WIP: Joplin VM #3
|
@ -4,14 +4,15 @@ on:
|
|||
branches:
|
||||
- main
|
||||
paths:
|
||||
- infra/**-playbook.yaml
|
||||
- infra/**playbook.yaml
|
||||
- .github/workflows/infra.yaml
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
|
||||
env:
|
||||
DEPLOY: ${{ github.ref == 'refs/heads/main' && ((startsWith(github.event.head_commit.message, '[deploy-all]') && 'all') || ('some')) || 'none' }}
|
||||
# DEPLOY: ${{ github.ref == 'refs/heads/main' && ((startsWith(github.event.head_commit.message, '[deploy-all]') && 'all') || ('some')) || 'none' }}
|
||||
DEPLOY: all
|
||||
|
||||
jobs:
|
||||
ansible-playbooks:
|
||||
|
@ -35,8 +36,8 @@ jobs:
|
|||
|
||||
- name: Check playbooks
|
||||
run: |
|
||||
for file in $(find . -wholename "*/infra/*-playbook.yaml" -type f); do
|
||||
ansible-playbook --inventory ./inventory --check "$file"
|
||||
for file in $(find . -wholename "*/infra/*playbook.yaml" -type f); do
|
||||
ansible-playbook --inventory ./inventory --syntax-check "$file"
|
||||
done
|
||||
|
||||
- name: Get changed playbooks
|
||||
|
@ -44,7 +45,7 @@ jobs:
|
|||
if: env.DEPLOY == 'some'
|
||||
uses: tj-actions/changed-files@v38
|
||||
with:
|
||||
files: infra/**/*-playbook.yaml
|
||||
files: infra/**/*playbook.yaml
|
||||
|
||||
- name: Get playbooks
|
||||
id: playbooks
|
||||
|
@ -53,12 +54,19 @@ jobs:
|
|||
if [[ "${{ env.DEPLOY }}" == "some" ]]; then
|
||||
export TO_RUN="${{ steps.files.outputs.all_changed_files }}"
|
||||
else
|
||||
export TO_RUN="$(find . -wholename './infra/*-playbook.yaml' -type f)"
|
||||
export TO_RUN="$(find . -wholename './infra/*playbook.yaml' -type f)"
|
||||
fi
|
||||
export TO_RUN="$( echo -n $TO_RUN | tr ' ' '\n' | sort | tr '\n' ' ' )" # run things in order :)
|
||||
echo "will run playbooks: $TO_RUN"
|
||||
echo "to_run=$TO_RUN" >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: Setup environment
|
||||
if: env.DEPLOY != 'none' && steps.playbooks.outputs.to_run != ''
|
||||
run: |
|
||||
mkdir -p -m 700 ~/.ssh
|
||||
echo "${{ secrets.SSH_PRIVATE }}" > ~/.ssh/id_rsa
|
||||
chmod 600 ~/.ssh/id_rsa
|
||||
|
||||
- name: Run playbooks
|
||||
if: env.DEPLOY != 'none' && steps.playbooks.outputs.to_run != ''
|
||||
env:
|
||||
|
@ -66,4 +74,5 @@ jobs:
|
|||
PROXMOX_USER: ${{ secrets.PROXMOX_USER }}
|
||||
PROXMOX_TOKEN_ID: ${{ secrets.PROXMOX_TOKEN_ID }}
|
||||
PROXMOX_TOKEN_SECRET: ${{ secrets.PROXMOX_TOKEN_SECRET }}
|
||||
SSH_PUBLIC: ${{ secrets.SSH_PUBLIC }}
|
||||
run: ansible-playbook --inventory ./inventory ${{ steps.playbooks.outputs.to_run }}
|
||||
|
|
|
@ -7,4 +7,4 @@ This repository contains any automations used in deploying *.koval.net services.
|
|||
All 'managed' infrastructure is deployed and provisioned with [Ansible](https://www.ansible.com/).
|
||||
However, some 'unmanaged' (manually managed) resources also exist - primarily everything required for this repository to work (I don't want to make a dependency loop).
|
||||
|
||||
Ansible playbooks are ran in alphanumerical order and are expected idempotent.
|
||||
Ansible playbooks are ran in alphanumerical order and are expected to be idempotent.
