mafyuh/iac
Archived
1
0
Fork 0
Code Issues6 Pull requests9 Projects1 Wiki Activity Actions

major overhaul, preparing for kubernetes migration

Browse source
This commit is contained in:
Matt Reeves 2025-02-01 00:32:16 -05:00
parent 57b8c88d71
commit b253a124e8
24 changed files with 649 additions and 575 deletions

39
.forgejo/workflows/tofu.yml
View file

@ -23,54 +23,33 @@ jobs:
access_token: ${{ secrets.BW_ACCESS_TOKEN }}
base_url: https://vault.bitwarden.com
secrets: |
c65f8886-f6fb-4c17-bc79-b208000604bf > arrbuntu_ip_address
2dae51bd-bd65-474c-971c-b20800f22afa > aws_access_key_id
287c852d-f2b5-467d-bfc4-b20800f25f52 > aws_secret_access_key
a54974b8-c6b3-4df7-9042-b20800064050 > downloaders_ip_address
3b222376-ccd9-4f44-a4b4-b222001af68a > grafana_auth
030fbb6a-3b6d-40dc-9c26-b222001b0fb6 > grafana_url
dacbeafa-c671-4b9c-9334-b2080006f75b > init_password
9ceabbd0-6492-4674-9bab-b2080006e333 > init_username
0bc3c1a3-fc48-48ce-85c5-b2080007136a > kasm_ip
63ca1819-5090-4e30-9dba-b20800072718 > kasm_ssh_ip
47ef68aa-32a9-45b0-835d-b2080006ce38 > npm_ip_address
d0c7f3ec-8277-4b1b-9a1b-b2080006b842 > prox_ip_address
17ab7869-c7a1-4ece-8c64-b20800075213 > pve2_ip_address
f8f85ab2-5f6d-46a7-9e06-b20800076d26 > s3_endpoint
68f1d77d-4e96-498a-9464-b208000679a4 > ssh_password
d0762ced-73de-4f30-aa1c-b20800069536 > ssh_username
d8017351-7a11-42e6-9e8d-b208000739b8 > ubu_ip_address
1d250f4a-ae18-4e19-934c-b2080005e132 > virtual_environment_api
a4ed343a-bb92-4beb-a421-b2080005bf98 > virtual_environment_endpoint
af0ed579-05f8-405f-b0f3-b208000620ca > vlan_gateway
b6dac092-df23-4e28-8449-b2770059096d > kube_config
- name: Create tfvars file
working-directory: ./terraform
run: |
cat <<EOF > terraform.tfvars
arrbuntu_ip_address = "${{ steps.bitwarden-secrets.outputs.arrbuntu_ip_address }}"
aws_access_key_id = "${{ steps.bitwarden-secrets.outputs.aws_access_key_id }}"
aws_secret_access_key = "${{ steps.bitwarden-secrets.outputs.aws_secret_access_key }}"
downloaders_ip_address = "${{ steps.bitwarden-secrets.outputs.downloaders_ip_address }}"
grafana_auth = "${{ steps.bitwarden-secrets.outputs.grafana_auth }}"
grafana_url = "${{ steps.bitwarden-secrets.outputs.grafana_url }}"
init_password = "${{ steps.bitwarden-secrets.outputs.init_password }}"
init_username = "${{ steps.bitwarden-secrets.outputs.init_username }}"
kasm_ip = "${{ steps.bitwarden-secrets.outputs.kasm_ip }}"
kasm_ssh_ip = "${{ steps.bitwarden-secrets.outputs.kasm_ssh_ip }}"
npm_ip_address = "${{ steps.bitwarden-secrets.outputs.npm_ip_address }}"
prox_ip_address = "${{ steps.bitwarden-secrets.outputs.prox_ip_address }}"
pve2_ip_address = "${{ steps.bitwarden-secrets.outputs.pve2_ip_address }}"
s3_endpoint = "${{ steps.bitwarden-secrets.outputs.s3_endpoint }}"
ssh_password = "${{ steps.bitwarden-secrets.outputs.ssh_password }}"
ssh_username = "${{ steps.bitwarden-secrets.outputs.ssh_username }}"
ubu_ip_address = "${{ steps.bitwarden-secrets.outputs.ubu_ip_address }}"
virtual_environment_api = "${{ steps.bitwarden-secrets.outputs.virtual_environment_api }}"
virtual_environment_endpoint = "${{ steps.bitwarden-secrets.outputs.virtual_environment_endpoint }}"
vlan_gateway = "${{ steps.bitwarden-secrets.outputs.vlan_gateway }}"
EOF
- name: Make Kube directory
run: |
mkdir ~/.kube
- name: Create Kube Config
run: |
printf "%s" "${{ steps.bitwarden-secrets.outputs.kube_config }}" > ~/.kube/config
- name: Setup OpenTofu
uses: https://github.com/opentofu/setup-opentofu@v1.0.5

