diff --git a/.gitignore b/.gitignore index 1531c20..48a9a47 100644 --- a/.gitignore +++ b/.gitignore @@ -14,8 +14,8 @@ crash.*.log # password, private keys, and other secrets. These should not be part of version # control as they are data points which are potentially sensitive and subject # to change depending on the environment. -*.tfvars -*.tfvars.json +#*.tfvars +#*.tfvars.json # Ignore override files as they are usually used to override resources locally and so # are not checked in diff --git a/main.tf b/main.tf index 2fa3308..f457a6e 100644 --- a/main.tf +++ b/main.tf @@ -4,351 +4,21 @@ terraform { } } -module "lxc_haproxy" { - source = "./proxmox_lxc_container" - server_name = "haproxy" - server_desc = "* HAProxy (point de terminaison TLS IPv4)" - ip_suffix = 2 - tags = [ - "lbservers" - ] -} +module "lxc" { + source = "./proxmox_lxc_container" -module "lxc_bt" { - source = "./proxmox_lxc_container" - server_name = "bt" - server_desc = "* Transmission\n* Sonarr\n* Jackett" - ip_suffix = 3 - tags = [ - "btservers", - "resticservers", - "webservers", - ] - memory_dedicated = 1024 - unprivileged = false - disk = [{ - size = "150G" - path = "/var/lib/transmission-daemon" - }] - features = { - nesting = true - keyctl = null - fuse = null - mount = ["nfs"] - } -} + for_each = var.lxc_containers -module "lxc_mail" { - source = "./proxmox_lxc_container" - server_name = "mail" - server_desc = "* Postfix\n* Postgrey\n* Dovecot\n* Spamassassin\n* OpenDKIM\n* OpenDMARC" - ip_suffix = 4 - tags = [ - "mailservers", - "resticservers", - "webservers" - ] - start_on_boot = true - memory_dedicated = 512 - disk = [{ - size = "10G" - path = "/home" - }] -} - -module "lxc_web1" { - source = "./proxmox_lxc_container" - server_name = "web1" - server_desc = "* Shaarli\n* FreshRSS\n* Nextcloud\n* Blog\n* Roundcube\n* Firefly3\n* Repo\n* Koillection" - ip_suffix = 5 - tags = [ - "pgsqlservers", - "phpservers", - "resticservers", - "webservers" - ] - start_on_boot = true - cpu_cores = 2 - memory_dedicated = 2048 - disk = [ - { - size = "10G" - path = "/srv" - }, - { - size = "5G" - path = "/var/lib/postgresql" - } - ] -} - -module "lxc_web2" { - source = "./proxmox_lxc_container" - server_name = "web2" - server_desc = "* Wordpress\n* phpBB" - ip_suffix = 6 - tags = [ - "mariadbservers", - "phpservers", - "resticservers", - "webservers" - ] - start_on_boot = true - cpu_cores = 2 - memory_dedicated = 4096 - disk = [ - { - size = "60G" - path = "/srv" - }, - { - size = "5G" - path = "/var/lib/mysql" - } - ] -} - -module "lxc_voice1" { - source = "./proxmox_lxc_container" - server_name = "voice1" - server_desc = "* Mumble" - ip_suffix = 7 - tags = [ - "mumbleservers", - "resticservers" - ] - cpu_cores = 2 - memory_dedicated = 512 -} - -module "lxc_syslog" { - source = "./proxmox_lxc_container" - server_name = "syslog" - server_desc = "* syslog-ng" - ip_suffix = 8 - tags = [ - "rsyslogservers" - ] - disk = [{ - size = "20G" - path = "/srv" - }] -} - -module "lxc_voice3" { - source = "./proxmox_lxc_container" - server_name = "voice3" - server_desc = "* Icecast2" - ip_suffix = 9 - tags = [ - "icecastservers", - "webservers" - ] -} - -module "lxc_jabber" { - source = "./proxmox_lxc_container" - server_name = "jabber" - server_desc = "* Prosody" - ip_suffix = 10 - tags = [ - "resticservers", - "webservers", - "xmppservers" - ] -} - -module "lxc_garage1" { - source = "./proxmox_lxc_container" - server_name = "garage1" - server_desc = "* Nextcloud storage\n* Mastodon storage\n* Peertube storage" - ip_suffix = 11 - tags = [ - "garage_prd_cluster", - "resticservers", - "webservers" - ] - memory_dedicated = 1024 - start_on_boot = true - disk = [{ - size = "400G" - path = "/var/lib/private" - }] -} - -module "lxc_munin" { - source = "./proxmox_lxc_container" - server_name = "munin" - server_desc = "* munin" - ip_suffix = 12 - tags = [ - "muninservers", - "webservers" - ] -} - -module "lxc_unifi" { - source = "./proxmox_lxc_container" - server_name = "unifi" - server_desc = "* unifi server" - ip_suffix = 13 - memory_dedicated = 2048 -} - -module "lxc_ftp" { - source = "./proxmox_lxc_container" - server_name = "ftp" - server_desc = "* FTP pour les caméras" - ip_suffix = 14 - tags = [ - "ftpservers" - ] - disk = [{ - size = "60G" - path = "/srv" - }] -} - -module "lxc_dom" { - source = "./proxmox_lxc_container" - server_name = "dom" - server_desc = "* Jeedom\n* Z-wave USB" - ip_suffix = 15 - memory_dedicated = 512 - start_on_boot = true - debian_tmpl = "local:vztmpl/debian-11-standard_11.7-1_amd64.tar.zst" -} - -module "lxc_git1" { - source = "./proxmox_lxc_container" - server_name = "git1" - server_desc = "* Gitea" - ip_suffix = 16 - tags = [ - "actrunnerservers", - "giteaservers", - "pgsqlservers", - "resticservers", - "webservers", - ] - memory_dedicated = 1024 - cpu_cores = 2 - features = { - nesting = true - keyctl = true - fuse = true - mount = null - } - disk = [{ - size = "10G" - path = "/srv" - }, - { - size = "10G" - path = "/var/lib/docker" - }, - { - size = "5G" - path = "/var/lib/postgresql" - } - ] -} - -module "lxc_web3" { - source = "./proxmox_lxc_container" - server_name = "web3" - server_desc = "* Wordpress Sebi" - ip_suffix = 17 - tags = [ - "mariadbservers", - "phpservers", - "resticservers", - "webservers" - ] - memory_dedicated = 4096 - start_on_boot = true - started = false - disk = [{ - size = "10G" - path = "/srv" - }] -} - -module "lxc_vlt1" { - source = "./proxmox_lxc_container" - server_name = "vlt1" - server_desc = "* Vaultwarden" - ip_suffix = 18 - tags = [ - "resticservers", - "vaultservers", - "webservers" - ] -} - -module "lxc_masto1" { - source = "./proxmox_lxc_container" - server_name = "masto1" - server_desc = "* Mastodon" - ip_suffix = 19 - tags = [ - "resticservers", - "mastodonservers", - "pgsqlservers", - "webservers" - ] - cpu_cores = 2 - memory_dedicated = 4096 - disk = [ - { - size = "20G" - path = "/srv" - }, - { - size = "10G" - path = "/var/lib/postgresql" - } - ] -} - -module "lxc_pt1" { - source = "./proxmox_lxc_container" - server_name = "pt1" - server_desc = "* PeerTube" - ip_suffix = 20 - tags = [ - "resticservers", - "peertubeservers", - "pgsqlservers", - "webservers" - ] - cpu_cores = 2 - memory_dedicated = 2048 - disk = [ - { - size = "20G" - path = "/srv" - }, - { - size = "5G" - path = "/var/lib/postgresql" - } - ] -} - -module "lxc_es1" { - source = "./proxmox_lxc_container" - server_name = "es1" - server_desc = "Elastic Search" - ip_suffix = 21 - tags = [ - "resticservers", - "elasticsearchservers" - ] - memory_dedicated = 1024 - start_on_boot = true - disk = [{ - size = "10G" - path = "/srv" - }] + server_name = each.key + server_desc = each.value.server_desc + ip_suffix = each.value.ip_suffix + cpu_cores = each.value.cpu_cores + memory_dedicated = each.value.memory_dedicated + debian_tmpl = each.value.debian_tmpl + tags = each.value.tags + unprivileged = each.value.unprivileged + started = each.value.started + start_on_boot = each.value.start_on_boot + disk = each.value.disk + features = each.value.features } diff --git a/terraform.tfvars b/terraform.tfvars new file mode 100644 index 0000000..29dc543 --- /dev/null +++ b/terraform.tfvars @@ -0,0 +1,312 @@ +lxc_containers = { + haproxy = { + server_desc = "* HAProxy (point de terminaison TLS IPv4)" + ip_suffix = 2 + tags = [ + "lbservers" + ] + } + + bt = { + server_desc = "* Transmission\n* Sonarr\n* Jackett" + ip_suffix = 3 + tags = [ + "btservers", + "resticservers", + "webservers", + ] + memory_dedicated = 1024 + unprivileged = false + disk = [{ + size = "150G" + path = "/var/lib/transmission-daemon" + }] + features = { + nesting = true + keyctl = null + fuse = null + mount = ["nfs"] + } + } + + mail = { + server_desc = "* Postfix\n* Postgrey\n* Dovecot\n* Spamassassin\n* OpenDKIM\n* OpenDMARC" + ip_suffix = 4 + tags = [ + "mailservers", + "resticservers", + "webservers" + ] + start_on_boot = true + memory_dedicated = 512 + disk = [{ + size = "10G" + path = "/home" + }] + } + + web1 = { + server_desc = "* Shaarli\n* FreshRSS\n* Nextcloud\n* Blog\n* Roundcube\n* Firefly3\n* Repo\n* Koillection" + ip_suffix = 5 + tags = [ + "pgsqlservers", + "phpservers", + "resticservers", + "webservers" + ] + start_on_boot = true + cpu_cores = 2 + memory_dedicated = 2048 + disk = [ + { + size = "10G" + path = "/srv" + }, + { + size = "5G" + path = "/var/lib/postgresql" + } + ] + } + + web2 = { + server_desc = "* Wordpress\n* phpBB" + ip_suffix = 6 + tags = [ + "mariadbservers", + "phpservers", + "resticservers", + "webservers" + ] + start_on_boot = true + cpu_cores = 2 + memory_dedicated = 4096 + disk = [ + { + size = "60G" + path = "/srv" + }, + { + size = "5G" + path = "/var/lib/mysql" + } + ] + } + + voice1 = { + server_desc = "* Mumble" + ip_suffix = 7 + tags = [ + "mumbleservers", + "resticservers" + ] + cpu_cores = 2 + memory_dedicated = 512 + } + + syslog = { + server_desc = "* syslog-ng" + ip_suffix = 8 + tags = [ + "rsyslogservers" + ] + disk = [{ + size = "20G" + path = "/srv" + }] + } + + voice3 = { + server_desc = "* Icecast2" + ip_suffix = 9 + tags = [ + "icecastservers", + "webservers" + ] + } + + jabber = { + server_desc = "* Prosody" + ip_suffix = 10 + tags = [ + "resticservers", + "webservers", + "xmppservers" + ] + } + + garage1 = { + server_desc = "* Nextcloud storage\n* Mastodon storage\n* Peertube storage" + ip_suffix = 11 + tags = [ + "garage_prd_cluster", + "resticservers", + "webservers" + ] + memory_dedicated = 1024 + start_on_boot = true + disk = [{ + size = "400G" + path = "/var/lib/private" + }] + } + + munin = { + source = "./proxmox_lxc_container" + server_name = "munin" + server_desc = "* munin" + ip_suffix = 12 + tags = [ + "muninservers", + "webservers" + ] + } + + unifi = { + server_desc = "* unifi server" + ip_suffix = 13 + memory_dedicated = 2048 + } + + ftp = { + server_desc = "* FTP pour les caméras" + ip_suffix = 14 + tags = [ + "ftpservers" + ] + disk = [{ + size = "60G" + path = "/srv" + }] + } + + dom = { + server_desc = "* Jeedom\n* Z-wave USB" + ip_suffix = 15 + memory_dedicated = 512 + start_on_boot = true + debian_tmpl = "local:vztmpl/debian-11-standard_11.7-1_amd64.tar.zst" + } + + git1 = { + server_desc = "* Gitea" + ip_suffix = 16 + tags = [ + "actrunnerservers", + "giteaservers", + "pgsqlservers", + "resticservers", + "webservers", + ] + memory_dedicated = 1024 + cpu_cores = 2 + features = { + nesting = true + keyctl = true + fuse = true + mount = null + } + disk = [{ + size = "10G" + path = "/srv" + }, + { + size = "10G" + path = "/var/lib/docker" + }, + { + size = "5G" + path = "/var/lib/postgresql" + } + ] + } + + web3 = { + server_desc = "* Wordpress Sebi" + ip_suffix = 17 + tags = [ + "mariadbservers", + "phpservers", + "resticservers", + "webservers" + ] + memory_dedicated = 4096 + start_on_boot = true + started = false + disk = [{ + size = "10G" + path = "/srv" + }] + } + + vlt1 = { + server_desc = "* Vaultwarden" + ip_suffix = 18 + tags = [ + "resticservers", + "vaultservers", + "webservers" + ] + } + + masto1 = { + server_desc = "* Mastodon" + ip_suffix = 19 + tags = [ + "resticservers", + "mastodonservers", + "pgsqlservers", + "webservers" + ] + cpu_cores = 2 + memory_dedicated = 4096 + disk = [ + { + size = "20G" + path = "/srv" + }, + { + size = "10G" + path = "/var/lib/postgresql" + } + ] + } + + pt1 = { + server_desc = "* PeerTube" + ip_suffix = 20 + tags = [ + "resticservers", + "peertubeservers", + "pgsqlservers", + "webservers" + ] + cpu_cores = 2 + memory_dedicated = 2048 + disk = [ + { + size = "20G" + path = "/srv" + }, + { + size = "5G" + path = "/var/lib/postgresql" + } + ] + } + + es1 = { + server_desc = "Elastic Search" + ip_suffix = 21 + tags = [ + "resticservers", + "elasticsearchservers" + ] + memory_dedicated = 1024 + start_on_boot = true + disk = [{ + size = "10G" + path = "/srv" + }] + } +} diff --git a/variables.tf b/variables.tf index 7f177ac..7547ce8 100644 --- a/variables.tf +++ b/variables.tf @@ -1,3 +1,34 @@ variable "HOME" { type = string } + +variable "lxc_containers" { + description = "Complete declarative description of a machine" + type = map(object({ + server_desc = string + ip_suffix = number + cpu_cores = optional(number, 1) + memory_dedicated = optional(number, 256) + tags = optional(list(string), []) + unprivileged = optional(bool, true) + started = optional(bool, true) + start_on_boot = optional(bool, false) + debian_tmpl = optional(string, "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst") + disk = optional(list(object({ + path = string + size = string + })), []) + features = optional(object({ + nesting = bool + fuse = bool + keyctl = bool + mount = list(string) + }), + { + nesting = true + fuse = null + keyctl = null + mount = null + }) + })) +}