Merge branch 'main' of ssh://git.grey.ooo:222/TechInc/IAC

Non-functional Vigil
Ubiquity and printers included
2024-06-28 15:49:51 +02:00 · 2024-06-28 15:49:44 +02:00 · 2024-06-28 12:43:20 +02:00
15 changed files with 468 additions and 37 deletions
--- a/docker.tf
+++ b/docker.tf
@ -1,4 +1,4 @@
-provider "ssh" {
+/*provider "ssh" {
  server = {
    host = "california.ti"
    port = 22
@ -10,22 +10,24 @@ provider "ssh" {
    }
  }
 }
-#data "ssh_tunnel" "docker" {
-#  connection_name = "docker_socket_tunnel_california"
-#  remote = {
-#    socket = "/var/run/docker.sock"
-#  }
-#}
+data "ssh_tunnel" "docker" {
+  connection_name = "docker_socket_tunnel_california"
+  remote = {
+    socket = "/var/run/docker.sock"
+  }
+}
+*/
+
 provider "docker" {
  host = "ssh://california.ti"
 }

 provider "docker" {
  alias = "printi"
-  host = "ssh://prin.ti"
+  host  = "ssh://prin.ti"
 }

 provider "docker" {
  alias = "unifi"
-  host = "ssh://unifi.ti"
+  host  = "ssh://unifi.ti"
 }
--- a/minio.tf
+++ b/minio.tf
@ -1,7 +1,7 @@
 module "minio" {
-  source = "./modules/minio"
-  domain = "s3.california.ti"
-  network = docker_network.loadbalancer
-  storage_path = "/media/storage/minio"
+  source         = "./modules/minio"
+  domain         = "s3.california.ti"
+  network        = docker_network.loadbalancer
+  storage_path   = "/media/storage/minio"
  admin_username = "techinc"
 }
--- a/modules/minio/inputs.tf
+++ b/modules/minio/inputs.tf
@ -1,20 +1,20 @@
 variable "admin_username" {
-  type = string
+  type        = string
  description = "The username of the admin user"
-  default = "admin"
+  default     = "admin"
 }
 variable "domain" {
-  type = string
+  type        = string
  description = "The domain name of the minio instance"
 }
 variable "network" {
  type = object({
-    id = string
+    id   = string
    name = string
  })
  description = "The network to attach the minio service to"
 }
 variable "storage_path" {
-    type = string
-    description = "The path to the storage directory to use"
+  type        = string
+  description = "The path to the storage directory to use"
 }
--- a/modules/minio/minio.tf
+++ b/modules/minio/minio.tf
@ -1,5 +1,5 @@
 data "docker_registry_image" "minio" {
-  name     = "quay.io/minio/minio:latest"
+  name = "quay.io/minio/minio:latest"
 }

 resource "random_password" "minio_password" {
@ -13,7 +13,7 @@ locals {
 }

 resource "docker_service" "minio" {
-  name     = "minio"
+  name = "minio"
  task_spec {
    container_spec {
      image   = "${data.docker_registry_image.minio.name}@${data.docker_registry_image.minio.sha256_digest}"
@ -52,8 +52,8 @@ resource "docker_service" "minio" {
 }

