juanlu.space / tangled-knot-iac
IaC for a Tangled Knot
fork atom

Compare changes

Choose any two refs to compare.

options
unified split
Changed files
+277 -18
.gitignore
config
deploy.yaml
inventory
dev
incus.yaml
incus_groups.yaml
incus.yaml
prod
clouding.py
clouding_groups.yaml
ping.yaml
infra
prod
.terraform.lock.hcl
main.tf
+1
.gitignore 
···

       
41

       
41

       
 

       
terraform.rc


     

       
42

       
42

       
 

       



     

       
43

       
43

       
 

       
# End of https://www.toptal.com/developers/gitignore/api/ansible,terraform


     

       

       
44

       
+

       
.envrc
+1 -1
config/deploy.yaml 
···

       
1

       
1

       
 

       
---


     

       
2

       
2

       
 

       
- name: Deploy Tangled Knot


     

       
3

       

       
-

       
  hosts: all


     

       

       
3

       
+

       
  hosts: knot_servers


     

       
4

       
4

       
 

       
  become: true


     

       
5

       
5

       
 

       



     

       
6

       
6

       
 

       
  roles:
+10
config/inventory/dev/incus.yaml 
···

       

       
1

       
+

       
---


     

       

       
2

       
+

       
plugin: community.general.incus


     

       

       
3

       
+

       
strict: true


     

       

       
4

       
+

       



     

       

       
5

       
+

       
remotes:


     

       

       
6

       
+

       
  - local:tangled


     

       

       
7

       
+

       



     

       

       
8

       
+

       
compose:


     

       

       
9

       
+

       
  ansible_connection: "'community.general.incus'"


     

       

       
10

       
+

       
  ansible_python_interpreter: "'auto_silent'"
+6
config/inventory/dev/incus_groups.yaml 
···

       

       
1

       
+

       
---


     

       

       
2

       
+

       
all:


     

       

       
3

       
+

       
  children:


     

       

       
4

       
+

       
    knot_servers:


     

       

       
5

       
+

       
      hosts:


     

       

       
6

       
+

       
        nudo0.tangled.local: {}
-10
config/inventory/incus.yaml 
···

       
1

       

       
-

       
---


     

       
2

       

       
-

       
plugin: community.general.incus


     

       
3

       

       
-

       
strict: true


     

       
4

       

       
-

       



     

       
5

       

       
-

       
remotes:


     

       
6

       

       
-

       
  - local:tangled


     

       
7

       

       
-

       



     

       
8

       

       
-

       
compose:


     

       
9

       

       
-

       
  ansible_connection: "'community.general.incus'"


     

       
10

       

       
-

       
  ansible_python_interpreter: "'auto_silent'"
+127
config/inventory/prod/clouding.py 
···

       

       
1

       
+

       
#!/usr/bin/env python3


     

       

       
2

       
+

       
"""


     

       

       
3

       
+

       
Dynamic inventory script for Clouding.io servers.


     

       

       
4

       
+

       
Fetches server list from Clouding API and generates Ansible inventory.


     

       

       
5

       
+

       



     

       

       
6

       
+

       
Requirements:


     

       

       
7

       
+

       
- CLOUDING_TOKEN environment variable with API token


     

       

       
8

       
+

       



     

       

       
9

       
+

       
Usage:


     

       

       
10

       
+

       
    ansible-inventory -i inventory/prod/clouding.py --list


     

       

       
11

       
+

       
    ansible-playbook -i inventory/prod/clouding.py playbook.yaml


     

       

       
12

       
+

       
"""


     

       

       
13

       
+

       



     

       

       
14

       
+

       
from __future__ import annotations


     

       

       
15

       
+

       



     

       

       
16

       
+

       
import json


     

       

       
17

       
+

       
import os


     

       

       
18

       
+

       
import sys


     

       

       
19

       
+

       
from urllib.request import Request, urlopen


     

       

       
20

       
+

       
from urllib.error import URLError, HTTPError


     

       

       
21

       
+

       
from dataclasses import dataclass


     

       

       
22

       
+

       



     

       

       
23

       
+

       



     

       

       
24

       
+

       
@dataclass


     

       

       
25

       
+

       
class CloudingInventory:


     

       

       
26

       
+

       
    """Dynamic inventory for Clouding.io servers."""


