create terraform project to setup libvirt on hosts

use SATA drive for atlas OS remove thecloud legacy project
2024-01-06 23:56:00 +01:00 · 2024-01-06 23:56:00 +01:00 · 997d9bb0cb
commit 997d9bb0cb
parent 7c7b3e667b
14 changed files with 44 additions and 280 deletions
--- a/legacy/projects/docker_swarm/vm/main.tf
+++ b/legacy/projects/docker_swarm/vm/main.tf
@ -23,13 +23,6 @@ provider "libvirt" {
  uri = "qemu+ssh://root@atlas.hyp/system?known_hosts=/etc/ssh/ssh_known_hosts"
 }

-module "setup_jefke" {
-  source = "../../../terraform_modules/setup"
-  providers = {
-    libvirt = libvirt.jefke
-  }
-}
-
 module "bancomart" {
  source = "../../../terraform_modules/debian"
  name = "bancomart"
@ -40,13 +33,6 @@ module "bancomart" {
  }
 }

-module "setup_atlas" {
-  source = "../../../terraform_modules/setup"
-  providers = {
-    libvirt = libvirt.atlas
-  }
-}
-
 module "maestro" {
  source = "../../../terraform_modules/debian"
  name = "maestro"
--- a/legacy/projects/libvirt_setup/main.tf
+++ b/legacy/projects/libvirt_setup/main.tf
@ -0,0 +1,38 @@
+terraform {
+  backend "pg" {
+    schema_name = "libvirtsetup"
+    conn_str = "postgresql://terraform@jefke.hyp/terraformstates"
+  }
+
+  required_providers {
+    libvirt = {
+      source = "dmacvicar/libvirt"
+      version = "0.7.1" # https://github.com/dmacvicar/terraform-provider-libvirt/issues/1040
+    }
+  }
+}
+
+# https://libvirt.org/uri.html#libssh-and-libssh2-transport
+provider "libvirt" {
+  alias = "jefke"
+  uri = "qemu+ssh://root@jefke.hyp/system?known_hosts=/etc/ssh/ssh_known_hosts"
+}
+
+provider "libvirt" {
+  alias = "atlas"
+  uri = "qemu+ssh://root@atlas.hyp/system?known_hosts=/etc/ssh/ssh_known_hosts"
+}
+
+module "setup_jefke" {
+  source = "../../terraform_modules/setup"
+  providers = {
+    libvirt = libvirt.jefke
+  }
+}
+
+module "setup_atlas" {
+  source = "../../terraform_modules/setup"
+  providers = {
+    libvirt = libvirt.atlas
+  }
+}
--- a/legacy/projects/thecloud/README.md
+++ b/legacy/projects/thecloud/README.md
@ -1,5 +0,0 @@
-# thecloud
-
-Thecloud is a Debian VM that provides network availability to all our persistent data:
- NFS for network files
- Postgresql for databases
--- a/legacy/projects/thecloud/ansible/ansible.cfg
+++ b/legacy/projects/thecloud/ansible/ansible.cfg
@ -1,8 +0,0 @@
-[defaults]
-roles_path=../../../ansible_roles:~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles:roles
-inventory=inventory
-vault_password_file=$HOME/.config/home/ansible-vault-secret
-interpreter_python=/usr/bin/python3
-
-[diff]
-always = True
--- a/legacy/projects/thecloud/ansible/inventory/host_vars/thecloud.yml
+++ b/legacy/projects/thecloud/ansible/inventory/host_vars/thecloud.yml
@ -1,97 +0,0 @@
-apt_install_packages:
-  - postgresql
-  - python3-psycopg2
-  - nfs-kernel-server
-  - qemu-guest-agent
-
-nfs_exports: []
-
-redis_bind_interface: 0.0.0.0
-redis_requirepass: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  37323965303638333264653936616563323235363463396330363836653865393835346263383838
-  3030386166316365633538353539623066626434313332390a616131303434373264633934356361
-  30356335643638656433326230363462373533396533366261346630353163353137333865303132
-  3536636165366631310a643538353331366130663464386565343331653031333061333330613532
-  34663932653734336239303536323331396435386332666133343033373566386562326136656330
-  63393766353063646361643565323238376334333637363232626139333664643065613237666532
-  31623032613763303136353232323837376637336431306534306336356165363039666634336433
-  30376464323862373833
-
-nfs_shares:
-  - name: nextcloud_data
-    path: /mnt/data/nextcloud/data
-  - name: radicale
-    path: /mnt/data/radicale
-  - name: freshrss_data
-    path: /mnt/data/freshrss/data
-  - name: freshrss_extensions
-    path: /mnt/data/freshrss/extensions
-  - name: pihole_data
-    path: /mnt/data/pihole/data
-  - name: pihole_dnsmasq
-    path: /mnt/data/pihole/dnsmasq
