feat(utsuho): new host

2026-02-09 12:29:19 -08:00 · 2024-03-21 08:19:43 -07:00 · 2024-03-21 08:19:43 -07:00 · 64354376c7
commit 64354376c7
parent c37901e4d0
9 changed files with 167 additions and 4 deletions
--- a/tf/cloudflare_records.tf
+++ b/tf/cloudflare_records.tf
@ -65,6 +65,15 @@ module "keycloak_system_records" {
  local_v6  = "fd0a::be24:11ff:fec4:66ac"
 }

+module "utsuho_system_records" {
+  source    = "./system/records"
+  name      = "utsuho"
+  zone_id   = cloudflare_zone.gensokyo-zone_zone.id
+  zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
+  local_v4  = "10.1.1.38"
+  local_v6  = "fd0a::be24:11ff:fec4:66a6"
+}
+
 module "aya_system_records" {
  source       = "./system/records"
  name         = "aya"
--- a/tf/cloudflare_tunnels.tf
+++ b/tf/cloudflare_tunnels.tf
@ -58,6 +58,34 @@ output "cloudflare_tunnel_cname_keycloak" {
  value = module.keycloak.cname
 }

+variable "cloudflare_tunnel_secret_utsuho" {
+  type      = string
+  sensitive = true
+}
+
+module "utsuho" {
+  source     = "./tunnel"
+  name       = "utsuho"
+  secret     = var.cloudflare_tunnel_secret_utsuho
+  account_id = var.cloudflare_account_id
+  zone_id    = cloudflare_zone.gensokyo-zone_zone.id
+  subdomains = [
+  ]
+}
+
+output "cloudflare_tunnel_id_utsuho" {
+  value = module.utsuho.id
+}
+
+output "cloudflare_tunnel_token_utsuho" {
+  value     = module.utsuho.token
+  sensitive = true
+}
+
+output "cloudflare_tunnel_cname_utsuho" {
+  value = module.utsuho.cname
+}
+
 variable "cloudflare_tunnel_secret_tewi" {
  type      = string
  sensitive = true
--- a/tf/proxmox_vms.tf
+++ b/tf/proxmox_vms.tf
@ -1,9 +1,11 @@
 variable "proxmox_container_template" {
  type    = string
-  default = "local:vztmpl/ct-20240211-nixos-system-x86_64-linux.tar.xz"
+  default = "local:vztmpl/ct-20240319-nixos-system-x86_64-linux.tar.xz"
 }

 locals {
+  proxmox_utsuho_vm_id     = 108
+  proxmox_utsuho_config    = jsondecode(file("${path.root}/../systems/utsuho/lxc.json"))
  proxmox_keycloak_vm_id   = 107
  proxmox_keycloak_config  = jsondecode(file("${path.root}/../systems/keycloak/lxc.json"))
  proxmox_litterbox_vm_id  = 106
@ -330,6 +332,79 @@ module "aya_config" {
  config     = local.proxmox_aya_config.lxc
 }

+resource "proxmox_virtual_environment_container" "utsuho" {
+  node_name   = "reisen"
+  vm_id       = local.proxmox_utsuho_vm_id
