viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
infra/main.tf

327 lines
12 KiB
Terraform
Raw Normal View History

add gitattributes with git-crypt
2021-02-13 02:10:39 +00:00
variable "prod" {
type = bool
default = false
}
add template vm in proxmox [ci skip]
2025-10-11 17:07:47 +00:00
variable "proxmox_pm_api_url" { type = string }
variable "proxmox_pm_api_token_id" { type = string }
variable "proxmox_pm_api_token_secret" { type = string }
add module to create a k8s worker [ci skip]
2025-10-11 20:40:34 +00:00
variable "k8s_join_command" { type = string }
add template vm in proxmox [ci skip]
2025-10-11 17:07:47 +00:00
variable "vm_wizard_password" { type = string }
variable "proxmox_host" { type = string }
Remove old nginx-ingress variables and add kube_config_path + ssh_key variables - Remove ingress_honeypotapikey, ingress_crowdsec_captcha_* variables (nginx-ingress removed) - Add kube_config_path variable for flexible kubeconfig path - Add ssh_private_key/ssh_public_key variables to template modules
2026-02-07 13:17:49 +00:00
variable "ssh_private_key" {
type = string
default = ""
}
variable "ssh_public_key" {
type = string
default = ""
}
initial
2021-02-07 23:45:55 +00:00
variable "tls_secret_name" {}
remove tls certs from tfvars because they are in separate files
2021-02-19 19:52:22 +00:00
variable "tls_crt" {
default = ""
}
variable "tls_key" {
default = ""
}
initial
2021-02-07 23:45:55 +00:00
variable "client_certificate_secret_name" {}
variable "mailserver_accounts" {}
variable "mailserver_aliases" {}
add missing mailserver terraform items
2021-02-18 22:26:36 +00:00
variable "mailserver_opendkim_key" {}
fix roundcubemail and move to separate deploymen t[ci skip]
2025-10-18 13:23:53 +00:00
variable "mailserver_roundcubemail_db_password" { type = string }
add sendgrid smtp relay settings to postfix [ci skip]
2022-12-17 14:04:52 +00:00
variable "mailserver_sasl_passwd" {}
initial
2021-02-07 23:45:55 +00:00
variable "pihole_web_password" {}
variable "webhook_handler_secret" {}
variable "wireguard_wg_0_conf" {}
variable "wireguard_firewall_sh" {}
variable "hackmd_db_password" {}
variable "bind_db_viktorbarzin_me" {}
variable "bind_db_viktorbarzin_lan" {}
variable "bind_named_conf_options" {}
variable "alertmanager_account_password" {}
variable "wireguard_wg_0_key" {}
add dbaas and shlink db config
2021-05-05 19:17:56 +01:00
variable "dbaas_root_password" {}
add postgresql to dbaas [ci skip]
2023-11-24 17:38:49 +00:00
variable "dbaas_postgresql_root_password" {}
variable "dbaas_pgadmin_password" {}
add drone config and dockerhub skeleton
2021-02-10 21:17:31 +00:00
variable "drone_github_client_id" {}
variable "drone_github_client_secret" {}
variable "drone_rpc_secret" {}
Add DRONE_WEBHOOK_SECRET for GitHub webhook authentication Fixes webhook signature validation failures causing 400 errors.
2026-02-01 20:42:07 +00:00
variable "drone_webhook_secret" {}
add docker registry vm and allow multiple provisioning cmds in templates [ci skip]
2025-10-12 18:54:22 +00:00
variable "dockerhub_registry_password" {}
add updates for oauth2 proxy
2023-10-21 22:54:45 +00:00
variable "oauth2_proxy_client_id" {}
variable "oauth2_proxy_client_secret" {}
replace tls client cert auth with oauth and add localai stub [ci skip]
2023-10-22 14:07:14 +00:00
variable "oauth2_proxy_authenticated_emails" {}
add dbaas and shlink db config
2021-05-05 19:17:56 +01:00
variable "url_shortener_mysql_password" {}
add shlink and parts of dbaas [ci skip]
2021-04-17 19:19:04 +01:00
variable "url_shortener_geolite_license_key" {}
move api key to tfvars and change it as it was public [ci skip]
2021-05-04 19:11:09 +01:00
variable "url_shortener_api_key" {}
add oauth and add webhook handler fb token
2021-02-27 19:31:40 +00:00
variable "webhook_handler_fb_verify_token" {}
add fb page token vars [CI SKIP]
2021-02-27 20:56:14 +00:00
variable "webhook_handler_fb_page_token" {}
add fb app token var to webhook_handler [CI SKIP]
2021-03-09 21:43:14 +00:00
variable "webhook_handler_fb_app_secret" {}
add cli client for repo
2021-03-15 23:32:56 +00:00
variable "webhook_handler_git_user" {}
update dns update ip job to update technitium via api
2024-01-23 20:30:39 +00:00
variable "technitium_username" {}
variable "technitium_password" {}
[ci skip] Add Grafana dashboard for Technitium DNS query logs Add MySQL datasource and 15-panel dashboard for DNS analytics: queries over time, response codes, top domains/clients, response times, blocked/NxDomain domains. Enable Grafana dashboard sidecar for auto-provisioning dashboards from ConfigMaps.
