Compare commits

20 Commits

Author SHA1 Message Date
unkinben 6edda8ef32 Merge pull request 'chore: resize puppetdb disk size' (#38) from benvin/resize_disks into master
Deploy / deploy (push) Successful in 4m23s
Reviewed-on: #38
2026-04-14 22:21:58 +10:00
unkinben 6f51b89e6a chore: resize puppetdb disk size
Build / build (pull_request) Successful in 3m35s
/data filled for patroni nodes. increase size until real fix can be made
ensure terraform is available for build job
2026-04-13 22:25:48 +10:00
unkinben 8076bbc08d Merge pull request 'feat: add externaldns hosts' (#37) from benvin/externaldns into master
Deploy / deploy (push) Failing after 1m26s
Reviewed-on: #37
2025-11-22 23:24:38 +11:00
unkinben ba9c2b639e feat: add externaldns hosts
Build / build (pull_request) Successful in 1m48s
- two slaves, one master
2025-11-21 23:12:07 +11:00
unkinben 707f84ebd0 Merge pull request 'fix: correct config.yaml to config.yml' (#36) from benvin/deploy_failures into master
Deploy / deploy (push) Failing after 57s
Reviewed-on: #36
2025-11-01 14:29:44 +11:00
unkinben d955d86808 fix: correct config.yaml to config.yml
Build / build (pull_request) Successful in 1m47s
- ensure terraform can find the correct config.yml
2025-11-01 13:59:57 +11:00
unkinben 68b8b6a599 Merge pull request 'feat: add dovecot backend servers' (#35) from benvin/dovecot into master
Deploy / deploy (push) Failing after 59s
Reviewed-on: #35
2025-11-01 12:34:22 +11:00
unkinben ec94cc8f54 feat: add dovecot backend servers
Build / build (pull_request) Successful in 2m58s
- add three backend dovecot servers
- add shared maildata cephfs subvolume
2025-11-01 00:51:58 +11:00
unkinben cc8c585dbd Merge pull request 'feat: add mail::gateway nodes' (#34) from benvin/mta_services into master
Deploy / deploy (push) Successful in 2m28s
Reviewed-on: #34
2025-10-19 19:52:47 +11:00
unkinben c80f3a53a0 feat: add mail::gateway nodes
Build / build (pull_request) Successful in 2m1s
- add three postfix gateway instances in the dmz
2025-10-19 18:36:34 +11:00
unkinben ffbb91891e Merge pull request 'feat: use INCUS_GLOBAL_CONF value' (#33) from benvin/incus_global_config into master
Deploy / deploy (push) Successful in 2m41s
Reviewed-on: #33
2025-10-18 00:03:49 +11:00
unkinben 5e090e9de5 feat: enable access to vault certificate
Build / build (pull_request) Successful in 1m52s
- puppet now automatically trusts vault certs for some clients
- ensure build job can access vault certs, or use client.* in .config/incus
2025-10-17 23:49:34 +11:00
unkinben cd9b965016 Merge pull request 'feat: manage incus config.yaml/incus-images from vault' (#32) from benvin/incus-images-vault into master
Deploy / deploy (push) Failing after 1m45s
Reviewed-on: #32
2025-10-17 16:15:26 +11:00
unkinben 0b99805b09 chore: reduce parallelism
Build / build (pull_request) Successful in 1m34s
- reduce plan to 4
- reduce apply to 2
- build servers only have two cores currently
2025-10-17 15:58:41 +11:00
unkinben 66d1f8fab8 feat: manage incus config.yaml/incus-images from vault
Build / build (pull_request) Successful in 1m44s
- use configuration data from Vault to generate config.yaml
- use configuration data from Vault to generate incus-images certificate
2025-10-17 15:52:59 +11:00
unkinben 0ca4fc0cf0 Merge pull request 'feat: add ausyd1nxvm2120 a testhost' (#31) from benvin/testhost into master
Deploy / deploy (push) Failing after 1m53s
Reviewed-on: #31
2025-10-17 15:33:04 +11:00
unkinben 8eb05e1efa feat: add ausyd1nxvm2120 a testhost
Build / build (pull_request) Successful in 1m45s
- add testhost, will be used to verify puppet -> openvox migration
- change build -> deploy in deploy job
