vladan
/
hklbgd-infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

modularize tf infrastructure

This commit is contained in:
Vladan Popovic 2024-03-01 16:34:20 +01:00
parent 493daeeb29
commit 6dae248c01
14 changed files with 291 additions and 151 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
forgejo/main.tf
View File

@ -1,67 +0,0 @@
terraform {
required_providers {
libvirt = {
source = "dmacvicar/libvirt"
version = "0.7.6"
}
}
}
provider "libvirt" {
uri = "qemu:///system"
}
resource "libvirt_volume" "fcos" {
name = "fcos"
pool = "default"
source = "fedora-coreos-39.20240128.3.0-qemu.x86_64.qcow2"
format = "qcow2"
}
resource "libvirt_volume" "forgejo_rootfs" {
name = "forgejo_rootfs"
base_volume_id = libvirt_volume.fcos.id
}
resource "libvirt_volume" "data" {
name = "data.qcow2"
pool = "default"
size = 354334801920
format = "qcow2"
lifecycle {
prevent_destroy = true
}
}
resource "libvirt_ignition" "ign" {
name = "service.ign"
content = "service.ign"
}
resource "libvirt_domain" "default" {
name = "forgejo"
autostart = true
memory = "2048"
vcpu = 2
coreos_ignition = libvirt_ignition.ign.id
disk {
volume_id = "${libvirt_volume.forgejo_rootfs.id}"
}
disk {
volume_id = "${libvirt_volume.data.id}"
}
network_interface {
network_name = "default"
hostname = "forgejo"
addresses = ["192.168.122.150"]
mac = "A6:3A:5E:C4:5A:C3"
wait_for_lease = true
}
console {
type = "pty"
target_port = "0"
target_type = "virtio"
source_path = "/dev/pts/24"
}
}

2
kanidm/app.ini → ignition/forgejo/app.ini
View File

@ -83,7 +83,7 @@ ENABLED = false
[openid] [openid]
ENABLE_OPENID_SIGNIN = true ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = true ENABLE_OPENID_SIGNUP = true
WHITELISTED_URIS = id.hklbgd.org WHITELISTED_URIS = kanidm.hklbgd.org
[cron.update_checker] [cron.update_checker]
ENABLED = false ENABLED = false

