docs updated

feat(lawndale-vm): extra network interfaces
feat(lawndale-vm): ignore_changes to prevent perpetual diff
2025-02-19 01:27:49 +01:00 · 2025-02-19 01:24:08 +01:00 · 2022-11-28 01:22:10 +01:00 · 2022-11-27 22:06:43 +01:00 · 2022-11-27 22:06:32 +01:00 · 2022-11-27 22:01:32 +01:00
16 changed files with 252 additions and 222 deletions
--- a/.drone.yml
+++ b/.drone.yml
@@ -0,0 +1,57 @@
 ---
 kind: pipeline
 type: kubernetes
 name: Check docs and format
 trigger:
  event:
  - push
  - tag
 environment:
  TF_IN_AUTOMATION: "1"
 steps:
 - name: get terraform 
  image: hashicorp/terraform:1.1.8
  commands:
    - apk add bash wget 
    - wget https://github.com/terraform-docs/terraform-docs/releases/download/v0.16.0/terraform-docs-v0.16.0-linux-amd64.tar.gz -O - | tar -xz terraform-docs -C /usr/local/bin
    - scripts/format.sh
    - scripts/generate-docs.sh
    - git diff-index --name-status HEAD
 ---
 kind: pipeline
 type: kubernetes
 name: Terraform validate
 trigger:
  event:
  - push
  - tag
  branch:
  - main
 environment:
  TF_IN_AUTOMATION: "1"
 steps:
 - name: validate
  image: hashicorp/terraform:1.1.8
  commands:
    - apk add bash
    - mkdir -p ~/.ssh
    - chmod 755 ~/.ssh
    - echo "$${CI_SSH_KEY}" | base64 -d > ~/.ssh/id_rsa
    - chmod 600 ~/.ssh/id_rsa
    - scripts/validate.sh
  environment:
    GIT_SSH_COMMAND: "ssh -o StrictHostKeyChecking=no"
    CI_SSH_KEY:
      from_secret: ci-ssh-key
 ---
 kind: signature
 hmac: 5afd79ba867df22299821b9fd132a11df0d4d5ab053821ccecf259ad100bf325
 ...
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,35 @@
 # Local .terraform directories
 **/.terraform/*
 # .tfstate files
 *.tfstate
 *.tfstate.*
 # Crash log files
 crash.log
 crash.*.log
 # Exclude all .tfvars files, which are likely to contain sensitive data, such as
 # password, private keys, and other secrets. These should not be part of version 
 # control as they are data points which are potentially sensitive and subject 
 # to change depending on the environment.
 *.tfvars
 *.tfvars.json
 # Ignore override files as they are usually used to override resources locally and so
 # are not checked in
 override.tf
 override.tf.json
 *_override.tf
 *_override.tf.json
 # Include override files you do wish to add to version control using negated pattern
 # !example_override.tf
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 # example: *tfplan*
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
--- a/lawndale-vm-ipam/README.md
+++ b/lawndale-vm-ipam/README.md
@@ -8,7 +8,7 @@ The following requirements are needed by this module:
 The following providers are used by this module:
- <a name="provider_dns"></a> [dns](#provider\_dns) (~> 3.2)
+- <a name="provider_dns"></a> [dns](#provider\_dns) (3.2.3)
 ## Modules
--- a/lawndale-vm/README.md
+++ b/lawndale-vm/README.md
@@ -2,7 +2,7 @@
 The following requirements are needed by this module:
- <a name="requirement_libvirt"></a> [libvirt](#requirement\_libvirt) (~> 0.6.14)
+- <a name="requirement_libvirt"></a> [libvirt](#requirement\_libvirt) (>= 0.6.14)
 - <a name="requirement_macaddress"></a> [macaddress](#requirement\_macaddress) (~> 0.3.0)
@@ -10,9 +10,9 @@ The following requirements are needed by this module:
 The following providers are used by this module:
- <a name="provider_libvirt"></a> [libvirt](#provider\_libvirt) (~> 0.6.14)
+- <a name="provider_libvirt"></a> [libvirt](#provider\_libvirt) (0.7.0)
- <a name="provider_macaddress"></a> [macaddress](#provider\_macaddress) (~> 0.3.0)
+- <a name="provider_macaddress"></a> [macaddress](#provider\_macaddress) (0.3.2)
 ## Modules
@@ -20,7 +20,7 @@ The following Modules are called:
 ### <a name="module_ipam"></a> [ipam](#module\_ipam)
-Source: ../../modules/lawndale-vm-ipam
+Source: git@git.thomasklein.me:thomasklein/terraform-modules//lawndale-vm-ipam
 Version:
@@ -112,6 +112,21 @@ Type: `bool`
 Default: `true`
 ### <a name="input_extra_interfaces"></a> [extra\_interfaces](#input\_extra\_interfaces)
 Description: Extra network interfaces to attach to the VM
 Type:
 ```hcl
 list(object({
    bridge = string
    mac    = string
  }))
 ```
 Default: `[]`
 ### <a name="input_filesystems"></a> [filesystems](#input\_filesystems)
 Description: 9p shared filesystem devices
