From f67971a2df2d2b924e286c35f9a10495a86ca363 Mon Sep 17 00:00:00 2001 From: Tyler Witlin Date: Tue, 3 Oct 2023 09:26:24 -0400 Subject: [PATCH] fix: seperate ansible and terraform Signed-off-by: Tyler Witlin --- .editorconfig | 13 +- .gitattributes | 1 + .sops.yaml | 34 +--- .../storage/servers/.envrc | 0 .../storage/servers/ansible.cfg | 0 .../servers/inventory/group_vars/all/os.yml | 0 .../inventory/host_vars/osiris.sops.yml | 0 .../storage}/servers/inventory/hosts.yml | 0 .../storage/servers/playbooks/apps.yml | 0 .../playbooks/cluster-installation.yml | 0 .../servers/playbooks/cluster-nuke.yml | 0 .../servers/playbooks/cluster-prepare.yml | 0 .../storage}/servers/playbooks/prepare.yml | 0 .../servers/playbooks/templates/aliases.j2 | 0 .../servers/playbooks/templates/msmtprc.j2 | 0 .../playbooks/templates/smartd.conf.j2 | 0 .../servers/playbooks/templates/zed.rc.j2 | 0 .../storage}/servers/requirements.yml | 0 .../servers/inventory/group_vars/all/os.yml | 60 ------- .../inventory/group_vars/master/k3s.yml | 28 --- .../storage/servers/inventory/hosts.yml | 10 -- .../storage/servers/playbooks/os.yml | 13 -- .../roles/apps.storage/defaults/main.yml | 1 - .../roles/apps.storage/tasks/kopia.yml | 60 ------- .../roles/apps.storage/tasks/main.yml | 40 ----- .../roles/apps.storage/tasks/netbootxyz.yml | 46 ----- .../apps.storage/tasks/node-exporter.yml | 49 ----- .../apps.storage/tasks/smartctl-exporter.yml | 56 ------ .../roles/apps.storage/tasks/unifi.yml | 55 ------ .../roles/apps.storage/tasks/vector.yml | 56 ------ .../smartctl-exporter.yaml.j2 | 7 - .../templates/vector/vector.yaml.j2 | 13 -- .../roles/apps.storage/vars/main.yml | 16 -- .../roles/os.storage/defaults/main.yml | 1 - .../roles/os.storage/handlers/main.yml | 7 - .../roles/os.storage/tasks/filesystem.yml | 38 ---- .../roles/os.storage/tasks/locale.yml | 4 - .../playbooks/roles/os.storage/tasks/main.yml | 28 --- .../roles/os.storage/tasks/network.yml | 29 --- .../roles/os.storage/tasks/notifications.yml | 21 --- .../roles/os.storage/tasks/packages.yml | 71 -------- .../roles/os.storage/tasks/security.yml | 49 ----- .../playbooks/roles/os.storage/tasks/user.yml | 51 ------ .../roles/os.storage/templates/aliases.j2 | 14 -- .../roles/os.storage/templates/msmtprc.j2 | 17 -- .../roles/os.storage/templates/smartd.conf.j2 | 2 - .../roles/os.storage/templates/zed.rc.j2 | 6 - .../playbooks/roles/os.storage/vars/main.yml | 54 ------ .../playbooks/roles/zfs.storage/tasks/zfs.yml | 20 --- infrastructure/vault/servers/.envrc | 3 - infrastructure/vault/servers/ansible.cfg | 35 ---- .../inventory/host_vars/osiris.sops.yml | 25 --- .../vault/servers/playbooks/apps.yml | 15 -- .../playbooks/cluster-installation.yml | 18 -- .../vault/servers/playbooks/cluster-nuke.yml | 29 --- .../servers/playbooks/cluster-prepare.yml | 169 ------------------ .../servers/playbooks/templates/aliases.j2 | 14 -- .../servers/playbooks/templates/msmtprc.j2 | 15 -- .../playbooks/templates/smartd.conf.j2 | 2 - .../servers/playbooks/templates/zed.rc.j2 | 8 - .../storage/apps/.terraform.lock.hcl | 19 ++ .../storage/apps/app_kopia.tf | 0 .../storage/apps/app_minio.tf | 0 .../storage/apps/app_node_exporter.tf | 0 .../storage/apps/app_smartctl_exporter.tf | 0 .../storage/apps/app_vector_agent.tf | 0 .../storage/apps/main.tf | 0 .../storage/apps/providers.tf | 0 .../storage/apps/secret.sops.yaml | 0 .../apps/templates/repository.config.tftpl | 0 .../storage/apps/templates/vector.yaml.tftpl | 0 .../storage/apps/variables.tf | 0 72 files changed, 36 insertions(+), 1286 deletions(-) rename {infrastructure => ansible}/storage/servers/.envrc (100%) rename {infrastructure => ansible}/storage/servers/ansible.cfg (100%) rename {infrastructure/vault => ansible/storage}/servers/inventory/group_vars/all/os.yml (100%) rename {infrastructure => ansible}/storage/servers/inventory/host_vars/osiris.sops.yml (100%) rename {infrastructure/vault => ansible/storage}/servers/inventory/hosts.yml (100%) rename {infrastructure => ansible}/storage/servers/playbooks/apps.yml (100%) rename {infrastructure => ansible}/storage/servers/playbooks/cluster-installation.yml (100%) rename {infrastructure => ansible}/storage/servers/playbooks/cluster-nuke.yml (100%) rename {infrastructure => ansible}/storage/servers/playbooks/cluster-prepare.yml (100%) rename {infrastructure/vault => ansible/storage}/servers/playbooks/prepare.yml (100%) rename {infrastructure => ansible}/storage/servers/playbooks/templates/aliases.j2 (100%) rename {infrastructure => ansible}/storage/servers/playbooks/templates/msmtprc.j2 (100%) rename {infrastructure => ansible}/storage/servers/playbooks/templates/smartd.conf.j2 (100%) rename {infrastructure => ansible}/storage/servers/playbooks/templates/zed.rc.j2 (100%) rename {infrastructure/vault => ansible/storage}/servers/requirements.yml (100%) delete mode 100644 infrastructure/storage/servers/inventory/group_vars/all/os.yml delete mode 100644 infrastructure/storage/servers/inventory/group_vars/master/k3s.yml delete mode 100644 infrastructure/storage/servers/inventory/hosts.yml delete mode 100644 infrastructure/storage/servers/playbooks/os.yml delete mode 100644 infrastructure/storage/servers/playbooks/roles/apps.storage/defaults/main.yml delete mode 100644 infrastructure/storage/servers/playbooks/roles/apps.storage/tasks/kopia.yml delete mode 100644 infrastructure/storage/servers/playbooks/roles/apps.storage/tasks/main.yml delete mode 100644 infrastructure/storage/servers/playbooks/roles/apps.storage/tasks/netbootxyz.yml delete mode 100644 infrastructure/storage/servers/playbooks/roles/apps.storage/tasks/node-exporter.yml delete mode 100644 infrastructure/storage/servers/playbooks/roles/apps.storage/tasks/smartctl-exporter.yml delete mode 100644 infrastructure/storage/servers/playbooks/roles/apps.storage/tasks/unifi.yml delete mode 100644 infrastructure/storage/servers/playbooks/roles/apps.storage/tasks/vector.yml delete mode 100644 infrastructure/storage/servers/playbooks/roles/apps.storage/templates/smartctl-exporter/smartctl-exporter.yaml.j2 delete mode 100644 infrastructure/storage/servers/playbooks/roles/apps.storage/templates/vector/vector.yaml.j2 delete mode 100644 infrastructure/storage/servers/playbooks/roles/apps.storage/vars/main.yml