phfroidmont/self-hosting
1
0
Fork 0
mirror of https://github.com/phfroidmont/self-hosting.git synced 2025-12-25 05:36:59 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add hel1 server

Browse source
This commit is contained in:
Paul-Henri Froidmont 2024-12-05 01:57:40 +01:00
parent 2a426da0b4
commit 66c62a2e40
Signed by: phfroidmont
GPG key ID: BE948AFD7E7873BE
9 changed files with 401 additions and 82 deletions
Download patch file Download diff file Expand all files Collapse all files

12
.sops.yaml
View file

@ -3,11 +3,13 @@ keys:
- &elios 0C143D8AFF5FBCD2293897658E66EDB0546158DF - &elios 0C143D8AFF5FBCD2293897658E66EDB0546158DF
- &server ebdabf42731801d79db14c893639d8f0c7ff61ed - &server ebdabf42731801d79db14c893639d8f0c7ff61ed
- &storage1 7675e1c632a9a0644c6ab828dbcc48a5300773a8 - &storage1 7675e1c632a9a0644c6ab828dbcc48a5300773a8
- &hel1 0f0c4c2f9877cb8a53efadacb90613a2af502673
creation_rules: creation_rules:
- path_regex: secrets.enc.yml$ - path_regex: secrets.enc.yml$
key_groups: key_groups:
- pgp: - pgp:
- *admin - *admin
- *elios - *elios
- *server - *server
- *storage1 - *storage1
- *hel1

53
flake.lock generated
View file

@ -36,6 +36,24 @@
"type": "github" "type": "github"
} }
}, },
"disko": {
"inputs": {
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1733168902,
"narHash": "sha256-8dupm9GfK+BowGdQd7EHK5V61nneLfr9xR6sc5vtDi0=",
"owner": "nix-community",
"repo": "disko",
"rev": "785c1e02c7e465375df971949b8dcbde9ec362e5",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -70,7 +88,7 @@
}, },
"foundryvtt": { "foundryvtt": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {
"lastModified": 1726638033, "lastModified": 1726638033,
@ -151,16 +169,16 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1726447378, "lastModified": 1732238832,
"narHash": "sha256-2yV8nmYE1p9lfmLHhOCbYwQC/W8WYfGQABoGzJOb1JQ=", "narHash": "sha256-sQxuJm8rHY20xq6Ah+GwIUkF95tWjGRd1X8xF+Pkk38=",
"owner": "nixos", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "086b448a5d54fd117f4dc2dee55c9f0ff461bdc1", "rev": "8edf06bea5bcbee082df1b7369ff973b91618b8d",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "NixOS",
"ref": "nixos-24.05", "ref": "nixpkgs-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -182,6 +200,22 @@
} }
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": {
"lastModified": 1726447378,
"narHash": "sha256-2yV8nmYE1p9lfmLHhOCbYwQC/W8WYfGQABoGzJOb1JQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "086b448a5d54fd117f4dc2dee55c9f0ff461bdc1",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1717602782, "lastModified": 1717602782,
"narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=",
@ -199,8 +233,9 @@
"root": { "root": {
"inputs": { "inputs": {
"deploy-rs": "deploy-rs", "deploy-rs": "deploy-rs",
"disko": "disko",
"foundryvtt": "foundryvtt", "foundryvtt": "foundryvtt",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_4",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"simple-nixos-mailserver": "simple-nixos-mailserver", "simple-nixos-mailserver": "simple-nixos-mailserver",
"sops-nix": "sops-nix" "sops-nix": "sops-nix"
@ -210,7 +245,7 @@
"inputs": { "inputs": {
"blobs": "blobs", "blobs": "blobs",
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_2",
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_5",
"nixpkgs-24_05": "nixpkgs-24_05", "nixpkgs-24_05": "nixpkgs-24_05",
"utils": "utils_2" "utils": "utils_2"
}, },

