move to project lifecycle structure

2024-07-21 02:20:48 -04:00
parent fd1fde499d
commit e6aff894e8
121 changed files with 6234 additions and 196 deletions
--- a/cloud/graduated/aws_iam/README.md
+++ b/cloud/graduated/aws_iam/README.md
@@ -0,0 +1,57 @@
+# AWS Credentials
+
+## Credential Generation
+
+```bash
+export AWS_USERNAME=
+aws iam create-user --user-name $AWS_USERNAME
+aws iam create-access-key --user-name $AWS_USERNAME
+
+# Allow updating reeseapps
+aws iam attach-user-policy --user-name $AWS_USERNAME --policy-arn arn:aws:iam::892236928704:policy/update-reeseapps
+
+# Allow updating reeselink
+aws iam attach-user-policy --user-name $AWS_USERNAME --policy-arn arn:aws:iam::892236928704:policy/update-reeselink
+```
+
+## AWS Certbot Route53 Policies
+
+Example Policy:
+
+secrets/aws/policies/route53_reeselink.json
+
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "route53:ListHostedZones",
+                "route53:GetChange"
+            ],
+            "Resource": [
+                "*"
+            ]
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "route53:ChangeResourceRecordSets",
+                "route53:ListResourceRecordSets"
+            ],
+            "Resource": [
+                "arn:aws:route53:::hostedzone/<zone_id>"
+            ]
+        }
+    ]
+}
+```
+
+```bash
+# Allow updating route53 records for reeselink.com
+aws iam create-policy --policy-name update-reeselink --policy-document file://secrets/aws/policies/route53_reeselink.json
+
+# Allow updating route53 records for reeseapps.com
+aws iam create-policy --policy-name update-reeseapps --policy-document file://secrets/aws/policies/route53_reeseapps.json
+```
--- a/cloud/graduated/aws_route53/README.md
+++ b/cloud/graduated/aws_route53/README.md
@@ -0,0 +1,28 @@
+# Network Management
+
+- [Network Management](#network-management)
+  - [Reeseapps vs Reeselink](#reeseapps-vs-reeselink)
+  - [Reeselink Addresses](#reeselink-addresses)
+  - [Reeseapps Addresses](#reeseapps-addresses)
+
+## Reeseapps vs Reeselink
+
+.reeseapps domains are for hosted service that do something. They are usually accessible via the
+web and are usually public. Web apps, Minecraft servers, other game servers, etc. are all reeseapps
+domains.
+
+.reeselink domains are for linking machines together. They are for SSH, Cockpit, NFS, SMB, ISCSI,
+and other machine to machine connections. They can be public or private and are mostly for
+convenience.
+
+## Reeselink Addresses
+
+```bash
+aws route53 change-resource-record-sets --hosted-zone-id Z0092652G7L97DSINN18 --change-batch file://dns/reeselink.json
+```
+
+## Reeseapps Addresses
+
+```bash
+aws route53 change-resource-record-sets --hosted-zone-id Z012820733346FJ0U4FUF --change-batch file://dns/reeseapps.json
+```
--- a/cloud/graduated/aws_route53/reeseapps.json
+++ b/cloud/graduated/aws_route53/reeseapps.json
@@ -0,0 +1,44 @@
+{
+    "Comment": "CREATE/UPSERT/DELETE a record ",
+    "Changes": [
+        {
+            "Action": "UPSERT",
+            "ResourceRecordSet": {
+                "Name": "nextcloud.reeseapps.com",
+                "Type": "AAAA",
+                "TTL": 300,
+                "ResourceRecords": [
+                    {
+                        "Value": "2603:6013:3140:100:2a0:98ff:fe14:1bbd"
+                    }
+                ]
+            }
+        },
+        {
+            "Action": "UPSERT",
+            "ResourceRecordSet": {
+                "Name": "homeassistant.reeseapps.com",
+                "Type": "AAAA",
+                "TTL": 300,
+                "ResourceRecords": [
+                    {
+                        "Value": "2603:6013:3140:100:42:acff:fe1e:2101"
+                    }
+                ]
+            }
+        },
+        {
