vhaudiquet/homeprod
1
0
Fork 0
mirror of https://github.com/vhaudiquet/homeprod.git synced 2026-05-30 12:38:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

infra/pve: remove pve, bye!

Browse Source 
p330 server fully empty and gone, only r740 remains :)
This commit is contained in:
Valentin Haudiquet
2026-05-27 00:25:07 +02:00
parent 4f1e69cd05
commit a2ba97109b
6 changed files with 0 additions and 656 deletions
Download Patch File Download Diff File Expand all files Collapse all files
infra/pve/docker.tf
-137
View File
@@ -1,137 +0,0 @@
/*
* Docker machine terraform file
*/
resource "proxmox_virtual_environment_download_file" "debian-latest-cloudimg" {
content_type = "iso"
datastore_id = "local"
file_name = "debian-12-generic-amd64.qcow2.img"
node_name = "pve"
url = "https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-generic-amd64.qcow2"
}
resource "proxmox_virtual_environment_file" "docker-machine-cloud-config" {
content_type = "snippets"
datastore_id = "local"
node_name = "pve"
source_raw {
data = <<-EOF
#cloud-config
package_update: true
packages:
- git
- ca-certificates
- wget
- curl
- gnupg2
- qemu-guest-agent
- nfs-common
runcmd:
- systemctl enable --now qemu-guest-agent
- install -m 0755 -d /etc/apt/keyrings
- curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
- chmod a+r /etc/apt/keyrings/docker.asc
- echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
- apt-get update
- apt-get -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
- docker swarm init
- git clone https://github.com/vhaudiquet/homeprod /root/homeprod
- mkdir /app
- echo "truenas.lan:/mnt/fast_app_data/docker-homeprod /app nfs defaults,_netdev 0 0" >>/etc/fstab
- mount -t nfs truenas.lan:/mnt/fast_app_data/docker-homeprod /app
- echo "${var.sops_private_key}" | gpg --import
EOF
file_name = "docker-machine-cloud-config.yaml"
}
}
resource "proxmox_virtual_environment_vm" "docker-machine" {
name = "docker-machine"
node_name = "pve"
on_boot = true
agent {
enabled = true
}
tags = ["debian", "debian-latest", "docker", "terraform"]
cpu {
type = "host"
cores = 4
sockets = 1
flags = []
}
memory {
dedicated = 16192
}
network_device {
bridge = "vmbr0"
model = "virtio"
vlan_id = 2
}
lifecycle {
ignore_changes = [
network_interface_names,
mac_addresses,
ipv4_addresses,
ipv6_addresses,
id,
disk,
initialization,
vga
]
}
boot_order = ["scsi0"]
scsi_hardware = "virtio-scsi-single"
vga {
type = "serial0"
}
disk {
interface = "scsi0"
iothread = true
datastore_id = "local-lvm"
size = 128
discard = "ignore"
file_id = proxmox_virtual_environment_download_file.debian-latest-cloudimg.id
}
vm_id = 701
initialization {
datastore_id = "local-lvm"
interface = "ide2"
ip_config {
ipv4 {
address = "10.1.2.175/24"
gateway = "10.1.2.1"
}
}
user_account {
keys = [trimspace(var.ssh_public_key)]
password = var.machine_root_password
username = "root"
}
vendor_data_file_id = proxmox_virtual_environment_file.docker-machine-cloud-config.id
}
operating_system {
type = "l26"
}
tpm_state {
version = "v2.0"
}
serial_device {}
}
infra/pve/docker/main.tf
-39
View File
@@ -1,39 +0,0 @@
terraform {
required_providers {
docker = {
source = "kreuzwerker/docker"
version = "3.6.2"
}
}
}
# Docker configuration
provider "docker" {
host = "ssh://root@docker-machine.lan"
}
resource "docker_image" "swarm-cd" {
name = "ghcr.io/m-adawi/swarm-cd:latest"
}
resource "docker_container" "swarm-cd" {
name = "swarm-cd"
image = docker_image.swarm-cd.image_id
volumes {
host_path = "/var/run/docker.sock"
container_path = "/var/run/docker.sock"
read_only = true
}
volumes {
host_path = "/root/homeprod/.swarmcd/repos.yaml"
container_path = "/app/repos.yaml"
read_only = true
}
volumes {
host_path = "/root/homeprod/.swarmcd/stacks.yaml"
container_path = "/app/stacks.yaml"
read_only = true
}
depends_on = [ docker_image.swarm-cd ]
}
infra/pve/kube.tf
-381
View File
@@ -1,381 +0,0 @@
/*
* Kubernetes cluster terraform file
*/
resource "proxmox_virtual_environment_download_file" "talos-cloudimg" {
content_type = "iso"
