From c56b545dbc14d58031ae67f2e2ad8a510c8fd233 Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Thu, 26 Jun 2025 22:59:08 +0100
Subject: [PATCH] Bootstrap base OS for grimes

---
 ansible/host_vars/grimes/main.yml  |  1 +
 ansible/host_vars/grimes/vault.yml |  9 +++++++++
 ansible/hosts                      |  1 +
 ansible/main.yml                   |  8 ++++++++
 terraform/grimes_vps.tf            | 10 +++++-----
 5 files changed, 24 insertions(+), 5 deletions(-)
 create mode 100644 ansible/host_vars/grimes/main.yml
 create mode 100644 ansible/host_vars/grimes/vault.yml

diff --git a/ansible/host_vars/grimes/main.yml b/ansible/host_vars/grimes/main.yml
new file mode 100644
index 0000000..c98a183
--- /dev/null
+++ b/ansible/host_vars/grimes/main.yml
@@ -0,0 +1 @@
+private_ip: "{{ ansible_tailscale0.ipv4.address }}"
diff --git a/ansible/host_vars/grimes/vault.yml b/ansible/host_vars/grimes/vault.yml
new file mode 100644
index 0000000..2e4c373
--- /dev/null
+++ b/ansible/host_vars/grimes/vault.yml
@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+30313034396335613163366262353432653866313736326465373434393936313261616138663562
+3439643161383263383230323935383332626137386137350a336530643861383133613234306566
+65393462363264663336666235336236353363303037356263303866663236383635303036346430
+3336653635336632310a343763383864346562326164613164663161616532343632383964303533
+33393435653632363931613034653161383862346464353634626265346435333630626635373263
+31656666316664343938306430613032613065656432373830386239646161343465396239623333
+39326338613533623466356636306137366162653736623066623631386564353062326166626535
+63376433316165373634
diff --git a/ansible/hosts b/ansible/hosts
index 16dd130..594edbd 100644
--- a/ansible/hosts
+++ b/ansible/hosts
@@ -1,5 +1,6 @@
 casey
 walker
+grimes
 
 pve
 tang
diff --git a/ansible/main.yml b/ansible/main.yml
index 96268a7..e5458ef 100644
--- a/ansible/main.yml
+++ b/ansible/main.yml
@@ -21,6 +21,7 @@
     - ingress
     - walker
     - tang
+    - grimes
   roles:
     - role: geerlingguy.ntp
       vars:
@@ -33,6 +34,7 @@
     - walker
     - renovate
     - gitea-runner
+    - grimes
   roles:
     - geerlingguy.docker
     - docker_cleanup
@@ -41,6 +43,7 @@
     - pve-docker
     - forrest
     - walker
+    - grimes
   roles:
     - db_auto_backup
 
@@ -53,6 +56,7 @@
     - ingress
     - walker
     - casey
+    - grimes
   become: false  # Forcefully run as current user
   roles:
     - artis3n.tailscale
@@ -132,3 +136,7 @@
     - adguardhome
     - prometheus.prometheus.node_exporter
     - restic
+
+- hosts: grimes
+  roles:
+    - prometheus.prometheus.node_exporter
diff --git a/terraform/grimes_vps.tf b/terraform/grimes_vps.tf
index 370c2a5..1b64f59 100644
--- a/terraform/grimes_vps.tf
+++ b/terraform/grimes_vps.tf
@@ -6,11 +6,11 @@ resource "hcloud_server" "grimes" {
   delete_protection  = true
   rebuild_protection = true
 
-  # firewall_ids = [
-  #   hcloud_firewall.base.id,
-  #   hcloud_firewall.tailscale.id,
-  #   hcloud_firewall.web.id,
-  # ]
+  firewall_ids = [
+    hcloud_firewall.base.id,
+    hcloud_firewall.tailscale.id,
+    hcloud_firewall.web.id,
+  ]
 }
 
 resource "hcloud_rdns" "grimes_reverse_ipv4" {