init

ansible/ansible.cfg

@@ -0,0 +1,8 @@
+[defaults]
+roles_path=~/.ansible/roles:roles:/usr/share/ansible/roles:/etc/ansible/roles
+inventory=inventory
+#vault_password_file=util/secret-service-client.sh
+interpreter_python=/usr/bin/python3
+
+[diff]
+always = True

ansible/inventory/host_vars/thecloud.yml

@@ -0,0 +1,6 @@
+apt_install_packages:
+  - postgresql
+  - python3-psycopg2
+  - nfs-kernel-server
+
+nfs_exports: []

ansible/inventory/hosts.yml

@@ -0,0 +1,5 @@
+all:
+  hosts:
+    thecloud:
+      ansible_user: root
+      ansible_host: thecloud.dmz

ansible/requirements.yml

@@ -0,0 +1,6 @@
+- name: apt
+  src: https://github.com/sunscrapers/ansible-role-apt.git
+  scm: git
+- name: cloudinit_wait
+  src: https://git.pim.kunis.nl/pim/ansible-role-cloudinit-wait
+  scm: git

ansible/roles/postgresql/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart postgres
+  systemd:
+    name: postgresql
+    state: restarted

ansible/roles/postgresql/tasks/main.yml

@@ -0,0 +1,15 @@
+- name: Open postgres port
+  ini_file:
+    path: /etc/postgresql/15/main/postgresql.conf
+    section: null
+    option: listen_addresses
+    value: "'*'"
+  notify: restart postgres
+
+- name: Change data directory
+  ini_file:
+    path: /etc/postgresql/15/main/postgresql.conf
+    section: null
+    option: data_directory
+    value: "'/mnt/data/postgresql'"
+  notify: restart postgres

ansible/thecloud.yml

@@ -0,0 +1,24 @@
+---
+- name: Wait for Cloud-Init to finish
+  hosts: all
+  gather_facts: no
+  roles:
+    - cloudinit_wait
+
+- name: Setup NFS
+  hosts: thecloud
+
+  roles:
+    - {role: apt, tags: apt}
+    - {role: postgresql, tags: postgresql}
+
+  post_tasks:
+    - name: Ensure NFS exports directory exists
+      file:
+        path: /etc/exports.d
+        state: directory
+
+    - name: Start NFS
+      systemd:
+        name: nfs-kernel-server
+        state: started

terraform/.gitignore

@@ -0,0 +1,36 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+.terraform.lock.hcl
+*.tfbackend

terraform/data/main.tf

@@ -0,0 +1,30 @@
+terraform {
+  backend "pg" {
+    schema_name = "nfs-data"
+    conn_str = "postgres://terraform@10.42.0.1/terraform_state"
+  }
+
+  required_providers {
+    libvirt = {
+      source = "dmacvicar/libvirt"
+    }
+  }
+}
+
+provider "libvirt" {
+  uri = "qemu+ssh://root@lewis.hyp/system"
+}
+
+resource "libvirt_volume" "data" {
+  name = "nfs-data"
+  pool = "data"
+  size = 1024 * 1024 * 1024 * 75
+
+  lifecycle {
+    prevent_destroy = true
+  }
+}
+
+output "data_disk_id" {
+  value = libvirt_volume.data.id
+}

terraform/main.tf

@@ -0,0 +1,26 @@
+terraform {
+  backend "pg" {
+    schema_name = "thecloud"
+    conn_str = "postgres://terraform@10.42.0.1/terraform_state"
+  }
+
+  required_providers {
+    libvirt = {
+      source = "dmacvicar/libvirt"
+    }
+  }
+}
+
+provider "libvirt" {
+  uri = "qemu+ssh://root@lewis.hyp/system"
+}
+
+module "thecloud" {
+  source = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian"
+  name              = "thecloud"
+  domain_name       = "tf-thecloud"
+  hypervisor_host   = "lewis.hyp"
+  mac               = "CA:FE:C0:FF:EE:0A"
+  data_share        = ""
+  data_disk         = "/kvm/data/nfs-data"
+}