From 997d9bb0cb127cb91b4037350b31ae362358ab48 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Sat, 6 Jan 2024 23:56:00 +0100 Subject: [PATCH] create terraform project to setup libvirt on hosts use SATA drive for atlas OS remove thecloud legacy project --- legacy/projects/docker_swarm/vm/main.tf | 14 --- legacy/projects/libvirt_setup/main.tf | 38 ++++++++ legacy/projects/thecloud/README.md | 5 - legacy/projects/thecloud/ansible/ansible.cfg | 8 -- .../ansible/inventory/host_vars/thecloud.yml | 97 ------------------- .../thecloud/ansible/inventory/hosts.yml | 5 - .../thecloud/ansible/requirements.yml | 3 - .../roles/postgresql/handlers/main.yml | 4 - .../ansible/roles/postgresql/tasks/main.yml | 15 --- legacy/projects/thecloud/ansible/share.yml | 25 ----- legacy/projects/thecloud/ansible/thecloud.yml | 31 ------ legacy/projects/thecloud/data/main.tf | 32 ------ legacy/projects/thecloud/vm/main.tf | 40 -------- nixos/machines/default.nix | 7 +- 14 files changed, 44 insertions(+), 280 deletions(-) create mode 100644 legacy/projects/libvirt_setup/main.tf delete mode 100644 legacy/projects/thecloud/README.md delete mode 100644 legacy/projects/thecloud/ansible/ansible.cfg delete mode 100644 legacy/projects/thecloud/ansible/inventory/host_vars/thecloud.yml delete mode 100644 legacy/projects/thecloud/ansible/inventory/hosts.yml delete mode 100644 legacy/projects/thecloud/ansible/requirements.yml delete mode 100644 legacy/projects/thecloud/ansible/roles/postgresql/handlers/main.yml delete mode 100644 legacy/projects/thecloud/ansible/roles/postgresql/tasks/main.yml delete mode 100644 legacy/projects/thecloud/ansible/share.yml delete mode 100644 legacy/projects/thecloud/ansible/thecloud.yml delete mode 100644 legacy/projects/thecloud/data/main.tf delete mode 100644 legacy/projects/thecloud/vm/main.tf diff --git a/legacy/projects/docker_swarm/vm/main.tf b/legacy/projects/docker_swarm/vm/main.tf index 02b1002..340747e 100644 --- a/legacy/projects/docker_swarm/vm/main.tf +++ b/legacy/projects/docker_swarm/vm/main.tf @@ -23,13 +23,6 @@ provider "libvirt" { uri = "qemu+ssh://root@atlas.hyp/system?known_hosts=/etc/ssh/ssh_known_hosts" } -module "setup_jefke" { - source = "../../../terraform_modules/setup" - providers = { - libvirt = libvirt.jefke - } -} - module "bancomart" { source = "../../../terraform_modules/debian" name = "bancomart" @@ -40,13 +33,6 @@ module "bancomart" { } } -module "setup_atlas" { - source = "../../../terraform_modules/setup" - providers = { - libvirt = libvirt.atlas - } -} - module "maestro" { source = "../../../terraform_modules/debian" name = "maestro" diff --git a/legacy/projects/libvirt_setup/main.tf b/legacy/projects/libvirt_setup/main.tf new file mode 100644 index 0000000..02634ab --- /dev/null +++ b/legacy/projects/libvirt_setup/main.tf @@ -0,0 +1,38 @@ +terraform { + backend "pg" { + schema_name = "libvirtsetup" + conn_str = "postgresql://terraform@jefke.hyp/terraformstates" + } + + required_providers { + libvirt = { + source = "dmacvicar/libvirt" + version = "0.7.1" # https://github.com/dmacvicar/terraform-provider-libvirt/issues/1040 + } + } +} + +# https://libvirt.org/uri.html#libssh-and-libssh2-transport +provider "libvirt" { + alias = "jefke" + uri = "qemu+ssh://root@jefke.hyp/system?known_hosts=/etc/ssh/ssh_known_hosts" +} + +provider "libvirt" { + alias = "atlas" + uri = "qemu+ssh://root@atlas.hyp/system?known_hosts=/etc/ssh/ssh_known_hosts" +} + +module "setup_jefke" { + source = "../../terraform_modules/setup" + providers = { + libvirt = libvirt.jefke + } +} + +module "setup_atlas" { + source = "../../terraform_modules/setup" + providers = { + libvirt = libvirt.atlas + } +} diff --git a/legacy/projects/thecloud/README.md b/legacy/projects/thecloud/README.md deleted file mode 100644 index cdfb7bd..0000000 --- a/legacy/projects/thecloud/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# thecloud - -Thecloud is a Debian VM that provides network availability to all our persistent data: -- NFS for network files -- Postgresql for databases \ No newline at end of file diff --git a/legacy/projects/thecloud/ansible/ansible.cfg b/legacy/projects/thecloud/ansible/ansible.cfg deleted file mode 100644 index 3b55258..0000000 --- a/legacy/projects/thecloud/ansible/ansible.cfg +++ /dev/null @@ -1,8 +0,0 @@ -[defaults] -roles_path=../../../ansible_roles:~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles:roles -inventory=inventory -vault_password_file=$HOME/.config/home/ansible-vault-secret -interpreter_python=/usr/bin/python3 - -[diff] -always = True diff --git a/legacy/projects/thecloud/ansible/inventory/host_vars/thecloud.yml b/legacy/projects/thecloud/ansible/inventory/host_vars/thecloud.yml deleted file mode 100644 index c2b00aa..0000000 --- a/legacy/projects/thecloud/ansible/inventory/host_vars/thecloud.yml +++ /dev/null @@ -1,97 +0,0 @@ -apt_install_packages: - - postgresql - - python3-psycopg2 - - nfs-kernel-server - - qemu-guest-agent - -nfs_exports: [] - -redis_bind_interface: 0.0.0.0 -redis_requirepass: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 37323965303638333264653936616563323235363463396330363836653865393835346263383838 - 3030386166316365633538353539623066626434313332390a616131303434373264633934356361 - 30356335643638656433326230363462373533396533366261346630353163353137333865303132 - 3536636165366631310a643538353331366130663464386565343331653031333061333330613532 - 34663932653734336239303536323331396435386332666133343033373566386562326136656330 - 63393766353063646361643565323238376334333637363232626139333664643065613237666532 - 31623032613763303136353232323837376637336431306534306336356165363039666634336433 - 30376464323862373833 - -nfs_shares: - - name: nextcloud_data - path: /mnt/data/nextcloud/data - - name: radicale - path: /mnt/data/radicale - - name: freshrss_data - path: /mnt/data/freshrss/data - - name: freshrss_extensions - path: /mnt/data/freshrss/extensions - - name: pihole_data - path: /mnt/data/pihole/data - - name: pihole_dnsmasq - path: /mnt/data/pihole/dnsmasq - - name: hedgedoc_uploads - path: /mnt/data/hedgedoc/uploads - - name: traefik_acme - path: /mnt/data/traefik/acme - - name: seafile_data - path: /mnt/data/seafile/data - - name: seafile_db - path: /mnt/data/seafile/db - - name: mastodon_system - path: /mnt/data/mastodon/system - - name: mastodon_redis - path: /mnt/data/mastodon/redis - - name: forgejo - path: /mnt/data/forgejo - - name: overleaf - path: /mnt/data/overleaf/data - - name: overleaf_redis - path: /mnt/data/overleaf/redis - - name: overleaf_mongodb - path: /mnt/data/overleaf/mongodb - - name: prometheus_data - path: /mnt/data/prometheus/data - - name: elasticsearch_certs - path: /mnt/data/elasticsearch/certs - - name: elasticsearch_data - path: /mnt/data/elasticsearch/data - - name: grafana_data - path: /mnt/data/grafana/data - - name: kitchenowl_data - path: /mnt/data/kitchenowl/data - - name: ampache_mysql - path: /mnt/data/ampache/mysql - - name: ampache_config - path: /mnt/data/ampache/config - - name: music - path: /mnt/data/nextcloud/data/data/pim/files/Music - - name: syncthing_config - path: /mnt/data/syncthing/config - -database_passwords: - nextcloud: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 66326230303135303930363761316534313439383365376231623661316635393839336431313262 - 3832626365376533646561653863316364313135343366330a356136343938666133356532613263 - 39663037623232363266376335643834353735363431636535386566643763386463353962663930 - 3466343563353162320a376437353933656166323364323166376663323531373338656563653463 - 33346263626430616164613937363836343430383233393061643231346661656539623938333631 - 3632373964346139316637663364646132636636373461613534 - hedgedoc: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 63363464666633663762393135333362613966636338623533393132376338343339653431396465 - 6634643863623163366235393434343662313735363438610a373065363361326565633766633835 - 38383637343230363031636634623930666365333739323162313937656239646166613738393965 - 3533666462303563360a313233306335396234393932396331313238376464363964363839396164 - 66366662356135343035363935616664613831626131376330643133313530636431613266636165 - 6265613666616164373637356235396165383662333561393939 - mastodon: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 63616366396665663161376161373735626466353464393963333136336335376662326232613639 - 6166333137376131633761623163306165386562666639640a313136386431373161306331626638 - 34643433396232383962643964386631313632393161316261353331346163333261336666646563 - 6232666231653732630a396638396462323464613033306662313463663262626430363432663465 - 63623935303861663565633739363539326435623561396535623034663735373232336633303037 - 6266323136316238343963613332396261346337646264646162 diff --git a/legacy/projects/thecloud/ansible/inventory/hosts.yml b/legacy/projects/thecloud/ansible/inventory/hosts.yml deleted file mode 100644 index 19e626d..0000000 --- a/legacy/projects/thecloud/ansible/inventory/hosts.yml +++ /dev/null @@ -1,5 +0,0 @@ -all: - hosts: - thecloud: - ansible_user: root - ansible_host: thecloud.dmz diff --git a/legacy/projects/thecloud/ansible/requirements.yml b/legacy/projects/thecloud/ansible/requirements.yml deleted file mode 100644 index 43e6eca..0000000 --- a/legacy/projects/thecloud/ansible/requirements.yml +++ /dev/null @@ -1,3 +0,0 @@ -- name: apt - src: https://github.com/sunscrapers/ansible-role-apt.git - scm: git diff --git a/legacy/projects/thecloud/ansible/roles/postgresql/handlers/main.yml b/legacy/projects/thecloud/ansible/roles/postgresql/handlers/main.yml deleted file mode 100644 index a09812e..0000000 --- a/legacy/projects/thecloud/ansible/roles/postgresql/handlers/main.yml +++ /dev/null @@ -1,4 +0,0 @@ -- name: restart postgres - systemd: - name: postgresql - state: restarted diff --git a/legacy/projects/thecloud/ansible/roles/postgresql/tasks/main.yml b/legacy/projects/thecloud/ansible/roles/postgresql/tasks/main.yml deleted file mode 100644 index d3e811e..0000000 --- a/legacy/projects/thecloud/ansible/roles/postgresql/tasks/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -- name: Open postgres port - ini_file: - path: /etc/postgresql/15/main/postgresql.conf - section: null - option: listen_addresses - value: "'*'" - notify: restart postgres - -- name: Change data directory - ini_file: - path: /etc/postgresql/15/main/postgresql.conf - section: null - option: data_directory - value: "'/mnt/data/postgresql'" - notify: restart postgres diff --git a/legacy/projects/thecloud/ansible/share.yml b/legacy/projects/thecloud/ansible/share.yml deleted file mode 100644 index 7957bf8..0000000 --- a/legacy/projects/thecloud/ansible/share.