From 05534234c776cbf58493b37bcbb6f02fcb9d63bb Mon Sep 17 00:00:00 2001 From: ducoterra Date: Fri, 11 Oct 2024 11:13:07 -0400 Subject: [PATCH] remove identifying data from route53 and ddns docs --- cloud/graduated/aws_iam/README.md | 4 +- cloud/graduated/aws_route53/README.md | 6 +- .../aws_route53/example-record-file.json | 31 ++++ cloud/graduated/aws_route53/reeseapps.json | 44 ------ cloud/graduated/aws_route53/reeselink.json | 148 ------------------ systemd/graduated/ddns/ddns.sh | 4 +- systemd/graduated/ddns/install_ddns.yaml | 5 +- .../ddns/record_template_example.json | 19 +++ .../ddns/reeseapps_record_template.json | 109 ------------- .../ddns/reeselink_record_template.json | 18 --- 10 files changed, 61 insertions(+), 327 deletions(-) create mode 100644 cloud/graduated/aws_route53/example-record-file.json delete mode 100644 cloud/graduated/aws_route53/reeseapps.json delete mode 100644 cloud/graduated/aws_route53/reeselink.json create mode 100644 systemd/graduated/ddns/record_template_example.json delete mode 100644 systemd/graduated/ddns/reeseapps_record_template.json delete mode 100644 systemd/graduated/ddns/reeselink_record_template.json diff --git a/cloud/graduated/aws_iam/README.md b/cloud/graduated/aws_iam/README.md index fb70681..17da9e2 100644 --- a/cloud/graduated/aws_iam/README.md +++ b/cloud/graduated/aws_iam/README.md @@ -8,10 +8,10 @@ aws iam create-user --user-name $AWS_USERNAME aws iam create-access-key --user-name $AWS_USERNAME # Allow updating reeseapps -aws iam attach-user-policy --user-name $AWS_USERNAME --policy-arn arn:aws:iam::892236928704:policy/update-reeseapps +aws iam attach-user-policy --user-name $AWS_USERNAME --policy-arn $(cat secrets/aws/update-reeseapps-iam-policy-arn) # Allow updating reeselink -aws iam attach-user-policy --user-name $AWS_USERNAME --policy-arn arn:aws:iam::892236928704:policy/update-reeselink +aws iam attach-user-policy --user-name $AWS_USERNAME --policy-arn $(cat secrets/aws/update-reeselink-iam-policy-arn) ``` ## AWS Certbot Route53 Policies diff --git a/cloud/graduated/aws_route53/README.md b/cloud/graduated/aws_route53/README.md index 7b88847..41155fa 100644 --- a/cloud/graduated/aws_route53/README.md +++ b/cloud/graduated/aws_route53/README.md @@ -17,12 +17,14 @@ convenience. ## Reeselink Addresses +See `example-record-file.json` for example contents of `file://secrets/aws/reeselink.json`. + ```bash -aws route53 change-resource-record-sets --hosted-zone-id Z0092652G7L97DSINN18 --change-batch file://cloud/graduated/aws_route53/reeselink.json +aws route53 change-resource-record-sets --hosted-zone-id $(cat secrets/aws/reeselink-zoneid) --change-batch file://secrets/aws/reeselink.json ``` ## Reeseapps Addresses ```bash -aws route53 change-resource-record-sets --hosted-zone-id Z012820733346FJ0U4FUF --change-batch file://cloud/graduated/aws_route53/reeseapps.json +aws route53 change-resource-record-sets --hosted-zone-id $(cat secrets/aws/reeseapps-zoneid) --change-batch file://secrets/aws/reeseapps.json ``` diff --git a/cloud/graduated/aws_route53/example-record-file.json b/cloud/graduated/aws_route53/example-record-file.json new file mode 100644 index 0000000..e4762fd --- /dev/null +++ b/cloud/graduated/aws_route53/example-record-file.json @@ -0,0 +1,31 @@ +{ + "Comment": "CREATE/UPSERT/DELETE a record ", + "Changes": [ + { + "Action": "UPSERT", + "ResourceRecordSet": { + "Name": "something.myhost.com", + "Type": "AAAA", + "TTL": 300, + "ResourceRecords": [ + { + "Value": "abcd:abcd:abcd:abcd:abcd:abcd:abcd:abcd" + } + ] + } + }, + { + "Action": "UPSERT", + "ResourceRecordSet": { + "Name": "another.myhost.com", + "Type": "AAAA", + "TTL": 300, + "ResourceRecords": [ + { + "Value": "c0de:c0de:c0de:c0de:c0de:c0de:c0de:c0de" + } + ] + } + } + ] +} diff --git a/cloud/graduated/aws_route53/reeseapps.json b/cloud/graduated/aws_route53/reeseapps.json deleted file mode 100644 index 55a87bd..0000000 --- a/cloud/graduated/aws_route53/reeseapps.