diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..3550a30 --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use flake diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..92b2793 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.direnv diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg index 4322702..2411e3a 100644 --- a/ansible/ansible.cfg +++ b/ansible/ansible.cfg @@ -3,7 +3,7 @@ roles_path=~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles:roles inventory=inventory interpreter_python=/usr/bin/python3 remote_user = root -vault_password_file=util/secret-service-client.sh +vault_password_file=$HOME/.config/home/ansible-vault-secret [diff] always = True diff --git a/ansible/inventory/hosts.yml b/ansible/inventory/hosts.yml index a0e4d38..68ec87a 100644 --- a/ansible/inventory/hosts.yml +++ b/ansible/inventory/hosts.yml @@ -9,5 +9,5 @@ all: hosts: bancomart: ansible_host: bancomart.dmz - handjecontantje: - ansible_host: handjecontantje.dmz + vpay: + ansible_host: vpay.dmz diff --git a/ansible/playbooks/setup.yml b/ansible/playbooks/setup.yml index f6130d3..56ae015 100644 --- a/ansible/playbooks/setup.yml +++ b/ansible/playbooks/setup.yml @@ -23,11 +23,11 @@ include_role: name: docker vars: - docker_daemon_config: - log-driver: fluentd - log-opts: - fluentd-address: "localhost:22222" - tag: "docker.{{ '{{' }}.Name{{ '}}' }}" + docker_daemon_config: {} + # log-driver: fluentd + # log-opts: + # fluentd-address: "localhost:22222" + # tag: "docker.{{ '{{' }}.Name{{ '}}' }}" - name: Setup Docker Swarm manager hosts: manager diff --git a/ansible/util/secret-service-client.sh b/ansible/util/secret-service-client.sh deleted file mode 100755 index b4c9bb5..0000000 --- a/ansible/util/secret-service-client.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash - -pass=`secret-tool lookup ansible_vault shoarma` -retval=$? - -if [ $retval -ne 0 ]; then - read -s pass -fi -echo $pass diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..fc5227d --- /dev/null +++ b/flake.lock @@ -0,0 +1,61 @@ +{ + "nodes": { + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1698266953, + "narHash": "sha256-jf72t7pC8+8h8fUslUYbWTX5rKsRwOzRMX8jJsGqDXA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "75a52265bda7fd25e06e3a67dee3f0354e73243c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..eca5ab1 --- /dev/null +++ b/flake.nix @@ -0,0 +1,20 @@ +{ + description = "A basic flake with a shell"; + inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + inputs.flake-utils.url = "github:numtide/flake-utils"; + + outputs = { self, nixpkgs, flake-utils }: + flake-utils.lib.eachDefaultSystem (system: let + pkgs = nixpkgs.legacyPackages.${system}; + in { + devShells.default = pkgs.mkShell { + packages = with pkgs; [ + bashInteractive + opentofu + jq + cdrtools + ansible + ]; + }; + }); +} diff --git a/terraform/dns.tf b/terraform/dns.tf index d9b24a4..e31dc4a 100644 --- a/terraform/dns.tf +++ b/terraform/dns.tf @@ -1,5 +1,5 @@ data "external" "secrets" { - program = ["cat", pathexpand("~/.tfvars.json")] + program = ["cat", pathexpand("~/.config/home/powerdns-api-key.json")] } provider "powerdns" { @@ -77,4 +77,4 @@ resource "powerdns_record" "smtp2go_3_geokunis2_nl_cname" { type = "CNAME" records = ["track.smtp2go.net."] ttl = 60 -} \ No newline at end of file +} diff --git a/terraform/main.tf b/terraform/main.tf index ccb2133..8a3c948 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -6,6 +6,7 @@ terraform { required_providers { libvirt = { source = "dmacvicar/libvirt" + version = "0.7.1" # https://github.com/dmacvicar/terraform-provider-libvirt/issues/1040 } powerdns = { @@ -16,17 +17,18 @@ terraform { } provider "libvirt" { - uri = "qemu+ssh://root@atlas.hyp/system" + # https://libvirt.org/uri.html#libssh-and-libssh2-transport + uri = "qemu+ssh://root@atlas.hyp/system?known_hosts=/etc/ssh/ssh_known_hosts" } provider "libvirt" { alias = "jefke" - uri = "qemu+ssh://root@jefke.hyp/system" + uri = "qemu+ssh://root@jefke.hyp/system?known_hosts=/etc/ssh/ssh_known_hosts" } provider "libvirt" { alias = "lewis" - uri = "qemu+ssh://root@lewis.hyp/system" + uri = "qemu+ssh://root@lewis.hyp/system?known_hosts=/etc/ssh/ssh_known_hosts" } module "maestro" { @@ -50,10 +52,10 @@ module "bancomart" { } } -module "handjecontantje" { +module "vpay" { source = "git::https://git.kun.is/home/tf-modules.git//debian" - name = "handjecontantje" - domain_name = "tf-handjecontantje" + name = "vpay" + domain_name = "tf-vpay" memory = 3 * 1024 providers = { libvirt = libvirt.lewis