datastore_id = "local"
file_name = "talos-v1.11.1-nocloud-amd64.iso"
node_name = "pve"
url = "https://factory.talos.dev/image/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515/v1.11.1/nocloud-amd64.iso"
}
resource "proxmox_virtual_environment_vm" "kube" {
name = "kube-talos"
description = "Kubernetes Talos Linux"
tags = ["kubernetes", "talos", "terraform"]
node_name = "pve"
vm_id = 703
machine = "q35"
keyboard_layout = "fr"
agent {
enabled = true
}
stop_on_destroy = true
cpu {
cores = 4
type = "x86-64-v3"
}
memory {
dedicated = 16192
floating = 16192
}
boot_order = ["scsi0", "ide0"]
scsi_hardware = "virtio-scsi-single"
cdrom {
file_id = proxmox_virtual_environment_download_file.talos-cloudimg.id
interface = "ide0"
}
disk {
interface = "scsi0"
iothread = true
datastore_id = "local-lvm"
size = 128
discard = "ignore"
file_format = "raw"
}
vga {
type = "serial0"
}
initialization {
datastore_id = "local-lvm"
interface = "ide2"
ip_config {
ipv4 {
address = "10.1.2.187/24"
gateway = "10.1.2.1"
}
}
user_account {
keys = [trimspace(var.ssh_public_key)]
password = var.machine_root_password
username = "root"
}
}
lifecycle {
ignore_changes = [
ipv4_addresses, ipv6_addresses, network_interface_names
]
}
network_device {
bridge = "vmbr0"
model = "virtio"
vlan_id = 2
}
operating_system {
type = "l26"
}
tpm_state {
version = "v2.0"
}
serial_device {}
}
resource "talos_machine_secrets" "kube" {}
data "talos_machine_configuration" "kube" {
cluster_name = "kube"
machine_type = "controlplane"
cluster_endpoint = "https://kube-talos.lan:6443"
machine_secrets = talos_machine_secrets.kube.machine_secrets
config_patches = [
yamlencode({
machine = {
install = {
image = "factory.talos.dev/installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.11.1"
}
network = {
nameservers = [
"10.1.2.3"
]
}
}
cluster = {
allowSchedulingOnControlPlanes = true
apiServer = {
certSANs = [
"kube-talos.lan"
]
}
network = {
dnsDomain = "kube-talos.lan"
cni = {
name: "none"
}
}
proxy = {
disabled = true
}
}
})
]
}
data "talos_client_configuration" "kube" {
cluster_name = "kube"
client_configuration = talos_machine_secrets.kube.client_configuration
nodes = ["kube-talos"]
}
resource "talos_machine_configuration_apply" "kube" {
client_configuration = talos_machine_secrets.kube.client_configuration
machine_configuration_input = data.talos_machine_configuration.kube.machine_configuration
node = "10.1.2.187" #proxmox_virtual_environment_vm.kube.ipv4_addresses[7][0] # lo + 6 talos-created interfaces before eth0
depends_on = [ proxmox_virtual_environment_vm.kube ]
lifecycle {
replace_triggered_by = [ proxmox_virtual_environment_vm.kube ]
}
}
resource "talos_machine_bootstrap" "kube" {
node = "10.1.2.187" #proxmox_virtual_environment_vm.kube.ipv4_addresses[7][0] # lo + 6 talos-created interfaces before eth0
client_configuration = talos_machine_secrets.kube.client_configuration
depends_on = [ talos_machine_configuration_apply.kube ]
lifecycle {
replace_triggered_by = [ proxmox_virtual_environment_vm.kube ]
}
}
resource "talos_cluster_kubeconfig" "kube" {
node = proxmox_virtual_environment_vm.kube.ipv4_addresses[7][0] # lo + 6 talos-created interfaces before eth0
depends_on = [ talos_machine_bootstrap.kube ]
client_configuration = talos_machine_secrets.kube.client_configuration
}
output "kubeconfig" {
sensitive = true
value = talos_cluster_kubeconfig.kube.kubeconfig_raw
}
resource "local_file" "kubeconfig" {
content = "${talos_cluster_kubeconfig.kube.kubeconfig_raw}"
filename = "${path.module}/kubeconfig"
depends_on = [ talos_cluster_kubeconfig.kube ]
}
data "talos_client_configuration" "talosconfig" {
cluster_name = "homeprod"
client_configuration = talos_machine_secrets.kube.client_configuration
nodes = [proxmox_virtual_environment_vm.kube.ipv4_addresses[7][0]]
}
resource "local_file" "talosconfig" {
content = "${data.talos_client_configuration.talosconfig.talos_config}"
filename = "${path.module}/talosconfig"
depends_on = [ data.talos_client_configuration.talosconfig ]
