feat: remove ansible/

2025-06-06 14:25:14 +02:00 · 2025-06-06 14:25:14 +02:00 · 23ca6eb433
commit 23ca6eb433
parent d84e66353b
29 changed files with 21 additions and 568 deletions
--- a/ansible/ansible.cfg
+++ b/ansible/ansible.cfg
@ -1,3 +0,0 @@
 [defaults]
 inventory = inventory
 host_key_checking = False
--- a/ansible/inventory
+++ b/ansible/inventory
@ -1,26 +0,0 @@
 [nextclouds]
 cloud.fuku
 [nextclouds:vars]
 ansible_user=root
 [k3s_masters]
 master1.ramiel.fuku
 master2.ramiel.fuku
 master3.ramiel.fuku
 [k3s_agents]
 agent1.zeruel.fuku
 sandalphon.fuku
 [k3s_masters:vars]
 ansible_user=ci
 [k3s_agents:vars]
 ansible_user=ci
 [giteas]
 gitea.fuku
 [giteas:vars]
 ansible_user=root
--- a/ansible/k3s/playbooks/base.yml
+++ b/ansible/k3s/playbooks/base.yml
@ -1,9 +0,0 @@
 ---
 - name: Apply base configuration
  hosts:
      - k3s_agents
      - k3s_masters
  roles:
      - role: ../roles/base
        become: true
--- a/ansible/k3s/playbooks/k3s.yml
+++ b/ansible/k3s/playbooks/k3s.yml
@ -1,13 +0,0 @@
 ---
 - name: Install k3s nodes
  hosts:
      - k3s_masters
      - k3s_agents
  roles:
      - role: ../roles/k3s
        become: true
        vars:
            first_master_hostname: "{{ groups['k3s_masters'][0] }}"
            is_first_master: "{{ inventory_hostname in groups['k3s_masters'][0] }}"
            short_hostname: "{{ inventory_hostname.split('.')[0] }}"
--- a/ansible/k3s/roles/base/tasks/main.yml
+++ b/ansible/k3s/roles/base/tasks/main.yml
@ -1,36 +0,0 @@
 ---
 - name: Set same timezone on every Server
  community.general.timezone:
      name: '{{ system_timezone }}'
  when: (system_timezone is defined) and (system_timezone != "Europe/Madrid")
 - name: Enable IPv4 forwarding
  ansible.posix.sysctl:
      name: net.ipv4.ip_forward
      value: '1'
      state: present
      reload: true
 - name: Enable IPv6 forwarding
  ansible.posix.sysctl:
      name: net.ipv6.conf.all.forwarding
      value: '1'
      state: present
      reload: true
 - name: Enable IPv6 router advertisements
  ansible.posix.sysctl:
      name: net.ipv6.conf.all.accept_ra
      value: '2'
      state: present
      reload: true
 - import_tasks: packages.yml
  name: Install base packages
  tags:
      - packages
 - import_tasks: mounts.yml
  name: Mount NFS shares
  tags:
      - nfs
--- a/ansible/k3s/roles/base/tasks/mounts.yml
+++ b/ansible/k3s/roles/base/tasks/mounts.yml
@ -1,19 +0,0 @@
 ---
 - name: Create mountpoint directory
  file:
      path: /nfs/nas1
      state: directory
      owner: 10000
      group: 10000
 - name: Mount nas1 share
  mount:
      fstype: nfs
      src: zeruel.fuku:/mnt/pool1/nas1
      path: /nfs/nas1
      state: mounted
      fstab: /etc/fstab
      opts: _netdev,nofail,tcp,bg,retrans=2,timeo=150,rsize=32768,wsize=32768,noresvport
      backup: true
  become: true
  become_user: root
--- a/ansible/k3s/roles/base/tasks/packages.yml
+++ b/ansible/k3s/roles/base/tasks/packages.yml
@ -1,18 +0,0 @@
 ---
 - name: Install base packages
  apt:
      name: '{{ item }}'
      state: present