2026-02-16 23:06:41 +00:00
variable "technitium_db_password" {}
add cli client for repo
2021-03-15 23:32:56 +00:00
variable "webhook_handler_git_token" {}
add setup open wrt dns use case
2021-03-31 23:35:09 +01:00
variable "webhook_handler_ssh_key" {}
add redfish exporter [CI SKIP]
2021-04-05 15:06:24 +01:00
variable "monitoring_idrac_username" {}
variable "monitoring_idrac_password" {}
add slack to notifications and update alert definitions after upgrade [ci skip]
2022-01-06 20:09:20 +00:00
variable "alertmanager_slack_api_url" {}
add home assistant files [ci skip]
2022-06-02 16:05:14 +01:00
variable "home_assistant_configuration" {}
add shadowsocks deployment [skip ci]
2022-11-19 17:51:04 +00:00
variable "shadowsocks_password" {}
add connection string to finance app [ci skip]
2023-04-25 23:54:38 +01:00
variable "finance_app_db_connection_string" {}
add env var to finance app with currency converted api key [ci skip]
2023-10-27 12:22:45 +00:00
variable "finance_app_currency_converter_api_key" {}
update graphql backdoor secret and remove some unused env variables
2023-03-26 14:42:17 +01:00
variable "finance_app_graphql_api_secret" {}
readd gocardless auth as that is needed to get user requisitions [ci skip]
2023-11-06 22:44:30 +00:00
variable "finance_app_gocardless_secret_key" {}
variable "finance_app_gocardless_secret_id" {}
move headscale config to tfvars and change leaked creds[ci skip]
2023-09-15 23:13:19 +00:00
variable "headscale_config" {}
add acls to tailnet and limit who can access what[ci skip]
2024-01-06 21:33:05 +00:00
variable "headscale_acl" {}
add immich deployment [ci skip]
2023-11-18 14:54:55 +00:00
variable "immich_postgresql_password" {}
add immich frame [ci skip]
2025-09-29 20:29:24 +00:00
variable "immich_frame_api_key" {}
add nginx ignress bouncer to ingress controller [ci skip]
2023-11-25 13:33:03 +00:00
variable "ingress_crowdsec_api_key" {}
reenable crowdsec [ci skip]
2025-08-31 15:20:57 +00:00
variable "crowdsec_enroll_key" { type = string }
variable "crowdsec_db_password" { type = string }
add deployment for crowdsec web dashboard that allows unblocking my ips [ci skip]
2025-10-14 20:08:43 +00:00
variable "crowdsec_dash_api_key" { type = string }
variable "crowdsec_dash_machine_id" { type = string }
variable "crowdsec_dash_machine_password" { type = string }
add smtp config to vaultwarden to enable email 2fa [ci skip]
2023-11-18 19:13:40 +00:00
variable "vaultwarden_smtp_password" {}
add postgresql to dbaas [ci skip]
2023-11-24 17:38:49 +00:00
variable "resume_database_url" {}
update resume to be a bit more working; still not workign but closer...[ci skip]
2026-01-18 14:05:01 +00:00
variable "resume_database_password" {}
add postgresql to dbaas [ci skip]
2023-11-24 17:38:49 +00:00
variable "resume_redis_url" {}
add reactive resume service [ci skip]
2026-01-28 17:57:39 +00:00
variable "resume_auth_secret" { type = string }
add frigate deployment with london camera enabled and 2 valchedrym cameras disabled [ci skip]
2024-01-04 22:11:32 +00:00
variable "frigate_valchedrym_camera_credentials" { default = "" }
add paperless-ngx [ci skip]
2024-02-03 13:46:13 +00:00
variable "paperless_db_password" {}
add meshcentral and diun[ci skip]
2024-08-18 18:14:17 +00:00
variable "diun_nfty_token" {}
replace ntfy notifications with slack for diun [ci skip]
2024-12-29 18:16:42 +00:00
variable "diun_slack_url" {}
add meshcentral and diun[ci skip]
2024-08-18 18:14:17 +00:00
variable "docker_config" {}
upgrade immich 1.116 and add nextcloud [ci skip]
2024-09-28 20:10:44 +00:00
variable "nextcloud_db_password" {}
add some homepage credentials to some services to block tls renew tfa[ci skip]
2024-10-18 22:37:47 +00:00
variable "homepage_credentials" {
type = map(any)
}
