Compare commits
49 Commits
destroy/no
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
| 84e45b4c61 | |||
|
080752e8a0 | ||
|
|
f063baa349 | ||
| bada1b69da | |||
|
|
7d04a2c475 | ||
|
|
e04f10c5a3 | ||
|
|
0e7860bfe7 | ||
|
|
0c0cbc5def | ||
|
|
fcdde6cf1f | ||
|
|
524bd92da4 | ||
|
|
ba3fe8e7ff | ||
|
|
724a433d5e | ||
|
|
bfbf0680e2 | ||
|
|
8f1ee24440 | ||
|
|
73dd2e18ff | ||
| 8d9eea6728 | |||
|
|
96f6d94c3a | ||
| 8d49e447e6 | |||
|
|
99f3610a84 | ||
| d634e124a3 | |||
|
|
70b9b5e5b7 | ||
|
|
93d3f94100 | ||
| 70139b2693 | |||
|
|
8773f5026c | ||
| 1b6eca0f69 | |||
|
|
9551e0ad53 | ||
|
|
ffc1c1e785 | ||
| 3e55a72767 | |||
|
|
fcbd6a0b1d | ||
|
|
7227782d4f | ||
|
|
6dec58856e | ||
|
|
437d7ab8d1 | ||
|
|
ac2db5a1cf | ||
|
|
74b2fb8175 | ||
|
|
1acd33cb87 | ||
|
|
f9edeb8be5 | ||
|
|
661fb95830 | ||
|
|
50ae59602c | ||
|
|
507c102dad | ||
| b26ff582a4 | |||
|
|
ec07db08db | ||
| 114bfb9772 | |||
| 5509e14066 | |||
| df088a7903 | |||
| dcec6c3648 | |||
| a0ee1b8a4b | |||
| 39d4e2ac65 | |||
| 6d06cfac02 | |||
| e669353638 |
@ -16,8 +16,9 @@ jobs:
|
||||
pull-requests: write
|
||||
|
||||
env:
|
||||
TF_VAR_TS_AUTHKEY: ${{ secrets.TAILSCALE_KEY }}
|
||||
TF_VAR_ssh_key: ${{ secrets.SSH_PUBLIC_KEY }}
|
||||
TF_VAR_SSH_KEY_PUBLIC: ${{ secrets.SSH_KEY_PUBLIC }}
|
||||
TF_VAR_TS_AUTHKEY: ${{ secrets.TS_AUTHKEY }}
|
||||
TF_VAR_proxmox_password: ${{ secrets.PROXMOX_PASSWORD }}
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
@ -28,11 +29,6 @@ jobs:
|
||||
with:
|
||||
terraform_version: 1.6.6
|
||||
|
||||
- name: Inject sensitive secrets
|
||||
working-directory: terraform
|
||||
run: |
|
||||
echo 'proxmox_password = "${{ secrets.PROXMOX_PASSWORD }}"' >> terraform.tfvars
|
||||
|
||||
- name: Terraform Init
|
||||
working-directory: terraform
|
||||
run: terraform init
|
||||
|
||||
@ -14,8 +14,10 @@ jobs:
|
||||
pull-requests: write
|
||||
|
||||
env:
|
||||
TF_VAR_TS_AUTHKEY: ${{ secrets.TAILSCALE_KEY }}
|
||||
TF_VAR_ssh_key: ${{ secrets.SSH_PUBLIC_KEY }}
|
||||
TF_VAR_SSH_KEY: ${{ secrets.TF_VAR_SSH_KEY_PUBLIC }}
|
||||
TF_VAR_TS_AUTHKEY: ${{ secrets.TF_VAR_TS_AUTHKEY }}
|
||||
TF_VAR_PROXMOX_PASSWORD: ${{ secrets.TF_VAR_PROXMOX_PASSWORD }}
|
||||
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
@ -26,11 +28,6 @@ jobs:
|
||||
with:
|
||||
terraform_version: 1.6.6
|
||||
|
||||
- name: Inject sensitive secrets
|
||||
working-directory: terraform
|
||||
run: |
|
||||
echo 'proxmox_password = "${{ secrets.PROXMOX_PASSWORD }}"' >> terraform.tfvars
|
||||
|
||||
- name: Terraform Init
|
||||
working-directory: terraform
|
||||
run: terraform init
|
||||
|
||||
@ -17,10 +17,9 @@ jobs:
|
||||
pull-requests: write
|
||||
|
||||
env:
|
||||
TF_VAR_TAILSCALE_KEY: ${{ secrets.TAILSCALE_KEY }}
|
||||