delete mode 100644 infrastructure/storage/servers/playbooks/roles/os.storage/defaults/main.yml delete mode 100644 infrastructure/storage/servers/playbooks/roles/os.storage/handlers/main.yml delete mode 100644 infrastructure/storage/servers/playbooks/roles/os.storage/tasks/filesystem.yml delete mode 100644 infrastructure/storage/servers/playbooks/roles/os.storage/tasks/locale.yml delete mode 100644 infrastructure/storage/servers/playbooks/roles/os.storage/tasks/main.yml delete mode 100644 infrastructure/storage/servers/playbooks/roles/os.storage/tasks/network.yml delete mode 100644 infrastructure/storage/servers/playbooks/roles/os.storage/tasks/notifications.yml delete mode 100644 infrastructure/storage/servers/playbooks/roles/os.storage/tasks/packages.yml delete mode 100644 infrastructure/storage/servers/playbooks/roles/os.storage/tasks/security.yml delete mode 100644 infrastructure/storage/servers/playbooks/roles/os.storage/tasks/user.yml delete mode 100644 infrastructure/storage/servers/playbooks/roles/os.storage/templates/aliases.j2 delete mode 100644 infrastructure/storage/servers/playbooks/roles/os.storage/templates/msmtprc.j2 delete mode 100644 infrastructure/storage/servers/playbooks/roles/os.storage/templates/smartd.conf.j2 delete mode 100644 infrastructure/storage/servers/playbooks/roles/os.storage/templates/zed.rc.j2 delete mode 100644 infrastructure/storage/servers/playbooks/roles/os.storage/vars/main.yml delete mode 100644 infrastructure/storage/servers/playbooks/roles/zfs.storage/tasks/zfs.yml delete mode 100644 infrastructure/vault/servers/.envrc delete mode 100644 infrastructure/vault/servers/ansible.cfg delete mode 100644 infrastructure/vault/servers/inventory/host_vars/osiris.sops.yml delete mode 100644 infrastructure/vault/servers/playbooks/apps.yml delete mode 100644 infrastructure/vault/servers/playbooks/cluster-installation.yml delete mode 100644 infrastructure/vault/servers/playbooks/cluster-nuke.yml delete mode 100644 infrastructure/vault/servers/playbooks/cluster-prepare.yml delete mode 100644 infrastructure/vault/servers/playbooks/templates/aliases.j2 delete mode 100644 infrastructure/vault/servers/playbooks/templates/msmtprc.j2 delete mode 100644 infrastructure/vault/servers/playbooks/templates/smartd.conf.j2 delete mode 100644 infrastructure/vault/servers/playbooks/templates/zed.rc.j2 rename {infrastructure => terraform}/storage/apps/.terraform.lock.hcl (62%) rename {infrastructure => terraform}/storage/apps/app_kopia.tf (100%) rename {infrastructure => terraform}/storage/apps/app_minio.tf (100%) rename {infrastructure => terraform}/storage/apps/app_node_exporter.tf (100%) rename {infrastructure => terraform}/storage/apps/app_smartctl_exporter.tf (100%) rename {infrastructure => terraform}/storage/apps/app_vector_agent.tf (100%) rename {infrastructure => terraform}/storage/apps/main.tf (100%) rename {infrastructure => terraform}/storage/apps/providers.tf (100%) rename {infrastructure => terraform}/storage/apps/secret.sops.yaml (100%) rename {infrastructure => terraform}/storage/apps/templates/repository.config.tftpl (100%) rename {infrastructure => terraform}/storage/apps/templates/vector.yaml.tftpl (100%) rename {infrastructure => terraform}/storage/apps/variables.tf (100%) diff --git a/.editorconfig b/.editorconfig index 547304ee3c..6e40cb65c7 100644 --- a/.editorconfig +++ b/.editorconfig @@ -1,4 +1,5 @@ -# editorconfig.org +; https://editorconfig.org/ + root = true [*] @@ -9,10 +10,14 @@ charset = utf-8 trim_trailing_whitespace = true insert_final_newline = true -[Makefile] -indent_style = space +[{Makefile,go.mod,go.sum,*.go,.gitmodules}] +indent_style = tab +indent_size = 4 + +[*.md] indent_size = 4 +trim_trailing_whitespace = false -[*.{bash,sh}] +[{Dockerfile,*.bash,*.sh}] indent_style = space indent_size = 4 diff --git a/.gitattributes b/.gitattributes index 17e945311c..8d1628f5d0 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,3 +1,4 @@ * text=auto eol=lf *.sops.* diff=sopsdiffer *.sops.toml linguist-language=JSON +*.yaml.j2 linguist-language=YAML diff --git a/.sops.yaml b/.sops.yaml index 9f4a2177ee..a992e2e8f6 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,35 +1,15 @@ --- creation_rules: - - - path_regex: provision/.*\.sops\.ya?ml - unencrypted_regex: "^(kind)$" - key_groups: - - age: - - age1986cspgjd7xhdwfwmyplc5jsjk43gewedu7s3sr7gwwhrdp7rgzq6t4ax9 - - - - path_regex: kubernetes/.*\.sops\.toml - key_groups: - - age: - - age1986cspgjd7xhdwfwmyplc5jsjk43gewedu7s3sr7gwwhrdp7rgzq6t4ax9 - - - - path_regex: kubernetes/.*\.sops\.ini + - path_regex: kubernetes/.*\.sops\.ya?ml + encrypted_regex: "^(data|stringData)$" key_groups: - age: - - age1986cspgjd7xhdwfwmyplc5jsjk43gewedu7s3sr7gwwhrdp7rgzq6t4ax9 - - - - path_regex: kubernetes/.*\.ya?ml - encrypted_regex: "^(data|stringData)$" + - age15uzrw396e67z9wdzsxzdk7ka0g2gr3l460e0slaea563zll3hdfqwqxdta + - path_regex: kubernetes/.*\.sops\.(env|ini|json|toml) key_groups: - age: - - age1986cspgjd7xhdwfwmyplc5jsjk43gewedu7s3sr7gwwhrdp7rgzq6t4ax9 - - - - path_regex: terraform/.*\.sops\.ya?ml - unencrypted_regex: "^(kind)$" + - age15uzrw396e67z9wdzsxzdk7ka0g2gr3l460e0slaea563zll3hdfqwqxdta + - path_regex: (ansible|terraform)/.*\.sops\.ya?ml key_groups: - age: - - age1986cspgjd7xhdwfwmyplc5jsjk43gewedu7s3sr7gwwhrdp7rgzq6t4ax9 - + - age15uzrw396e67z9wdzsxzdk7ka0g2gr3l460e0slaea563zll3hdfqwqxdta diff --git a/infrastructure/storage/servers/.envrc b/ansible/storage/servers/.envrc similarity index 100% rename from infrastructure/storage/servers/.envrc rename to ansible/storage/servers/.envrc diff --git a/infrastructure/storage/servers/ansible.cfg b/ansible/storage/servers/ansible.cfg similarity index 100% rename from infrastructure/storage/servers/ansible.cfg rename to ansible/storage/servers/ansible.cfg diff --git a/infrastructure/vault/servers/inventory/group_vars/all/os.yml b/ansible/storage/servers/inventory/group_vars/all/os.yml similarity index 100% rename from infrastructure/vault/servers/inventory/group_vars/all/os.yml rename to ansible/storage/servers/inventory/group_vars/all/os.yml diff --git a/infrastructure/storage/servers/inventory/host_vars/osiris.sops.yml b/ansible/storage/servers/inventory/host_vars/osiris.sops.yml