Init, no funciona. Falta hostname resolution.

.gitignore

@@ -0,0 +1,42 @@
+bootstrap.sh
+
+### Ansible ###
+*.retry
+
+### Terraform ###
+# Local .terraform directories
+terraform/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+terraform/.
+terraform.lock.hcl
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc

ansible.cfg

@@ -0,0 +1,6 @@
+[defaults]
+inventory = ansible/inventory.proxmox.yml
+host_key_checking = False
+
+[inventory]
+enable_plugins = host_list, ini, yaml, community.general.proxmox

ansible/group_vars/all.yml

@@ -0,0 +1,5 @@
+---
+docker_users:
+  - infra
+bin_compose_dir: /srv/bin
+bin_git_repo: https://github.com/w4/bin.git

ansible/inventory.proxmox.yml

@@ -0,0 +1,9 @@
+plugin: community.general.proxmox
+url: https://10.10.8.123:8006/
+user: root@pam
+token_id: kpr-genesis
+token_secret: "{{ lookup('env', 'PROXMOX_TOKEN') }}"
+validate_certs: false
+node: pacifica
+host_filter: "^bin$"
+want_facts: true

ansible/requirements.yml

@@ -0,0 +1,6 @@
+---
+roles:
+  - name: arch_docker
+    src: geerlingguy.docker
+collections:
+  - community.docker

ansible/roles/bin/tasks/main.yml

@@ -0,0 +1,22 @@
+---
+- name: Ensure compose directory exists
+  file:
+    path: "{{ bin_compose_dir }}"
+    state: directory
+    owner: infra
+    group: infra
+    mode: '0755'
+
+- name: Copy docker-compose template
+  template:
+    src: docker-compose.yml.j2
+    dest: "{{ bin_compose_dir }}/docker-compose.yml"
+    owner: infra
+    group: infra
+    mode: '0644'
+
+- name: Pull latest w4/bin image & launch stack
+  community.docker.docker_compose_v2:
+    project_src: "{{ bin_compose_dir }}"
+    pull: true
+    state: present

ansible/roles/bin/templates/docker-compose.yml.j2

@@ -0,0 +1,10 @@
+version: "3.9"
+services:
+  bin:
+    image: ghcr.io/w4/bin:latest
+    # Uncomment if you prefer to build from source
+    # build: "{{ bin_git_repo }}"
+    container_name: pastebin
+    ports:
+      - "8000:8000"
+    restart: unless-stopped

ansible/roles/docker/tasks/main.yml

@@ -0,0 +1,23 @@
+---
+- name: Install Docker and dependencies (Arch)
+  pacman:
+    name:
+      - docker
+      - docker-buildx
+      - docker-compose-plugin
+      - git
+    state: present
+    update_cache: true
+
+- name: Enable & start Docker
+  systemd:
+    name: docker
+    enabled: true
+    state: started
+
+- name: Add {{ item }} to docker group
+  user:
+    name: "{{ item }}"
+    groups: docker
+    append: yes
+  loop: "{{ docker_users }}"

ansible/site.yml

@@ -0,0 +1,6 @@
+---
+- hosts: bin
+  become: true
+  roles:
+    - docker
+    - bin

id_ed25519.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJehnf4WdULkVYd8JpTUsHyqz2Oet1wSt0yD8qBT0aB5 infra@kpr-genesis

scripts/run_pipeline.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+LOCK="$HOME/.infra.lock"
+exec 200>$LOCK
+flock -n 200 || { echo "pipeline already running"; exit 0; }
+
+cd "$(dirname "$0")/.."
+
+#git pull --ff-only
+
+export TF_IN_AUTOMATION=1
+terraform -chdir=terraform init -upgrade
+terraform -chdir=terraform apply -auto-approve
+
+ansible-playbook ansible/site.yml

terraform/main.tf

@@ -0,0 +1,35 @@
+provider "proxmox" {
+  pm_api_url      = var.pm_api_url
+  pm_api_token_id = "${var.pm_user}!kpr-genesis"
+  pm_api_token_secret = var.pm_token
+  pm_tls_insecure = true
+}
+
+resource "proxmox_lxc" "bin" {
+  target_node = var.node
+  hostname    = "bin"
+  ostemplate  = var.arch_template
+
+  password = var.bin_lxc_password
+  cores    = 1
+  memory   = 512
+
+  rootfs {
+    storage = "local-lvm"
+    size    = "4G"
+  }
+
+  network {
+    name = "eth0"
+    bridge = "vmbr0"
+    ip = "dhcp"
+  }
+
+  ssh_public_keys = file("${path.module}/../id_ed25519.pub")
+
+  unprivileged = true
+  features {
+    nesting = true   # allows Docker overlay
+    #fuse    = true   # useful for Docker
+  }
+}

terraform/variables.tf

@@ -0,0 +1,9 @@
+variable "pm_api_url"   { type = string }
+variable "pm_user"      { type = string }
+variable "pm_token"     { type = string }
+variable "node"         { type = string }   # e.g. pve01
+variable "arch_template"{
+  type    = string
+  default = "local:vztmpl/archlinux-base_20240911-1_amd64.tar.zst"
+}
+variable "bin_lxc_password" { type = string }

terraform/versions.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 1.8.0"
+  required_providers {
+    proxmox = {
+      source  = "telmate/proxmox"
+      version = ">= 2.9.0, < 3.0.0"
+    }
+  }
+}