}
# TODO : Wait for talos_cluster_kubeconfig...
resource "helm_release" "cilium" {
name = "cilium"
namespace = "kube-system"
repository = "https://helm.cilium.io/"
chart = "cilium"
wait = false
depends_on = [ local_file.kubeconfig ]
set {
name = "ipam.mode"
value = "kubernetes"
}
set {
name = "kubeProxyReplacement"
value = true
}
set {
name = "securityContext.capabilities.ciliumAgent"
value = "{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}"
}
set {
name = "securityContext.capabilities.cleanCiliumState"
value = "{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}"
}
set {
name = "cgroup.autoMount.enabled"
value = false
}
set {
name = "cgroup.hostRoot"
value = "/sys/fs/cgroup"
}
set {
name = "k8sServiceHost"
value = "localhost"
}
set {
name = "k8sServicePort"
value = 7445
}
set {
name = "etcd.clusterDomain"
value = "kube-talos.lan"
}
set {
name = "hubble.relay.enabled"
value = true
}
# Enable hubble ui
set {
name = "hubble.ui.enabled"
value = true
}
# Gateway API support
set {
name = "gatewayAPI.enabled"
value = true
}
set {
name = "gatewayAPI.enableAlpn"
value = true
}
set {
name = "gatewayAPI.enableAppProtocol"
value = true
}
# Gateway API trusted hops : for reverse proxy
set {
name = "gatewayAPI.xffNumTrustedHops"
value = 1
}
# Single-node cluster, so 1 operator only
set {
name = "operator.replicas"
value = 1
}
# L2 announcements
set {
name = "l2announcements.enabled"
value = true
}
set {
name = "externalIPs.enabled"
value = true
}
# Disable ingress controller (traefik will be used for now)
set {
name = "ingressController.enabled"
value = false
}
set {
name = "ingressController.loadbalancerMode"
value = "shared"
}
# Ingress controller for external : behind reverse proxy, trust 1 hop
set {
name = "envoy.xffNumTrustedHopsL7PolicyIngress"
value = 1
}
# Set cilium as default ingress controller
set {
name = "ingressController.default"
value = true
}
set {
name = "ingressController.service.externalTrafficPolicy"
value = "Local"
}
}
resource "kubernetes_namespace" "flux-system" {
metadata {
name = "flux-system"
}
lifecycle {
ignore_changes = [ metadata[0].annotations, metadata[0].labels ]
}
depends_on = [ talos_cluster_kubeconfig.kube, local_file.kubeconfig, helm_release.cilium ]
}
resource "kubernetes_secret" "flux-sops" {
metadata {
name = "flux-sops"
namespace = "flux-system"
}
type = "generic"
data = {
"sops.asc"=var.sops_private_key
}
depends_on = [ kubernetes_namespace.flux-system ]
}
resource "helm_release" "flux-operator" {
name = "flux-operator"
namespace = "flux-system"
repository = "oci://ghcr.io/controlplaneio-fluxcd/charts"
chart = "flux-operator"
wait = true
depends_on = [ kubernetes_secret.flux-sops ]
}
resource "helm_release" "flux-instance" {
name = "flux"
namespace = "flux-system"
repository = "oci://ghcr.io/controlplaneio-fluxcd/charts"
chart = "flux-instance"
values = [
file("values/components.yaml")
]
set {
name = "instance.distribution.version"
value = "2.x"
}
set {
name = "instance.distribution.registry"
value = "ghcr.io/fluxcd"
}
set {
name = "instance.sync.name"
value = "homeprod"
}
set {
name = "instance.sync.kind"
value = "GitRepository"
}
set {
name = "instance.sync.url"
value = "https://github.com/vhaudiquet/homeprod"
}
set {
name = "instance.sync.path"
value = "kubernetes/"
}
set {
name = "instance.sync.ref"
value = "refs/heads/main"
}
depends_on = [ helm_release.flux-operator ]
}
infra/pve/main.tf
-46
View File
@@ -1,46 +0,0 @@
# Terraform providers configuration
terraform {
required_providers {
proxmox = {
source = "bpg/proxmox"
version = "0.83.2"
}
talos = {
source = "siderolabs/talos"
version = "0.9.0"
}
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.38.0"
}
helm = {
source = "hashicorp/helm"
version = "2.17.0"
}
}
}
# Proxmox configuration
provider "proxmox" {
endpoint = "https://pve.lan:8006/"
api_token = var.api_token
insecure = true
ssh {
agent = true
username = "root"
}
}
# Talos configuration
provider "talos" {}
# Kubernetes configuration
provider "kubernetes" {
config_path = "${path.module}/kubeconfig"
}
# Helm configuration
provider "helm" {
kubernetes {
config_path = "${path.module}/kubeconfig"
}
}
infra/pve/values/components.yaml
-34
View File
@@ -1,34 +0,0 @@
instance:
components:
- source-controller
- kustomize-controller
- helm-controller
- notification-controller
- image-reflector-controller
- image-automation-controller
cluster:
type: kubernetes
multitenant: false
networkPolicy: true
domain: "kube-talos.lan"
kustomize:
patches:
- target:
kind: Deployment
name: "(kustomize-controller|helm-controller)"
patch: |
- op: add
path: /spec/template/spec/containers/0/args/-
value: --concurrent=10
- op: add
path: /spec/template/spec/containers/0/args/-
value: --requeue-dependency=10s
- patch: |
- op: add
path: /spec/decryption
value:
provider: sops
secretRef:
name: flux-sops
target:
kind: Kustomization
infra/pve/variables.tf
-19
View File
@@ -1,19 +0,0 @@
variable "api_token" {
description = "Token to connect Proxmox API"
type = string
}
variable "machine_root_password" {
description = "Root password for VMs and containers"
type = string
}
variable "ssh_public_key" {
description = "Public SSH key authorized access for VMs and containers"
type = string
}
variable "sops_private_key" {
description = "Private SOPS GPG key for flux/kubernetes to decrypt secrets"
type = string
}