This repository has been archived by the owner on Apr 29, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 5
/
main.tf
123 lines (100 loc) · 4.31 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
variable "bootstrap" {
default = false
}
data "template_file" "connections" {
count = "${length(var.hosts)}"
template = "$${address}"
vars {
address = "${var.bootstrap == true ? element(module.inventory.public_ipv4s, count.index) : element(module.inventory.ipv4s, count.index)}"
}
}
module "inventory" {
source = "./base/inventory"
hosts = "${var.hosts}"
vultr_ssh_keys = "${var.vultr_ssh_keys}"
ssh_keys = "${var.ssh_keys}"
domain_name = "${var.domain_name}"
}
module "wireguard" {
source = "./base/wireguard"
count = "${length(var.hosts)}"
connections = "${data.template_file.connections.*.rendered}"
listen_addrs = "${module.inventory.public_ipv4s}"
listen_port = 51820
interface = "wg0"
ipv4s = "${module.inventory.ipv4s}"
network = "${var.network}"
}
module "openvpn" {
source = "./base/openvpn"
count = "${length(matchkeys(module.inventory.ipv4s, module.inventory.roles, list("vpn")))}"
connections = "${matchkeys(data.template_file.connections.*.rendered, module.inventory.roles, list("vpn"))}"
domain_name = "vpn.${var.domain_name}"
network = "${cidrsubnet(var.network, 1, 1)}"
routes = ["${cidrsubnet(var.network, 1, 0)}"]
data = "${path.module}/${var.vpn_data}"
data_changed = "${data.external.vpn_data_changed.result.changed}"
gateway_enabled = false
datacenters = "${distinct(module.inventory.datacenters)}"
public_ipv6 = "${element(split("/", element(var.anycast_addresses["vpn"], 1)), 0)}"
}
module "docker" {
source = "./base/docker"
count = "${length(var.hosts)}"
connections = "${data.template_file.connections.*.rendered}"
}
module "consul" {
source = "./base/consul"
depends_on = "${module.docker.dependency}"
count = "${length(var.hosts)}"
connections = "${data.template_file.connections.*.rendered}"
ipv4s = "${module.wireguard.ipv4s}"
docker_image = "consul:0.9.2"
servers = "${data.template_file.cluster_leaders.*.rendered}"
datacenters = "${module.inventory.datacenters}"
}
module "nomad" {
source = "./base/nomad"
count = "${length(var.hosts)}"
connections = "${data.template_file.connections.*.rendered}"
ipv4s = "${module.wireguard.ipv4s}"
nomad_version = "0.5.6"
servers = "${data.template_file.cluster_leaders.*.rendered}"
datacenters = "${module.inventory.datacenters}"
roles = "${module.inventory.roles}"
bind_interfaces = ["wg0"]
}
module "bird" {
source = "./base/bird"
count = "${length(var.hosts)}"
connections = "${data.template_file.connections.*.rendered}"
public_ipv4s = "${module.inventory.public_ipv4s}"
public_ipv6s = "${module.inventory.public_ipv6s}"
local_as = "${var.anycast_local_as}"
neighbor_password = "${var.anycast_password}"
}
module "anycast_vpn" {
source = "../../ipfs/dweblink-infra/base/anycast"
count = "${length(matchkeys(module.inventory.public_ipv4s, module.inventory.roles, list("vpn")))}"
connections = "${matchkeys(data.template_file.connections.*.rendered, module.inventory.roles, list("vpn"))}"
name = "vpn"
addresses = "${var.anycast_addresses["vpn"]}"
}
module "anycast_lb" {
source = "../../ipfs/dweblink-infra/base/anycast"
count = "${length(matchkeys(module.inventory.public_ipv4s, module.inventory.roles, list("lb")))}"
connections = "${matchkeys(data.template_file.connections.*.rendered, module.inventory.roles, list("lb"))}"
name = "lb"
addresses = "${var.anycast_addresses["lb"]}"
}
# TODO Revisit this once Nomad supports binding container ports to specific IPs.
# See https://github.com/hashicorp/nomad/issues/646#issuecomment-315416587
module "portfwd_vpn" {
source = "./base/portfwd"
count = "${length(matchkeys(module.inventory.public_ipv4s, module.inventory.roles, list("vpn")))}"
connections = "${matchkeys(data.template_file.connections.*.rendered, module.inventory.roles, list("vpn"))}"
port = 1194
from = "${concat(list(element(var.anycast_addresses["vpn"], 0)), list("$${public_ipv4}/32"))}"
to = "${matchkeys(module.inventory.ipv4s, module.inventory.roles, list("vpn"))}"
public_ipv4s = "${matchkeys(module.inventory.public_ipv4s, module.inventory.roles, list("vpn"))}"
}