0
automations/README.md
View file

302
docker/README.md
View file

@ -1,301 +1 @@
[![Yamllint](https://git.mafyuh.dev/mafyuh/iac/badges/workflows/yamllint.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/iac/actions)
[![Yamllint](https://git.mafyuh.dev/mafyuh/iac/badges/workflows/CD.yml/badge.svg)](https://git.mafyuh.dev/mafyuh/iac/actions)
[![Renovate](https://git.mafyuh.dev/renovatebot/renovate/badges/workflows/renovate.yml/badge.svg)](https://git.mafyuh.dev/renovatebot/renovate/actions)
[![Pulls](https://git.mafyuh.dev/mafyuh/iac/badges/pulls.svg)](https://git.mafyuh.dev/mafyuh/iac/pulls)
![Header Image](https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/header_.png)
<div align="center">
Homelab docker-compose environment defined in code. Using Forgejo Actions and Renovate bot for CI, AWX Tower and Forgejo Actions for CD. This is how I keep my Homelab UTD.
</div>
<p align="center">
<a href="https://git.mafyuh.dev/mafyuh/iac/wiki">Wiki</a> |
<a href="https://loganmarchione.com/2022/10/how-to-run-renovate-on-a-self-hosted-gitea-and-drone-instance/">How to Setup</a> |
<a href="https://mafyuh.com">Blog</a> |
<a href="https://www.youtube.com/watch?v=5CkCr9U_Q1Y">Inspiration</a> |
<a href="https://git.mafyuh.dev/mafyuh/IaC-Homelab">Infrastructure</a>
</p>
<div align="center">
| Hypervisor | OS | Tools | VPS (arm) | Firewall |
|---|---|---|---|---|
| [![Proxmox](https://img.shields.io/badge/-Proxmox-%23c9d1d9?logo=Proxmox)](https://www.proxmox.com) | [![Ubuntu](https://img.shields.io/badge/Ubuntu_22.04-%23c9d1d9?&logo=ubuntu&logoColor=red)](https://releases.ubuntu.com/jammy/) [![Ubuntu](https://img.shields.io/badge/Ubuntu_24-%23c9d1d9?&logo=ubuntu&logoColor=red)](https://releases.ubuntu.com/noble/) | [![Forgejo](https://img.shields.io/badge/-Forgejo-%23c9d1d9?logo=forgejo&logoColor=orange)](https://forgejo.org/) [![Docker](https://img.shields.io/badge/-Docker-%23c9d1d9?logo=docker)](https://www.docker.com/) | [![Oracle](https://img.shields.io/badge/-Oracle_Cloud-%23c9d1d9?logo=oracle&logoColor=red)](https://www.oracle.com/cloud/) | [![pfSense](https://img.shields.io/badge/-pfSense-%23c9d1d9?logo=pfsense&logoColor=blue)](https://www.pfsense.org/) |
</div>
<div align="center">
## Apps in Repo:
<table>
<tr>
<th>Logo</th>
<th>Name</th>
<th>Description</th>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/adguardhome.svg"></td>
<td><a href="https://adguard.com/en/adguard-home/overview.html">AdGuard Home</a></td>
<td>Network Wide DNS adblock as well as my DNS server (2/2)</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/adguardhomesync-icon.png"></td>
<td><a href="https://docs.linuxserver.io/images/docker-adguardhome-sync/">AdGuard Home Sync</a></td>
<td>Syncs my instances of Adguard</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/authentik.svg"></td>
<td><a href="https://goauthentik.io/">authentik</a></td>
<td>Open Source Identity Provider </td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/bazarr.svg"></td>
<td><a href="https://www.bazarr.media/">Bazarr</a></td>
<td>Downloads subtitles for Radarr/Sonarr</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/cloudflare.svg"></td>
<td><a href="https://www.cloudflare.com/products/tunnel/">Cloudflare Tunnels</a></td>
<td>How I expose some of these services</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/kiranshila/Doplarr/main/logos/logo.svg"></td>
<td><a href="https://github.com/kiranshila/Doplarr">Doplarr</a></td>
<td>Allows my users to request content through Discord if they choose</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/FlareSolverr/FlareSolverr/master/resources/flaresolverr_logo.svg"></td>
<td><a href="https://github.com/FlareSolverr/FlareSolverr">FlareSolverr</a></td>
<td>Proxy server to bypass Cloudflare and DDoS-GUARD protection</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/forgejo.svg"></td>
<td><a href="https://forgejo.org/">Forgejo</a></td>
<td>This site</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/forgejo.svg"></td>
<td><a href="https://code.forgejo.org/forgejo/runner">Forgejo Runner</a></td>
<td>Runs CI/CD tasks Yamllint and Renovatebot and CD through AWX</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/gotify.svg"></td>
<td><a href="https://gotify.net/">Gotfiy</a></td>
<td>Self hosted notification service</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/homarr.svg"></td>
<td><a href="https://homarr.dev/docs/getting-started/installation/">Homarr</a></td>
<td>Homelab dashboard that integrates with the arr's so I see data in 1 place</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/jellyfin.svg"></td>
<td><a href="https://github.com/jellyfin/jellyfin">Jellyfin</a></td>
<td>Open Source Streaming Service for home media like Plex</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/jellyseerr.svg"></td>
<td><a href="https://github.com/Fallenbagel/jellyseerr">Jellyseerr</a></td>
<td>Request platform for my Jellyfin user's to request content</a></td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/docker.svg"></td>
<td><a href="https://github.com/hrfee/jfa-go">jfa-go</a></td>
<td>Used for some PPV/Live TV automations to create users for certain periods of time</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/kasm.svg"></td>
<td><a href="https://docs.linuxserver.io/images/docker-kasm/">Kasm</a></td>
<td>Docker container streaming platform for browser-based access to desktops, applications, and web services</a></td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/lidarr.svg"></td>
<td><a href="https://wiki.servarr.com/en/lidarr">Lidarr</a></td>
<td>Music Collection Manager</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/LinkStackOrg/branding/main/logo/svg/logo_animated.svg"></td>
<td><a href="https://github.com/LinkStackOrg/linkstack-docker">LinkStack</a></td>
<td>Creating a static links page for my Jellyfin users</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,w_60,h_60/https://dashboard.snapcraft.io/site_media/appmedia/2020/03/makemkv.png"></td>
<td><a href="https://github.com/jlesage/docker-makemkv">MakeMKV</a></td>
