename to packer/qemu/start-vm.sh diff --git a/rootfs/etc/apt/apt.conf.d/20auto-upgrades b/packer/rootfs/etc/apt/apt.conf.d/20auto-upgrades similarity index 100% rename from rootfs/etc/apt/apt.conf.d/20auto-upgrades rename to packer/rootfs/etc/apt/apt.conf.d/20auto-upgrades diff --git a/rootfs/etc/apt/apt.conf.d/50unattended-upgrades b/packer/rootfs/etc/apt/apt.conf.d/50unattended-upgrades similarity index 100% rename from rootfs/etc/apt/apt.conf.d/50unattended-upgrades rename to packer/rootfs/etc/apt/apt.conf.d/50unattended-upgrades diff --git a/rootfs/etc/fail2ban/jail.d/sshd.conf b/packer/rootfs/etc/fail2ban/jail.d/sshd.conf similarity index 100% rename from rootfs/etc/fail2ban/jail.d/sshd.conf rename to packer/rootfs/etc/fail2ban/jail.d/sshd.conf diff --git a/rootfs/etc/ssh/sshd_config b/packer/rootfs/etc/ssh/sshd_config similarity index 100% rename from rootfs/etc/ssh/sshd_config rename to packer/rootfs/etc/ssh/sshd_config diff --git a/rootfs/etc/unbound/unbound.conf b/packer/rootfs/etc/unbound/unbound.conf similarity index 100% rename from rootfs/etc/unbound/unbound.conf rename to packer/rootfs/etc/unbound/unbound.conf diff --git a/rootfs/etc/wireguard/client-sample.conf b/packer/rootfs/etc/wireguard/client-sample.conf similarity index 100% rename from rootfs/etc/wireguard/client-sample.conf rename to packer/rootfs/etc/wireguard/client-sample.conf diff --git a/rootfs/etc/wireguard/wg0-peers.conf b/packer/rootfs/etc/wireguard/wg0-peers.conf similarity index 100% rename from rootfs/etc/wireguard/wg0-peers.conf rename to packer/rootfs/etc/wireguard/wg0-peers.conf diff --git a/rootfs/etc/wireguard/wg0.conf b/packer/rootfs/etc/wireguard/wg0.conf similarity index 100% rename from rootfs/etc/wireguard/wg0.conf rename to packer/rootfs/etc/wireguard/wg0.conf diff --git a/wireguard.sources.pkr.hcl b/packer/sources.pkr.hcl similarity index 91% rename from wireguard.sources.pkr.hcl rename to packer/sources.pkr.hcl index 91ff8cc..4b95b48 100644 --- a/wireguard.sources.pkr.hcl +++ b/packer/sources.pkr.hcl @@ -21,8 +21,8 @@ source "qemu" "main" { disk_image = true vm_name = "wireguard.qcow2" - http_directory = "./qemu/http/" - output_directory = "./qemu/dist/" + http_directory = "{{template_dir}}/qemu/http/" + output_directory = "{{template_dir}}/qemu/dist/" accelerator = "kvm" cpus = 1 diff --git a/.gitignore b/terraform/.gitignore similarity index 68% rename from .gitignore rename to terraform/.gitignore index 1118530..7cd5285 100644 --- a/.gitignore +++ b/terraform/.gitignore @@ -1,10 +1,13 @@ -**/dist/* -**/packer_cache/* -**/.terraform/* +.terraform/ + *.tfstate *.tfstate.* + +terraform.tfvars + override.tf override.tf.json *_override.tf *_override.tf.json + crash.log diff --git a/terraform/main.tf b/terraform/main.tf new file mode 100644 index 0000000..4570f9c --- /dev/null +++ b/terraform/main.tf @@ -0,0 +1,30 @@ +provider "hcloud" { + token = var.hcloud_api_token +} + +data "hcloud_image" "wg_image" { + with_selector = "service=wireguard" + most_recent = true +} + +resource "hcloud_ssh_key" "wg_server_ssh_key" { + public_key = var.wg_server_ssh_publickey + name = var.wg_server_ssh_publickey_name +} + +resource "hcloud_server" "wg_server" { + image = data.hcloud_image.wg_image.id + name = var.wg_server_name + server_type = var.wg_server_type + location = var.wg_server_location + labels = { + service = "wireguard" + } + ssh_keys = [ + hcloud_ssh_key.wg_server_ssh_key.id + ] + user_data = templatefile("${path.module}/templates/user-data.tpl", { + wg_server_own_privatekey = var.wg_server_own_privatekey + wg_server_peer_publickeys = var.wg_server_peer_publickeys + }) +} diff --git a/terraform/outputs.tf b/terraform/outputs.tf new file mode 100644 index 0000000..7a9da79 --- /dev/null +++ b/terraform/outputs.tf @@ -0,0 +1,9 @@ +output "wg_server_ipv4_address" { + value = hcloud_server.wg_server.ipv4_address + description = "IPv4 address" +} + +output "wg_server_ipv6_address" { + value = hcloud_server.wg_server.ipv6_address + description = "IPv6 address" +} diff --git a/terraform/templates/user-data.tpl b/terraform/templates/user-data.tpl new file mode 100644 index 0000000..877195f --- /dev/null +++ b/terraform/templates/user-data.tpl @@ -0,0 +1,17 @@ +#cloud-config + +write_files: + - path: "/etc/wireguard/wg0-privatekey" + owner: "root:root" + permissions: "0600" + content: | + ${wg_server_own_privatekey} + - path: "/etc/wireguard/wg0-peers.conf" + owner: "root:root" + permissions: "0644" + content: | + %{~ for index, pubkey in wg_server_peer_publickeys ~} + [Peer] + PublicKey = ${pubkey} + AllowedIPs = 10.10.10.${index+2}/32, fd10:10:10::${index+2}/128 + %{~ endfor ~} diff --git a/terraform/terraform.tfvars.sample b/terraform/terraform.tfvars.sample new file mode 100644 index 0000000..6eb23fc --- /dev/null +++ b/terraform/terraform.tfvars.sample @@ -0,0 +1,11 @@ +hcloud_api_token = "" + +wg_server_name = "" +wg_server_type = "" +wg_server_location = "" + +wg_server_ssh_publickey = "" +wg_server_ssh_publickey_name = "" + +wg_server_own_privatekey = "" +wg_server_peer_publickeys = [] diff --git a/terraform/variables.tf b/terraform/variables.tf new file mode 100644 index 0000000..ee93e6d --- /dev/null +++ b/terraform/variables.tf @@ -0,0 +1,42 @@ +variable "hcloud_api_token" { + type = string + description = "Hetzner Cloud API token" +} + +variable "wg_server_name" { + type = string + description = "Server name" + default = "wireguard" +} + +variable "wg_server_type" { + type = string + description = "Server type" + default = "cx11" +} + +variable "wg_server_location" { + type = string + description = "Server location" + default = "fsn1" +} + +variable "wg_server_ssh_publickey" { + type = string + description = "SSH public key" +} + +variable "wg_server_ssh_publickey_name" { + type = string + description = "SSH public key name" +} + +variable "wg_server_own_privatekey" { + type = string + description = "WireGuard private key" +} + +variable "wg_server_peer_publickeys" { + type = list(string) + description = "WireGuard peer public keys" +} diff --git a/wireguard.tf b/wireguard.tf deleted file mode 100644 index 1fa7bb5..0000000 --- a/wireguard.tf +++ /dev/null @@ -1,35 +0,0 @@ -variable "hcloud_token" { - type = string -} - -provider "hcloud" { - token = var.hcloud_token -} - -data "hcloud_image" "wireguard" { - with_selector = "service=wireguard" - most_recent = true -} - -data "hcloud_ssh_key" "hectorm" { - fingerprint = "a1:92:f2:2b:57:5e:cc:9c:5a:0c:f4:33:79:db:b6:56" -} - -resource "hcloud_server" "wireguard" { - name = "wireguard" - image = data.hcloud_image.wireguard.id - server_type = "cx11" - location = "fsn1" - keep_disk = true - backups = false - labels = { - service = "wireguard" - } - ssh_keys = [ - data.hcloud_ssh_key.hectorm.id - ] -} - -output "wireguard_server_ipv4_address" { - value = hcloud_server.wireguard.ipv4_address -}