2025-10-17 15:29:00 +11:00
unkinben 1d9684f403 Merge pull request 'fix: deploy job cant pull master' (#30) from benvin/deploy_job_fix into master
Deploy / build (push) Failing after 2m9s
Reviewed-on: #30
2025-10-17 15:12:48 +11:00
unkinben 464e3c9c5d fix: deploy job cant pull master
Build / build (pull_request) Successful in 2m27s
- dont try pull the master branch in the deploy job
2025-10-17 15:02:56 +11:00
unkinben bd3eb6e8c7 Merge pull request 'feat: add build job' (#29) from benvin/build_job into master
Deploy / build (push) Failing after 5s
Reviewed-on: #29
2025-10-17 15:01:36 +11:00
27 changed files with 646 additions and 18 deletions
+2 -1
View File
@@ -9,7 +9,7 @@ jobs:
runs-on: almalinux-8
container:
image: git.unkin.net/unkin/almalinux9-actionsdind:latest
options: --privileged
options: "--privileged --volume /etc/pki/tls/vault:/etc/pki/tls/vault:ro"
steps:
- name: Checkout code
@@ -29,4 +29,5 @@ jobs:
env:
VAULT_ROLEID: ${{ secrets.TERRAFORM_INCUS_VAULT_ROLEID }}
run: |
dnf install terraform -y
make plan
+3 -10
View File
@@ -7,11 +7,11 @@ on:
- master
jobs:
build:
deploy:
runs-on: almalinux-8
container:
image: git.unkin.net/unkin/almalinux9-actionsdind:latest
options: --privileged
options: "--privileged --volume /etc/pki/tls/vault:/etc/pki/tls/vault:ro"
steps:
- name: Checkout code
@@ -19,16 +19,9 @@ jobs:
with:
fetch-depth: 0
- name: Fetch master branch
run: |
git fetch origin master:master
- name: Show changed files
run: |
git diff --name-only master
- name: Run Terraform Apply
env:
VAULT_ROLEID: ${{ secrets.TERRAFORM_INCUS_VAULT_ROLEID }}
run: |
dnf install terraform -y
make apply
+15 -4
View File
@@ -18,8 +18,19 @@ define vault_env
export INCUS_CONFIG_DIR=$$(mktemp -d) && \
trap "rm -rf $$INCUS_CONFIG_DIR" EXIT && \
mkdir -p $$INCUS_CONFIG_DIR && \
printf '%s\n' "$$INCUS_CLIENT_CRT" > $$INCUS_CONFIG_DIR/client.crt && \
printf '%s\n' "$$INCUS_CLIENT_KEY" > $$INCUS_CONFIG_DIR/client.key
mkdir -p $$INCUS_CONFIG_DIR/servercerts && \
printf '%s\n' "$$INCUS_CONF_INCUSIMAGES_CERT" > $$INCUS_CONFIG_DIR/servercerts/incus-images.crt && \
printf '%s\n' "$$INCUS_CONF_CONFIG_YAML" > $$INCUS_CONFIG_DIR/config.yml && \
if [ -f /etc/pki/tls/vault/certificate.crt ] && [ -f /etc/pki/tls/vault/private.key ]; then \
cp /etc/pki/tls/vault/certificate.crt $$INCUS_CONFIG_DIR/client.crt && \
cp /etc/pki/tls/vault/private.key $$INCUS_CONFIG_DIR/client.key; \
elif [ -f $$HOME/.config/incus/client.crt ] && [ -f $$HOME/.config/incus/client.key ]; then \
cp $$HOME/.config/incus/client.crt $$INCUS_CONFIG_DIR/client.crt && \
cp $$HOME/.config/incus/client.key $$INCUS_CONFIG_DIR/client.key; \
else \
printf '%s\n' "$$INCUS_CLIENT_CRT" > $$INCUS_CONFIG_DIR/client.crt && \
printf '%s\n' "$$INCUS_CLIENT_KEY" > $$INCUS_CONFIG_DIR/client.key; \
fi
endef
clean:
@@ -35,11 +46,11 @@ init:
plan: init
@$(call vault_env) && \
terragrunt run --all --parallelism 8 --non-interactive plan
terragrunt run --all --parallelism 4 --non-interactive plan
apply: init
@$(call vault_env) && \
terragrunt run --all --parallelism 5 --non-interactive apply
terragrunt run --all --parallelism 2 --non-interactive apply
output:
@$(call vault_env) && \
+10
View File
@@ -159,6 +159,16 @@ shared_apps_jellyfin:
properties:
source: /shared/apps/jellyfin
path: /shared/apps/jellyfin
shared_apps_maildata:
description: "Mount /shared/apps/maildata directly into the container"
project: null
config: {}
devices:
- type: disk
name: maildata-shared
properties:
source: /shared/apps/maildata
path: /shared/apps/maildata
# storage
disk10:
+1 -1
View File
@@ -10,4 +10,4 @@ storage_volumes:
pool: fastpool
path: /data
config:
size: 50GB