<td>Used to rip Bluray's with my LG BU40N drive </td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://avatars.githubusercontent.com/u/31035808?s=200&v=4"></td>
<td><a href="https://docs.mindsdb.com/what-is-mindsdb">mindsdb</a></td>
<td>Connects Ollama models to 100+ different databases, easy to use.</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/nbxyz-logo.svg"></td>
<td><a href="https://netboot.xyz/">Netboot.xyz</a></td>
<td>Network boot instead of using my ventoy USB</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/nginxproxymanager.svg"></td>
<td><a href="https://nginxproxymanager.com/">Nginx Proxy Manager</a></td>
<td>Reverse Proxy used for its simplicity (1/3)</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/n8n.svg"></td>
<td><a href="https://n8n.io">n8n</a></td>
<td>Self hosted automation platform, Zapier alternative, switched from ActivePieces</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://ollama.com/public/ollama.png"></td>
<td><a href="https://ollama.com/">Ollama</a></td>
<td>Easiest way to run LLM's on your own hardware</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://github.com/open-webui/open-webui/blob/main/static/favicon.png?raw=true"></td>
<td><a href="https://github.com/open-webui/open-webui">open-webui</a></td>
<td>Creates a ChatGPT like web interface for talking to Ollama models</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/portainer.svg"></td>
<td><a href="https://github.com/portainer/portainer">Portainer</a></td>
<td>Web-based management for learning Kubernetes, I learned Docker this way and will Kub as well</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/prowlarr.svg"></td>
<td><a href="https://prowlarr.com/">Prowlarr</a></td>
<td>Searches indexers for Radarr/Sonarr</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/qbittorrent.svg"></td>
<td><a href="https://github.com/binhex/arch-qbittorrentvpn">qBittorrent VPN</a></td>
<td>Modified qBittorrent with VPN killswitch enabled</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/radarr.svg"></td>
<td><a href="https://radarr.video/">Radarr</a></td>
<td>Movie Collection Manager</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/sabnzbd.svg"></td>
<td><a href="https://sabnzbd.org/">Sabnzbd</a></td>
<td>Usenet downloader to download content</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/sonarr.svg"></td>
<td><a href="https://wiki.servarr.com/sonarr">Sonarr</a></td>
<td>Radarr, but for TV Shows</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://www.gravatar.com/avatar/614e0f6491dbb293e540190b02b3024e?s=120&r=g&d=404"></td>
<td><a href="https://hub.docker.com/r/sonatype/nexus3/">Sonatype Nexus</a></td>
<td>Self-hosted Docker registry to help lower Docker pulls</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/syncthing.svg"></td>
<td><a href="https://syncthing.net/">Syncthing</a></td>
<td>How I backup all config files, following 3-2-1 backup procedure</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://play-lh.googleusercontent.com/GBhNhKgjfy6i6Ucc0hyB-79WmcV7LvKSfGSy8iStFdZSaLioKQp5rPWjqsh2YFRRZsE1"></td>
<td><a href="https://twingate.com">Twingate Connectors</a></td>
<td>Main VPN between homelab and cloud VPS's</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/uptimekuma.svg"></td>
<td><a href="https://github.com/louislam/uptime-kuma">Uptime Kuma</a></td>
<td>Self hosted service uptime tracker</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/openai-black.svg"></td>
<td><a href="https://github.com/ahmetoner/whisper-asr-webservice">Whisper</a></td>
<td>AI Model that I use to generate subtitles for Bazarr when they can't be found</td>
</tr>
</table>
</div>
<div align="center">
## Apps not yet in repo:
<table>
<tr>
<th>Logo</th>
<th>Name</th>
<th>Description</th>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/ansible-black.svg"></td>
<td><a href="https://github.com/ansible/awx">AWX (Ansible Tower)</a></td>
<td>Used to easily run Ansible playbooks on all my VM's, and now CD for this repo, installed on K3s</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/grafana.svg"></td>
<td><a href="https://hub.docker.com/r/grafana/grafana-oss">Grafana</a></td>
<td>Monitoring for various services</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/wordpress.svg"></td>
<td><a href="https://wordpress.org/">Wordpress</a></td>
<td>WooCommerce store setup for JF PPV access</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://upload.wikimedia.org/wikipedia/commons/3/31/Apache_Guacamole_logo.png"></td>
<td><a href="https://guacamole.apache.org/">Guacamole</a></td>
<td>Remote access in browser via SSH, RDP, VNC, etc</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/homeassistant.svg"></td>
<td><a href="https://www.home-assistant.io/">Home Assistant</a></td>
<td>Slowly migrating over to Home Assistant from Google Home</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/plausible.svg"></td>
<td><a href="https://plausible.io/">Plausible</a></td>
<td>Analytics tracker for certain websites (Blog)</td>
</tr>
<tr>
<td><img vertical-align=baseline width="32" src="https://raw.githubusercontent.com/Mafyuh/homelab-svg-assets/main/assets/wazuh.svg"></td>
<td><a href="https://wazuh.com/">wazuh</a></td>
<td>Security platform monitoring everything with agents installed on all VM's</td>
</tr>
</table>
</div>
<div align="center">
## Full Workflow Chart
</div>
```mermaid
graph TD
A1((Renovate Bot Scans for Updates)) --> A2{Updates Found?}
A2 -- Yes --> B[Make PR]
A2 -- No --> C(End)
B --> D{PR Merged?}
D -- No --> E(End)
subgraph Handle Merged PR
D -- Yes --> F[Extract Host]
F --> G[SSH to Host Machine]
G --> H[Git Pull & Docker Compose Up]
H --> I(End)
end
subgraph Notification on PR Creation
B --> P[Notify via Gotify]
end
subgraph Release Notes Handling
Q((PR Webhook Received)) --> R{PR Open?}
R -- No --> S(End)
R -- Yes --> T[Hit GitHub API for Release Notes]
T --> U[Extract PR Number from webhook]
U --> W[API Call to Foregjo to leave Release Notes]
W --> S
end
P --> Q
```

