slfhst/tofu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🚨: fmt tofu
All checks were successful
terraform-lint / terraform-lint (push) Successful in 31s
Details

Browse Source
This commit is contained in:
VC
2025-03-06 17:41:27 +01:00
parent 0c0a11cfd8
commit 9342c38e78
8 changed files with 331 additions and 331 deletions
Download Patch File Download Diff File Expand all files Collapse all files

372
main.tf
View File

@@ -1,251 +1,251 @@
terraform { terraform {
backend "local" { backend "local" {
path = "${var.HOME}/Nextcloud/tofu/terraform.tfstate" path = "${var.HOME}/Nextcloud/tofu/terraform.tfstate"
} }
} }
module "lxc_haproxy" { module "lxc_haproxy" {
source = "./proxmox_lxc_container" source = "./proxmox_lxc_container"
server_name = "haproxy" server_name = "haproxy"
server_desc = "* HAProxy (point de terminaison TLS IPv4)" server_desc = "* HAProxy (point de terminaison TLS IPv4)"
ip_suffix = 2 ip_suffix = 2
} }
module "lxc_bt" { module "lxc_bt" {
source = "./proxmox_lxc_container" source = "./proxmox_lxc_container"
server_name = "bt" server_name = "bt"
server_desc = "* Transmission\n* Sonarr\n* Jackett" server_desc = "* Transmission\n* Sonarr\n* Jackett"
ip_suffix = 3 ip_suffix = 3
memory_dedicated = 1024 memory_dedicated = 1024
unprivileged = false unprivileged = false
disk = [{ disk = [{
size = "150G" size = "150G"
path = "/var/lib/transmission-daemon" path = "/var/lib/transmission-daemon"
}] }]
features = { features = {
nesting = true nesting = true
keyctl = null keyctl = null
fuse = null fuse = null
mount = ["nfs"] mount = ["nfs"]
} }
} }
module "lxc_mail" { module "lxc_mail" {
source = "./proxmox_lxc_container" source = "./proxmox_lxc_container"
server_name = "mail" server_name = "mail"
server_desc = "* Postfix\n* Postgrey\n* Dovecot\n* Spamassassin\n* OpenDKIM\n* OpenDMARC" server_desc = "* Postfix\n* Postgrey\n* Dovecot\n* Spamassassin\n* OpenDKIM\n* OpenDMARC"
ip_suffix = 4 ip_suffix = 4
start_on_boot = true start_on_boot = true
memory_dedicated = 512 memory_dedicated = 512
disk = [{ disk = [{
size = "10G" size = "10G"
path = "/home" path = "/home"
}] }]
} }
module "lxc_web1" { module "lxc_web1" {
source = "./proxmox_lxc_container" source = "./proxmox_lxc_container"
server_name = "web1" server_name = "web1"
server_desc = "* Shaarli\n* FreshRSS\n* Nextcloud\n* Blog\n* Roundcube\n* Firefly3\n* Repo\n* Koillection" server_desc = "* Shaarli\n* FreshRSS\n* Nextcloud\n* Blog\n* Roundcube\n* Firefly3\n* Repo\n* Koillection"
ip_suffix = 5 ip_suffix = 5
start_on_boot = true start_on_boot = true
cpu_cores = 2 cpu_cores = 2
memory_dedicated = 2048 memory_dedicated = 2048
disk = [{ disk = [{
size = "10G" size = "10G"
path = "/srv" path = "/srv"
}] }]
} }
module "lxc_web2" { module "lxc_web2" {
source = "./proxmox_lxc_container" source = "./proxmox_lxc_container"
server_name = "web2" server_name = "web2"
server_desc = "* Wordpress\n* phpBB" server_desc = "* Wordpress\n* phpBB"
ip_suffix = 6 ip_suffix = 6
start_on_boot = true start_on_boot = true
cpu_cores = 2 cpu_cores = 2
memory_dedicated = 4096 memory_dedicated = 4096
