add nix flake for dev env

rename handjecontantje to vpay disable fluentd logging
2023-10-26 21:08:19 +02:00 · 2023-10-26 21:08:19 +02:00 · 1acb61716e
commit 1acb61716e
parent c7ddefaa3d
10 changed files with 101 additions and 25 deletions
--- a/.envrc
+++ b/.envrc
@ -0,0 +1 @@
 use flake
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
 .direnv
--- a/ansible/ansible.cfg
+++ b/ansible/ansible.cfg
@ -3,7 +3,7 @@ roles_path=~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles:roles
 inventory=inventory
 interpreter_python=/usr/bin/python3
 remote_user = root
-vault_password_file=util/secret-service-client.sh
+vault_password_file=$HOME/.config/home/ansible-vault-secret
 [diff]
 always = True
--- a/ansible/inventory/hosts.yml
+++ b/ansible/inventory/hosts.yml
@ -9,5 +9,5 @@ all:
      hosts:
        bancomart:
          ansible_host: bancomart.dmz
-        handjecontantje:
+        vpay:
-          ansible_host: handjecontantje.dmz
+          ansible_host: vpay.dmz
--- a/ansible/playbooks/setup.yml
+++ b/ansible/playbooks/setup.yml
@ -23,11 +23,11 @@
      include_role:
        name: docker
      vars:
-        docker_daemon_config:
+        docker_daemon_config: {}
-          log-driver: fluentd
+          # log-driver: fluentd
-          log-opts:
+          # log-opts:
-            fluentd-address: "localhost:22222"
+          #   fluentd-address: "localhost:22222"
-            tag: "docker.{{ '{{' }}.Name{{ '}}' }}"
+          #   tag: "docker.{{ '{{' }}.Name{{ '}}' }}"
 - name: Setup Docker Swarm manager
  hosts: manager
--- a/ansible/util/secret-service-client.sh
+++ b/ansible/util/secret-service-client.sh
@ -1,9 +0,0 @@
 #!/bin/bash
 pass=`secret-tool lookup ansible_vault shoarma`
 retval=$?
 if [ $retval -ne 0 ]; then
 	read -s pass
 fi
 echo $pass
--- a/flake.lock
+++ b/flake.lock
@ -0,0 +1,61 @@
 {
  "nodes": {
    "flake-utils": {
      "inputs": {
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1694529238,
        "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1698266953,
        "narHash": "sha256-jf72t7pC8+8h8fUslUYbWTX5rKsRwOzRMX8jJsGqDXA=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "75a52265bda7fd25e06e3a67dee3f0354e73243c",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "flake-utils": "flake-utils",
        "nixpkgs": "nixpkgs"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    }
  },
  "root": "root",
  "version": 7
 }
--- a/flake.nix
+++ b/flake.nix
@ -0,0 +1,20 @@
 {
  description = "A basic flake with a shell";
  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
  inputs.flake-utils.url = "github:numtide/flake-utils";
  outputs = { self, nixpkgs, flake-utils }:
    flake-utils.lib.eachDefaultSystem (system: let
      pkgs = nixpkgs.legacyPackages.${system};
    in {
      devShells.default = pkgs.mkShell {
        packages = with pkgs; [
          bashInteractive
          opentofu
          jq
          cdrtools
          ansible
        ];
      };
    });
 }
--- a/terraform/dns.tf
+++ b/terraform/dns.tf
@ -1,5 +1,5 @@
 data "external" "secrets" {
-  program = ["cat", pathexpand("~/.tfvars.json")]
+  program = ["cat", pathexpand("~/.config/home/powerdns-api-key.json")]
 }
 provider "powerdns" {
@ -77,4 +77,4 @@ resource "powerdns_record" "smtp2go_3_geokunis2_nl_cname" {
  type     = "CNAME"
  records  = ["track.smtp2go.net."]
  ttl      = 60
-}
+}
--- a/terraform/main.tf
+++ b/terraform/main.tf
@ -6,6 +6,7 @@ terraform {
  required_providers {
    libvirt = {
      source = "dmacvicar/libvirt"
      version = "0.7.1" # https://github.com/dmacvicar/terraform-provider-libvirt/issues/1040
    }
    powerdns = {
@ -16,17 +17,18 @@ terraform {
 }
 provider "libvirt" {
-  uri = "qemu+ssh://root@atlas.hyp/system"
+  # https://libvirt.org/uri.html#libssh-and-libssh2-transport
  uri = "qemu+ssh://root@atlas.hyp/system?known_hosts=/etc/ssh/ssh_known_hosts"
 }
 provider "libvirt" {
  alias = "jefke"
-  uri   = "qemu+ssh://root@jefke.hyp/system"
+  uri   = "qemu+ssh://root@jefke.hyp/system?known_hosts=/etc/ssh/ssh_known_hosts"
 }
 provider "libvirt" {
  alias = "lewis"
-  uri   = "qemu+ssh://root@lewis.hyp/system"
+  uri   = "qemu+ssh://root@lewis.hyp/system?known_hosts=/etc/ssh/ssh_known_hosts"
 }
 module "maestro" {
@ -50,10 +52,10 @@ module "bancomart" {
  }
 }
-module "handjecontantje" {
+module "vpay" {
  source          = "git::https://git.kun.is/home/tf-modules.git//debian"
-  name            = "handjecontantje"
+  name            = "vpay"
-  domain_name     = "tf-handjecontantje"
+  domain_name     = "tf-vpay"
  memory          = 3 * 1024
  providers = {
    libvirt = libvirt.lewis