diff --git a/.gitlab/.gitlab-ci.yml b/.gitlab/.gitlab-ci.yml index 080d92c..a568021 100644 --- a/.gitlab/.gitlab-ci.yml +++ b/.gitlab/.gitlab-ci.yml @@ -1,2 +1,3 @@ include: - - local: infra/.gitlab/.gitlab-ci.yml \ No newline at end of file + - local: infra/.gitlab/.gitlab-ci.yml + - local: dmz/.gitlab/.gitlab-ci.yml diff --git a/dmz/.gitlab/.gitlab-ci.yml b/dmz/.gitlab/.gitlab-ci.yml new file mode 100644 index 0000000..61ab572 --- /dev/null +++ b/dmz/.gitlab/.gitlab-ci.yml @@ -0,0 +1,95 @@ +stages: + - plan + - apply + - destroy + +variables: + WORKDIR: $CI_PROJECT_DIR/dmz/terraform + GITLAB_TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/dmz + +image: + name: registry.internal.durp.info/opentofu/opentofu:latest + entrypoint: [""] + +.tf-init: + before_script: + - cd $WORKDIR + - tofu init + -reconfigure + -backend-config="address=${GITLAB_TF_ADDRESS}" + -backend-config="lock_address=${GITLAB_TF_ADDRESS}/lock" + -backend-config="unlock_address=${GITLAB_TF_ADDRESS}/lock" + -backend-config="username=gitlab-ci-token" + -backend-config="password=${CI_JOB_TOKEN}" + -backend-config="lock_method=POST" + -backend-config="unlock_method=DELETE" + -backend-config="retry_wait_min=5" + +format: + stage: .pre + allow_failure: false + script: + - cd $WORKDIR + - tofu fmt -diff -check -write=false + rules: + - changes: + - "dmz/terraform/*.tf" + +validate: + stage: .pre + allow_failure: false + extends: .tf-init + script: + - tofu validate + rules: + - changes: + - "dmz/terraform/*.tf" + +plan-dmzstructure: + stage: plan + variables: + PLAN: plan.tfplan + JSON_PLAN_FILE: tfplan.json + ENVIRONMENT_NAME: dmz + allow_failure: false + extends: .tf-init + script: + - apk add --update curl jq + - alias convert_report="jq -r '([.resource_changes[].change.actions?]|flatten)|{\"create\":(map(select(.==\"create\"))|length),\"update\":(map(select(.==\"update\"))|length),\"delete\":(map(select(.==\"delete\"))|length)}'" + - tofu plan -out=$PLAN $ARGUMENTS + - tofu show --json $PLAN | jq -r '([.resource_changes[].change.actions?]|flatten)|{"create":(map(select(.=="create"))|length),"update":(map(select(.=="update"))|length),"delete":(map(select(.=="delete"))|length)}' > $JSON_PLAN_FILE + artifacts: + reports: + terraform: $WORKDIR/$JSON_PLAN_FILE + needs: ["validate","format"] + rules: + - changes: + - "dmz/terraform/*.tf" + +apply-dmzstructure: + stage: apply + variables: + ENVIRONMENT_NAME: dmz + allow_failure: false + extends: .tf-init + script: + - tofu apply -auto-approve $ARGUMENTS + rules: + - changes: + - "dmz/terraform/*.tf" + when: manual + needs: ["plan-dmzstructure"] + +destroy-dmzstructure: + stage: destroy + variables: + ENVIRONMENT_NAME: dmz + allow_failure: false + extends: .tf-init + script: + - tofu destroy -auto-approve $ARGUMENTS + rules: + - changes: + - "dmz/terraform/*.tf" + when: manual + needs: ["plan-dmzstructure"] diff --git a/dmz/terraform/k3s.tf b/dmz/terraform/k3s.tf new file mode 100644 index 0000000..29426bd --- /dev/null +++ b/dmz/terraform/k3s.tf @@ -0,0 +1,116 @@ +resource "proxmox_vm_qemu" "k3smaster" { + lifecycle { + prevent_destroy = true + } + count = local.k3smaster.count + ciuser = "administrator" + name = local.k3smaster.name[count.index] + target_node = local.k3smaster.node[count.index] + tags = local.k3smaster.tags + full_clone = false + qemu_os = "l26" + os_type = "cloud-init" + agent = 1 + cores = local.k3smaster.cores + sockets = 1 + cpu_type = "host" + memory = local.k3smaster.memory + scsihw = "virtio-scsi-pci" + boot = "order=virtio0" + onboot = true + sshkeys = local.sshkeys + vga { + type = "serial0" + } + serial { + id = 0 + type = "socket" + } + disks { + ide { + ide2 { + cloudinit { + storage = local.storage + } + } + } + virtio { + virtio0 { + disk { + size = local.k3smaster.drive + format = local.format + storage = local.storage + } + } + } + } + network { + id = 0 + model = "virtio" + bridge = "vmbr0" + tag = local.vlan + } + #Cloud Init Settings + ipconfig0 = "ip=192.168.${local.vlan}.${local.k3smaster.ip[count.index]}/24,gw=192.168.