disk = [{ disk = [{
size = "60G" size = "60G"
path = "/srv" path = "/srv"
}] }]
} }
module "lxc_voice1" { module "lxc_voice1" {
source = "./proxmox_lxc_container" source = "./proxmox_lxc_container"
server_name = "voice1" server_name = "voice1"
server_desc = "* Mumble" server_desc = "* Mumble"
ip_suffix = 7 ip_suffix = 7
cpu_cores = 2 cpu_cores = 2
memory_dedicated = 512 memory_dedicated = 512
} }
module "lxc_syslog" { module "lxc_syslog" {
source = "./proxmox_lxc_container" source = "./proxmox_lxc_container"
server_name = "syslog" server_name = "syslog"
server_desc = "* syslog-ng" server_desc = "* syslog-ng"
ip_suffix = 8 ip_suffix = 8
disk = [{ disk = [{
size = "20G" size = "20G"
path = "/srv" path = "/srv"
}] }]
} }
module "lxc_voice3" { module "lxc_voice3" {
source = "./proxmox_lxc_container" source = "./proxmox_lxc_container"
server_name = "voice3" server_name = "voice3"
server_desc = "* Icecast2" server_desc = "* Icecast2"
ip_suffix = 9 ip_suffix = 9
} }
module "lxc_jabber" { module "lxc_jabber" {
source = "./proxmox_lxc_container" source = "./proxmox_lxc_container"
server_name = "jabber" server_name = "jabber"
server_desc = "* Prosody" server_desc = "* Prosody"
ip_suffix = 10 ip_suffix = 10
} }
module "lxc_garage1" { module "lxc_garage1" {
source = "./proxmox_lxc_container" source = "./proxmox_lxc_container"
server_name = "garage1" server_name = "garage1"
server_desc = "* Nextcloud storage\n* Mastodon storage\n* Peertube storage" server_desc = "* Nextcloud storage\n* Mastodon storage\n* Peertube storage"
ip_suffix = 11 ip_suffix = 11
memory_dedicated = 1024 memory_dedicated = 1024
start_on_boot = true start_on_boot = true
disk = [{ disk = [{
size = "400G" size = "400G"
path = "/var/lib/private" path = "/var/lib/private"
}] }]
} }
module "lxc_munin" { module "lxc_munin" {
source = "./proxmox_lxc_container" source = "./proxmox_lxc_container"
server_name = "munin" server_name = "munin"
server_desc = "* munin" server_desc = "* munin"
ip_suffix = 12 ip_suffix = 12
} }
module "lxc_unifi" { module "lxc_unifi" {
source = "./proxmox_lxc_container" source = "./proxmox_lxc_container"
server_name = "unifi" server_name = "unifi"
server_desc = "* unifi server" server_desc = "* unifi server"
ip_suffix = "13" ip_suffix = "13"
memory_dedicated = 2048 memory_dedicated = 2048
} }
module "lxc_ftp" { module "lxc_ftp" {
source = "./proxmox_lxc_container" source = "./proxmox_lxc_container"
server_name = "ftp" server_name = "ftp"
server_desc = "* FTP pour les caméras" server_desc = "* FTP pour les caméras"
ip_suffix = "14" ip_suffix = "14"
disk = [{ disk = [{
size = "60G" size = "60G"
path = "/srv" path = "/srv"
}] }]
} }
module "lxc_dom" { module "lxc_dom" {
source = "./proxmox_lxc_container" source = "./proxmox_lxc_container"
server_name = "dom" server_name = "dom"
server_desc = "* Jeedom\n* Z-wave USB" server_desc = "* Jeedom\n* Z-wave USB"
ip_suffix = "15" ip_suffix = "15"
memory_dedicated = 512 memory_dedicated = 512
start_on_boot = true start_on_boot = true
