diff --git a/.gitmodules b/.gitmodules index 7a23813..2787241 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,3 @@ [submodule "lib/grey.ooo"] path = lib/grey.ooo - url = https://github.com/matthewbaggett/terraform_modules.git + url = git@github.com:matthewbaggett/terraform_modules.git diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index cf8a354..25d2e8b 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -105,6 +105,28 @@ provider "registry.terraform.io/kreuzwerker/docker" { ] } +provider "registry.terraform.io/loafoe/htpasswd" { + version = "1.2.1" + constraints = "~> 1.0" + hashes = [ + "h1:W1euQGM6t+QlB6Rq4fDbRKRHmeCIyYdIYdHrxL97BeE=", + "zh:14460c85ddc40a9ecadf583c22a7de91b83798a8ca4843949d50c3288c6f5bdd", + "zh:1af9416e28dd0a77c5d2c685561c4f60e19e2d606df0477ebc18eaa110c77807", + "zh:2245325864faaf027701ab12a04d641359a0dc439dd23c6e8f768407b78a5c18", + "zh:3813ff98198405d7c467565b52c7f0ad4533f43957da6390477dc898f8ed02c2", + "zh:3c0658e132232a181223f7ff65678d99cd2e8431c317f72281b67464e5e16892", + "zh:43505c0f42bc7635ec7c1fe5043c502f9b00ae4b5e74b81464bc494936643fc1", + "zh:52efdabb0abba99a33fd3ed981610f13c99bb383f94e997f90d95441d8558177", + "zh:75b5d9b4a610dfd0ff4dfb4039f61e79a0e56338e0a4cd45e0bc0edec34dfa62", + "zh:7aee5df091672d29f29dda57382a41d771fa21740cef6bb9a1b15afc6d84ffa4", + "zh:7ff618706e2953a21a22c7555e11f5cbe8e95c171704fcfdc6beedb0c25e49c0", + "zh:94e8a15c83a1a5a60ff1b58938dd9692d800fe05c5d8269e0916b5de03d89d3a", + "zh:c1ace4f322f9ec4956e4f30086da5b6a73f4d05e1266047d629b14a485c5a76d", + "zh:d4570075de49e3ee98494f7c44eab12e964c9776029ed536fd9352c3203cc635", + "zh:d99403b843de5939ea2e54b3ca46fd901d5c5b7fe34f44b8aeb8b38f4f792df6", + ] +} + provider "registry.terraform.io/matthewbaggett/ssh" { version = "0.1.0" constraints = "~> 0.1.0" diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..552a0ac --- /dev/null +++ b/Makefile @@ -0,0 +1,16 @@ +SHELL := /bin/bash +.SILENT: up clear fmt init apply +.PHONY: up clear fmt init apply +all: up +clear: + clear +fmt: + terraform fmt -recursive . +init: + terraform init -upgrade +apply: + terraform apply \ + -target module.traefik \ + -target module.headscale \ + -target module.portainer +up: clear fmt init apply diff --git a/flatcars.tf_ b/flatcars.tf_ deleted file mode 100644 index 245158a..0000000 --- a/flatcars.tf_ +++ /dev/null @@ -1,19 +0,0 @@ -resource "proxmox_vm_qemu" "flatcar_test" { - name = "flatcar-test" - target_node = "longhorn" - iso = "local_vms/iso/flatcar_production_iso_image.iso" - cores = 2 - memory = 4096 - automatic_reboot = true - disk { - type = "ide" - storage = "local_vms" - size = "32G" - backup = false - } - network { - model = "e1000" - bridge = "vmbr13" - firewall = false - } -} \ No newline at end of file diff --git a/inputs.tf b/inputs.tf index bf6c396..2a00bfc 100644 --- a/inputs.tf +++ b/inputs.tf @@ -1,6 +1,7 @@ variable "base_domain" { description = "The base domain for the stack" type = string + default = "cluster.grey.ooo" } variable "acme_email" { description = "The email address to use for ACME registration" diff --git a/lib/grey.ooo b/lib/grey.ooo index 1557536..5e73523 160000 --- a/lib/grey.ooo +++ b/lib/grey.ooo @@ -1 +1 @@ -Subproject commit 15575361e769f9ff9dafa5cb2ab955107d4e6881 +Subproject commit 5e73523c388a7a3430d9ba5a4521c0f9412d5045 diff --git a/mitmproxy.tf_ b/mitmproxy.tf_ deleted file mode 100644 index e2896fe..0000000 --- a/mitmproxy.tf_ +++ /dev/null @@ -1,44 +0,0 @@ -data "docker_registry_image" "mitmproxy" { - name = "ghcr.io/benzine-framework/mitmproxy:10.1.1" -} -resource "docker_service" "mitmproxy" { - name = "mitmproxy" - task_spec { - container_spec { - image = "${data.docker_registry_image.mitmproxy.name}@${data.docker_registry_image.mitmproxy.sha256_digest}" - command = [ - "mitmweb", - "--web-host", "0.0.0.0", - "--web-port", "8081", - #"--listen-host", "0.0.0.0", - #"--listen-port", "8080", - "--ssl-insecure", - ] - #healthcheck { - # test = ["CMD-SHELL", " curl -I -x http://localhost:8080 -k http://172.17.0.1 || exit 1"] - # start_period = "10s" - # interval = "10s" - # timeout = "5s" - # retries = 5 - #} - } - restart_policy { - condition = "any" - delay = "0s" - window = "0s" - } - } - endpoint_spec { - ports { - target_port = 8081 - published_port = 8081 - publish_mode = "ingress" - } - ports { - target_port = 8080 - published_port = 8080 - publish_mode = "ingress" - } - } -} - diff --git a/netbox.tf_ b/netbox.tf_ deleted file mode 100644 index 6002906..0000000 --- a/netbox.tf_ +++ /dev/null @@ -1,387 +0,0 @@ -# Docker images in use -data "docker_registry_image" "netbox" { - name = "netboxcommunity/netbox:v4.0-2.9.1" -} -data "docker_registry_image" "netbox_postgres" { - name = "postgres:16-alpine" -} -data "docker_registry_image" "netbox_redis" { - name = "redis:7-alpine" -} - -# Docker Network -resource "docker_network" "netbox" { - name = "netbox" - driver = "overlay" - attachable = true - ipam_driver = "default" -} - -# Docker Volumes -resource "docker_volume" "netbox_config" { - name = "netbox_config" -} -resource "docker_volume" "netbox_media" { - name = "netbox_media" -} -resource "docker_volume" "netbox_reports" { - name = "netbox_reports" -} -resource "docker_volume" "netbox_scripts" { - name = "netbox_scripts" -} -resource "docker_volume" "netbox_database" { - name = "netbox_database" -} -resource "docker_volume" "netbox_redis" { - name = "netbox_redis" -} -resource "docker_volume" "netbox_cache" { - name = "netbox_cache" -} - -# Configs -resource "random_password" "postgres_password" { - length = 32 - special = false -} -resource "random_password" "redis_password" { - length = 32 - special = false -} -resource "random_password" "redis_cache_password" { - length = 32 - special = false -} -resource "random_password" "secret_key" { - length = 50 - special = false -} -locals { - netbox_conf = { - CORS_ORIGIN_ALLOW_ALL = true - - DB_HOST = docker_service.netbox_postgres.name - DB_NAME = "netbox" - DB_PASSWORD = nonsensitive(random_password.postgres_password.result) - DB_USER = "netbox" - - EMAIL_FROM = "netbox@bar.com" - EMAIL_PASSWORD = "" - EMAIL_PORT = 25 - EMAIL_SERVER = "localhost" - EMAIL_SSL_CERTFILE = "" - EMAIL_SSL_KEYFILE = "" - EMAIL_TIMEOUT = 5 - EMAIL_USERNAME = "netbox" - # EMAIL_USE_SSL and EMAIL_USE_TLS are mutually exclusive, i.e. they can't both be `true`! - EMAIL_USE_SSL = "false" - EMAIL_USE_TLS = "false" - - GRAPHQL_ENABLED = "true" - HOUSEKEEPING_INTERVAL = 86400 - MEDIA_ROOT = "/opt/netbox/netbox/media" - METRICS_ENABLED = "false" - - REDIS_DATABASE = 0 - REDIS_HOST = docker_service.netbox_redis.name - REDIS_INSECURE_SKIP_TLS_VERIFY = "false" - //REDIS_PASSWORD = nonsensitive(random_password.redis_password.result) - REDIS_SSL = "false" - - REDIS_CACHE_DATABASE = 1 - REDIS_CACHE_HOST = docker_service.netbox_redis_cache.name - REDIS_CACHE_INSECURE_SKIP_TLS_VERIFY = "false" - //REDIS_CACHE_PASSWORD = nonsensitive(random_password.redis_cache_password.result) - REDIS_CACHE_SSL = "false" - - RELEASE_CHECK_URL = "https://api.github.com/repos/netbox-community/netbox/releases" - SECRET_KEY = nonsensitive(random_password.secret_key.result) - SKIP_SUPERUSER = "true" - WEBHOOKS_ENABLED = "true" - } -} - -# Services -resource "docker_service" "netbox" { - name = "netbox-app" - task_spec { - container_spec { - image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}" - user = "unit:root" - env = local.netbox_conf - healthcheck { - test = ["CMD-SHELL", "curl -f http://localhost:8080/login/ || exit 1"] - interval = "15s" - timeout = "3s" - start_period = "2m" - } - mounts { - target = "/etc/netbox/config" - type = "volume" - source = docker_volume.netbox_config.name - } - mounts { - target = "/opt/netbox/netbox/media" - type = "volume" - source = docker_volume.netbox_media.name - } - mounts { - target = "/opt/netbox/netbox/reports" - type = "volume" - source = docker_volume.netbox_reports.name - } - mounts { - target = "/opt/netbox/netbox/scripts" - type = "volume" - source = docker_volume.netbox_scripts.name - } - } - networks_advanced { - name = docker_network.loadbalancer.id - } - networks_advanced { - name = docker_network.netbox.id - } - restart_policy { - condition = "any" - delay = "0s" - window = "0s" - } - } - endpoint_spec { - ports { - protocol = "tcp" - publish_mode = "ingress" - target_port = 8080 - } - } - converge_config { - timeout = "2m" - } - depends_on = [ - docker_service.netbox_postgres, - docker_service.netbox_redis, - docker_service.netbox_redis_cache, - ] -} -resource "docker_service" "netbox_worker" { - name = "netbox-worker" - task_spec { - container_spec { - image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}" - user = "unit:root" - env = local.netbox_conf - command = ["/opt/netbox/venv/bin/python", "/opt/netbox/netbox/manage.py", "rqworker", ] - healthcheck { - test = ["CMD-SHELL", "ps -aux | grep -v grep | grep -q rqworker || exit 1"] - interval = "15s" - timeout = "3s" - start_period = "20s" - } - mounts { - target = "/etc/netbox/config" - type = "volume" - source = docker_volume.netbox_config.name - } - mounts { - target = "/opt/netbox/netbox/media" - type = "volume" - source = docker_volume.netbox_media.name - } - mounts { - target = "/opt/netbox/netbox/reports" - type = "volume" - source = docker_volume.netbox_reports.name - } - mounts { - target = "/opt/netbox/netbox/scripts" - type = "volume" - source = docker_volume.netbox_scripts.name - } - } - networks_advanced { - name = docker_network.netbox.id - } - restart_policy { - condition = "any" - delay = "0s" - window = "0s" - } - } - converge_config { - timeout = "2m" - } - depends_on = [ - docker_service.netbox - ] -} -resource "docker_service" "netbox_housekeeping" { - name = "netbox-housekeeping" - task_spec { - container_spec { - image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}" - user = "unit:root" - env = local.netbox_conf - command = ["/opt/netbox/housekeeping.sh", ] - healthcheck { - test = ["CMD-SHELL", "ps -aux | grep -v grep | grep -q housekeeping || exit 1"] - interval = "15s" - timeout = "3s" - start_period = "20s" - } - mounts { - target = "/etc/netbox/config" - type = "volume" - source = docker_volume.netbox_config.name - } - mounts { - target = "/opt/netbox/netbox/media" - type = "volume" - source = docker_volume.netbox_media.name - } - mounts { - target = "/opt/netbox/netbox/reports" - type = "volume" - source = docker_volume.netbox_reports.name - } - mounts { - target = "/opt/netbox/netbox/scripts" - type = "volume" - source = docker_volume.netbox_scripts.name - } - } - networks_advanced { - name = docker_network.netbox.id - } - restart_policy { - condition = "any" - delay = "0s" - window = "0s" - } - } - converge_config { - timeout = "2m" - } - depends_on = [ - docker_service.netbox - ] -} - -# Netbox Postgres Database -resource "docker_service" "netbox_postgres" { - name = "netbox-postgres" - task_spec { - container_spec { - image = "${data.docker_registry_image.netbox_postgres.name}@${data.docker_registry_image.netbox_postgres.sha256_digest}" - mounts { - target = "/var/lib/postgresql/data" - type = "volume" - source = docker_volume.netbox_database.name - } - env = { - POSTGRES_DB = "netbox" - POSTGRES_USER = "netbox" - POSTGRES_PASSWORD = random_password.postgres_password.result - } - } - networks_advanced { - name = docker_network.netbox.id - } - restart_policy { - condition = "any" - delay = "0s" - window = "0s" - } - } - converge_config { - timeout = "2m" - } -} - -# Netbox Redis -resource "docker_service" "netbox_redis" { - name = "netbox-redis" - task_spec { - container_spec { - image = "${data.docker_registry_image.netbox_redis.name}@${data.docker_registry_image.netbox_redis.sha256_digest}" - command = [ - "sh", "-c", - "redis-server", - "--appendonly", "yes", - //"--requirepass", nonsensitive(random_password.redis_password.result), - ] - mounts { - target = "/data" - type = "volume" - source = docker_volume.netbox_redis.name - } - healthcheck { - test = ["CMD", "sh", "-c", "redis-cli", "PING"] - interval = "5s" - timeout = "3s" - } - } - networks_advanced { - name = docker_network.netbox.id - } - restart_policy { - condition = "any" - delay = "0s" - window = "0s" - } - } - converge_config { - timeout = "2m" - } -} -resource "docker_service" "netbox_redis_cache" { - name = "netbox-redis-cache" - task_spec { - container_spec { - image = "${data.docker_registry_image.netbox_redis.name}@${data.docker_registry_image.netbox_redis.sha256_digest}" - command = [ - "sh", "-c", - "redis-server", - //"--requirepass", nonsensitive(random_password.redis_cache_password.result), - ] - mounts { - target = "/data" - type = "volume" - source = docker_volume.netbox_cache.name - } - healthcheck { - test = ["CMD", "sh", "-c", "redis-cli", "PING"] - interval = "5s" - timeout = "3s" - } - } - networks_advanced { - name = docker_network.netbox.id - } - restart_policy { - condition = "any" - delay = "0s" - window = "0s" - } - } - converge_config { - timeout = "2m" - } -} - -# Set up some nginx bits for it -module "netbox_nginx_config" { - # tflint-ignore: terraform_module_pinned_source - source = "git::https://code.techinc.nl/grey/terraform-nginx.git//nginx-site-available" - hostname = "netbox.california.ti" - //certificate = acme_certificate.ooo_grey["s3"] - service_name = docker_service.netbox.name - upstream_host = "${docker_service.netbox.name}:8080" - config_prefix = "nginx" - allow_non_ssl = true - allow_ssl = false - depends_on = [ - docker_service.netbox - ] -} diff --git a/printers.tf_ b/printers.tf_ deleted file mode 100644 index 5e986d5..0000000 --- a/printers.tf_ +++ /dev/null @@ -1,42 +0,0 @@ -resource "docker_image" "octoprint" { - provider = docker.printi - name = "octoprint" - build { - context = "${path.module}/printers" - target = "octoprint-mjpg-streamer" - tag = ["ti-octoprint:latest"] - } -} - -resource "docker_volume" "ender5plus" { - provider = docker.printi - name = "ender5plus_config" -} -resource "scratch_string" "arse" { - in = yamlencode(docker_image.octoprint) -} - -resource "docker_container" "ender5plus" { - image = docker_image.octoprint.image_id - provider = docker.printi - name = "ender5plus" - env = [ - "ENABLE_MJPG_STREAMER=false" - ] - network_mode = "bridge" - restart = "always" - ports { - internal = 80 - external = 3000 - } - devices { - host_path = "/dev/serial/by-id/usb-FTDI_FT232R_USB_UART_A602AFFK-if00-port0" - container_path = "/dev/ttyACM0" - permissions = "rwm" - } - volumes { - container_path = "/octoprint" - #host_path = docker_volume.ender5plus.name - volume_name = docker_volume.ender5plus.name - } -} \ No newline at end of file diff --git a/providers.docker.tf b/provider.docker.tf similarity index 100% rename from providers.docker.tf rename to provider.docker.tf diff --git a/providers.ssh.tf b/provider.ssh.tf similarity index 100% rename from providers.ssh.tf rename to provider.ssh.tf diff --git a/proxmox.tf_ b/proxmox.tf_ deleted file mode 100644 index 3e24f18..0000000 --- a/proxmox.tf_ +++ /dev/null @@ -1,15 +0,0 @@ -variable "proxmox_endpoint" { - type = string -} -variable "proxmox_token_id" { - type = string -} -variable "proxmox_token_secret" { - type = string -} -provider "proxmox" { - pm_debug = true - pm_api_url = var.proxmox_endpoint - pm_api_token_id = var.proxmox_token_id - pm_api_token_secret = var.proxmox_token_secret -} \ No newline at end of file diff --git a/headscale.tf b/service.headscale.tf similarity index 80% rename from headscale.tf rename to service.headscale.tf index b49698e..f9e95a1 100644 --- a/headscale.tf +++ b/service.headscale.tf @@ -1,7 +1,7 @@ module "headscale" { #source = "github.com/matthewbaggett/terraform_modules//products/headscale" - source = "./lib/grey.ooo/products/headscale" - depends_on = [module.traefik] + source = "./lib/grey.ooo/products/headscale" + #depends_on = [module.traefik] stack_name = "headscale" placement_constraints = ["node.hostname == Passing-by-and-thought-id-drop-in"] #traefik = merge(var.treafik_defaults, { domain = "s3.${var.base_domain}" }) diff --git a/minio.tf b/service.minio.tf similarity index 100% rename from minio.tf rename to service.minio.tf diff --git a/orca-slicer.tf b/service.orca-slicer.tf similarity index 64% rename from orca-slicer.tf rename to service.orca-slicer.tf index ca21eef..3c9e419 100644 --- a/orca-slicer.tf +++ b/service.orca-slicer.tf @@ -1,5 +1,4 @@ module "orca" { - depends_on = [module.traefik] //source = "github.com/matthewbaggett/terraform_modules//docker/service" source = "./lib/grey.ooo/docker/service" stack_name = "orca" @@ -13,6 +12,16 @@ module "orca" { volumes = { "orcaslicer_config" = "/config" } - traefik = merge(var.treafik_defaults, { domain = "orca.${var.base_domain}", port = 3000 }) + traefik = merge(var.treafik_defaults, { + domain = "orca.