--- a/ansible/roles/tailscale/tasks/main.yml Tue Dec 26 01:06:59 2023 -0600
+++ b/ansible/roles/tailscale/tasks/main.yml Tue Dec 26 01:07:48 2023 -0600
@@ -6,6 +6,8 @@
- include_tasks: freebsd.yml
when: ansible_facts['os_family'] == "FreeBSD"
+- include_tasks: openbsd.yml + when: ansible_facts['os_family'] == "OpenBSD" - name: login to tailscale
ansible.builtin.command: "tailscale up --auth-key {{ tailscale_auth_key }}"
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/ansible/roles/tailscale/tasks/openbsd.yml Tue Dec 26 01:07:48 2023 -0600
@@ -0,0 +1,11 @@
+- name: "install tailscale" +- name: "start tailscaled" --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/instance-openbsd-amd64.tf Tue Dec 26 01:07:48 2023 -0600
@@ -0,0 +1,158 @@
+variable openbsd_amd64_count { default = 0 } +variable openbsd_amd64_volume_pool { default = "default" } +variable openbsd_amd64_ssh_pubkeys { default = [] } +variable openbsd_amd64_base_image { default = { + "name": "openbsd-amd64-base", + "source": "https://object-storage.public.mtl1.vexxhost.net/swift/v1/1dbafeefbd4f4c80864414a441e72dd2/bsd-cloud-image.org/images/openbsd/7.3/2023-04-22/ufs/openbsd-7.3-2023-04-22.qcow2", +variable openbsd_amd64_volume_size { default = "10737418240" } # 10gb +variable openbsd_amd64_memory_size { default = "1024" } # 1gb +variable openbsd_amd64_cpu_count { default = "1" } +variable openbsd_amd64_network_name { default = "default" } +data "template_file" "openbsd_amd64_cloudinit" { + count = var.openbsd_amd64_count + ssh_authorized_keys: $${admin_ssh_pubkeys} + sudo: ALL=(ALL) NOPASSWD:ALL + ignore_growroot_disabled: false +# Uncomment this if you need to debug stuff + "fqdn": format("%sopenbsd-amd64-%02d", var.node_prefix, count.index), + "admin_ssh_pubkeys": jsonencode(var.openbsd_amd64_ssh_pubkeys), +resource "libvirt_cloudinit_disk" "openbsd_amd64_cloudinit" { + count = var.openbsd_amd64_count + name = format("openbsd-amd64-%02d-cloudinit.iso", count.index) + pool = var.openbsd_amd64_volume_pool + user_data = element(data.template_file.openbsd_amd64_cloudinit.*.rendered, count.index) +resource "libvirt_volume" "openbsd_amd64_base_image" { + count = (var.openbsd_amd64_count > 0 ? 1 : 0) + pool = var.openbsd_amd64_volume_pool + name = format("%s.%s", var.openbsd_amd64_base_image["name"], var.openbsd_amd64_base_image["format"]) + source = var.openbsd_amd64_base_image["source"] + format = var.openbsd_amd64_base_image["format"] +resource "libvirt_volume" "openbsd_amd64_image" { + count = var.openbsd_amd64_count + pool = var.openbsd_amd64_volume_pool + name = format("openbsd-amd64-%02d.%s", count.index, var.openbsd_amd64_base_image["format"]) + base_volume_id = libvirt_volume.openbsd_amd64_base_image[0].id + format = var.openbsd_amd64_base_image["format"] + size = var.openbsd_amd64_volume_size +resource "libvirt_domain" "openbsd_amd64" { + count = var.openbsd_amd64_count + name = format("openbsd-amd64-%02d", count.index) + mode = "host-passthrough" + memory = var.openbsd_amd64_memory_size + vcpu = var.openbsd_amd64_cpu_count + cloudinit = libvirt_cloudinit_disk.openbsd_amd64_cloudinit[count.index].id + volume_id = libvirt_volume.openbsd_amd64_image[count.index].id + network_name = var.openbsd_amd64_network_name + network_interface.0.hostname +# Create the ansible inventory +resource "local_file" "openbsd_amd64_ansible_inventory" { + count = "${var.openbsd_amd64_count > 0 ? 1 : 0 }" + content = "${join("\n", + "%s ansible_ssh_common_args='-o ProxyJump=%s -o StrictHostKeyChecking=off' ansible_user=admin ansible_host=%s", + libvirt_domain.openbsd_amd64.*.name, # get the name of the libvirt_domain + regex("(?:.*://([^/]+)/.*)", var.libvirt_uri)[0], # pull the user and hostname out of the libvirt_uri. + flatten(libvirt_domain.openbsd_amd64.*.network_interface.0.addresses) # get the address of the first network interface. + filename = "${path.module}/inventory.openbsd_amd64" +# Run ansible against the machines +resource "null_resource" "openbsd_amd64_ansible" { + count = "${var.openbsd_amd64_count > 0 ? 1 : 0 }" + hosts = "${sha1(local_file.openbsd_amd64_ansible_inventory.0.content)}" + ansible = "${data.archive_file.ansible_scripts.output_sha}" + provisioner "local-exec" { + command = "${join(" ", [ + "--inventory=${path.module}/inventory.openbsd_amd64", + "--vault-password-file=ansible_vault_password", + "ansible/tailscale.yml", + ANSIBLE_CONFIG = "./ansible/ansible.cfg" 