Tellsanguis/Homelab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: Commit initial

Browse source
This commit is contained in:
Tellsanguis 2025-11-07 09:33:38 +01:00
commit 40dc0f4184
43 changed files with 1990 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

70
terraform/pve3/cloud-init.tf Normal file
View file

@ -0,0 +1,70 @@
# Cloud-init configuration for etcd-witness
locals {
base_user_data = {
package_upgrade = true
packages = [
"ansible",
"git",
"curl",
"wget",
"ca-certificates",
"gnupg",
"lsb-release"
]
users = [
{
name = "ansible"
sudo = "ALL=(ALL) NOPASSWD:ALL"
shell = "/bin/bash"
ssh_authorized_keys = [var.ssh_public_key]
groups = "sudo"
}
]
timezone = "Europe/Paris"
}
ansible_pull_script = <<-EOT
#!/bin/bash
set -e
source /etc/ansible-pull.conf
WORK_DIR="/var/lib/ansible-local"
mkdir -p $WORK_DIR
cd $WORK_DIR
REPO_WITH_AUTH=$(echo $REPO_URL | sed "s|https://|https://git:$FORGEJO_TOKEN@|")
if [ -d ".git" ]; then
git pull origin main 2>&1 | logger -t ansible-pull
else
git clone $REPO_WITH_AUTH . 2>&1 | logger -t ansible-pull
fi
ansible-playbook ansible/site.yml -i localhost, --connection=local -e "k3s_version=$K3S_VERSION" 2>&1 | logger -t ansible-pull
EOT
etcd_witness_user_data = {
write_files = [
{
path = "/etc/node-role"
content = "witness"
permissions = "0644"
},
{
path = "/etc/ansible-pull.conf"
content = "REPO_URL=${var.forgejo_repo_url}\nFORGEJO_TOKEN=${var.forgejo_token}\nK3S_VERSION=${var.k3s_version}"
permissions = "0600"
},
{
path = "/usr/local/bin/ansible-pull-wrapper.sh"
content = local.ansible_pull_script
permissions = "0755"
}
]
runcmd = [
"echo '*/15 * * * * root /usr/local/bin/ansible-pull-wrapper.sh' > /etc/cron.d/ansible-pull",
"sleep 60 && /usr/local/bin/ansible-pull-wrapper.sh &"
]
}
}
resource "local_file" "etcd_witness_cloud_init" {
filename = "${path.module}/.generated/cloud-init-etcd-witness.yaml"
content = yamlencode(merge(local.base_user_data, local.etcd_witness_user_data))
}