iofq/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

monorepo lab stuff, init zen

Browse source
This commit is contained in:
iofq 2025-12-27 22:26:02 -06:00
parent cfc15bba89
commit 645e09f9dd
54 changed files with 67498 additions and 406 deletions
Download patch file Download diff file Expand all files Collapse all files

6
terraform/.gitignore vendored Normal file
View file

@ -0,0 +1,6 @@
terraform.tfvars
*.tfstate
*.pem
*.backup
*.lock*
*.terraform/

19
terraform/compartment.tf Normal file
View file

@ -0,0 +1,19 @@
resource "oci_identity_compartment" "tf-compartment" {
compartment_id = var.tenancy_ocid
description = "Compartment for Terraform resources."
name = var.compartment_name
}
# Source from https://registry.terraform.io/providers/hashicorp/oci/latest/docs/data-sources/identity_availability_domains
# <tenancy-ocid> is the compartment OCID for the root compartment.
# Use <tenancy-ocid> for the compartment OCID.
data "oci_identity_availability_domains" "ads" {
compartment_id = var.tenancy_ocid
}
data "oci_core_boot_volumes" "homelab_boot_volumes" {
availability_domain = data.oci_identity_availability_domains.ads.availability_domains[1].name
compartment_id = oci_identity_compartment.tf-compartment.id
}

59
terraform/compute.tf Normal file
View file

@ -0,0 +1,59 @@
resource "oci_core_instance" "vm_instance_ampere" {
count = 1
availability_domain = data.oci_identity_availability_domains.ads.availability_domains[1].name
compartment_id = oci_identity_compartment.tf-compartment.id
shape = "VM.Standard.A1.Flex"
display_name = join("", [var.vm_name_template, "-arm", count.index])
is_pv_encryption_in_transit_enabled = true
preserve_boot_volume = false
shape_config {
memory_in_gbs = 16
ocpus = 4
}
metadata = {
ssh_authorized_keys = var.ssh_public_key
}
source_details {
source_id = var.vm_image_arm
source_type = "image"
boot_volume_size_in_gbs = 100
}
create_vnic_details {
assign_public_ip = true
subnet_id = oci_core_subnet.homelab_subnet.id
assign_private_dns_record = true
hostname_label = join("", [var.vm_name_template, "-arm", count.index])
nsg_ids = [oci_core_network_security_group.homelab_nsg.id]
}
}
resource "oci_core_instance" "vm_instance_x86_64" {
count = 1
availability_domain = data.oci_identity_availability_domains.ads.availability_domains[2].name
compartment_id = oci_identity_compartment.tf-compartment.id
shape = "VM.Standard.E2.1.Micro"
display_name = join("", [var.vm_name_template, "-x64", count.index])
is_pv_encryption_in_transit_enabled = true
metadata = {
ssh_authorized_keys = var.ssh_public_key
}
source_details {
source_id = var.vm_image_amd64
source_type = "image"
boot_volume_size_in_gbs = 50
}
create_vnic_details {
assign_public_ip = true
subnet_id = oci_core_subnet.homelab_subnet.id
assign_private_dns_record = true
hostname_label = join("", [var.vm_name_template, "-x84", count.index])
nsg_ids = [oci_core_network_security_group.homelab_nsg.id]
}
}

25
terraform/main.tf Normal file
View file

@ -0,0 +1,25 @@
terraform {
required_version = ">= 1.3.0"
cloud {
organization = "lab-xyz"
workspaces {
name = "xyz-homelab"
}
}
required_providers {
oci = {
source = "oracle/oci"
version = ">= 4.90.0"
}
}
}
provider "oci" {
tenancy_ocid = var.tenancy_ocid
user_ocid = var.user_ocid
private_key = var.private_key
fingerprint = var.fingerprint
region = var.region
}

