Draft proxmox proxy support + route53

author: alex <alex@pdp7.net> 2023-03-11 12:18:03 +0100
committer: alex <alex@pdp7.net> 2023-03-11 12:18:03 +0100
commit: 5e565f0374840245e5012fb57ba0af24de78e34b (patch)
tree: 45ef53752d69a88004dba15559abf09e96525c07 /personal_infra
parent: ffae0d6f55f609bf67f54891ea0c95e381a8368c (diff)
6 files changed, 45 insertions, 4 deletions
diff --git a/personal_infra/playbooks/roles/proxmox_route_53/tasks/main.yml b/personal_infra/playbooks/roles/proxmox_route_53/tasks/main.yml
new file mode 100644
index 00000000..b56561de
--- /dev/null
+++ b/personal_infra/playbooks/roles/proxmox_route_53/tasks/main.yml
@@ -0,0 +1,11 @@
+---
+- name: create A entries
+  local_action:
+    module: amazon.aws.route53
+    zone: "{{ network.dns_zone }}"
+    record: "{{ item }}"
+    type: A
+    value: "{{ network.ip }}"
+    wait: true
+    state: present
+  loop: "{{ network.proxmox.proxy_hosts }}"
diff --git a/personal_infra/playbooks/site.yaml b/personal_infra/playbooks/site.yaml
index ddeced0e..377f5647 100644
--- a/personal_infra/playbooks/site.yaml
+++ b/personal_infra/playbooks/site.yaml
@@ -42,3 +42,10 @@
   tags: ipsilon
   roles:
     - deploy_ipsilon
+
+- name: proxmox route 53
+  hosts: proxmox
+  tags: proxmox_route_53
+  gather_facts: false
+  roles:
+    - proxmox_route_53
diff --git a/personal_infra/puppet/modules/proxmox/manifests/proxy.pp b/personal_infra/puppet/modules/proxmox/manifests/proxy.pp
index 65f93cb6..2a07c44c 100644
--- a/personal_infra/puppet/modules/proxmox/manifests/proxy.pp
+++ b/personal_infra/puppet/modules/proxmox/manifests/proxy.pp
@@ -21,7 +21,7 @@ class proxmox::proxy ($mail, $base_hostname) {
 
   file {'/etc/apache2/sites-enabled/test.conf':
     content => @("EOT")
-    MDomain $base_hostname
+    MDomain $base_hostname auto
     MDCertificateAgreement accepted
     MDContactEmail $mail
     MDNotifyCmd /usr/local/bin/notify_md_renewal
diff --git a/personal_infra/puppet/modules/proxmox/manifests/proxy_host.pp b/personal_infra/puppet/modules/proxmox/manifests/proxy_host.pp
new file mode 100644
index 00000000..33b28de0
--- /dev/null
+++ b/personal_infra/puppet/modules/proxmox/manifests/proxy_host.pp
@@ -0,0 +1,15 @@
+define proxmox::proxy_host (String[1] $target) {
+  file {"/etc/apache2/sites-enabled/$title.conf":
+    content => @("EOT")
+      MDomain $title
+
+      <VirtualHost *:443>
+        ServerName $title
+        SSLEngine on
+      </VirtualHost>
+    | EOT
+    ,
+  }
+  ~>
+  Service['apache2']
+}
diff --git a/personal_infra/puppet/site/h1.pdp7.net.pp b/personal_infra/puppet/site/h1.pdp7.net.pp
index ef0ff1ea..b64871c1 100644
--- a/personal_infra/puppet/site/h1.pdp7.net.pp
+++ b/personal_infra/puppet/site/h1.pdp7.net.pp
@@ -1,11 +1,16 @@
 node 'h1.pdp7.net' {
   class {'proxmox::freeipa':}
+  class {'dns_dhcp':}
+
+  # TODO: ugly; tinc scripts require this :(
+  package {'net-tools':}
+
   class {'proxmox::proxy':
     mail => lookup('mail.root_mail'),
     base_hostname => lookup('network.public_hostname'),
   }
-  class {'dns_dhcp':}
 
-  # TODO: ugly; tinc scripts require this :(
-  package {'net-tools':}
+  proxmox::proxy_host {'ipsilon-test.pdp7.net':
+    target => 'ipsilon-test.h1.int.pdp7.net',
+  }
 }
diff --git a/personal_infra/requirements.txt b/personal_infra/requirements.txt
index 8245ee42..b0529d69 100644
--- a/personal_infra/requirements.txt
+++ b/personal_infra/requirements.txt
@@ -1,5 +1,7 @@
 ansible==7.1.0
 ansible-core==2.14.1
+boto3==1.26.89
+botocore==1.29.89
 cachetools==5.3.0
 certifi==2022.12.7
 cffi==1.15.1
@@ -22,6 +24,7 @@ requests==2.28.2
 requests-oauthlib==1.3.1
 resolvelib==0.8.1
 rsa==4.9
+s3transfer==0.6.0
 six==1.16.0
 urllib3==1.26.14
 websocket-client==1.5.1
author	alex <alex@pdp7.net>	2023-03-11 12:18:03 +0100
committer	alex <alex@pdp7.net>	2023-03-11 12:18:03 +0100
commit	5e565f0374840245e5012fb57ba0af24de78e34b (patch)
tree	45ef53752d69a88004dba15559abf09e96525c07 /personal_infra
parent	ffae0d6f55f609bf67f54891ea0c95e381a8368c (diff)