From 5e565f0374840245e5012fb57ba0af24de78e34b Mon Sep 17 00:00:00 2001 From: alex Date: Sat, 11 Mar 2023 12:18:03 +0100 Subject: [PATCH] Draft proxmox proxy support + route53 --- .../roles/proxmox_route_53/tasks/main.yml | 11 +++++++++++ personal_infra/playbooks/site.yaml | 7 +++++++ .../puppet/modules/proxmox/manifests/proxy.pp | 2 +- .../modules/proxmox/manifests/proxy_host.pp | 15 +++++++++++++++ personal_infra/puppet/site/h1.pdp7.net.pp | 11 ++++++++--- personal_infra/requirements.txt | 3 +++ 6 files changed, 45 insertions(+), 4 deletions(-) create mode 100644 personal_infra/playbooks/roles/proxmox_route_53/tasks/main.yml create mode 100644 personal_infra/puppet/modules/proxmox/manifests/proxy_host.pp diff --git a/personal_infra/playbooks/roles/proxmox_route_53/tasks/main.yml b/personal_infra/playbooks/roles/proxmox_route_53/tasks/main.yml new file mode 100644 index 0000000..b56561d --- /dev/null +++ b/personal_infra/playbooks/roles/proxmox_route_53/tasks/main.yml @@ -0,0 +1,11 @@ +--- +- name: create A entries + local_action: + module: amazon.aws.route53 + zone: "{{ network.dns_zone }}" + record: "{{ item }}" + type: A + value: "{{ network.ip }}" + wait: true + state: present + loop: "{{ network.proxmox.proxy_hosts }}" diff --git a/personal_infra/playbooks/site.yaml b/personal_infra/playbooks/site.yaml index ddeced0..377f564 100644 --- a/personal_infra/playbooks/site.yaml +++ b/personal_infra/playbooks/site.yaml @@ -42,3 +42,10 @@ tags: ipsilon roles: - deploy_ipsilon + +- name: proxmox route 53 + hosts: proxmox + tags: proxmox_route_53 + gather_facts: false + roles: + - proxmox_route_53 diff --git a/personal_infra/puppet/modules/proxmox/manifests/proxy.pp b/personal_infra/puppet/modules/proxmox/manifests/proxy.pp index 65f93cb..2a07c44 100644 --- a/personal_infra/puppet/modules/proxmox/manifests/proxy.pp +++ b/personal_infra/puppet/modules/proxmox/manifests/proxy.pp @@ -21,7 +21,7 @@ class proxmox::proxy ($mail, $base_hostname) { file {'/etc/apache2/sites-enabled/test.conf': content => @("EOT") - MDomain $base_hostname + MDomain $base_hostname auto MDCertificateAgreement accepted MDContactEmail $mail MDNotifyCmd /usr/local/bin/notify_md_renewal diff --git a/personal_infra/puppet/modules/proxmox/manifests/proxy_host.pp b/personal_infra/puppet/modules/proxmox/manifests/proxy_host.pp new file mode 100644 index 0000000..33b28de --- /dev/null +++ b/personal_infra/puppet/modules/proxmox/manifests/proxy_host.pp @@ -0,0 +1,15 @@ +define proxmox::proxy_host (String[1] $target) { + file {"/etc/apache2/sites-enabled/$title.conf": + content => @("EOT") + MDomain $title + + + ServerName $title + SSLEngine on + + | EOT + , + } + ~> + Service['apache2'] +} diff --git a/personal_infra/puppet/site/h1.pdp7.net.pp b/personal_infra/puppet/site/h1.pdp7.net.pp index ef0ff1e..b64871c 100644 --- a/personal_infra/puppet/site/h1.pdp7.net.pp +++ b/personal_infra/puppet/site/h1.pdp7.net.pp @@ -1,11 +1,16 @@ node 'h1.pdp7.net' { class {'proxmox::freeipa':} + class {'dns_dhcp':} + + # TODO: ugly; tinc scripts require this :( + package {'net-tools':} + class {'proxmox::proxy': mail => lookup('mail.root_mail'), base_hostname => lookup('network.public_hostname'), } - class {'dns_dhcp':} - # TODO: ugly; tinc scripts require this :( - package {'net-tools':} + proxmox::proxy_host {'ipsilon-test.pdp7.net': + target => 'ipsilon-test.h1.int.pdp7.net', + } } diff --git a/personal_infra/requirements.txt b/personal_infra/requirements.txt index 8245ee4..b0529d6 100644 --- a/personal_infra/requirements.txt +++ b/personal_infra/requirements.txt @@ -1,5 +1,7 @@ ansible==7.1.0 ansible-core==2.14.1 +boto3==1.26.89 +botocore==1.29.89 cachetools==5.3.0 certifi==2022.12.7 cffi==1.15.1 @@ -22,6 +24,7 @@ requests==2.28.2 requests-oauthlib==1.3.1 resolvelib==0.8.1 rsa==4.9 +s3transfer==0.6.0 six==1.16.0 urllib3==1.26.14 websocket-client==1.5.1 -- 2.47.3