     

       

       
27

       
+

       



     

       

       
28

       
+

       
    inventory: dict


     

       

       
29

       
+

       
    api_token: str


     

       

       
30

       
+

       
    endpoint: str = "https://api.clouding.io/v1/servers/"


     

       

       
31

       
+

       



     

       

       
32

       
+

       
    @classmethod


     

       

       
33

       
+

       
    def create(cls, endpoint: str | None = None) -> CloudingInventory:


     

       

       
34

       
+

       
        api_token = os.environ.get("CLOUDING_TOKEN")


     

       

       
35

       
+

       
        if not api_token:


     

       

       
36

       
+

       
            print("Error: CLOUDING_TOKEN environment variable not set", file=sys.stderr)


     

       

       
37

       
+

       
            sys.exit(1)


     

       

       
38

       
+

       



     

       

       
39

       
+

       
        inventory = {"_meta": {"hostvars": {}}, "all": {"children": ["ungrouped"]}}


     

       

       
40

       
+

       



     

       

       
41

       
+

       
        if endpoint:


     

       

       
42

       
+

       
            return cls(inventory, api_token, endpoint)


     

       

       
43

       
+

       
        else:


     

       

       
44

       
+

       
            return cls(inventory, api_token)


     

       

       
45

       
+

       



     

       

       
46

       
+

       
    def fetch_servers(self):


     

       

       
47

       
+

       
        """Fetch server list from Clouding API."""


     

       

       
48

       
+

       
        headers = {"X-API-KEY": self.api_token, "Accept": "application/json"}


     

       

       
49

       
+

       



     

       

       
50

       
+

       
        try:


     

       

       
51

       
+

       
            request = Request(self.endpoint, headers=headers)


     

       

       
52

       
+

       
            with urlopen(request) as response:


     

       

       
53

       
+

       
                data = json.loads(response.read().decode("utf-8"))


     

       

       
54

       
+

       
                return data.get("servers", [])


     

       

       
55

       
+

       
        except HTTPError as e:


     

       

       
56

       
+

       
            print(f"HTTP Error {e.code}: {e.reason}", file=sys.stderr)


     

       

       
57

       
+

       
            sys.exit(1)


     

       

       
58

       
+

       
        except URLError as e:


     

       

       
59

       
+

       
            print(f"URL Error: {e.reason}", file=sys.stderr)


     

       

       
60

       
+

       
            sys.exit(1)


     

       

       
61

       
+

       
        except Exception as e:


     

       

       
62

       
+

       
            print(f"Error fetching servers: {e}", file=sys.stderr)


     

       

       
63

       
+

       
            sys.exit(1)


     

       

       
64

       
+

       



     

       

       
65

       
+

       
    def add_server_to_inventory(self, server):


     

       

       
66

       
+

       
        """Add a server to the inventory."""


     

       

       
67

       
+

       
        server_id = server.get("id")


     

       

       
68

       
+

       
        server_name = server.get("name")


     

       

       
69

       
+

       
        status = server.get("status")


     

       

       
70

       
+

       
        power_state = server.get("powerState")


     

       

       
71

       
+

       
        public_ip = server.get("publicIp")


     

       

       
72

       
+

       



     

       

       
73

       
+

       
        if status != "Active" or power_state != "Running":


     

       

       
74

       
+

       
            return


     

       

       
75

       
+

       



     

       

       
76

       
+

       
        if not public_ip:


     

       

       
77

       
+

       
            return


     

       

       
78

       
+

       



     

       

       
79

       
+

       
        self.inventory["_meta"]["hostvars"][server_name] = {


     

       

       
80

       
+

       
            "ansible_host": public_ip,


     

       

       
81

       
+

       
            "ansible_user": "root",  # Clouding uses root by default


     

       

       
82

       
+

       
            "ansible_python_interpreter": "auto_silent",


     

       

       
83

       
+

       
            "clouding_id": server_id,


     

       

       
84

       
+

       
            "clouding_hostname": server.get("hostname"),


     

       

       
85

       
+

       
            "clouding_status": status,


     

       

       
86

       
+

       
            "clouding_power_state": power_state,


     

       

       
87

       
+

       
            "clouding_vcores": server.get("vCores"),


     

       

       
88

       
+

       
            "clouding_ram_gb": server.get("ramGb"),


     