similarity index 100% rename from infrastructure/storage/servers/inventory/host_vars/osiris.sops.yml rename to ansible/storage/servers/inventory/host_vars/osiris.sops.yml diff --git a/infrastructure/vault/servers/inventory/hosts.yml b/ansible/storage/servers/inventory/hosts.yml similarity index 100% rename from infrastructure/vault/servers/inventory/hosts.yml rename to ansible/storage/servers/inventory/hosts.yml diff --git a/infrastructure/storage/servers/playbooks/apps.yml b/ansible/storage/servers/playbooks/apps.yml similarity index 100% rename from infrastructure/storage/servers/playbooks/apps.yml rename to ansible/storage/servers/playbooks/apps.yml diff --git a/infrastructure/storage/servers/playbooks/cluster-installation.yml b/ansible/storage/servers/playbooks/cluster-installation.yml similarity index 100% rename from infrastructure/storage/servers/playbooks/cluster-installation.yml rename to ansible/storage/servers/playbooks/cluster-installation.yml diff --git a/infrastructure/storage/servers/playbooks/cluster-nuke.yml b/ansible/storage/servers/playbooks/cluster-nuke.yml similarity index 100% rename from infrastructure/storage/servers/playbooks/cluster-nuke.yml rename to ansible/storage/servers/playbooks/cluster-nuke.yml diff --git a/infrastructure/storage/servers/playbooks/cluster-prepare.yml b/ansible/storage/servers/playbooks/cluster-prepare.yml similarity index 100% rename from infrastructure/storage/servers/playbooks/cluster-prepare.yml rename to ansible/storage/servers/playbooks/cluster-prepare.yml diff --git a/infrastructure/vault/servers/playbooks/prepare.yml b/ansible/storage/servers/playbooks/prepare.yml similarity index 100% rename from infrastructure/vault/servers/playbooks/prepare.yml rename to ansible/storage/servers/playbooks/prepare.yml diff --git a/infrastructure/storage/servers/playbooks/templates/aliases.j2 b/ansible/storage/servers/playbooks/templates/aliases.j2 similarity index 100% rename from infrastructure/storage/servers/playbooks/templates/aliases.j2 rename to ansible/storage/servers/playbooks/templates/aliases.j2 diff --git a/infrastructure/storage/servers/playbooks/templates/msmtprc.j2 b/ansible/storage/servers/playbooks/templates/msmtprc.j2 similarity index 100% rename from infrastructure/storage/servers/playbooks/templates/msmtprc.j2 rename to ansible/storage/servers/playbooks/templates/msmtprc.j2 diff --git a/infrastructure/storage/servers/playbooks/templates/smartd.conf.j2 b/ansible/storage/servers/playbooks/templates/smartd.conf.j2 similarity index 100% rename from infrastructure/storage/servers/playbooks/templates/smartd.conf.j2 rename to ansible/storage/servers/playbooks/templates/smartd.conf.j2 diff --git a/infrastructure/storage/servers/playbooks/templates/zed.rc.j2 b/ansible/storage/servers/playbooks/templates/zed.rc.j2 similarity index 100% rename from infrastructure/storage/servers/playbooks/templates/zed.rc.j2 rename to ansible/storage/servers/playbooks/templates/zed.rc.j2 diff --git a/infrastructure/vault/servers/requirements.yml b/ansible/storage/servers/requirements.yml similarity index 100% rename from infrastructure/vault/servers/requirements.yml rename to ansible/storage/servers/requirements.yml diff --git a/infrastructure/storage/servers/inventory/group_vars/all/os.yml b/infrastructure/storage/servers/inventory/group_vars/all/os.yml deleted file mode 100644 index da715cb8ef..0000000000 --- a/infrastructure/storage/servers/inventory/group_vars/all/os.yml +++ /dev/null @@ -1,60 +0,0 @@ ---- -timezone: "America/New_York" -create_user: - id: 568 - name: twitlin - group: twitlin - additional_groups: ["users"] -create_group: - id: 568 - name: twitlin -ssh_authorized_keys: - - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDmwSsUsukmFh36KAwzsRLwNA+3FXDqIPNVtK31NtIV8wOHaE/+UIdUHuI36ZJVl0zQ0G32mhC8Sty2qWcniUvyy/SvT6NefKVl23z/Li6n/QLEhmqcy5Zb6kFqR2qgVbWNJtMbdXMrsLQez36b0tZbm/mU8J9Fnjj1teY5cWMqYCMJhYzhLklo3CPuwOhLLQ+E0WIZSHi4Hp6DbB9RWBkMr2yKgXZuP25bfY+3D7fRUE8jDRPY+Mj83wi6o0eWdOlVFOfovFiEJTE6GT6swRwAKglIiGN/cqzOvdg+0mO11TxgOg/PKXrJ1CxCqOtFL2gKed8amAxznn5NxeVk2S7TdC0m1v8PmgiByBSZsthWuYGVSKJlR8bpwpesT3wxeZph5HU3ILdgeCGKIWd+s+QlclHLz+cJrnPTzliSdX2OLHc6nS8+ztkqoWsOmX8WhZRkuZbmb8Jy7b8aMEEXpKWl80tK+Txdma60C23u4LNXDankauSWU4eixerWKCO7Z/8= twitlin@janet.286k.co" - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnKXgEGczcu8lGs+DEvRWgI4cSYHkAyTAU6/SMAHjL4 twitlin@mbp16inch2021.3520.dhcp.asu.edu" -packages_repositories: - - ppa:fish-shell/release-3 -packages_install: - - apt-transport-https - - ca-certificates - - containernetworking-plugins - - curl - - ffmpeg - - figlet - - fish - - fzf - - gettext - - git - - htop - - iputils-ping - - net-tools - - lolcat - - mailutils - - msmtp - - msmtp-mta - - nano - - neofetch - - ntpdate - - podman - - psmisc - - rclone - - software-properties-common - - tmux - - tree - - uidmap - - unzip - - zfs-zed - - zfsutils-linux - - dmraid - - gdisk - - hdparm - - lvm2 - - nfs-common - - nfs-kernel-server - - nvme-cli - - open-iscsi - - samba - - smartmontools - - socat -packages_remove: - - apparmor - - ufw diff --git a/infrastructure/storage/servers/inventory/group_vars/master/k3s.yml b/infrastructure/storage/servers/inventory/group_vars/master/k3s.yml deleted file mode 100644 index 7b9a95159b..0000000000 --- a/infrastructure/storage/servers/inventory/group_vars/master/k3s.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -k3s_install_hard_links: true -k3s_become: true -k3s_registration_address: 10.10.10.50 -k3s_control_node: true -k3s_use_experimental: true -k3s_server: - secrets-encryption: true - node-ip: "{{ ansible_host }}" - tls-san: - - "{{ k3s_registration_address }}" - - osiris.286k.co - docker: false - disable-network-policy: true - disable-cloud-controller: true - cluster-cidr: "10.42.0.0/16" - service-cidr: "10.43.0.0/16" - write-kubeconfig-mode: "0644" - etcd-expose-metrics: true - kube-controller-manager-arg: - - "bind-address=0.0.0.0" - kube-proxy-arg: - - "metrics-bind-address=0.0.0.0" - kube-scheduler-arg: - - "bind-address=0.0.0.0" - kube-apiserver-arg: - - "anonymous-auth=true" - diff --git a/infrastructure/storage/servers/inventory/hosts.yml b/infrastructure/storage/servers/inventory/hosts.yml deleted file mode 100644 index 26a0084a22..0000000000 --- a/infrastructure/storage/servers/inventory/hosts.