docs updated

.drone.yml

@@ -0,0 +1,57 @@
+---
+kind: pipeline
+type: kubernetes
+name: Check docs and format
+
+trigger:
+  event:
+  - push
+  - tag
+
+environment:
+  TF_IN_AUTOMATION: "1"
+
+steps:
+- name: get terraform 
+  image: hashicorp/terraform:1.1.8
+  commands:
+    - apk add bash wget 
+    - wget https://github.com/terraform-docs/terraform-docs/releases/download/v0.16.0/terraform-docs-v0.16.0-linux-amd64.tar.gz -O - | tar -xz terraform-docs -C /usr/local/bin
+    - scripts/format.sh
+    - scripts/generate-docs.sh
+    - git diff-index --name-status HEAD
+
+---
+kind: pipeline
+type: kubernetes
+name: Terraform validate
+
+trigger:
+  event:
+  - push
+  - tag
+  branch:
+  - main
+
+environment:
+  TF_IN_AUTOMATION: "1"
+
+steps:
+- name: validate
+  image: hashicorp/terraform:1.1.8
+  commands:
+    - apk add bash
+    - mkdir -p ~/.ssh
+    - chmod 755 ~/.ssh
+    - echo "$${CI_SSH_KEY}" | base64 -d > ~/.ssh/id_rsa
+    - chmod 600 ~/.ssh/id_rsa
+    - scripts/validate.sh
+  environment:
+    GIT_SSH_COMMAND: "ssh -o StrictHostKeyChecking=no"
+    CI_SSH_KEY:
+      from_secret: ci-ssh-key
+---
+kind: signature
+hmac: 5afd79ba867df22299821b9fd132a11df0d4d5ab053821ccecf259ad100bf325
+
+...

.gitignore

@@ -0,0 +1,35 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+

lawndale-vm-ipam/README.md

@@ -8,7 +8,7 @@ The following requirements are needed by this module:
 
 The following providers are used by this module:
 
-- <a name="provider_dns"></a> [dns](#provider\_dns) (~> 3.2)
+- <a name="provider_dns"></a> [dns](#provider\_dns) (3.2.3)
 
 ## Modules
 

lawndale-vm/README.md

@@ -2,7 +2,7 @@
 
 The following requirements are needed by this module:
 
-- <a name="requirement_libvirt"></a> [libvirt](#requirement\_libvirt) (~> 0.6.14)
+- <a name="requirement_libvirt"></a> [libvirt](#requirement\_libvirt) (>= 0.6.14)
 
 - <a name="requirement_macaddress"></a> [macaddress](#requirement\_macaddress) (~> 0.3.0)
 
@@ -10,9 +10,9 @@ The following requirements are needed by this module:
 
 The following providers are used by this module:
 
-- <a name="provider_libvirt"></a> [libvirt](#provider\_libvirt) (~> 0.6.14)
+- <a name="provider_libvirt"></a> [libvirt](#provider\_libvirt) (0.7.0)
 
-- <a name="provider_macaddress"></a> [macaddress](#provider\_macaddress) (~> 0.3.0)
+- <a name="provider_macaddress"></a> [macaddress](#provider\_macaddress) (0.3.2)
 
 ## Modules
 
@@ -20,7 +20,7 @@ The following Modules are called:
 
 ### <a name="module_ipam"></a> [ipam](#module\_ipam)
 
-Source: ../../modules/lawndale-vm-ipam
+Source: git@git.thomasklein.me:thomasklein/terraform-modules//lawndale-vm-ipam
 
 Version:
 
@@ -112,6 +112,21 @@ Type: `bool`
 
 Default: `true`
 
+### <a name="input_extra_interfaces"></a> [extra\_interfaces](#input\_extra\_interfaces)
+
+Description: Extra network interfaces to attach to the VM
+
+Type:
+
+```hcl
+list(object({
+    bridge = string
+    mac    = string
+  }))
+```
+
+Default: `[]`
+
 ### <a name="input_filesystems"></a> [filesystems](#input\_filesystems)
 
 Description: 9p shared filesystem devices
@@ -129,6 +144,14 @@ list(object({
 
 Default: `[]`
 
+### <a name="input_machine"></a> [machine](#input\_machine)
+
+Description: The machine type - can be i440fx (default) or q35. PCIe support requires Q35 (or better)
+
+Type: `string`
+
+Default: `null`
+
 ### <a name="input_meta_data"></a> [meta\_data](#input\_meta\_data)
 
 Description: Cloud-init meta-data
@@ -161,6 +184,14 @@ Type: `string`
 
 Default: `""`
 
+### <a name="input_uefi"></a> [uefi](#input\_uefi)
+
+Description: Whether or not to create an UEFI domain
+
+Type: `bool`
+
+Default: `false`
+
 ### <a name="input_vcpu"></a> [vcpu](#input\_vcpu)
 