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -- name: Create databases and NFS shares - hosts: thecloud - handlers: - - name: reload nfs - systemd: - name: nfs-kernel-server - state: restarted - - tasks: - - name: Create nfs shares - with_items: "{{ nfs_shares }}" - copy: - dest: "/etc/exports.d/{{ item.name }}.exports" - content: "{{ item.path }} *(rw,sync,no_subtree_check,no_root_squash)" - notify: reload nfs - - - name: Create databases - with_items: "{{ database_passwords | dict2items }}" - include_role: - name: postgresql_database - vars: - database_name: "{{ item.key }}" - database_user: "{{ item.key }}" - database_password: "{{ item.value }}" diff --git a/legacy/projects/thecloud/ansible/thecloud.yml b/legacy/projects/thecloud/ansible/thecloud.yml deleted file mode 100644 index f019457..0000000 --- a/legacy/projects/thecloud/ansible/thecloud.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -- name: Wait for Cloud-Init to finish - hosts: all - gather_facts: no - roles: - - cloudinit_wait - -- name: Setup NFS - hosts: thecloud - - roles: - - {role: apt, tags: apt} - - {role: postgresql, tags: postgresql} - - post_tasks: - - name: Ensure NFS exports directory exists - file: - path: /etc/exports.d - state: directory - - - name: Start NFS - systemd: - name: nfs-kernel-server - state: started - enabled: true - - - name: Enable Qemu guest agent - systemd: - name: qemu-guest-agent - state: started - enabled: true diff --git a/legacy/projects/thecloud/data/main.tf b/legacy/projects/thecloud/data/main.tf deleted file mode 100644 index cf09328..0000000 --- a/legacy/projects/thecloud/data/main.tf +++ /dev/null @@ -1,32 +0,0 @@ -terraform { - backend "pg" { - schema_name = "thecloud-data" - conn_str = "postgresql://terraform@jefke.hyp/terraformstates" - } - - required_providers { - libvirt = { - source = "dmacvicar/libvirt" - version = "0.7.1" # https://github.com/dmacvicar/terraform-provider-libvirt/issues/1040 - } - } -} - -# https://libvirt.org/uri.html#libssh-and-libssh2-transport -provider "libvirt" { - uri = "qemu+ssh://root@lewis.hyp/system?known_hosts=/etc/ssh/ssh_known_hosts" -} - -module "data_pool" { - source = "../../../terraform_modules/setup/data" -} - -resource "libvirt_volume" "data" { - name = "thecloud-data.qcow2" - pool = "data" - size = 1024 * 1024 * 1024 * 150 -} - -output "data_disk_id" { - value = libvirt_volume.data.id -} diff --git a/legacy/projects/thecloud/vm/main.tf b/legacy/projects/thecloud/vm/main.tf deleted file mode 100644 index 25307cb..0000000 --- a/legacy/projects/thecloud/vm/main.tf +++ /dev/null @@ -1,40 +0,0 @@ -terraform { - backend "pg" { - schema_name = "thecloud" - conn_str = "postgresql://terraform@jefke.hyp/terraformstates" - } - - required_providers { - libvirt = { - source = "dmacvicar/libvirt" - version = "0.7.1" # https://github.com/dmacvicar/terraform-provider-libvirt/issues/1040 - } - } -} - -# https://libvirt.org/uri.html#libssh-and-libssh2-transport -provider "libvirt" { - alias = "lewis" - uri = "qemu+ssh://root@lewis.hyp/system?known_hosts=/etc/ssh/ssh_known_hosts" -} - -module "setup_lewis" { - source = "../../../terraform_modules/setup" - providers = { - libvirt = libvirt.lewis - } -} - -module "thecloud" { - source = "../../../terraform_modules/debian" - name = "thecloud" - ram = 1024 - storage = 25 - mac = "CA:FE:C0:FF:EE:0A" - data_disk = "/mnt/data/volumes/thecloud-data.qcow2" - providers = { - libvirt = libvirt.lewis - } - - depends_on = [ module.setup_lewis ] -} diff --git a/nixos/machines/default.nix b/nixos/machines/default.nix index 9aca512..a8d14c3 100644 --- a/nixos/machines/default.nix +++ b/nixos/machines/default.nix @@ -25,7 +25,12 @@ hostName = "atlas.hyp"; nixosModule.lab = { - disko.osDiskDevice = "/dev/nvme0n1"; + disko.osDiskDevice = "/dev/sda"; + + dataDisk = { + enable = true; + devicePath = "/dev/nvme0n1p1"; + }; ssh = { useCertificates = true;