debian_tmpl = "local:vztmpl/debian-11-standard_11.7-1_amd64.tar.zst" debian_tmpl = "local:vztmpl/debian-11-standard_11.7-1_amd64.tar.zst"
} }
module "lxc_git1" { module "lxc_git1" {
source = "./proxmox_lxc_container" source = "./proxmox_lxc_container"
server_name = "git1" server_name = "git1"
server_desc = "* Gitea" server_desc = "* Gitea"
ip_suffix = "16" ip_suffix = "16"
memory_dedicated = 1024 memory_dedicated = 1024
cpu_cores = 2 cpu_cores = 2
features = { features = {
nesting = true nesting = true
keyctl = true keyctl = true
fuse = true fuse = true
mount = null mount = null
} }
disk = [{ disk = [{
size = "10G" size = "10G"
path = "/srv" path = "/srv"
}] }]
} }
module "lxc_web3" { module "lxc_web3" {
source = "./proxmox_lxc_container" source = "./proxmox_lxc_container"
server_name = "web3" server_name = "web3"
server_desc = "* Wordpress Sebi" server_desc = "* Wordpress Sebi"
ip_suffix = "17" ip_suffix = "17"
memory_dedicated = 4096 memory_dedicated = 4096
start_on_boot = true start_on_boot = true
disk = [{ disk = [{
size = "10G" size = "10G"
path = "/srv" path = "/srv"
}] }]
} }
module "lxc_vlt1" { module "lxc_vlt1" {
source = "./proxmox_lxc_container" source = "./proxmox_lxc_container"
server_name = "vlt1" server_name = "vlt1"
server_desc = "* Vaultwarden" server_desc = "* Vaultwarden"
ip_suffix = "18" ip_suffix = "18"
} }
module "lxc_masto1" { module "lxc_masto1" {
source = "./proxmox_lxc_container" source = "./proxmox_lxc_container"
server_name = "masto1" server_name = "masto1"
server_desc = "* Mastodon" server_desc = "* Mastodon"
ip_suffix = 19 ip_suffix = 19
cpu_cores = 2 cpu_cores = 2
memory_dedicated = 4096 memory_dedicated = 4096
disk = [{ disk = [{
size = "20G" size = "20G"
path = "/srv" path = "/srv"
}] }]
} }
module "lxc_pt1" { module "lxc_pt1" {
source = "./proxmox_lxc_container" source = "./proxmox_lxc_container"
server_name = "pt1" server_name = "pt1"
server_desc = "* PeerTube" server_desc = "* PeerTube"
ip_suffix = 20 ip_suffix = 20
cpu_cores = 2 cpu_cores = 2
memory_dedicated = 2048 memory_dedicated = 2048
disk = [{ disk = [{
size = "20G" size = "20G"
path = "/srv" path = "/srv"
}] }]
} }
module "lxc_es1" { module "lxc_es1" {
source = "./proxmox_lxc_container" source = "./proxmox_lxc_container"
server_name = "es1" server_name = "es1"
server_desc = "Elastic Search" server_desc = "Elastic Search"
ip_suffix = 21 ip_suffix = 21
memory_dedicated = 1024 memory_dedicated = 1024
start_on_boot = true start_on_boot = true
disk = [{ disk = [{
size = "10G" size = "10G"
path = "/srv" path = "/srv"
}] }]
} }
module "lxc_git2" { module "lxc_git2" {
source = "./proxmox_lxc_container" source = "./proxmox_lxc_container"
server_name = "git2" server_name = "git2"
server_desc = "Kata/dojo act_runner/Ansible" server_desc = "Kata/dojo act_runner/Ansible"
ip_suffix = 22 ip_suffix = 22
memory_dedicated = 1024 memory_dedicated = 1024
disk = [{ disk = [{
size = "10G" size = "10G"
path = "/var/lib/docker" path = "/var/lib/docker"
}] }]
features = { features = {
nesting = true nesting = true
keyctl = true keyctl = true
fuse = true fuse = true
mount = null mount = null
} }
} }