29
flake.nix
View file

@ -2,6 +2,7 @@
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
disko.url = "github:nix-community/disko";
sops-nix.url = "github:Mic92/sops-nix"; sops-nix.url = "github:Mic92/sops-nix";
sops-nix.inputs.nixpkgs.follows = "nixpkgs"; sops-nix.inputs.nixpkgs.follows = "nixpkgs";
deploy-rs.url = "github:serokell/deploy-rs"; deploy-rs.url = "github:serokell/deploy-rs";
@ -14,6 +15,7 @@
self, self,
nixpkgs, nixpkgs,
nixpkgs-unstable, nixpkgs-unstable,
disko,
deploy-rs, deploy-rs,
sops-nix, sops-nix,
simple-nixos-mailserver, simple-nixos-mailserver,
@ -109,6 +111,29 @@
} }
]; ];
}; };
hel1 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit nixpkgs inputs;
};
modules = [
disko.nixosModules.disko
defaultModuleArgs
sops-nix.nixosModules.sops
simple-nixos-mailserver.nixosModule
foundryvtt.nixosModules.foundryvtt
./profiles/hel.nix
{
sops.defaultSopsFile = ./secrets.enc.yml;
networking.hostName = "hel1";
networking.domain = "banditlair.com";
nix.registry.nixpkgs.flake = nixpkgs;
system.stateVersion = "24.05";
}
];
};
}; };
deploy.nodes = deploy.nodes =
@ -132,6 +157,10 @@
hostname = "78.46.96.243"; hostname = "78.46.96.243";
profiles.system = createSystemProfile self.nixosConfigurations.storage1; profiles.system = createSystemProfile self.nixosConfigurations.storage1;
}; };
hel1 = {
hostname = "37.27.138.62";
profiles.system = createSystemProfile self.nixosConfigurations.hel1;
};
}; };
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;

25
hardware/hetzner-dedicated-hel1.nix Normal file
View file

@ -0,0 +1,25 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp41s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

28
keys/hosts/hel1.asc Normal file
View file

@ -0,0 +1,28 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBAAAAAABEADQKmE04ZeXN65PTt5cc0YAgBeFukwhP39Ccq9ZxlCkovUMcm9q
1Gqgb1tw0hfHCUYK9D6In/qLgNQ6h0Etnesi9HUncl6GC0EE89kNOANZVLuPir0V
9Rm7zo55UUUM/qlZe1L7b19oO4qT5tIUlM1w4LfduZuyaag2RDpJxh4xBontftZn
CS6O2OI4++/6OKLkn4qtsepxPWb9M6lY/sb6w75LqyUXyjxxArrQMHpE4RQHTCEJ
iK9t+z5xpfI4WfTnIRQaCw6LxZhE9Kh/pOSVbLU6c5VdBHfCOPk6xrB3TbuUvMpR
0cRtn5q0nJQHGhL0A709UXR1fnPm7Xs4GTIf2LWXch6mcrjkTocz8qmKDuMxQzY7
6QXy6A+rvghhOxnrZTEhLKExZxNqag72MIeippPFNbyOJgke3htHy74b9WjM1vZJ
9VRYnmhxpGz0af//GF6LZQy7gOxBasSOv5u5r//1Ow7FNf2K5xYPGYzWRIDx+abM
a+JwOyPHdZ9bR+jmB5R9VohFECFLgjm+O5Ed1LJgRX/6vYlB+8gZeeflbZpYYsSY
/EcpsUKgtOmIBJT1svdjVTDdplihdFUzWfjL+n2O30K7yniNz6dGbXhxfqOVlp9R
6ZsEdbGTX0IGpG+0ZgkUkLrgROAH1xiOYNhpXuD3l6rNXLw4HP3Mqjp3FwARAQAB
zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT
AQgAFgUCAAAAAAkQuQYToq9QJnMCGw8CGQEAAKIEEAAl4oKgMCXYorPbOR7Lqvy6
Qe2ooEkUAcW26NYXzu12KNVEn6fEsz7xWFvplXOI0dzkWP6fb1J/VBv178iQ2nRw
NuVtwiD78IaEINQ2BaiZQ5TJnn1Rl46vIf35YlhVdkdyzy+P0nK3rgG+X+xCv+pK
VL+V9rELxBUhcshMdRIEc64Xvwo5RW6PqRoGPJwpvYgeV4cLkgkI4k0B59iKPY0T
9euLXPrD4qFSX1BXsRI8y9yRdSJFlsc7oMnouWhjKmfTTU5vyHBhs3v9HwljZZTE
voMAMLzfLCQIQ7fyVcqbG/ofPgW9s5GLhg5IK5gdvo6N+MlJDiEVMefNR9kx5ei6
RdbQtuWrWUMzQzFTfA0upC+IE13rVQCXgqsPfUMEeovIoSuNbU9FeNOzcZkrG+NB
3KzAP9UcSqqupfOTKSQv+LlVtn6AtBaFCw3A2vZP/XoJV6KStaTbTG1PlhcY7zsy
o1nit8mRyBM9dbLFJmsiMhDpK75uLUlD1PL7ptliisMA8snn7QLdrnrOsxhbbFTs
ilZge3p1AtCQ8uj2uAKPqmE1QhgJP7cS3Hm6mtXKJoy5njpQBY+L5GIqfeDcMtcp
ZQ11yL/7RN/mIyGOevAabpdP2ZCoODlVBmeRkUKTqES3/HT5cknSHAL9czSiOyvf
aYj2vswzlyELMoIOMmRo3Q==
=PRcK
-----END PGP PUBLIC KEY BLOCK-----

