imfreedom/terraform
Clone
Summary
Browse
Changes
Graph
Update the tailscale api key
5 months ago, Gary Kramlich
f364b114c83e
Update the tailscale api key
variable
freebsd_amd64_count
{
default
=
0
}
variable
freebsd_amd64_volume_pool
{
default
=
"default"
}
variable
freebsd_amd64_ssh_pubkeys
{
default
=
[]
}
variable
freebsd_amd64_base_image
{
default
=
{
"name"
:
"freebsd-amd64-base"
,
"source"
:
"https://object-storage.public.mtl1.vexxhost.net/swift/v1/1dbafeefbd4f4c80864414a441e72dd2/bsd-cloud-image.org/images/freebsd/13.2/2023-04-22/ufs/freebsd-13.2-ufs-2023-04-22.qcow2"
,
"format"
:
"qcow2"
,
}}
variable
freebsd_amd64_volume_size
{
default
=
"10737418240"
}
# 10gb
variable
freebsd_amd64_memory_size
{
default
=
"1024"
}
# 1gb
variable
freebsd_amd64_cpu_count
{
default
=
"1"
}
variable
freebsd_amd64_network_name
{
default
=
"default"
}
data
"template_file"
"freebsd_amd64_cloudinit"
{
count
=
var.freebsd_amd64_count
template
=
<<
EOF
#cloud-config
fqdn: $${fqdn}
groups:
- admin
users:
- default
- name: admin
primary_group: admin
ssh_authorized_keys: $${admin_ssh_pubkeys}
sudo: ALL=(ALL) NOPASSWD:ALL
growpart:
mode: auto
devices:
- /
ignore_growroot_disabled: false
disable_root: true
# Uncomment this if you need to debug stuff
#disable_root: false
#chpasswd:
# expire: false
# users:
# - name: root
# password: abc123
# type: text
EOF
vars
=
{
"fqdn"
:
format
(
"%sfreebsd-amd64-%02d"
,
var.node_prefix
,
count.index
),
"admin_ssh_pubkeys"
:
jsonencode
(
var.freebsd_amd64_ssh_pubkeys
),
}
}
resource
"libvirt_cloudinit_disk"
"freebsd_amd64_cloudinit"
{
count
=
var.freebsd_amd64_count
name
=
format
(
"freebsd-amd64-%02d-cloudinit.iso"
,
count.index
)
pool
=
var.freebsd_amd64_volume_pool
user_data
=
element
(
data.template_file.freebsd_amd64_cloudinit
.
*
.
rendered
,
count.index
)
}
resource
"libvirt_volume"
"freebsd_amd64_base_image"
{
count
=
(
var.freebsd_amd64_count
>
0
?
1
:
0
)
pool
=
var.freebsd_amd64_volume_pool
name
=
format
(
"%s.%s", var.freebsd_amd64_base_image["name"], var.freebsd_amd64_base_image["format"
])
source
=
var.freebsd_amd64_base_image
[
"source"
]
format
=
var.freebsd_amd64_base_image
[
"format"
]
}
resource
"libvirt_volume"
"freebsd_amd64_image"
{
count
=
var.freebsd_amd64_count
pool
=
var.freebsd_amd64_volume_pool
name
=
format
(
"freebsd-amd64-%02d.%s", count.index, var.freebsd_amd64_base_image["format"
])
base_volume_id
=
libvirt_volume.freebsd_amd64_base_image[0].id
format
=
var.freebsd_amd64_base_image
[
"format"
]
size
=
var.freebsd_amd64_volume_size
}
resource
"libvirt_domain"
"freebsd_amd64"
{
count
=
var.freebsd_amd64_count
name
=
format
(
"freebsd-amd64-%02d"
,
count.index
)
cpu
{
mode
=
"host-passthrough"
}
memory
=
var.freebsd_amd64_memory_size
vcpu
=
var.freebsd_amd64_cpu_count
autostart
=
true
cloudinit
=
libvirt_cloudinit_disk.freebsd_amd64_cloudinit[count.index].id
console
{
type
=
"pty"
target_port
=
"0"
target_type
=
"serial"
}
disk
{
volume_id
=
libvirt_volume.freebsd_amd64_image[count.index].id
}
network_interface
{
network_name
=
var.freebsd_amd64_network_name
wait_for_lease
=
true
}
boot_device
{
dev
=
[
"hd"
]
}
lifecycle
{
ignore_changes
=
[
cmdline
,
network_interface.0.hostname
]
}
}
# Create the ansible inventory
resource
"local_file"
"freebsd_amd64_ansible_inventory"
{
count
=
"${var.freebsd_amd64_count > 0 ? 1 : 0 }"
content
=
"${join("\n"
,
formatlist
(
"%s ansible_ssh_common_args='-o ProxyJump=%s -o StrictHostKeyChecking=off' ansible_user=admin ansible_host=%s"
,
libvirt_domain.freebsd_amd64
.
*
.
name
,
# get the name of the libvirt_domain
regex
(
"(?:.*://([^/]+)/.*)"
,
var.libvirt_uri
)[
0
],
# pull the user and hostname out of the libvirt_uri.
flatten
(
libvirt_domain.freebsd_amd64
.
*
.
network_interface.0.addresses
)
# get the address of the first network interface.
)
)}
"
filename
=
"${path.module}/inventory.freebsd_amd64"
}
# Run ansible against the machines
resource
"null_resource"
"freebsd_amd64_ansible"
{
count
=
"${var.freebsd_amd64_count > 0 ? 1 : 0 }"
triggers
=
{
hosts
=
"${sha1(local_file.freebsd_amd64_ansible_inventory.0.content)}"
ansible
=
"${data.archive_file.ansible_scripts.output_sha}"
}
provisioner
"local-exec"
{
command
=
"${join(" "
,
[
"ansible-playbook"
,
"--inventory=${path.module}/inventory.freebsd_amd64"
,
"--become"
,
"--vault-password-file=ansible_vault_password"
,
"ansible/tailscale.yml"
,
])}
"
environment
=
{
ANSIBLE_CONFIG
=
"./ansible/ansible.cfg"
}
}
}