add authentik [ci skip]
2024-11-12 20:20:10 +00:00
variable "authentik_secret_key" {}
variable "authentik_postgres_password" {}
initial
2021-02-07 23:45:55 +00:00
variable "ansible_prefix" {
default = "ANSIBLE_VAULT_PASSWORD_FILE=~/.ansible/vault_pass.txt ansible-playbook -i playbook/hosts.yaml playbook/linux.yml -t linux/initial_setup"
description = "Provisioner command"
}
add linkwarden[ci skip]
2024-11-23 12:15:21 +00:00
variable "linkwarden_postgresql_password" {}
variable "linkwarden_authentik_client_id" {}
variable "linkwarden_authentik_client_secret" {}
add cloudflare configs for tunnels and dns [ci skip]
2024-12-23 18:20:16 +00:00
variable "cloudflare_api_key" {}
variable "cloudflare_email" {}
variable "cloudflare_account_id" {}
variable "cloudflare_zone_id" {}
variable "cloudflare_tunnel_id" {}
variable "public_ip" {}
variable "cloudflare_proxied_names" {}
variable "cloudflare_non_proxied_names" {}
variable "cloudflare_tunnel_token" {}
add owntracks [ci skip]
2024-12-30 18:50:35 +00:00
variable "owntracks_credentials" {}
[ci skip] Deploy health dashboard service Apple Health data visualization app (Svelte + FastAPI + Caddy). Uses shared PostgreSQL via DBaaS, NFS storage for uploads, accessible at health.viktorbarzin.me.
2026-02-08 01:54:24 +00:00
variable "ollama_api_credentials" {}
add dawarich deployment [ci skip]
2024-12-30 22:14:59 +00:00
variable "dawarich_database_password" {}
use geoapify in dawarich instead of local photon [ci skip]
2025-05-31 21:50:16 +00:00
variable "geoapify_api_key" {}
add ingress factory stub [ci skip]
2025-01-14 20:12:26 +00:00
variable "tandoor_database_password" {}
add n8n and disable crowdsec temporarily [ci skip]
2025-05-10 19:12:01 +00:00
variable "n8n_postgresql_password" {}
move wrongmove to use db and set redis parameters [ci skip]
2025-06-30 20:43:07 +00:00
variable "realestate_crawler_db_password" {}
pass in slack apprise config via env [ci skip]
2025-07-27 10:18:01 +00:00
variable "realestate_crawler_notification_settings" {
type = map(string)
}
add kured helm [ci skip]
2025-07-27 10:31:38 +00:00
variable "kured_notify_url" {}
add onlyoffice deployment along with collabora for backup if needed [ci skip]
2025-08-17 19:27:34 +00:00
variable "onlyoffice_db_password" { type = string }
variable "onlyoffice_jwt_token" { type = string }
add xray along with multiple configs [ci skip]
2025-08-22 21:41:51 +00:00
variable "xray_reality_clients" { type = list(map(string)) }
variable "xray_reality_private_key" { type = string }
variable "xray_reality_short_ids" { type = list(string) }
add tuya bridge module to toggle the ATS device via web [ci skip]
2025-10-24 14:00:06 +00:00
variable "tiny_tuya_api_key" { type = string }
variable "tiny_tuya_api_secret" { type = string }
variable "tiny_tuya_service_secret" { type = string }
add slack url env var to the tuya bridge for slack notifications [ci skip]
2025-11-26 20:38:57 +00:00
variable "tiny_tuya_slack_url" { type = string }
add haos monitoring job in prometheus
2025-11-29 11:46:42 +00:00
variable "haos_api_token" { type = string }
add pve exporter playbook + pve exporter in k8s [ci skip]
2025-12-26 16:23:17 +00:00
variable "pve_password" { type = string }
migrate grafana to mysql from sqlite [ci skip]
2025-12-27 20:51:05 +00:00
variable "grafana_db_password" { type = string }
[ci skip] Remove Authentik forward auth from Grafana, add admin password management Fixes HA mobile app 403 when embedding Grafana dashboards - the webview blocks third-party cookies needed by Authentik forward auth. Grafana already has anonymous Viewer access enabled, so forward auth is not needed. Also adds grafana_admin_password variable and explicit resource limits to prevent ResourceQuota issues during rolling updates.
