slfhst/tofu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

♻: refactor with for_each #2

Merged
clement.veret merged 1 commits from switch_to_tfvars into main 2025-03-27 16:29:35 +01:00
Conversation 0 Commits 1 Files Changed 4 +360 -347
4 changed files with 360 additions and 347 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@@ -14,8 +14,8 @@ crash.*.log
# password, private keys, and other secrets. These should not be part of version # password, private keys, and other secrets. These should not be part of version
# control as they are data points which are potentially sensitive and subject # control as they are data points which are potentially sensitive and subject
# to change depending on the environment. # to change depending on the environment.
*.tfvars #*.tfvars
*.tfvars.json #*.tfvars.json
# Ignore override files as they are usually used to override resources locally and so # Ignore override files as they are usually used to override resources locally and so
# are not checked in # are not checked in

360
main.tf
View File

@@ -4,351 +4,21 @@ terraform {
} }
} }
module "lxc_haproxy" { module "lxc" {
source = "./proxmox_lxc_container" source = "./proxmox_lxc_container"
server_name = "haproxy"
server_desc = "* HAProxy (point de terminaison TLS IPv4)"
ip_suffix = 2
tags = [
"lbservers"
]
}
module "lxc_bt" { for_each = var.lxc_containers
source = "./proxmox_lxc_container"
server_name = "bt"
server_desc = "* Transmission\n* Sonarr\n* Jackett"
ip_suffix = 3
tags = [
"btservers",
"resticservers",
"webservers",
]
memory_dedicated = 1024
unprivileged = false
disk = [{
size = "150G"
path = "/var/lib/transmission-daemon"
}]
features = {
nesting = true
keyctl = null
fuse = null
mount = ["nfs"]
}
}
module "lxc_mail" { server_name = each.key
source = "./proxmox_lxc_container" server_desc = each.value.server_desc
server_name = "mail" ip_suffix = each.value.ip_suffix
server_desc = "* Postfix\n* Postgrey\n* Dovecot\n* Spamassassin\n* OpenDKIM\n* OpenDMARC" cpu_cores = each.value.cpu_cores
ip_suffix = 4 memory_dedicated = each.value.memory_dedicated
tags = [ debian_tmpl = each.value.debian_tmpl
"mailservers", tags = each.value.tags
"resticservers", unprivileged = each.value.unprivileged
"webservers" started = each.value.started
] start_on_boot = each.value.start_on_boot
start_on_boot = true disk = each.value.disk
memory_dedicated = 512 features = each.value.features
disk = [{
size = "10G"
path = "/home"
}]
}
module "lxc_web1" {
source = "./proxmox_lxc_container"
server_name = "web1"
server_desc = "* Shaarli\n* FreshRSS\n* Nextcloud\n* Blog\n* Roundcube\n* Firefly3\n* Repo\n* Koillection"
ip_suffix = 5
tags = [
"pgsqlservers",
"phpservers",
"resticservers",
"webservers"
]
start_on_boot = true
cpu_cores = 2
memory_dedicated = 2048
disk = [
{
size = "10G"
path = "/srv"
},
{
size = "5G"
path = "/var/lib/postgresql"
}
]
}
module "lxc_web2" {
source = "./proxmox_lxc_container"
server_name = "web2"
server_desc = "* Wordpress\n* phpBB"
ip_suffix = 6
tags = [
"mariadbservers",
"phpservers",
"resticservers",
"webservers"
]
start_on_boot = true
cpu_cores = 2
memory_dedicated = 4096
disk = [
{
size = "60G"
path = "/srv"
},
{
size = "5G"
path = "/var/lib/mysql"
}
]
}
module "lxc_voice1" {
source = "./proxmox_lxc_container"
server_name = "voice1"
server_desc = "* Mumble"
ip_suffix = 7
tags = [
"mumbleservers",
"resticservers"
]
cpu_cores = 2
memory_dedicated = 512
}
module "lxc_syslog" {
