add dynamic dns + update for k8s

2020-12-13 15:55:46 -05:00 · 2020-12-13 15:55:46 -05:00 · eced0aac2d
parent ab5ab8a299
commit eced0aac2d
3 changed files with 82 additions and 25 deletions
--- a/ansible/README.md
+++ b/ansible/README.md
@ -1,4 +1,4 @@
-Usage: `ansible-playbook main.yml -i hosts.cfg --limit=cabinet`
+Usage: `ansible-playbook main.yml -i hosts.cfg --extra-vars "api_key=GANDI_API_KEY" --limit=cabinet`

 Assumes:

--- a/ansible/main.yml
+++ b/ansible/main.yml
@ -22,6 +22,7 @@
          - oidentd
          - rsync
          - smartmontools
+          - snapd
          - speedtest-cli
          - tmux
          - unattended-upgrades
@ -117,6 +118,22 @@
        mode: '0644'
      notify: Restart and enable smartd

+    - name: Copy Dynamic DNS script
+      template:
+        src: templates/gandi-ddns.sh
+        dest: /usr/local/bin/gandi-ddns.sh
+        owner: root
+        group: root
+        mode: '0755'
+
+    - name: Add Dynamic DNS cronjob
+      cron:
+        name: "Update dynamic dns"
+        job: /usr/local/bin/gandi-ddns.sh
+        special_time: daily
+        user: root
+
+
 ### Router
 ##- hosts: router
 ##  become: yes
@ -142,14 +159,11 @@
        name:
          - beets
          - nfs-common
-          - wireguard
        force_apt_get: yes
        update_cache: yes

    - debug:
-        msg:
-          - Manually do wireguard config https://wiki.debian.org/Wireguard
-          - Manuall do beets config https://wiki.archlinux.org/index.php/Beets
+        msg: Manually do beets config https://wiki.archlinux.org/index.php/Beets

 # NFS core config
 # ASSUMES /bigdata IS CONFIGURED (make sure dir is 755)
@ -205,7 +219,7 @@
 - hosts: compute
  become: yes
  tasks:
-    - name: Install Docker + compute dependencies
+    - name: Install compute dependencies
      apt:
        name:
          - apt-transport-https
@ -218,13 +232,12 @@

    - name: Mount bigdummy /bigdata via NFS
      mount:
-        src: 10.200.0.202:/bigdata
+        src: root@10.42.0.202:/bigdata
        path: /bigdata
-        fstype: nfs
-        opts: soft,nodev,nosuid
+        fstype: fuse.sshfs
+        opts: reconnect,allow_other,_netdev,nonempty,IdentityFile=/home/paul/.ssh/id_rsa_fast
        state: mounted

-    # Might require running manually mounting
    - name: Mount vtluug /media via sshfs
      mount:
        src: pew-media@dirtycow.vtluug.org:/nfs/cistern/share/media
@ -233,28 +246,28 @@
        opts: reconnect,allow_other,ro,_netdev,IdentityFile=/home/paul/.ssh/id_rsa_fast
        state: mounted

-    - name: Add Docker GPG key
+    - name: Add HAProxy GPG key
      apt_key:
-        url: https://download.docker.com/linux/debian/gpg
+        url: https://haproxy.debian.net/bernat.debian.org.gpg

-    - name: Add Docker APT repository
+    - name: Add HAProxy APT repository
      apt_repository:
-        repo: deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable
+        repo: deb http://haproxy.debian.net buster-backports-2.2 main

-    - name: Install Docker CE
+    - name: Install HAProxy
      apt:
-        name:
-          - docker-ce
-          - docker-ce-cli
-          - containerd.io
+        name: haproxy
+        state: present
        force_apt_get: yes
        update_cache: yes

-    - name: Add paul to docker group
-      user:
-        name: paul
-        groups: docker
-        append: yes
+
+    - name: Install microk8s
+      command: snap install microk8s --classic
+      args:
+        creates: /snap/bin/microk8s

    - debug:
-        msg: Clone docker repo to start services
+        msg:
+          - Start/Configure haproxy manually
+          - Start microk8s manually
--- a/ansible/templates/gandi-ddns.sh
+++ b/ansible/templates/gandi-ddns.sh
@ -0,0 +1,44 @@
+#!/bin/bash
+
+APIKEY={{ api_key }}
+NAME=$(hostname)
+
+IPV4=$(curl -4s https://icanhazip.com/)
+IPV6=$(ip -6 addr | grep mngtmpaddr | head -n 1 | awk '/inet6 / {gsub(/\/.*/,"",$2); print $2}')
+
+if [[ $NAME == 'fogcutter' ]]; then
+  # apex (doesn't really matter which host this is run on)
+  curl \
+    --header "Authorization: Apikey $APIKEY" \
+    --header "Content-Type: application/json" \
+    --request PUT \
+    --data "{\"rrset_values\": [\"$IPV4\"]}" \
+    https://api.gandi.net/v5/livedns/domains/seaturtle.pw/records/@/A
+  curl \
+    --header "Authorization: Apikey $APIKEY" \
+    --header "Content-Type: application/json" \
+    --request PUT \
+    --data "{\"rrset_values\": [\"$IPV6\"]}" \
+    https://api.gandi.net/v5/livedns/domains/seaturtle.pw/records/@/AAAA
+  # fogcutter (for web apps)
+  curl \
+    --header "Authorization: Apikey $APIKEY" \
+    --header "Content-Type: application/json" \
+    --request PUT \
+    --data "{\"rrset_values\": [\"$IPV4\"]}" \
+    https://api.gandi.net/v5/livedns/domains/seaturtle.pw/records/$NAME/A
+elif [[ $NAME == 'madone' ]]; then
+  curl \
+    --header "Authorization: Apikey $APIKEY" \
+    --header "Content-Type: application/json" \
+    --request PUT \
+    --data "{\"rrset_values\": [\"$IPV4\"]}" \
+    https://api.gandi.net/v5/livedns/domains/seaturtle.pw/records/$NAME/A
+fi
+
+curl \
+  --header "Authorization: Apikey $APIKEY" \
+  --header "Content-Type: application/json" \
+  --request PUT \
+  --data "{\"rrset_values\": [\"$IPV6\"]}" \
+  https://api.gandi.net/v5/livedns/domains/seaturtle.pw/records/$NAME/AAAA