size: 100GB
+1 -1
View File
@@ -10,4 +10,4 @@ storage_volumes:
pool: fastpool
path: /data
config:
size: 50GB
size: 100GB
+1 -1
View File
@@ -10,4 +10,4 @@ storage_volumes:
pool: fastpool
path: /data
config:
size: 50GB
size: 100GB
@@ -0,0 +1,7 @@
description: TestHost
cobbler_mgmt_classes:
- roles::base
profiles:
- disk10
- net_com1_eth0
- 2core4096
@@ -0,0 +1,54 @@
locals {
node_name = "prodnxsr0013"
config_common = yamldecode(file("${get_terragrunt_dir()}/../config_common.yaml"))
config_specific = yamldecode(file("${get_terragrunt_dir()}/config.yaml"))
config = merge(local.config_common, local.config_specific)
instance_name = basename(get_terragrunt_dir())
}
inputs = merge(
{
name = local.instance_name
},
local.config
)
include "root" {
path = find_in_parent_folders("root.hcl")
}
include "instances" {
path = find_in_parent_folders("instances.hcl")
expose = true
merge_strategy = "deep"
}
dependencies {
paths = ["${get_repo_root()}/config/nodes/${local.node_name}"]
}
generate "incus" {
path = "incus.tf"
if_exists = "overwrite_terragrunt"
contents = <<-EOF
provider "incus" {
generate_client_certificates = false
accept_remote_certificate = true
config_dir = "${get_env("INCUS_CONFIG_DIR")}"
remote {
name = "${basename(get_terragrunt_dir())}"
scheme = "https"
address = "${yamldecode(file("${get_repo_root()}/config/nodes/${local.node_name}/config.yaml")).node_addr}"
port = "${yamldecode(file("${get_repo_root()}/config/nodes/${local.node_name}/config.yaml")).node_port}"
token = "${get_env("INCUS_TOKEN_${upper(local.node_name)}")}"
default = true
}
}
EOF
}
terraform {
source = "${get_repo_root()}/modules/instance"
}
@@ -0,0 +1,7 @@
description: Postfix MTA
cobbler_mgmt_classes:
- roles::infra::mail::gateway
profiles:
- disk20
- net_dmz1_eth0
- 2core4096
@@ -0,0 +1,54 @@
locals {
node_name = "prodnxsr0009"
config_common = yamldecode(file("${get_terragrunt_dir()}/../config_common.yaml"))
config_specific = yamldecode(file("${get_terragrunt_dir()}/config.yaml"))
config = merge(local.config_common, local.config_specific)
instance_name = basename(get_terragrunt_dir())
}
inputs = merge(
{
name = local.instance_name
},
local.config
)
include "root" {
path = find_in_parent_folders("root.hcl")
}
include "instances" {
path = find_in_parent_folders("instances.hcl")
expose = true
merge_strategy = "deep"
}
dependencies {
paths = ["${get_repo_root()}/config/nodes/${local.node_name}"]
}
generate "incus" {
path = "incus.tf"
if_exists = "overwrite_terragrunt"
contents = <<-EOF
provider "incus" {
generate_client_certificates = false
accept_remote_certificate = true
config_dir = "${get_env("INCUS_CONFIG_DIR")}"
remote {
name = "${basename(get_terragrunt_dir())}"
scheme = "https"
address = "${yamldecode(file("${get_repo_root()}/config/nodes/${local.node_name}/config.yaml")).node_addr}"
port = "${yamldecode(file("${get_repo_root()}/config/nodes/${local.node_name}/config.yaml")).node_port}"
token = "${get_env("INCUS_TOKEN_${upper(local.node_name)}")}"
default = true
}
}
EOF
}
terraform {
source = "${get_repo_root()}/modules/instance"
}
@@ -0,0 +1,7 @@
description: Postfix MTA
cobbler_mgmt_classes:
- roles::infra::mail::gateway
profiles:
- disk20
- net_dmz1_eth0
- 2core4096
@@ -0,0 +1,54 @@
locals {
node_name = "prodnxsr0010"
config_common = yamldecode(file("${get_terragrunt_dir()}/../config_common.yaml"))
config_specific = yamldecode(file("${get_terragrunt_dir()}/config.yaml"))
config = merge(local.config_common, local.config_specific)
instance_name = basename(get_terragrunt_dir())
}
inputs = merge(
{
name = local.instance_name
},
local.config
)
include "root" {
path = find_in_parent_folders("root.hcl")
}