 module "minio_nginx_config" {
-  source = "git::https://code.techinc.nl/grey/terraform-nginx.git//nginx-site-available"
-  hostname      = var.domain
+  source   = "git::https://code.techinc.nl/grey/terraform-nginx.git//nginx-site-available"
+  hostname = var.domain
  //certificate   = acme_certificate.ooo_grey["s3"]
  service_name  = "minio_s3"
  upstream_host = "${docker_service.minio.name}:9000"
@ -65,6 +65,6 @@ module "minio_nginx_config" {
    }
  ]
  extra_locations = file("${path.module}/minio_nginx_extra.conf")
-  allow_non_ssl = true
-  allow_ssl = false
+  allow_non_ssl   = true
+  allow_ssl       = false
 }
--- a/modules/minio/outputs.tf
+++ b/modules/minio/outputs.tf
@ -1,7 +1,7 @@
 output "auth" {
  value = {
-    user     = docker_service.minio.task_spec[0].container_spec[0].env.MINIO_ROOT_USER
-    password = nonsensitive(docker_service.minio.task_spec[0].container_spec[0].env.MINIO_ROOT_PASSWORD)
+    user     = var.admin_username
+    password = nonsensitive(random_password.minio_password.result)
  }
 }
 output "domain" {
--- a/modules/vigil/configuration.tf
+++ b/modules/vigil/configuration.tf
@ -0,0 +1,32 @@
+locals {
+  services_toml = [
+    for service_group, services in var.services : templatefile("${path.module}/vigil.service.toml.tpl", {
+      service_group_id    = service_group
+      service_group_label = service_group
+      services            = services
+    })
+  ]
+  vigil_toml = templatefile("${path.module}/vigil.toml.tpl", {
+    manager_token  = random_password.token["manager"].result
+    reporter_token = random_password.token["worker"].result
+    page_title     = var.page_title
+    page_url       = var.page_url
+    company_name   = var.company_name
+    icon_color     = var.icon_color
+    icon_url       = var.icon_url
+    logo_color     = var.logo_color
+    logo_url       = var.logo_url
+    website_url    = var.website_url
+    support_url    = var.support_url
+    custom_html    = var.custom_html
+    services       = local.services_toml
+  })
+  vigil_toml_checksum = md5(local.vigil_toml)
+}
+resource "scratch_string" "services" {
+  in = yamlencode(local.services_toml)
+}
+resource "local_file" "vigil_toml" {
+  filename = "${path.root}/.debug/vigil.toml"
+  content  = local.vigil_toml
+}
--- a/modules/vigil/inputs.tf
+++ b/modules/vigil/inputs.tf
@ -0,0 +1,68 @@
+variable "vigil_version" {
+  type        = string
+  description = "The version of Vigil to deploy"
+  default     = "v1.26.3"
+}
+variable "vigil_service_name" {
+  type        = string
+  description = "The name of the Vigil service"
+  default     = "vigil"
+}
+variable "services" {
+  type = map(list(object({
+    id        = string
+    label     = string
+    endpoints = list(string)
+  })))
+}
+variable "page_title" {
+  type        = string
+  description = "The title of the Vigil page"
+  default     = "Vigil"
+}
+variable "page_url" {
+  type        = string
+  description = "The URL of the Vigil page"
+  default     = "https://vigil.example.com"
+}
+variable "company_name" {
+  type        = string
+  description = "The name of the company"
+  default     = "ExampleCo"
+}
+variable "icon_color" {
+  type        = string
+  description = "The color of the icon"
+  default     = "#1972F5"
+}
+variable "icon_url" {
+  type        = string
+  description = "The URL of the icon"
+  default     = "https://example.com/icon.png"
+}
+variable "logo_color" {
+  type        = string
+  description = "The color of the logo"
+  default     = "#1972F5"
+}
+variable "logo_url" {
+  type        = string
+  description = "The URL of the logo"
+  default     = "https://example.com/logo.png"
+}
+variable "website_url" {
+  type        = string
+  description = "The URL of the website"
+  default     = "https://example.com"
+}
+variable "support_url" {
+  type        = string
+  description = "The URL of the support page"
+  default     = "https://example.com/support"
+}
+variable "custom_html" {
+  type        = string
+  description = "Custom HTML to include in the Vigil page"
+  default     = ""
+}
+
--- a/modules/vigil/terraform.tf
+++ b/modules/vigil/terraform.tf
@ -0,0 +1,16 @@
+terraform {
+  required_providers {
+    docker = {