source = "./proxmox_lxc_container"
server_name = "syslog"
server_desc = "* syslog-ng"
ip_suffix = 8
tags = [
"rsyslogservers"
]
disk = [{
size = "20G"
path = "/srv"
}]
}
module "lxc_voice3" {
source = "./proxmox_lxc_container"
server_name = "voice3"
server_desc = "* Icecast2"
ip_suffix = 9
tags = [
"icecastservers",
"webservers"
]
}
module "lxc_jabber" {
source = "./proxmox_lxc_container"
server_name = "jabber"
server_desc = "* Prosody"
ip_suffix = 10
tags = [
"resticservers",
"webservers",
"xmppservers"
]
}
module "lxc_garage1" {
source = "./proxmox_lxc_container"
server_name = "garage1"
server_desc = "* Nextcloud storage\n* Mastodon storage\n* Peertube storage"
ip_suffix = 11
tags = [
"garage_prd_cluster",
"resticservers",
"webservers"
]
memory_dedicated = 1024
start_on_boot = true
disk = [{
size = "400G"
path = "/var/lib/private"
}]
}
module "lxc_munin" {
source = "./proxmox_lxc_container"
server_name = "munin"
server_desc = "* munin"
ip_suffix = 12
tags = [
"muninservers",
"webservers"
]
}
module "lxc_unifi" {
source = "./proxmox_lxc_container"
server_name = "unifi"
server_desc = "* unifi server"
ip_suffix = 13
memory_dedicated = 2048
}
module "lxc_ftp" {
source = "./proxmox_lxc_container"
server_name = "ftp"
server_desc = "* FTP pour les caméras"
ip_suffix = 14
tags = [
"ftpservers"
]
disk = [{
size = "60G"
path = "/srv"
}]
}
module "lxc_dom" {
source = "./proxmox_lxc_container"
server_name = "dom"
server_desc = "* Jeedom\n* Z-wave USB"
ip_suffix = 15
memory_dedicated = 512
start_on_boot = true
debian_tmpl = "local:vztmpl/debian-11-standard_11.7-1_amd64.tar.zst"
}
module "lxc_git1" {
source = "./proxmox_lxc_container"
server_name = "git1"
server_desc = "* Gitea"
ip_suffix = 16
tags = [
"actrunnerservers",
"giteaservers",
"pgsqlservers",
"resticservers",
"webservers",
]
memory_dedicated = 1024
cpu_cores = 2
features = {
nesting = true
keyctl = true
fuse = true
mount = null
}
disk = [{
size = "10G"
path = "/srv"
},
{
size = "10G"
path = "/var/lib/docker"
},
{
size = "5G"
path = "/var/lib/postgresql"
}
]
}
module "lxc_web3" {
source = "./proxmox_lxc_container"
server_name = "web3"
server_desc = "* Wordpress Sebi"
ip_suffix = 17
tags = [
"mariadbservers",
"phpservers",
"resticservers",
"webservers"
]
memory_dedicated = 4096
start_on_boot = true
started = false
disk = [{
size = "10G"
path = "/srv"
}]
}
module "lxc_vlt1" {
source = "./proxmox_lxc_container"
server_name = "vlt1"
server_desc = "* Vaultwarden"
ip_suffix = 18
tags = [
"resticservers",
"vaultservers",
"webservers"
]
}
module "lxc_masto1" {
source = "./proxmox_lxc_container"
server_name = "masto1"
server_desc = "* Mastodon"
ip_suffix = 19
tags = [
"resticservers",
"mastodonservers",
"pgsqlservers",
"webservers"
]
cpu_cores = 2
memory_dedicated = 4096
disk = [
{
size = "20G"
path = "/srv"
},
{
size = "10G"
path = "/var/lib/postgresql"
}
]
}
module "lxc_pt1" {
source = "./proxmox_lxc_container"
server_name = "pt1"
server_desc = "* PeerTube"
ip_suffix = 20
tags = [
"resticservers",
"peertubeservers",
"pgsqlservers",
"webservers"
]
cpu_cores = 2
memory_dedicated = 2048
disk = [
{
size = "20G"
path = "/srv"
},
{
size = "5G"
path = "/var/lib/postgresql"
}
]
}
module "lxc_es1" {
source = "./proxmox_lxc_container"
server_name = "es1"
server_desc = "Elastic Search"
ip_suffix = 21
tags = [
"resticservers",
"elasticsearchservers"
]
memory_dedicated = 1024
start_on_boot = true
disk = [{
size = "10G"
path = "/srv"
}]
} }