       

       
89

       
+

       
            "clouding_flavor": server.get("flavor"),


     

       

       
90

       
+

       
            "clouding_volume_size_gb": server.get("volumeSizeGb"),


     

       

       
91

       
+

       
            "clouding_dns_address": server.get("dnsAddress"),


     

       

       
92

       
+

       
        }


     

       

       
93

       
+

       



     

       

       
94

       
+

       
        image = server.get("image", {})


     

       

       
95

       
+

       
        if image:


     

       

       
96

       
+

       
            self.inventory["_meta"]["hostvars"][server_name].update(


     

       

       
97

       
+

       
                {


     

       

       
98

       
+

       
                    "clouding_image_id": image.get("id"),


     

       

       
99

       
+

       
                    "clouding_image_name": image.get("name"),


     

       

       
100

       
+

       
                }


     

       

       
101

       
+

       
            )


     

       

       
102

       
+

       



     

       

       
103

       
+

       
        # Add to 'clouding' group


     

       

       
104

       
+

       
        if "clouding" not in self.inventory:


     

       

       
105

       
+

       
            self.inventory["clouding"] = {"hosts": []}


     

       

       
106

       
+

       
            self.inventory["all"]["children"].append("clouding")


     

       

       
107

       
+

       



     

       

       
108

       
+

       
        if server_name not in self.inventory["clouding"]["hosts"]:


     

       

       
109

       
+

       
            self.inventory["clouding"]["hosts"].append(server_name)


     

       

       
110

       
+

       



     

       

       
111

       
+

       
    def generate_inventory(self):


     

       

       
112

       
+

       
        """Generate the complete inventory."""


     

       

       
113

       
+

       
        servers = self.fetch_servers()


     

       

       
114

       
+

       
        for server in servers:


     

       

       
115

       
+

       
            self.add_server_to_inventory(server)


     

       

       
116

       
+

       
        return self.inventory


     

       

       
117

       
+

       



     

       

       
118

       
+

       



     

       

       
119

       
+

       
def main():


     

       

       
120

       
+

       
    """Main entry point."""


     

       

       
121

       
+

       
    inventory = CloudingInventory.create()


     

       

       
122

       
+

       
    result = inventory.generate_inventory()


     

       

       
123

       
+

       
    print(json.dumps(result, indent=2))


     

       

       
124

       
+

       



     

       

       
125

       
+

       



     

       

       
126

       
+

       
if __name__ == "__main__":


     

       

       
127

       
+

       
    main()
+9
config/inventory/prod/clouding_groups.yaml 
···

       

       
1

       
+

       
---


     

       

       
2

       
+

       
all:


     

       

       
3

       
+

       
  children:


     

       

       
4

       
+

       
    knot_servers:


     

       

       
5

       
+

       
      hosts:


     

       

       
6

       
+

       
        nudo0:


     

       

       
7

       
+

       
          knot_enable_caddy: true


     

       

       
8

       
+

       
          knot_server_hostname: "knot.juanlu.space"


     

       

       
9

       
+

       
          knot_server_owner: "did:plc:p7v4p6njfpdv6gen4bllnkqm"
-7
config/ping.yaml 
···

       
1

       

       
-

       
---


     

       
2

       

       
-

       
- name: Test inventory and connectivity


     

       
3

       

       
-

       
  hosts: all


     

       
4

       

       
-

       
  gather_facts: false


     

       
5

       

       
-

       
  tasks:


     

       
6

       

       
-

       
    - name: Ping


     

       
7

       

       
-

       
      ansible.builtin.ping:
+25
infra/prod/.terraform.lock.hcl 
···

       

       
1

       
+

       
# This file is maintained automatically by "tofu init".


     

       

       
2

       
+

       
# Manual edits may be lost in future updates.


     

       

       
3

       
+

       



     

       

       
4

       
+

       
provider "registry.opentofu.org/renemontilva/clouding" {


     

       

       
5

       
+

       
  version     = "1.0.1"


     

       

       
6

       
+

       
  constraints = ">= 1.0.0"


     

       

       
7

       
+

       
  hashes = [


     

       

       
8

       
+

       
    "h1:YlLCHWZ0KDPYLw6VPBict8KKsHZVcm0pvWW/kNGjIno=",


     

