Compare commits
38 Commits
main
...
initial-vm
| Author | SHA1 | Date | |
|---|---|---|---|
72a790c038
|
|||
|
dfcfe941cf
|
|||
|
ac3494efc5
|
|||
|
6b2a820282
|
|||
|
6dfab582c4
|
|||
|
41a0c9393e
|
|||
|
92fbca47db
|
|||
|
5b0bae4865
|
|||
|
bc59bd5fdb
|
|||
|
8b128060e3
|
|||
|
870e4e9476
|
|||
|
763958634e
|
|||
|
29906fc462
|
|||
|
ab54c18b1b
|
|||
|
fce7d91115
|
|||
|
20bee24b19
|
|||
|
f891d1e6a8
|
|||
|
8406db7eaf
|
|||
|
2d8ad8f453
|
|||
|
599931fd9a
|
|||
|
0edaee542f
|
|||
|
b39d99b781
|
|||
|
9c2ce06cb0
|
|||
|
18e2ba2f75
|
|||
|
04881f9dfa
|
|||
|
19247a2467
|
|||
|
e12565fdb6
|
|||
|
52c0492176
|
|||
|
0dccf1902a
|
|||
|
1c59a98ec5
|
|||
|
7582010748
|
|||
|
54d26948bd
|
|||
|
46de0b3d0f
|
|||
|
f447e9e77e
|
|||
|
4a995ed62e
|
|||
|
f189b1fca3
|
|||
|
152a5a606e
|
|||
|
381ae8bcf3
|
28
.github/workflows/infra.yaml
vendored
28
.github/workflows/infra.yaml
vendored
@@ -4,14 +4,15 @@ on:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- infra/**-playbook.yaml
|
||||
- infra/**playbook.yaml
|
||||
- .github/workflows/infra.yaml
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
|
||||
env:
|
||||
DEPLOY: ${{ github.ref == 'refs/heads/main' && ((startsWith(github.event.head_commit.message, '[deploy-all]') && 'all') || ('some')) || 'none' }}
|
||||
# DEPLOY: ${{ github.ref == 'refs/heads/main' && ((startsWith(github.event.head_commit.message, '[deploy-all]') && 'all') || ('some')) || 'none' }}
|
||||
DEPLOY: all
|
||||
|
||||
jobs:
|
||||
ansible-playbooks:
|
||||
@@ -23,20 +24,17 @@ jobs:
|
||||
with:
|
||||
fetch-depth: ${{ env.DEPLOY == 'some' && 2 || 1 }}
|
||||
|
||||
- name: Setup Python
|
||||
uses: actions/setup-python@v4
|
||||
with:
|
||||
python-version: "3.11"
|
||||
|
||||
- name: Install dependencies
|
||||
run: |
|
||||
apt update
|
||||
apt install -y python3-pip
|
||||
pip3 install -r requirements.txt
|
||||
ansible-galaxy collection install community.general
|
||||
|
||||
- name: Check playbooks
|
||||
run: |
|
||||
for file in $(find . -wholename "*/infra/*-playbook.yaml" -type f); do
|
||||
ansible-playbook --inventory ./inventory --check "$file"
|
||||
for file in $(find . -wholename "*/infra/*playbook.yaml" -type f); do
|
||||
ansible-playbook --inventory ./inventory --syntax-check "$file"
|
||||
done
|
||||
|
||||
- name: Get changed playbooks
|
||||
@@ -44,7 +42,7 @@ jobs:
|
||||
if: env.DEPLOY == 'some'
|
||||
uses: tj-actions/changed-files@v38
|
||||
with:
|
||||
files: infra/**/*-playbook.yaml
|
||||
files: infra/**/*playbook.yaml
|
||||
|
||||
- name: Get playbooks
|
||||
id: playbooks
|
||||
@@ -53,12 +51,19 @@ jobs:
|
||||
if [[ "${{ env.DEPLOY }}" == "some" ]]; then
|
||||
export TO_RUN="${{ steps.files.outputs.all_changed_files }}"
|
||||
else
|
||||
export TO_RUN="$(find . -wholename './infra/*-playbook.yaml' -type f)"
|
||||
export TO_RUN="$(find . -wholename './infra/*playbook.yaml' -type f)"
|
||||
fi
|
||||
export TO_RUN="$( echo -n $TO_RUN | tr ' ' '\n' | sort | tr '\n' ' ' )" # run things in order :)
|
||||
echo "will run playbooks: $TO_RUN"