include "instances" {
path = find_in_parent_folders("instances.hcl")
expose = true
merge_strategy = "deep"
}
dependencies {
paths = ["${get_repo_root()}/config/nodes/${local.node_name}"]
}
generate "incus" {
path = "incus.tf"
if_exists = "overwrite_terragrunt"
contents = <<-EOF
provider "incus" {
generate_client_certificates = false
accept_remote_certificate = true
config_dir = "${get_env("INCUS_CONFIG_DIR")}"
remote {
name = "${basename(get_terragrunt_dir())}"
scheme = "https"
address = "${yamldecode(file("${get_repo_root()}/config/nodes/${local.node_name}/config.yaml")).node_addr}"
port = "${yamldecode(file("${get_repo_root()}/config/nodes/${local.node_name}/config.yaml")).node_port}"
token = "${get_env("INCUS_TOKEN_${upper(local.node_name)}")}"
default = true
}
}
EOF
}
terraform {
source = "${get_repo_root()}/modules/instance"
}
@@ -0,0 +1,7 @@
description: Postfix MTA
cobbler_mgmt_classes:
- roles::infra::mail::gateway
profiles:
- disk20
- net_dmz1_eth0
- 2core4096
@@ -0,0 +1,54 @@
locals {
node_name = "prodnxsr0011"
config_common = yamldecode(file("${get_terragrunt_dir()}/../config_common.yaml"))
config_specific = yamldecode(file("${get_terragrunt_dir()}/config.yaml"))
config = merge(local.config_common, local.config_specific)
instance_name = basename(get_terragrunt_dir())
}
inputs = merge(
{
name = local.instance_name
},
local.config
)
include "root" {
path = find_in_parent_folders("root.hcl")
}
include "instances" {
path = find_in_parent_folders("instances.hcl")
expose = true
merge_strategy = "deep"
}
dependencies {
paths = ["${get_repo_root()}/config/nodes/${local.node_name}"]
}
generate "incus" {
path = "incus.tf"
if_exists = "overwrite_terragrunt"
contents = <<-EOF
provider "incus" {
generate_client_certificates = false
accept_remote_certificate = true
config_dir = "${get_env("INCUS_CONFIG_DIR")}"
remote {
name = "${basename(get_terragrunt_dir())}"
scheme = "https"
address = "${yamldecode(file("${get_repo_root()}/config/nodes/${local.node_name}/config.yaml")).node_addr}"
port = "${yamldecode(file("${get_repo_root()}/config/nodes/${local.node_name}/config.yaml")).node_port}"
token = "${get_env("INCUS_TOKEN_${upper(local.node_name)}")}"
default = true
}
}
EOF
}
terraform {
source = "${get_repo_root()}/modules/instance"
}
@@ -0,0 +1,8 @@
description: Dovecot Backend
cobbler_mgmt_classes:
- roles::infra::mail::backend
profiles:
- disk20
- net_com1_eth0
- 2core4096
- shared_apps_maildata
@@ -0,0 +1,54 @@
locals {
node_name = "prodnxsr0012"
config_common = yamldecode(file("${get_terragrunt_dir()}/../config_common.yaml"))
config_specific = yamldecode(file("${get_terragrunt_dir()}/config.yaml"))
config = merge(local.config_common, local.config_specific)
instance_name = basename(get_terragrunt_dir())
}
inputs = merge(
{
name = local.instance_name
},
local.config
)
include "root" {
path = find_in_parent_folders("root.hcl")
}
include "instances" {
path = find_in_parent_folders("instances.hcl")
expose = true
merge_strategy = "deep"
}
dependencies {
paths = ["${get_repo_root()}/config/nodes/${local.node_name}"]
}
generate "incus" {
path = "incus.tf"
if_exists = "overwrite_terragrunt"
contents = <<-EOF
provider "incus" {
generate_client_certificates = false
accept_remote_certificate = true
config_dir = "${get_env("INCUS_CONFIG_DIR")}"
remote {
name = "${basename(get_terragrunt_dir())}"
scheme = "https"
address = "${yamldecode(file("${get_repo_root()}/config/nodes/${local.node_name}/config.yaml")).node_addr}"
port = "${yamldecode(file("${get_repo_root()}/config/nodes/${local.node_name}/config.yaml")).node_port}"
token = "${get_env("INCUS_TOKEN_${upper(local.node_name)}")}"
default = true