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "Comment": "CREATE/UPSERT/DELETE a record ", - "Changes": [ - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "nextcloud.reeseapps.com", - "Type": "AAAA", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "2603:6013:3140:100:2a0:98ff:fe14:1bbd" - } - ] - } - }, - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "homeassistant.reeseapps.com", - "Type": "AAAA", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "2603:6013:3140:100:42:acff:fe1e:2101" - } - ] - } - }, - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "unifi-external.reeseapps.com", - "Type": "AAAA", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "2603:6013:3140:100:2a0:98ff:fe5e:edc3" - } - ] - } - } - ] -} diff --git a/cloud/graduated/aws_route53/reeselink.json b/cloud/graduated/aws_route53/reeselink.json deleted file mode 100644 index 498cd2f..0000000 --- a/cloud/graduated/aws_route53/reeselink.json +++ /dev/null @@ -1,148 +0,0 @@ -{ - "Comment": "CREATE/UPSERT/DELETE a record ", - "Changes": [ - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "kube.reeselink.com", - "Type": "AAAA", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "2603:6013:3140:100:2a0:98ff:fe39:9b5" - } - ] - } - }, - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "nextcloud.reeselink.com", - "Type": "AAAA", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "2603:6013:3140:100:2a0:98ff:fe14:1bbd" - } - ] - } - }, - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "homeassistant.reeselink.com", - "Type": "AAAA", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "2603:6013:3140:100:42:acff:fe1e:2101" - } - ] - } - }, - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "unifi-external.reeselink.com", - "Type": "AAAA", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "2603:6013:3140:100:2a0:98ff:fe5e:edc3" - } - ] - } - }, - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "driveripper.reeselink.com", - "Type": "AAAA", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "2603:6013:3140:100:94bb:b8ff:fe9f:1c63" - } - ] - } - }, - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "pivpn.reeselink.com", - "Type": "AAAA", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "2603:6013:3140:100:dea6:32ff:fe05:1722" - } - ] - } - }, - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "yellow.reeselink.com", - "Type": "AAAA", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "2603:6013:3140:100:664b:f0ff:fe14:dbd" - } - ] - } - }, - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "yellow.home.reeselink.com", - "Type": "AAAA", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "2603:6013:3140:103:664b:f0ff:fe14:dbd" - } - ] - } - }, - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "gamebox.reeselink.com", - "Type": "AAAA", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "2603:6013:3140:103:21b:21ff:fee4:941a" - } - ] - } - }, - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "freeipa.reeselink.com", - "Type": "AAAA", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "2603:6013:3140:100:2a0:98ff:fe20:c1c7" - } - ] - } - }, - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "wolf.reeselink.com", - "Type": "AAAA", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "2603:6013:3140:100:2a0:98ff:fe0b:8800" - } - ] - } - } - ] -} diff --git a/systemd/graduated/ddns/ddns.sh b/systemd/graduated/ddns/ddns.sh index 36eeb36..675e472 100755 --- a/systemd/graduated/ddns/ddns.sh +++ b/systemd/graduated/ddns/ddns.sh @@ -14,7 +14,7 @@ cat /etc/ddns/reeseapps_record_template.json \ > /etc/ddns/reeseapps_record.json # Update reeselink records -aws route53 change-resource-record-sets --hosted-zone-id Z0092652G7L97DSINN18 --change-batch file:///etc/ddns/reeselink_record.json +aws route53 change-resource-record-sets --hosted-zone-id {{ reeselink_zone_id }} --change-batch file:///etc/ddns/reeselink_record.json # Update reeseapps records -aws route53 change-resource-record-sets --hosted-zone-id Z012820733346FJ0U4FUF --change-batch file:///etc/ddns/reeseapps_record.json +aws route53 change-resource-record-sets --hosted-zone-id {{ reeseapps_zone_id }} --change-batch file:///etc/ddns/reeseapps_record.json diff --git a/systemd/graduated/ddns/install_ddns.yaml b/systemd/graduated/ddns/install_ddns.yaml index 7741a85..6daa132 100644 --- a/systemd/graduated/ddns/install_ddns.yaml +++ b/systemd/graduated/ddns/install_ddns.yaml @@ -2,6 +2,7 @@ hosts: yellow vars_files: - vars.yaml + - secrets/secret_vars.yaml tasks: - name: Ensure moreutils, jq is installed ansible.builtin.dnf: @@ -28,14 +29,14 @@ mode: '0755' - name: Copy reeseapps_record_template.json template: - src: reeseapps_record_template.json + src: secrets/reeseapps_record_template.json dest: /etc/ddns/reeseapps_record_template.json owner: root group: root mode: '0644' - name: Copy reeselink_record_template.json template: - src: reeselink_record_template.json + src: secrets/reeselink_record_template.json dest: /etc/ddns/reeselink_record_template.json owner: root group: root diff --git a/systemd/graduated/ddns/record_template_example.json b/systemd/graduated/ddns/record_template_example.json new file mode 100644 index 0000000..e238344 --- /dev/null +++ b/systemd/graduated/ddns/record_template_example.json @@ -0,0 +1,19 @@ +{ + "Comment": "Update Public IPV4 Address", + "Changes": [ + { + "Action": "UPSERT", + "ResourceRecordSet": { + "Name": "ipv4.myhost.com", + "Type": "A", + "TTL": 300, + "ResourceRecords": [ + { + "Value": "" + } + ] + } + } + ] + } + \ No newline at end of file diff --git a/systemd/graduated/ddns/reeseapps_record_template.json b/systemd/graduated/ddns/reeseapps_record_template.json deleted file mode 100644 index c4b6f3e..0000000 --- a/systemd/graduated/ddns/reeseapps_record_template.json +++ /dev/null @@ -1,109 +0,0 @@ -{ - "Comment": "Update Public IPV4 Address", - "Changes": [ - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "homeassistant.reeseapps.com", - "Type": "A", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "" - } - ] - } - }, - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "nextcloud.reeseapps.com", - "Type": "A", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "" - } - ] - } - }, - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "gitea.reeseapps.com", - "Type": "A", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "" - } - ] - } - }, - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "git.reeseapps.com", - "Type": "A", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "" - } - ] - } - }, - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "jellyfin.reeseapps.com", - "Type": "A", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "" - } - ] - } - }, - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "snapdrop.reeseapps.com", - "Type": "A", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "" - } - ] - } - }, - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "unifi.reeseapps.com", - "Type": "A", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "" - } - ] - } - }, - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "bitwarden.reeseapps.com", - "Type": "A", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "" - } - ] - } - } - ] -} diff --git a/systemd/graduated/ddns/reeselink_record_template.json b/systemd/graduated/ddns/reeselink_record_template.json deleted file mode 100644 index 17f95e6..0000000 --- a/systemd/graduated/ddns/reeselink_record_template.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "Comment": "Update Public IPV4 Address", - "Changes": [ - { - "Action": "UPSERT", - "ResourceRecordSet": { - "Name": "ipv4.reeselink.com", - "Type": "A", - "TTL": 300, - "ResourceRecords": [ - { - "Value": "" - } - ] - } - } - ] -}