create terraform project to setup libvirt on hosts

use SATA drive for atlas OS remove thecloud legacy project
2024-01-06 23:56:00 +01:00 · 2024-01-06 23:56:00 +01:00 · 997d9bb0cb
commit 997d9bb0cb
parent 7c7b3e667b
14 changed files with 44 additions and 280 deletions
--- a/legacy/projects/docker_swarm/vm/main.tf
+++ b/legacy/projects/docker_swarm/vm/main.tf
@ -23,13 +23,6 @@ provider "libvirt" {
  uri = "qemu+ssh://root@atlas.hyp/system?known_hosts=/etc/ssh/ssh_known_hosts"
 }
 module "setup_jefke" {
  source = "../../../terraform_modules/setup"
  providers = {
    libvirt = libvirt.jefke
  }
 }
 module "bancomart" {
  source = "../../../terraform_modules/debian"
  name = "bancomart"
@ -40,13 +33,6 @@ module "bancomart" {
  }
 }
 module "setup_atlas" {
  source = "../../../terraform_modules/setup"
  providers = {
    libvirt = libvirt.atlas
  }
 }
 module "maestro" {
  source = "../../../terraform_modules/debian"
  name = "maestro"
--- a/legacy/projects/libvirt_setup/main.tf
+++ b/legacy/projects/libvirt_setup/main.tf
@ -0,0 +1,38 @@
 terraform {
  backend "pg" {
    schema_name = "libvirtsetup"
    conn_str = "postgresql://terraform@jefke.hyp/terraformstates"
  }
  required_providers {
    libvirt = {
      source = "dmacvicar/libvirt"
      version = "0.7.1" # https://github.com/dmacvicar/terraform-provider-libvirt/issues/1040
    }
  }
 }
 # https://libvirt.org/uri.html#libssh-and-libssh2-transport
 provider "libvirt" {
  alias = "jefke"
  uri = "qemu+ssh://root@jefke.hyp/system?known_hosts=/etc/ssh/ssh_known_hosts"
 }
 provider "libvirt" {
  alias = "atlas"
  uri = "qemu+ssh://root@atlas.hyp/system?known_hosts=/etc/ssh/ssh_known_hosts"
 }
 module "setup_jefke" {
  source = "../../terraform_modules/setup"
  providers = {
    libvirt = libvirt.jefke
  }
 }
 module "setup_atlas" {
  source = "../../terraform_modules/setup"
  providers = {
    libvirt = libvirt.atlas
  }
 }
--- a/legacy/projects/thecloud/README.md
+++ b/legacy/projects/thecloud/README.md
@ -1,5 +0,0 @@
 # thecloud
 Thecloud is a Debian VM that provides network availability to all our persistent data:
 - NFS for network files
 - Postgresql for databases
--- a/legacy/projects/thecloud/ansible/ansible.cfg
+++ b/legacy/projects/thecloud/ansible/ansible.cfg
@ -1,8 +0,0 @@
 [defaults]
 roles_path=../../../ansible_roles:~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles:roles
 inventory=inventory
 vault_password_file=$HOME/.config/home/ansible-vault-secret
 interpreter_python=/usr/bin/python3
 [diff]
 always = True
--- a/legacy/projects/thecloud/ansible/inventory/host_vars/thecloud.yml
+++ b/legacy/projects/thecloud/ansible/inventory/host_vars/thecloud.yml
@ -1,97 +0,0 @@
 apt_install_packages:
  - postgresql
  - python3-psycopg2
  - nfs-kernel-server
  - qemu-guest-agent
 nfs_exports: []
 redis_bind_interface: 0.0.0.0
 redis_requirepass: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  37323965303638333264653936616563323235363463396330363836653865393835346263383838
  3030386166316365633538353539623066626434313332390a616131303434373264633934356361
  30356335643638656433326230363462373533396533366261346630353163353137333865303132
  3536636165366631310a643538353331366130663464386565343331653031333061333330613532
  34663932653734336239303536323331396435386332666133343033373566386562326136656330
  63393766353063646361643565323238376334333637363232626139333664643065613237666532
  31623032613763303136353232323837376637336431306534306336356165363039666634336433
  30376464323862373833
 nfs_shares:
  - name: nextcloud_data
    path: /mnt/data/nextcloud/data
  - name: radicale
    path: /mnt/data/radicale
  - name: freshrss_data
    path: /mnt/data/freshrss/data
  - name: freshrss_extensions
    path: /mnt/data/freshrss/extensions
  - name: pihole_data
    path: /mnt/data/pihole/data
  - name: pihole_dnsmasq