+            "Action": "UPSERT",
+            "ResourceRecordSet": {
+                "Name": "unifi-external.reeseapps.com",
+                "Type": "AAAA",
+                "TTL": 300,
+                "ResourceRecords": [
+                    {
+                        "Value": "2603:6013:3140:100:2a0:98ff:fe5e:edc3"
+                    }
+                ]
+            }
+        }
+    ]
+}
--- a/cloud/graduated/aws_route53/reeselink.json
+++ b/cloud/graduated/aws_route53/reeselink.json
@@ -0,0 +1,109 @@
+{
+    "Comment": "CREATE/UPSERT/DELETE a record ",
+    "Changes": [
+        {
+            "Action": "UPSERT",
+            "ResourceRecordSet": {
+                "Name": "kube.reeselink.com",
+                "Type": "AAAA",
+                "TTL": 300,
+                "ResourceRecords": [
+                    {
+                        "Value": "2603:6013:3140:100:2a0:98ff:fe39:9b5"
+                    }
+                ]
+            }
+        },
+        {
+            "Action": "UPSERT",
+            "ResourceRecordSet": {
+                "Name": "nextcloud.reeselink.com",
+                "Type": "AAAA",
+                "TTL": 300,
+                "ResourceRecords": [
+                    {
+                        "Value": "2603:6013:3140:100:2a0:98ff:fe14:1bbd"
+                    }
+                ]
+            }
+        },
+        {
+            "Action": "UPSERT",
+            "ResourceRecordSet": {
+                "Name": "homeassistant.reeselink.com",
+                "Type": "AAAA",
+                "TTL": 300,
+                "ResourceRecords": [
+                    {
+                        "Value": "2603:6013:3140:100:42:acff:fe1e:2101"
+                    }
+                ]
+            }
+        },
+        {
+            "Action": "UPSERT",
+            "ResourceRecordSet": {
+                "Name": "unifi-external.reeselink.com",
+                "Type": "AAAA",
+                "TTL": 300,
+                "ResourceRecords": [
+                    {
+                        "Value": "2603:6013:3140:100:2a0:98ff:fe5e:edc3"
+                    }
+                ]
+            }
+        },
+        {
+            "Action": "UPSERT",
+            "ResourceRecordSet": {
+                "Name": "driveripper.reeselink.com",
+                "Type": "AAAA",
+                "TTL": 300,
+                "ResourceRecords": [
+                    {
+                        "Value": "2603:6013:3140:100:94bb:b8ff:fe9f:1c63"
+                    }
+                ]
+            }
+        },
+        {
+            "Action": "UPSERT",
+            "ResourceRecordSet": {
+                "Name": "pivpn.reeselink.com",
+                "Type": "AAAA",
+                "TTL": 300,
+                "ResourceRecords": [
+                    {
+                        "Value": "2603:6013:3140:100:dea6:32ff:fe05:1722"
+                    }
+                ]
+            }
+        },
+        {
+            "Action": "UPSERT",
+            "ResourceRecordSet": {
+                "Name": "yellow.reeselink.com",
+                "Type": "AAAA",
+                "TTL": 300,
+                "ResourceRecords": [
+                    {
+                        "Value": "2603:6013:3140:100:664b:f0ff:fe14:dbd"
+                    }
+                ]
+            }
+        },
+        {
+            "Action": "UPSERT",
+            "ResourceRecordSet": {
+                "Name": "gamebox.reeselink.com",
+                "Type": "AAAA",
+                "TTL": 300,
+                "ResourceRecords": [
+                    {
+                        "Value": "2603:6013:3140:103:7656:3cff:febd:1df8"
+                    }
+                ]
+            }
+        }
+    ]
+}