14
modules/monit.nix
View file

@ -1,7 +1,14 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
let cfg = config.custom.services.monit; let
in { cfg = config.custom.services.monit;
in
{
options.custom.services.monit = { options.custom.services.monit = {
enable = mkEnableOption "monit"; enable = mkEnableOption "monit";
@ -15,7 +22,6 @@ in {
sops.secrets = { sops.secrets = {
monitMailserverConfig = { monitMailserverConfig = {
owner = config.services.borgbackup.jobs.data.user;
key = "monit/mailserver_config"; key = "monit/mailserver_config";
}; };
}; };

165
profiles/hel.nix Normal file
View file

@ -0,0 +1,165 @@
{
config,
lib,
pkgs,
pkgs-unstable,
inputs,
...
}:
{
imports = [
../environment.nix
../hardware/hetzner-dedicated-hel1.nix
../modules
];
time.timeZone = "Europe/Amsterdam";
disko.devices = {
disk = {
nvme0 = {
device = "/dev/nvme0n1";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
mdadm = {
size = "100%";
content = {
type = "mdraid";
name = "root";
};
};
};
};
};
nvme1 = {
device = "/dev/nvme1n1";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
mdadm = {
size = "100%";
content = {
type = "mdraid";
name = "root";
};
};
};
};
};
sda = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
mdadm = {
size = "100%";
content = {
type = "mdraid";
name = "data";
};
};
};
};
};
sdb = {
device = "/dev/sdb";
type = "disk";
content = {
type = "gpt";
partitions = {
mdadm = {
size = "100%";
content = {
type = "mdraid";
name = "data";
};
};
};
};
};
sdc = {
device = "/dev/sdc";
type = "disk";
content = {
type = "gpt";
partitions = {
mdadm = {
size = "100%";
content = {
type = "mdraid";
name = "data";
};
};
};
};
};
sdd = {
device = "/dev/sdd";
type = "disk";
content = {
type = "gpt";
partitions = {
mdadm = {
size = "100%";
content = {
type = "mdraid";
name = "data";
};
};
};
};
};
};
mdadm = {
root = {
type = "mdadm";
level = 1;
content = {
type = "gpt";
partitions.primary = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
data = {
type = "mdadm";
level = 10;
content = {
type = "gpt";
partitions.primary = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/nix/var/data";
};
};
};
};
};
};
custom = {
services.openssh.enable = true;
};
}