0
forgejo/service.bu → ignition/forgejo/service.bu
View File

61
ignition/host/proxmox-coreos.bu Normal file
View File

@ -0,0 +1,61 @@
variant: fcos
version: 1.5.0
passwd:
users:
- name: vladan
ssh_authorized_keys:
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFtUc2UvKFGSSlP3RRXUIToDYh8a8pg5DqDkJS+nBTG vladan@jenga"
password_hash: "$y$j9T$kBtBBkINmXh6lxmBqCJkr1$bA1fjZ5pC4CUr6VUnRe2FAWrW5tb6lfX/7.38axa5S3"
groups:
- wheel
shell: /bin/bash
- name: chavi
ssh_authorized_keys:
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCz74zYGwoGjtn4jjBas2fxrFoAJgnQ8uJG5xvXQdyC3rxbsuR5ZwnpMaEBG6LOM6p4qA3E1/9Kw7XU0l09O156SYN11m4GSSaw5Br8oLEkdllsxOkHjrAXuU3hGsg/ipbVzICt/RukNKbuG1Qod43Hlf/zTKeoIsaPd0MaVpWn2rMF6dgLx+4bbe40BxPWI0XOHjXCZqjMPf0Nz/l/YUlvyRIWHvxr5PIyZtJnPGeOxyuZx9/zY7URDU6+WClzXoiRfiIQI143f8QAxMSC+Gbo0ouo91pK1VJFKhA7x9lXBeJ2m22Y9aIDoJ5gE0LEfRiPpH+YM0Gu8c0GLbqpDGT8WaHqB3VdjBkWVs2Au+1p/9P6m0oz2omLH7MUHh7jP4VnX3uVLn788SltMkjd5oyzJLqykKuJEcX4wInyynIxKAlLKl2pb9Tpk47yxkFKnRWgBy93kqkIc5ZKhnS4S/3P91mIVHhXSR9yp806VVQ3DXng2ej8TNRE9uoMoh5RB4k= ivan@ivan-ThinkPad"
password_hash: "$y$j9T$C/reAmIG3L0rGz0jhUSDa.$YLEh/OYaVY2hjYhzcdcrzmkbvyzTGkPp8h3FcvfGDc/"
groups:
- wheel
shell: /bin/bash
- name: random
ssh_authorized_keys:
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFtUc2UvKFGSSlP3RRXUIToDYh8a8pg5DqDkJS+nBTG vladan@jenga"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCz74zYGwoGjtn4jjBas2fxrFoAJgnQ8uJG5xvXQdyC3rxbsuR5ZwnpMaEBG6LOM6p4qA3E1/9Kw7XU0l09O156SYN11m4GSSaw5Br8oLEkdllsxOkHjrAXuU3hGsg/ipbVzICt/RukNKbuG1Qod43Hlf/zTKeoIsaPd0MaVpWn2rMF6dgLx+4bbe40BxPWI0XOHjXCZqjMPf0Nz/l/YUlvyRIWHvxr5PIyZtJnPGeOxyuZx9/zY7URDU6+WClzXoiRfiIQI143f8QAxMSC+Gbo0ouo91pK1VJFKhA7x9lXBeJ2m22Y9aIDoJ5gE0LEfRiPpH+YM0Gu8c0GLbqpDGT8WaHqB3VdjBkWVs2Au+1p/9P6m0oz2omLH7MUHh7jP4VnX3uVLn788SltMkjd5oyzJLqykKuJEcX4wInyynIxKAlLKl2pb9Tpk47yxkFKnRWgBy93kqkIc5ZKhnS4S/3P91mIVHhXSR9yp806VVQ3DXng2ej8TNRE9uoMoh5RB4k= ivan@ivan-ThinkPad"
password_hash: "$y$j9T$qi3pFCD77.Vb8JxbamPgo1$po2Xt0NDCMa1E6evdyRhmyoWBt1no3TLM8FcDvrdDXD"
shell: /bin/bash
storage:
disks:
- device: /dev/sdb
wipe_table: false
partitions:
- number: 1
label: SD_GPT_VAR
guid: "4d21b016-b534-45c2-a9fb-5c16e091fd2d"
filesystems:
- path: /var
device: /dev/disk/by-partlabel/SD_GPT_VAR
format: xfs
wipe_filesystem: false
label: var
with_mount_unit: true
files:
- path: /etc/hostname
mode: 0644
contents:
inline: proxmox-coreos
systemd:
units:
- name: install-virt.service
enabled: true
contents: |
[Unit]
Description=Layer virt rpm-ostree
Wants=network-online.target
After=network-online.target
Before=zincati.service
ConditionPathExists=!/usr/sbin/libvirtd
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/rpm-ostree install libvirt qemu

0
kanidm/server.toml → ignition/kanidm/server.toml
View File

9
kanidm/service.bu → ignition/kanidm/service.bu
View File

@ -5,7 +5,6 @@ passwd:
- name: vladan - name: vladan
ssh_authorized_keys: ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFtUc2UvKFGSSlP3RRXUIToDYh8a8pg5DqDkJS+nBTG vladan@jenga - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFtUc2UvKFGSSlP3RRXUIToDYh8a8pg5DqDkJS+nBTG vladan@jenga
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHEY82J6Za3qkt7N6hZIOMEBeUna1dmsQjFZm3rIQzzz vladan@proxmox-coreos
password_hash: "$y$j9T$kBtBBkINmXh6lxmBqCJkr1$bA1fjZ5pC4CUr6VUnRe2FAWrW5tb6lfX/7.38axa5S3" password_hash: "$y$j9T$kBtBBkINmXh6lxmBqCJkr1$bA1fjZ5pC4CUr6VUnRe2FAWrW5tb6lfX/7.38axa5S3"
groups: groups:
- wheel - wheel
@ -13,19 +12,19 @@ passwd:
storage: storage:
disks: disks:
- device: /dev/vdb - device: /dev/vdb
wipe_table: false wipe_table: true
partitions: partitions:
- number: 1 - number: 1
label: kanidm label: kanidm-data
start_mib: 0 start_mib: 0
size_mib: 10000 size_mib: 10000
filesystems: filesystems:
- path: /var/lib/kanidm - path: /var/lib/kanidm
device: /dev/disk/by-partlabel/kanidm device: /dev/disk/by-partlabel/kanidm-data
format: xfs format: xfs
label: data label: data
with_mount_unit: true with_mount_unit: true
wipe_filesystem: false wipe_filesystem: true
files: files:
- path: /etc/hostname - path: /etc/hostname
mode: 0644 mode: 0644

