-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathMakefile
More file actions
32 lines (24 loc) · 922 Bytes
/
Copy pathMakefile
File metadata and controls
32 lines (24 loc) · 922 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# hermes-stack
#
# Provision a hardened single-node host (Hetzner Cloud) and run services behind
# a Cloudflare Tunnel — no inbound HTTP ports, no public origin IP.
#
# Stack: Terraform (Hetzner) + Ansible (hardening, cloudflared, systemd units).
provision:
cd terraform && terraform init && terraform apply
destroy:
cd terraform && terraform destroy
configure:
cd ansible && ansible-playbook -i inventory.ini site.yml
# Configure with Cloudflare Tunnel enabled. Token must be exported.
configure-tunnel:
@test -n "$$CF_TUNNEL_TOKEN" || (echo "ERROR: export CF_TUNNEL_TOKEN first"; exit 1)
cd ansible && ansible-playbook -i inventory.ini site.yml \
-e cloudflare_tunnel_enabled=true
ssh:
@cd terraform && eval $$(terraform output -raw ssh_command)
ip:
@cd terraform && terraform output -raw server_ip
clean:
rm -f ansible/inventory.ini
.PHONY: provision destroy configure configure-tunnel ssh ip clean