From d37eff43725d28a9195ee53318044d63251fdd9c Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Fri, 3 May 2024 18:34:26 +0200 Subject: [PATCH] Add cloudflare support' --- Makefile | 4 +- group_vars/cloudflare.sops.yaml | 21 ++++++++++ playbooks/other/cloudflare/playbook.yml | 38 +++++++++++++++++++ playbooks/providers/hetzner/playbook.yml | 8 ++++ .../templates/provider_outputs.yaml.j2 | 2 +- 5 files changed, 71 insertions(+), 2 deletions(-) create mode 100644 group_vars/cloudflare.sops.yaml create mode 100644 playbooks/other/cloudflare/playbook.yml diff --git a/Makefile b/Makefile index ce9ee05..de29bbc 100644 --- a/Makefile +++ b/Makefile @@ -19,6 +19,7 @@ bootstrap: export SP_STATE=present && \ python3 -m ansible playbook ./playbooks/other/ssh-key-gen/playbook.yml && \ python3 -m ansible playbook ./playbooks/providers/hetzner/playbook.yml && \ + python3 -m ansible playbook ./playbooks/other/cloudflare/playbook.yml && \ export ANSIBLE_INVENTORY=/tmp/outputs/inventory.yaml && \ export ANSIBE_PRIVATE_KEY_FILE=/tmp/outputs/ssh_key && \ sleep 8 && \ @@ -34,4 +35,5 @@ cleanup: export SP_CUSTOMER=softplayer && \ export SP_ENV=dev && \ export SP_STATE=absent && \ - python3 -m ansible playbook ./playbooks/providers/hetzner/playbook.yml + python3 -m ansible playbook ./playbooks/providers/hetzner/playbook.yml || true && \ + python3 -m ansible playbook ./playbooks/other/cloudflare/playbook.yml diff --git a/group_vars/cloudflare.sops.yaml b/group_vars/cloudflare.sops.yaml new file mode 100644 index 0000000..e1f6fd5 --- /dev/null +++ b/group_vars/cloudflare.sops.yaml @@ -0,0 +1,21 @@ +api_token: ENC[AES256_GCM,data:F4XoszX3kvpETLD5NDEzBPEUFqvHkHB06lbfJJkWy7SYvXW9zz9bXA==,iv:Y8u0triR363wZ5k7k07nJ3fJlQ2VZiGfH6RibBlClGo=,tag:mD0uzE9EKFYRsvfMyiTqJg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1lzythn62c4yug8w2wskckpgyjyja6rreyvgmwl9hj4mjvm0tvq6sl68d4z + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHckx3S1JqNStxZTBoU1Za + ODh6S2Z3aENoZVBXTDc2dDJBQ2ZvL2h0TUNBCmxLWUJybHN3NFRYVlBRTU8rdlN0 + WnpyOU9HdllST0lvamNOV1M5aisvZ0UKLS0tIHY4TVFNUm9GQnRtK1B5c01kdEky + YTNMWnNvZDdBTmtQNWNaSWd0ZzNvYjAKwV7BI7/8YRg+Nbm5KfoUZPzYX2S4m1At + /fSZvXt/sgJydJo1th3asUr/sXgykVjHuDQUh+WPsa5ys9jH5xS2ew== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-05-03T16:29:13Z" + mac: ENC[AES256_GCM,data:sVjpsKCK+4CHB1mZb+BnBA0AHWAsHoizGaC4s0ErzAEbXaMIYLFBUYkkeN3OQUcLmLe6SqILpeBVjfhNaaHaQkfr6ZwxOng8d5TNr7qmBYBIGEEUqnIP+Z6vtVKWvpALpKUhTntbUfPaVbdO+rharaBYlXK3lZy8APLcKvmYz7I=,iv:SB00E70mSTpyRYF6p2nz+vLG1EjULj74CEqzuSCazNA=,tag:nys5spETdimYiFNukcwTdA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/playbooks/other/cloudflare/playbook.yml b/playbooks/other/cloudflare/playbook.yml new file mode 100644 index 0000000..8e2ae2e --- /dev/null +++ b/playbooks/other/cloudflare/playbook.yml @@ -0,0 +1,38 @@ +- name: Cloudflare playbook + hosts: localhost + connection: local + vars: + output_dir: /tmp/outputs + customer: "{{ lookup('ansible.builtin.env', 'SP_CUSTOMER') }}" + env: "{{ lookup('ansible.builtin.env', 'SP_ENV') }}" + state: "{{ lookup('ansible.builtin.env', 'SP_STATE') }}" + tags: + - cloud + - cloudflare + - dns + + tasks: + # -------------------------------------------------------- + # -- Prepare the SOPS plugin to get secrets + # -------------------------------------------------------- + - name: Load encrypted credentials + community.sops.load_vars: + file: ../../../group_vars/cloudflare.sops.yaml + + - name: Configre A record + community.general.cloudflare_dns: + api_token: "{{ api_token }}" + record: "{{ env }}" + zone: "badhouseplants.net" + type: A + value: "{{( lookup('file', '/tmp/outputs/provider_outputs.yaml')| from_yaml).user_entrypoint }}" + state: "{{ state }}" + + - name: Configre CNAME + community.general.cloudflare_dns: + api_token: "{{ api_token }}" + record: "*.{{ env }}" + zone: "badhouseplants.net" + type: CNAME + value: "{{ env }}.badhouseplants.net" + state: "{{ state }}" \ No newline at end of file diff --git a/playbooks/providers/hetzner/playbook.yml b/playbooks/providers/hetzner/playbook.yml index 387f6f0..ac1dded 100644 --- a/playbooks/providers/hetzner/playbook.yml +++ b/playbooks/providers/hetzner/playbook.yml @@ -93,6 +93,7 @@ msg: - "{{ server_data }}" when: 'server_data' + - name: Generate new inventory ansible.builtin.template: src: templates/inventory.yaml.j2 @@ -102,3 +103,10 @@ ipv4_entrypoint: "{{ floating_ips_data.hcloud_floating_ip.ip }}" cluster_name: "{{ customer }}-{{ env }}" volume_device_name: "{{ volumes_data.hcloud_volume.linux_device }}" + + - name: Generate provider output + ansible.builtin.template: + src: templates/provider_outputs.yaml.j2 + dest: "{{ output_dir }}/provider_outputs.yaml" + vars: + ipv4_entrypoint: "{{ floating_ips_data.hcloud_floating_ip.ip }}" diff --git a/playbooks/providers/hetzner/templates/provider_outputs.yaml.j2 b/playbooks/providers/hetzner/templates/provider_outputs.yaml.j2 index 42723f6..7003e2d 100644 --- a/playbooks/providers/hetzner/templates/provider_outputs.yaml.j2 +++ b/playbooks/providers/hetzner/templates/provider_outputs.yaml.j2 @@ -1 +1 @@ -disk_device_name: {{ disk_device_name }} +user_entrypoint: {{ ipv4_entrypoint }} \ No newline at end of file