-
Notifications
You must be signed in to change notification settings - Fork 0
/
DigitalOcean.tf
53 lines (49 loc) · 3.11 KB
/
DigitalOcean.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
provider "digitalocean" {
token = var.digitalocean_api_token
}
resource "digitalocean_droplet" "vpn-server" {
ssh_keys = [
for ssh_key in data.digitalocean_ssh_keys.keys.ssh_keys : ssh_key.id
]
image = var.image
region = var.network_location
size = "s-1vcpu-1gb"
backups = false
ipv6 = false
name = "${var.vpn_subdomain}.${var.domain_name}"
user_data = <<-EOF
#cloud-config
hostname: ${var.vpn_subdomain}.${var.domain_name}
fqdn: ${var.vpn_subdomain}.${var.domain_name}
runcmd:
- echo 'apt update && apt -y install ca-certificates wget net-tools gnupg' >> /root/install.sh
- echo 'wget https://as-repository.openvpn.net/as-repo-public.asc -qO /etc/apt/trusted.gpg.d/as-repository.asc' >> /root/install.sh
- echo 'echo "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/as-repository.asc] http://as-repository.openvpn.net/as/debian jammy main">/etc/apt/sources.list.d/openvpn-as-repo.list' >> /root/install.sh
- echo 'apt update && apt -y install openvpn-as' >> /root/install.sh
- echo 'git clone https://github.com/acmesh-official/acme.sh.git /root/acme.sh' >> /root/install.sh
- echo 'cd /root/acme.sh' >> /root/install.sh
- echo "sh acme.sh --install -m ${var.cloudflare_email}" >> /root/install.sh
- echo 'echo "export CF_Key=${var.cloudflare_api_key}" >> /root/.acme.sh/account.conf' >> /root/install.sh
- echo 'echo "export CF_Email=${var.cloudflare_email}" >> /root/.acme.sh/account.conf' >> /root/install.sh
- echo 'echo "export SAVED_CF_Key=${var.cloudflare_api_key}" >> /root/.acme.sh/account.conf' >> /root/install.sh
- echo 'echo "export SAVED_CF_Email=${var.cloudflare_email}" >> /root/.acme.sh/account.conf' >> /root/install.sh
- echo 'sh /root/.acme.sh/acme.sh --issue -d "${var.domain_name}" -d "*.${var.domain_name}" -k 4096 --dns dns_cf --server https://acme-v02.api.letsencrypt.org/directory --force' >> /root/install.sh
- echo '/usr/local/openvpn_as/scripts/confdba -mk cs.ca_bundle -v "`cat /root/.acme.sh/${var.domain_name}/ca.cer`" > /dev/null' >> /root/install.sh
- echo '/usr/local/openvpn_as/scripts/confdba -mk cs.priv_key -v "`cat /root/.acme.sh/${var.domain_name}/${var.domain_name}.key`" > /dev/null' >> /root/install.sh
- echo '/usr/local/openvpn_as/scripts/confdba -mk cs.cert -v "`cat /root/.acme.sh/${var.domain_name}/${var.domain_name}.cer`" > /dev/null' >> /root/install.sh
- echo "/usr/local/openvpn_as/scripts/sacli --user 'openvpn' --new_pass '${var.openvpn_password}' SetLocalPassword" >> /root/install.sh
- echo '/usr/local/openvpn_as/scripts/sacli -k "host.name" -v "${var.vpn_subdomain}.${var.domain_name}" configPut' >> /root/install.sh
- echo 'systemctl restart openvpnas' >> /root/install.sh
- echo 'nameserver 94.140.14.14' > /etc/resolv.conf
- echo 'nameserver 94.140.14.15' >> /etc/resolv.conf
EOF
connection {
host = self.ipv4_address
type = "ssh"
private_key = file("~/.ssh/id_rsa")
user = "root"
timeout = "2m"
}
}
data "digitalocean_ssh_keys" "keys" {
}