|
||||
echo "to_run=$TO_RUN" >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: Setup environment
|
||||
if: env.DEPLOY != 'none' && steps.playbooks.outputs.to_run != ''
|
||||
run: |
|
||||
mkdir -p -m 700 ~/.ssh
|
||||
echo "${{ secrets.SSH_PRIVATE }}" > ~/.ssh/id_rsa
|
||||
chmod 600 ~/.ssh/id_rsa
|
||||
|
||||
- name: Run playbooks
|
||||
if: env.DEPLOY != 'none' && steps.playbooks.outputs.to_run != ''
|
||||
env:
|
||||
@@ -66,4 +71,5 @@ jobs:
|
||||
PROXMOX_USER: ${{ secrets.PROXMOX_USER }}
|
||||
PROXMOX_TOKEN_ID: ${{ secrets.PROXMOX_TOKEN_ID }}
|
||||
PROXMOX_TOKEN_SECRET: ${{ secrets.PROXMOX_TOKEN_SECRET }}
|
||||
SSH_PUBLIC: ${{ secrets.SSH_PUBLIC }}
|
||||
run: ansible-playbook --inventory ./inventory ${{ steps.playbooks.outputs.to_run }}
|
||||
|
||||
@@ -7,4 +7,4 @@ This repository contains any automations used in deploying *.koval.net services.
|
||||
All 'managed' infrastructure is deployed and provisioned with [Ansible](https://www.ansible.com/).
|
||||
However, some 'unmanaged' (manually managed) resources also exist - primarily everything required for this repository to work (I don't want to make a dependency loop).
|
||||
|
||||
Ansible playbooks are ran in alphanumerical order and are expected idempotent.
|
||||
Ansible playbooks are ran in alphanumerical order and are expected to be idempotent.
|
||||
|
||||
104
infra/joplin/0000_proxmox_playbook.yaml
Normal file
104
infra/joplin/0000_proxmox_playbook.yaml
Normal file
@@ -0,0 +1,104 @@
|
||||
- name: Provision joplin Proxmox VM
|
||||
hosts: joplin
|
||||
connection: ansible.builtin.local
|
||||
gather_facts: false
|
||||
vars:
|
||||
api_user: "{{ lookup('ansible.builtin.env', 'PROXMOX_USER') }}"
|
||||
api_host: "{{ lookup('ansible.builtin.env', 'PROXMOX_HOST' ) }}"
|
||||
api_token_id: "{{ lookup('ansible.builtin.env', 'PROXMOX_TOKEN_ID') }}"
|
||||
api_token_secret: "{{ lookup('ansible.builtin.env', 'PROXMOX_TOKEN_SECRET') }}"
|
||||
ssh_public: "{{ lookup('ansible.builtin.env', 'SSH_PUBLIC') }}"
|
||||
vmname: "{{ inventory_hostname | regex_replace('^([^\\.]+)\\..+$', '\\1') }}"
|
||||
node: pve
|
||||
module_defaults:
|
||||
community.general.proxmox_kvm:
|
||||
api_user: "{{ api_user }}"
|
||||
api_host: "{{ api_host }}"
|
||||
api_token_id: "{{ api_token_id }}"
|
||||
api_token_secret: "{{ api_token_secret }}"
|
||||
name: "{{ vmname }}"
|
||||
node: "{{ node }}"
|
||||
community.general.proxmox_nic:
|
||||
api_user: "{{ api_user }}"
|
||||
api_host: "{{ api_host }}"
|
||||
api_token_id: "{{ api_token_id }}"
|
||||
api_token_secret: "{{ api_token_secret }}"
|
||||
name: "{{ vmname }}"
|
||||
community.general.proxmox_disk:
|
||||
api_user: "{{ api_user }}"
|
||||
api_host: "{{ api_host }}"
|
||||
api_token_id: "{{ api_token_id }}"
|
||||
api_token_secret: "{{ api_token_secret }}"
|
||||
name: "{{ vmname }}"
|
||||
tasks:
|
||||
# Initial setup
|
||||
- name: Create VM
|
||||
community.general.proxmox_kvm:
|
||||
clone: "{{ node }}-debian-12"
|
||||
storage: nvme
|
||||
register: create
|
||||
- name: Wait for status
