traefik routes cacheable content to varnish.

Web & varnish IP addresses generated to group vars from pulumi state
2026-01-18 14:55:31 +00:00 · 2026-01-04 17:08:00 +01:00
parent 6fc2e818e4
commit 58d495350f
6 changed files with 213 additions and 37 deletions
--- a/ansible/scripts/generate-inventory.sh
+++ b/ansible/scripts/generate-inventory.sh
@@ -0,0 +1,43 @@
+#!/usr/local/bin/bash
+#
+# Usage: ./scripts/generate-inventory.sh | pbcopy
+
+cd ../hetzner-pulumi
+pulumi stack output --json | jq -r '
+  # extract dc (nbg / va) positionally from hostname
+  def dc:
+    (.name | capture("-(?<dc>nbg|hel|ash|va)[0-9]*-").dc);
+
+  def region:
+    if dc == "nbg" then "eu" else "us" end;
+
+  def pad($n):
+    tostring as $s
+    | ($n - ($s|length)) as $k
+    | if $k > 0 then ($s + (" " * $k)) else $s end;
+
+  .inventory.vms
+  | map({
+      region: region,
+      role:   (.name | split("-")[0]),
+      idx:    (.name | capture("-(?<n>[0-9]+)$").n),
+      ip:     .publicIpv4,
+      dc:     dc
+    })
+  | group_by(.region)
+  | .[]
+  | .[0].region as $r
+  | "[\($r)]",
+    (
+      sort_by(.role, (.idx | tonumber))
+      | .[]
+      | (
+          ("\(.role)-\(.dc)-\(.idx)" | pad(15)) +
+          ("ansible_host=\(.ip)"     | pad(30)) +
+          ("ansible_port=22"         | pad(18)) +
+          "ansible_user=root"
+        )
+    ),
+    ""
+'
+
--- a/ansible/scripts/update-config_certbot-domains.sh
+++ b/ansible/scripts/update-config_certbot-domains.sh
@@ -0,0 +1,14 @@
+#!/usr/local/bin/bash
+#
+# Usage: ./scripts/update-config_certbot-domains.sh | pbcopy
+
+CERTBOT_EXPORT_KEY=certbot_cloudflare_domains
+
+EXPORT_VARIABLES="$(pwd)/group_vars/haproxy.yml"
+yq -i 'del(.certbot_cloudflare_domains)' $EXPORT_VARIABLES
+
+cd ../hetzner-pulumi
+pulumi stack output --json | jq -r --arg key $CERTBOT_EXPORT_KEY '
+  ($key + ":\n") +
+  (.inventory.domains | map("  - " + .) | join("\n"))
+' >> $EXPORT_VARIABLES
--- a/ansible/scripts/update-config_varnish-ips.sh
+++ b/ansible/scripts/update-config_varnish-ips.sh
@@ -0,0 +1,20 @@
+#!/usr/local/bin/bash
+#
+# Usage: ./scripts/update-config_varnishserver-ips.sh
+
+IP_EXPORT_KEY=haproxy_varnish_ip
+ANSIBLE_DIR="$(pwd)"
+PULIMI_DIR="$(pwd)/../hetzner-pulumi"
+
+EXPORT_VARIABLES="$(pwd)/group_vars/haproxy.yml"
+yq -i 'del(.haproxy_varnish_ip)' $EXPORT_VARIABLES
+
+cd $PULIMI_DIR
+pulumi stack output --json | jq -r --arg key $IP_EXPORT_KEY '
+  def varnish_private_ips:
+    .inventory.vms
+    | map(select(.name | startswith("varnish")) | .privateIp);
+
+  ($key + ":\n") +
+  (varnish_private_ips | map("  - " + .) | join("\n"))
+' >> $EXPORT_VARIABLES
--- a/ansible/scripts/update-config_webserver-ips.sh
+++ b/ansible/scripts/update-config_webserver-ips.sh
@@ -0,0 +1,35 @@
+#!/usr/local/bin/bash
+#
+# Usage: ./scripts/update-config_webserver-ips.sh
+
+IP_EXPORT_KEY=haproxy_traefik_ip
+ANSIBLE_DIR="$(pwd)"
+PULIMI_DIR="$(pwd)/../hetzner-pulumi"
+
+EXPORT_VARIABLES="$(pwd)/group_vars/haproxy.yml"
+yq -i 'del(.haproxy_traefik_ip)' $EXPORT_VARIABLES
+
+cd ../hetzner-pulumi
+pulumi stack output --json | jq -r --arg key $IP_EXPORT_KEY '
+  def web_private_ips:
+    .inventory.vms
+    | map(select(.name | startswith("web")) | .privateIp);
+
+  ($key + ":\n") +
+  (web_private_ips | map("  - " + .) | join("\n"))
+' >> $EXPORT_VARIABLES
+
+cd $ANSIBLE_DIR
+EXPORT_VARIABLES="$(pwd)/group_vars/varnish.yml"
+yq -i 'del(.haproxy_traefik_ip)' $EXPORT_VARIABLES
+
+cd $PULIMI_DIR
+pulumi stack output --json | jq -r --arg key $IP_EXPORT_KEY '
+  def varnish_private_ips:
+    .inventory.vms
+    | map(select(.name | startswith("web")) | .privateIp);
+
+  ($key + ":\n") +
+  (varnish_private_ips | map("  - " + .) | join("\n"))
+' >> $EXPORT_VARIABLES
+