}
}
EOF
}
terraform {
source = "${get_repo_root()}/modules/instance"
}
@@ -0,0 +1,8 @@
description: Dovecot Backend
cobbler_mgmt_classes:
- roles::infra::mail::backend
profiles:
- disk20
- net_com1_eth0
- 2core4096
- shared_apps_maildata
@@ -0,0 +1,54 @@
locals {
node_name = "prodnxsr0013"
config_common = yamldecode(file("${get_terragrunt_dir()}/../config_common.yaml"))
config_specific = yamldecode(file("${get_terragrunt_dir()}/config.yaml"))
config = merge(local.config_common, local.config_specific)
instance_name = basename(get_terragrunt_dir())
}
inputs = merge(
{
name = local.instance_name
},
local.config
)
include "root" {
path = find_in_parent_folders("root.hcl")
}
include "instances" {
path = find_in_parent_folders("instances.hcl")
expose = true
merge_strategy = "deep"
}
dependencies {
paths = ["${get_repo_root()}/config/nodes/${local.node_name}"]
}
generate "incus" {
path = "incus.tf"
if_exists = "overwrite_terragrunt"
contents = <<-EOF
provider "incus" {
generate_client_certificates = false
accept_remote_certificate = true
config_dir = "${get_env("INCUS_CONFIG_DIR")}"
remote {
name = "${basename(get_terragrunt_dir())}"
scheme = "https"
address = "${yamldecode(file("${get_repo_root()}/config/nodes/${local.node_name}/config.yaml")).node_addr}"
port = "${yamldecode(file("${get_repo_root()}/config/nodes/${local.node_name}/config.yaml")).node_port}"
token = "${get_env("INCUS_TOKEN_${upper(local.node_name)}")}"
default = true
}
}
EOF
}
terraform {
source = "${get_repo_root()}/modules/instance"
}
@@ -0,0 +1,8 @@
description: Dovecot Backend
cobbler_mgmt_classes:
- roles::infra::mail::backend
profiles:
- disk20
- net_com1_eth0
- 2core4096
- shared_apps_maildata
@@ -0,0 +1,54 @@
locals {
node_name = "prodnxsr0009"
config_common = yamldecode(file("${get_terragrunt_dir()}/../config_common.yaml"))
config_specific = yamldecode(file("${get_terragrunt_dir()}/config.yaml"))
config = merge(local.config_common, local.config_specific)
instance_name = basename(get_terragrunt_dir())
}
inputs = merge(
{
name = local.instance_name
},
local.config
)
include "root" {
path = find_in_parent_folders("root.hcl")
}
include "instances" {
path = find_in_parent_folders("instances.hcl")
expose = true
merge_strategy = "deep"
}
dependencies {
paths = ["${get_repo_root()}/config/nodes/${local.node_name}"]
}
generate "incus" {
path = "incus.tf"
if_exists = "overwrite_terragrunt"
contents = <<-EOF
provider "incus" {
generate_client_certificates = false
accept_remote_certificate = true
config_dir = "${get_env("INCUS_CONFIG_DIR")}"
remote {
name = "${basename(get_terragrunt_dir())}"
scheme = "https"
address = "${yamldecode(file("${get_repo_root()}/config/nodes/${local.node_name}/config.yaml")).node_addr}"
port = "${yamldecode(file("${get_repo_root()}/config/nodes/${local.node_name}/config.yaml")).node_port}"
token = "${get_env("INCUS_TOKEN_${upper(local.node_name)}")}"
default = true
}
}
EOF
}
terraform {
source = "${get_repo_root()}/modules/instance"
}
@@ -0,0 +1,7 @@
description: ExternalDNS For K8S
cobbler_mgmt_classes:
- roles::infra::dns::externaldns
profiles:
- disk20
- net_com1_eth0
- 2core3072
@@ -0,0 +1,54 @@
locals {
node_name = "prodnxsr0010"
config_common = yamldecode(file("${get_terragrunt_dir()}/../config_common.yaml"))
config_specific = yamldecode(file("${get_terragrunt_dir()}/config.yaml"))
config = merge(local.config_common, local.config_specific)
instance_name = basename(get_terragrunt_dir())
}
inputs = merge(
{
name = local.instance_name
},
local.config
)
include "root" {
path = find_in_parent_folders("root.hcl")
}
include "instances" {
path = find_in_parent_folders("instances.hcl")