24
providers.tf
View File

@@ -1,20 +1,20 @@
terraform { terraform {
required_providers { required_providers {
ovh = { ovh = {
source = "ovh/ovh" source = "ovh/ovh"
version = "1.6.0" version = "1.6.0"
} }
proxmox = { proxmox = {
source = "bpg/proxmox" source = "bpg/proxmox"
version = "0.71.0" version = "0.71.0"
} }
} }
} }
provider "ovh" { provider "ovh" {
endpoint = "ovh-eu" endpoint = "ovh-eu"
} }
provider "proxmox" { provider "proxmox" {
insecure = "true" insecure = "true"
} }

16
proxmox_lxc_container/locals.tf
View File

@@ -1,10 +1,10 @@
locals { locals {
ssh_key = [ ssh_key = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILxJNQPyVqQG1C5xEMuyUF9AzZd8s5J7k0kZ7qzn9a0P cveret@HLD5CD4424T4V", "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILxJNQPyVqQG1C5xEMuyUF9AzZd8s5J7k0kZ7qzn9a0P cveret@HLD5CD4424T4V",
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDjHhcQS8S9k/GX9TyD2F6/jOWwSvoYDIXetLOi0Nm2t mortal@baybay-ponay.mateu.be" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDjHhcQS8S9k/GX9TyD2F6/jOWwSvoYDIXetLOi0Nm2t mortal@baybay-ponay.mateu.be"
] ]
public_ipv4_addr = "82.66.135.228" public_ipv4_addr = "82.66.135.228"
private_ipv4_prefix = "10.233.212" private_ipv4_prefix = "10.233.212"
public_ipv6_prefix = "2a01:e0a:9bd:2811" public_ipv6_prefix = "2a01:e0a:9bd:2811"
infra_related_domain = "mateu.be" infra_related_domain = "mateu.be"
} }

134
proxmox_lxc_container/main.tf
View File

@@ -1,90 +1,90 @@
# Add a record to a sub-domain # Add a record to a sub-domain
resource "ovh_domain_zone_record" "record_v4" { resource "ovh_domain_zone_record" "record_v4" {
zone = local.infra_related_domain zone = local.infra_related_domain
subdomain = "${var.server_name}.dmz" subdomain = "${var.server_name}.dmz"
fieldtype = "A" fieldtype = "A"
target = local.public_ipv4_addr target = local.public_ipv4_addr
} }
resource "ovh_domain_zone_record" "record_v6" { resource "ovh_domain_zone_record" "record_v6" {
zone = local.infra_related_domain zone = local.infra_related_domain
subdomain = "${var.server_name}.dmz" subdomain = "${var.server_name}.dmz"
fieldtype = "AAAA" fieldtype = "AAAA"
target = "${local.public_ipv6_prefix}::${var.ip_suffix}" target = "${local.public_ipv6_prefix}::${var.ip_suffix}"
} }
resource "proxmox_virtual_environment_container" "container" { resource "proxmox_virtual_environment_container" "container" {
node_name = "serenor" node_name = "serenor"
description = var.server_desc description = var.server_desc
tags = var.tags tags = var.tags
unprivileged = var.unprivileged unprivileged = var.unprivileged
start_on_boot = var.start_on_boot start_on_boot = var.start_on_boot
features { features {
nesting = var.features.nesting nesting = var.features.nesting
fuse = var.features.fuse fuse = var.features.fuse
keyctl = var.features.keyctl keyctl = var.features.keyctl
mount = var.features.mount mount = var.features.mount
} }
cpu { cpu {
cores = "${var.cpu_cores}" cores = var.cpu_cores
} }
memory { memory {
dedicated = "${var.memory_dedicated}" dedicated = var.memory_dedicated
swap = "512" swap = "512"
} }
initialization { initialization {
hostname = var.server_name hostname = var.server_name
ip_config { ip_config {
ipv4 { ipv4 {
address = "${local.private_ipv4_prefix}.${var.ip_suffix}/26" address = "${local.private_ipv4_prefix}.${var.ip_suffix}/26"
gateway = "${local.private_ipv4_prefix}.1" gateway = "${local.private_ipv4_prefix}.1"
} }
ipv6 { ipv6 {
address = "${local.public_ipv6_prefix}::${var.ip_suffix}/64" address = "${local.public_ipv6_prefix}::${var.ip_suffix}/64"
gateway = "${local.public_ipv6_prefix}::1" gateway = "${local.public_ipv6_prefix}::1"
} }
} }
user_account { user_account {
keys = local.ssh_key keys = local.ssh_key
password = random_password.container_password.result password = random_password.container_password.result
} }
} }
disk { disk {
datastore_id = "local-zfs" datastore_id = "local-zfs"
size = 8 size = 8
} }
network_interface { network_interface {
name = "eth0" name = "eth0"
firewall = true firewall = true
} }
operating_system { operating_system {
template_file_id = var.debian_tmpl template_file_id = var.debian_tmpl
type = "debian" type = "debian"
} }
dynamic "mount_point" { dynamic "mount_point" {
for_each = var.disk for_each = var.disk
iterator = mydisk iterator = mydisk
content { content {
volume = "local-zfs" volume = "local-zfs"
size = mydisk.value.size size = mydisk.value.size
path = mydisk.value.path path = mydisk.value.path
} }
} }
} }
resource "random_password" "container_password" { resource "random_password" "container_password" {
length = 16 length = 16
override_special = "_%@" override_special = "_%@"
special = true special = true
} }