 Description: CPU count
@@ -179,4 +210,24 @@ Default: `null`
 
 ## Outputs
 
-No outputs.
+The following outputs are exported:
+
+### <a name="output__disk"></a> [\_disk](#output\_\_disk)
+
+Description: n/a
+
+### <a name="output__domain"></a> [\_domain](#output\_\_domain)
+
+Description: n/a
+
+### <a name="output__pool"></a> [\_pool](#output\_\_pool)
+
+Description: n/a
+
+### <a name="output_ipam"></a> [ipam](#output\_ipam)
+
+Description: n/a
+
+### <a name="output_macaddress"></a> [macaddress](#output\_macaddress)
+
+Description: n/a

lawndale-vm/compute.tf

@@ -21,7 +21,7 @@ resource "macaddress" "this" {
 
 
 module "ipam" {
-  source = "../../modules/lawndale-vm-ipam"
+  source = "git@git.thomasklein.me:thomasklein/terraform-modules//lawndale-vm-ipam"
 
   id        = var.id
   name      = var.name
@@ -40,10 +40,20 @@ resource "libvirt_domain" "this" {
 
   cloudinit = libvirt_cloudinit_disk.this.id
 
+  firmware = var.uefi ? "/usr/share/edk2-ovmf/OVMF_CODE.fd" : null
+  machine = var.machine
+
   network_interface {
     bridge = module.ipam.lawndale_interface
     mac    = macaddress.this.address
   }
+  dynamic "network_interface" {
+    for_each = var.extra_interfaces
+    content {
+      bridge = network_interface.value.bridge
+      mac = network_interface.value.mac
+    }
+  }
 
   disk {
     volume_id = libvirt_volume.this.id
@@ -76,6 +86,10 @@ resource "libvirt_domain" "this" {
       xslt = xml.value
     }
   }
+
+  lifecycle {
+    ignore_changes = [nvram, disk[0].scsi]
+  }
 }
 
 resource "libvirt_cloudinit_disk" "this" {
@@ -95,6 +109,7 @@ locals {
         match = {
           macaddress = macaddress.this.address
         }
+        "set-name" = "eth"
         addresses = [
           "${module.ipam.ip_address}/${module.ipam.cidr}"
         ]
@@ -116,4 +131,4 @@ EOM
 
   meta_data      = var.meta_data != null ? var.meta_data : local.default_meta_data
   network_config = var.network_config != null ? var.network_config : jsonencode(local.default_network_config)
-}
+}

lawndale-vm/outputs.tf

@@ -0,0 +1,19 @@
+output "macaddress" {
+  value = macaddress.this.address
+}
+
+output "_pool" {
+  value = var.create_root_storage_pool ? libvirt_pool.this : null
+}
+
+output "_disk" {
+  value = libvirt_volume.this
+}
+
+output "_domain" {
+  value = libvirt_domain.this
+}
+
+output "ipam" {
+  value = module.ipam
+}

lawndale-vm/providers.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     libvirt = {
       source  = "dmacvicar/libvirt"
-      version = "~> 0.6.14"
+      version = ">= 0.6.14"
     }
 
     macaddress = {

lawndale-vm/variables.tf

@@ -19,6 +19,18 @@ variable "vcpu" {
   default     = 1
 }
 
+variable "uefi" {
+  type        = bool
+  description = "Whether or not to create an UEFI domain"
+  default     = false
+}
+
+variable "machine" {
+  type        = string
+  description = "The machine type - can be i440fx (default) or q35. PCIe support requires Q35 (or better)"
+  default     = null
+}
+
 variable "memory_mb" {
   type        = number
   description = "VM memory allocation in megabytes"
@@ -110,3 +122,13 @@ variable "xslt" {
   description = "XSLT applied to the domain before sent to libvirt"
   default     = null
 }
+
+variable "extra_interfaces" {
+  type = list(object({
+    bridge = string
+    mac    = string
+  }))
+
+  description = "Extra network interfaces to attach to the VM"
+  default     = []
+}

