From 3e07d115c02191d060d3e2e839a1a91e0d1f7b27 Mon Sep 17 00:00:00 2001 From: Max Date: Mon, 22 Dec 2025 11:16:19 -0500 Subject: [PATCH] feat: stuff --- .gitignore | 4 +++- .vscode/settings.json | 3 +++ Taskfile.yml | 11 ++++++++++ ansible.cfg | 13 ++++++++++++ playbooks/provision.yml | 39 +++++++++++++++++++++++++++++++++++ terraform/.terraform.lock.hcl | 23 +++++++++++++++++++++ terraform/main.tf | 15 -------------- terraform/outputs.tf | 3 +++ terraform/variables.tf | 10 +-------- vault.yml | 23 +++++++++++++++++++++ 10 files changed, 119 insertions(+), 25 deletions(-) create mode 100644 .vscode/settings.json create mode 100644 Taskfile.yml create mode 100644 ansible.cfg create mode 100644 playbooks/provision.yml create mode 100644 terraform/.terraform.lock.hcl delete mode 100644 terraform/main.tf create mode 100644 terraform/outputs.tf create mode 100644 vault.yml diff --git a/.gitignore b/.gitignore index 22b3791..8afa82f 100644 --- a/.gitignore +++ b/.gitignore @@ -258,4 +258,6 @@ override.tf.json .terraformrc terraform.rc -*.key \ No newline at end of file +*.key +secrets/ +.ansible \ No newline at end of file diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..4733205 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,3 @@ +{ + "ansible.python.interpreterPath": "/Users/max/Documents/GitHub/kubernetes-the-hard-way/.venv/bin/python" +} \ No newline at end of file diff --git a/Taskfile.yml b/Taskfile.yml new file mode 100644 index 0000000..9867d9b --- /dev/null +++ b/Taskfile.yml @@ -0,0 +1,11 @@ +version: 3 + +tasks: + vault: ansible-vault edit vault.yml {{.CLI_ARGS}} + tf:apply: ansible-playbook playbooks/provision.yml {{.CLI_ARGS}} + + enter: + cmd: ssh -i {{.KEY}} -p 2222 root@{{.IP}} + vars: + KEY: { sh: ansible-vault view vault.yml | yq -r ".secret.private_ssh_key_path" } + IP: { sh: cat dist/terraform_outputs.yml | jq -r ".server_ip.value" } \ No newline at end of file diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..63c126b --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,13 @@ +[defaults] +callbacks_enabled = profile_tasks +localhost_warning = False +vault_password_file = vault.key +interpreter_python = /usr/bin/python3.11 + +[inventory] +inventory_unparsed_warning = False + +[ssh_connection] +ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes -o IdentityAgent=none +pipelining = True +retries = 2 \ No newline at end of file diff --git a/playbooks/provision.yml b/playbooks/provision.yml new file mode 100644 index 0000000..d490811 --- /dev/null +++ b/playbooks/provision.yml @@ -0,0 +1,39 @@ +- name: Deploy terraform infrastructure. + hosts: localhost + gather_facts: false + vars_files: + - ../vault.yml + tasks: + - name: Reconfigure and plan. + community.general.terraform: + project_path: '../terraform' + state: "planned" + plan_file: plan.out + init_reconfigure: true + force_init: true + backend_config: "{{ terraform.backend }}" + variables: "{{ terraform.variables }}" + complex_vars: true + + - name: Apply. + community.general.terraform: + project_path: '../terraform' + state: "present" + plan_file: plan.out + backend_config: "{{ terraform.backend }}" + variables: "{{ terraform.variables }}" + complex_vars: true + register: terraform_apply + + - name: Create secret directory. + ansible.builtin.file: + path: ../secrets + recurse: true + mode: "0755" + state: directory + + - name: Send outputs to file. + ansible.builtin.copy: + content: "{{ terraform_apply.outputs }}" + dest: ../secrets/terraform_outputs.yml + mode: '0755' diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl new file mode 100644 index 0000000..babc7c8 --- /dev/null +++ b/terraform/.terraform.lock.hcl @@ -0,0 +1,23 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hetznercloud/hcloud" { + version = "1.57.0" + constraints = "~> 1.45" + hashes = [ + "h1:xpAcuja19Ts7bCpmULKdBw4dEBJhF/eL6AjM4xDBEAI=", + "zh:016ecc39328f34f6c0ffa413598f354824f7878c89cd031f123edb4bc8a687a2", + "zh:10b362dc0847200c987214b129b5f85e2f7d8ad417261a1d2dd04ab74de15603", + "zh:194647d9a61dca4f411f44580316b88a11095d7a99679d445f9b0f2c1ba976c4", + "zh:1d8aafe2ce7890696385bb3a0c3286e7ee3020416d337f59935406e4c6f91de6", + "zh:594585616210fb232fad4ebda2387ecd3f483931e00eff988fca83add6ce7cfc", + "zh:65e50be33ffb85580546f119839e1293591cc6d4db729d809931d0408b6ae408", + "zh:7d4ed5bd8c477ec304142e2160203a76a0d09c93d224950bda253172b2571038", + "zh:90a70a70a266b78c8216903e711904e6969b3957d182602b5d788602ec9ef323", + "zh:abb8e28e96fb8de270995873de980896b7cb53cfc550f02c50eaa42884624ba9", + "zh:bbf34dca2de6e105ca7204222162a0402d8e9e9a28e1de5ffbaa2c0d6270a059", + "zh:c1a9edb693d632dcb5c3c9ee84c97138e08eadb9354e28592efd581f68ac0385", + "zh:dadbf1368fae314fe8dcb99ebefbc78409f3fc0e3808cd92ea573b8eee1cae98", + "zh:e713e00ca27348abd18da2eeff861905e84050e3e7e008f14a0c63c70ab2ff84", + ] +} diff --git a/terraform/main.tf b/terraform/main.tf deleted file mode 100644 index fd66b3c..0000000 --- a/terraform/main.tf +++ /dev/null @@ -1,15 +0,0 @@ -resource "hcloud_ssh_key" "main" { - name = "my-ssh-key" - public_key = file("~/.ssh/id_ed25519.pub") -} - -resource "hcloud_server" "jumphost" { - for_each = local.boxes - name = each.key.name - image = "debian-12" - server_type = "cx23" - public_net { - ipv4_enabled = true - ipv6_enabled = true - } -} \ No newline at end of file diff --git a/terraform/outputs.tf b/terraform/outputs.tf new file mode 100644 index 0000000..c31f552 --- /dev/null +++ b/terraform/outputs.tf @@ -0,0 +1,3 @@ +output "name" { + +} \ No newline at end of file diff --git a/terraform/variables.tf b/terraform/variables.tf index 2b078b9..8ccfe9a 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -1,12 +1,4 @@ variable "hcloud_token" { sensitive = true -} - -locals { - boxes = [ - { - name = "jumpbox" - type = "cx23" - } - ] + type = string } \ No newline at end of file diff --git a/vault.yml b/vault.yml new file mode 100644 index 0000000..2012243 --- /dev/null +++ b/vault.yml @@ -0,0 +1,23 @@ +$ANSIBLE_VAULT;1.1;AES256 +39383731646434386366666562363064623636656265366534316534363937353235663633613435 +3363323436346331643664313733396433343638306337660a366538623863656235383331613062 +37366565373161313237333066353235663932326332646230616665623863633266633038313462 +3862646439663163620a303766653136323934636566396362653533643865643461623462623732 +63313364383164386365333635636531343532663632646430656561363037303734613766313336 +61653562656530303134336231323834653062306634633463306438636635373238646137393164 +35303934633239386630346337396665303434663361376563613162393039323362613335353734 +32613231346530353435373733633863373930626466366234396636313363653766666363613336 +32313638393931306330656433356537363633393836373437363934613533396462303939643766 +62666636353032386136303036336233366534313630666436616534666130396534396261343032 +39326236326235386666343433316166663033616365383333333634383664356234343263313066 +65316161633863313235323136623861303439663863343935343064656365646438633038663761 +39636365333033313237653563323832623332333535373764633233333637333033643230366162 +38613066373730363466363963313331616131323138653334326632393239633436336461393530 +66356637323135386233323564633037633832613631373532616236646537653238613631336636 +33653437663936343039313465663465346664343962666466373362666232356237303038323164 +30333139373562316438366266653330306566313439613338363762383732646630393330623736 +33323734373638636165346531366662323562666334613562316331656562333264303534343030 +39616233323861363763663531333630613436343137386432383234376333326335363832356535 +61333939326230613064363136316232323233616465666337333133303366346639613765336362 +65353362613765376131363364616436383435373038306339663534313035353830613262613032 +3430323661613733343033663930666639626162306231626433