67
kanidm/main.tf
View File

@ -1,67 +0,0 @@
terraform {
required_providers {
libvirt = {
source = "dmacvicar/libvirt"
version = "0.7.6"
}
}
}
provider "libvirt" {
uri = "qemu:///system"
}
resource "libvirt_volume" "fcos" {
name = "fcos"
pool = "default"
source = "fedora-coreos-39.20240128.3.0-qemu.x86_64.qcow2"
format = "qcow2"
}
resource "libvirt_volume" "kanidm" {
name = "kanidm-rootfs.qcow2"
base_volume_id = libvirt_volume.fcos.id
}
resource "libvirt_volume" "data" {
name = "kanidm-data.qcow2"
pool = "default"
size = 3221225472
format = "qcow2"
lifecycle {
prevent_destroy = true
}
}
resource "libvirt_ignition" "kanidm" {
name = "kanidm-service.ign"
content = "service.ign"
}
resource "libvirt_domain" "kanidm" {
name = "kanidm"
autostart = true
memory = "2048"
vcpu = 2
coreos_ignition = libvirt_ignition.kanidm.id
disk {
volume_id = "${libvirt_volume.kanidm.id}"
}
disk {
volume_id = "${libvirt_volume.data.id}"
}
network_interface {
network_name = "default"
hostname = "kanidm.hklbgd.org"
addresses = ["192.168.122.110"]
mac = "56:FA:7E:C9:6A:E9"
wait_for_lease = true
}
console {
type = "pty"
target_port = "0"
target_type = "virtio"
source_path = "/dev/pts/25"
}
}

11
redeploy.sh
View File

@ -1,11 +0,0 @@
#!/bin/bash
set -xe
[[ -z $1 ]] && echo "must provide service path" && exit 1
pushd $1
podman run --interactive --rm -v $PWD:/data quay.io/coreos/butane --files-dir /data --pretty --strict < service.bu > service.ign
tofu state rm libvirt_volume.data 2>/dev/null || echo "data volume not provisioned ... continuing"
tofu destroy
tofu apply
popd

57
tofu/main.tf Normal file
View File

@ -0,0 +1,57 @@
terraform {
required_providers {
libvirt = {
source = "dmacvicar/libvirt"
version = "0.7.6"
}
}
}
provider "libvirt" {
uri = "qemu+ssh://vladan@10.4.4.201/system"
# uri = "qemu:///system"
}
module "network" {
source = "./network"
domain = "hklbgd.org"
subnet = ["10.117.3.0/24"]
}
module "storage" {
source = "./storage"
}
module "kanidm_vm" {
source = "./service-vm"
domain_name = "kanidm"
domain_memory = "4096"
domain_vcpu = 2
domain_pool = module.storage.pool
domain_base_volume_id = module.storage.base_volume_id
domain_data_volume_size = 322122547200 # 300GB
domain_ignition_path = "../ignition/kanidm/service.ign"
domain_network = {
network_id = module.network.id
hostname = "id.${module.network.domain}"
addresses = ["10.117.3.100"]
mac_address = "8A:41:86:95:40:35"
}
}
module "forgejo_vm" {
source = "./service-vm"
domain_name = "forgejo"
domain_memory = "4096"
domain_vcpu = 2
domain_pool = module.storage.pool
domain_base_volume_id = module.storage.base_volume_id
domain_data_volume_size = 322122547200 # 300GB
domain_ignition_path = "../ignition/forgejo/service.ign"
domain_network = {
network_id = module.network.id
hostname = "forge.${module.network.domain}"
addresses = ["10.117.3.110"]
mac_address = "8A:41:86:11:16:83"
}
}