TF_VAR_TS_AUTHKEY: ${{ secrets.TAILSCALE_KEY }}
|
||||
TF_VAR_ssh_key: ${{ secrets.SSH_PUBLIC_KEY }}
|
||||
|
||||
TF_VAR_SSH_KEY_PUBLIC: ${{ secrets.SSH_KEY_PUBLIC }}
|
||||
TF_VAR_TS_AUTHKEY: ${{ secrets.TS_AUTHKEY }}
|
||||
TF_VAR_proxmox_password: ${{ secrets.PROXMOX_PASSWORD }}
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
@ -31,11 +30,6 @@ jobs:
|
||||
with:
|
||||
terraform_version: 1.6.6
|
||||
|
||||
- name: Inject sensitive secrets
|
||||
working-directory: terraform
|
||||
run: |
|
||||
echo 'proxmox_password = "${{ secrets.PROXMOX_PASSWORD }}"' >> terraform.tfvars
|
||||
|
||||
- name: Terraform Init
|
||||
working-directory: terraform
|
||||
run: terraform init
|
||||
|
||||
4
.gitignore
vendored
4
.gitignore
vendored
@ -1,2 +1,6 @@
|
||||
./terraform/.terraform
|
||||
terraform/.terraform/
|
||||
terraform/test-apply.sh
|
||||
terraform/test-plan.sh
|
||||
terraform/test-destroy.sh
|
||||
terraform/tfplan
|
||||
|
||||
19
terraform/.terraform.lock.hcl
generated
19
terraform/.terraform.lock.hcl
generated
@ -20,25 +20,6 @@ provider "registry.terraform.io/hashicorp/local" {
|
||||
]
|
||||
}
|
||||
|
||||
provider "registry.terraform.io/hashicorp/null" {
|
||||
version = "3.2.3"
|
||||
hashes = [
|
||||
"h1:+AnORRgFbRO6qqcfaQyeX80W0eX3VmjadjnUFUJTiXo=",
|
||||
"zh:22d062e5278d872fe7aed834f5577ba0a5afe34a3bdac2b81f828d8d3e6706d2",
|
||||
"zh:23dead00493ad863729495dc212fd6c29b8293e707b055ce5ba21ee453ce552d",
|
||||
"zh:28299accf21763ca1ca144d8f660688d7c2ad0b105b7202554ca60b02a3856d3",
|
||||
"zh:55c9e8a9ac25a7652df8c51a8a9a422bd67d784061b1de2dc9fe6c3cb4e77f2f",
|
||||
"zh:756586535d11698a216291c06b9ed8a5cc6a4ec43eee1ee09ecd5c6a9e297ac1",
|
||||
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
|
||||
"zh:9d5eea62fdb587eeb96a8c4d782459f4e6b73baeece4d04b4a40e44faaee9301",
|
||||
"zh:a6355f596a3fb8fc85c2fb054ab14e722991533f87f928e7169a486462c74670",
|
||||
"zh:b5a65a789cff4ada58a5baffc76cb9767dc26ec6b45c00d2ec8b1b027f6db4ed",
|
||||
"zh:db5ab669cf11d0e9f81dc380a6fdfcac437aea3d69109c7aef1a5426639d2d65",
|
||||
"zh:de655d251c470197bcbb5ac45d289595295acb8f829f6c781d4a75c8c8b7c7dd",
|
||||
"zh:f5c68199f2e6076bce92a12230434782bf768103a427e9bb9abee99b116af7b5",
|
||||
]
|
||||
}
|
||||
|
||||
provider "registry.terraform.io/hashicorp/template" {
|
||||
version = "2.2.0"
|
||||
hashes = [
|
||||
|
||||
@ -1,70 +1,17 @@
|
||||
### Alpaca cloud-init template
|
||||
data "template_file" "cloud_init_alpaca" {
|
||||
count = var.alpaca_vm_count
|
||||
template = file("${path.module}/files/cloud_init.yaml")
|
||||
### Global cloud-init template (for all VMs)
|
||||
|
||||
data "template_file" "cloud_init_global" {
|
||||
template = file("${path.module}/files/cloud_init_global.yaml")
|
||||
|
||||
vars = {
|
