add expand to two hypervisors

ansible/inventory/host_vars/manager.yml

@@ -1,18 +1,22 @@
 docker_node_labels:
   - hostname: maestro
+    labels: {}
+  - hostname: swarmpub1
     labels:
-      traefik: "true"
-      forgejo: "true"
-  - hostname: worker1
-    labels:
-      syncthing: "true"
-      seafile: "true"
-      radicale: "true"
+      public: "true"
       mastodon: "true"
-      freshrss: "true"
-      hedgedoc: "true"
+  - hostname: swarmpub2
+    labels:
+      public: "true"
+  - hostname: swarmpriv1
+    labels:
+      private: "true"
       overleaf: "true"
-
-data_directories:
-  - 'traefik'
-  - 'forgejo'
+      syncthing: "true"
+      hedgedoc: "true"
+      radicale: "true"
+  - hostname: swarmpriv2
+    labels:
+      private: "true"
+      seafile: "true"
+      freshrss: "true"

ansible/inventory/host_vars/worker1.yml

@@ -1,4 +0,0 @@
-data_directories:
-  - 'syncthing'
-  - 'seafile/data'
-  - 'seafile/db'

ansible/inventory/hosts.yml

@@ -5,5 +5,11 @@ all:
   children:
     workers:
       hosts:
-        worker1:
-          ansible_host: worker1.dmz
+        swarmpub1:
+          ansible_host: swarmpub1.dmz
+        swarmpub2:
+          ansible_host: swarmpub2.dmz
+        swarmpriv1:
+          ansible_host: swarmpriv1.dmz
+        swarmpriv2:
+          ansible_host: swarmpriv2.dmz

ansible/playbooks/setup.yml

@@ -15,15 +15,6 @@
       changed_when: "rm.rc == 0"
       failed_when: "false"
 
-    # TODO: this creates permission issues. Should create them by hand for now.
-    # - name: Create data directories
-    #   file:
-    #     state: directory
-    #     path: "{{ data_directory_base }}/{{ item }}"
-    #     recurse: true
-    #     mode: 0777
-    #   loop: "{{ data_directories }}"
-
   roles:
     - setup_apt
     - docker

ansible/roles/cyberchef/docker-stack.yml.j2

@@ -11,6 +11,9 @@ services:
     networks:
       - traefik
     deploy:
+      placement:
+        constraints:
+          - "node.labels.public == true"
       labels:
         - traefik.enable=true
         - traefik.http.routers.cyberchef.entrypoints=websecure

ansible/roles/forgejo/docker-stack.yml.j2

@@ -28,7 +28,7 @@ services:
     deploy:
       placement:
         constraints:
-          - "node.labels.forgejo == true"
+          - node.role == manager
       labels:
         - traefik.port=443
         - traefik.enable=true

ansible/roles/inbucket/docker-stack.yml.j2

@@ -2,8 +2,12 @@
 version: "3.7"
 
 services:
-   kms-server:
-      image: inbucket/inbucket
-      ports:
-        - 2500:2500
-        - 9000:9000
+  kms-server:
+    image: inbucket/inbucket
+    ports:
+      - 2500:2500
+      - 9000:9000
+    deploy:
+      placement:
+        constraints:
+          - "node.labels.public == true"

ansible/roles/kms/docker-stack.yml.j2

@@ -6,3 +6,7 @@ services:
     image: teddysun/kms
     ports:
       - 1688:1688
+    deploy:
+      placement:
+        constraints:
+          - "node.labels.public == true"

ansible/roles/traefik/docker-stack.yml.j2

@@ -20,7 +20,8 @@ services:
       - 444:444
     deploy:
       placement:
-        constraints: [node.labels.traefik == true]
+        constraints:
+          - node.role == manager
       labels:
         - traefik.enable=true
         - traefik.http.routers.dashboard.entrypoints=localsecure

ansible/roles/traefik/tasks/main.yml

@@ -1,3 +1,8 @@
+- name: Create working directory
+  file:
+    path: /srv/traefik
+    state: directory
+
 - name: Create Traefik network
   docker_network:
     name: traefik

terraform/main.tf

@@ -15,20 +15,68 @@ provider "libvirt" {
   uri = "qemu+ssh://root@atlas.hyp/system"
 }
 
+provider "libvirt" {
+  alias = "jefke"
+  uri   = "qemu+ssh://root@jefke.hyp/system"
+}
+
 module "manager" {
-  source      = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian"
+  #source      = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian"
+  source = "/home/pim/repos/tf-modules/debian"
   name        = "maestro"
   domain_name = "tf-maestro"
   memory      = 1024
   mac         = "CA:FE:C0:FF:EE:08"
+  hypervisor_host = "atlas.hyp"
+  providers = {
+    libvirt = libvirt
+  }
 }
 
-module "workers" {
-  for_each = {
-    worker1 = "tf-worker1"
+module "swarmpub1" {
+  #source      = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian"
+  source = "/home/pim/repos/tf-modules/debian"
+  name        = "swarmpub1"
+  domain_name = "tf-swarmpub1"
+  memory      = 1024 * 5
+  hypervisor_host = "atlas.hyp"
+  providers = {
+    libvirt = libvirt
+  }
+}
+
+module "swarmpriv1" {
+  #source      = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian"
+  source = "/home/pim/repos/tf-modules/debian"
+  name        = "swarmpriv1"
+  domain_name = "tf-swarmpriv1"
+  memory      = 1024 * 5
+  hypervisor_host = "atlas.hyp"
+  providers = {
+    libvirt = libvirt
+  }
+}
+
+module "swarmpub2" {
+  #source      = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian"
+  source = "/home/pim/repos/tf-modules/debian"
+  name        = "swarmpub2"
+  domain_name = "tf-swarmpub2"
+  memory      = 1024 * 3
+  hypervisor_host = "jefke.hyp"
+  providers = {
+    libvirt = libvirt.jefke
+  }
+}
+
+module "swarmpriv2" {
+  #source      = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian"
+  source = "/home/pim/repos/tf-modules/debian"
+  name        = "swarmpriv2"
+  domain_name = "tf-swarmpriv2"
+  memory      = 1024 * 3
+  hypervisor_host = "jefke.hyp"
+  providers = {
+    libvirt = libvirt.jefke
   }
-  source      = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian"
-  name        = each.key
-  domain_name = each.value
-  memory      = 1024 * 3
 }