148
secrets.enc.yml
View file

@ -74,85 +74,105 @@ sops:
lastmodified: "2024-09-11T18:58:46Z" lastmodified: "2024-09-11T18:58:46Z"
mac: ENC[AES256_GCM,data:NeD6/1DBlvW9vyReJJVBb8YY8qnMPZE0pobvNNdq/0dJKQfnAEndEokqWrRCuzd8oFuMbSmb4CDMX3N6r6nypGi4MMeeBAxPqlHO8aHAZ+XSrAh0XPNmcUnTYUP/zhJA9mp2fyWWgQT4gMEQslKVHDiCd68yOrj2wOr9Nx4CW8Y=,iv:eUyv6w/hXdxGg/1y2CU/WjEivzctCKO3Yw66ToEolH0=,tag:nFh240Xx1+dtLpz9P4U6gA==,type:str] mac: ENC[AES256_GCM,data:NeD6/1DBlvW9vyReJJVBb8YY8qnMPZE0pobvNNdq/0dJKQfnAEndEokqWrRCuzd8oFuMbSmb4CDMX3N6r6nypGi4MMeeBAxPqlHO8aHAZ+XSrAh0XPNmcUnTYUP/zhJA9mp2fyWWgQT4gMEQslKVHDiCd68yOrj2wOr9Nx4CW8Y=,iv:eUyv6w/hXdxGg/1y2CU/WjEivzctCKO3Yw66ToEolH0=,tag:nFh240Xx1+dtLpz9P4U6gA==,type:str]
pgp: pgp:
- created_at: "2023-10-17T21:02:13Z" - created_at: "2024-12-05T00:56:17Z"
enc: | enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQIMAy9TuQ4zAbDHAQ//cPpyfr5azm4DvHUvRTagNA8/V6usl0vlnZ7CO+vCdGr8 hQIMAy9TuQ4zAbDHARAAi+7vgkuN1cykzeuKwUJtOU+Cv9wKkWAemJfKLZdjmGZs
a0prKLhyeNKie3pt+KDyvGXJOirW0yFA5mMIw/so1OFvHo5FoM/fvIKVR57wsgDk vTG2LTZZC5uty9oimSmLGfnCi+fvBF607vGtVAr8JCXOKKmzvxesBJKTEUSlq8yx
atO2SqK8/1IWGGT+5PG74Xb56m7TKtNIM20G11MC9WBj3xcgdSwFxRztJjsnmV5D hlB8kANVZRT7AFj3/7PfWWkXDuFv+xtE9AnHFoSUsnp85mci9wPCnCJz42/+EM7+
eCxYfbFpIbgA9adYP+flb6XBbaw8eVs9uAyCgki6eXOb7L7j0GFDVXtgXxJUUoFK iI6OeNk/N5R2vtvCcsdAEGS9zJFBO0Vs7TC0yeJSwWQbOmuFaYqYrjojMWIuVlxj
zTnqQIFmFHNTtCuTfsbkrQRDG3DKfh5lnRYrtN9KDMGZ4/o372NL0yt31Lbpwo76 NlDl+IMkEHS2HEVO2kW0U5QqhlacFjGa0YoukFj6A/GbY+EiSIEHTkARpdp6tdvS
cxA+jsiVD2aPuBotMq8+ryH32totEl2bxug1CIFnwcOpbXVg3N4pVFYv2Xi/h7By GwvGmfcKMAR/NPljU1vc0u3izc2P6VjywuQnTdbgNjecaIOUn+uZcqQdVJX+o9nM
FAypkc4Zo/oygz7342dKI2NopCwEiWwsksaPuxpzTdy6MIPm8N7TG1+DesdVkveh dcQiLXGCIqwx2sRCjc+v3MqPzABrh5B5hPKQQw36X+ErETm6HDewfc+/RnBJu0wE
UM5gUtoizgYVbGaY2EQnQKg9WdyyA2aZSfiQ2wrkkr57wogVQE3SlXKU86MXIVup c9jglwYQK9MRFXqSp2NUjPnUzSwZdm2OIPhPyGZwZbIgPQ9Fe24cabUm0Et3q44R
L1IJ2u+ftWeJfgLmbGHxOXqvEg+CPegXGU1KhVth08+ng4NzP1wpfa4eG+OMF6xI UhSmpCk5yTLB1bJw9+1p6F90u4HlgB6boi5djWalg74oIFzPT7/i1y7PdNAySIJV
f/0p1mMftkBANLxEjy51tmB2dKndhT4/RcJYjQFOap2yPQzeCUNxyYxfaGqIBp4C tcGyO3gP9qMHevjpt1RiVYnI7qVSR08JGLAitHSMGKxbzyQctB5xUp8c9Q3XNJg5
ONuKxh9eEh3gLO/Ns3ljru0BhZj0ERM6E9vTFf4Y9T1xxcdFs3x30OfDloQfpqzS okOgprxeXuunWEbDW2SS3vZlXfngWm6R04fK2+dXGf2RvsYta0fJdiexG2qHyhjS
XgHlgyFyeex/+yT2/4ZxRAw1Vnmp3v/8PrVuiJ6PP7Y/pqBvzeIKRCA64pzFDaWy XgEMLW9RcQmOy4LXssq53noxZK43rw4+T0t2Bll1GuTUU0S3G2n06Eoidaro0EX1