@@ -129,6 +144,14 @@ list(object({
 Default: `[]`
 ### <a name="input_machine"></a> [machine](#input\_machine)
 Description: The machine type - can be i440fx (default) or q35. PCIe support requires Q35 (or better)
 Type: `string`
 Default: `null`
 ### <a name="input_meta_data"></a> [meta\_data](#input\_meta\_data)
 Description: Cloud-init meta-data
@@ -161,6 +184,14 @@ Type: `string`
 Default: `""`
 ### <a name="input_uefi"></a> [uefi](#input\_uefi)
 Description: Whether or not to create an UEFI domain
 Type: `bool`
 Default: `false`
 ### <a name="input_vcpu"></a> [vcpu](#input\_vcpu)
 Description: CPU count
@@ -179,4 +210,24 @@ Default: `null`
 ## Outputs
-No outputs.
+The following outputs are exported:
 ### <a name="output__disk"></a> [\_disk](#output\_\_disk)
 Description: n/a
 ### <a name="output__domain"></a> [\_domain](#output\_\_domain)
 Description: n/a
 ### <a name="output__pool"></a> [\_pool](#output\_\_pool)
 Description: n/a
 ### <a name="output_ipam"></a> [ipam](#output\_ipam)
 Description: n/a
 ### <a name="output_macaddress"></a> [macaddress](#output\_macaddress)
 Description: n/a
--- a/lawndale-vm/compute.tf
+++ b/lawndale-vm/compute.tf
@@ -21,7 +21,7 @@ resource "macaddress" "this" {
 module "ipam" {
-  source = "../../modules/lawndale-vm-ipam"
+  source = "git@git.thomasklein.me:thomasklein/terraform-modules//lawndale-vm-ipam"
  id        = var.id
  name      = var.name
@@ -40,10 +40,20 @@ resource "libvirt_domain" "this" {
  cloudinit = libvirt_cloudinit_disk.this.id
  firmware = var.uefi ? "/usr/share/edk2-ovmf/OVMF_CODE.fd" : null
  machine = var.machine
  network_interface {
    bridge = module.ipam.lawndale_interface
    mac    = macaddress.this.address
  }
  dynamic "network_interface" {
    for_each = var.extra_interfaces
    content {
      bridge = network_interface.value.bridge
      mac = network_interface.value.mac
    }
  }
  disk {
    volume_id = libvirt_volume.this.id
@@ -76,6 +86,10 @@ resource "libvirt_domain" "this" {
      xslt = xml.value
    }
  }
  lifecycle {
    ignore_changes = [nvram, disk[0].scsi]
  }
 }
 resource "libvirt_cloudinit_disk" "this" {
@@ -95,6 +109,7 @@ locals {
        match = {
          macaddress = macaddress.this.address
        }
        "set-name" = "eth"
        addresses = [
          "${module.ipam.ip_address}/${module.ipam.cidr}"
        ]
--- a/lawndale-vm/outputs.tf
+++ b/lawndale-vm/outputs.tf
@@ -0,0 +1,19 @@
 output "macaddress" {
  value = macaddress.this.address
 }
 output "_pool" {
  value = var.create_root_storage_pool ? libvirt_pool.this : null
 }
 output "_disk" {
  value = libvirt_volume.this
 }
 output "_domain" {
  value = libvirt_domain.this
 }
 output "ipam" {
  value = module.ipam
 }
--- a/lawndale-vm/providers.tf
+++ b/lawndale-vm/providers.tf
@@ -2,7 +2,7 @@ terraform {
  required_providers {
    libvirt = {
      source  = "dmacvicar/libvirt"
-      version = "~> 0.6.14"
+      version = ">= 0.6.14"
    }
    macaddress = {
--- a/lawndale-vm/variables.tf
+++ b/lawndale-vm/variables.tf
@@ -19,6 +19,18 @@ variable "vcpu" {
  default     = 1
 }
 variable "uefi" {
  type        = bool
  description = "Whether or not to create an UEFI domain"
  default     = false
 }
 variable "machine" {
  type        = string
  description = "The machine type - can be i440fx (default) or q35. PCIe support requires Q35 (or better)"
  default     = null
 }
 variable "memory_mb" {
  type        = number
  description = "VM memory allocation in megabytes"
@@ -110,3 +122,13 @@ variable "xslt" {
  description = "XSLT applied to the domain before sent to libvirt"
  default     = null
 }
 variable "extra_interfaces" {
  type = list(object({
    bridge = string
    mac    = string
  }))
  description = "Extra network interfaces to attach to the VM"
  default     = []
 }
--- a/remote-state-access/README.md
+++ b/remote-state-access/README.md
@@ -1,101 +0,0 @@
 ## Requirements
 The following requirements are needed by this module:
 - <a name="requirement_aws"></a> [aws](#requirement\_aws) (~> 4.9)
 ## Providers
 The following providers are used by this module:
 - <a name="provider_aws"></a> [aws](#provider\_aws) (~> 4.9)
 ## Modules
 No modules.