-  - name: hedgedoc_uploads
-    path: /mnt/data/hedgedoc/uploads
-  - name: traefik_acme
-    path: /mnt/data/traefik/acme
-  - name: seafile_data
-    path: /mnt/data/seafile/data
-  - name: seafile_db
-    path: /mnt/data/seafile/db
-  - name: mastodon_system
-    path: /mnt/data/mastodon/system
-  - name: mastodon_redis
-    path: /mnt/data/mastodon/redis
-  - name: forgejo
-    path: /mnt/data/forgejo
-  - name: overleaf
-    path: /mnt/data/overleaf/data
-  - name: overleaf_redis
-    path: /mnt/data/overleaf/redis
-  - name: overleaf_mongodb
-    path: /mnt/data/overleaf/mongodb
-  - name: prometheus_data
-    path: /mnt/data/prometheus/data
-  - name: elasticsearch_certs
-    path: /mnt/data/elasticsearch/certs
-  - name: elasticsearch_data
-    path: /mnt/data/elasticsearch/data
-  - name: grafana_data
-    path: /mnt/data/grafana/data
-  - name: kitchenowl_data
-    path: /mnt/data/kitchenowl/data
-  - name: ampache_mysql
-    path: /mnt/data/ampache/mysql
-  - name: ampache_config
-    path: /mnt/data/ampache/config
-  - name: music
-    path: /mnt/data/nextcloud/data/data/pim/files/Music
-  - name: syncthing_config
-    path: /mnt/data/syncthing/config
-
-database_passwords:
-  nextcloud: !vault |
-    $ANSIBLE_VAULT;1.1;AES256
-    66326230303135303930363761316534313439383365376231623661316635393839336431313262
-    3832626365376533646561653863316364313135343366330a356136343938666133356532613263
-    39663037623232363266376335643834353735363431636535386566643763386463353962663930
-    3466343563353162320a376437353933656166323364323166376663323531373338656563653463
-    33346263626430616164613937363836343430383233393061643231346661656539623938333631
-    3632373964346139316637663364646132636636373461613534
-  hedgedoc: !vault |
-    $ANSIBLE_VAULT;1.1;AES256
-    63363464666633663762393135333362613966636338623533393132376338343339653431396465
-    6634643863623163366235393434343662313735363438610a373065363361326565633766633835
-    38383637343230363031636634623930666365333739323162313937656239646166613738393965
-    3533666462303563360a313233306335396234393932396331313238376464363964363839396164
-    66366662356135343035363935616664613831626131376330643133313530636431613266636165
-    6265613666616164373637356235396165383662333561393939
-  mastodon: !vault |
-    $ANSIBLE_VAULT;1.1;AES256
-    63616366396665663161376161373735626466353464393963333136336335376662326232613639
-    6166333137376131633761623163306165386562666639640a313136386431373161306331626638
-    34643433396232383962643964386631313632393161316261353331346163333261336666646563
-    6232666231653732630a396638396462323464613033306662313463663262626430363432663465
-    63623935303861663565633739363539326435623561396535623034663735373232336633303037
-    6266323136316238343963613332396261346337646264646162
--- a/legacy/projects/thecloud/ansible/inventory/hosts.yml
+++ b/legacy/projects/thecloud/ansible/inventory/hosts.yml
@ -1,5 +0,0 @@
-all:
-  hosts:
-    thecloud:
-      ansible_user: root
-      ansible_host: thecloud.dmz
--- a/legacy/projects/thecloud/ansible/requirements.yml
+++ b/legacy/projects/thecloud/ansible/requirements.yml
@ -1,3 +0,0 @@
- name: apt
-  src: https://github.com/sunscrapers/ansible-role-apt.git
-  scm: git
--- a/legacy/projects/thecloud/ansible/roles/postgresql/handlers/main.yml
+++ b/legacy/projects/thecloud/ansible/roles/postgresql/handlers/main.yml
@ -1,4 +0,0 @@
- name: restart postgres
-  systemd:
-    name: postgresql
-    state: restarted
--- a/legacy/projects/thecloud/ansible/roles/postgresql/tasks/main.yml
+++ b/legacy/projects/thecloud/ansible/roles/postgresql/tasks/main.yml
@ -1,15 +0,0 @@
- name: Open postgres port
-  ini_file:
-    path: /etc/postgresql/15/main/postgresql.conf
-    section: null
-    option: listen_addresses
-    value: "'*'"
-  notify: restart postgres
-
- name: Change data directory
-  ini_file:
-    path: /etc/postgresql/15/main/postgresql.conf