||||
ssh_key = var.ssh_key
|
||||
hostname = "alpaca-${count.index + 1}"
|
||||
domain = "home.arpa"
|
||||
TS_AUTHKEY = var.TS_AUTHKEY
|
||||
hostname = "generic"
|
||||
domain = "home.arpa"
|
||||
TS_AUTHKEY = var.TS_AUTHKEY
|
||||
SSH_KEY_PUBLIC = var.SSH_KEY_PUBLIC
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
resource "local_file" "cloud_init_alpaca" {
|
||||
count = var.alpaca_vm_count
|
||||
content = data.template_file.cloud_init_alpaca[count.index].rendered
|
||||
filename = "${path.module}/files/cloud_init_alpaca_${count.index + 1}.yaml"
|
||||
resource "local_file" "cloud_init_global" {
|
||||
content = data.template_file.cloud_init_global.rendered
|
||||
filename = "${path.module}/files/cloud_init_global.yaml"
|
||||
}
|
||||
|
||||
resource "null_resource" "upload_cloud_init_alpaca" {
|
||||
count = var.alpaca_vm_count
|
||||
|
||||
connection {
|
||||
type = "ssh"
|
||||
user = "root"
|
||||
host = var.target_node
|
||||
}
|
||||
|
||||
provisioner "file" {
|
||||
source = local_file.cloud_init_alpaca[count.index].filename
|
||||
destination = "/var/lib/vz/snippets/cloud_init_alpaca_${count.index + 1}.yaml"
|
||||
}
|
||||
}
|
||||
|
||||
### Llama cloud-init template
|
||||
data "template_file" "cloud_init_llama" {
|
||||
count = var.llama_vm_count
|
||||
template = file("${path.module}/files/cloud_init.yaml")
|
||||
|
||||
vars = {
|
||||
ssh_key = var.ssh_key
|
||||
hostname = "llama-${count.index + 1}"
|
||||
domain = "home.arpa"
|
||||
TS_AUTHKEY = var.TS_AUTHKEY
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
resource "local_file" "cloud_init_llama" {
|
||||
count = var.llama_vm_count
|
||||
content = data.template_file.cloud_init_llama[count.index].rendered
|
||||
filename = "${path.module}/files/cloud_init_llama_${count.index + 1}.yaml"
|
||||
}
|
||||
|
||||
resource "null_resource" "upload_cloud_init_llama" {
|
||||
count = var.llama_vm_count
|
||||
|
||||
connection {
|
||||
type = "ssh"
|
||||
user = "root"
|
||||
host = var.target_node
|
||||
}
|
||||
|
||||
provisioner "file" {
|
||||
source = local_file.cloud_init_llama[count.index].filename
|
||||
destination = "/var/lib/vz/snippets/cloud_init_llama_${count.index + 1}.yaml"
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -1,10 +1,9 @@
|
||||
#cloud-config
|
||||
hostname: ${hostname}
|
||||
fqdn: ${hostname}.${domain}
|
||||
ssh_authorized_keys:
|
||||
- ${ssh_key}
|
||||
|
||||
runcmd:
|
||||
- curl -fsSL https://tailscale.com/install.sh | sh
|
||||
- tailscale up --auth-key=${TS_AUTHKEY}
|
||||
- tailscale set --ssh
|
||||
|
||||
|
||||
6
terraform/files/cloud_init_base.yaml
Normal file
6
terraform/files/cloud_init_base.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
#cloud-config
|
||||
runcmd:
|
||||
