Skip to content

Commit e49ebd7

Browse files
dronenbdronenb
committed
WIP
1 parent fd832fb commit e49ebd7

File tree

17 files changed

+427
-50
lines changed

17 files changed

+427
-50
lines changed

.ansible-lint

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,3 +2,5 @@
22
loop_var_prefix: "^(__|{role}_)"
33
var_naming_pattern: "^[a-z_][a-z0-9_]*$"
44
use_default_rules: true
5+
skip_list:
6+
- name[template]

Homelab.code-workspace

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
{
2+
"folders": [
3+
{
4+
"path": "."
5+
},
6+
{
7+
"path": "../ansible-roles"
8+
},
9+
{
10+
"path": "../notes"
11+
}
12+
],
13+
"settings": {}
14+
}

ansible-global/inventory/steam-deck.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,3 +18,4 @@ steamdeck:
1818
flatpaks:
1919
- net.lutris.Lutris
2020
- org.prismlauncher.PrismLauncher
21+
- com.heroicgameslauncher.hgl

bash/bitwarden_env.sh

Lines changed: 31 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,33 @@
11
#!/bin/bash
2-
if [[ -z "$BW_SESSION" ]]; then
3-
BW_SESSION=$(bw unlock --raw)
2+
function bwu() {
3+
BW_SESSION=$(security find-generic-password -a "${USER}" -s BW_SESSION -w)
44
export BW_SESSION
5-
fi
5+
BW_STATUS=$(bw status | jq -r .status)
6+
case "$BW_STATUS" in
7+
"unauthenticated")
8+
echo "Logging into BitWarden"
9+
unset BW_SESSION
10+
BW_SESSION=$(bw login --raw)
11+
security add-generic-password -U -a "${USER}" -s BW_SESSION -w "${BW_SESSION}"
12+
;;
13+
"locked")
14+
echo "Unlocking Vault"
15+
unset BW_SESSION
16+
BW_SESSION=$(bw unlock --raw)
17+
security add-generic-password -U -a "${USER}" -s BW_SESSION -w "${BW_SESSION}"
18+
;;
19+
"unlocked")
20+
echo "Vault is unlocked"
21+
;;
22+
*)
23+
echo "Unknown Login Status: ${BW_STATUS}"
24+
return 1
25+
;;
26+
esac
27+
export BW_SESSION
28+
bw sync
29+
}
30+
bwu
31+
BW_EMAIL=$(bw status | jq -r '.userEmail')
32+
BITWARDENCLI_APPDATA_DIR="${HOME}/.bitwarden"
33+
export BW_EMAIL BITWARDENCLI_APPDATA_DIR

cloud/gcp/terraform/backend.tf

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
terraform {
2+
backend "gcs" {
3+
bucket = "homelab-state"
4+
prefix = "terraform/gcp/state"
5+
}
6+
}

kubernetes/cluster-bootstrap/k3s/ansible/k3s-server.yaml

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
---
2+
3+
- name: Perform SSH keyscan on new k3s servers
4+
serial: 1
5+
any_errors_fatal: true
6+
hosts: localhost
7+
gather_facts: false
8+
vars:
9+
ansible_connection: local
10+
tasks:
11+
- name: "SSH keyscan host {{ hostvars[item]['ansible_host'] }}"
12+
loop: "{{ groups['k3s_server'] }}"
13+
ansible.builtin.include_tasks: keyscan.yml
14+
15+
- name: Install k3s
16+
hosts: k3s_server
17+
vars:
18+
apt_packages:
19+
- qemu-guest-agent
20+
roles:
21+
- role: dronenb.debian
22+
- role: dronenb.k3s_server
23+
# - role: ansible-role-k3s-server # For testing

kubernetes/cluster-bootstrap/k3s/ansible/keyscan.yml

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
---
2+
- name: Wait for {{ item }} to come up and be available via SSH
3+
ansible.builtin.wait_for:
4+
host: "{{ hostvars[item]['ansible_host'] }}"
5+
port: 22
6+
connect_timeout: 5
7+
sleep: 3
8+
9+
- name: "Scan keys for {{ item }}"
10+
ansible.builtin.command:
11+
cmd: "ssh-keyscan {{ hostvars[item]['ansible_host'] }}"
12+
changed_when: false
13+
register: keyscan_output
14+
15+
- name: "Add keys for {{ item }} to known_hosts"
16+
loop: "{{ keyscan_output.stdout_lines }}"
17+
loop_control:
18+
loop_var: line
19+
ansible.builtin.lineinfile:
20+
dest: ~/.ssh/known_hosts
21+
create: true
22+
state: present
23+
line: "{{ line }}"
24+
mode: "600"

kubernetes/cluster-bootstrap/k3s/ansible/requirements.yaml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,7 @@
11
---
22
collections:
33
- name: cloud.terraform
4+
- name: community.general
5+
roles:
6+
- name: dronenb.k3s_server
7+
- name: dronenb.debian

kubernetes/cluster-bootstrap/k3s/bootstrap.sh

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -3,10 +3,12 @@ set -e
33
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
44
# shellcheck disable=SC1091
55
source "${SCRIPT_DIR}/env.sh"
6-
cd terraform || exit 1
7-
terraform plan -var-file="vars.tfvars" -out /tmp/tf.plan
8-
terraform show -json /tmp/tf.plan > /tmp/tf.json
9-
checkov -f /tmp/tf.json
6+
pushd terraform || exit 1
7+
terraform plan -out /tmp/tf.plan
108
terraform apply /tmp/tf.plan
11-
cd "$HOME/workspace/Homelab/ansible-global" || exit 1
12-
ansible-inventory -i inventory/ --graph --vars
9+
popd || exit 1
10+
pushd ansible || exit 1
11+
local_ansible_dir="${PWD}"
12+
pushd "${SCRIPT_DIR}/../../../ansible-global" || exit 1
13+
ansible-galaxy install --force -r "${local_ansible_dir}/requirements.yaml"
14+
ansible-playbook "${local_ansible_dir}/k3s-server.yaml"

kubernetes/cluster-bootstrap/k3s/env.sh

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,4 @@
11
#!/bin/bash
22
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
33
# shellcheck disable=SC1091
4-
source "${SCRIPT_DIR}/../../../bash/proxmox_env.sh"
5-
cloudinit_entry=$(bw get item cloudinit_creds)
6-
TF_VAR_cloudinit_username=$(echo "$cloudinit_entry" | jq -r '.login.username'); export TF_VAR_cloudinit_username
7-
TF_VAR_cloudinit_password=$(echo "$cloudinit_entry" | jq -r '.login.password'); export TF_VAR_cloudinit_password
4+
source "${SCRIPT_DIR}/../../../bash/bitwarden_env.sh"

0 commit comments

Comments
 (0)