116
packer/debian/debian-11-2.pkr.hcl Normal file
View file

@ -0,0 +1,116 @@
packer {
required_plugins {
name = {
version = "~> 1"
source = "github.com/hashicorp/proxmox"
}
}
}
variable "proxmox_api_url" {
type = string
}
variable "proxmox_api_token_id" {
type = string
}
variable "proxmox_api_token_secret" {
type = string
sensitive = true
}
# Resource Definiation for the VM Template
source "proxmox-clone" "debian2" {
# Proxmox Connection Settings
proxmox_url = "${var.proxmox_api_url}"
username = "${var.proxmox_api_token_id}"
token = "${var.proxmox_api_token_secret}"
insecure_skip_tls_verify = true
# VM General Settings
node = "pve2"
clone_vm_id = "8105"
vm_id = "9999"
vm_name = "debian-template"
template_description = "Debian Bullseye"
# VM System Settings
qemu_agent = true
# VM Hard Disk Settings
scsi_controller = "virtio-scsi-pci"
disks {
disk_size = "3G"
format = "raw"
storage_pool = "Fast500Gb"
type = "scsi"
}
# VM CPU Settings
cores = "2"
cpu_type = "x86-64-v2-AES"
# VM Memory Settings
memory = "2048"
# VM Network Settings
network_adapters {
model = "virtio"
bridge = "vmbr0"
firewall = "false"
}
ssh_username = "mafyuh"
# WSL Filesystem
ssh_private_key_file = "~/.ssh/id_rsa"
}
build {
name = "debian"
sources = ["source.proxmox-clone.debian2"]
## Cleanup for re-template
provisioner "shell" {
inline = [
"while [ ! -f /var/lib/cloud/instance/boot-finished ]; do echo 'Waiting for cloud-init...'; sleep 1; done",
"sudo rm /etc/ssh/ssh_host_*",
"sudo truncate -s 0 /etc/machine-id",
"sudo apt -y autoremove --purge",
"sudo apt -y clean",
"sudo apt -y autoclean",
"sudo cloud-init clean",
"sudo rm -f /var/lib/dbus/machine-id",
"sudo rm -f /var/lib/systemd/random-seed",
"sudo rm -f /etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg",
"sudo rm -f /etc/netplan/00-installer-config.yaml",
"sudo sync"
]
}
provisioner "file" {
source = "files/pve.cfg"
destination = "/tmp/pve.cfg"
}
provisioner "shell" {
inline = [ "sudo cp /tmp/pve.cfg /etc/cloud/cloud.cfg.d/pve.cfg" ]
}
provisioner "shell" {
inline = [
"sudo apt-get update",
"sudo apt-get -y upgrade"
]
}
}