      update_cache: true
  loop:
      - qemu-guest-agent
      - git
      - tmux
      - vim
      - curl
      - nfs-common
 - name: Update all packages
  apt:
      upgrade: dist
      update_cache: true
--- a/ansible/k3s/roles/k3s/tasks/agent.yml
+++ b/ansible/k3s/roles/k3s/tasks/agent.yml
@ -1,17 +0,0 @@
 ---
 - name: Create rancher folder
  file:
      state: directory
      path: /etc/rancher/k3s
      owner: root
      group: root
      mode: 755
 - name: Copy k3s config file
  template:
      src: agent.config.yaml.j2
      dest: /etc/rancher/k3s/config.yaml
      mode: 600
 - name: Install k3s agent
  shell: bash /tmp/k3s.install.sh agent
--- a/ansible/k3s/roles/k3s/tasks/copy-kubeconfig.yml
+++ b/ansible/k3s/roles/k3s/tasks/copy-kubeconfig.yml
@ -1,19 +0,0 @@
 ---
 - name: Create .kube directory
  become: true
  file:
      path: /home/ci/.kube
      state: directory
      mode: '0755'
      owner: ci
      group: ci
 - name: Copy kubeconfig
  copy:
      remote_src: true
      src: /etc/rancher/k3s/k3s.yaml
      dest: /home/ci/.kube/config
      mode: 0644
      owner: ci
      group: ci
  become: true
--- a/ansible/k3s/roles/k3s/tasks/download.yml
+++ b/ansible/k3s/roles/k3s/tasks/download.yml
@ -1,5 +0,0 @@
 ---
 - name: Download k3s script
  get_url:
      url: https://get.k3s.io
      dest: /tmp/k3s.install.sh
--- a/ansible/k3s/roles/k3s/tasks/main.yml
+++ b/ansible/k3s/roles/k3s/tasks/main.yml
@ -1,15 +0,0 @@
 ---
 - import_tasks: download.yml
  name: Download install script
 - import_tasks: master.yml
  name: Install master node
  when: inventory_hostname in groups["k3s_masters"]
 - import_tasks: agent.yml
  name: Install agent node
  when: inventory_hostname in groups["k3s_agents"]
 - import_tasks: copy-kubeconfig.yml
  name: Copy kubeconfig
  when: inventory_hostname in groups["k3s_masters"] and is_first_master
--- a/ansible/k3s/roles/k3s/tasks/master.yml
+++ b/ansible/k3s/roles/k3s/tasks/master.yml
@ -1,19 +0,0 @@
 ---
 - name: Create rancher folder
  file:
      state: directory
      path: /etc/rancher/k3s
      owner: root
      group: root
      mode: 755
 - name: Copy k3s config file
  template:
      src: master.config.yaml.j2
      dest: /etc/rancher/k3s/config.yaml
      mode: 600
  vars:
      etcd_snapshot_dir: /nfs/nas1/backups/{{ short_hostname }}
 - name: Install k3s master
  command: bash /tmp/k3s.install.sh
--- a/ansible/k3s/roles/k3s/templates/agent.config.yaml.j2
+++ b/ansible/k3s/roles/k3s/templates/agent.config.yaml.j2
@ -1,2 +0,0 @@
 token: {{ cluster_token }}
 server: https://{{ tls_san }}:6443
--- a/ansible/k3s/roles/k3s/templates/master.config.yaml.j2
+++ b/ansible/k3s/roles/k3s/templates/master.config.yaml.j2
@ -1,12 +0,0 @@
 tls-san:
  - {{ inventory_hostname }}
  - {{ tls_san }}
 node-label:
  - name={{ inventory_hostname }}
 token: "{{ cluster_token }}"
 etcd-snapshot-dir: {{ etcd_snapshot_dir }}
 {% if is_first_master %}
 cluster-init: "{{ is_first_master }}"
 {% else %}
 server: https://{{ first_master_hostname }}:6443
 {% endif %}
--- a/ansible/k3s/roles/k3s/vars/main.yml