       

       
9

       
+

       
    "zh:187eb96cd2a0768727d735a1a2d0795e46fd783405c133376251d9f24c8effe4",


     

       

       
10

       
+

       
    "zh:5ac07c6342f45dccedb7fdb2ab8f62ab008b13c0d9b0290b7ae8af59bae55613",


     

       

       
11

       
+

       
    "zh:700f9e08c12ac505307ca08a5516b546a0e5c3f392aae5909fde9f2fa3992000",


     

       

       
12

       
+

       
    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",


     

       

       
13

       
+

       
    "zh:9189d1869e76cf376bca9cc29568a75074d7783035f181e1951daca002cf016f",


     

       

       
14

       
+

       
    "zh:9381dc7d860f76688a0aaf390b2e9fa74cdb6a2e75cf1d7b98d9abe6896be316",


     

       

       
15

       
+

       
    "zh:9e151d6ae3e105d9d09147e6e340e863489b7e4f5cdb03bb7bc891ba61976a35",


     

       

       
16

       
+

       
    "zh:a43a7350787cd2f58753b41b7c1f9164b8c921590be7f45b9ebb96bff5f93363",


     

       

       
17

       
+

       
    "zh:a8736ca52ff81e74d820aaea8cb881432bb12d7d9576968f97dc887ac871d048",


     

       

       
18

       
+

       
    "zh:d9eaf212086176c75fd954f76c62628b59456913033b5bc1c733335af1bf5f57",


     

       

       
19

       
+

       
    "zh:de283437e2d335cf9249c527c77f56a888d870125d3623f7b51c56fc2f5a7281",


     

       

       
20

       
+

       
    "zh:dfdad92f93b603f1863b2d66c72acdf5d044e37488fe2d45c83e3ba512412862",


     

       

       
21

       
+

       
    "zh:e2c5446a7705d34f3e44037c88eec213fc291d11d810315ca9942fd0cfda8071",


     

       

       
22

       
+

       
    "zh:ebb9bc6639d8bfa9edfb3927f31ab012b76f158c95f96055af3dbfbfbb99e10d",


     

       

       
23

       
+

       
    "zh:ec431afc740d6b1c1c29f37f3de3a751c55ce18cae2bbd215e435ec79a64ce65",


     

       

       
24

       
+

       
  ]


     

       

       
25

       
+

       
}
+98
infra/prod/main.tf 
···

       

       
1

       
+

       
terraform {


     

       

       
2

       
+

       
  required_providers {


     

       

       
3

       
+

       
    clouding = {


     

       

       
4

       
+

       
      source  = "astrojuanlu/clouding"


     

       

       
5

       
+

       
      version = "1.0.1"


     

       

       
6

       
+

       
    }


     

       

       
7

       
+

       
  }


     

       

       
8

       
+

       
}


     

       

       
9

       
+

       



     

       

       
10

       
+

       
provider "clouding" {}


     

       

       
11

       
+

       



     

       

       
12

       
+

       
data "clouding_sshkey" "main" {


     

       

       
13

       
+

       
  id = "LQbN5nv9krK9JaeZ"


     

       

       
14

       
+

       
}


     

       

       
15

       
+

       



     

       

       
16

       
+

       
data "clouding_image" "ubuntu_24_04" {


     

       

       
17

       
+

       
  id = "p06Wq42PGkneDVEb"


     

       

       
18

       
+

       
}


     

       

       
19

       
+

       



     

       

       
20

       
+

       
resource "clouding_firewall" "knot" {


     

       

       
21

       
+

       
  name        = "Knot Firewall"


     

       

       
22

       
+

       
  description = "Firewall rules for Knot server (SSH, Git SSH, Web)"


     

       

       
23

       
+

       
}


     

       

       
24

       
+

       



     

       

       
25

       
+

       
# Allow SSH (port 22)


     

       

       
26

       
+

       
resource "clouding_firewall_rule" "ssh" {


     

       

       
27

       
+

       
  firewall_id    = clouding_firewall.knot.id


     

       

       
28

       
+

       
  description    = "Allow SSH"


     

       

       
29

       
+

       
  protocol       = "tcp"


     

       

       
30

       
+

       
  port_range_min = 22


     

       

       
31

       
+

       
  port_range_max = 22


     