+      source  = "kreuzwerker/docker"
+      version = "~>3.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~>3.3"
+    }
+    scratch = {
+      source  = "BrendanThompson/scratch"
+      version = "~> 0.4"
+    }
+  }
+}
--- a/modules/vigil/vigil.service.toml.tpl
+++ b/modules/vigil/vigil.service.toml.tpl
@ -0,0 +1,14 @@
+[[probe.service]]
+id = "${service_group_id}"
+label = "${service_group_label}"
+
+[[probe.service.node]]
+id = "${id}"
+label = "${label}"
+mode = "poll"
+reveal_replica_name = true
+replicas = [
+%{ for endpoint in endpoints ~}
+  "${endpoint}",
+%{ endfor ~}
+]
--- a/modules/vigil/vigil.tf
+++ b/modules/vigil/vigil.tf
@ -0,0 +1,55 @@
+resource "random_password" "token" {
+  for_each = toset(["manager", "worker"])
+  length   = 32
+  special  = false
+}
+data "docker_registry_image" "vigil" {
+  name = "valeriansaliou/vigil:${var.vigil_version}"
+}
+resource "docker_service" "vigil" {
+  name = lower(var.vigil_service_name)
+  task_spec {
+    container_spec {
+      image = "${data.docker_registry_image.vigil.name}@${data.docker_registry_image.vigil.sha256_digest}"
+      healthcheck {
+        test         = ["CMD-SHELL", "wget -q --no-verbose --tries=1 --spider http://localhost:8080/ || exit 1"]
+        interval     = "10s"
+        timeout      = "10s"
+        retries      = 3
+        start_period = "1m"
+      }
+      configs {
+        config_id   = docker_config.vigil.id
+        config_name = docker_config.vigil.name
+        file_name   = "/etc/vigil.cfg"
+      }
+    }
+    restart_policy {
+      condition = "any"
+      delay     = "20s"
+      window    = "0s"
+    }
+  }
+  converge_config {
+    delay   = "5s"
+    timeout = "2m"
+  }
+  update_config {
+    order       = "stop-first"
+    parallelism = 1
+  }
+}
+resource "random_id" "vigil_iter" {
+  byte_length = 4
+  keepers = {
+    checksum = local.vigil_toml_checksum
+  }
+}
+resource "docker_config" "vigil" {
+  name = lower(join("-", [var.vigil_service_name, random_id.vigil_iter.hex]))
+  data = sensitive(base64encode(local.vigil_toml)) // I have marked this as sensitive just so it wont spam the hell out of the terminal with a wall of text. Its not actually sensitive.
+  lifecycle {
+    ignore_changes        = [name]
+    create_before_destroy = true
+  }
+}
--- a/modules/vigil/vigil.toml.tpl
+++ b/modules/vigil/vigil.toml.tpl
@ -0,0 +1,71 @@
+# Vigil
+# Microservices Status Page
+# Configuration file
+# Example: https://github.com/valeriansaliou/vigil/blob/master/config.cfg
+
+[server]
+log_level = "debug"
+inet = "0.0.0.0:3000"
+workers = 4
+
+manager_token = "${manager_token}"
+reporter_token = "${reporter_token}"
+
+[assets]
+path = "./res/assets/"
+
+[branding]
+page_title      = "${page_title}"
+page_url        = "${page_url}"
+company_name    = "${company_name}"
+icon_color      = "${icon_color}"
+icon_url        = "${icon_url}"
+logo_color      = "${logo_color}"
+logo_url        = "${logo_url}"
+website_url     = "${website_url}"
+support_url     = "${support_url}"
+custom_html     = "${custom_html}"
+
+[metrics]
+poll_interval = 15
+poll_retry = 2
+poll_http_status_healthy_above = 200
+poll_http_status_healthy_below = 400
+poll_delay_dead = 10
+poll_delay_sick = 5
+poll_parallelism = 4
+push_delay_dead = 20
+push_system_cpu_sick_above = 0.90
+push_system_ram_sick_above = 0.90
+script_interval = 300
+script_parallelism = 2
+local_delay_dead = 40
+
+[plugins]
+
+[plugins.rabbitmq]
+api_url = "http://127.0.0.1:15672"
+auth_username = "rabbitmq-administrator"
+auth_password = "RABBITMQ_ADMIN_PASSWORD"
+virtualhost = "crisp"
+queue_ready_healthy_below = 500
+queue_nack_healthy_below = 100
+queue_ready_dead_above = 20000
+queue_nack_dead_above = 5000
+queue_loaded_retry_delay = 500
+
+[notify]
+startup_notification = false
+reminder_interval = 600
+reminder_backoff_function = "linear"
+reminder_backoff_limit = 3
+
+#[notify.telegram]
+#bot_token = "xxxxxxxxxx:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+#chat_id = "xxxxxxxxx"
+
+[probe]
+
+%{ for service in services ~}
+${service}
+%{ endfor ~}
--- a/output.tf
+++ b/output.tf
@ -1,4 +1,4 @@
 output "minio" {
-value = module.minio
+  value = module.minio
 }