jcX+BqVItgDS2zNnhd80u7tkCXAM6YCxjJ8eUG+mfjjnGmocDHQlUIG3urXvw1Q= ix1iBBrh9oFlNB+mGPvaLgX+Hgm8KJL/qQLNLvvAhSqBDeq3J4/hZNoQ/snJh6w=
=DFju =4gW6
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 3AC6F170F01133CE393BCD94BE948AFD7E7873BE fp: 3AC6F170F01133CE393BCD94BE948AFD7E7873BE
- created_at: "2023-10-17T21:02:13Z" - created_at: "2024-12-05T00:56:17Z"
enc: | enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQIMA5qa+llcB15aARAArAdqZxR2Ot+g0+c2BxsOeq8OTmHii23K51MSNZrNkjhB hQIMA5qa+llcB15aAQ/+O6rgxmaXePhf+8LKih2Cy6D3goHBIFmcmFZmXHjad2vb
z0DQbvGM7lf/v+T+dDIGlEZcWsP9BvMZQnKQk2Ml3ovewTZj3BG6zPmRcB2nLjyr 6aVkp7uwFsoWIKASe31sk1hPlIu2X2MM6OwhYL+MZA0ak0gi2+utmjIH4iNEFRWP
A9RivmVghWq12doHOiWe3oNQGc8WiOZjSVVt0JqS/1bRU45iejK/YkgcJUiNq0EB wH0uWvIoXI+KyXyzIHs0Y7kZlfWmm8N3yMNbqkjweI2H0vNvly4Hx1WXd/ZKtLaD
Hm0IaEm73iCX3YkVh+UWzqMVuf/12/6VJfiEz4HN1ki9hmHNBUSRsf9+358yt4Xt ER4z/CNmh9SMFhY+ZHLEfG6XdVdyO6gckHE4NdDntEPL6nPf1Q3daAqd6Go8St4E
LPZEh1xEP9XU0aB13p1t2784K0qTB8Ciubga6dovoYaY3ynYHcuRN+cg/pVRIF6Y M3+Kcc5tPAMKIq73Rs4RDpwC9vF8xhqq0i1zAC6LEUqvo7ocKwm3+DbWyy1bKYsJ
jLFrYESxGoBz699gq3UXw/b388kwo4/ZXDD4+7/ze0IqqF+ZgMQsjKGFwOCT8xPt xgFq8Hyc/bFb8t34YO/kX6tET8OffP2W2YROUMp8VC7ImCtNs00sdBrfH3xwDuWp
bGmtmpln725ygeOU0EBENWSZwUL8KUQFyDy9hYiP09uX9gs0UBdZr1gxQKpdPBCy CpFdWXZVOSTQ9UAKBA+z+uOP5KuA1E/7Wn33GQcQi764JhMSqIOW87WmcDQsopbr
TCIbtUrvPZIrJYQVwMzcuXxnlKpn88tgIgOUOfoEEodOglX5WRwGhYruvPWfmMG1 iHOHtF6ZGoC3dc+D9nSXeCDXrsIJopjv6R5ulhlQEGCMR4/5LgihR5DzgDZDqtYU
CnHOu2OKv34nD/IttjTSuue7DNf57xmg79PQHQybOj4wsXL6rqnvlCfD4nTQ4LB/ 4IRPuCfe3Ht5hQo3b9nxIaF4rmMKgATaKXZx7Z6/tsNnvhnX7Uj+tk0XoBj9Z2j7
+PJhE4JO4NnnP5FAIu7I/SMCSuGeLzEjLQiRMhNqWxy792ErMLKxaoTef0j1l2+a f9w1RLyFqQi4hUsr5Js9BSviJOT1qK1fZmJcjEN3S3WKPQCKSV/Pety/7XuznCD8
SD7hDvbyxVCj56GlPUDG8r/Jm3z9hGsve4Z2SOMx4ejka6tb9qayLlBEDVlrOSbS dRAnYrrbraKFCgxzofdihIID5eTK+lvzKYqQyyJyQRga6ejuU9S90VVPDWMUynHS
XgH7GGx2qMOBAIogQwqPgt5/5sNS4h1BbnVU2JqLTU4ijjZGAIirWB8987HLl+Ki XgF4mXtEVZdezkHrmxVm6SR19FWSmg8IqjalYFcC4B10UgGO50WJawplbyWlelQL
3wVq5nu8DKtWDWJAWNaV+8tFwKm4oAvVrjQiWrDqXVm1ktdbPjqMBsaBoxq4xEA= JSLJhBpgNUCgW5lwVC5jnWEK6EsldxV5XEt/MGaB21tQszyb8sIwWmvL0j7bdQ8=
=vWn1 =IgVs
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 0C143D8AFF5FBCD2293897658E66EDB0546158DF fp: 0C143D8AFF5FBCD2293897658E66EDB0546158DF
- created_at: "2023-10-17T21:02:13Z" - created_at: "2024-12-05T00:56:17Z"