    path: /mnt/data/pihole/dnsmasq
  - name: hedgedoc_uploads
    path: /mnt/data/hedgedoc/uploads
  - name: traefik_acme
    path: /mnt/data/traefik/acme
  - name: seafile_data
    path: /mnt/data/seafile/data
  - name: seafile_db
    path: /mnt/data/seafile/db
  - name: mastodon_system
    path: /mnt/data/mastodon/system
  - name: mastodon_redis
    path: /mnt/data/mastodon/redis
  - name: forgejo
    path: /mnt/data/forgejo
  - name: overleaf
    path: /mnt/data/overleaf/data
  - name: overleaf_redis
    path: /mnt/data/overleaf/redis
  - name: overleaf_mongodb
    path: /mnt/data/overleaf/mongodb
  - name: prometheus_data
    path: /mnt/data/prometheus/data
  - name: elasticsearch_certs
    path: /mnt/data/elasticsearch/certs
  - name: elasticsearch_data
    path: /mnt/data/elasticsearch/data
  - name: grafana_data
    path: /mnt/data/grafana/data
  - name: kitchenowl_data
    path: /mnt/data/kitchenowl/data
  - name: ampache_mysql
    path: /mnt/data/ampache/mysql
  - name: ampache_config
    path: /mnt/data/ampache/config
  - name: music
    path: /mnt/data/nextcloud/data/data/pim/files/Music
  - name: syncthing_config
    path: /mnt/data/syncthing/config
 database_passwords:
  nextcloud: !vault |
    $ANSIBLE_VAULT;1.1;AES256
    66326230303135303930363761316534313439383365376231623661316635393839336431313262
    3832626365376533646561653863316364313135343366330a356136343938666133356532613263
    39663037623232363266376335643834353735363431636535386566643763386463353962663930
    3466343563353162320a376437353933656166323364323166376663323531373338656563653463
    33346263626430616164613937363836343430383233393061643231346661656539623938333631
    3632373964346139316637663364646132636636373461613534
  hedgedoc: !vault |
    $ANSIBLE_VAULT;1.1;AES256
    63363464666633663762393135333362613966636338623533393132376338343339653431396465
    6634643863623163366235393434343662313735363438610a373065363361326565633766633835
    38383637343230363031636634623930666365333739323162313937656239646166613738393965
    3533666462303563360a313233306335396234393932396331313238376464363964363839396164
    66366662356135343035363935616664613831626131376330643133313530636431613266636165
    6265613666616164373637356235396165383662333561393939
  mastodon: !vault |
    $ANSIBLE_VAULT;1.1;AES256
    63616366396665663161376161373735626466353464393963333136336335376662326232613639
    6166333137376131633761623163306165386562666639640a313136386431373161306331626638
    34643433396232383962643964386631313632393161316261353331346163333261336666646563
    6232666231653732630a396638396462323464613033306662313463663262626430363432663465
    63623935303861663565633739363539326435623561396535623034663735373232336633303037
    6266323136316238343963613332396261346337646264646162
--- a/legacy/projects/thecloud/ansible/inventory/hosts.yml
+++ b/legacy/projects/thecloud/ansible/inventory/hosts.yml
@ -1,5 +0,0 @@
 all:
  hosts:
    thecloud:
      ansible_user: root
      ansible_host: thecloud.dmz
--- a/legacy/projects/thecloud/ansible/requirements.yml
+++ b/legacy/projects/thecloud/ansible/requirements.yml
@ -1,3 +0,0 @@
 - name: apt
  src: https://github.com/sunscrapers/ansible-role-apt.git
  scm: git
--- a/legacy/projects/thecloud/ansible/roles/postgresql/handlers/main.yml
+++ b/legacy/projects/thecloud/ansible/roles/postgresql/handlers/main.yml
@ -1,4 +0,0 @@
 - name: restart postgres
  systemd:
    name: postgresql
    state: restarted
--- a/legacy/projects/thecloud/ansible/roles/postgresql/tasks/main.yml
+++ b/legacy/projects/thecloud/ansible/roles/postgresql/tasks/main.yml
@ -1,15 +0,0 @@
 - name: Open postgres port
  ini_file:
    path: /etc/postgresql/15/main/postgresql.conf
    section: null
    option: listen_addresses
    value: "'*'"
  notify: restart postgres
 - name: Change data directory
  ini_file:
    path: /etc/postgresql/15/main/postgresql.conf
    section: null
    option: data_directory
    value: "'/mnt/data/postgresql'"
  notify: restart postgres
--- a/legacy/projects/thecloud/ansible/share.yml
+++ b/legacy/projects/thecloud/ansible/share.yml
@ -1,25 +0,0 @@
 ---
 - name: Create databases and NFS shares
  hosts: thecloud
  handlers:
    - name: reload nfs
      systemd:
        name: nfs-kernel-server
        state: restarted
  tasks:
    - name: Create nfs shares
      with_items: "{{ nfs_shares }}"
      copy:
        dest: "/etc/exports.d/{{ item.name }}.exports"
        content: "{{ item.path }} *(rw,sync,no_subtree_check,no_root_squash)"
      notify: reload nfs
    - name: Create databases
      with_items: "{{ database_passwords | dict2items }}"
      include_role:
        name: postgresql_database
      vars:
        database_name: "{{ item.key }}"
        database_user: "{{ item.key }}"
        database_password: "{{ item.value }}"
--- a/legacy/projects/thecloud/ansible/thecloud.yml
+++ b/legacy/projects/thecloud/ansible/thecloud.yml
@ -1,31 +0,0 @@
 ---
 - name: Wait for Cloud-Init to finish
  hosts: all
  gather_facts: no
  roles:
    - cloudinit_wait
 - name: Setup NFS
  hosts: thecloud
  roles:
    - {role: apt, tags: apt}
    - {role: postgresql, tags: postgresql}
  post_tasks:
    - name: Ensure NFS exports directory exists
      file:
        path: /etc/exports.d
        state: directory
    - name: Start NFS
      systemd:
        name: nfs-kernel-server
        state: started
        enabled: true
    - name: Enable Qemu guest agent
      systemd:
        name: qemu-guest-agent
        state: started
        enabled: true
--- a/legacy/projects/thecloud/data/main.tf
+++ b/legacy/projects/thecloud/data/main.tf
@ -1,32 +0,0 @@
 terraform {
  backend "pg" {
    schema_name = "thecloud-data"
    conn_str = "postgresql://terraform@jefke.hyp/terraformstates"
  }
  required_providers {
    libvirt = {
      source = "dmacvicar/libvirt"
      version = "0.7.1" # https://github.com/dmacvicar/terraform-provider-libvirt/issues/1040
    }
  }
 }
 # https://libvirt.org/uri.html#libssh-and-libssh2-transport
 provider "libvirt" {
  uri = "qemu+ssh://root@lewis.hyp/system?known_hosts=/etc/ssh/ssh_known_hosts"
 }
 module "data_pool" {
  source = "../../../terraform_modules/setup/data"
 }
 resource "libvirt_volume" "data" {
  name = "thecloud-data.qcow2"
  pool = "data"
  size = 1024 * 1024 * 1024 * 150
 }
 output "data_disk_id" {
  value = libvirt_volume.data.id
 }
--- a/legacy/projects/thecloud/vm/main.tf
+++ b/legacy/projects/thecloud/vm/main.tf
@ -1,40 +0,0 @@
 terraform {
  backend "pg" {
    schema_name = "thecloud"
    conn_str = "postgresql://terraform@jefke.hyp/terraformstates"
  }
  required_providers {
    libvirt = {
      source = "dmacvicar/libvirt"
      version = "0.7.1" # https://github.com/dmacvicar/terraform-provider-libvirt/issues/1040
    }
  }
 }
 # https://libvirt.org/uri.html#libssh-and-libssh2-transport
 provider "libvirt" {
  alias = "lewis"
  uri = "qemu+ssh://root@lewis.hyp/system?known_hosts=/etc/ssh/ssh_known_hosts"
 }
 module "setup_lewis" {
  source = "../../../terraform_modules/setup"
  providers = {
    libvirt = libvirt.lewis
  }
 }
 module "thecloud" {
  source = "../../../terraform_modules/debian"
  name = "thecloud"
  ram = 1024
  storage = 25
  mac = "CA:FE:C0:FF:EE:0A"
  data_disk = "/mnt/data/volumes/thecloud-data.qcow2"
  providers = {
    libvirt = libvirt.lewis
  }
  depends_on = [ module.setup_lewis ]
 }
--- a/nixos/machines/default.nix
+++ b/nixos/machines/default.nix
@ -25,7 +25,12 @@
    hostName = "atlas.hyp";
    nixosModule.lab = {
-      disko.osDiskDevice = "/dev/nvme0n1";
+      disko.osDiskDevice = "/dev/sda";
      dataDisk = {
        enable = true;
        devicePath = "/dev/nvme0n1p1";
      };
      ssh = {
        useCertificates = true;