4
proxmox_lxc_container/outputs.tf
View File

@@ -1,4 +1,4 @@
output "container_password" { output "container_password" {
value = random_password.container_password.result value = random_password.container_password.result
sensitive = true sensitive = true
} }

20
proxmox_lxc_container/providers.tf
View File

@@ -1,12 +1,12 @@
terraform { terraform {
required_providers { required_providers {
ovh = { ovh = {
source = "ovh/ovh" source = "ovh/ovh"
version = "1.6.0" version = "1.6.0"
} }
proxmox = { proxmox = {
source = "bpg/proxmox" source = "bpg/proxmox"
version = "0.71.0" version = "0.71.0"
} }
} }
} }

90
proxmox_lxc_container/variables.tf
View File

@@ -1,77 +1,77 @@
variable "cpu_cores" { variable "cpu_cores" {
description = "Number of CPUs for the server" description = "Number of CPUs for the server"
type = number type = number
default = 1 default = 1
} }
variable "start_on_boot" { variable "start_on_boot" {
description = "Shall the VM start at boot?" description = "Shall the VM start at boot?"
type= bool type = bool
default = false default = false
} }
variable "memory_dedicated" { variable "memory_dedicated" {
description = "RAM quantity" description = "RAM quantity"
type = number type = number
default = 256 default = 256
} }
variable "server_name" { variable "server_name" {
description = "Name of the server" description = "Name of the server"
type = string type = string
} }
variable "server_desc" { variable "server_desc" {
description = "Description of the server" description = "Description of the server"
type = string type = string
} }
variable "tags" { variable "tags" {
description = "Tags to be associated to the VM" description = "Tags to be associated to the VM"
type = list(string) type = list(string)
default = [] default = []
} }
variable "features" { variable "features" {
description = "Proxmox Container Features" description = "Proxmox Container Features"
type = object({ type = object({
nesting = bool nesting = bool
fuse = bool fuse = bool
keyctl = bool keyctl = bool
mount = list(string) mount = list(string)
}) })
default = { default = {
nesting = true nesting = true
fuse = null fuse = null
keyctl = null keyctl = null
mount = null mount = null
} }
} }
variable "unprivileged" { variable "unprivileged" {
description = "Unprivileged LXC container" description = "Unprivileged LXC container"
type = bool type = bool
default = true default = true
} }
variable "ip_suffix" { variable "ip_suffix" {
description = "IP suffix" description = "IP suffix"
type = number type = number
} }
variable "disk" { variable "disk" {
description = "Size and type of disk" description = "Size and type of disk"
type = list(object({ type = list(object({
path = string path = string
size = string size = string
})) }))
default = [] default = []
} }
variable "debian_tmpl" { variable "debian_tmpl" {
description = "Debian template to use" description = "Debian template to use"
type = string type = string
default = "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst" default = "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst"
## other possible value ## other possible value
# "local:vztmpl/debian-11-standard_11.7-1_amd64.tar.zst" # "local:vztmpl/debian-11-standard_11.7-1_amd64.tar.zst"
} }

2
variables.tf
View File

@@ -1,3 +1,3 @@
variable "HOME" { variable "HOME" {
type = string type = string
} }