enc: | enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQIMAzY52PDH/2HtAQ/+LXLXYRm5OFWCsCePh5oPMMjBfbufF2nXAP3kD0tzxplR hQIMAzY52PDH/2HtAQ/+N6pyPr8DT6/TQ8OX1eq9RdJhGyT/87TJaJ2TCUxDIS9n
X218fw//t1TO489J6LuvHMu+rYb3ovrnoCbi6gJ5fArdJotaHnvdAvEX00mr8Oqr eIdxIRI146RWCxSnRwpVHjt8OZgW3uiW6iaqB77SW3jYV8sW9Iigz9cNcmBxXJza
AA6i4PiR1Cy/JfaOtt0sw3D86AO9oj/tUyU9H5HgADnmlaEFEyhoQBh9Dptngm0c b5ERY2BxEZU9bDHFrKhxiS3aZj/v/8ICPIEPQ3nXAZ1uWwH5jUoYTjIhkcLIIk1z
eJtsfis4NkhQcGrJbPChfV9xKdB+uPGWnzueMMN14QaJGNEXUWF6b+o78l1yJHlo e9AHOVtsTXM3jFm6XbZ4vDlwqGq/s2vvmirJvpGgAl8yvrRjnboBKHD596ql7hhy
ATWomDx/i0PsMnoZEIiEPC5e78vOlvjz99UWNDCF+h9A+n0IcW10vNomAeKHAn/+ UgsxUtm/VYthHHj+KK2PCAoWijRK8ltUmRi8Q6d2rNM1Lk55LBGQabzCSncDtf7y
rCoWDm9v15Wi34c2CX2wrzQzVSspyMq1cMhnM/B/Wx/Qx0acsbeBDwtZhO/5AUo7 rhHIhx8F95AogXLHMK/verBbWv/ooSBdjaeJ4ZOOjBbS1DNsForgk4+CpOPvt4o7
92LXdWDbIkAInc1hQlFDbIyjXBXlHswHlddRRKu8AkmWddNO3Y3b3Ry6ngYZRsye LnKA9p8qtanGln0lLoNh5vsMS8/4GEjR6ADwuxZirLj5ql/7LGC+TU2jsLxSq1OU
im0GQgoeQ4pXplDNgaa8SBZGM4FeGJOsKpjz4F6KqM69/cXcU+rBSjM2PJW8u6c6 P2L0AcRqyEr4iBtmE9qbs9T+IZO0Zd5gekZwvXNM7idAcUjo1wPa7Y5Fbxo9vLWU
0dU7uLB5Dj9yBbm2OElRzSunXUUQR1be685M/6XRAP1Q4iCJeSvrrwZEiNIo+RkJ ommS5+66Izceaq3v3ULBnXH+xH7XTMi1Q/BFRfDUVN3/LZf86NHo/Y42y7QXeUmT
v0kXafeP3yrKzm0bOjFaOu5fUEq0TToL9a9oaTrmphVPabQP6f8DSjbuEPEuk0ZK IoiemJf7jVs6tZ9WdWcTdwHotF2cwMt9wR/gC02idpNfKlalTbiT2CopMkDLA3cj
b+07tLUf2AVYEu4sc7qWzSnJ7pR4sXMmsT9EGTzgn+3hbKuPoh7SzELUL7uOlxXS MXrhhLPbfYzQTa3Q2RgXQnDPpmHCQIS1YThDvvMYFw+wsHXTK3Ro7XIMeBwAx1fS
WAEReljgvKK4QePcREdSW4dnonl+/oLkUrhWzGteznllkZrlEEKKQnKWhVCFMyBb WAHOgSXRuLq2oxWwa7mLpiPJtt20s2Jv6tti4QVsGlYQv8N/MuG1WYY0Ia5QB5MK
YkPWkIbC0QoUy/kt0FtCWBXS3vOYsXUn4LQMfOOF6E03ZXp22szrqjA= ObwTV2d5TQf1HzOMxJSPoQhBVIG9RfFNl05yEsEX3gilW/W1145Ccis=
=SuxA =rwo0
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: ebdabf42731801d79db14c893639d8f0c7ff61ed fp: ebdabf42731801d79db14c893639d8f0c7ff61ed
- created_at: "2023-10-17T21:02:13Z" - created_at: "2024-12-05T00:56:17Z"
enc: | enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQIMA9vMSKUwB3OoAQ//XAnABB7d+yji4afNAb6xWS4FmwYE4meeQXE+W/lEdwA8 hQIMA9vMSKUwB3OoARAAg5AjFBPNqO6vD57hZys+Q2px1RDEqbEYdBg1RjuYNrdQ
NOr3JYl3CdE+U5OZxlgLi/QzqvvIDFRQJ/EAo3f+s8uc6WgZOEonA+lzakdMWjTR MuWpxpljglxeFC38Bk+yjCT3rBHfJ+5bYLOb7Wre5dri6QZS4gEqFHfn//rehCyM
0C9J70t+S4xpLO4UtHXpo5p5HQIVEqX4e8u0J3jxK7PnHL0v+wTH8EW2UcD3K+/h 5PX0lbjfxq/Bbcdrh6MWbddqv8ntA3dB2fJKJk5EORjuQIN4PgwJRasciVcQMtED
Pvs5fqFExV6fk2KDaXJ6OUqoc1Ni/mh9NhXxu5fyoKU33de8nMxnCFg6/zrOoAzq uCrTUkARTz0VNwEHXN87c/etl9nE7Jdba7mdPAIL0QjOOivg2qdZwM+PK8R1/k3Z