2026-02-18 21:40:32 +00:00
variable "grafana_admin_password" { type = string }
add rybbit analytics [ci skip]
2025-12-18 10:44:01 +00:00
variable "clickhouse_password" { type = string }
variable "clickhouse_postgres_password" { type = string }
add wealthfolio deployment [ci skip]
2025-12-23 12:22:52 +00:00
variable "wealthfolio_password_hash" { type = string }
add netbox, ebook2audiobook, audiblez, aiostreams and listenarr; alos reenable prowlarr, qbittorrent [ci skip]
2026-01-03 16:58:57 +00:00
variable "aiostreams_database_connection_string" { type = string }
add credentials for ab bank sync cronjob [ci skip]
2026-01-10 20:01:06 +00:00
variable "actualbudget_credentials" { type = map(any) }
add speedtest deployment [ci skip]
2026-01-13 20:34:44 +00:00
variable "speedtest_db_password" { type = string }
add freedify [ci skip]
2026-01-17 22:40:35 +00:00
variable "freedify_credentials" { type = map(any) }
add mcaptcha but disabled as we found another way[ci skip]
2026-01-24 18:43:43 +00:00
variable "mcaptcha_postgresql_password" { type = string }
variable "mcaptcha_cookie_secret" { type = string }
variable "mcaptcha_captcha_salt" { type = string }
Add AFFiNE visual canvas for storytelling - Deploy AFFiNE as self-hosted visual canvas tool - Uses shared PostgreSQL and Redis from cluster - NFS storage for uploads and configuration - Email configured via mailserver.viktorbarzin.me - Ingress at affine.viktorbarzin.me [ci skip]
2026-01-25 21:40:39 +00:00
variable "openrouter_api_key" { type = string }
variable "slack_bot_token" { type = string }
variable "slack_channel" { type = string }
variable "affine_postgresql_password" { type = string }
[ci skip] Deploy health dashboard service Apple Health data visualization app (Svelte + FastAPI + Caddy). Uses shared PostgreSQL via DBaaS, NFS storage for uploads, accessible at health.viktorbarzin.me.
2026-02-08 01:54:24 +00:00
variable "health_postgresql_password" { type = string }
variable "health_secret_key" { type = string }
[ci skip] Remove Authentik forward auth from Grafana, add admin password management Fixes HA mobile app 403 when embedding Grafana dashboards - the webview blocks third-party cookies needed by Authentik forward auth. Grafana already has anonymous Viewer access enabled, so forward auth is not needed. Also adds grafana_admin_password variable and explicit resource limits to prevent ResourceQuota issues during rolling updates.
2026-02-18 21:40:32 +00:00
variable "openclaw_ssh_key" { type = string }
variable "openclaw_skill_secrets" { type = map(string) }
[ci skip] Add Grafana dashboard for Technitium DNS query logs Add MySQL datasource and 15-panel dashboard for DNS analytics: queries over time, response codes, top domains/clients, response times, blocked/NxDomain domains. Enable Grafana dashboard sidecar for auto-provisioning dashboards from ConfigMaps.