|
||||
|
|
|
@ -0,0 +1,85 @@
|
|||
- name: Provision joplin Proxmox VM
|
||||
hosts: localhost
|
||||
vars:
|
||||
api_user: "{{ lookup('ansible.builtin.env', 'PROXMOX_USER') }}"
|
||||
api_host: "{{ lookup('ansible.builtin.env', 'PROXMOX_HOST' ) }}"
|
||||
api_token_id: "{{ lookup('ansible.builtin.env', 'PROXMOX_TOKEN_ID') }}"
|
||||
api_token_secret: "{{ lookup('ansible.builtin.env', 'PROXMOX_TOKEN_SECRET') }}"
|
||||
ssh_public: "{{ lookup('ansible.builtin.env', 'SSH_PUBLIC') }}"
|
||||
vmname: joplin
|
||||
node: pve
|
||||
module_defaults:
|
||||
community.general.proxmox_kvm:
|
||||
api_user: "{{ api_user }}"
|
||||
api_host: "{{ api_host }}"
|
||||
api_token_id: "{{ api_token_id }}"
|
||||
api_token_secret: "{{ api_token_secret }}"
|
||||
name: "{{ vmname }}"
|
||||
node: "{{ node }}"
|
||||
community.general.proxmox_nic:
|
||||
api_user: "{{ api_user }}"
|
||||
api_host: "{{ api_host }}"
|
||||
api_token_id: "{{ api_token_id }}"
|
||||
api_token_secret: "{{ api_token_secret }}"
|
||||
name: "{{ vmname }}"
|
||||
community.general.proxmox_disk:
|
||||
api_user: "{{ api_user }}"
|
||||
api_host: "{{ api_host }}"
|
||||
api_token_id: "{{ api_token_id }}"
|
||||
api_token_secret: "{{ api_token_secret }}"
|
||||
name: "{{ vmname }}"
|
||||
tasks:
|
||||
- name: Create VM
|
||||
community.general.proxmox_kvm:
|
||||
clone: "{{ node }}-debian-12"
|
||||
storage: nvme
|
||||
- name: Wait for VM to exist
|
||||
community.general.proxmox_kvm:
|
||||
state: current
|
||||
register: vm
|
||||
retries: 30
|
||||
delay: 10
|
||||
until: vm.status is defined
|
||||
- name: Add HOME NIC
|
||||
community.general.proxmox_nic:
|
||||
interface: net0
|
||||
firewall: false
|
||||
bridge: HOME
|
||||
- name: Add SRV NIC
|
||||
community.general.proxmox_nic:
|
||||
interface: net1
|
||||
firewall: false
|
||||
bridge: SRV
|
||||
- name: Resize disk
|
||||
community.general.proxmox_disk:
|
||||
disk: scsi0
|
||||
size: 64G
|
||||
state: resized
|
||||
- name: Update VM
|
||||
community.general.proxmox_kvm:
|
||||
update: true
|
||||
ciuser: debian
|
||||
sshkeys: "{{ ssh_public }}"
|
||||
ipconfig:
|
||||
ipconfig0: ip=dhcp,ip6=auto
|
||||
ipconfig1: ip=dhcp,ip6=auto
|
||||
agent: enabled=1
|
||||
tags:
|
||||
- debian-12
|
||||
- managed
|
||||
onboot: true
|
||||
cores: 2
|
||||
memory: 2048
|
||||
- name: Retart VM # doesn't start if stopped
|
||||
when:
|
||||
- vm.status is defined
|
||||
- vm.status == "running"
|
||||
community.general.proxmox_kvm:
|
||||
state: restarted
|
||||
timeout: 60
|
||||
- name: Start VM # start if stopped
|
||||
when:
|
||||
- vm.status is defined
|
||||
- vm.status != "running"
|
||||
community.general.proxmox_kvm:
|
||||
state: started
|
|
@ -0,0 +1,19 @@
|
|||
- name: Setup Docker
|
||||
hosts: joplin
|
||||
gather_facts: false
|
||||
tasks:
|
||||
- name: Debug
|
||||
ansible.builtin.debug:
|
||||
msg: "{{ inventory_hostname }}"
|
||||
- name: Wait for connection
|
||||
ansible.builtin.wait_for:
|
||||
host: "{{ inventory_hostname }}"
|
||||
port: 22
|
||||
timeout: 300
|
||||
- name: Test some stuff
|
||||
ansible.builtin.shell: |
|
||||
touch ~/hmm
|
||||
echo test > ~/test
|
||||
echo test2 >> ~/test
|
||||
args:
|
||||
executable: /bin/bash
|
|
@ -7,6 +7,13 @@ proxmox:
|
|||
pve.mgmt.home.local.koval.net:
|
||||
pve2.mgmt.home.local.koval.net:
|
||||
managed:
|
||||
children:
|
||||
joplin:
|
||||
hosts:
|
||||
joplin.srv.home.local.koval.net:
|
||||
vars:
|
||||
ansible_user: debian
|
||||
ansible_ssh_private_key_file: ~/.ssh/id_rsa
|
||||
ansible_ssh_common_args: -o StrictHostKeyChecking=accept-new # TODO: Improve this
|
||||
unmanaged:
|
||||
hosts:
|
||||
|
|
Loading…
Reference in New Issue