From eced0aac2dfe6634147af6b17ac8b0b22d84d7bf Mon Sep 17 00:00:00 2001
From: Paul Walko <paulsw.pw@gmail.com>
Date: Sun, 13 Dec 2020 15:55:46 -0500
Subject: [PATCH] add dynamic dns + update for k8s

---
 ansible/README.md               |  2 +-
 ansible/main.yml                | 61 ++++++++++++++++++++-------------
 ansible/templates/gandi-ddns.sh | 44 ++++++++++++++++++++++++
 3 files changed, 82 insertions(+), 25 deletions(-)
 create mode 100644 ansible/templates/gandi-ddns.sh

diff --git a/ansible/README.md b/ansible/README.md
index fa5b9ba..60d0c1f 100644
--- a/ansible/README.md
+++ b/ansible/README.md
@@ -1,4 +1,4 @@
-Usage: `ansible-playbook main.yml -i hosts.cfg --limit=cabinet`
+Usage: `ansible-playbook main.yml -i hosts.cfg --extra-vars "api_key=GANDI_API_KEY" --limit=cabinet`
 
 Assumes:
 
diff --git a/ansible/main.yml b/ansible/main.yml
index b147b1e..cab1363 100644
--- a/ansible/main.yml
+++ b/ansible/main.yml
@@ -22,6 +22,7 @@
           - oidentd
           - rsync
           - smartmontools
+          - snapd
           - speedtest-cli
           - tmux
           - unattended-upgrades
@@ -117,6 +118,22 @@
         mode: '0644'
       notify: Restart and enable smartd
 
+    - name: Copy Dynamic DNS script
+      template:
+        src: templates/gandi-ddns.sh
+        dest: /usr/local/bin/gandi-ddns.sh
+        owner: root
+        group: root
+        mode: '0755'
+
+    - name: Add Dynamic DNS cronjob
+      cron:
+        name: "Update dynamic dns"
+        job: /usr/local/bin/gandi-ddns.sh
+        special_time: daily
+        user: root
+
+
 ### Router
 ##- hosts: router
 ##  become: yes
@@ -142,14 +159,11 @@
         name:
           - beets
           - nfs-common
-          - wireguard
         force_apt_get: yes
         update_cache: yes
 
     - debug:
-        msg:
-          - Manually do wireguard config https://wiki.debian.org/Wireguard
-          - Manuall do beets config https://wiki.archlinux.org/index.php/Beets
+        msg: Manually do beets config https://wiki.archlinux.org/index.php/Beets
 
 # NFS core config
 # ASSUMES /bigdata IS CONFIGURED (make sure dir is 755)
@@ -205,7 +219,7 @@
 - hosts: compute
   become: yes
   tasks:
-    - name: Install Docker + compute dependencies
+    - name: Install compute dependencies
       apt:
         name:
           - apt-transport-https
@@ -218,13 +232,12 @@
 
     - name: Mount bigdummy /bigdata via NFS
       mount:
-        src: 10.200.0.202:/bigdata
+        src: root@10.42.0.202:/bigdata
         path: /bigdata
-        fstype: nfs
-        opts: soft,nodev,nosuid
+        fstype: fuse.sshfs
+        opts: reconnect,allow_other,_netdev,nonempty,IdentityFile=/home/paul/.ssh/id_rsa_fast
         state: mounted
 
-    # Might require running manually mounting
     - name: Mount vtluug /media via sshfs
       mount:
         src: pew-media@dirtycow.vtluug.org:/nfs/cistern/share/media
@@ -233,28 +246,28 @@
         opts: reconnect,allow_other,ro,_netdev,IdentityFile=/home/paul/.ssh/id_rsa_fast
         state: mounted
 
-    - name: Add Docker GPG key
+    - name: Add HAProxy GPG key
       apt_key:
-        url: https://download.docker.com/linux/debian/gpg
+        url: https://haproxy.debian.net/bernat.debian.org.gpg
 
-    - name: Add Docker APT repository
+    - name: Add HAProxy APT repository
       apt_repository:
-        repo: deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable
+        repo: deb http://haproxy.debian.net buster-backports-2.2 main
 
-    - name: Install Docker CE
+    - name: Install HAProxy
       apt:
-        name:
-          - docker-ce
-          - docker-ce-cli
-          - containerd.io
+        name: haproxy
+        state: present
         force_apt_get: yes
         update_cache: yes
 
-    - name: Add paul to docker group
-      user:
-        name: paul
-        groups: docker
-        append: yes
+
+    - name: Install microk8s
+      command: snap install microk8s --classic
+      args:
+        creates: /snap/bin/microk8s
 
     - debug:
-        msg: Clone docker repo to start services
+        msg:
+          - Start/Configure haproxy manually
+          - Start microk8s manually
diff --git a/ansible/templates/gandi-ddns.sh b/ansible/templates/gandi-ddns.sh
new file mode 100644
index 0000000..daa8190
--- /dev/null
+++ b/ansible/templates/gandi-ddns.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+APIKEY={{ api_key }}
+NAME=$(hostname)
+
+IPV4=$(curl -4s https://icanhazip.com/)
+IPV6=$(ip -6 addr | grep mngtmpaddr | head -n 1 | awk '/inet6 / {gsub(/\/.*/,"",$2); print $2}')
+
+if [[ $NAME == 'fogcutter' ]]; then
+  # apex (doesn't really matter which host this is run on)
+  curl \
+    --header "Authorization: Apikey $APIKEY" \
+    --header "Content-Type: application/json" \
+    --request PUT \
+    --data "{\"rrset_values\": [\"$IPV4\"]}" \
+    https://api.gandi.net/v5/livedns/domains/seaturtle.pw/records/@/A
+  curl \
+    --header "Authorization: Apikey $APIKEY" \
+    --header "Content-Type: application/json" \
+    --request PUT \
+    --data "{\"rrset_values\": [\"$IPV6\"]}" \
+    https://api.gandi.net/v5/livedns/domains/seaturtle.pw/records/@/AAAA
+  # fogcutter (for web apps)
+  curl \
+    --header "Authorization: Apikey $APIKEY" \
+    --header "Content-Type: application/json" \
+    --request PUT \
+    --data "{\"rrset_values\": [\"$IPV4\"]}" \
+    https://api.gandi.net/v5/livedns/domains/seaturtle.pw/records/$NAME/A
+elif [[ $NAME == 'madone' ]]; then
+  curl \
+    --header "Authorization: Apikey $APIKEY" \
+    --header "Content-Type: application/json" \
+    --request PUT \
+    --data "{\"rrset_values\": [\"$IPV4\"]}" \
+    https://api.gandi.net/v5/livedns/domains/seaturtle.pw/records/$NAME/A
+fi
+
+curl \
+  --header "Authorization: Apikey $APIKEY" \
+  --header "Content-Type: application/json" \
+  --request PUT \
+  --data "{\"rrset_values\": [\"$IPV6\"]}" \
+  https://api.gandi.net/v5/livedns/domains/seaturtle.pw/records/$NAME/AAAA