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -storage: - children: - master: - vars: - ansible_user: twitlin - ansible_ssh_common_args: "-o StrictHostKeyChecking=no" - hosts: - osiris: - ansible_host: 10.10.10.50 diff --git a/infrastructure/storage/servers/playbooks/os.yml b/infrastructure/storage/servers/playbooks/os.yml deleted file mode 100644 index 238be3e23e..0000000000 --- a/infrastructure/storage/servers/playbooks/os.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- name: OS - hosts: - - storage - become: true - gather_facts: true - any_errors_fatal: true - pre_tasks: - - name: Pausing for 5 seconds... - ansible.builtin.pause: - seconds: 5 - roles: - - os.storage diff --git a/infrastructure/storage/servers/playbooks/roles/apps.storage/defaults/main.yml b/infrastructure/storage/servers/playbooks/roles/apps.storage/defaults/main.yml deleted file mode 100644 index ed97d539c0..0000000000 --- a/infrastructure/storage/servers/playbooks/roles/apps.storage/defaults/main.yml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/infrastructure/storage/servers/playbooks/roles/apps.storage/tasks/kopia.yml b/infrastructure/storage/servers/playbooks/roles/apps.storage/tasks/kopia.yml deleted file mode 100644 index b27db48397..0000000000 --- a/infrastructure/storage/servers/playbooks/roles/apps.storage/tasks/kopia.yml +++ /dev/null @@ -1,60 +0,0 @@ ---- -- name: Create kopia directories - ansible.builtin.file: - path: "{{ item }}" - state: directory - owner: "{{ ansible_user }}" - group: users - mode: 0775 - loop: - - "{{ podman_base_dir }}/kopia" - - "{{ podman_base_dir }}/kopia/cache" - - "{{ podman_base_dir }}/kopia/config" - - "{{ podman_base_dir }}/kopia/logs" - -# Disable running container if it is already running in systemd -- name: Disable kopia container - ansible.builtin.systemd: - name: container-kopia.service - state: stopped - enabled: false - -- name: Create kopia container - containers.podman.podman_container: - name: kopia - recreate: true - privileged: false - state: started - image: docker.io/kopia/kopia:0.14.1 - restart_policy: unless-stopped - env: - KOPIA_PASSWORD: "{{ SECRET_KOPIA_PASSWORD }}" - TZ: America/New_York - command: - - server - - --insecure - - --address - - 0.0.0.0:51515 - - --override-hostname - - "osiris.{{ SECRET_PRIVATE_DOMAIN }}" - - --override-username - - twitlin - - --without-password - ports: - - 51515:51515 - volumes: - - "{{ podman_base_dir }}/kopia/config:/app/config" - - "{{ podman_base_dir }}/kopia/cache:/app/cache" - - "{{ podman_base_dir }}/kopia/logs:/app/logs" - - /pluto:/pluto:ro - generate_systemd: - restart_policy: always - names: true - path: /etc/systemd/system - new: true - -- name: Enable kopia container - ansible.builtin.systemd: - name: container-kopia.service - state: started - enabled: true diff --git a/infrastructure/storage/servers/playbooks/roles/apps.storage/tasks/main.yml b/infrastructure/storage/servers/playbooks/roles/apps.storage/tasks/main.yml deleted file mode 100644 index 5979b1b129..0000000000 --- a/infrastructure/storage/servers/playbooks/roles/apps.storage/tasks/main.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -- name: Create default directories - ansible.builtin.file: - path: "{{ item }}" - state: directory - owner: "{{ ansible_user }}" - group: users - mode: 0775 - loop: - - "{{ podman_base_dir }}" - tags: - - always - -# Install podman -- name: Install podman - ansible.builtin.package: - name: podman - state: present - tags: - - always - -# Manage applications - -- name: Deploy Kopia - ansible.builtin.import_tasks: kopia.yml - -- name: Deploy Node Exporter - ansible.builtin.import_tasks: node-exporter.yml - -- name: Deploy Smartctl Exporter - ansible.builtin.import_tasks: smartctl-exporter.yml - -- name: Deploy Vector - ansible.builtin.import_tasks: vector.yml - -- name: Deploy netbootxyz - ansible.builtin.import_tasks: netbootxyz.yml - -- name: Deploy Unifi Controller - ansible.builtin.import_tasks: unifi.yml diff --git a/infrastructure/storage/servers/playbooks/roles/apps.storage/tasks/netbootxyz.yml b/infrastructure/storage/servers/playbooks/roles/apps.storage/tasks/netbootxyz.yml deleted file mode 100644 index cb2e3777ed..0000000000 --- a/infrastructure/storage/servers/playbooks/roles/apps.storage/tasks/netbootxyz.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -- name: Create netbootxyz directories - ansible.builtin.file: - path: "{{ item }}" - state: directory - owner: "{{ ansible_user }}" - group: users - mode: 0775 - loop: - - "{{ podman_base_dir }}/netbootxyz" - - "{{ podman_base_dir }}/netbootxyz/config" - - "{{ podman_base_dir }}/netbootxyz/assets" - -# Disable running container if it is already running in systemd -- name: Disable netbootxyz container - ansible.builtin.systemd: - name: container-netboot-xyz.service - state: stopped - enabled: false - -- name: Create netbootxyz container - containers.podman.podman_container: - name: netboot-xyz - image: ghcr.io/netbootxyz/netbootxyz:0.6.7-nbxyz20 - state: started - ports: - - "8081:8080" - - "69:69/udp" - - "3000:3000" - volumes: - - "{{ podman_base_dir }}/netbootxyz/config:/config" - - "{{ podman_base_dir }}/netbootxyz/assets:/assets" - restart_policy: unless-stopped - recreate: true - privileged: true - generate_systemd: - path: /etc/systemd/system - restart_policy: always - names: true - new: true - -- name: Enable netbootxyz container - ansible.builtin.systemd: - name: container-netboot-xyz.service - state: started - enabled: true diff --git a/infrastructure/storage/servers/playbooks/roles/apps.storage/tasks/node-exporter.yml b/infrastructure/storage/servers/playbooks/roles/apps.storage/tasks/node-exporter.yml deleted file mode 100644 index 584a9f9c67..0000000000 --- a/infrastructure/storage/servers/playbooks/roles/apps.storage/tasks/node-exporter.