remote-state-access/README.md

@@ -1,101 +0,0 @@
-## Requirements
-
-The following requirements are needed by this module:
-
-- <a name="requirement_aws"></a> [aws](#requirement\_aws) (~> 4.9)
-
-## Providers
-
-The following providers are used by this module:
-
-- <a name="provider_aws"></a> [aws](#provider\_aws) (~> 4.9)
-
-## Modules
-
-No modules.
-
-## Resources
-
-The following resources are used by this module:
-
-- [aws_iam_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) (resource)
-- [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) (resource)
-- [aws_iam_policy_document.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) (data source)
-
-## Required Inputs
-
-The following input variables are required:
-
-### <a name="input_bucket_name"></a> [bucket\_name](#input\_bucket\_name)
-
-Description: n/a
-
-Type: `string`
-
-### <a name="input_dynamo_table"></a> [dynamo\_table](#input\_dynamo\_table)
-
-Description: n/a
-
-Type: `string`
-
-### <a name="input_prefixes"></a> [prefixes](#input\_prefixes)
-
-Description: n/a
-
-Type: `list(string)`
-
-## Optional Inputs
-
-The following input variables are optional (have default values):
-
-### <a name="input_create_policy"></a> [create\_policy](#input\_create\_policy)
-
-Description: n/a
-
-Type: `bool`
-
-Default: `false`
-
-### <a name="input_create_role"></a> [create\_role](#input\_create\_role)
-
-Description: n/a
-
-Type: `bool`
-
-Default: `false`
-
-### <a name="input_policy_name"></a> [policy\_name](#input\_policy\_name)
-
-Description: n/a
-
-Type: `string`
-
-Default: `null`
-
-### <a name="input_policy_path"></a> [policy\_path](#input\_policy\_path)
-
-Description: n/a
-
-Type: `string`
-
-Default: `"/"`
-
-### <a name="input_role_name"></a> [role\_name](#input\_role\_name)
-
-Description: n/a
-
-Type: `string`
-
-Default: `null`
-
-## Outputs
-
-The following outputs are exported:
-
-### <a name="output_policy_arn"></a> [policy\_arn](#output\_policy\_arn)
-
-Description: n/a
-
-### <a name="output_role_arn"></a> [role\_arn](#output\_role\_arn)
-
-Description: n/a

remote-state-access/outputs.tf

@@ -1,9 +0,0 @@
-output "role_arn" {
-  type  = string
-  value = var.create_role ? aws_iam_role.this.arn : null
-}
-
-output "policy_arn" {
-  type  = string
-  value = var.create_policy ? aws_iam_policy.this.arn : null
-}

remote-state-access/policy.tf

@@ -1,59 +0,0 @@
-data "aws_iam_policy_document" "this" {
-  statement {
-    effect = "Allow"
-    actions = [
-      "s3:ListBucket"
-    ]
-
-    resources = [
-      "arn:aws:s3:::${var.bucket_name}",
-    ]
-  }
-  statement {
-    effect = "Allow"
-    actions = [
-      "s3:GetObject",
-      "s3:PutObject",
-      "s3:DeleteObject",
-    ]
-
-    resources = [
-      "arn:aws:s3:::${var.bucket_name}",
-    ]
-
-    condition {
-      test     = "StringLike"
-      variable = "s3:prefix"
-
-      values = var.prefixes
-    }
-  }
-  statement {
-    effect = "Allow"
-    actions = [
-      "dynamodb:GetItem",
-      "dynamodb:PutItem",
-      "dynamodb:DeleteItem",
-    ]
-    resources = [
-      "arn:aws:dynamodb:*:*:table/${var.dynamodb_table}",
-    ]
-  }
-}
-
-
-resource "aws_iam_role" "this" {
-  count = var.create_role ? 1 : 0
-  name  = var.role_name
-
-  inline_policy {
-    name   = "Allow access for remote states s3 and dynamo"
-    policy = data.aws_iam_policy_document.this.json
-  }
-}
-
-resource "aws_iam_policy" "this" {
-  count = var.create_policy ? 1 : 0
-  name  = var.policy_name
-  path  = var.policy_path
-}

remote-state-access/provider.tf

@@ -1,8 +0,0 @@
-terraform {
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = "~> 4.9"
-    }
-  }
-}

remote-state-access/variables.tf

@@ -1,35 +0,0 @@
-variable "bucket_name" {
-  type = string
-}
-
-variable "dynamo_table" {
-  type = string
-}
-
-variable "prefixes" {
-  type = list(string)
-}
-
-variable "role_name" {
-  type    = string
-  default = null
-}
-
-variable "policy_name" {
-  type    = string
-  default = null
-}
-variable "policy_path" {
-  type    = string
-  default = "/"
-}
-
-variable "create_role" {
-  type    = bool
-  default = false
-}
-
-variable "create_policy" {
-  type    = bool
-  default = false
-}

scripts/format.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+set -euo pipefail
+
+for DIR in $(find . -type d); do
+
+    if [[ "${DIR}" = "." ]] || [[ $(echo ${DIR} | cut -c1-5) = ".git/" ]]; then
+        continue; 
+    fi
+
+    pushd $DIR
+    terraform_files=$(find . -maxdepth 1 -type f -iname '*.tf')
+    if [[ ${#terraform_files} -eq 0 ]]; then
+        popd
+        continue
+    fi
+
+    terraform fmt
+    
+    popd
+done

scripts/generate-docs.sh

@@ -15,4 +15,4 @@ for DIR in $(find . -type d); do
     terraform-docs markdown document . > README.md
     
     popd
-done
+done

scripts/validate.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+set -euo pipefail
+
+for DIR in $(find . -type d); do
+
+    if [[ "${DIR}" = "." ]] || [[ $(echo ${DIR} | cut -c1-5) = ".git/" ]]; then
+        continue; 
+    fi
+
+    pushd $DIR
+    terraform_files=$(find . -maxdepth 1 -type f -iname '*.tf')
+    if [[ ${#terraform_files} -eq 0 ]]; then
+        popd
+        continue
+    fi
+
+    terraform init
+    terraform validate
+    
+    popd
+done