81
terraform/networking.tf Normal file
View file

@ -0,0 +1,81 @@
resource "oci_core_vcn" "homelab_vcn" {
cidr_block = "10.0.0.0/16"
compartment_id = oci_identity_compartment.tf-compartment.id
display_name = var.compartment_name
dns_label = "vcn"
}
resource "oci_core_network_security_group" "homelab_nsg" {
compartment_id = oci_identity_compartment.tf-compartment.id
display_name = "${var.compartment_name}-nsg"
vcn_id = oci_core_vcn.homelab_vcn.id
}
resource "oci_core_internet_gateway" "homelab_ig" {
compartment_id = oci_identity_compartment.tf-compartment.id
display_name = "${var.compartment_name}-ig"
vcn_id = oci_core_vcn.homelab_vcn.id
}
resource "oci_core_route_table" "homelab_rt" {
compartment_id = oci_identity_compartment.tf-compartment.id
vcn_id = oci_core_vcn.homelab_vcn.id
display_name = "${var.compartment_name}-rt"
route_rules {
destination = "0.0.0.0/0"
destination_type = "CIDR_BLOCK"
network_entity_id = oci_core_internet_gateway.homelab_ig.id
}
}
resource "oci_core_subnet" "homelab_subnet" {
#Required
cidr_block = "10.0.0.0/24"
compartment_id = oci_identity_compartment.tf-compartment.id
vcn_id = oci_core_vcn.homelab_vcn.id
dns_label = "homelab"
# Provider code tries to maintain compatibility with old versions.
security_list_ids = [oci_core_security_list.public-security-list.id]
display_name = "${var.compartment_name}-subnet"
route_table_id = oci_core_route_table.homelab_rt.id
}
resource "oci_core_security_list" "public-security-list" {
compartment_id = oci_identity_compartment.tf-compartment.id
vcn_id = oci_core_vcn.homelab_vcn.id
display_name = "public-security-list"
egress_security_rules {
stateless = false
destination = "0.0.0.0/0"
destination_type = "CIDR_BLOCK"
protocol = "all"
}
ingress_security_rules {
stateless = false
source = "0.0.0.0/0"
source_type = "CIDR_BLOCK"
protocol = "all"
description = "allow all"
}
}
resource "oci_core_network_security_group_security_rule" "homelab-network-security-group-list-ingress" {
network_security_group_id = oci_core_network_security_group.homelab_nsg.id
direction = "INGRESS"
source = oci_core_network_security_group.homelab_nsg.id
source_type = "NETWORK_SECURITY_GROUP"
protocol = "all"
stateless = true
}
resource "oci_core_network_security_group_security_rule" "homelab-network-security-group-list-egress" {
network_security_group_id = oci_core_network_security_group.homelab_nsg.id
direction = "EGRESS"
destination = oci_core_network_security_group.homelab_nsg.id
destination_type = "NETWORK_SECURITY_GROUP"
protocol = "all"
stateless = true
}

3
terraform/outputs.tf Normal file
View file

@ -0,0 +1,3 @@
output "x64_public_ip0" {
value = oci_core_instance.vm_instance_x86_64[0].public_ip
}

20
terraform/terraform.tfvars.example Normal file
View file

@ -0,0 +1,20 @@
# https://cloud.oracle.com/org-mgmt/tenancy
tenancy_ocid = ""
# https://cloud.oracle.com/identity/domains/my-profile
user_ocid = ""
# https://cloud.oracle.com/identity/domains/my-profile/api-keys
# contents of the private key, rather than a path pointing to the .pem file
private_key = ""
fingerprint = ""
region = "us-ashburn-1"
# VM Images: https://docs.oracle.com/en-us/iaas/images/
vm_image_arm = "ocid1.image.oc1.iad.aaaaaaaam4d2tsohvgq7cqilhtcnlvp2zmzatb57xuprljhkvqgon73uzeqq"
# SSH keys for remote exec
ssh_public_key = "ssh-ed25519 xxx..."
ssh_private_key = "..."
# OPTIONAL
vm_name_template = "xyz-homelab"
compartment_name = "xyz_homelab"

65
terraform/variables.tf Normal file
View file

@ -0,0 +1,65 @@
variable "compartment_name" {
description = "Name of OCI compartment"
type = string
}
variable "tenancy_ocid" {
description = "Tenancy OCID."
type = string
}
variable "user_ocid" {
description = "User OCID."
type = string
}
variable "vm_image_arm" {
description = "The OCID of the arm VM image to deploy."
type = string
}
variable "vm_image_amd64" {
description = "The OCID of the amd64 VM image to deploy."
type = string
}
variable "vm_name_template" {
description = ""
type = string
}
variable "region" {
description = "The name of the OCI resource region."
type = string
default = "us-ashburn-1"
}
variable "fingerprint" {
description = "Fingerprint of the public API key from OCI."
type = string
}
variable "private_key" {
description = "Contents of the .pem private key, downloaded from Oracle Cloud"
type = string
}
variable "ssh_public_key" {
description = "SSH pubkey string"
type = string
}
variable "ssh_private_key" {
description = "SSH privkey string"
type = string
}
variable "k3s_master_ip" {
description = "IP addr of k3s master, to pass to ansible"
type = string
}
variable "k3s_token" {
description = "k3s token, to pass to ansible"
type = string
}