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -- name: Create node-exporter directories - ansible.builtin.file: - path: "{{ item }}" - state: directory - owner: "{{ ansible_user }}" - group: users - mode: 0775 - loop: - - "{{ podman_base_dir }}/node-exporter" - - -# Disable running container if it is already running in systemd -- name: Disable node-exporter container - ansible.builtin.systemd: - name: container-node-exporter.service - state: stopped - enabled: false - -- name: Create node-exporter container - containers.podman.podman_container: - name: node-exporter - recreate: true - privileged: true - state: started - restart_policy: unless-stopped - image: quay.io/prometheus/node-exporter:v1.6.1 - ports: - - 9100:9100 - command: - - --path.procfs=/host/proc - - --path.rootfs=/rootfs - - --path.sysfs=/host/sys - - --collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/) - volumes: - - /proc:/host/proc:ro - - /sys:/host/sys:ro - - /:/rootfs:ro,rslave - generate_systemd: - path: /etc/systemd/system - restart_policy: always - names: true - new: true - -- name: Enable node-exporter container - ansible.builtin.systemd: - name: container-node-exporter.service - state: started - enabled: true diff --git a/infrastructure/storage/servers/playbooks/roles/apps.storage/tasks/smartctl-exporter.yml b/infrastructure/storage/servers/playbooks/roles/apps.storage/tasks/smartctl-exporter.yml deleted file mode 100644 index d0ff592e82..0000000000 --- a/infrastructure/storage/servers/playbooks/roles/apps.storage/tasks/smartctl-exporter.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -- name: Create smartctl-exporter directories - ansible.builtin.file: - path: "{{ item }}" - state: directory - owner: "{{ ansible_user }}" - group: users - mode: 0775 - loop: - - "{{ podman_base_dir }}/smartctl-exporter" - - "{{ podman_base_dir }}/smartctl-exporter/config" - -# Disable running container if it is already running in systemd -- name: Disable smartctl-exporter container - ansible.builtin.systemd: - name: container-smartctl-exporter.service - state: stopped - enabled: false - -- name: Deploy smartctl-exporter - block: - - name: Create smartctl-exporter config - ansible.builtin.template: - src: smartctl-exporter/smartctl-exporter.yaml.j2 - dest: "{{ podman_base_dir }}/smartctl-exporter/config/smartctl-exporter.yaml" - owner: "{{ ansible_user }}" - group: users - mode: 0775 - - name: Create smartctl-exporter container - containers.podman.podman_container: - name: smartctl-exporter - recreate: true - privileged: true - state: started - image: quay.io/prometheuscommunity/smartctl-exporter:v0.11.0 - restart_policy: unless-stopped - command: - - --smartctl.path=/usr/sbin/smartctl - - --smartctl.interval=120s - - --web.listen-address=0.0.0.0:9633 - - --web.telemetry-path=/metrics - volumes: - - /dev:/hostdev - ports: - - 9633:9633 - generate_systemd: - path: /etc/systemd/system - restart_policy: always - names: true - new: true - -- name: Enable smartctl-exporter container - ansible.builtin.systemd: - name: container-smartctl-exporter.service - state: started - enabled: true diff --git a/infrastructure/storage/servers/playbooks/roles/apps.storage/tasks/unifi.yml b/infrastructure/storage/servers/playbooks/roles/apps.storage/tasks/unifi.yml deleted file mode 100644 index be95d43c1f..0000000000 --- a/infrastructure/storage/servers/playbooks/roles/apps.storage/tasks/unifi.yml +++ /dev/null @@ -1,55 +0,0 @@ ---- -- name: Create unifi directories - ansible.builtin.file: - path: "{{ item }}" - state: directory - owner: "{{ ansible_user }}" - group: users - mode: 0775 - loop: - - "{{ podman_base_dir }}/unifi" - - "{{ podman_base_dir }}/unifi/config" - -# Disable running container if it is already running in systemd -- name: Disable unifi container - ansible.builtin.systemd: - name: container-unifi.service - state: stopped - enabled: false - -- name: Create unifi container - containers.podman.podman_container: - name: unifi - recreate: true - privileged: false - state: started - image: docker.io/linuxserver/unifi-controller:7.5.176 - restart_policy: unless-stopped - env: - PUID: 1000 - PGID: 1000 - MEM_LIMIT: 2048 # optional - MEM_STARTUP: 2048 # optional - ports: - - 8443:8443 - - 3478:3478/udp - - 10001:10001/udp - - 8080:8080 - - 1900:1900/udp # optional - - 8843:8843 # optional - - 8880:8880 # optional - - 6789:6789 # optional - - 5514:5514/udp # optional - volumes: - - "{{ podman_base_dir }}/unifi/config:/config" - generate_systemd: - restart_policy: always - names: true - path: /etc/systemd/system - new: true - -- name: Enable unifi container - ansible.builtin.systemd: - name: container-unifi.service - state: started - enabled: true diff --git a/infrastructure/storage/servers/playbooks/roles/apps.storage/tasks/vector.yml b/infrastructure/storage/servers/playbooks/roles/apps.storage/tasks/vector.yml deleted file mode 100644 index fdd8e49d5d..0000000000 --- a/infrastructure/storage/servers/playbooks/roles/apps.storage/tasks/vector.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -- name: Create vector directories - ansible.builtin.file: - path: "{{ item }}" - state: directory - owner: "{{ ansible_user }}" - group: users - mode: 0775 - loop: - - "{{ podman_base_dir }}/vector" - - "{{ podman_base_dir }}/vector/config" - - "{{ podman_base_dir }}/vector/data" - -# Disable running container if it is already running in systemd -- name: Disable vector container - ansible.builtin.systemd: - name: container-vector.service - state: stopped - enabled: false - -- name: Deploy Vector - block: - - name: Create vector config - ansible.builtin.template: - src: vector/vector.yaml.j2 - dest: "{{ podman_base_dir }}/vector/config/vector.yaml" - owner: "{{ ansible_user }}" - group: users - mode: 0775 - - - name: Create vector container - containers.podman.podman_container: - name: vector - recreate: true - privileged: true - state: started - image: docker.io/timberio/vector:0.33.0-debian - restart_policy: unless-stopped - network_mode: host - command: - - --config=/etc/vector/vector.yaml - volumes: - - "{{ podman_base_dir }}/vector/config/vector.yaml:/etc/vector/vector.yaml:ro" - - "{{ podman_base_dir }}/vector/data:/vector-data-dir" - - /var/log:/var/log:ro - generate_systemd: - path: /etc/systemd/system - restart_policy: always - names: true - new: true - - - name: Enable vector container - ansible.builtin.systemd: - name: container-vector.service - state: started - enabled: true diff --git a/infrastructure/storage/servers/playbooks/roles/apps.storage/templates/smartctl-exporter/smartctl-exporter.yaml.j2 