Compare commits
3 commits
Author | SHA1 | Date | |
---|---|---|---|
c1ff6a0612 | |||
b21fc40a38 | |||
46dd504b43 |
11 changed files with 130 additions and 29 deletions
37
.gitignore
vendored
37
.gitignore
vendored
|
@ -1 +1,38 @@
|
|||
# Local .terraform directories
|
||||
**/.terraform/*
|
||||
|
||||
# .tfstate files
|
||||
*.tfstate
|
||||
*.tfstate.*
|
||||
|
||||
# Crash log files
|
||||
crash.log
|
||||
crash.*.log
|
||||
|
||||
# Exclude all .tfvars files, which are likely to contain sensitive data, such as
|
||||
# password, private keys, and other secrets. These should not be part of version
|
||||
# control as they are data points which are potentially sensitive and subject
|
||||
# to change depending on the environment.
|
||||
*.tfvars
|
||||
*.tfvars.json
|
||||
|
||||
# Ignore override files as they are usually used to override resources locally and so
|
||||
# are not checked in
|
||||
override.tf
|
||||
override.tf.json
|
||||
*_override.tf
|
||||
*_override.tf.json
|
||||
|
||||
# Include override files you do wish to add to version control using negated pattern
|
||||
# !example_override.tf
|
||||
|
||||
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
|
||||
# example: *tfplan*
|
||||
|
||||
# Ignore CLI configuration files
|
||||
.terraformrc
|
||||
terraform.rc
|
||||
.terraform.lock.hcl
|
||||
*.tfbackend
|
||||
|
||||
.vault_password
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
[defaults]
|
||||
# (pathspec) Colon separated paths in which Ansible will search for Roles.
|
||||
roles_path=~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles:roles
|
||||
inventory=inventory
|
||||
vault_password_file=util/secret-service-client.sh
|
||||
|
|
30
data/main.tf
Normal file
30
data/main.tf
Normal file
|
@ -0,0 +1,30 @@
|
|||
terraform {
|
||||
backend "pg" {
|
||||
schema_name = "max-data"
|
||||
conn_str = "postgres://terraform@10.42.0.1/terraform_state"
|
||||
}
|
||||
|
||||
required_providers {
|
||||
libvirt = {
|
||||
source = "dmacvicar/libvirt"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
provider "libvirt" {
|
||||
uri = "qemu+ssh://root@atlas.lan/system"
|
||||
}
|
||||
|
||||
resource "libvirt_volume" "data" {
|
||||
name = "max-data"
|
||||
pool = "data"
|
||||
size = 1024 * 1024 * 1024 * 65
|
||||
|
||||
lifecycle {
|
||||
prevent_destroy = true
|
||||
}
|
||||
}
|
||||
|
||||
output "data_disk_id" {
|
||||
value = libvirt_volume.data.id
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
base_data_dir: /data
|
||||
base_data_dir: /mnt/data
|
||||
base_service_dir: /srv
|
||||
|
||||
# Additional open ports
|
||||
|
|
|
@ -1,7 +1,5 @@
|
|||
all:
|
||||
children:
|
||||
homeserver:
|
||||
hosts:
|
||||
max:
|
||||
ansible_user: root
|
||||
ansible_host: max.dmz
|
||||
hosts:
|
||||
max:
|
||||
ansible_user: root
|
||||
ansible_host: max2.dmz
|
||||
|
|
27
main.tf
Normal file
27
main.tf
Normal file
|
@ -0,0 +1,27 @@
|
|||
terraform {
|
||||
backend "pg" {
|
||||
schema_name = "max"
|
||||
conn_str = "postgres://terraform@10.42.0.1/terraform_state"
|
||||
}
|
||||
|
||||
required_providers {
|
||||
libvirt = {