${var.base_domain}" + port = 3000 + basic-auth-users = ["techinc"] + }) converge_enable = false +} + +output "orca" { + value = { + endpoint = module.orca.endpoint + } } \ No newline at end of file diff --git a/service.portainer.tf b/service.portainer.tf new file mode 100644 index 0000000..16f87b4 --- /dev/null +++ b/service.portainer.tf @@ -0,0 +1,25 @@ + +module "portainer" { + #source = "github.com/matthewbaggett/terraform_modules//products/portainer/ui" + source = "./lib/grey.ooo/products/portainer/ui" + should_mount_local_docker_socket = true + placement_constraints = ["node.role == manager"] + networks = [module.traefik.docker_network] + traefik = { + domain = "portainer.${var.base_domain}", + port = 9000, + ssl = true, + non-ssl = true + basic-auth-users = ["techinc"] + } +} + +output "portainer" { + value = { + endpoint = module.portainer.endpoint + credentials = module.portainer.portainer.credentials + socket-proxy = { + endpoint = module.portainer.socket_proxy_endpoint + } + } +} diff --git a/service.printers.tf b/service.printers.tf new file mode 100644 index 0000000..43dc2e9 --- /dev/null +++ b/service.printers.tf @@ -0,0 +1,38 @@ +module "s1" { + //source = "github.com/matthewbaggett/terraform_modules//docker/service" + source = "./lib/grey.ooo/docker/service" + stack_name = "printers" + service_name = "s1proxy" + image = "alpine/socat:latest" + command = ["socat", "tcp-listen:80,fork,reuseaddr", "tcp-connect:s1.prin.ti:80"] + traefik = merge(var.treafik_defaults, { + domain = "s1.${var.base_domain}" + port = 80 + basic-auth-users = ["techinc"] + }) + converge_enable = false + placement_constraints = ["node.hostname == california"] +} + +module "label_printer" { + //source = "github.com/matthewbaggett/terraform_modules//docker/service" + source = "./lib/grey.ooo/docker/service" + stack_name = "printers" + service_name = "labelprinter" + image = "alpine/socat:latest" + command = ["socat", "tcp-listen:80,fork,reuseaddr", "tcp-connect:labelprinter.ti:80"] + traefik = merge(var.treafik_defaults, { + domain = "labelprinter.${var.base_domain}" + port = 80 + basic-auth-users = ["techinc"] + }) + converge_enable = false + placement_constraints = ["node.hostname == california"] +} + +output "printers" { + value = { + s1 = module.s1.endpoint + label_printer = module.label_printer.endpoint + } +} \ No newline at end of file diff --git a/service.proxies.tf b/service.proxies.tf new file mode 100644 index 0000000..e69de29 diff --git a/treafik.tf b/service.treafik.tf similarity index 50% rename from treafik.tf rename to service.treafik.tf index 503c8de..5355224 100644 --- a/treafik.tf +++ b/service.treafik.tf @@ -1,12 +1,12 @@ module "traefik" { - #source = "github.com/matthewbaggett/terraform_modules//products/traefik" - source = "./lib/grey.ooo/products/traefik" + source = "github.com/matthewbaggett/terraform_modules//products/traefik" + #source = "./lib/grey.ooo/products/traefik" enable_ssl = true enable_non_ssl = true - acme_use_staging = true - acme_email = "matthew@baggett.me" - hello_service_domain = "hello.cluster.grey.ooo" - traefik_service_domain = "traefik.cluster.grey.ooo" + acme_use_staging = false + acme_email = var.acme_email + hello_service_domain = "hello.${var.base_domain}" + traefik_service_domain = "traefik.${var.base_domain}" log_level = "DEBUG" access_log = false enable_ping = true