Compare commits

...
This repository has been archived on 2023-04-26. You can view files and clone it, but cannot push or open issues or pull requests.

3 commits
master ... vm

Author SHA1 Message Date
c1ff6a0612 tweaks 2023-04-12 18:19:10 +02:00
b21fc40a38 traefik works 2023-04-12 16:24:01 +02:00
46dd504b43 common + docker working 2023-04-12 15:43:59 +02:00
11 changed files with 130 additions and 29 deletions

37
.gitignore vendored
View file

@ -1 +1,38 @@
# Local .terraform directories
**/.terraform/*
# .tfstate files
*.tfstate
*.tfstate.*
# Crash log files
crash.log
crash.*.log
# Exclude all .tfvars files, which are likely to contain sensitive data, such as
# password, private keys, and other secrets. These should not be part of version
# control as they are data points which are potentially sensitive and subject
# to change depending on the environment.
*.tfvars
*.tfvars.json
# Ignore override files as they are usually used to override resources locally and so
# are not checked in
override.tf
override.tf.json
*_override.tf
*_override.tf.json
# Include override files you do wish to add to version control using negated pattern
# !example_override.tf
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
# example: *tfplan*
# Ignore CLI configuration files
.terraformrc
terraform.rc
.terraform.lock.hcl
*.tfbackend
.vault_password

View file

@ -1,5 +1,4 @@
[defaults]
# (pathspec) Colon separated paths in which Ansible will search for Roles.
roles_path=~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles:roles
inventory=inventory
vault_password_file=util/secret-service-client.sh

30
data/main.tf Normal file
View file

@ -0,0 +1,30 @@
terraform {
backend "pg" {
schema_name = "max-data"
conn_str = "postgres://terraform@10.42.0.1/terraform_state"
}
required_providers {
libvirt = {
source = "dmacvicar/libvirt"
}
}
}
provider "libvirt" {
uri = "qemu+ssh://root@atlas.lan/system"
}
resource "libvirt_volume" "data" {
name = "max-data"
pool = "data"
size = 1024 * 1024 * 1024 * 65
lifecycle {
prevent_destroy = true
}
}
output "data_disk_id" {
value = libvirt_volume.data.id
}

View file

@ -1,4 +1,4 @@
base_data_dir: /data
base_data_dir: /mnt/data
base_service_dir: /srv
# Additional open ports

View file

@ -1,7 +1,5 @@
all:
children:
homeserver:
hosts:
max:
ansible_user: root
ansible_host: max.dmz
hosts:
max:
ansible_user: root
ansible_host: max2.dmz

27
main.tf Normal file
View file

@ -0,0 +1,27 @@
terraform {
backend "pg" {
schema_name = "max"
conn_str = "postgres://terraform@10.42.0.1/terraform_state"
}
required_providers {
libvirt = {
source = "dmacvicar/libvirt"
}
}
}
provider "libvirt" {
uri = "qemu+ssh://root@atlas.lan/system"
}
module "tf-datatest" {
source = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian"
name = "max2"
domain_name = "tf-max"
data_disk = "/kvm/data/max-data"
fixed_address = "192.168.30.66/24"
ansible_command = "ansible-playbook max.yml"
insecure_password = true
memory = 1024 * 8
}

27
max.yml
View file

@ -1,13 +1,32 @@
- name: Setup homeserver
hosts: homeserver
hosts: max
gather_facts: no
pre_tasks:
- name: Wait for host to come up
wait_for:
state: started
port: 22
host: max2.dmz
timeout: 300
connect_timeout: 300
search_regex: OpenSSH
delegate_to: localhost
- name: Wait for cloud-init to finish
shell:
cmd: "cloud-init status --wait"
register: cloudinit
changed_when: "'..' in cloudinit.stdout"
- name: Gather facts
setup:
roles:
- {role: 'ssh', tags: 'ssh'}
- {role: 'watchtower', tags: 'watchtower'}
- {role: 'forgejo', tags: 'forgejo'}
- {role: 'syncthing', tags: 'syncthing'}
# - {role: 'syncthing', tags: 'syncthing'}
- {role: 'kms', tags: 'kms'}
- {role: 'cyberchef', tags: 'cyberchef'}
- {role: 'radicale', tags: 'radicale'}
#- {role: 'radicale', tags: 'radicale'}
- {role: 'mastodon', tags: 'mastodon'}
- {role: 'seafile', tags: 'seafile'}
- {role: 'jitsi', tags: 'jitsi'}

View file

@ -1,5 +0,0 @@
nameserver 192.168.30.7
nameserver 192.168.30.1
nameserver 1.1.1.1
nameserver 1.0.0.1
search lan

View file

@ -9,13 +9,9 @@
file:
path: "{{ base_service_dir }}"
state: directory
- name: Disable systemd-resolved
systemd:
name: systemd-resolved
enabled: false
state: stopped
- name: Copy resolv.conf
copy:
src: "{{ role_path }}/files/resolv.conf"
dest: /etc/resolv.conf
follow: true
- name: Delete externally managed environment file
shell:
cmd: "rm /usr/lib/python*/EXTERNALLY-MANAGED"
register: rm
changed_when: "rm.rc == 0"
failed_when: "false"

View file

@ -12,7 +12,7 @@
keyring: /etc/apt/keyrings/docker.gpg
- name: Add Docker repository
apt_repository:
repo: "deb [signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
repo: "deb [signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
register: apt_repository
- name: Update APT cache
apt:

View file

@ -1,3 +1,3 @@
service_name: static
service_dir: "{{ base_service_dir }}/{{ service_name }}"
git_origin: "http://localhost:{{ internal_forgejo_port }}/pim/static.git"
git_origin: "http://git.pim.kunis.nl/pim/static.git"