 ## Resources
 The following resources are used by this module:
 - [aws_iam_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) (resource)
 - [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) (resource)
 - [aws_iam_policy_document.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) (data source)
 ## Required Inputs
 The following input variables are required:
 ### <a name="input_bucket_name"></a> [bucket\_name](#input\_bucket\_name)
 Description: n/a
 Type: `string`
 ### <a name="input_dynamo_table"></a> [dynamo\_table](#input\_dynamo\_table)
 Description: n/a
 Type: `string`
 ### <a name="input_prefixes"></a> [prefixes](#input\_prefixes)
 Description: n/a
 Type: `list(string)`
 ## Optional Inputs
 The following input variables are optional (have default values):
 ### <a name="input_create_policy"></a> [create\_policy](#input\_create\_policy)
 Description: n/a
 Type: `bool`
 Default: `false`
 ### <a name="input_create_role"></a> [create\_role](#input\_create\_role)
 Description: n/a
 Type: `bool`
 Default: `false`
 ### <a name="input_policy_name"></a> [policy\_name](#input\_policy\_name)
 Description: n/a
 Type: `string`
 Default: `null`
 ### <a name="input_policy_path"></a> [policy\_path](#input\_policy\_path)
 Description: n/a
 Type: `string`
 Default: `"/"`
 ### <a name="input_role_name"></a> [role\_name](#input\_role\_name)
 Description: n/a
 Type: `string`
 Default: `null`
 ## Outputs
 The following outputs are exported:
 ### <a name="output_policy_arn"></a> [policy\_arn](#output\_policy\_arn)
 Description: n/a
 ### <a name="output_role_arn"></a> [role\_arn](#output\_role\_arn)
 Description: n/a
--- a/remote-state-access/outputs.tf
+++ b/remote-state-access/outputs.tf
@@ -1,9 +0,0 @@
 output "role_arn" {
  type  = string
  value = var.create_role ? aws_iam_role.this.arn : null
 }
 output "policy_arn" {
  type  = string
  value = var.create_policy ? aws_iam_policy.this.arn : null
 }
--- a/remote-state-access/policy.tf
+++ b/remote-state-access/policy.tf
@@ -1,59 +0,0 @@
 data "aws_iam_policy_document" "this" {
  statement {
    effect = "Allow"
    actions = [
      "s3:ListBucket"
    ]
    resources = [
      "arn:aws:s3:::${var.bucket_name}",
    ]
  }
  statement {
    effect = "Allow"
    actions = [
      "s3:GetObject",
      "s3:PutObject",
      "s3:DeleteObject",
    ]
    resources = [
      "arn:aws:s3:::${var.bucket_name}",
    ]
    condition {
      test     = "StringLike"
      variable = "s3:prefix"
      values = var.prefixes
    }
  }
  statement {
    effect = "Allow"
    actions = [
      "dynamodb:GetItem",
      "dynamodb:PutItem",
      "dynamodb:DeleteItem",
    ]
    resources = [
      "arn:aws:dynamodb:*:*:table/${var.dynamodb_table}",
    ]
  }
 }
 resource "aws_iam_role" "this" {
  count = var.create_role ? 1 : 0
  name  = var.role_name
  inline_policy {
    name   = "Allow access for remote states s3 and dynamo"
    policy = data.aws_iam_policy_document.this.json
  }
 }
 resource "aws_iam_policy" "this" {
  count = var.create_policy ? 1 : 0
  name  = var.policy_name
  path  = var.policy_path
 }
--- a/remote-state-access/provider.tf
+++ b/remote-state-access/provider.tf
@@ -1,8 +0,0 @@
 terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 4.9"
    }
  }
 }
--- a/remote-state-access/variables.tf