116
packer/debian/debian-11.pkr.hcl Normal file
View file

@ -0,0 +1,116 @@
packer {
required_plugins {
name = {
version = "~> 1"
source = "github.com/hashicorp/proxmox"
}
}
}
variable "proxmox_api_url" {
type = string
}
variable "proxmox_api_token_id" {
type = string
}
variable "proxmox_api_token_secret" {
type = string
sensitive = true
}
# Resource Definiation for the VM Template
source "proxmox-clone" "debian" {
# Proxmox Connection Settings
proxmox_url = "${var.proxmox_api_url}"
username = "${var.proxmox_api_token_id}"
token = "${var.proxmox_api_token_secret}"
insecure_skip_tls_verify = true
# VM General Settings
node = "prox"
clone_vm_id = "8104"
vm_id = "9998"
vm_name = "debian-template"
template_description = "Debian Bullseye"
# VM System Settings
qemu_agent = true
# VM Hard Disk Settings
scsi_controller = "virtio-scsi-pci"
disks {
disk_size = "3G"
format = "raw"
storage_pool = "Fast2Tb"
type = "scsi"
}
# VM CPU Settings
cores = "2"
cpu_type = "x86-64-v2-AES"
# VM Memory Settings
memory = "2048"
# VM Network Settings
network_adapters {
model = "virtio"
bridge = "vmbr0"
firewall = "false"
}
ssh_username = "mafyuh"
# WSL Filesystem
ssh_private_key_file = "~/.ssh/id_rsa"
}
build {
name = "debian"
sources = ["source.proxmox-clone.debian"]
## Cleanup for re-template
provisioner "shell" {
inline = [
"while [ ! -f /var/lib/cloud/instance/boot-finished ]; do echo 'Waiting for cloud-init...'; sleep 1; done",
"sudo rm /etc/ssh/ssh_host_*",
"sudo truncate -s 0 /etc/machine-id",
"sudo apt -y autoremove --purge",
"sudo apt -y clean",
"sudo apt -y autoclean",
"sudo cloud-init clean",
"sudo rm -f /var/lib/dbus/machine-id",
"sudo rm -f /var/lib/systemd/random-seed",
"sudo rm -f /etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg",
"sudo rm -f /etc/netplan/00-installer-config.yaml",
"sudo sync"
]
}
provisioner "file" {
source = "files/pve.cfg"
destination = "/tmp/pve.cfg"
}
provisioner "shell" {
inline = [ "sudo cp /tmp/pve.cfg /etc/cloud/cloud.cfg.d/pve.cfg" ]
}
provisioner "shell" {
inline = [
"sudo apt-get update",
"sudo apt-get -y upgrade"
]
}
}

1
packer/debian/files/pve.cfg Normal file
View file

@ -0,0 +1 @@
datasource_list: [ConfigDrive, NoCloud]

7
terraform/README.md
View file

@ -1,6 +1,3 @@
[![OpenTofu](https://img.shields.io/badge/OpenTofu-v1.7.1-blue)](https://github.com/opentofu/opentofu)
<div align="center">
# IaC
@ -10,9 +7,5 @@ Infrastructure as Code (IaC) for my homelab using OpenTofu.
</div>
## Overview
This repository manages the infrastructure for my homelab using OpenTofu and Proxmox.

20
terraform/flux/main.tf Normal file
View file

@ -0,0 +1,20 @@
data "bitwarden-secrets_secret" "git_flux_password" {
id = "e507c0be-cc1e-4d5b-90a7-b2710067c651"
}
provider "flux" {
kubernetes = {
config_path = "~/.kube/config"
}
git = {
url = "https://git.mafyuh.dev/mafyuh/k3s"
http = {
username = "mafyuh"
password = data.bitwarden-secrets_secret.git_flux_password.value
}
}
}
resource "flux_bootstrap_git" "flux" {
path = "cluster/production"
}

12
terraform/flux/provider.tf Normal file
View file

@ -0,0 +1,12 @@
terraform {
required_providers {
flux = {
source = "fluxcd/flux"
version = "1.4.0"
}
bitwarden-secrets = {
source = "sebastiaan-dev/bitwarden-secrets"
version = "0.1.2"
}
}
}