|
||||
community.general.proxmox_kvm:
|
||||
state: current
|
||||
register: vm
|
||||
retries: 30
|
||||
delay: 10
|
||||
until: vm.status is defined
|
||||
|
||||
# Networking and initial config
|
||||
- name: Add HOME NIC
|
||||
community.general.proxmox_nic:
|
||||
interface: net0
|
||||
firewall: false
|
||||
bridge: HOME
|
||||
- name: Add SRV NIC
|
||||
community.general.proxmox_nic:
|
||||
interface: net1
|
||||
firewall: false
|
||||
bridge: SRV
|
||||
- name: Configure cloud-init
|
||||
community.general.proxmox_kvm:
|
||||
update: true
|
||||
ciuser: debian
|
||||
sshkeys: "{{ ssh_public }}"
|
||||
ipconfig:
|
||||
ipconfig0: ip=dhcp,ip6=auto
|
||||
ipconfig1: ip=dhcp
|
||||
|
||||
# Initial boot
|
||||
# For some reason debian cloud images don't use
|
||||
# cloud-init for networking on first boot (cloud-init files
|
||||
# are regenerated AFTER networking starts). But we need the
|
||||
# hostname to be registered with DHCP later on so ¯\_(ツ)_/¯
|
||||
- name: Initial boot
|
||||
when: create.changed is true
|
||||
block:
|
||||
- name: Start
|
||||
community.general.proxmox_kvm:
|
||||
state: started
|
||||
register: start
|
||||
- name: Wait 3 min # Initial apt update, apt upgrade, cloud-init
|
||||
ansible.builtin.wait_for:
|
||||
timeout: 180
|
||||
|
||||
# VM Configuration
|
||||
- name: Resize disk
|
||||
community.general.proxmox_disk:
|
||||
disk: scsi0
|
||||
size: 64G
|
||||
state: resized
|
||||
- name: Update VM
|
||||
community.general.proxmox_kvm:
|
||||
update: true
|
||||
agent: enabled=1
|
||||
tags:
|
||||
- debian-12
|
||||
- managed
|
||||
onboot: true
|
||||
cores: 2
|
||||
memory: 2048
|
||||
|
||||
- name: Retart VM
|
||||
community.general.proxmox_kvm:
|
||||
state: restarted
|
||||
timeout: 60
|
||||
25
infra/joplin/0001_software_playbook.yaml
Normal file
25
infra/joplin/0001_software_playbook.yaml
Normal file
@@ -0,0 +1,25 @@
|
||||
- name: Setup Software
|
||||
hosts: joplin
|
||||
gather_facts: false
|
||||
tasks:
|
||||
- name: Wait for connection
|
||||
ansible.builtin.wait_for_connection:
|
||||
timeout: 300
|
||||
- name: Test some stuff
|
||||
ansible.builtin.shell: |
|
||||
touch ~/hmm
|
||||
echo test > ~/test
|
||||
echo test2 >> ~/test
|
||||
mkdir ~/dir
|
||||
touch ~/dir/testing
|
||||
- name: Install some stuff
|
||||
ansible.builtin.apt:
|
||||
update_cache: true
|
||||
name: qemu-guest-agent
|
||||
become: true
|
||||
- name: Enable some stuff
|
||||
ansible.builtin.systemd:
|
||||
name: qemu-guest-agent
|
||||
state: started
|
||||
enabled: true
|
||||
become: true
|
||||
@@ -7,6 +7,13 @@ proxmox:
|
||||
pve.mgmt.home.local.koval.net:
|
||||
pve2.mgmt.home.local.koval.net:
|
||||
managed:
|
||||
children:
|
||||
joplin:
|
||||
hosts:
|
||||
joplin2.srv.home.local.koval.net:
|
||||
vars:
|
||||
ansible_user: debian
|
||||
ansible_ssh_private_key_file: ~/.ssh/id_rsa
|
||||
ansible_ssh_common_args: -o StrictHostKeyChecking=accept-new # TODO: Improve this
|
||||
unmanaged:
|
||||
hosts:
|
||||
|
||||
Reference in New Issue
Block a user