b/infrastructure/storage/servers/playbooks/roles/apps.storage/templates/smartctl-exporter/smartctl-exporter.yaml.j2 deleted file mode 100644 index 77d296c63f..0000000000 --- a/infrastructure/storage/servers/playbooks/roles/apps.storage/templates/smartctl-exporter/smartctl-exporter.yaml.j2 +++ /dev/null @@ -1,7 +0,0 @@ ---- -smartctl_exporter: - bind_to: 0.0.0.0:9633 - url_path: /metrics - fake_json: no - smartctl_location: /usr/sbin/smartctl - collect_not_more_than_period: 20s diff --git a/infrastructure/storage/servers/playbooks/roles/apps.storage/templates/vector/vector.yaml.j2 b/infrastructure/storage/servers/playbooks/roles/apps.storage/templates/vector/vector.yaml.j2 deleted file mode 100644 index 5cb3582d83..0000000000 --- a/infrastructure/storage/servers/playbooks/roles/apps.storage/templates/vector/vector.yaml.j2 +++ /dev/null @@ -1,13 +0,0 @@ ---- -data_dir: /vector-data-dir -sources: - journal_logs: - type: journald - journal_directory: /var/log/journal -sinks: - vector_sink: - type: vector - inputs: - - journal_logs - address: "{{ vector_aggregator_addr }}:{{ vector_aggregator_port }}" - version: "2" diff --git a/infrastructure/storage/servers/playbooks/roles/apps.storage/vars/main.yml b/infrastructure/storage/servers/playbooks/roles/apps.storage/vars/main.yml deleted file mode 100644 index d7829ea8e3..0000000000 --- a/infrastructure/storage/servers/playbooks/roles/apps.storage/vars/main.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -# -# SECRET* vars are encrypted with sops -# - -# -- Base Docker Directory -podman_base_dir: /opt/podman - -# -- Base ZFS Dataset -zfs_zpool_base_dir: /pluto - -# -- Vector Aggregator Address -vector_aggregator_addr: "10.0.42.6" - -# -- Vector Aggregator Port -vector_aggregator_port: "6000" diff --git a/infrastructure/storage/servers/playbooks/roles/os.storage/defaults/main.yml b/infrastructure/storage/servers/playbooks/roles/os.storage/defaults/main.yml deleted file mode 100644 index ed97d539c0..0000000000 --- a/infrastructure/storage/servers/playbooks/roles/os.storage/defaults/main.yml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/infrastructure/storage/servers/playbooks/roles/os.storage/handlers/main.yml b/infrastructure/storage/servers/playbooks/roles/os.storage/handlers/main.yml deleted file mode 100644 index 87dcfe5427..0000000000 --- a/infrastructure/storage/servers/playbooks/roles/os.storage/handlers/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Restart smartd - ansible.builtin.service: - name: smartd.service - daemon_reload: true - enabled: true - state: restarted diff --git a/infrastructure/storage/servers/playbooks/roles/os.storage/tasks/filesystem.yml b/infrastructure/storage/servers/playbooks/roles/os.storage/tasks/filesystem.yml deleted file mode 100644 index a6c95b99ef..0000000000 --- a/infrastructure/storage/servers/playbooks/roles/os.storage/tasks/filesystem.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -- name: Install filesystem tools - ansible.builtin.apt: - name: "{{ item }}" - update_cache: true - loop: - - dmraid - - gdisk - - hdparm - - lvm2 - - nfs-common - - nfs-kernel-server - - nvme-cli - - open-iscsi - - samba - - smartmontools - - socat - -- name: Configure smartd - ansible.builtin.copy: - dest: /etc/smartd.conf - mode: 0644 - content: | - DEVICESCAN -a -o on -S on -n standby,q -s (S/../.././02|L/../../6/03) -W 4,35,40 - notify: Restart smartd - -- name: Disable swap at runtime - ansible.builtin.command: swapoff -a - when: ansible_swaptotal_mb > 0 - -- name: Disable swap on boot - ansible.posix.mount: - name: "{{ item }}" - fstype: swap - state: absent - loop: - - swap - - none diff --git a/infrastructure/storage/servers/playbooks/roles/os.storage/tasks/locale.yml b/infrastructure/storage/servers/playbooks/roles/os.storage/tasks/locale.yml deleted file mode 100644 index 5560288089..0000000000 --- a/infrastructure/storage/servers/playbooks/roles/os.storage/tasks/locale.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: Set timezone - community.general.timezone: - name: "{{ os_timezone | default('America/New_York') }}" diff --git a/infrastructure/storage/servers/playbooks/roles/os.storage/tasks/main.yml b/infrastructure/storage/servers/playbooks/roles/os.storage/tasks/main.yml deleted file mode 100644 index d51cb4c345..0000000000 --- a/infrastructure/storage/servers/playbooks/roles/os.storage/tasks/main.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- import_tasks: user.yml - tags: - - user - -- import_tasks: locale.yml - tags: - - locale - -- import_tasks: packages.yml - tags: - - packages - -- import_tasks: network.yml - tags: - - network - -- import_tasks: filesystem.yml - tags: - - filesystem - -# - import_tasks: notifications.yml -# tags: -# - notifications - -- import_tasks: security.yml - tags: - - security diff --git a/infrastructure/storage/servers/playbooks/roles/os.storage/tasks/network.yml b/infrastructure/storage/servers/playbooks/roles/os.storage/tasks/network.yml deleted file mode 100644 index 5d4749c1ed..0000000000 --- a/infrastructure/storage/servers/playbooks/roles/os.storage/tasks/network.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -- name: Install network tools - ansible.builtin.apt: - name: "{{ item }}" - update_cache: true - loop: - - iputils-ping - - net-tools - -- name: Set hostname to inventory hostname - ansible.builtin.hostname: - name: "{{ inventory_hostname }}" - when: - - ansible_hostname != inventory_hostname - -- name: Update /etc/hosts to include hostname - ansible.builtin.blockinfile: - path: /etc/hosts - mode: 0644 - create: true - block: | - 127.0.0.1 localhost - 127.0.1.1 {{ inventory_hostname }} - # The following lines are desirable for IPv6 capable hosts - ::1 ip6-localhost ip6-loopback - fe00::0 ip6-localnet - ff00::0 ip6-mcastprefix - ff02::1 ip6-allnodes - ff02::2 ip6-allrouters diff --git a/infrastructure/storage/servers/playbooks/roles/os.storage/tasks/notifications.yml b/infrastructure/storage/servers/playbooks/roles/os.storage/tasks/notifications.yml deleted file mode 100644 index 24c46723cc..0000000000 --- a/infrastructure/storage/servers/playbooks/roles/os.storage/tasks/notifications.