|
||||
source = "dmacvicar/libvirt"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
provider "libvirt" {
|
||||
uri = "qemu+ssh://root@atlas.lan/system"
|
||||
}
|
||||
|
||||
module "tf-datatest" {
|
||||
source = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian"
|
||||
name = "max2"
|
||||
domain_name = "tf-max"
|
||||
data_disk = "/kvm/data/max-data"
|
||||
fixed_address = "192.168.30.66/24"
|
||||
ansible_command = "ansible-playbook max.yml"
|
||||
insecure_password = true
|
||||
memory = 1024 * 8
|
||||
}
|
27
max.yml
27
max.yml
|
@ -1,13 +1,32 @@
|
|||
- name: Setup homeserver
|
||||
hosts: homeserver
|
||||
hosts: max
|
||||
gather_facts: no
|
||||
|
||||
pre_tasks:
|
||||
- name: Wait for host to come up
|
||||
wait_for:
|
||||
state: started
|
||||
port: 22
|
||||
host: max2.dmz
|
||||
timeout: 300
|
||||
connect_timeout: 300
|
||||
search_regex: OpenSSH
|
||||
delegate_to: localhost
|
||||
- name: Wait for cloud-init to finish
|
||||
shell:
|
||||
cmd: "cloud-init status --wait"
|
||||
register: cloudinit
|
||||
changed_when: "'..' in cloudinit.stdout"
|
||||
- name: Gather facts
|
||||
setup:
|
||||
|
||||
roles:
|
||||
- {role: 'ssh', tags: 'ssh'}
|
||||
- {role: 'watchtower', tags: 'watchtower'}
|
||||
- {role: 'forgejo', tags: 'forgejo'}
|
||||
- {role: 'syncthing', tags: 'syncthing'}
|
||||
# - {role: 'syncthing', tags: 'syncthing'}
|
||||
- {role: 'kms', tags: 'kms'}
|
||||
- {role: 'cyberchef', tags: 'cyberchef'}
|
||||
- {role: 'radicale', tags: 'radicale'}
|
||||
#- {role: 'radicale', tags: 'radicale'}
|
||||
- {role: 'mastodon', tags: 'mastodon'}
|
||||
- {role: 'seafile', tags: 'seafile'}
|
||||
- {role: 'jitsi', tags: 'jitsi'}
|
||||
|
|
|
@ -1,5 +0,0 @@
|
|||
nameserver 192.168.30.7
|
||||
nameserver 192.168.30.1
|
||||
nameserver 1.1.1.1
|
||||
nameserver 1.0.0.1
|
||||
search lan
|
|
@ -9,13 +9,9 @@
|
|||
file:
|
||||
path: "{{ base_service_dir }}"
|
||||
state: directory
|
||||
- name: Disable systemd-resolved
|
||||
systemd:
|
||||
name: systemd-resolved
|
||||
enabled: false
|
||||
state: stopped
|
||||
- name: Copy resolv.conf
|
||||
copy:
|
||||
src: "{{ role_path }}/files/resolv.conf"
|
||||
dest: /etc/resolv.conf
|
||||
follow: true
|
||||
- name: Delete externally managed environment file
|
||||
shell:
|
||||
cmd: "rm /usr/lib/python*/EXTERNALLY-MANAGED"
|
||||
register: rm
|
||||
changed_when: "rm.rc == 0"
|
||||
failed_when: "false"
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
keyring: /etc/apt/keyrings/docker.gpg
|
||||
- name: Add Docker repository
|
||||
apt_repository:
|
||||
repo: "deb [signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
|
||||
repo: "deb [signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
|
||||
register: apt_repository
|
||||
- name: Update APT cache
|
||||
apt:
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
service_name: static
|
||||
service_dir: "{{ base_service_dir }}/{{ service_name }}"
|
||||
git_origin: "http://localhost:{{ internal_forgejo_port }}/pim/static.git"
|
||||
git_origin: "http://git.pim.kunis.nl/pim/static.git"
|
||||
|
|
Reference in a new issue