2026-02-16 23:06:41 +00:00
variable "gemini_api_key" { type = string }
variable "llama_api_key" { type = string }
variable "brave_api_key" { type = string }
[ci skip] Add Modal GLM-5 model to OpenClaw, fix streaming and download reliability - Add modal provider (GLM-5-FP8) as primary model with non-streaming mode (GLM-5 uses non-standard reasoning_content field incompatible with streaming) - Add curl --retry flags to init container downloads for reliability - Fallback chain: GLM-5 → Gemini 2.5 Flash → Llama 3.3 70B
2026-02-19 23:17:08 +00:00
variable "modal_api_key" { type = string }
[ci skip] Add coturn TURN/STUN server for WebRTC relay - Deploy coturn on k8s with MetalLB shared IP (10.0.20.200) - Normal pod networking (no hostNetwork), runs on any node - 100 relay ports (49152-49252), port 3478 for STUN/TURN signaling - Shared secret auth for time-limited TURN credentials - For F1 streaming WebRTC NAT traversal
2026-02-21 18:08:01 +00:00
variable "coturn_turn_secret" { type = string }
add gitattributes with git-crypt
2021-02-13 02:10:39 +00:00
[ci skip] Implement multi-user Kubernetes access with OIDC - Add RBAC module (modules/kubernetes/rbac/) with admin, power-user, and namespace-owner roles, API server OIDC flags, and audit logging - Add self-service portal (modules/kubernetes/k8s-portal/) SvelteKit app with kubeconfig download and setup instructions - Configure Alloy to collect audit logs from kube-apiserver - Add Grafana dashboard for Kubernetes audit log visualization - Configure Authentik OIDC provider with groups scope mapping - Wire up k8s_users and ssh_private_key variables through module chain
2026-02-17 21:42:39 +00:00
variable "k8s_users" {
type = map(any)
default = {}
}
Remove old nginx-ingress variables and add kube_config_path + ssh_key variables - Remove ingress_honeypotapikey, ingress_crowdsec_captcha_* variables (nginx-ingress removed) - Add kube_config_path variable for flexible kubeconfig path - Add ssh_private_key/ssh_public_key variables to template modules
2026-02-07 13:17:49 +00:00
variable "kube_config_path" {
type = string
default = "~/.kube/config"
}
initial
2021-02-07 23:45:55 +00:00
provider "kubernetes" {
Remove old nginx-ingress variables and add kube_config_path + ssh_key variables - Remove ingress_honeypotapikey, ingress_crowdsec_captcha_* variables (nginx-ingress removed) - Add kube_config_path variable for flexible kubeconfig path - Add ssh_private_key/ssh_public_key variables to template modules
2026-02-07 13:17:49 +00:00
config_path = var.prod ? "" : var.kube_config_path
initial
2021-02-07 23:45:55 +00:00
}
provider "helm" {
upgrade proxmox provider and some other tf [ci skip]
2025-12-18 11:41:33 +00:00
kubernetes = {
Remove old nginx-ingress variables and add kube_config_path + ssh_key variables - Remove ingress_honeypotapikey, ingress_crowdsec_captcha_* variables (nginx-ingress removed) - Add kube_config_path variable for flexible kubeconfig path - Add ssh_private_key/ssh_public_key variables to template modules
2026-02-07 13:17:49 +00:00
config_path = var.prod ? "" : var.kube_config_path
initial
2021-02-07 23:45:55 +00:00
}
}
upgrade immich [ci skip]
2024-12-15 18:04:02 +00:00
add template vm in proxmox [ci skip]
2025-10-11 13:32:49 +00:00
provider "proxmox" {
pm_api_url = var.proxmox_pm_api_url
pm_api_token_id = var.proxmox_pm_api_token_id
pm_api_token_secret = var.proxmox_pm_api_token_secret
pm_tls_insecure = true
}
# TODO: add DEFCON levels
add proxmox playground temp files [ci skip]
2023-12-03 12:15:54 +00:00
[ci skip] Migrate infra modules (VM templates, docker-registry) to stacks/infra/ Remove k8s-node-template, non-k8s-node-template, docker-registry-template, and docker-registry-vm modules from root main.tf. These are now managed by the Terragrunt infra stack at stacks/infra/. State migration verified: both root and infra stack show "No changes".