- curl -fsSL https://tailscale.com/install.sh | sh
|
||||
- tailscale up --auth-key=${TS_AUTHKEY}
|
||||
- tailscale set --ssh
|
||||
|
||||
48
terraform/files/cloud_init_global.yaml
Normal file
48
terraform/files/cloud_init_global.yaml
Normal file
@ -0,0 +1,48 @@
|
||||
#cloud-config
|
||||
#cloud-config
|
||||
hostname: myvm
|
||||
manage_etc_hosts: true
|
||||
resolv_conf:
|
||||
nameservers:
|
||||
- 8.8.8.8
|
||||
- 1.1.1.1
|
||||
|
||||
package_update: true
|
||||
package_upgrade: true
|
||||
|
||||
# APT fails to acquire GPG keys if package dirmngr is missing
|
||||
bootcmd:
|
||||
- [ cloud-init-per, once, dirmngr-aptupdate, apt-get, update ]
|
||||
- [ cloud-init-per, once, dirmngr-aptinstall, apt-get, install, dirmngr, -y ]
|
||||
- [ cloud-init-per, once, dirmngr-aptinstall, apt-get, install, gnupg2, -y ]
|
||||
|
||||
packages:
|
||||
- jq
|
||||
- curl
|
||||
- qemu-guest-agent
|
||||
|
||||
users:
|
||||
- name: stuart
|
||||
groups: sudo
|
||||
shell: /bin/bash
|
||||
sudo: ['ALL=(ALL) NOPASSWD:ALL']
|
||||
ssh_authorized_keys:
|
||||
- ${SSH_KEY_PUBLIC}
|
||||
|
||||
preserve_hostname: false
|
||||
fqdn: ${hostname}.${domain}
|
||||
|
||||
#cloud-config
|
||||
# The above header must generally appear on the first line of a cloud config
|
||||
# file, but all other lines that begin with a # are optional comments.
|
||||
|
||||
runcmd:
|
||||
# One-command install, from https://tailscale.com/download/
|
||||
- ['sh', '-c', 'curl -fsSL https://tailscale.com/install.sh | sh']
|
||||
# Set sysctl settings for IP forwarding (useful when configuring an exit node)
|
||||
- ['sh', '-c', "echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf && echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf && sudo sysctl -p /etc/sysctl.d/99-tailscale.conf" ]
|
||||
# Generate an auth key from your Admin console
|
||||
# https://login.tailscale.com/admin/settings/keys
|
||||
# and replace the placeholder below
|
||||
- ['tailscale', 'up', '--auth-key=${TS_AUTHKEY}']
|
||||
|
||||
@ -20,23 +20,37 @@ resource "proxmox_vm_qemu" "alpacas" {
|
||||
vmid = 500 + count.index + 1
|
||||
target_node = var.target_node
|
||||
clone = var.clone_template
|
||||
full_clone = false
|
||||
full_clone = true
|
||||
os_type = "cloud-init"
|
||||
agent = 1
|
||||
|
||||
sockets = var.sockets
|
||||
cores = var.cores
|
||||
memory = var.memory
|
||||
scsihw = "virtio-scsi-pci"
|
||||
boot = "order=scsi0"
|
||||
ipconfig0 = "ip=dhcp"
|
||||
cicustom = "user=local:snippets/cloud_init_alpaca_${count.index + 1}.yaml"
|
||||
depends_on = [null_resource.upload_cloud_init_alpaca]
|
||||
sockets = var.sockets
|
||||
cores = var.cores
|
||||
memory = var.memory
|
||||
scsihw = "virtio-scsi-pci"
|
||||
boot = "order=virtio0"
|
||||
