Formatting and cleanup

host.tf

@@ -2,16 +2,13 @@ data "http" "ipify" {
   url = "https://api.ipify.org"
 }
 
-resource "aws_security_group" "traccar_host_security_group" {
+resource "aws_security_group" "traccar_server_security_group" {
   name = "traccar"
-
-  tags = {
-    Name = "traccar"
-  }
+  tags = var.aws_tags
 }
 
 resource "aws_vpc_security_group_ingress_rule" "allow_teltonika_ipv4_tls" {
-  security_group_id = aws_security_group.traccar_host_security_group.id
+  security_group_id = aws_security_group.traccar_server_security_group.id
   cidr_ipv4         = "0.0.0.0/0"
   from_port         = 5200
   to_port           = 5200
@@ -20,85 +17,76 @@ resource "aws_vpc_security_group_ingress_rule" "allow_teltonika_ipv4_tls" {
 
 # https://github.com/tailscale/tailscale/issues/12409
 resource "aws_vpc_security_group_ingress_rule" "allow_ssh" {
-  security_group_id = aws_security_group.traccar_host_security_group.id
+  security_group_id = aws_security_group.traccar_server_security_group.id
   cidr_ipv4         = "${data.http.ipify.response_body}/32"
   from_port         = 22
   to_port           = 22
   ip_protocol       = "tcp"
 }
 
 resource "aws_vpc_security_group_egress_rule" "allow_all_traffic_ipv4" {
-  security_group_id = aws_security_group.traccar_host_security_group.id
+  security_group_id = aws_security_group.traccar_server_security_group.id
   cidr_ipv4         = "0.0.0.0/0"
   ip_protocol       = "-1"
 }
 
 resource "aws_vpc_security_group_egress_rule" "allow_all_traffic_ipv6" {
-  security_group_id = aws_security_group.traccar_host_security_group.id
+  security_group_id = aws_security_group.traccar_server_security_group.id
   cidr_ipv6         = "::/0"
   ip_protocol       = "-1"
 }
 
 resource "aws_ebs_volume" "traccar_storage" {
-  availability_zone = var.availability_zone
-  size              = var.storage_volume_size
+  availability_zone = var.aws_availability_zone
+  size              = var.aws_storage_volume_size
   encrypted         = true
-
-  tags = {
-    Name = "traccar"
-  }
+  tags              = var.aws_tags
 
   lifecycle {
     prevent_destroy = true
   }
 }
 
-resource "tailscale_tailnet_key" "traccar_host_key" {
+resource "tailscale_tailnet_key" "traccar_server_key" {
   reusable            = true
   ephemeral           = true
   preauthorized       = true
   recreate_if_invalid = "always"
   expiry              = 3600
-  description         = "Traccar host key"
+  description         = "Traccar server key"
   tags                = var.tailscale_tags
 }
 
-resource "aws_instance" "traccar_host_instance" {
-  # Ubuntu 24.04 arm64 ap-southeast-2
-  ami                         = var.ami
-  availability_zone           = var.availability_zone
-  instance_type               = var.instance_type
-  security_groups             = [aws_security_group.traccar_host_security_group.name]
-  key_name                    = var.ssh_key_name
+resource "aws_instance" "traccar_server_instance" {
+  ami                         = var.aws_ami
+  availability_zone           = var.aws_availability_zone
+  instance_type               = var.aws_instance_type
+  security_groups             = [aws_security_group.traccar_server_security_group.name]
+  key_name                    = var.aws_ssh_key_name
   associate_public_ip_address = true
   user_data_replace_on_change = true
+  volume_tags                 = var.aws_tags
+  tags                        = var.aws_tags
 
   user_data = templatefile(
-    "${path.module}/setup-host.bash",
+    "${path.module}/setup-server.bash",
     {
-      tailscale_authkey   = tailscale_tailnet_key.traccar_host_key.key
-      storage_volume_size = var.storage_volume_size
+      tailscale_authkey   = tailscale_tailnet_key.traccar_server_key.key
+      tailscale_hostname  = var.tailscale_hostname
+      storage_volume_size = var.aws_storage_volume_size
     }
   )
 
   root_block_device {
     encrypted   = true
-    volume_size = var.root_volume_size
-  }
-
-  volume_tags = {
-    Name = "traccar"
-  }
-
-  tags = {
-    Name = "traccar"
+    volume_size = var.aws_root_volume_size
   }
 }
 