2026-02-22 13:11:16 +00:00
# ---------------------------------------------------------------------------
# Infra modules (VM templates, docker-registry) migrated to stacks/infra/
# Manage with: cd stacks/infra && terragrunt apply
# ---------------------------------------------------------------------------
add docker registry vm and allow multiple provisioning cmds in templates [ci skip]
2025-10-12 18:54:22 +00:00
# module that provisions the proxmox host?
# make dns stateless?
# pfsense/truenas configs in code
# etcd db backup in code
add module to create a k8s worker [ci skip]
2025-10-11 20:40:34 +00:00
# module "k8s_node5" {
add template vm in proxmox [ci skip]
2025-10-11 17:07:47 +00:00
# template_name = local.vm_template_name
# source = "./modules/create-vm"
add module to create a k8s worker [ci skip]
2025-10-11 20:40:34 +00:00
# vm_name = "k8s-node5"
# vmid = 205
add template vm in proxmox [ci skip]
2025-10-11 17:07:47 +00:00
# cisnippet_name = local.vm_cloud_init_snippet_name
add module to create a k8s worker [ci skip]
2025-10-11 20:40:34 +00:00
parameterize ssh keys in create vm module [ci skip]
2025-10-11 17:24:26 +00:00
# vm_mac_address = "00:50:56:87:4a:2d"
add module to create a k8s worker [ci skip]
2025-10-11 20:40:34 +00:00
# bridge = "vmbr1"
# vlan_tag = "20"
remove vmware vms from state as they do not work without vsphere [ci skip]
2023-11-18 14:57:59 +00:00
# }
initial
2021-02-07 23:45:55 +00:00
remove vmware vms from state as they do not work without vsphere [ci skip]
2023-11-18 14:57:59 +00:00
# module "k8s_master" {
# source = "./modules/create-vm"
# vm_name = "k8s-master"
# vm_mac_address = "00:50:56:b0:a1:39"
# network = "dKubernetes"
# provisioner_command = "${var.ansible_prefix} -t linux/k8s/master -e hostname=k8s-master"
initial
2021-02-07 23:45:55 +00:00
remove vmware vms from state as they do not work without vsphere [ci skip]
2023-11-18 14:57:59 +00:00
# vsphere_password = var.vsphere_password
# vsphere_user = var.vsphere_user
# vsphere_server = var.vsphere_server
# vsphere_datastore = "r730-datastore"
# vsphere_resource_pool = "R730"
initial
2021-02-07 23:45:55 +00:00
remove vmware vms from state as they do not work without vsphere [ci skip]
2023-11-18 14:57:59 +00:00
# }
# module "k8s_node1" {
# source = "./modules/create-vm"
# vm_name = "k8s-node1"
# vm_mac_address = "00:50:56:b0:e0:c9"
# network = "dKubernetes"
# provisioner_command = "${var.ansible_prefix} -t linux/k8s/node -e hostname=k8s-node1 -e k8s_master='wizard@${module.k8s_master.guest_ip}'"
# vsphere_password = var.vsphere_password
# vsphere_user = var.vsphere_user
# vsphere_server = var.vsphere_server
# vsphere_datastore = "r730-datastore"
# vsphere_resource_pool = "R730"
initial
2021-02-07 23:45:55 +00:00
remove vmware vms from state as they do not work without vsphere [ci skip]
2023-11-18 14:57:59 +00:00
# }
initial
2021-02-07 23:45:55 +00:00
remove vmware vms from state as they do not work without vsphere [ci skip]
2023-11-18 14:57:59 +00:00
# module "k8s_node2" {
# source = "./modules/create-vm"
# vm_name = "k8s-node2"
# vm_mac_address = "00:50:56:b0:a1:36"
# network = "dKubernetes"
# provisioner_command = "${var.ansible_prefix} -t linux/k8s/node -e hostname=k8s-node2 -e k8s_master='wizard@${module.k8s_master.guest_ip}'"
# vsphere_password = var.vsphere_password
# vsphere_user = var.vsphere_user
# vsphere_server = var.vsphere_server
# vsphere_datastore = "r730-datastore"
# vsphere_resource_pool = "R730"
# }
initial
2021-02-07 23:45:55 +00:00
remove vmware vms from state as they do not work without vsphere [ci skip]
2023-11-18 14:57:59 +00:00