${local.vlan}.1" + searchdomain = "durp.loc" + nameserver = local.dnsserver +} + +resource "proxmox_vm_qemu" "k3sserver" { + lifecycle { + prevent_destroy = true + } + count = local.k3sserver.count + ciuser = "administrator" + name = local.k3sserver.name[count.index] + target_node = local.k3sserver.node[count.index] + tags = local.k3sserver.tags + qemu_os = "l26" + full_clone = false + os_type = "cloud-init" + agent = 1 + cores = local.k3sserver.cores + sockets = 1 + cpu_type = "host" + memory = local.k3sserver.memory + scsihw = "virtio-scsi-pci" + #bootdisk = "scsi0" + boot = "order=virtio0" + onboot = true + sshkeys = local.sshkeys + vga { + type = "serial0" + } + serial { + id = 0 + type = "socket" + } + disks { + ide { + ide2 { + cloudinit { + storage = local.storage + } + } + } + virtio { + virtio0 { + disk { + size = local.k3sserver.drive + format = local.format + storage = local.storage + } + } + } + } + network { + id = 0 + model = "virtio" + bridge = "vmbr0" + tag = local.vlan + } + #Cloud Init Settings + ipconfig0 = "ip=192.168.${local.vlan}.${local.k3sserver.ip[count.index]}/24,gw=192.168.${local.vlan}.1" + searchdomain = "durp.loc" + nameserver = local.dnsserver +} diff --git a/dmz/terraform/main.tf b/dmz/terraform/main.tf new file mode 100644 index 0000000..97fe0b5 --- /dev/null +++ b/dmz/terraform/main.tf @@ -0,0 +1,78 @@ +terraform { + backend "http" {} + required_providers { + proxmox = { + source = "Telmate/proxmox" + version = "3.0.1-rc6" + } + } +} + +provider "proxmox" { + pm_parallel = 1 + pm_tls_insecure = true + pm_api_url = var.pm_api_url + pm_user = var.pm_user + pm_password = var.pm_password + pm_debug = false +} + +locals { + sshkeys = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDEphzWgwUZnvL6E5luKLt3WO0HK7Kh63arSMoNl5gmjzXyhG1DDW0OKfoIl0T+JZw/ZjQ7iii6tmSLFRk6nuYCldqe5GVcFxvTzX4/xGEioAyG0IiUGKy6s+9xzO8QXF0EtSNPH0nfHNKcCjgwWAzM+Lt6gW0Vqs+aU5ICuDiEchmvYPz+rBaVldJVTG7m3ogKJ2aIF7HU/pCPp5l0E9gMOw7s0ABijuc3KXLEWCYgL39jIST6pFH9ceRLmu8Xy5zXHAkkEEauY/e6ld0hlzLadiUD7zYJMdDcm0oRvenYcUlaUl9gS0569IpfsJsjCejuqOxCKzTHPJDOT0f9TbIqPXkGq3s9oEJGpQW+Z8g41BqRpjBCdBk+yv39bzKxlwlumDwqgx1WP8xxKavAWYNqNRG7sBhoWwtxYEOhKXoLNjBaeDRnO5OY5AQJvONWpuByyz0R/gTh4bOFVD+Y8WWlKbT4zfhnN70XvapRsbZiaGhJBPwByAMGg6XxSbC6xtbyligVGCEjCXbTLkeKq1w0DuItY+FBGO3J2k90OiciTVSeyiVz9J/Y03UB0gHdsMCoVNrj+9QWfrTLDhM7D5YrXUt5nj2LQTcbtf49zoQXWxUhozlg42E/FJU/Yla7y55qWizAEVyP2/Ks/PHrF679k59HNd2IJ/aicA9QnmWtLQ== ansible" + template = "Debian12-Template" + storage = "cache-domains" + emulatessd = true + format = "raw" + dnsserver = "192.168.98.1" + vlan = 98 + k3smaster = { + tags = "k3s_dmz" + count = 3 + name = ["master01-dmz", "master02-dmz", "master03-dmz"] + cores = 2 + memory = "4096" + drive = 20 + node = ["mothership", "overlord", "vanguard"] + ip = ["11", "12", "13"] + } + k3sserver = { + tags = "k3s_dmz" + count = 3 + name = ["node01-dmz", "node02-dmz", "node03-dmz"] + cores = 4 + memory = "8192" + drive = 240 + node = ["mothership", "overlord", "vanguard"] + ip = ["21", "22", "23"] + } + haproxy = { + tags = "haproxy" + count = 3 + name = ["haproxy-01", "haproxy-02", "haproxy-03"] + cores = 2 + memory = "1024" + drive = 20 + node = ["mothership", "overlord", "vanguard"] + ip = ["31", "32", "33"] + } + postgres = { + tags = "postgres" + count = 3 + name = ["postgres-01", "postgres-02", "postgres-03"] + cores = 4 + memory = "4096" + drive = 40 + node = ["mothership", "overlord", "vanguard"] + ip = ["34", "35", "36"] + } + pihole = { + tags = "pihole" + count = 3 + name = ["pihole-01", "pihole-02", "pihole-03"] + cores = 2 + memory = "2048" + drive = 20 + node = ["mothership", "overlord", "vanguard"] + ip = ["41", "42", "43"] + } +} diff --git a/dmz/terraform/variables.tf b/dmz/terraform/variables.tf new file mode 100644 index 0000000..31a92e0 --- /dev/null +++ b/dmz/terraform/variables.tf @@ -0,0 +1,14 @@ +variable "pm_api_url" { + description = "API URL to Proxmox provider" + type = string +} + +variable "pm_password" { + description = "Passowrd to Proxmox provider" + type = string +} + +variable "pm_user" { + description = "UIsername to Proxmox provider" + type = string +}