djwKxO4KTd9ma7r2T3dHQzTZ9FpAMINJldumYv72Owy98FBYKf1//hkMAaUGVxOI 2nCJQ6tzZl6GTESA/NMSq+TOWz8rOzqLm0VYvf6tsVRXaoK/nN/kuwZwwequqlD/
XucWbE/RUnKqxRkZ5fy/6IbNWPi6zsohmUE9UXAezknmgvjBNH13d7Wtu3nI2+iK o75BpXfapz7KizPVb4wk/qvOXVKsYCWSAsg110g0lPo4ucF3F4+qAsC3Pyoutg5X
WsE0acjiLZyBaxoJyl7wWYNvLswEk7UoA2WI9yZ5nJXWC84r97VrBgTWY1rF9ENm zxzetAamSTZHdPE8PSc+14ZaGL3wHtTIYaVjhYmFrwSSJAQiqYx5QnhiVxn8SchR
zWXucF9AEDiPRLIeI3MbtB3dzjfyXvReGOJeMf/iLfS9LzPYnigQE9PKCxLrVmXL 9d4MA8tNaGkMbMeO3RN58GcVZ/IdMbE/00NFKp2bMmzCNVvBRy1KpntvPyJJzdXx
GFJOfs3+bLXb4Pm6Ng7Vq8vueAyXKPNIM/5Z8gEy9BWY7PLysh5fXXYOfOhan5AR tNCZias1wr+iQL/OteNzFu8zylx+ThEe+gJ3eQqKhijxjNZKkUpxNFSvN22TP49l
EdbabpOZaTCwD5Mme2+F2ODq1lkjZTN0UN/i7/hcFSu4SBa1H8ASodh8+o2tFOrS Zt7pUJGBTohXktZx6cXXm3+G9PAA7jcCwJcRRNTRynu5IlCMhjs86JYck4TjWs/i
5OyHpZH7+hZJPycmF8eZPQ7ex8PkCNBS4R3tAgOPlncFS0+z+pXamdYU2m6I08PS 7WSSH5WmXJ4kvp9dOgKziDVfEYDaSgvQblA/VePpA7oAVs6Z+B+mAz4hBtEGq+XS
WAHG7VKUmZeobTKEOqAsk7vZunRz23ddey4ftMDUHWbV0LlIsiQ9sEmmY3ECjdwZ WAGeIpfiBk+wttj4Zncd2Z8oImYRfObO6yWICmWy8QniZ7eUzp+kvbYxQKLQ8MxS
SoiEFF2Q1lWCJLfny4XliJk2fZd5fl/gF966O0O5Tc8/NIGx0yFo/rk= tcQRDJMGzpSG2xTib8dd0tzXdkNTaDQDCVKMh0luWN6c0817Ifl9m94=
=skdX =sY/S
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 7675e1c632a9a0644c6ab828dbcc48a5300773a8 fp: 7675e1c632a9a0644c6ab828dbcc48a5300773a8
- created_at: "2024-12-05T00:56:17Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQILA7kGE6KvUCZzAQ/2OzBwKKR2gK/xglvZ+ATqnZFDN6spJpeR8M8lq//1kFdb
cC/Lh4Pg9uFgQc0pfCbImbn+JC15Zs63cIlAt+BqUAZASLIE2rEuSjU6vyJbrDo4
7b4giDThXkM8bMwtxyyfwM9MczNJSv64qlxG4DFI/akylu/arhyicDyvGNr+r0CS
i2/vG6/7fimDpm3EaXUWAMtPVeZgWEp6u89/WsL8G4YbB77GMn9sm3cEKiSGftfq
5tOu+wZ3rmuLn0pspCkZk0IdARmI59Oi28u5ACm8x6ouH8HNtAVmwqG3sETMxZvs
G2MUsve4EUXg0taOXu2CNWM+YD63r8gg/T36f8SRTd6cEZEQ9rWRW3iJ2ZTMhm5n
AHkZvtmD+fzBLkJ9tCjXsvBoh+k2c/zbe85ZmI4x6VPIHK9E1sgLTer6/6fsqFBZ
V3tRN+gysiWrWFzNG4TVD/nH3ITamJ3NcTQsxtigRaIb8vRe2fj4mXGEony0Tqyx
tX2cEmp2Oeqz6HRnja/Oy9j+2R2INgIRrkWsfp3Zj+8XCFIG+2S4vHY8guORNj72
NnZESb8HpMONSUraKtb5DrOPTzJFczR4XXcZEC9qQ2PQJbGCdo1NNNqULJoL5DDg
Z4PCew4EdoLFPYw13IBZKiqA6fTGMXs5UnIt4KDIso3H2WyAM2oAIg1Z0NLW6tJY
AasCqH6ZXIr6tKWdUMpZESYtmHIOQjWd4fhPzmEJDKbN+nY1aiHXstOgom0K7Qhi
LcW3woj9hLmwBpkdUrX3JYmrqTME35d9Y47TRMqjI/iEoPUO4+/jsw==
=iXDv
-----END PGP MESSAGE-----
fp: 0f0c4c2f9877cb8a53efadacb90613a2af502673
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