bootdisk = "virtio0"
|
||||
ipconfig0 = "ip=dhcp"
|
||||
cicustom = "user=local:snippets/cloud_init_global.yaml"
|
||||
|
||||
disk {
|
||||
slot = "scsi0"
|
||||
type = "disk"
|
||||
storage = var.storage
|
||||
size = var.disk_size
|
||||
|
||||
disks {
|
||||
virtio {
|
||||
virtio0 {
|
||||
disk {
|
||||
size = var.disk_size
|
||||
storage = var.storage
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
ide {
|
||||
ide2 {
|
||||
cloudinit {
|
||||
storage = var.storage
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
network {
|
||||
@ -53,25 +67,39 @@ resource "proxmox_vm_qemu" "llamas" {
|
||||
vmid = 600 + count.index + 1
|
||||
target_node = var.target_node
|
||||
clone = var.clone_template
|
||||
full_clone = false
|
||||
full_clone = true
|
||||
os_type = "cloud-init"
|
||||
agent = 1
|
||||
|
||||
sockets = var.sockets
|
||||
cores = var.cores
|
||||
memory = var.memory
|
||||
scsihw = "virtio-scsi-pci"
|
||||
boot = "order=scsi0"
|
||||
ipconfig0 = "ip=dhcp"
|
||||
cicustom = "user=local:snippets/cloud_init_llama_${count.index + 1}.yaml"
|
||||
depends_on = [null_resource.upload_cloud_init_llama]
|
||||
sockets = var.sockets
|
||||
cores = var.cores
|
||||
memory = var.memory
|
||||
scsihw = "virtio-scsi-pci"
|
||||
boot = "order=virtio0"
|
||||
bootdisk = "virtio0"
|
||||
ipconfig0 = "ip=dhcp"
|
||||
cicustom = "user=local:snippets/cloud_init_global.yaml"
|
||||
|
||||
disk {
|
||||
slot = "scsi0"
|
||||
type = "disk"
|
||||
storage = var.storage
|
||||
size = var.disk_size
|
||||
disks {
|
||||
virtio {
|
||||
virtio0 {
|
||||
disk {
|
||||
size = var.disk_size
|
||||
storage = var.storage
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
ide {
|
||||
ide2 {
|
||||
cloudinit {
|
||||
storage = var.storage
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
network {
|
||||
id = 0
|
||||
model = "virtio"
|
||||
|
||||
@ -1,13 +1,12 @@
|
||||
target_node = "flex"
|
||||
clone_template = "Alpine-TemplateV2"
|
||||
clone_template = "ubuntu-cloudinit"
|
||||
vm_name = "alpine-vm"
|
||||
cores = 2
|
||||
memory = 2048
|
||||
cores = 1
|
||||
memory = 1024
|
||||
disk_size = "15G"
|
||||
sockets = 1
|
||||
bridge = "vmbr0"
|
||||
disk_type = "scsi"
|
||||
storage = "Flash"
|
||||
pm_api_url = "https://100.105.0.115:8006/api2/json"
|
||||
pm_user = "terraform-prov@pve"
|
||||
|
||||
pm_user = "terraform-prov@pve"
|
||||
@ -79,9 +79,7 @@ variable "TS_AUTHKEY" {
|
||||
description = "Tailscale auth key used in cloud-init"
|
||||
}
|
||||
|
||||
|
||||
variable "ssh_key" {
|
||||
variable "SSH_KEY_PUBLIC" {
|
||||
type = string
|
||||
description = "Public SSH key used by cloud-init"
|
||||
description = "My Public SSH key fo ssh auth list"
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user