commit 37a6e45358d2479608000dc4d58af81b7f0fde78 Author: Sjaak van den Berg Date: Mon Dec 15 22:59:03 2025 +0100 20251215T225903CET diff --git a/README.md b/README.md new file mode 100644 index 0000000..0daff31 --- /dev/null +++ b/README.md @@ -0,0 +1,48 @@ +# Infrastructure repository + +This repository contains all code needed to bootstrap and maintain the +infrastructure for COMPANY. It deploys to Vultr and uses Ansible. + +# bootstrap.yml + +This playbook bootstraps the mgmt network. This is a requirement for further +deployment. + +# shared-services/ + +These playbooks deploy the various services in the shared services network. + +# Networks + +transit 10.10.0.0/24 +shared-services 10.20.0.0/24 +mgmt 10.30.0.0/24 +mgmt-dev 10.30.40.0/24 +mgmt-tst 10.30.50.0/24 +mgmt-prd 10.30.60.0/24 +dev 10.40.0.0/16 +tst 10.50.0.0/16 +prd 10.60.0.0/16 +prd-id 10.60.id.0/24 +prd-id-platform 10.60.id.0/25 +prd-id-customer 10.60.id.128/25 + +# Cloud pricing November 2025 + +- 1 VPC +- 10 2vcpu/2gb VMs + - 500gb intra-vpc data transfer + - monitoring enabled +- 1 NAT gateway + - 50gb data transfer +- 2 public IPv4 address +- eu hosting + +AWS: $255/m +DO: $202/m +VULTR: $150 + +# Design + +- flatcar + ipxe boot +- custom iso diff --git a/TODO.md b/TODO.md new file mode 100644 index 0000000..fae397b --- /dev/null +++ b/TODO.md @@ -0,0 +1,8 @@ +# TODO + +[ ] snapshot +[x] fix duplicate vpc issue +[-] take a look at flatcar +[ ] switch to ipxe boot (see https://github.com/vultr/packer-plugin-vultr/issues/197) +[ ] switch to uv python +[-] try other preseed.cfg's from the gist diff --git a/build.sh b/build.sh new file mode 100644 index 0000000..85bc021 --- /dev/null +++ b/build.sh @@ -0,0 +1,28 @@ +#!/usr/bin/env bash +set -euo pipefail + +VULTR_API_KEY="G7QPY6RQR7TNU7G2WRVJYOQZCEOYXB23UB7Q" +USER_DATA="$(cat user-data | base64 --wrap=0)" + +NEW_INSTANCE=$(jq --null-input --compact-output \ + --arg user_data "${USER_DATA}" \ + '{ + "activation_email": true, + "region": "ams", + "plan": "vc2-1c-1gb", + "os_id": 2625, + "label": "debian", + "hostname": "debian", + "backups": "disabled", + "enable_ipv6": false, + "disable_public_ipv4": false, + "ddos_protection": false, + "user_data": $user_data, + "user_scheme": "root" + }') + +curl --silent 'https://api.vultr.com/v2/instances' \ + --request POST \ + --header "Authorization: Bearer ${VULTR_API_KEY}" \ + --header 'Accept: application/json' \ + --data "${NEW_INSTANCE}" | jq -r '.instance.id' diff --git a/provision.yml b/provision.yml new file mode 100644 index 0000000..8429f7f --- /dev/null +++ b/provision.yml @@ -0,0 +1,6 @@ +- name: provision debian image + hosts: localhost + connection: local + + tasks: + - ping: \ No newline at end of file diff --git a/user-data b/user-data new file mode 100644 index 0000000..adc92b6 --- /dev/null +++ b/user-data @@ -0,0 +1,32 @@ +#cloud-config +users: +- name: ghost + gecos: ghost + primary_group: ghost + groups: [users, sudo] + shell: /bin/bash + sudo: "ALL=(ALL) NOPASSWD:ALL" + ssh_authorized_keys: + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHpi1yQ9KZWw6dIiYMkWdqTCgcP/4/s4wu8GWe3toIrz mail@svdb.co" +ssh_pwauth: true + +hostname: debian + +package_reboot_if_required: true +package_update: true +package_upgrade: true +packages: +- pwgen +- git + +ansible: + package_name: ansible-core + install_method: distro + pull: + url: https://sjaakvandenberg:glpat-LNODrGwGu_2_chfIeHhdPW86MQp1OjJscHIK.01.101c0efma@gitlab.com/svdb-it/infra.git + playbook_name: provision.yml + +run_cmd: +- deluser --remove-all-files linuxuser +- usermod --uid 1000 ghost +- groupmod --gid 1000 ghost \ No newline at end of file