feat: Prepare outpost

2025-02-13 14:36:26 -08:00 · 2025-02-13 14:36:26 -08:00 · 37ce552a0f
commit 37ce552a0f
parent 94c2ed4e7d
12 changed files with 161 additions and 69 deletions
--- a/tf/cloud-init.tf
+++ b/tf/cloud-init.tf
@ -1,44 +1,3 @@
-data "local_file" "ssh_pub_key" {
-  filename = "${path.module}/data/id_rsa.pub"
-}
-
-locals {
-  common_cloud_init = <<EOF
-#cloud-config
-chpasswd:
-  list: |
-    ubuntu:ubuntu
-    ${var.username}:${var.username}
-  expire: false
-packages:
-  - qemu-guest-agent
-  - nfs-common
-  - avahi-daemon
-timezone: America/Vancouver
-
-users:
-  - default
-  - name: ubuntu
-    groups: sudo
-    shell: /bin/bash
-    ssh-authorized-keys:
-      - ${trimspace(data.local_file.ssh_pub_key.content)}
-    sudo: ALL=(ALL) NOPASSWD:ALL
-  - name: ${var.username}
-    groups: sudo
-    shell: /bin/bash
-    ssh_import_id:
-      - ${var.ssh_import_id}
-    sudo: ALL=(ALL) NOPASSWD:ALL
-
-power_state:
-    delay: now
-    mode: reboot
-    message: Rebooting after cloud-init completion
-    condition: true
-EOF
-}
-
 resource "proxmox_virtual_environment_file" "common_cloud_init" {
  content_type = "snippets"
  datastore_id = var.proxmox_image_storage
@ -64,7 +23,7 @@ users:
    groups: sudo
    shell: /bin/bash
    ssh-authorized-keys:
-      - ${trimspace(data.local_file.ssh_pub_key.content)}
+      - ${trimspace(file(var.ssh_public_key_file))}
    sudo: ALL=(ALL) NOPASSWD:ALL
  - name: ${var.username}
    groups: sudo
--- a/tf/dns-server.tf
+++ b/tf/dns-server.tf
@ -14,7 +14,7 @@ module "dns_server" {
  proxmox_vm_storage    = var.proxmox_vm_storage
  proxmox_image_storage = var.proxmox_image_storage

-  cloud_init_file_id = proxmox_virtual_environment_file.common_cloud_init.id
-  cloud_image_id    = proxmox_virtual_environment_file.ubuntu_cloud_image.id
+  cloud_init_file_id   = proxmox_virtual_environment_file.common_cloud_init.id
+  cloud_image_id       = proxmox_virtual_environment_file.ubuntu_cloud_image.id
  ssh_private_key_file = var.ssh_private_key_file
 }
--- a/tf/docker-swarm.tf
+++ b/tf/docker-swarm.tf
@ -12,7 +12,7 @@ module "docker_swarm_stingray" {
  proxmox_vm_storage    = var.proxmox_vm_storage
  proxmox_image_storage = var.proxmox_image_storage

-  cloud_init_file_id = proxmox_virtual_environment_file.common_cloud_init.id
-  cloud_image_id    = proxmox_virtual_environment_file.ubuntu_cloud_image.id
+  cloud_init_file_id   = proxmox_virtual_environment_file.common_cloud_init.id
+  cloud_image_id       = proxmox_virtual_environment_file.ubuntu_cloud_image.id
  ssh_private_key_file = var.ssh_private_key_file
 }
--- a/tf/huts.tf
+++ b/tf/huts.tf
@ -1,18 +1,3 @@
-resource "proxmox_virtual_environment_file" "jumper" {
-  content_type = "snippets"
-  datastore_id = var.proxmox_image_storage
-  node_name    = "pve"
-
-  source_raw {
-    data      = <<EOF
-${local.common_cloud_init}
-
-hostname: jumper
-EOF
-    file_name = "jumper.cloud-config.yaml"
-  }
-}
-
 resource "proxmox_virtual_environment_vm" "jumper_storage_dummy" {
  name        = "jumper-dummy"
  description = "Managed by Terraform"
@ -80,7 +65,7 @@ resource "proxmox_virtual_environment_vm" "jumper" {
    }
    datastore_id = var.proxmox_image_storage

-    user_data_file_id = proxmox_virtual_environment_file.jumper.id
+    user_data_file_id = proxmox_virtual_environment_file.common_cloud_init.id
  }

  dynamic "disk" {
@ -104,7 +89,24 @@ resource "proxmox_virtual_environment_vm" "jumper" {
    type = "l26"
  }

+  connection {
+    type        = "ssh"
+    user        = "ubuntu"
+    private_key = file(var.ssh_private_key_file)
+    host        = split("/", self.initialization[0].ip_config[0].ipv4[0].address)[0]
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "sudo hostnamectl set-hostname ${self.name}",
+      "sudo systemctl restart avahi-daemon",
+    ]
+  }
+
  lifecycle {
+    ignore_changes = [
+      initialization[0].user_data_file_id,
+    ]
  }
 }

--- a/tf/k8s.tf
+++ b/tf/k8s.tf
@ -15,8 +15,8 @@ module "k8s_dolo" {
  proxmox_vm_storage    = var.proxmox_vm_storage
  proxmox_image_storage = var.proxmox_image_storage

-  cloud_init_file_id = proxmox_virtual_environment_file.common_cloud_init.id
-  cloud_image_id     = proxmox_virtual_environment_file.ubuntu_cloud_image.id
+  cloud_init_file_id   = proxmox_virtual_environment_file.common_cloud_init.id
+  cloud_image_id       = proxmox_virtual_environment_file.ubuntu_cloud_image.id
  ssh_private_key_file = var.ssh_private_key_file
 }

