add nix flake for development
remove secret service usage with password in home dir replace hermes mounted dir with data disk pin terraform libvirt provider due to SSH issue hard-code ssh known host file
This commit is contained in:
parent
bb57d3573d
commit
788939d8cf
8 changed files with 122 additions and 12 deletions
1
.envrc
Normal file
1
.envrc
Normal file
|
@ -0,0 +1 @@
|
|||
use flake
|
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -34,3 +34,4 @@ override.tf.json
|
|||
terraform.rc
|
||||
.terraform.lock.hcl
|
||||
*.tfbackend
|
||||
.direnv
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
[defaults]
|
||||
roles_path=~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles:roles
|
||||
inventory=inventory
|
||||
vault_password_file=util/secret-service-client.sh
|
||||
vault_password_file=$HOME/.config/home/ansible-vault-secret
|
||||
interpreter_python=/usr/bin/python3
|
||||
host_key_checking = False
|
||||
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
pass=`secret-tool lookup ansible_vault hermes`
|
||||
retval=$?
|
||||
|
||||
if [ $retval -ne 0 ]; then
|
||||
read -s pass
|
||||
fi
|
||||
echo $pass
|
61
flake.lock
Normal file
61
flake.lock
Normal file
|
@ -0,0 +1,61 @@
|
|||
{
|
||||
"nodes": {
|
||||
"flake-utils": {
|
||||
"inputs": {
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1694529238,
|
||||
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1698266953,
|
||||
"narHash": "sha256-jf72t7pC8+8h8fUslUYbWTX5rKsRwOzRMX8jJsGqDXA=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "75a52265bda7fd25e06e3a67dee3f0354e73243c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixpkgs-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": "nixpkgs"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
"version": 7
|
||||
}
|
20
flake.nix
Normal file
20
flake.nix
Normal file
|
@ -0,0 +1,20 @@
|
|||
{
|
||||
description = "A basic flake with a shell";
|
||||
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
||||
inputs.flake-utils.url = "github:numtide/flake-utils";
|
||||
|
||||
outputs = { self, nixpkgs, flake-utils }:
|
||||
flake-utils.lib.eachDefaultSystem (system: let
|
||||
pkgs = nixpkgs.legacyPackages.${system};
|
||||
in {
|
||||
devShells.default = pkgs.mkShell {
|
||||
packages = with pkgs; [
|
||||
bashInteractive
|
||||
opentofu
|
||||
jq
|
||||
cdrtools
|
||||
ansible
|
||||
];
|
||||
};
|
||||
});
|
||||
}
|
31
terraform/data/main.tf
Normal file
31
terraform/data/main.tf
Normal file
|
@ -0,0 +1,31 @@
|
|||
terraform {
|
||||
backend "pg" {
|
||||
schema_name = "hermes-data"
|
||||
}
|
||||
|
||||
required_providers {
|
||||
libvirt = {
|
||||
source = "dmacvicar/libvirt"
|
||||
version = "0.7.1" # https://github.com/dmacvicar/terraform-provider-libvirt/issues/1040
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
provider "libvirt" {
|
||||
# https://libvirt.org/uri.html#libssh-and-libssh2-transport
|
||||
uri = "qemu+ssh://root@atlas.hyp/system?known_hosts=/etc/ssh/ssh_known_hosts"
|
||||
}
|
||||
|
||||
resource "libvirt_volume" "data" {
|
||||
name = "hermes-data"
|
||||
pool = "data"
|
||||
size = 1024 * 1024
|
||||
|
||||
lifecycle {
|
||||
prevent_destroy = true
|
||||
}
|
||||
}
|
||||
|
||||
output "data_disk_id" {
|
||||
value = libvirt_volume.data.id
|
||||
}
|
|
@ -6,6 +6,7 @@ terraform {
|
|||
required_providers {
|
||||
libvirt = {
|
||||
source = "dmacvicar/libvirt"
|
||||
version = "0.7.1" # https://github.com/dmacvicar/terraform-provider-libvirt/issues/1040
|
||||
}
|
||||
template = {
|
||||
source = "hashicorp/template"
|
||||
|
@ -14,7 +15,8 @@ terraform {
|
|||
}
|
||||
|
||||
provider "libvirt" {
|
||||
uri = "qemu+ssh://root@atlas.hyp/system"
|
||||
# https://libvirt.org/uri.html#libssh-and-libssh2-transport
|
||||
uri = "qemu+ssh://root@atlas.hyp/system?known_hosts=/etc/ssh/ssh_known_hosts"
|
||||
}
|
||||
|
||||
module "vm" {
|
||||
|
@ -24,5 +26,8 @@ module "vm" {
|
|||
fixed_address = "192.168.30.7/24"
|
||||
mac = "CA:FE:C0:FF:EE:07"
|
||||
fixed_dns = "192.168.30.1"
|
||||
hypervisor_host = "atlas.hyp"
|
||||
data_disk = "/kvm/data/hermes-data"
|
||||
insecure_password = true
|
||||
|
||||
# hypervisor_host = "atlas.hyp"
|
||||
}
|
||||
|
|
Reference in a new issue