9
terraform/dns.tf
View file

@ -2,6 +2,7 @@ locals {
dmarc_value = "\"v=DMARC1; p=none; rua=mailto:failed-dmarc@banditlair.com; ruf=mailto:dmarc@banditlair.com\"" dmarc_value = "\"v=DMARC1; p=none; rua=mailto:failed-dmarc@banditlair.com; ruf=mailto:dmarc@banditlair.com\""
storage1_ip = "78.46.96.243" storage1_ip = "78.46.96.243"
storage1_ipv6 = "2a01:4f8:120:8233::1" storage1_ipv6 = "2a01:4f8:120:8233::1"
hel1_ip = "37.27.138.62"
} }
data "hetznerdns_zone" "banditlair_zone" { data "hetznerdns_zone" "banditlair_zone" {
@ -60,6 +61,14 @@ resource "hetznerdns_record" "storage1_a" {
ttl = 600 ttl = 600
} }
resource "hetznerdns_record" "hel1_a" {
zone_id = data.hetznerdns_zone.banditlair_zone.id
name = "hel1"
value = local.hel1_ip
type = "A"
ttl = 600
}
resource "hetznerdns_record" "grafana_a" { resource "hetznerdns_record" "grafana_a" {
zone_id = data.hetznerdns_zone.banditlair_zone.id zone_id = data.hetznerdns_zone.banditlair_zone.id
name = "grafana" name = "grafana"