50
terraform/main.tf
View file

@ -24,51 +24,53 @@ terraform {
source = "bpg/proxmox"
version = "0.70.0"
}
bitwarden-secrets = {
source = "sebastiaan-dev/bitwarden-secrets"
version = "0.1.2"
}
flux = {
source = "fluxcd/flux"
version = "1.4.0"
}
}
}
provider "bitwarden-secrets" {
access_token = var.access_token
}
provider "proxmox" {
endpoint = var.virtual_environment_endpoint
password = var.ssh_password
endpoint = data.bitwarden-secrets_secret.virtual_environment_endpoint.value
password = data.bitwarden-secrets_secret.ssh_password.value
username = "root@pam"
insecure = true
ssh {
agent = true
username = "root"
password = var.ssh_password
password = data.bitwarden-secrets_secret.ssh_password.value
node {
name = "prox"
address = var.prox_ip_address
address = data.bitwarden-secrets_secret.prox_ip_address.value
}
node {
name = "pve2"
address = var.pve2_ip_address
address = data.bitwarden-secrets_secret.pve2_ip_address.value
}
}
}
module "proxmox" {
source = "./proxmox"
providers = {
proxmox = proxmox
}
}
virtual_environment_endpoint = var.virtual_environment_endpoint
virtual_environment_api = var.virtual_environment_api
arrbuntu_ip_address = var.arrbuntu_ip_address
vlan_gateway = var.vlan_gateway
downloaders_ip_address = var.downloaders_ip_address
ssh_password = var.ssh_password
ssh_username = var.ssh_username
prox_ip_address = var.prox_ip_address
npm_ip_address = var.npm_ip_address
init_username = var.init_username
init_password = var.init_password
kasm_ip = var.kasm_ip
kasm_ssh_ip = var.kasm_ssh_ip
ubu_ip_address = var.ubu_ip_address
pve2_ip_address = var.pve2_ip_address
s3_endpoint = var.s3_endpoint
aws_secret_access_key = var.aws_secret_access_key
aws_access_key_id = var.aws_access_key_id
}
module "flux" {
source = "./flux"
}

6
terraform/proxmox/arrbuntu.tf
View file

@ -8,7 +8,7 @@ resource "proxmox_virtual_environment_vm" "Arrbuntu" {
tags = ["tofu", "ubuntu-22", "auto-homelab-repo", "infrastructure"]
agent {
enabled = true # read 'Qemu guest agent' section, change to true only when ready
enabled = true
}
clone {
@ -47,8 +47,8 @@ resource "proxmox_virtual_environment_vm" "Arrbuntu" {
initialization {
ip_config {
ipv4 {
address = var.arrbuntu_ip_address
gateway = var.vlan_gateway
address = data.bitwarden-secrets_secret.arrbuntu_ip.value
gateway = data.bitwarden-secrets_secret.vlan_gateway.value
}
}

45
terraform/proxmox/debian-base.tf Normal file
View file

@ -0,0 +1,45 @@
resource "proxmox_virtual_environment_vm" "Debian-Base" {
name = "debian-base"
node_name = "prox"
vm_id = 8104
tags = ["tofu"]
template = true
started = false
disk {
datastore_id = "Fast2Tb"
# See https://www.reddit.com/r/Proxmox/comments/1058ko7/comment/j3s4vli/ for how to inject qemu into base image
# virt-customize -a debian-11-generic-amd64-20241202-1949.img --install qemu-guest-agent
file_id = "local:iso/debian-11-generic-amd64-20241202-1949.img"
interface = "virtio0"
size = 3
}
agent {
enabled = true
}
initialization {
ip_config {
ipv4 {
address = "dhcp"
}
}
}
serial_device {}
network_device {
bridge = "vmbr0"
}
vga {
type = "serial0"
}
cpu {
cores = 2
type = "host"
architecture = "x86_64"
}
}

45
terraform/proxmox/debian-base2.tf Normal file
View file

@ -0,0 +1,45 @@
resource "proxmox_virtual_environment_vm" "Debian-Base2" {
name = "debian-base"
node_name = "pve2"
vm_id = 8105
tags = ["tofu"]
template = true
started = false
disk {
datastore_id = "Fast500Gb"
# See https://www.reddit.com/r/Proxmox/comments/1058ko7/comment/j3s4vli/ for how to inject qemu into base image
# virt-customize -a debian-11-generic-amd64-20241202-1949.img --install qemu-guest-agent
file_id = "local:iso/debian-11-generic-amd64-20241202-1949.img"
interface = "virtio0"
size = 3
}
agent {
enabled = true
}
initialization {
ip_config {
ipv4 {
address = "dhcp"
}
}
}
serial_device {}
network_device {
bridge = "vmbr0"
}
vga {
type = "serial0"
}
cpu {
cores = 2
type = "host"
architecture = "x86_64"
}
}

67
terraform/proxmox/k3s-master1.tf Normal file
View file

@ -0,0 +1,67 @@
resource "proxmox_virtual_environment_vm" "K3s-Master1" {
# VM General Settings
node_name = "prox"
vm_id = 329
name = "K3s-Master1"
description = "Kubernetes master"
tags = ["tofu", "debian", "infrastructure", "k3s"]
started = true
agent {
enabled = true # read 'Qemu guest agent' section, change to true only when ready
}
clone {
vm_id = 9998
}
# VM CPU Settings
cpu {
cores = 4
type = "host"
architecture = "x86_64"
}
# VM Memory Settings
memory {
dedicated = 8192
}
# VM Network Settings
network_device {
bridge = "vmbr0"
vlan_id = 1
}
# VM Disk Settings
disk {
datastore_id = "Fast2Tb"
size = 300
interface = "virtio0"
}
vga {
type = "serial0"
}
initialization {
ip_config {
ipv4 {
address = "dhcp"
}
}
user_data_file_id = proxmox_virtual_environment_file.cloud_config.id
}
lifecycle {
ignore_changes = [
initialization[0].user_account[0].keys,
initialization[0].user_account[0].password,
initialization[0].user_account[0].username,
initialization[0].user_data_file_id
]
}
}

