add nix flake for dev env

rename handjecontantje to vpay disable fluentd logging
2023-10-26 21:08:19 +02:00 · 2023-10-26 21:08:19 +02:00 · 1acb61716e
commit 1acb61716e
parent c7ddefaa3d
10 changed files with 101 additions and 25 deletions
--- a/.envrc
+++ b/.envrc
@ -0,0 +1 @@
+use flake
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+.direnv
--- a/ansible/ansible.cfg
+++ b/ansible/ansible.cfg
@ -3,7 +3,7 @@ roles_path=~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles:roles
 inventory=inventory
 interpreter_python=/usr/bin/python3
 remote_user = root
-vault_password_file=util/secret-service-client.sh
+vault_password_file=$HOME/.config/home/ansible-vault-secret

 [diff]
 always = True
--- a/ansible/inventory/hosts.yml
+++ b/ansible/inventory/hosts.yml
@ -9,5 +9,5 @@ all:
      hosts:
        bancomart:
          ansible_host: bancomart.dmz
-        handjecontantje:
-          ansible_host: handjecontantje.dmz
+        vpay:
+          ansible_host: vpay.dmz
--- a/ansible/playbooks/setup.yml
+++ b/ansible/playbooks/setup.yml
@ -23,11 +23,11 @@
      include_role:
        name: docker
      vars:
-        docker_daemon_config:
-          log-driver: fluentd
-          log-opts:
-            fluentd-address: "localhost:22222"
-            tag: "docker.{{ '{{' }}.Name{{ '}}' }}"
+        docker_daemon_config: {}
+          # log-driver: fluentd
+          # log-opts:
+          #   fluentd-address: "localhost:22222"
+          #   tag: "docker.{{ '{{' }}.Name{{ '}}' }}"

 - name: Setup Docker Swarm manager
  hosts: manager
--- a/ansible/util/secret-service-client.sh
+++ b/ansible/util/secret-service-client.sh
@ -1,9 +0,0 @@
-#!/bin/bash
-
-pass=`secret-tool lookup ansible_vault shoarma`
-retval=$?
-
-if [ $retval -ne 0 ]; then
-	read -s pass
-fi
-echo $pass
--- a/flake.lock
+++ b/flake.lock
@ -0,0 +1,61 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1694529238,
+        "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1698266953,
+        "narHash": "sha256-jf72t7pC8+8h8fUslUYbWTX5rKsRwOzRMX8jJsGqDXA=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "75a52265bda7fd25e06e3a67dee3f0354e73243c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/flake.nix
+++ b/flake.nix
@ -0,0 +1,20 @@
+{
+  description = "A basic flake with a shell";
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+  inputs.flake-utils.url = "github:numtide/flake-utils";
+
+  outputs = { self, nixpkgs, flake-utils }:
+    flake-utils.lib.eachDefaultSystem (system: let
+      pkgs = nixpkgs.legacyPackages.${system};
+    in {
+      devShells.default = pkgs.mkShell {
+        packages = with pkgs; [
+          bashInteractive
+          opentofu
+          jq
+          cdrtools
+          ansible
+        ];
+      };
+    });
+}
--- a/terraform/dns.tf
+++ b/terraform/dns.tf
@ -1,5 +1,5 @@
 data "external" "secrets" {
-  program = ["cat", pathexpand("~/.tfvars.json")]
+  program = ["cat", pathexpand("~/.config/home/powerdns-api-key.json")]
 }

 provider "powerdns" {
--- a/terraform/main.tf
+++ b/terraform/main.tf
@ -6,6 +6,7 @@ terraform {
  required_providers {
    libvirt = {
      source = "dmacvicar/libvirt"
+      version = "0.7.1" # https://github.com/dmacvicar/terraform-provider-libvirt/issues/1040
    }

    powerdns = {
@ -16,17 +17,18 @@ terraform {
 }

 provider "libvirt" {
-  uri = "qemu+ssh://root@atlas.hyp/system"
+  # https://libvirt.org/uri.html#libssh-and-libssh2-transport
+  uri = "qemu+ssh://root@atlas.hyp/system?known_hosts=/etc/ssh/ssh_known_hosts"
 }

 provider "libvirt" {
  alias = "jefke"
-  uri   = "qemu+ssh://root@jefke.hyp/system"
+  uri   = "qemu+ssh://root@jefke.hyp/system?known_hosts=/etc/ssh/ssh_known_hosts"
 }

 provider "libvirt" {
  alias = "lewis"
-  uri   = "qemu+ssh://root@lewis.hyp/system"
+  uri   = "qemu+ssh://root@lewis.hyp/system?known_hosts=/etc/ssh/ssh_known_hosts"
 }

 module "maestro" {
@ -50,10 +52,10 @@ module "bancomart" {
  }
 }

-module "handjecontantje" {
+module "vpay" {
  source          = "git::https://git.kun.is/home/tf-modules.git//debian"
-  name            = "handjecontantje"
-  domain_name     = "tf-handjecontantje"
+  name            = "vpay"
+  domain_name     = "tf-vpay"
  memory          = 3 * 1024
  providers = {
    libvirt = libvirt.lewis