From 2c751cf51c943d8e271edb8279b0b8b8f4e59121 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Thu, 18 May 2023 00:46:45 +0200
Subject: [PATCH] add lewis as hypervisor change borg notification urls

---
 ansible/hypervisors.yml                       |  3 +
 .../inventory/host_vars/jefke/wireguard.yml   | 18 ------
 ansible/inventory/host_vars/lewis/apt.yml     |  5 ++
 .../host_vars/lewis/ssh_certificates.yml      | 12 ++++
 ansible/inventory/hosts.yml                   |  2 +
 ansible/roles/borg/vars/main.yml              |  2 +-
 terraform/main.tf                             | 61 +++++++++++++++++++
 7 files changed, 84 insertions(+), 19 deletions(-)
 delete mode 100644 ansible/inventory/host_vars/jefke/wireguard.yml
 create mode 100644 ansible/inventory/host_vars/lewis/apt.yml
 create mode 100644 ansible/inventory/host_vars/lewis/ssh_certificates.yml

diff --git a/ansible/hypervisors.yml b/ansible/hypervisors.yml
index 2193e68..c29dfa0 100644
--- a/ansible/hypervisors.yml
+++ b/ansible/hypervisors.yml
@@ -52,4 +52,7 @@
   roles:
     - {role: ssh_ca_known_hosts, tags: ssh_ca_known_hosts}
     - {role: deploy_ssh_certificates, tags: deploy_ssh_certificates}
+
+- hosts: atlas, jefke
+  roles:
     - {role: borg, tags: borg}
diff --git a/ansible/inventory/host_vars/jefke/wireguard.yml b/ansible/inventory/host_vars/jefke/wireguard.yml
deleted file mode 100644
index de09195..0000000
--- a/ansible/inventory/host_vars/jefke/wireguard.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-wireguard_addresses:
-  - "10.42.1.1/32"
-wireguard_endpoint: "jefke.hyp"
-wireguard_private_key: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  36376161636365313033613362336239656164643430306437393866353036303938616136613933
-  6333613866643139653130393532613838353031613562350a663664633033353364303035353131
-  66363439353537323636313466303236393530653938393838373837366436316665343831623934
-  3234363066366235300a346636613930346466643566666265613733343266613030613765313161
-  63343133646566623264393533613733363735666432396366623737306232303761366465306164
-  3937653537316461376263613338373439313531383961623333
-wireguard_unmanaged_peers:
-  pim:
-    public_key: "xQ1hkwpIf5x7Wkx1leQHXx3RK8fjGWt2ZmG9XUN3V08="
-    allowed_ips: "10.42.1.2/32"
-  niels:
-    public_key: "WJO/DQUJyDp4rFW291F2Ai51lotU2IC+OATu+5P3Jio="
-    allowed_ips: "10.42.1.3/32"
diff --git a/ansible/inventory/host_vars/lewis/apt.yml b/ansible/inventory/host_vars/lewis/apt.yml
new file mode 100644
index 0000000..b1297d2
--- /dev/null
+++ b/ansible/inventory/host_vars/lewis/apt.yml
@@ -0,0 +1,5 @@
+apt_install_packages:
+  - qemu-kvm
+  - libvirt-daemon-system
+  - sudo
+  - bridge-utils
diff --git a/ansible/inventory/host_vars/lewis/ssh_certificates.yml b/ansible/inventory/host_vars/lewis/ssh_certificates.yml
new file mode 100644
index 0000000..a3759dd
--- /dev/null
+++ b/ansible/inventory/host_vars/lewis/ssh_certificates.yml
@@ -0,0 +1,12 @@
+deploy_ssh_certificates:
+  - name: ssh_user_ed25519_key
+    type: user
+    key_type: ed25519
+    signing_key: hyp_user
+    host: lewis.hyp
+    principals: hypervisor
+  - name: ssh_host_ed25519_key
+    type: host
+    key_type: ed25519
+    signing_key: hyp_host
+    host: lewis.hyp
diff --git a/ansible/inventory/hosts.yml b/ansible/inventory/hosts.yml
index bd1f90b..28e93c4 100644
--- a/ansible/inventory/hosts.yml
+++ b/ansible/inventory/hosts.yml
@@ -6,3 +6,5 @@ all:
           ansible_host: atlas.hyp
         jefke:
           ansible_host: jefke.hyp
+        lewis:
+          ansible_host: lewis.hyp
diff --git a/ansible/roles/borg/vars/main.yml b/ansible/roles/borg/vars/main.yml
index 8a5d822..ce7e3dd 100644
--- a/ansible/roles/borg/vars/main.yml
+++ b/ansible/roles/borg/vars/main.yml
@@ -1 +1 @@
-apprise_url: 'apprises://apprise.pim.kunis.nl:444/backups'
+apprise_url: 'apprise:/192.168.30.9:3003/backups'
diff --git a/terraform/main.tf b/terraform/main.tf
index 805ded6..617e10c 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -20,6 +20,11 @@ provider "libvirt" {
   uri = "qemu+ssh://root@jefke.hyp/system"
 }
 
+provider "libvirt" {
+  alias = "lewis"
+  uri = "qemu+ssh://root@lewis.hyp/system"
+}
+
 resource "libvirt_pool" "iso" {
   name = "iso"
   type = "dir"
@@ -124,3 +129,59 @@ resource "libvirt_network" "dmzbr_jefke" {
   autostart = true
   provider = libvirt.jefke
 }
+
+resource "libvirt_pool" "iso_lewis" {
+  name = "iso"
+  type = "dir"
+  path = "/kvm/iso"
+  provider = libvirt.lewis
+}
+
+resource "libvirt_pool" "disk_lewis" {
+  name = "disk"
+  type = "dir"
+  path = "/kvm/disk"
+  provider = libvirt.lewis
+}
+
+resource "libvirt_pool" "init_lewis" {
+  name = "init"
+  type = "dir"
+  path = "/kvm/init"
+  provider = libvirt.lewis
+}
+
+resource "libvirt_volume" "ubuntu_jammy_lewis" {
+  name   = "ubuntu-jammy.img"
+  pool   = "iso"
+  source = "https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img"
+  provider = libvirt.lewis
+}
+
+resource "libvirt_volume" "debian_bullseye_lewis" {
+  name = "debian-bullseye.iso"
+  pool = "iso"
+  source = "https://cloud.debian.org/images/cloud/bullseye/latest/debian-11-generic-amd64.qcow2"
+  provider = libvirt.lewis
+}
+
+resource "libvirt_volume" "debian_bookworm_lewis" {
+  name = "debian-bookworm.qcow2"
+  pool = "iso"
+  source = "https://cloud.debian.org/images/cloud/bookworm/daily/latest/debian-12-generic-amd64-daily.qcow2"
+  provider = libvirt.lewis
+}
+
+resource "libvirt_network" "dmzbr_lewis" {
+  name = "dmzbr"
+  mode = "bridge"
+  bridge = "dmzbr"
+  dhcp {
+    enabled = false
+  }
+  dns {
+    enabled = false
+  }
+  autostart = true
+  provider = libvirt.lewis
+}