+++ b/ansible/k3s/roles/k3s/vars/main.yml
@ -1,4 +0,0 @@
 ---
 k3s_version: v1.27.4+k3s1
 tls_san: "{{ lookup('env', 'ANSIBLE_TLS_SAN') | mandatory }}"
 cluster_token: "{{ lookup('env', 'ANSIBLE_CLUSTER_TOKEN') | mandatory }}"
--- a/ansible/k3s/sample.env
+++ b/ansible/k3s/sample.env
@ -1,2 +0,0 @@
 ANSIBLE_K3S_CLUSTER_TOKEN=
 ANSIBLE_K3S_TLS_SAN=
--- a/ansible/nextcloud/role-promtail.yml
+++ b/ansible/nextcloud/role-promtail.yml
@ -1,27 +0,0 @@
 ---
 - name: Install promtail
  hosts:
      - nextclouds
  roles:
      - role: patrickjahns.promtail
        vars:
            promtail_version: 2.9.4
            promtail_config_clients:
                - url: https://loki.fuku/loki/api/v1/push
                  basic_auth:
                      username: cloud
                      password: "{{ lookup('env', 'NEXTCLOUD_PROMTAIL_PASSWORD') | mandatory }}"
                  tls_config:
                      insecure_skip_verify: true
            promtail_config_scrape_configs:
                - job_name: system
                  static_configs:
                      - targets:
                            - localhost
                        labels:
                            nextcloud: cloud.fukurokuju.dev
                            __path__: /mnt/share/data/cloud/data/{nextcloud,audit}.log
            promtail_config_limits_config:
                readline_rate_enabled: true
                readline_rate_drop: true
--- a/ansible/nextcloud/sample.env
+++ b/ansible/nextcloud/sample.env
@ -1 +0,0 @@
 NEXTCLOUD_PROMTAIL_PASSWORD=superdupersecure
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@ -1,3 +0,0 @@
 ---
 - name: patrickjahns.promtail
  version: 1.31.0
--- a/k8s/argo-apps/authentik.yaml
+++ b/k8s/argo-apps/authentik.yaml
@ -12,7 +12,7 @@ spec:
  sources:
    - chart: authentik
      repoURL: https://charts.goauthentik.io/
-      targetRevision: 2025.4.*
+      targetRevision: 2025.6.*
      helm:
        valuesObject:
          authentik:
--- a/scripts/ncm.sh
+++ b/scripts/ncm.sh
@ -1,35 +0,0 @@
 #!/usr/bin/env bash
 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
 cd "$SCRIPT_DIR/../docker/nextcloud" || exit
 docker_exec() {
    docker compose exec nextcloud "$@"
 }
 occ_exec() {
    docker_exec sudo -E -u www-data php occ "$@"
 }
 case "$1" in
    upgrade)
        occ_exec upgrade
        ;;
    htaccess)
        occ_exec maintenance:update:htaccess
        ;;
    indices)
        occ_exec db:add-missing-indices
        ;;
    occ)
        occ_exec "$@"
        ;;
    exec)
        docker_exec "$@"
        ;;
    *)
        echo "Usage: $0 {upgrade|htaccess|indices|occ <custom occ command>|exec <custom command>}"
        exit 1
        ;;
 esac
--- a/tofu/adguard/main.tf
+++ b/tofu/adguard/main.tf
@ -35,64 +35,16 @@ resource "adguard_rewrite" "argo_3" {
  domain = "argo.fuku"
  answer = "192.168.1.33"
 }
 resource "adguard_rewrite" "loki_1" {
  domain = "loki.fuku"
  answer = "192.168.1.31"
 }
 resource "adguard_rewrite" "loki_2" {
  domain = "loki.fuku"
  answer = "192.168.1.32"