@ -36,8 +36,8 @@ module "k8s_folly" {
  proxmox_vm_storage    = var.proxmox_vm_storage
  proxmox_image_storage = var.proxmox_image_storage

-  cloud_init_file_id = proxmox_virtual_environment_file.common_cloud_init.id
-  cloud_image_id     = proxmox_virtual_environment_file.ubuntu_cloud_image.id
+  cloud_init_file_id   = proxmox_virtual_environment_file.common_cloud_init.id
+  cloud_image_id       = proxmox_virtual_environment_file.ubuntu_cloud_image.id
  ssh_private_key_file = var.ssh_private_key_file
 }

--- a/tf/modules/outpost/main.tf
+++ b/tf/modules/outpost/main.tf
@ -0,0 +1,92 @@
+resource "aws_key_pair" "titanium" {
+  key_name   = "titanium"
+  public_key = file(var.ssh_public_key_file)
+}
+
+resource "aws_vpc" "outpost" {
+  # whatever
+  cidr_block = "172.32.0.0/16"
+}
+
+resource "aws_subnet" "outpost" {
+  vpc_id     = aws_vpc.outpost.id
+  cidr_block = cidrsubnet(aws_vpc.outpost.cidr_block, 8, 1)
+  availability_zone = "us-west-2a"
+}
+
+resource "aws_internet_gateway" "outpost" {
+  vpc_id = aws_vpc.outpost.id
+}
+
+resource "aws_security_group" "outpost" {
+  vpc_id = aws_vpc.outpost.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_route_table" "outpost" {
+  vpc_id = aws_vpc.outpost.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.outpost.id
+  }
+}
+
+resource "aws_route_table_association" "outpost_assoc" {
+  subnet_id      = aws_subnet.outpost.id
+  route_table_id = aws_route_table.outpost.id
+}
+
+resource "aws_network_interface" "outpost" {
+  subnet_id = aws_subnet.outpost.id
+  # Required for private_ip_list
+  private_ip_list_enabled = true
+  # private_ips aren't ordered meaning this NIC and its dependent resources may
+  # be re-created upon changing the number of IPs.
+  # private_ip_list, however, _is_ ordered, hence why we use it over private_ips
+  private_ip_list = [
+    for i in range(var.ip_count) : cidrhost(aws_subnet.outpost.cidr_block, i + 32)
+  ]
+  security_groups = [aws_security_group.outpost.id]
+}
+
+resource "aws_instance" "outpost" {
+  ami           = "ami-00c257e12d6828491"
+  instance_type = "t2.micro"
+
+  availability_zone = aws_subnet.outpost.availability_zone
+  key_name      = aws_key_pair.titanium.key_name
+
+  network_interface {
+    network_interface_id = aws_network_interface.outpost.id
+    device_index = 0
+  }
+
+  tags = {
+    Name = "outpost-01"
+  }
+}
+
+resource "aws_eip" "eip" {
+  count = var.ip_count
+}
+
+resource "aws_eip_association" "eip_assoc" {
+  count = var.ip_count
+  network_interface_id = aws_network_interface.outpost.id
+  allocation_id = aws_eip.eip[count.index].id
+  private_ip_address = aws_network_interface.outpost.private_ip_list[count.index]
+}
--- a/tf/modules/outpost/providers.tf
+++ b/tf/modules/outpost/providers.tf
@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    ansible = {
+      source  = "ansible/ansible"
+      version = "1.3.0"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+}
--- a/tf/modules/outpost/variables.tf
+++ b/tf/modules/outpost/variables.tf
@ -0,0 +1,7 @@
+variable "ssh_public_key_file" {
+  type = string
+}
+
+variable "ip_count" {
+  type = number
+}
--- a/tf/outpost.tf
+++ b/tf/outpost.tf
@ -0,0 +1,6 @@
+# module "outpost" {
+  # source = "./modules/outpost"
+
+  # ip_count            = 1
+  # ssh_public_key_file = var.ssh_public_key_file
+# }
--- a/tf/providers.tf
+++ b/tf/providers.tf
@ -16,6 +16,10 @@ terraform {
      source  = "hashicorp/dns"
      version = "3.4.2"
    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
  }

  backend "s3" {
@ -56,3 +60,7 @@ provider "dns" {
    key_secret    = var.technitium_tsig_secret
  }
 }
+
+provider "aws" {
+  region = "us-west-2"
+}
--- a/tf/variables.tf
+++ b/tf/variables.tf
@ -51,7 +51,12 @@ variable "technitium_tsig_secret" {
  sensitive = true
 }

-variable "ssh_private_key_file" {
-  type = string
-  description = "Path to private key file. Make sure this matches the public key defined in the cloud init."
+variable "ssh_public_key_file" {
+  type        = string
+  description = "Path to private key file. Make sure this matches the private key"
+}
+
+variable "ssh_private_key_file" {
+  type        = string
+  description = "Path to private key file. Make sure this matches the public key"
 }
--- a/tf/vars.auto.tfvars
+++ b/tf/vars.auto.tfvars
@ -5,4 +5,5 @@ gateway               = "10.0.0.1"
 username      = "tony"
 ssh_import_id = "gh:tonyd33"

+ssh_public_key_file  = "~/.ssh/id_rsa.pub"
 ssh_private_key_file = "~/.ssh/id_rsa"