From 3ab58714d63bdd72747d0db491b3d2c84d95ec34 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Sat, 10 Jun 2023 13:10:39 +0200
Subject: [PATCH] init

---
 ansible/ansible.cfg                        |  8 +++++
 ansible/inventory/host_vars/thecloud.yml   |  6 ++++
 ansible/inventory/hosts.yml                |  5 +++
 ansible/requirements.yml                   |  6 ++++
 ansible/roles/postgresql/handlers/main.yml |  4 +++
 ansible/roles/postgresql/tasks/main.yml    | 15 +++++++++
 ansible/thecloud.yml                       | 24 +++++++++++++++
 terraform/.gitignore                       | 36 ++++++++++++++++++++++
 terraform/data/main.tf                     | 30 ++++++++++++++++++
 terraform/main.tf                          | 26 ++++++++++++++++
 10 files changed, 160 insertions(+)
 create mode 100644 ansible/ansible.cfg
 create mode 100644 ansible/inventory/host_vars/thecloud.yml
 create mode 100644 ansible/inventory/hosts.yml
 create mode 100644 ansible/requirements.yml
 create mode 100644 ansible/roles/postgresql/handlers/main.yml
 create mode 100644 ansible/roles/postgresql/tasks/main.yml
 create mode 100644 ansible/thecloud.yml
 create mode 100644 terraform/.gitignore
 create mode 100644 terraform/data/main.tf
 create mode 100644 terraform/main.tf

diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg
new file mode 100644
index 0000000..cdf7649
--- /dev/null
+++ b/ansible/ansible.cfg
@@ -0,0 +1,8 @@
+[defaults]
+roles_path=~/.ansible/roles:roles:/usr/share/ansible/roles:/etc/ansible/roles
+inventory=inventory
+#vault_password_file=util/secret-service-client.sh
+interpreter_python=/usr/bin/python3
+
+[diff]
+always = True
diff --git a/ansible/inventory/host_vars/thecloud.yml b/ansible/inventory/host_vars/thecloud.yml
new file mode 100644
index 0000000..bcbc56b
--- /dev/null
+++ b/ansible/inventory/host_vars/thecloud.yml
@@ -0,0 +1,6 @@
+apt_install_packages:
+  - postgresql
+  - python3-psycopg2
+  - nfs-kernel-server
+
+nfs_exports: []
diff --git a/ansible/inventory/hosts.yml b/ansible/inventory/hosts.yml
new file mode 100644
index 0000000..19e626d
--- /dev/null
+++ b/ansible/inventory/hosts.yml
@@ -0,0 +1,5 @@
+all:
+  hosts:
+    thecloud:
+      ansible_user: root
+      ansible_host: thecloud.dmz
diff --git a/ansible/requirements.yml b/ansible/requirements.yml
new file mode 100644
index 0000000..21a3a21
--- /dev/null
+++ b/ansible/requirements.yml
@@ -0,0 +1,6 @@
+- name: apt
+  src: https://github.com/sunscrapers/ansible-role-apt.git
+  scm: git
+- name: cloudinit_wait
+  src: https://git.pim.kunis.nl/pim/ansible-role-cloudinit-wait
+  scm: git
diff --git a/ansible/roles/postgresql/handlers/main.yml b/ansible/roles/postgresql/handlers/main.yml
new file mode 100644
index 0000000..a09812e
--- /dev/null
+++ b/ansible/roles/postgresql/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: restart postgres
+  systemd:
+    name: postgresql
+    state: restarted
diff --git a/ansible/roles/postgresql/tasks/main.yml b/ansible/roles/postgresql/tasks/main.yml
new file mode 100644
index 0000000..d3e811e
--- /dev/null
+++ b/ansible/roles/postgresql/tasks/main.yml
@@ -0,0 +1,15 @@
+- name: Open postgres port
+  ini_file:
+    path: /etc/postgresql/15/main/postgresql.conf
+    section: null
+    option: listen_addresses
+    value: "'*'"
+  notify: restart postgres
+
+- name: Change data directory
+  ini_file:
+    path: /etc/postgresql/15/main/postgresql.conf
+    section: null
+    option: data_directory
+    value: "'/mnt/data/postgresql'"
+  notify: restart postgres
diff --git a/ansible/thecloud.yml b/ansible/thecloud.yml
new file mode 100644
index 0000000..7e74356
--- /dev/null
+++ b/ansible/thecloud.yml
@@ -0,0 +1,24 @@
+---
+- name: Wait for Cloud-Init to finish
+  hosts: all
+  gather_facts: no
+  roles:
+    - cloudinit_wait
+
+- name: Setup NFS
+  hosts: thecloud
+
+  roles:
+    - {role: apt, tags: apt}
+    - {role: postgresql, tags: postgresql}
+
+  post_tasks:
+    - name: Ensure NFS exports directory exists
+      file:
+        path: /etc/exports.d
+        state: directory
+
+    - name: Start NFS
+      systemd:
+        name: nfs-kernel-server
+        state: started
diff --git a/terraform/.gitignore b/terraform/.gitignore
new file mode 100644
index 0000000..3906290
--- /dev/null
+++ b/terraform/.gitignore
@@ -0,0 +1,36 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+.terraform.lock.hcl
+*.tfbackend
diff --git a/terraform/data/main.tf b/terraform/data/main.tf
new file mode 100644
index 0000000..3f6cb10
--- /dev/null
+++ b/terraform/data/main.tf
@@ -0,0 +1,30 @@
+terraform {
+  backend "pg" {
+    schema_name = "nfs-data"
+    conn_str = "postgres://terraform@10.42.0.1/terraform_state"
+  }
+
+  required_providers {
+    libvirt = {
+      source = "dmacvicar/libvirt"
+    }
+  }
+}
+
+provider "libvirt" {
+  uri = "qemu+ssh://root@lewis.hyp/system"
+}
+
+resource "libvirt_volume" "data" {
+  name = "nfs-data"
+  pool = "data"
+  size = 1024 * 1024 * 1024 * 75
+
+  lifecycle {
+    prevent_destroy = true
+  }
+}
+
+output "data_disk_id" {
+  value = libvirt_volume.data.id
+}
diff --git a/terraform/main.tf b/terraform/main.tf
new file mode 100644
index 0000000..8e57e36
--- /dev/null
+++ b/terraform/main.tf
@@ -0,0 +1,26 @@
+terraform {
+  backend "pg" {
+    schema_name = "thecloud"
+    conn_str = "postgres://terraform@10.42.0.1/terraform_state"
+  }
+
+  required_providers {
+    libvirt = {
+      source = "dmacvicar/libvirt"
+    }
+  }
+}
+
+provider "libvirt" {
+  uri = "qemu+ssh://root@lewis.hyp/system"
+}
+
+module "thecloud" {
+  source = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian"
+  name              = "thecloud"
+  domain_name       = "tf-thecloud"
+  hypervisor_host   = "lewis.hyp"
+  mac               = "CA:FE:C0:FF:EE:0A"
+  data_share        = ""
+  data_disk         = "/kvm/data/nfs-data"
+}