+++ b/remote-state-access/variables.tf
@@ -1,35 +0,0 @@
 variable "bucket_name" {
  type = string
 }
 variable "dynamo_table" {
  type = string
 }
 variable "prefixes" {
  type = list(string)
 }
 variable "role_name" {
  type    = string
  default = null
 }
 variable "policy_name" {
  type    = string
  default = null
 }
 variable "policy_path" {
  type    = string
  default = "/"
 }
 variable "create_role" {
  type    = bool
  default = false
 }
 variable "create_policy" {
  type    = bool
  default = false
 }
--- a/scripts/format.sh
+++ b/scripts/format.sh
@@ -0,0 +1,21 @@
 #!/bin/bash
 set -euo pipefail
 for DIR in $(find . -type d); do
    if [[ "${DIR}" = "." ]] || [[ $(echo ${DIR} | cut -c1-5) = ".git/" ]]; then
        continue; 
    fi
    pushd $DIR
    terraform_files=$(find . -maxdepth 1 -type f -iname '*.tf')
    if [[ ${#terraform_files} -eq 0 ]]; then
        popd
        continue
    fi
    terraform fmt
    popd
 done
--- a/scripts/validate.sh
+++ b/scripts/validate.sh
@@ -0,0 +1,22 @@
 #!/bin/bash
 set -euo pipefail
 for DIR in $(find . -type d); do
    if [[ "${DIR}" = "." ]] || [[ $(echo ${DIR} | cut -c1-5) = ".git/" ]]; then
        continue; 
    fi
    pushd $DIR
    terraform_files=$(find . -maxdepth 1 -type f -iname '*.tf')
    if [[ ${#terraform_files} -eq 0 ]]; then
        popd
        continue
    fi
    terraform init
    terraform validate
    popd
 done
Author	SHA1	Message	Date
Tamas Kiss	507c4f2085	docs updated Some checks failed continuous-integration/drone/push Build is failing Details	2025-02-19 01:27:49 +01:00
Tamas Kiss	f4b22647c4	feat(lawndale-vm): extra network interfaces	2025-02-19 01:24:08 +01:00
Tamas Kiss	69408d9be8	feat(lawndale-vm): ignore_changes to prevent perpetual diff All checks were successful continuous-integration/drone/push Build is passing Details	2022-11-28 01:22:10 +01:00
Tamas Kiss	c1f35a667d	dep: relax dmacvicar/libvirt version constraint All checks were successful continuous-integration/drone/push Build is passing Details	2022-11-27 22:06:43 +01:00
Tamas Kiss	0863657573	docs: update docs	2022-11-27 22:06:32 +01:00
Tamas Kiss	7a40f2db5b	feat(lawndale-vm): options for machine type and firmware Some checks reported errors continuous-integration/drone/push Build encountered an error Details	2022-11-27 22:01:32 +01:00
Tamas Kiss	63c270e896	ci: renamed pipelines to better represent steps All checks were successful continuous-integration/drone/push Build is passing Details	2022-05-26 23:56:31 +02:00
Tamas Kiss	282f1d8b68	del: remote-state-access module is unused All checks were successful continuous-integration/drone/push Build is passing Details	2022-05-26 23:53:45 +02:00
Tamas Kiss	093c6d4d0c	fix: remote-state-access outputs Some checks failed continuous-integration/drone/push Build is failing Details	2022-05-26 23:51:46 +02:00
Tamas Kiss	78d8aec96d	ci: fix validate pipeline Some checks failed continuous-integration/drone/push Build is failing Details	2022-05-26 23:49:51 +02:00
Tamas Kiss	e6ae06dbbe	fix: lawndale-vm module ref Some checks failed continuous-integration/drone/push Build is failing Details	2022-05-26 23:35:21 +02:00
Tamas Kiss	b1062b37ec	ci: added ci pipelines Some checks failed continuous-integration/drone/push Build is failing Details	2022-05-26 23:24:56 +02:00