-    section: null
-    option: data_directory
-    value: "'/mnt/data/postgresql'"
-  notify: restart postgres
--- a/legacy/projects/thecloud/ansible/share.yml
+++ b/legacy/projects/thecloud/ansible/share.yml
@ -1,25 +0,0 @@
---
- name: Create databases and NFS shares
-  hosts: thecloud
-  handlers:
-    - name: reload nfs
-      systemd:
-        name: nfs-kernel-server
-        state: restarted
-
-  tasks:
-    - name: Create nfs shares
-      with_items: "{{ nfs_shares }}"
-      copy:
-        dest: "/etc/exports.d/{{ item.name }}.exports"
-        content: "{{ item.path }} *(rw,sync,no_subtree_check,no_root_squash)"
-      notify: reload nfs
-
-    - name: Create databases
-      with_items: "{{ database_passwords | dict2items }}"
-      include_role:
-        name: postgresql_database
-      vars:
-        database_name: "{{ item.key }}"
-        database_user: "{{ item.key }}"
-        database_password: "{{ item.value }}"
--- a/legacy/projects/thecloud/ansible/thecloud.yml
+++ b/legacy/projects/thecloud/ansible/thecloud.yml
@ -1,31 +0,0 @@
---
- name: Wait for Cloud-Init to finish
-  hosts: all
-  gather_facts: no
-  roles:
-    - cloudinit_wait
-
- name: Setup NFS
-  hosts: thecloud
-
-  roles:
-    - {role: apt, tags: apt}
-    - {role: postgresql, tags: postgresql}
-
-  post_tasks:
-    - name: Ensure NFS exports directory exists
-      file:
-        path: /etc/exports.d
-        state: directory
-
-    - name: Start NFS
-      systemd:
-        name: nfs-kernel-server
-        state: started
-        enabled: true
-
-    - name: Enable Qemu guest agent
-      systemd:
-        name: qemu-guest-agent
-        state: started
-        enabled: true
--- a/legacy/projects/thecloud/data/main.tf
+++ b/legacy/projects/thecloud/data/main.tf
@ -1,32 +0,0 @@
-terraform {
-  backend "pg" {
-    schema_name = "thecloud-data"
-    conn_str = "postgresql://terraform@jefke.hyp/terraformstates"
-  }
-
-  required_providers {
-    libvirt = {
-      source = "dmacvicar/libvirt"
-      version = "0.7.1" # https://github.com/dmacvicar/terraform-provider-libvirt/issues/1040
-    }
-  }
-}
-
-# https://libvirt.org/uri.html#libssh-and-libssh2-transport
-provider "libvirt" {
-  uri = "qemu+ssh://root@lewis.hyp/system?known_hosts=/etc/ssh/ssh_known_hosts"
-}
-
-module "data_pool" {
-  source = "../../../terraform_modules/setup/data"
-}
-
-resource "libvirt_volume" "data" {
-  name = "thecloud-data.qcow2"
-  pool = "data"
-  size = 1024 * 1024 * 1024 * 150
-}
-
-output "data_disk_id" {
-  value = libvirt_volume.data.id
-}
--- a/legacy/projects/thecloud/vm/main.tf
+++ b/legacy/projects/thecloud/vm/main.tf
@ -1,40 +0,0 @@
-terraform {
-  backend "pg" {
-    schema_name = "thecloud"
-    conn_str = "postgresql://terraform@jefke.hyp/terraformstates"
-  }
-
-  required_providers {
-    libvirt = {
-      source = "dmacvicar/libvirt"
-      version = "0.7.1" # https://github.com/dmacvicar/terraform-provider-libvirt/issues/1040
-    }
-  }
-}
-
-# https://libvirt.org/uri.html#libssh-and-libssh2-transport
-provider "libvirt" {
-  alias = "lewis"
-  uri = "qemu+ssh://root@lewis.hyp/system?known_hosts=/etc/ssh/ssh_known_hosts"
-}
-
-module "setup_lewis" {
-  source = "../../../terraform_modules/setup"
-  providers = {
-    libvirt = libvirt.lewis
-  }
-}
-
-module "thecloud" {
-  source = "../../../terraform_modules/debian"
-  name = "thecloud"
-  ram = 1024
-  storage = 25
-  mac = "CA:FE:C0:FF:EE:0A"
-  data_disk = "/mnt/data/volumes/thecloud-data.qcow2"
-  providers = {
-    libvirt = libvirt.lewis
-  }
-
-  depends_on = [ module.setup_lewis ]
-}
--- a/nixos/machines/default.nix
+++ b/nixos/machines/default.nix
@ -25,7 +25,12 @@
    hostName = "atlas.hyp";

    nixosModule.lab = {
-      disko.osDiskDevice = "/dev/nvme0n1";
+      disko.osDiskDevice = "/dev/sda";
+
+      dataDisk = {
+        enable = true;
+        devicePath = "/dev/nvme0n1p1";
+      };

      ssh = {
        useCertificates = true;