 }
 resource "adguard_rewrite" "loki_3" {
  domain = "loki.fuku"
  answer = "192.168.1.33"
 }
 resource "adguard_rewrite" "grafana_1" {
  domain = "grafana.fuku"
  answer = "192.168.1.31"
 }
 resource "adguard_rewrite" "grafana_2" {
  domain = "grafana.fuku"
  answer = "192.168.1.32"
 }
 resource "adguard_rewrite" "grafana_3" {
  domain = "grafana.fuku"
  answer = "192.168.1.33"
 }
 resource "adguard_rewrite" "feeds" {
  domain = "feeds.roboces.dev"
  answer = "192.168.1.12"
 }
 resource "adguard_rewrite" "feeds_local_1" {
  domain = "feeds.fuku"
  answer = "192.168.1.31"
 }
 resource "adguard_rewrite" "feeds_local_2" {
  domain = "feeds.fuku"
  answer = "192.168.1.32"
 }
 resource "adguard_rewrite" "feeds_local_3" {
  domain = "feeds.fuku"
  answer = "192.168.1.33"
 }
 resource "adguard_rewrite" "authentik" {
  domain = "auth.fukurokuju.dev"
  answer = "192.168.1.12"
 }
 resource "adguard_rewrite" "dd02" {
  domain = "dd02.fuku"
  answer = "192.168.1.19"
@ -117,3 +69,23 @@ resource "adguard_rewrite" "elastic_3" {
  domain = "elastic.fuku"
  answer = "192.168.1.33"
 }
 resource "adguard_rewrite" "agent1" {
  domain = "agent1.fuku"
  answer = "192.168.1.34"
 }
 resource "adguard_rewrite" "master1" {
  domain = "master1.ramiel.fuku"
  answer = "192.168.1.31"
 }
 resource "adguard_rewrite" "master2" {
  domain = "master2.ramiel.fuku"
  answer = "192.168.1.32"
 }
 resource "adguard_rewrite" "master3" {
  domain = "master3.ramiel.fuku"
  answer = "192.168.1.33"
 }
--- a/tofu/modules/proxmox-vm/.terraform.lock.hcl
+++ b/tofu/modules/proxmox-vm/.terraform.lock.hcl
@ -1,23 +0,0 @@
 # This file is maintained automatically by "tofu init".
 # Manual edits may be lost in future updates.
 provider "registry.opentofu.org/thegameprofi/proxmox" {
  version     = "2.10.0"
  constraints = "2.10.0"
  hashes = [
    "h1:0wJlZKYgmnyXJ4AGKfML5m0/bhRUXty3vn4mSEYhFDM=",
    "h1:2fmj6FkuQ8CyWdxJ83s87GJhRHiQFnzlSYSlA2q7pXg=",
    "h1:5FQbfjTDMO4FCMXAQ5S+2CdVHw1gJoOicQRLVTCfrDI=",
    "h1:60DcgYwyBroh3oUsdsZU/Z03LfEIidq2lTYKbhZDibU=",
    "h1:6hrWJT18l4jfWrzO8GweRA1bIdzY8dDUkzB7+GW0Zgs=",
    "h1:8bQZLEyLJqYnLnZC0zopbPSJVYXwQIb+G3nQ9Tc9bMU=",
    "h1:DArex0up+F+sN3arAKanOSVc70b9kyTeTkuy6Abkor8=",
    "h1:WUh8KlPtUdI+O7FJz6/d3BC+77tSBYjlNCxKjIGX7Kg=",
    "h1:atdwdBFAPjyz7ICxoeMBrUn7tllqjJyIIClO5Mv3dlw=",
    "h1:mnIwCGDAZ9O/UiQEXGWKXUeA6H1Tt/AkII/MjHw1SMg=",
    "h1:sW+6tq318P9g0P+BwqEM74AHsJ6CmN+s6NgAJJxZk/Y=",
    "h1:tWdlbcPuby+thPgC07FCBbIzzQAOn3XSvRibuHcdK04=",
    "h1:yHr19pmBvjRCSbyWmNd3Y4iI7mCjeDgzC622q5kSSKE=",
    "h1:zbDNS+UBlhewZUPt0s5ntUeAGOSTLj2jjHweCDKw6qo=",
  ]
 }
--- a/tofu/modules/proxmox-vm/main.tf
+++ b/tofu/modules/proxmox-vm/main.tf
@ -1,46 +0,0 @@
 terraform {
  required_version = ">= 1.6"
  required_providers {
    proxmox = {
      source  = "thegameprofi/proxmox"
      version = "2.10.0"
    }
  }
 }
 resource "proxmox_vm_qemu" "vm" {
  name        = var.vm_name
  target_node = var.node_name
  vmid        = var.vm_id
  clone       = var.cloud_init_template
  os_type     = "cloudinit"