# module "k8s_node3" {
# source = "./modules/create-vm"
# vm_name = "k8s-node3"
# vm_mac_address = "00:50:56:b0:a1:37"
# network = "dKubernetes"
# provisioner_command = "${var.ansible_prefix} -t linux/k8s/node -e hostname=k8s-node3 -e k8s_master='wizard@${module.k8s_master.guest_ip}'"
# vsphere_password = var.vsphere_password
# vsphere_user = var.vsphere_user
# vsphere_server = var.vsphere_server
# vsphere_datastore = "r730-datastore"
# vsphere_resource_pool = "R730"
# }
initial
2021-02-07 23:45:55 +00:00
remove vmware vms from state as they do not work without vsphere [ci skip]
2023-11-18 14:57:59 +00:00
# module "k8s_node4" {
prepare k8s node module [ci skip]
2025-10-11 20:58:10 +00:00
# source = "./modules/create-vm"
# vm_name = "k8s-node4"
# vmid = 204
# template_name = local.vm_template_name
# cisnippet_name = local.vm_cloud_init_snippet_name
remove vmware vms from state as they do not work without vsphere [ci skip]
2023-11-18 14:57:59 +00:00
prepare k8s node module [ci skip]
2025-10-11 20:58:10 +00:00
# vm_mac_address = "00:50:56:b0:a1:38"
# bridge = "vmbr1"
# vlan_tag = "20"
remove vmware vms from state as they do not work without vsphere [ci skip]
2023-11-18 14:57:59 +00:00
# }
initial
2021-02-07 23:45:55 +00:00
remove vmware vms from state as they do not work without vsphere [ci skip]
2023-11-18 14:57:59 +00:00
# module "k8s_node5" {
# source = "./modules/create-vm"
# vm_name = "k8s-node5"
# vm_mac_address = "00:50:56:b0:a1:40"
# network = "dKubernetes"
# provisioner_command = "${var.ansible_prefix} -t linux/k8s/node -e hostname=k8s-node5 -e k8s_master='wizard@${module.k8s_master.guest_ip}'"
initial
2021-02-07 23:45:55 +00:00
remove vmware vms from state as they do not work without vsphere [ci skip]
2023-11-18 14:57:59 +00:00
# vsphere_password = var.vsphere_password
# vsphere_user = var.vsphere_user
# vsphere_server = var.vsphere_server
# vsphere_datastore = "r730-datastore"
# vsphere_resource_pool = "R730"
add webhook handler and env variables [ci skip]
2023-03-18 17:36:37 +00:00
remove vmware vms from state as they do not work without vsphere [ci skip]
2023-11-18 14:57:59 +00:00
# }
# module "devvm" {
# source = "./modules/create-vm"
# vm_name = "devvm"
# vm_mac_address = "00:50:56:b0:a1:41"
# network = "dKubernetes"
# # provisioner_command = "${var.ansible_prefix} -t linux/k8s/node -e hostname=k8s-node5 -e k8s_master='wizard@${module.k8s_master.guest_ip}'"
# vsphere_password = var.vsphere_password
# vsphere_user = var.vsphere_user
# vsphere_server = var.vsphere_server
# vsphere_datastore = "r730-datastore"
# vsphere_resource_pool = "R730"
# }
initial
2021-02-07 23:45:55 +00:00
# resource "null_resource" "test" {
# provisioner "local-exec" {
# working_dir = "/home/viktor/"
# command = "ANSIBLE_VAULT_PASSWORD_FILE=~/.ansible/vault_pass.txt ansible-playbook -i playbook/hosts.yaml playbook/linux.yml -t linux/k8s/node -e host='10.0.40.126'"
# }
# }
[ci skip] Phase 3: Remove migrated service modules from monolith All 66 service modules removed from modules/kubernetes/main.tf (now just a migration notice). The kubernetes_cluster module block removed from root main.tf. All services now managed via stacks/<service>/.
2026-02-22 13:58:07 +00:00
# ---------------------------------------------------------------------------
# The kubernetes_cluster module (modules/kubernetes/) has been migrated to
# individual Terragrunt stacks under stacks/.
# See stacks/<service>/main.tf for each service's configuration.
# ---------------------------------------------------------------------------
Update public ip and ns records
-
Update public ip and ns records
-
Reference in a new issue Copy permalink