67
terraform/proxmox/k3s-master2.tf Normal file
View file

@ -0,0 +1,67 @@
resource "proxmox_virtual_environment_vm" "K3s-Master2" {
# VM General Settings
node_name = "pve2"
vm_id = 321
name = "K3s-Master2"
description = "Kubernetes Master"
tags = ["tofu", "debian", "infrastructure", "k3s"]
started = true
agent {
enabled = true # read 'Qemu guest agent' section, change to true only when ready
}
clone {
vm_id = 9999
}
# VM CPU Settings
cpu {
cores = 4
type = "host"
architecture = "x86_64"
}
# VM Memory Settings
memory {
dedicated = 8192
}
# VM Network Settings
network_device {
bridge = "vmbr0"
vlan_id = 1
}
# VM Disk Settings
disk {
datastore_id = "Fast500Gb"
size = 100
interface = "virtio0"
}
vga {
type = "serial0"
}
initialization {
ip_config {
ipv4 {
address = "dhcp"
}
}
user_data_file_id = proxmox_virtual_environment_file.cloud_config2.id
}
lifecycle {
ignore_changes = [
initialization[0].user_account[0].keys,
initialization[0].user_account[0].password,
initialization[0].user_account[0].username,
initialization[0].user_data_file_id
]
}
}

67
terraform/proxmox/k3s-master3.tf Normal file
View file

@ -0,0 +1,67 @@
resource "proxmox_virtual_environment_vm" "K3s-Master3" {
# VM General Settings
node_name = "prox"
vm_id = 330
name = "K3s-Master3"
description = "Kubernetes master"
tags = ["tofu", "debian", "infrastructure", "k3s"]
started = true
agent {
enabled = true # read 'Qemu guest agent' section, change to true only when ready
}
clone {
vm_id = 9998
}
# VM CPU Settings
cpu {
cores = 4
type = "host"
architecture = "x86_64"
}
# VM Memory Settings
memory {
dedicated = 8192
}
# VM Network Settings
network_device {
bridge = "vmbr0"
vlan_id = 1
}
# VM Disk Settings
disk {
datastore_id = "Fast2Tb"
size = 100
interface = "virtio0"
}
vga {
type = "serial0"
}
initialization {
ip_config {
ipv4 {
address = "dhcp"
}
}
user_data_file_id = proxmox_virtual_environment_file.cloud_config.id
}
lifecycle {
ignore_changes = [
initialization[0].user_account[0].keys,
initialization[0].user_account[0].password,
initialization[0].user_account[0].username,
initialization[0].user_data_file_id
]
}
}

4
terraform/proxmox/kasm.tf
View file

@ -44,8 +44,8 @@ resource "proxmox_virtual_environment_vm" "Kasm" {
initialization {
ip_config {
ipv4 {
address = var.kasm_ip
gateway = var.vlan_gateway
address = data.bitwarden-secrets_secret.kasm_ip.value
gateway = data.bitwarden-secrets_secret.vlan_gateway.value
}
}

4
terraform/proxmox/npm.tf
View file

@ -47,8 +47,8 @@ resource "proxmox_virtual_environment_vm" "NPM" {
initialization {
ip_config {
ipv4 {
address = var.npm_ip_address
gateway = var.vlan_gateway
address = data.bitwarden-secrets_secret.npm_ip_address.value
gateway = data.bitwarden-secrets_secret.vlan_gateway.value
}
}

27
terraform/proxmox/provider.tf
View file

@ -4,28 +4,9 @@ terraform {
source = "bpg/proxmox"
version = "0.70.0"
}
}
}
provider "proxmox" {
endpoint = var.virtual_environment_endpoint
password = var.ssh_password
username = "root@pam"
insecure = true
ssh {
agent = true
username = "root"
password = var.ssh_password
node {
name = "prox"
address = var.prox_ip_address
}
node {
name = "pve2"
address = var.pve2_ip_address
bitwarden-secrets = {
source = "sebastiaan-dev/bitwarden-secrets"
version = "0.1.2"
}
}
}
}

19
terraform/proxmox/secrets.tf Normal file
View file

@ -0,0 +1,19 @@
data "bitwarden-secrets_secret" "npm_ip_address" {
id = "47ef68aa-32a9-45b0-835d-b2080006ce38"
}
data "bitwarden-secrets_secret" "kasm_ip" {
id = "0bc3c1a3-fc48-48ce-85c5-b2080007136a"
}
data "bitwarden-secrets_secret" "vlan_gateway" {
id = "af0ed579-05f8-405f-b0f3-b208000620ca"
}
data "bitwarden-secrets_secret" "ubu_ip" {
id = "d8017351-7a11-42e6-9e8d-b208000739b8"
}
data "bitwarden-secrets_secret" "arrbuntu_ip" {
id = "c65f8886-f6fb-4c17-bc79-b208000604bf"
}