-resource "aws_volume_attachment" "traccar_host_storage_ebs_attachment" {
+resource "aws_volume_attachment" "traccar_server_storage_ebs_attachment" {
   device_name                    = "/dev/sdf"
   volume_id                      = aws_ebs_volume.traccar_storage.id
-  instance_id                    = aws_instance.traccar_host_instance.id
+  instance_id                    = aws_instance.traccar_server_instance.id
   stop_instance_before_detaching = true
 }
 

scripts/create-podman-connection

@@ -4,15 +4,15 @@ cd "$(dirname "${BASH_SOURCE[0]}")/.."
 
 source scripts/utils.bash
 echo "--> Starting create-podman-connection"
-echo "--> Creating podman connection to traccar host"
+echo "--> Creating podman connection to traccar server"
 # https://github.com/tailscale/tailscale/issues/12409
-traccar_host_ip=$(_ssh curl --silent api.ipify.org)
+traccar_server_ip=$(_ssh curl --silent api.ipify.org)
 podman system connection remove traccar
 # Assumes ssh-agent contains key
 podman \
   system \
   connection \
   add \
   traccar \
-  "ssh://ubuntu@${traccar_host_ip}/run/user/1000/podman/podman.sock"
+  "ssh://ubuntu@${traccar_server_ip}/run/user/1000/podman/podman.sock"
 echo "--> Completed create-podman-connection"

scripts/deploy-secrets

@@ -3,8 +3,8 @@ set -euo pipefail
 cd "$(dirname "${BASH_SOURCE[0]}")/.."
 
 source scripts/utils.bash
-echo "--> Starting play-secrets"
+echo "--> Starting deploy-secrets"
 for secret in out/kube/*; do
   _podman kube play --quiet "${secret}"
 done
-echo "--> Completed play-secrets"
+echo "--> Completed deploy-secrets"

scripts/lint-shell-scripts

@@ -2,6 +2,6 @@
 set -euo pipefail
 cd "$(dirname "${BASH_SOURCE[0]}")/.."
 
-shellcheck --exclude=SC1091 setup-host.bash
+shellcheck --exclude=SC1091 setup-server.bash
 find scripts -type f -exec shellcheck --exclude=SC1091 {} \;
 shfmt -d .

scripts/taint-server

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+cd "$(dirname "${BASH_SOURCE[0]}")/.."
+
+source scripts/utils.bash
+echo "--> Starting taint-server"
+terraform taint aws_instance.traccar_server_instance
+echo "--> Completed taint-server"

setup-host.bash → setup-server.bash

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
-echo "-- Beginning Traccar host setup script"
+echo "-- Beginning Traccar server setup script"
 
 echo "--> Update and upgrade packages"
 apt-get --quiet --yes remove snapd
@@ -26,7 +26,7 @@ sysctl --load=/etc/sysctl.d/99-tailscale.conf
 tailscale \
   up \
   --authkey="${tailscale_authkey}" \
-  --hostname="traccar" \
+  --hostname="${tailscale_hostname}" \
   --ssh=true
 tailscale serve --bg 8082
 
@@ -107,4 +107,4 @@ chown ubuntu:ubuntu --recursive /home/ubuntu/.config/containers/systemd
 systemctl --machine=ubuntu@ --user daemon-reload
 systemctl --machine=ubuntu@ --user start traccar || true
 
-echo "-- Completed Traccar host setup script"
+echo "-- Completed Traccar server setup script"

vars.tf

@@ -1,36 +1,49 @@
-variable "ami" {
-  type    = string
+variable "aws_tags" {
+  type = map(any)
+  default = {
+    Name = "traccar"
+  }
+}
+
+variable "aws_ami" {
+  type = string
+  # Ubuntu 24.04 arm64 ap-southeast-2
   default = "ami-0e86a390303d8b431"
 }
 
-variable "instance_type" {
+variable "aws_instance_type" {
   type    = string
   default = "t4g.nano"
 }
 
-variable "availability_zone" {
+variable "aws_availability_zone" {
   type    = string
   default = "ap-southeast-2a"
 }
 
-variable "root_volume_size" {
+variable "aws_root_volume_size" {
   type    = number
   default = 8
 }
 
-variable "storage_volume_size" {
+variable "aws_storage_volume_size" {
   type    = number
   default = 16
 }
 
-variable "ssh_key_name" {
+variable "aws_ssh_key_name" {
   type = string
 }
 
 variable "tailscale_tags" {
   type = list(string)
 }
 
+variable "tailscale_hostname" {
+  type    = string
+  default = "traccar"
+}
+
 variable "cert_common_name" {
   type = string
 }