expose = true
merge_strategy = "deep"
}
dependencies {
paths = ["${get_repo_root()}/config/nodes/${local.node_name}"]
}
generate "incus" {
path = "incus.tf"
if_exists = "overwrite_terragrunt"
contents = <<-EOF
provider "incus" {
generate_client_certificates = false
accept_remote_certificate = true
config_dir = "${get_env("INCUS_CONFIG_DIR")}"
remote {
name = "${basename(get_terragrunt_dir())}"
scheme = "https"
address = "${yamldecode(file("${get_repo_root()}/config/nodes/${local.node_name}/config.yaml")).node_addr}"
port = "${yamldecode(file("${get_repo_root()}/config/nodes/${local.node_name}/config.yaml")).node_port}"
token = "${get_env("INCUS_TOKEN_${upper(local.node_name)}")}"
default = true
}
}
EOF
}
terraform {
source = "${get_repo_root()}/modules/instance"
}
@@ -0,0 +1,7 @@
description: ExternalDNS For K8S
cobbler_mgmt_classes:
- roles::infra::dns::externaldns
profiles:
- disk20
- net_com1_eth0
- 2core3072
@@ -0,0 +1,54 @@
locals {
node_name = "prodnxsr0011"
config_common = yamldecode(file("${get_terragrunt_dir()}/../config_common.yaml"))
config_specific = yamldecode(file("${get_terragrunt_dir()}/config.yaml"))
config = merge(local.config_common, local.config_specific)
instance_name = basename(get_terragrunt_dir())
}
inputs = merge(
{
name = local.instance_name
},
local.config
)
include "root" {
path = find_in_parent_folders("root.hcl")
}
include "instances" {
path = find_in_parent_folders("instances.hcl")
expose = true
merge_strategy = "deep"
}
dependencies {
paths = ["${get_repo_root()}/config/nodes/${local.node_name}"]
}
generate "incus" {
path = "incus.tf"
if_exists = "overwrite_terragrunt"
contents = <<-EOF
provider "incus" {
generate_client_certificates = false
accept_remote_certificate = true
config_dir = "${get_env("INCUS_CONFIG_DIR")}"
remote {
name = "${basename(get_terragrunt_dir())}"
scheme = "https"
address = "${yamldecode(file("${get_repo_root()}/config/nodes/${local.node_name}/config.yaml")).node_addr}"
port = "${yamldecode(file("${get_repo_root()}/config/nodes/${local.node_name}/config.yaml")).node_port}"
token = "${get_env("INCUS_TOKEN_${upper(local.node_name)}")}"
default = true
}
}
EOF
}
terraform {
source = "${get_repo_root()}/modules/instance"
}
@@ -0,0 +1,7 @@
description: ExternalDNS For K8S
cobbler_mgmt_classes:
- roles::infra::dns::externaldns
profiles:
- disk20
- net_com1_eth0
- 2core3072
@@ -0,0 +1,54 @@
locals {
node_name = "prodnxsr0012"
config_common = yamldecode(file("${get_terragrunt_dir()}/../config_common.yaml"))
config_specific = yamldecode(file("${get_terragrunt_dir()}/config.yaml"))
config = merge(local.config_common, local.config_specific)
instance_name = basename(get_terragrunt_dir())
}
inputs = merge(
{
name = local.instance_name
},
local.config
)
include "root" {
path = find_in_parent_folders("root.hcl")
}
include "instances" {
path = find_in_parent_folders("instances.hcl")
expose = true
merge_strategy = "deep"
}
dependencies {
paths = ["${get_repo_root()}/config/nodes/${local.node_name}"]
}
generate "incus" {
path = "incus.tf"
if_exists = "overwrite_terragrunt"
contents = <<-EOF
provider "incus" {
generate_client_certificates = false
accept_remote_certificate = true
config_dir = "${get_env("INCUS_CONFIG_DIR")}"
remote {
name = "${basename(get_terragrunt_dir())}"
scheme = "https"
address = "${yamldecode(file("${get_repo_root()}/config/nodes/${local.node_name}/config.yaml")).node_addr}"
port = "${yamldecode(file("${get_repo_root()}/config/nodes/${local.node_name}/config.yaml")).node_port}"
token = "${get_env("INCUS_TOKEN_${upper(local.node_name)}")}"
default = true
}
}
EOF
}
terraform {
source = "${get_repo_root()}/modules/instance"
}