--- a/printers.tf
+++ b/printers.tf
@ -1,14 +1,49 @@
 resource "docker_image" "octoprint" {
-  provider = "docker.printi"
-  name = "octoprint"
+  provider = docker.printi
+  name     = "octoprint"
  build {
    context = "${path.module}/printers"
-    target = "octoprint-mjpg-streamer"
+    target  = "octoprint-mjpg-streamer"
+    tag     = ["ti-octoprint:latest"]
+  }
+}
+
+resource "docker_volume" "ender5plus" {
+  provider = docker.printi
+  name     = "ender5plus_config"
+}
+
+resource "docker_service" "ender5plus" {
+  provider = docker.printi
+  name     = "ender5plus"
+  task_spec {
+    container_spec {
+      image = docker_image.octoprint.name
+      mounts {
+        target = "/octoprint"
+        source = docker_volume.ender5plus.name
+        type   = "volume"
+      }
+      mounts {
+        target = "/dev/ttyACM0"
+        source = "/dev/serial/by-id/usb-FTDI_FT232R_USB_UART_A602AFFK-if00-port0"
+        type   = "bind"
+      }
+      env = {
+        #ENABLE_MJPG_STREAMER = "true"
+      }
+    }
+    restart_policy {
+      condition = "any"
+      delay     = "20s"
+      window    = "0s"
+    }
+  }
+  endpoint_spec {
+    ports {
+      target_port    = 80
+      published_port = 3000
+      publish_mode   = "ingress"
+    }
  }
 }
-/*
-resource "docker_container" "corexy" {
-  provider = "docker.printi"
-  image = docker_image.octoprint.name
-  name  = "corexy"
-}*/
--- a/ubiquity.tf
+++ b/ubiquity.tf
@ -0,0 +1,113 @@
+data "docker_registry_image" "unifi_controller" {
+  name = "jacobalberty/unifi"
+}
+resource "docker_service" "unifi_controller" {
+  name     = "unifi_controller"
+  provider = docker.unifi
+  task_spec {
+    container_spec {
+      image = "${data.docker_registry_image.unifi_controller.name}@${data.docker_registry_image.unifi_controller.sha256_digest}"
+      env = {
+        TZ = "Europe/Amsterdam"
+      }
+      mounts {
+        target = "/unifi"
+        source = "/home/techinc/unifi"
+        type   = "bind"
+      }
+    }
+    restart_policy {
+      condition = "any"
+      delay     = "0s"
+      window    = "0s"
+    }
+  }
+  endpoint_spec {
+    ports {
+      target_port    = 8443
+      published_port = 443
+      publish_mode   = "ingress"
+    }
+    ports {
+      target_port    = 8443
+      published_port = 8443
+      publish_mode   = "ingress"
+    }
+    ports {
+      target_port    = 3478
+      published_port = 3478
+      publish_mode   = "ingress"
+      protocol       = "udp"
+    }
+    ports {
+      target_port    = 10001
+      published_port = 10001
+      publish_mode   = "ingress"
+      protocol       = "udp"
+    }
+    ports {
+      target_port    = 8080
+      published_port = 8080
+      publish_mode   = "ingress"
+    }
+  }
+}
+
+data "docker_registry_image" "http2https" {
+  name = "articulate/http-to-https"
+}
+resource "docker_service" "unifi_http2https" {
+  name     = "http2https"
+  provider = docker.unifi
+
+  task_spec {
+    container_spec {
+      image = "${data.docker_registry_image.http2https.name}@${data.docker_registry_image.http2https.sha256_digest}"
+    }
+    restart_policy {
+      condition = "any"
+      delay     = "0s"
+      window    = "0s"
+    }
+  }
+  endpoint_spec {
+    ports {
+      target_port    = 80
+      published_port = 80
+      publish_mode   = "ingress"
+    }
+  }
+}
+
+data "docker_registry_image" "iperf" {
+  name     = "loganmarchione/docker-iperf3:latest"
+  provider = docker.unifi
+}
+resource "docker_service" "unifi_iperf" {
+  name     = "iperf"
+  provider = docker.unifi
+  task_spec {
+    container_spec {
+      image = "${data.docker_registry_image.iperf.name}@${data.docker_registry_image.iperf.sha256_digest}"
+    }
+    restart_policy {
+      condition = "any"
+      delay     = "0s"
+      window    = "0s"
+    }
+  }
+  endpoint_spec {
+    ports {
+      target_port    = 5201
+      published_port = 5201
+      publish_mode   = "ingress"
+      protocol       = "tcp"
+    }
+    ports {
+      target_port    = 5201
+      published_port = 5201
+      publish_mode   = "ingress"
+      protocol       = "udp"
+    }
+  }
+}
--- a/vigil.tf
+++ b/vigil.tf
@ -0,0 +1,25 @@
+module "vigil" {
+  source = "./modules/vigil"
+  services = {
+    "printers" = [
+      {
+        id    = "prin.ti"
+        label = "Prin.ti (Print Controller)"
+        endpoints = [
+          "icmp://prin.ti",
+          "tcp://prin.ti:22",
+          "http://prin.ti:3000",
+        ]
+        }, {
+        id    = "v400"
+        label = "FLSun V400"
+        endpoints = [
+          "icmp://v400.prin.ti",
+          "tcp://v400.prin.ti:22",
+          "http://v400.prin.ti:80",
+          "http://v400.prin.ti:8080",
+        ]
+      }
+    ]
+  }
+}
Author	SHA1	Message	Date
Matthew Baggett	6ed5cd5cef	Merge branch 'main' of ssh://git.grey.ooo:222/TechInc/IAC Some checks failed Trunk Check / Trunk Check Runner (push) Failing after 1s Details	2024-06-28 15:49:51 +02:00
Matthew Baggett	1e5bbb94ae	Non-functional Vigil	2024-06-28 15:49:44 +02:00
Matthew Baggett	70e46005a7	Ubiquity and printers included	2024-06-28 12:43:20 +02:00