mirrors/khuedoan-homelab
1
0
Fork 0
mirror of https://github.com/khuedoan/homelab.git synced 2025-07-31 15:19:35 +07:00
Code Issues Packages Projects Releases Wiki Activity

Use VM for VPN instance

Browse Source 
Due to CentOS 8 kernel
This commit is contained in:
Khue Doan
2021-05-01 15:39:10 +07:00
parent 06143f2798
commit 0fc931e62e
4 changed files with 19 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docs/todo.md
View File

@ -1,7 +1,8 @@
# TODO
- [(optimize) DRY master and worker definition](../infra/cluster.tf#L88)
- [(bug) should be posible to put it in the profile instead lxd_profile.kubenode.config](../infra/cluster.tf#L98)
- [Apply LXD VMs in parallel github.com/](../infra/Makefile#L12)
- [(optimize) DRY master and worker definition](../infra/cluster.tf#L89)
- [(bug) should be posible to put it in the profile instead lxd_profile.kubenode.config, and make it a variable](../infra/cluster.tf#L100)
- [use ./values/metallb.yaml for this](../infra/modules/kubernetes-cluster-bootstrap/main.tf#L12)
- [(optimize) should cert manager be part of bootstrap?](../infra/modules/kubernetes-cluster-bootstrap/main.tf#L33)
- [use ./values/cert-manager.yaml for this](../infra/modules/kubernetes-cluster-bootstrap/main.tf#L43)
@ -10,6 +11,8 @@
- [HA Vault](../infra/modules/kubernetes-cluster-bootstrap/main.tf#L91)
- [Auto unseal Vault](../infra/modules/kubernetes-cluster-bootstrap/main.tf#L92)
- [automatic ingress and tunnel for all services](../infra/modules/kubernetes-cluster-bootstrap/main.tf#L95)
- [Upgrade hosts kernel to use Wireguard in container](../infra/modules/vpn/main.tf#L15)
- [make parent interface a variable](../infra/modules/vpn/main.tf#L38)
- [Generate endpoint automatically (terragrunt for variable)](../infra/terraform.tf#L2)
- [convert to YAML for Terraform yamldecode](../metal/hosts.ini#L1)
- [Optimize SELinux](../metal/roles/lxd/tasks/main.yml#L1)

11
infra/modules/vpn/ansible/main.yml
View File

@ -1,4 +1,11 @@
- hosts: all
gather_facts: no
tasks:
- name: Ping
ansible.builtin.ping:
- name: Wait for SSH connection
wait_for_connection:
delay: 10
- hosts: all
become: yes
roles:
- name: wireguard

4
infra/modules/vpn/ansible/roles/wireguard/tasks/main.yml Normal file
View File

@ -0,0 +1,4 @@
- name: Install Wireguard
apt:
name: wireguard
update_cache: yes

1
infra/modules/vpn/main.tf
View File

@ -12,6 +12,7 @@ resource "local_file" "ssh_private_key" {
resource "lxd_container" "vpn" {
name = "vpn"
image = "ubuntu:20.04"
type = "virtual-machine" # TODO Upgrade hosts kernel to use Wireguard in container
ephemeral = false
config = {