4
terraform/proxmox/ubu.tf
View file

@ -47,8 +47,8 @@ resource "proxmox_virtual_environment_vm" "Ubu" {
initialization {
ip_config {
ipv4 {
address = var.ubu_ip_address
gateway = var.vlan_gateway
address = data.bitwarden-secrets_secret.ubu_ip.value
gateway = data.bitwarden-secrets_secret.vlan_gateway.value
}
}

93
terraform/proxmox/variables.tf
View file

@ -1,93 +0,0 @@
# Define each required variable
variable "arrbuntu_ip_address" {
description = "IP address for Arrbuntu VM"
type = string
}
variable "init_username" {
description = "Username for initial configuration"
type = string
}
variable "downloaders_ip_address" {
description = "IP address for Downloaders VM"
type = string
}
variable "npm_ip_address" {
description = "IP address for NPM VM"
type = string
}
variable "prox_ip_address" {
description = "IP address for Proxmox server"
type = string
}
variable "kasm_ssh_ip" {
description = "IP address for Kasm SSH"
type = string
}
variable "aws_secret_access_key" {
description = "AWS Secret Access Key"
type = string
sensitive = true
}
variable "vlan_gateway" {
description = "Gateway IP for VLAN"
type = string
}
variable "virtual_environment_endpoint" {
description = "Endpoint for virtual environment API"
type = string
}
variable "kasm_ip" {
description = "IP address for Kasm"
type = string
}
variable "ssh_username" {
description = "Username for SSH access"
type = string
}
variable "init_password" {
description = "Password for initial configuration"
type = string
sensitive = true
}
variable "aws_access_key_id" {
description = "AWS Access Key ID"
type = string
}
variable "pve2_ip_address" {
description = "IP address for PVE2 Proxmox server"
type = string
}
variable "s3_endpoint" {
description = "Endpoint for S3 storage"
type = string
}
variable "ubu_ip_address" {
description = "IP address for Ubu VM"
type = string
}
variable "virtual_environment_api" {
description = "API endpoint for virtual environment"
type = string
}
variable "ssh_password" {
description = "Password for SSH access"
type = string
sensitive = true
}

19
terraform/secrets.tf Normal file
View file

@ -0,0 +1,19 @@
data "bitwarden-secrets_secret" "virtual_environment_endpoint" {
id = "a4ed343a-bb92-4beb-a421-b2080005bf98"
}
data "bitwarden-secrets_secret" "virtual_environment_api" {
id = "1d250f4a-ae18-4e19-934c-b2080005e132"
}
data "bitwarden-secrets_secret" "ssh_password" {
id = "68f1d77d-4e96-498a-9464-b208000679a4"
}
data "bitwarden-secrets_secret" "prox_ip_address" {
id = "d0c7f3ec-8277-4b1b-9a1b-b2080006b842"
}
data "bitwarden-secrets_secret" "pve2_ip_address" {
id = "17ab7869-c7a1-4ece-8c64-b20800075213"
}

94
terraform/variables.tf
View file

@ -1,96 +1,8 @@
# Define each required variable
variable "arrbuntu_ip_address" {
description = "IP address for Arrbuntu VM"
type = string
}
variable "init_username" {
description = "Username for initial configuration"
type = string
}
variable "downloaders_ip_address" {
description = "IP address for Downloaders VM"
type = string
}
variable "npm_ip_address" {
description = "IP address for NPM VM"
type = string
}
variable "prox_ip_address" {
description = "IP address for Proxmox server"
type = string
}
variable "kasm_ssh_ip" {
description = "IP address for Kasm SSH"
type = string
}
variable "aws_secret_access_key" {
description = "AWS Secret Access Key"
type = string
sensitive = true
}
variable "vlan_gateway" {
description = "Gateway IP for VLAN"
type = string
}
variable "virtual_environment_endpoint" {
description = "Endpoint for virtual environment API"
type = string
}
variable "kasm_ip" {
description = "IP address for Kasm"
type = string
}
variable "ssh_username" {
description = "Username for SSH access"
type = string
}
variable "init_password" {
description = "Password for initial configuration"
type = string
sensitive = true
}
variable "aws_access_key_id" {
description = "AWS Access Key ID"
type = string
}
variable "pve2_ip_address" {
description = "IP address for PVE2 Proxmox server"
type = string
}
variable "s3_endpoint" {
description = "Endpoint for S3 storage"
type = string
}
variable "ubu_ip_address" {
description = "IP address for Ubu VM"
type = string
}
variable "virtual_environment_api" {
description = "API endpoint for virtual environment"
type = string
}
variable "ssh_password" {
description = "Password for SSH access"
type = string
sensitive = true
}
variable "grafana_auth" {
description = "Service Account token"
@ -102,4 +14,10 @@ variable "grafana_url" {
description = "Grafana Url"
type = string
sensitive = true
}
variable "access_token" {
description = "Access Token for BWS"
type = string
sensitive = true
}