31
tofu/network/main.tf Normal file
View File

@ -0,0 +1,31 @@
terraform {
required_providers {
libvirt = {
source = "dmacvicar/libvirt"
version = "0.7.6"
}
}
}
resource "libvirt_network" "hklbgd" {
name = "hklbgd-guests"
mode = "nat"
domain = var.domain
autostart = true
addresses = var.subnet
dns {
enabled = true
local_only = true
}
}
output "id" {
value = libvirt_network.hklbgd.id
}
output "domain" {
value = var.domain
}

9
tofu/network/variables.tf Normal file
View File

@ -0,0 +1,9 @@
variable "subnet" {
type = list(string)
default = ["10.117.3.0/24"]
}
variable "domain" {
type = string
default = "proxmox-coreos.hklbgd.org"
}

62
tofu/service-vm/main.tf Normal file
View File

@ -0,0 +1,62 @@
terraform {
required_providers {
libvirt = {
source = "dmacvicar/libvirt"
version = "0.7.6"
}
}
}
resource "libvirt_volume" "rootfs" {
name = "${var.domain_name}-rootfs.qcow2"
pool = var.domain_pool
base_volume_id = var.domain_base_volume_id
}
resource "libvirt_volume" "data" {
name = "${var.domain_name}-data.qcow2"
pool = var.domain_pool
size = var.domain_data_volume_size
format = "qcow2"
lifecycle {
prevent_destroy = true
}
}
resource "libvirt_ignition" "ign" {
name = "${var.domain_name}-service.ign"
pool = var.domain_pool
content = "${var.domain_ignition_path}"
}
resource "libvirt_domain" "service" {
name = var.domain_name
autostart = true
memory = var.domain_memory
vcpu = var.domain_vcpu
coreos_ignition = libvirt_ignition.ign.id
disk {
volume_id = libvirt_volume.rootfs.id
}
disk {
volume_id = libvirt_volume.data.id
}
network_interface {
network_id = var.domain_network.network_id
hostname = var.domain_network.hostname
addresses = var.domain_network.addresses
mac = var.domain_network.mac_address
wait_for_lease = true
}
console {
type = "pty"
target_port = "0"
target_type = "serial"
}
graphics {
type = "spice"
}
}

38
tofu/service-vm/variables.tf Normal file
View File

@ -0,0 +1,38 @@
variable "domain_name" {
type = string
}
variable "domain_memory" {
type = string
default = "2048"
}
variable "domain_vcpu" {
type = number
default = 1
}
variable "domain_pool" {
type = string
}
variable "domain_base_volume_id" {
type = string
}
variable "domain_data_volume_size" {
type = number
}
variable "domain_ignition_path" {
type = string
}
variable "domain_network" {
type = object({
network_id = string
hostname = string
addresses = list(string)
mac_address = string
})
}

28
tofu/storage/main.tf Normal file
View File

@ -0,0 +1,28 @@
terraform {
required_providers {
libvirt = {
source = "dmacvicar/libvirt"
version = "0.7.6"
}
}
}
resource "libvirt_pool" "hklbgd" {
name = "hklbgd-guests"
type = "dir"
path = "/var/lib/libvirt/guest_images"
}
resource "libvirt_volume" "fcos" {
name = "fedora-coreos-39.20240210.3.0-qemu.x86_64.qcow2"
pool = libvirt_pool.hklbgd.name
format = "qcow2"
}
output "pool" {
value = libvirt_pool.hklbgd.name
}
output "base_volume_id" {
value = libvirt_volume.fcos.id
}