  qemu_os     = "other"
  ipconfig0   = var.ipconfig0
  cores       = var.core_count
  sockets     = 1
  pool        = "k3s"
  memory      = var.memory
  ciuser      = var.ci_username
  agent       = 0
  serial {
    id   = 0
    type = "socket"
  }
  disk {
    size    = "50G"
    storage = var.disk_storage_name
    type    = "scsi"
  }
  network {
    bridge    = var.network_bridge_name
    firewall  = false
    link_down = false
    model     = "virtio"
    mtu       = 0
    queues    = 0
    rate      = 0
    tag       = -1
  }
  sshkeys    = var.ssh_keys
  nameserver = "192.168.1.7 192.168.1.3"
 }
--- a/tofu/modules/proxmox-vm/variables.tf
+++ b/tofu/modules/proxmox-vm/variables.tf
@ -1,66 +0,0 @@
 variable "vm_name" {
  description = "Name of the VM"
  type        = string
 }
 variable "node_name" {
  description = "Name of the Proxmox node"
  type        = string
 }
 variable "vm_id" {
  description = "ID of the new VM"
  type        = number
 }
 variable "cloud_init_template" {
  description = "Cloud-init enabled template to be cloned"
  type        = string
  default     = "ci-debian12"
 }
 variable "ipconfig0" {
  description = "Default inet configuration"
  type        = string
 }
 variable "ci_username" {
  description = "Cloud-init username"
  type        = string
  default     = "ci"
 }
 variable "memory" {
  description = "Available RAM, in MB"
  type        = number
  default     = 512
 }
 variable "core_count" {
  description = "Available cores per socket"
  type        = number
  default     = 2
 }
 variable "network_bridge_name" {
  description = "Network bridge name"
  type        = string
  default     = "vmbr0"
 }
 variable "ssh_keys" {
  description = "SSH public keys to be provisioned"
  type        = string
  default     = <<EOF
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL++DKyzE0+zM6A4lpjWTNvntQnmEdA6FoOh6jIdsHMT catalin@jupiter
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGreLVacZyxq2EtgievpXgC/L7czKyJa/kWpgqDoPgnA phireh@GenPhireh
 EOF
 }
 variable "disk_storage_name" {
  description = "Disk storage name"
  type        = string
  default     = "storage"
 }
--- a/tofu/proxmox/.terraform.lock.hcl
+++ b/tofu/proxmox/.terraform.lock.hcl
@ -1,45 +0,0 @@
 # This file is maintained automatically by "tofu init".
 # Manual edits may be lost in future updates.
 provider "registry.opentofu.org/telmate/proxmox" {
  version     = "2.9.14"
  constraints = "2.9.14"
  hashes = [
    "h1:H/f+LbVyPOLslHLAYnGuMMRqWFZ65K6E3V+MCYgfAyk=",
    "zh:0d049d33f705e5b814d30028770c084151218439424e99684ce31d7e26a720b5",
    "zh:20b1c64ed56d81de95f3f37b82b45b4654c0de26670c0e87a474c5cce13cd015",
    "zh:2946058abd1d8e50e475b9ec39781eb02576b40dbd80f4653fade4493a4514c6",
    "zh:29e50a25c456f040ce072f23ac57b5b82ebd3b916ca5ae6688332b5ec62adc4a",
    "zh:3612932306ce5f08db94868f526cbb8c56d0d3c6ebe1c11a83f92bbf94354296",
    "zh:42d1699b0abebaac82ea5a19f4393541d8bb2741bde204a8ac1028cdc29d1b14",
    "zh:5ffd5dc567262eb8aafdf2f6eac63f7f21361da9c5d75a3c36b479638a0001b0",
