20251215T225903CET

README.md

@@ -0,0 +1,48 @@
+# Infrastructure repository
+
+This repository contains all code needed to bootstrap and maintain the
+infrastructure for COMPANY. It deploys to Vultr and uses Ansible.
+
+# bootstrap.yml
+
+This playbook bootstraps the mgmt network. This is a requirement for further
+deployment.
+
+# shared-services/
+
+These playbooks deploy the various services in the shared services network.
+
+# Networks
+
+transit          10.10.0.0/24
+shared-services  10.20.0.0/24
+mgmt             10.30.0.0/24
+mgmt-dev         10.30.40.0/24
+mgmt-tst         10.30.50.0/24
+mgmt-prd         10.30.60.0/24
+dev              10.40.0.0/16
+tst              10.50.0.0/16
+prd              10.60.0.0/16
+prd-id           10.60.id.0/24
+prd-id-platform  10.60.id.0/25
+prd-id-customer  10.60.id.128/25
+
+# Cloud pricing November 2025
+
+- 1 VPC
+- 10 2vcpu/2gb VMs
+  - 500gb intra-vpc data transfer
+  - monitoring enabled
+- 1 NAT gateway
+  - 50gb data transfer
+- 2 public IPv4 address
+- eu hosting
+
+AWS:    $255/m
+DO:     $202/m
+VULTR:  $150
+
+# Design
+
+- flatcar + ipxe boot
+- custom iso

TODO.md

@@ -0,0 +1,8 @@
+# TODO
+
+[ ] snapshot
+[x] fix duplicate vpc issue
+[-] take a look at flatcar
+[ ] switch to ipxe boot (see https://github.com/vultr/packer-plugin-vultr/issues/197)
+[ ] switch to uv python
+[-] try other preseed.cfg's from the gist

build.sh

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+VULTR_API_KEY="G7QPY6RQR7TNU7G2WRVJYOQZCEOYXB23UB7Q"
+USER_DATA="$(cat user-data | base64 --wrap=0)"
+
+NEW_INSTANCE=$(jq --null-input --compact-output \
+  --arg user_data "${USER_DATA}" \
+  '{
+    "activation_email": true,
+    "region": "ams",
+    "plan": "vc2-1c-1gb",
+    "os_id": 2625,
+    "label": "debian",
+    "hostname": "debian",
+    "backups": "disabled",
+    "enable_ipv6": false,
+    "disable_public_ipv4": false,
+    "ddos_protection": false,
+    "user_data": $user_data,
+    "user_scheme": "root"
+    }')
+
+curl --silent 'https://api.vultr.com/v2/instances' \
+  --request POST \
+  --header "Authorization: Bearer ${VULTR_API_KEY}" \
+  --header 'Accept: application/json' \
+  --data "${NEW_INSTANCE}" | jq -r '.instance.id'

provision.yml

@@ -0,0 +1,6 @@
+- name: provision debian image
+  hosts: localhost
+  connection: local
+  
+  tasks:
+    - ping:

user-data

@@ -0,0 +1,32 @@
+#cloud-config
+users:
+- name: ghost
+  gecos: ghost
+  primary_group: ghost
+  groups: [users, sudo]
+  shell: /bin/bash
+  sudo: "ALL=(ALL) NOPASSWD:ALL"
+  ssh_authorized_keys:
+  - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHpi1yQ9KZWw6dIiYMkWdqTCgcP/4/s4wu8GWe3toIrz mail@svdb.co"
+ssh_pwauth: true
+
+hostname: debian
+
+package_reboot_if_required: true
+package_update: true
+package_upgrade: true
+packages:
+- pwgen
+- git
+
+ansible:
+  package_name: ansible-core
+  install_method: distro
+  pull:
+    url: https://sjaakvandenberg:glpat-LNODrGwGu_2_chfIeHhdPW86MQp1OjJscHIK.01.101c0efma@gitlab.com/svdb-it/infra.git
+    playbook_name: provision.yml
+
+run_cmd:
+- deluser --remove-all-files linuxuser
+- usermod --uid 1000 ghost
+- groupmod --gid 1000 ghost