       

       
32

       
+

       
  source_ip      = "0.0.0.0/0"


     

       

       
33

       
+

       
}


     

       

       
34

       
+

       



     

       

       
35

       
+

       
# Allow Git SSH (port 2222)


     

       

       
36

       
+

       
resource "clouding_firewall_rule" "git_ssh" {


     

       

       
37

       
+

       
  firewall_id    = clouding_firewall.knot.id


     

       

       
38

       
+

       
  description    = "Allow Git SSH"


     

       

       
39

       
+

       
  protocol       = "tcp"


     

       

       
40

       
+

       
  port_range_min = 2222


     

       

       
41

       
+

       
  port_range_max = 2222


     

       

       
42

       
+

       
  source_ip      = "0.0.0.0/0"


     

       

       
43

       
+

       
}


     

       

       
44

       
+

       



     

       

       
45

       
+

       
# Allow HTTP (port 80) for Let's Encrypt certificate challenges


     

       

       
46

       
+

       
resource "clouding_firewall_rule" "http" {


     

       

       
47

       
+

       
  firewall_id    = clouding_firewall.knot.id


     

       

       
48

       
+

       
  description    = "Allow HTTP (Let's Encrypt)"


     

       

       
49

       
+

       
  protocol       = "tcp"


     

       

       
50

       
+

       
  port_range_min = 80


     

       

       
51

       
+

       
  port_range_max = 80


     

       

       
52

       
+

       
  source_ip      = "0.0.0.0/0"


     

       

       
53

       
+

       
}


     

       

       
54

       
+

       



     

       

       
55

       
+

       
# Allow HTTPS (port 443) for Caddy SSL proxy


     

       

       
56

       
+

       
resource "clouding_firewall_rule" "https" {


     

       

       
57

       
+

       
  firewall_id    = clouding_firewall.knot.id


     

       

       
58

       
+

       
  description    = "Allow HTTPS (Caddy)"


     

       

       
59

       
+

       
  protocol       = "tcp"


     

       

       
60

       
+

       
  port_range_min = 443


     

       

       
61

       
+

       
  port_range_max = 443


     

       

       
62

       
+

       
  source_ip      = "0.0.0.0/0"


     

       

       
63

       
+

       
}


     

       

       
64

       
+

       



     

       

       
65

       
+

       
# Create a server for Knot


     

       

       
66

       
+

       
resource "clouding_server" "knot0" {


     

       

       
67

       
+

       
  name        = "nudo0"


     

       

       
68

       
+

       
  hostname    = "nudo0"


     

       

       
69

       
+

       
  flavor_id   = "0.5x1"


     

       

       
70

       
+

       
  firewall_id = clouding_firewall.knot.id


     

       

       
71

       
+

       



     

       

       
72

       
+

       
  volume = {


     

       

       
73

       
+

       
    source = "image"


     

       

       
74

       
+

       
    id     = data.clouding_image.ubuntu_24_04.id


     

       

       
75

       
+

       
    ssd_gb = 20


     

       

       
76

       
+

       
  }


     

       

       
77

       
+

       



     

       

       
78

       
+

       
  access_configuration = {


     

       

       
79

       
+

       
    ssh_key_id = data.clouding_sshkey.main.id


     

       

       
80

       
+

       
  }


     

       

       
81

       
+

       



     

       

       
82

       
+

       
  enable_strict_antiddos_filtering = false


     

       

       
83

       
+

       



     

       

       
84

       
+

       
  # backup_preference = {


     

       

       
85

       
+

       
  #   frequency = "OneWeek"


     

       

       
86

       
+

       
  #   slots     = 4


     

       

       
87

       
+

       
  # }


     

       

       
88

       
+

       



     

       

       
89

       
+

       
  # user_data = file("${path.module}/cloud-init.yaml")


     

       

       
90

       
+

       



     

       

       
91

       
+

       
  timeouts = {


     

       

       
92

       
+

       
    create = "10m"


     

       

       
93

       
+

       
  }


     

       

       
94

       
+

       
}


     

       

       
95

       
+

       



     

       

       
96

       
+

       
output "knot0_ipv4" {


     

       

       
97

       
+

       
  value = try(clouding_server.knot0.public_ip, "Not yet assigned")


     

       

       
98

       
+

       
}