    "zh:6692ef323e3b89de99934ad731f6a1850525bf8142916ae28ea4e4048d73a787",
    "zh:a5afc98e9a4038516bb58e788cb77dea67a60dce780dfcd206d7373c5a56b776",
    "zh:bf902cded709d84fa27fbf91b589c241f2238a6c4924e4e479eebd74320b93a5",
    "zh:cab0e1e72c9cebcf669fc6f35ec28cb8ab2dffb0237afc8860aa40d23bf8a49f",
    "zh:e523b99a48beec83d9bc04b2d336266044f9f53514cefb652fe6768611847196",
    "zh:f593915e8a24829d322d2eaeedcb153328cf9042f0d84f66040dde1be70ede04",
    "zh:fba1aff541133e2129dfda0160369635ab48503d5c44b8407ce5922ecc15d0bd",
  ]
 }
 provider "registry.opentofu.org/thegameprofi/proxmox" {
  version     = "2.10.0"
  constraints = "2.10.0"
  hashes = [
    "h1:0wJlZKYgmnyXJ4AGKfML5m0/bhRUXty3vn4mSEYhFDM=",
    "h1:2fmj6FkuQ8CyWdxJ83s87GJhRHiQFnzlSYSlA2q7pXg=",
    "h1:5FQbfjTDMO4FCMXAQ5S+2CdVHw1gJoOicQRLVTCfrDI=",
    "h1:60DcgYwyBroh3oUsdsZU/Z03LfEIidq2lTYKbhZDibU=",
    "h1:6hrWJT18l4jfWrzO8GweRA1bIdzY8dDUkzB7+GW0Zgs=",
    "h1:8bQZLEyLJqYnLnZC0zopbPSJVYXwQIb+G3nQ9Tc9bMU=",
    "h1:DArex0up+F+sN3arAKanOSVc70b9kyTeTkuy6Abkor8=",
    "h1:WUh8KlPtUdI+O7FJz6/d3BC+77tSBYjlNCxKjIGX7Kg=",
    "h1:atdwdBFAPjyz7ICxoeMBrUn7tllqjJyIIClO5Mv3dlw=",
    "h1:mnIwCGDAZ9O/UiQEXGWKXUeA6H1Tt/AkII/MjHw1SMg=",
    "h1:sW+6tq318P9g0P+BwqEM74AHsJ6CmN+s6NgAJJxZk/Y=",
    "h1:tWdlbcPuby+thPgC07FCBbIzzQAOn3XSvRibuHcdK04=",
    "h1:yHr19pmBvjRCSbyWmNd3Y4iI7mCjeDgzC622q5kSSKE=",
    "h1:zbDNS+UBlhewZUPt0s5ntUeAGOSTLj2jjHweCDKw6qo=",
  ]
 }
--- a/tofu/proxmox/main.tf
+++ b/tofu/proxmox/main.tf
@ -1,50 +0,0 @@
 terraform {
  required_version = ">= 1.6"
  backend "s3" {
    bucket = "fuku-terraform"
    key    = "vm-foundation/terraform"
    region = "us-east-1"
  }
  required_providers {
    proxmox = {
      source  = "thegameprofi/proxmox"
      version = "2.10.0"
    }
  }
 }
 provider "proxmox" {
  pm_debug = true
 }
 module "master1" {
  source            = "../modules/proxmox-vm"
  vm_id             = 3001
  vm_name           = "master1.ramiel.fuku"
  node_name         = "ramiel"
  ipconfig0         = "ip=192.168.1.31/24,gw=192.168.1.1"
  memory            = 5120
  disk_storage_name = "storage"
  core_count        = 2
 }
 module "master2" {
  source     = "../modules/proxmox-vm"
  vm_id      = 3002
  vm_name    = "master2.ireul.fuku"
  node_name  = "ireul"
  ipconfig0  = "ip=192.168.1.32/24,gw=192.168.1.1"
  memory     = 4096
  core_count = 2
 }
 module "master3" {
  source            = "../modules/proxmox-vm"
  vm_id             = 3003
  vm_name           = "master3.ireul.fuku"
  node_name         = "ireul"
  ipconfig0         = "ip=192.168.1.33/24,gw=192.168.1.1"
  disk_storage_name = "local-lvm"
  memory            = 4096
  core_count        = 2
 }
--- a/tofu/proxmox/sample.env
+++ b/tofu/proxmox/sample.env
@ -1,4 +0,0 @@
 PM_USER=
 PM_PASS=
 PM_API_URL=
 TF_VAR_ci_password=
--- a/tofu/proxmox/vars.tf
+++ b/tofu/proxmox/vars.tf
		`@ -1,2 +0,0 @@`
			`token: {{ cluster_token }}`
			`server: https://{{ tls_san }}:6443`
		`@ -1,2 +0,0 @@`
			`ANSIBLE_K3S_CLUSTER_TOKEN=`
			`ANSIBLE_K3S_TLS_SAN=`
		`@ -1 +0,0 @@`
			`NEXTCLOUD_PROMTAIL_PASSWORD=superdupersecure`