312
terraform.tfvars Normal file
View File

@@ -0,0 +1,312 @@
lxc_containers = {
haproxy = {
server_desc = "* HAProxy (point de terminaison TLS IPv4)"
ip_suffix = 2
tags = [
"lbservers"
]
}
bt = {
server_desc = "* Transmission\n* Sonarr\n* Jackett"
ip_suffix = 3
tags = [
"btservers",
"resticservers",
"webservers",
]
memory_dedicated = 1024
unprivileged = false
disk = [{
size = "150G"
path = "/var/lib/transmission-daemon"
}]
features = {
nesting = true
keyctl = null
fuse = null
mount = ["nfs"]
}
}
mail = {
server_desc = "* Postfix\n* Postgrey\n* Dovecot\n* Spamassassin\n* OpenDKIM\n* OpenDMARC"
ip_suffix = 4
tags = [
"mailservers",
"resticservers",
"webservers"
]
start_on_boot = true
memory_dedicated = 512
disk = [{
size = "10G"
path = "/home"
}]
}
web1 = {
server_desc = "* Shaarli\n* FreshRSS\n* Nextcloud\n* Blog\n* Roundcube\n* Firefly3\n* Repo\n* Koillection"
ip_suffix = 5
tags = [
"pgsqlservers",
"phpservers",
"resticservers",
"webservers"
]
start_on_boot = true
cpu_cores = 2
memory_dedicated = 2048
disk = [
{
size = "10G"
path = "/srv"
},
{
size = "5G"
path = "/var/lib/postgresql"
}
]
}
web2 = {
server_desc = "* Wordpress\n* phpBB"
ip_suffix = 6
tags = [
"mariadbservers",
"phpservers",
"resticservers",
"webservers"
]
start_on_boot = true
cpu_cores = 2
memory_dedicated = 4096
disk = [
{
size = "60G"
path = "/srv"
},
{
size = "5G"
path = "/var/lib/mysql"
}
]
}
voice1 = {
server_desc = "* Mumble"
ip_suffix = 7
tags = [
"mumbleservers",
"resticservers"
]
cpu_cores = 2
memory_dedicated = 512
}
syslog = {
server_desc = "* syslog-ng"
ip_suffix = 8
tags = [
"rsyslogservers"
]
disk = [{
size = "20G"
path = "/srv"
}]
}
voice3 = {
server_desc = "* Icecast2"
ip_suffix = 9
tags = [
"icecastservers",
"webservers"
]
}
jabber = {
server_desc = "* Prosody"
ip_suffix = 10
tags = [
"resticservers",
"webservers",
"xmppservers"
]
}
garage1 = {
server_desc = "* Nextcloud storage\n* Mastodon storage\n* Peertube storage"
ip_suffix = 11
tags = [
"garage_prd_cluster",
"resticservers",
"webservers"
]
memory_dedicated = 1024
start_on_boot = true
disk = [{
size = "400G"
path = "/var/lib/private"
}]
}
munin = {
source = "./proxmox_lxc_container"
server_name = "munin"
server_desc = "* munin"
ip_suffix = 12
tags = [
"muninservers",
"webservers"
]
}
unifi = {
server_desc = "* unifi server"
ip_suffix = 13
memory_dedicated = 2048
}
ftp = {
server_desc = "* FTP pour les caméras"
ip_suffix = 14
tags = [
"ftpservers"
]
disk = [{
size = "60G"
path = "/srv"
}]
}
dom = {
server_desc = "* Jeedom\n* Z-wave USB"
ip_suffix = 15
memory_dedicated = 512
start_on_boot = true
debian_tmpl = "local:vztmpl/debian-11-standard_11.7-1_amd64.tar.zst"
}
git1 = {
server_desc = "* Gitea"
ip_suffix = 16
tags = [
"actrunnerservers",
"giteaservers",
"pgsqlservers",
"resticservers",
"webservers",
]
memory_dedicated = 1024
cpu_cores = 2
features = {
nesting = true
keyctl = true
fuse = true
mount = null
}
disk = [{
size = "10G"
path = "/srv"
},
{
size = "10G"
path = "/var/lib/docker"
},
{
size = "5G"
path = "/var/lib/postgresql"
}
]
}
web3 = {
server_desc = "* Wordpress Sebi"
ip_suffix = 17
tags = [
"mariadbservers",
"phpservers",
"resticservers",
"webservers"
]
memory_dedicated = 4096
start_on_boot = true
started = false
disk = [{
size = "10G"
path = "/srv"
}]
}
vlt1 = {
server_desc = "* Vaultwarden"
ip_suffix = 18
tags = [
"resticservers",
"vaultservers",
"webservers"
]
}
masto1 = {
server_desc = "* Mastodon"
ip_suffix = 19
tags = [
"resticservers",
"mastodonservers",
"pgsqlservers",
"webservers"
]
cpu_cores = 2
memory_dedicated = 4096
disk = [
{
size = "20G"
path = "/srv"
},
{
size = "10G"
path = "/var/lib/postgresql"
}
]
}
pt1 = {
server_desc = "* PeerTube"
ip_suffix = 20
tags = [
"resticservers",
"peertubeservers",
"pgsqlservers",
"webservers"
]
cpu_cores = 2
memory_dedicated = 2048
disk = [
{
size = "20G"
path = "/srv"
},
{
size = "5G"
path = "/var/lib/postgresql"
}
]
}
es1 = {
server_desc = "Elastic Search"
ip_suffix = 21
tags = [
"resticservers",
"elasticsearchservers"
]
memory_dedicated = 1024
start_on_boot = true
disk = [{
size = "10G"
path = "/srv"
}]
}
}

31
variables.tf
View File

@@ -1,3 +1,34 @@
variable "HOME" { variable "HOME" {
type = string type = string
} }
variable "lxc_containers" {
description = "Complete declarative description of a machine"
type = map(object({
server_desc = string
ip_suffix = number
cpu_cores = optional(number, 1)
memory_dedicated = optional(number, 256)
tags = optional(list(string), [])
unprivileged = optional(bool, true)
started = optional(bool, true)
start_on_boot = optional(bool, false)
debian_tmpl = optional(string, "local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst")
disk = optional(list(object({
path = string
size = string
})), [])
features = optional(object({
nesting = bool
fuse = bool
keyctl = bool
mount = list(string)
}),
{
nesting = true
fuse = null
keyctl = null
mount = null
})
}))
}