+  tags        = ["tf"]
+  description = <<EOT
+zoomzoom
+EOT
+
+  memory {
+    dedicated = 2048
+    swap      = 4096
+  }
+
+  cpu {
+    cores = 2
+  }
+
+  disk {
+    datastore_id = "local-zfs"
+    size         = 32
+  }
+
+  initialization {
+    hostname = "utsuho"
+    ip_config {
+      ipv6 {
+        address = "auto"
+      }
+      ipv4 {
+        address = "10.1.1.38/24"
+        gateway = "10.1.1.1"
+      }
+    }
+  }
+
+  startup {
+    order      = 4
+    up_delay   = 0
+    down_delay = 2
+  }
+
+  network_interface {
+    name        = "eth0"
+    mac_address = "BC:24:11:C4:66:A6"
+  }
+
+  operating_system {
+    template_file_id = var.proxmox_container_template
+    type             = "nixos"
+  }
+
+  unprivileged = true
+  features {
+    nesting = true
+  }
+
+  console {
+    type = "console"
+  }
+  started = false
+
+  lifecycle {
+    ignore_changes = [started, initialization[0].dns, operating_system[0].template_file_id]
+  }
+}
+
+module "utsuho_config" {
+  source     = "./system/proxmox/lxc/config"
+  connection = local.proxmox_reisen_connection
+  container  = proxmox_virtual_environment_container.utsuho
+  config     = local.proxmox_utsuho_config.lxc
+}
+
 resource "proxmox_virtual_environment_vm" "freeipa" {
  name        = "freeipa"
  tags        = ["tf"]
--- a/tf/terraform.tfvars.sops
+++ b/tf/terraform.tfvars.sops
@ -1,5 +1,5 @@
 {
-	"data": "ENC[AES256_GCM,data:xhV1so+M7nd5ZlBcCHDp3mIJCCshTi7Tljw2m/Fy9wWuvqOFSthm+J8q8aOm7JaReU0NlGq2aUg0SlEDF/MQ7UU36P30OkL1AdEOeAKeOL6LUfJGNIwaBNrykGTorP/uUAUwueXfGOJ6Btxu/BNa6w+L+GpKPjwTxUaLLnij06suUtDduWszEFLrbhoBiLbbI1RUoa9EbPfgKd364QIvwCR7hT+w0LPg+ArrAgsMXnWtyrWHfieCgPL1gBxfbFBUFalt5BnlPVzmML2KcJ5GLvgoMfWV+scp4m1Y/kxkm0azRBeuHPFO3g0pLZfk57fmvoedFod+e/mttaRi+KSc5kipMKrmirFUR0fjf5GFpM2oH3UsyoQp8tD/Sn85jT84k6JSDsY5XYNwqT5N1mJ08olsHvep/mZXVnmY3iPo3IkqGcI6HHxpgB57INll3lrAD1X8Lc9zYY/qgCzYsULX6lejUNprg/IP/felMGe74dRm+40/4ZbObD9aKSAhXJHUBTjite9jksTrsaCzF1EafvYPaVIW40ci6SoK1+zsA1Nvuz2GB8kGw50xVuCmJcsgR+Pv1IcfjkXXoGbikBMbcy2DNzOA6DOhrkGW2h17Cx06ZE4MgwaTcXgqA2nAF+xC9s3um8WsZiWdZLKCEfaELtrXqb8LlSeJ9aCwvNzLELAbwq3AzgTNGzR/tDhV8FYKeNa94/Uh2rdFhVZCgZZ4Wllg4P6yNmuc/meYqyw3U1VmYjiuGWLmE5x8JxvN0Ro1tEGzpXJyuGGzN5rqDxfval0JaWXaCRKN7i5yQZWJ+9hzFg95GRtb6hS7yFfTh7ZmKH8Z0rpKr0l6vPWrcdMHP+AEXtymw+degwBM88VgXuhRxtz3Yid+Bqz7MeQVQyBAJeqVWc5VHX+lpXJnPg08f6WyInEiXC4w+sUDcH7M1zAZVF7BFdfrlSabobv3rikX6rG8tvp0Cr1PdjIE8RZ4+o6OSkO3VdxuEP3O4c6xuGqbvVzKqsb4vPtLpz8mYgs8jEt5z+mVaQFJfYris+yLUE3zMcpFFKGA9pGq+60/EKtdvWpXruCmdG/XuXMN0LRkDh2Pq91oXeUkEKgFRZJYcEhf3gQ8NYt2nWdG6nhtT6PqJT/WA0Z3t/YN4fx08xc77QdV4qeD3u2wdOCHSbyctllmLO2IPtRsJGgEzxD3/sM1Zc9T0YI3JgNblMQIG3nch3V7FQ3tdIOS8i3Y46pyOlh69ncS9Ifja12DLrjlebGbAJHVuVwGzddsjZ+6TAFlgbkC3l4tpfYnKHNz7TgP8B7djwejFCqpOE8pRC800pxMDgIqwhd+zJDQvjZDcSbtrdTGh1giABCu/yauSEDi3B53Rp9xp9WOgApm0g2cdH29cPQVSlnevD5hk2lS8+DCfFtct7AAVQsIsECvMInOxMKBXQuRWhbUvatk5gJProgdWDts3w9tueChjNermhihSlf3tLyoYwNPkculWkhQmqhY4Gf3562putVkTb/di+or/VPf3l330rn9OGse//koJGZM7v2LbbxTle9LbytFJ+gKAcr9gcW9Dg2We3ZXuZUKkzCzcPt0ghvOc40g1BuziULLIClO8aKKt88BSyUwmbLE6+ZV0by17h/hYd0t4sUnYF94sff2a5Lh7Joay07J8HvV7M1uWhC/vt7ua+m5dVcrUNXzJV8iuw9W0u2V6kWiyeT3UpBdhPq6/k99gQ7+VItSJmN2GOKot8ndG5M9x+ZGY68LVxXkW8+eZUiWJAqdDHDdzPGca6Nm5WZmDtck8WjldoOaaMzijzQ+Jt41bpJiP1Yq+9s0ORR5Q6Af/4wgfAwZAaTF57soLhrCAPgv5vmx2bN0uNjEth7tikvyp7HnmHmv0eYRkuWyJkdI6nw+fqFK+Drqq/FbraYL53B6FIMpCdX9FjmNg1rO0eBxPmOHKyOU9Hzes+aBztYoqPPbcGXp8zEyN5JmjD9Xz6HB7EnYuzNMcJUEeH6eZSzBMx8+pJLbYJB11DysgdN4tYTHddKgOtTLGkD0teru+tsJBKP1i5buq+S7zWa8EVnYbbK5BR8mQK69meXRwZpTwQgHvyPUwGZjuWnLU3D9T0+QE478XsCiQWy34paGfl9hsljlHtp/KQUL2bwhtU/0Eyqy6DOqOePZV0Y58wrJpDmafP+w2raDZ9FboD8zXANWFPGh0Glo2E4=,iv:6vdvCs0371Zr1d/C6KHZkATVLFJRyyWuwtqEP8SkouU=,tag:QYh+Ufu8YIvvziHGLt/FZw==,type:str]",
+	"data": "ENC[AES256_GCM,data:iYpHoTiF+5qNkJ/ZHU37H3fqSIYgaqJnz+LVqcUhbmDpfKLngXeXV3dBqwk6ilBxVyRJ33v+ZbfeatLByk9v6JL3YmfKe/f/w+EBWEbKVy0qXb2lOHOCGMm3PFe+FP7DLb9deAWTi8S4FMGAa41xufbVIM+kOjQXwL3JH35dbgyyaqhmXknX4p800rt/T4TWo4NTfkRrR9G1/J+EaqeO0qRIJk2Vu/mqeXtbtyY13MrFCri1qw7FcvNwseFKWjzCCclfI2X+juNCxfYdXqjACmXyFMq0J3oYKHofMrts64+B4E5RjQb3j2FoCMNIAsKAGOoMEHQtWhiDEMPG3/yRIBoQ7TFFte5C6rN5O6fDTMel3q1vUHsazdrDX6nZ9HoV7H9GHlGApOqQ3AF4Zh7SMT6cN7hQ1G846o3igJ4UvX2J+q0Y8y3+Kl7JHo7axvRxEQ3h0jrj8KP8F4RpZqf07kDgfPyd2sZW1f1BMc3zHbyupWOfp7iGd2mRSdp5LRd7QCsryaX1e/P63NhqKfckScG85GEEGIsPRymeEmBLrhyUkTRr0t8I5fACdURbsRYYMVdd2Sy12DXJ8WfJQYunVJmIBkC2D8ZLy1+BGyuUpHFcOMEYmg6zHor32ghnEYVntp/XrwjOxBdeo7T8ntExbRNqAHqhFE1HT72cwCDWHt6EUtArOL4/BEzmkq43lgo1VuKrW2QjZDmFTTd8WlaAoVoZtJphY4RWkvJjjNmaGv+UiProVYFGRyg7hIHiwj+jP49WGEq5enONR6mnws3cog9pkRjH6IZrUIqcU4Aqmee1NU78KjM4G9q03/T+0P3YqP1VxGe39SBK6z7L6VQFVKU7Tl4kK4A6lWu4o1Q/HxBMFGZ/zVrx+kuPPVirHXy7F7TXFT4LghTi75Ve4ZCYdUrFvphVojS+XraUKEHWpO0urxR+4Gpd5BwBmbB+llLoOBkwbAwcdx+oi/qYm22entZsqLNi9oq6FvWc/AJIQ+Aya1ejMP1Ec2UYbIPDCR9RnGCQO4dOw3Mp+H6yByFvBWJuukvnv09mJQVLALrD35kJwdYfWPo5G14+ASDZIrvpWlm0Dk9LhWF/LPqPLvik0srtEoT+pZkLU9qE+i0bgvTXJqgYkyn/Exgi6XOy3zhVQ9zHDO/jiUa50KwxE+/g9WedfB00YRx2rndTs455K2eCUtxRJObl/eBkbyBes9bU6zIu3GuQshgt6h9UxgwK+73ofF293zKFpgHLgFATqMN/8rLH5rODxcPNY3VwTLIlmYtDo4otvKRWm0MPxBflbBun3fe6D6uoYqVJetjEypmU6XpqT89WUxah4NFpvEjXf5FTyoDPrb8O1oDGPMgbwbFh2W22z34A6T52lUg5nJzatlUPXweGY1NMGcPO8Z7Pv7yJMdcBidaxFRsLzKePkoOmUk1zW/cdtrjugURuy2958pp2CRfOQs0/XnPu+WWWwaSoWzI8ZgBMxuCWxtoJRusIHi1hfDw7T9gnvr9+TQsD4/nXeB4td1aFvggUAqsf/2Ahe7UvcJPM7nfgcymnpqwbfWHtWqkqjI4sJnKEAlxaDe2Xx/dC3eI8VWsZFJnepDSeA8TufJObK5TtYaCe+htLM5/4mCphRsb73DHdnlQ7PIG872kdrCapnA54SnDKBC8Z+t1W7LoWUTrQ752Nr3M0DRu5RfqTigyJ5zMMuOfXjVSJ1dy0xUp7Tn4JhkjpNX9DAOPMmvB19mA0lLF9hunfpT96lBf1grxo6x2oagqvg4N9a7+Bha8aQ5QtLB7maBLTOGbCI9zL0SYU+8qI+BHGZIndKSkLWc6XmcLMWyvypDC7XcjRVqFXMiYAFhPaFgPEjz31xycYYFvGa7mC0sV4OISEvdxoXE34IMfeI+Wf5wjURsWSkJ8Kub4pH3LjifX2gkWazQjsB9Ry0uLuCJbH+j9oOfrfz0xmFFVikkQSalLdWFqPg8UOJZMt/heO7w3MUE1RNXlV8k1m5d4lKTsLfcCgGF+NE3rC9oTIJgA0gTjOb/DImkE7MTFsMqJ+TesaFeYNx1Ll8T3P5zAuK+YGN2BNKOMD4oM5Qt3zfnDraL7i3ITJ39WvArjobBVKcMUg+h0uwD7NFo0up4fo7pOmy1KTYEjNZcOGKPHMZ8pli/ZM2+yiJ928Kdu7Bwe/MnmVA6xBFyjNRXcNWcDt6p6M+6NY9gr8sANVOj6Eb905ExC6XmgxOOW06K8Y81zYt+ggEna9QG1WwPpSxRQgtMlgada5DGy0ivHyrIuvSYCgtwiX3tc67ZCjQ0/7S2F7FxqQztfpO8x3FRMvr6DxCTSZmtyySClCqa+JZET5xO8bxkHGPnh/Pm97qy5085t6ablBKw==,iv:r/r8/D765tpIYa+qltuLohs/GtU3I6/P3qslXkbnCgE=,tag:ump5hDeTECGJWYkuPENAvQ==,type:str]",
 	"sops": {
 		"shamir_threshold": 1,
 		"kms": null,
@ -7,8 +7,8 @@
 		"azure_kv": null,
 		"hc_vault": null,
 		"age": null,
-		"lastmodified": "2024-03-19T01:44:48Z",
-		"mac": "ENC[AES256_GCM,data:c+4WUmXEs1r6C1riHHsMAwRyjf5Z58l1/f03Jc8L+komJevGpbSNTxBad3GOHnvFHB4M7ONZehlkEmaXEmTMJUN2LUs4ULU3wsRe/tD1BXs06Ktx8zuW3ym8ND/kfsu17/O5v951iZpDWWuk+ACsu4dnEDeIg27yXviUg4k3BVw=,iv:cVUlvEsXv8AAeDkw+B7aPNo+TQtNzUjO4lZHKge7pg8=,tag:WSRAk1xlVw8TaCxToAYr1g==,type:str]",
+		"lastmodified": "2024-03-21T15:14:28Z",
+		"mac": "ENC[AES256_GCM,data:kFloPwB/TeHMMk1VYcQkHf2wDFrUr0zcvP8u39wNcXFDWilMqzW9W+/vlpfvR3qbSWwlN7tpippwBNY+pu6/ZaA2JZP7DUczA3xpFn+BUljiX4JV/+YAz1KwZT4VA4EimAMWr90sHSMKKxp7AjqiNqhirajxjfgspBluQkKCH8Q=,iv:sY35Kef/MGwl9SrZs+pdXziQCHX27MsBaRt4q7Cb9Fg=,tag:pPWqSaZlzOro1P1fmUSVxw==,type:str]",
 		"pgp": [
 			{
 				"created_at": "2024-01-14T19:49:29Z",