diff --git a/files/get_cert.sh b/files/get_cert.sh index 2a30d77..892d2aa 100755 --- a/files/get_cert.sh +++ b/files/get_cert.sh @@ -2,11 +2,9 @@ set -euo pipefail IFS=$'\n\t' -CAHOST=root@hermes.dmz - -eval "$(jq -r '@sh "PUBKEY=\(.pubkey) HOST=\(.host)"')" +eval "$(jq -r '@sh "PUBKEY=\(.pubkey) HOST=\(.host) CAHOST=\(.cahost)"')" # TODO: Can this be done more eye-pleasingly? -CERT=$(ssh $CAHOST '/root/ca.sh host "'"$PUBKEY"'" "'"$HOST"'".dmz') +CERT=$(ssh root@$CAHOST '/root/ca.sh host "'"$PUBKEY"'" "'"$HOST"'".dmz') jq -n --arg cert "$CERT" '{"cert":$cert}' diff --git a/main.tf b/main.tf index 4ae8707..abdbe92 100644 --- a/main.tf +++ b/main.tf @@ -32,6 +32,7 @@ data "external" "cert" { query = { pubkey = trimspace(data.tls_public_key.debian.public_key_openssh) host = var.name + cahost = var.ca_host } } @@ -49,10 +50,10 @@ resource "null_resource" "cert" { resource "libvirt_volume" "debian" { name = "${var.name}.iso" - pool = "disk" + pool = var.disk_pool size = var.disk_size - base_volume_name = "debian-bookworm.qcow2" - base_volume_pool = "iso" + base_volume_name = var.disk_base + base_volume_pool = var.disk_base_pool lifecycle { replace_triggered_by = [ @@ -63,7 +64,7 @@ resource "libvirt_volume" "debian" { resource "libvirt_cloudinit_disk" "debian" { name = "${var.name}.iso" - pool = "init" + pool = var.cloudinit_pool user_data = local.cloudinit_user_data network_config = file("${path.module}/files/network_config.cfg") } @@ -79,7 +80,7 @@ resource "libvirt_domain" "debian" { } network_interface { - bridge = "dmzbr" + bridge = var.bridge_name hostname = var.name mac = var.mac } diff --git a/variables.tf b/variables.tf index c2d3cfc..77d4242 100644 --- a/variables.tf +++ b/variables.tf @@ -3,7 +3,7 @@ variable "name" { } variable "disk_size" { - type = number + type = number default = 1024 * 1024 * 1024 * 15 } @@ -16,21 +16,51 @@ variable "admin_authorized_keys" { } variable "memory" { - type = number + type = number default = 1024 } variable "mac" { - type = string + type = string default = null } variable "insecure_password" { - type = bool + type = bool default = false } variable "use_host_cert" { - type = bool + type = bool default = true } + +variable "disk_pool" { + type = string + default = "disk" +} + +variable "disk_base" { + type = string + default = "debian-bookworm.qcow2" +} + +variable "disk_base_pool" { + type = string + default = "iso" +} + +variable "cloudinit_pool" { + type = string + default = "init" +} + +variable "bridge_name" { + type = string + default = "dmzbr" +} + +variable "ca_host" { + type = string + default = "hermes.dmz" +}