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- name: Check if msmtp log exists - ansible.builtin.stat: - path: "/var/log/msmtp" - register: msmtp_status - -- name: Create msmtp log file - ansible.builtin.file: - dest: /var/log/msmtp - state: touch - owner: msmtp - group: msmtp - mode: 0660 - when: - - not msmtp_status.stat.exists -# /etc/zfs/zed.d/zed.rc -# /etc/smartd.conf -# /etc/msmtprc -# /etc/aliases -# systemctl enable zfs-zed -# systemctl restart zfs-zed diff --git a/infrastructure/storage/servers/playbooks/roles/os.storage/tasks/packages.yml b/infrastructure/storage/servers/playbooks/roles/os.storage/tasks/packages.yml deleted file mode 100644 index 62fd58be5a..0000000000 --- a/infrastructure/storage/servers/playbooks/roles/os.storage/tasks/packages.yml +++ /dev/null @@ -1,71 +0,0 @@ ---- -- name: Disable APT recommends - ansible.builtin.blockinfile: - path: /etc/apt/apt.conf.d/02norecommends - mode: 0644 - create: true - block: | - APT::Install-Recommends "false"; - APT::Install-Suggests "false"; - APT::Get::Install-Recommends "false"; - APT::Get::Install-Suggests "false"; -- name: Add apt repositories - ansible.builtin.apt_repository: - repo: "{{ item }}" - update_cache: true - loop: "{{ os_packages_repositories | default([]) }}" - -- name: Upgrade all system packages - ansible.builtin.apt: - upgrade: full - register: apt_upgrade - retries: 5 - until: apt_upgrade is success - -- name: Install common packages - ansible.builtin.apt: - name: "{{ os_packages_install | default([]) }}" - install_recommends: false - register: apt_install_common - retries: 5 - until: apt_install_common is success - -- name: Gather installed packages - ansible.builtin.package_facts: - manager: auto - -- name: Remove snapd - block: - - name: Check if snap is installed - ansible.builtin.debug: - msg: "snapd is installed" - register: snapd_check - - name: Remove snap packages - ansible.builtin.command: snap remove {{ item }} - loop: - - lxd - - core18 - - core20 - - snapd - when: - - snapd_check.failed is defined - - name: Remove files - ansible.builtin.file: - state: absent - path: "{{ item }}" - loop: - - "/home/{{ ansible_user }}/.snap" - - "/snap" - - "/var/snap" - - "/var/lib/snapd" - - "/var/cache/snapd" - - "/usr/lib/snapd" - when: - - "'snapd' in os_packages_remove" - - "'snapd' in ansible_facts.packages" - -- name: Remove packages - ansible.builtin.apt: - name: "{{ os_packages_remove | default([]) }}" - state: absent - autoremove: true diff --git a/infrastructure/storage/servers/playbooks/roles/os.storage/tasks/security.yml b/infrastructure/storage/servers/playbooks/roles/os.storage/tasks/security.yml deleted file mode 100644 index b4dca35c84..0000000000 --- a/infrastructure/storage/servers/playbooks/roles/os.storage/tasks/security.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -- name: Check for existence of grub - ansible.builtin.stat: - path: /etc/default/grub - register: grub_result - -- name: Check if apparmor is disabled - ansible.builtin.shell: - cmd: grep "GRUB_CMDLINE_LINUX=" /etc/default/grub | grep -c "apparmor=0" - register: apparmor_status - ignore_errors: true - changed_when: apparmor_status.rc != 0 - -- name: Check if mitigations is disabled - ansible.builtin.shell: - cmd: grep "GRUB_CMDLINE_LINUX=" /etc/default/grub | grep -c "mitigations=off" - register: mitigations_status - ignore_errors: true - changed_when: mitigations_status.rc != 0 - -- name: Disable apparmor - ansible.builtin.replace: - path: /etc/default/grub - regexp: '^(GRUB_CMDLINE_LINUX=(?:(?![" ]{{ option | regex_escape }}=).)*)(?:[" ]{{ option | regex_escape }}=\S+)?(.*")$' - replace: '\1 {{ option }}={{ value }}\2' - vars: - option: apparmor - value: 0 - when: - - grub_result.stat.exists - - not apparmor_status.changed - -- name: Disable mitigations - ansible.builtin.replace: - path: /etc/default/grub - regexp: '^(GRUB_CMDLINE_LINUX=(?:(?![" ]{{ option | regex_escape }}=).)*)(?:[" ]{{ option | regex_escape }}=\S+)?(.*")$' - replace: '\1 {{ option }}={{ value }}\2' - vars: - option: mitigations - value: "off" - when: - - grub_result.stat.exists - - not mitigations_status.changed - -- name: Run grub-mkconfig - ansible.builtin.command: update-grub - when: - - grub_result.stat.exists - - (apparmor_status.changed or mitigations_status.changed) diff --git a/infrastructure/storage/servers/playbooks/roles/os.storage/tasks/user.yml b/infrastructure/storage/servers/playbooks/roles/os.storage/tasks/user.yml deleted file mode 100644 index ca85d16b70..0000000000 --- a/infrastructure/storage/servers/playbooks/roles/os.storage/tasks/user.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- -# -# TODO: Create a new user instead of modifying the ansible_user -# Ansible cannot change the UID of the user running ansible -# -- name: Modify ansible_user group - ansible.builtin.group: - name: "{{ ansible_user }}" - state: present - gid: 568 - -- name: Modify ansible_user user - ansible.builtin.user: - name: "{{ ansible_user }}" - shell: /usr/bin/fish - uid: 568 - group: "{{ ansible_user }}" - groups: users - append: true - -- name: Update file and folder permissions for ansible_user - ansible.builtin.file: - path: "/home/{{ ansible_user }}" - owner: 568 - group: 568 - -- name: Add user to sudoers - ansible.builtin.copy: - content: "{{ ansible_user }} ALL=(ALL:ALL) NOPASSWD:ALL" - dest: "/etc/sudoers.d/{{ ansible_user }}_nopasswd" - mode: 0440 - -- name: Add additional user SSH public keys - ansible.posix.authorized_key: - user: "{{ ansible_user }}" - key: "{{ item }}" - loop: "{{ os_ssh_authorized_keys | default([]) }}" - -- name: Check if hushlogin exists - ansible.builtin.stat: - path: "/home/{{ ansible_user }}/.hushlogin" - register: hushlogin_status - -- name: Silence the login prompt - ansible.builtin.file: - dest: "/home/{{ ansible_user }}/.hushlogin" - state: touch - owner: "{{ ansible_user }}" - mode: "0775" - when: - - not hushlogin_status.stat.exists diff --git a/infrastructure/storage/servers/playbooks/roles/os.storage/templates/aliases.j2 b/infrastructure/storage/servers/playbooks/roles/os.storage/templates/aliases.j2 deleted file mode 100644 index f5e14f6c20..0000000000 --- a/infrastructure/storage/servers/playbooks/roles/os.storage/templates/aliases.j2 +++ /dev/null @@ -1,14 +0,0 @@ -# /etc/aliases -mailer-daemon: postmaster@ -postmaster: root@ -nobody: root@ -hostmaster: root@ -usenet: root@ -news: root@ -webmaster: root@ -www: root@ -ftp: root@ -abuse: root@ -noc: root@ -security: root@ -root: {{ ansible_user }}@, {{ email }} diff --git a/infrastructure/storage/servers/playbooks/roles/os.storage/templates/msmtprc.j2 b/infrastructure/storage/servers/playbooks/roles/os.storage/templates/msmtprc.j2 deleted file mode 100644 index 4766b1d4f6..0000000000 --- a/infrastructure/storage/servers/playbooks/roles/os.storage/templates/msmtprc.j2 +++ /dev/null @@ -1,17 +0,0 @@ -# /etc/msmtprc -defaults -auth on -tls on -tls_trust_file /etc/ssl/certs/ca-certificates.crt -logfile /var/log/msmtp - -account {{ smtp_account_name }} -host {{ smtp_address }} -port {{ smtp_port }} -from {{ smtp_from }} -user {{ smtp_username }} -password {{ smtp_password }} - -account default: {{ smtp_account_name }} - -aliases /etc/aliases diff --git a/infrastructure/storage/servers/playbooks/roles/os.storage/templates/smartd.conf.j2 b/infrastructure/storage/servers/playbooks/roles/os.storage/templates/smartd.conf.j2 deleted file mode 100644 index 8992df3af3..0000000000 --- a/infrastructure/storage/servers/playbooks/roles/os.storage/templates/smartd.conf.j2 +++ /dev/null @@ -1,2 +0,0 @@ -# /etc/smartd.conf -DEVICESCAN -a -o on -S on -n standby,q -s (S/../.././02|L/../../6/03) -W 4,35,55 -m {{ email }} diff --git a/infrastructure/storage/servers/playbooks/roles/os.storage/templates/zed.rc.j2 b/infrastructure/storage/servers/playbooks/roles/os.storage/templates/zed.rc.j2 deleted file mode 100644 index 28e315ca88..0000000000 --- a/infrastructure/storage/servers/playbooks/roles/os.storage/templates/zed.rc.j2 +++ /dev/null @@ -1,6 +0,0 @@ -# /etc/zfs/zed.d/zed.rc -ZED_DEBUG_LOG="/var/log/zed.debug.log" -ZED_EMAIL_ADDR="{{ email }}" -ZED_EMAIL_OPTS="-s '@SUBJECT@' @ADDRESS@ -r {{ smtp_from }}" -ZED_NOTIFY_VERBOSE=1 -ZED_NOTIFY_DATA=1 diff --git a/infrastructure/storage/servers/playbooks/roles/os.storage/vars/main.yml b/infrastructure/storage/servers/playbooks/roles/os.storage/vars/main.yml deleted file mode 100644 index 6e8b150fce..0000000000 --- a/infrastructure/storage/servers/playbooks/roles/os.storage/vars/main.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- -# -# SECRET* vars are encrypted with sops -# - -os_smtp_account_name: mailgun -os_smtp_port: 587 -os_timezone: "America/New_York" -os_ssh_authorized_keys: - - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnKXgEGczcu8lGs+DEvRWgI4cSYHkAyTAU6/SMAHjL4 twitlin@mbp16inch2021.3520.dhcp.asu.edu" -os_packages_repositories: - - ppa:fish-shell/release-3 -os_packages_install: - - apt-transport-https - - ca-certificates - - containernetworking-plugins - - curl - - ffmpeg - - figlet - - fish - - fzf - - gettext - - git - - htop - - lolcat - - msmtp - - msmtp-mta - - nano - - neofetch - - ntpdate - - podman - - psmisc - - rclone - - software-properties-common - - tmux - - tree - - uidmap - - unzip - - zfs-zed - - zfsutils-linux -os_packages_remove: - - apparmor - - apport - - byobu - - friendly-recovery - - landscape-common - - lxd-agent-loader - - plymouth - - plymouth-theme-ubuntu-text - - popularity-contest - - snapd - - sosreport - - ubuntu-advantage-tools - - ufw diff --git a/infrastructure/storage/servers/playbooks/roles/zfs.storage/tasks/zfs.yml b/infrastructure/storage/servers/playbooks/roles/zfs.storage/tasks/zfs.yml deleted file mode 100644 index d63fff4717..0000000000 --- a/infrastructure/storage/servers/playbooks/roles/zfs.storage/tasks/zfs.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- - -# Ensure zfs is installed -- name: Install ZFS - ansible.builtin.package: - name: zfsutils-linux - state: present - update_cache: true - -# Create ZFS Pool -- name: Create ZFS Pool - community.general.zpool: - name: "{{ zpool_name }}" - vdev: "{{ zpool_vdev }}" - state: present - -- name: Create ZFS Datasets - community.general.zfs: - - loop: diff --git a/infrastructure/vault/servers/.envrc b/infrastructure/vault/servers/.envrc deleted file mode 100644 index b9bdbe9d22..0000000000 --- a/infrastructure/vault/servers/.envrc +++ /dev/null @@ -1,3 +0,0 @@ -#shellcheck disable=SC2148,SC2155 -export ANSIBLE_CONFIG=$(expand_path ./ansible.cfg) -export KUBECONFIG=$(expand_path ./kubeconfig) diff --git a/infrastructure/vault/servers/ansible.cfg b/infrastructure/vault/servers/ansible.cfg deleted file mode 100644 index a6f396c866..0000000000 --- a/infrastructure/vault/servers/ansible.cfg +++ /dev/null @@ -1,35 +0,0 @@ -[defaults] -# General settings -nocows = True -executable = /bin/bash -stdout_callback = yaml -force_valid_group_names = ignore -# File/Directory settings -log_path = ~/.ansible/ansible.log -inventory = ./inventory -roles_path = ~/.ansible/roles:./playbooks/roles -collections_path = ~/.ansible/collections -remote_tmp = ~/.ansible/tmp -local_tmp = ~/.ansible/tmp -# Fact Caching settings -fact_caching = jsonfile -fact_caching_connection = ~/.ansible/facts_cache -# SSH settings -remote_port = 22 -timeout = 60 -host_key_checking = False -# Plugin settings -vars_plugins_enabled = host_group_vars,community.sops.sops - -[inventory] -unparsed_is_failed = true - -[privilege_escalation] -become = True - -[ssh_connection] -scp_if_ssh = smart -retries = 3 -ssh_args = -o ControlMaster=auto -o ControlPersist=30m -o Compression=yes -o ServerAliveInterval=15s -pipelining = True -control_path = %(directory)s/%%h-%%r diff --git a/infrastructure/vault/servers/inventory/host_vars/osiris.sops.yml b/infrastructure/vault/servers/inventory/host_vars/osiris.sops.yml deleted file mode 100644 index f03df321dd..0000000000 --- a/infrastructure/vault/servers/inventory/host_vars/osiris.sops.yml +++ /dev/null @@ -1,25 +0,0 @@ -kind: Secret -ansible_become_pass: ENC[AES256_GCM,data:GV8Nrn6agGHckQ==,iv:6sO//Wka5X7L59GVDfql/58ZiFES+qPK2z96H7m+/Sk=,tag:kE4INIepgwB9E2Hpe8qGew==,type:str] -SECRET_PUBLIC_DOMAIN: ENC[AES256_GCM,data:TV0xp4iXGzA=,iv:ILmMAcGDUOdTz1EX7uf6EjMLn9Pp0bbY4USm9Ug1cMU=,tag:t33eWIxMgLj624K1Xv+RuQ==,type:str] -SECRET_PRIVATE_DOMAIN: ENC[AES256_GCM,data:jiDqfST9TQ==,iv:4LzIz2uK6pkUsK5TDvS4yGxkL9G/KeYxyXgqQW/tX5o=,tag:/6TQpi7Fd7G/GNfC0CQQyA==,type:str] -SECRET_KOPIA_PASSWORD: ENC[AES256_GCM,data:6bukOQsECV/vRw==,iv:vPo+JTf0I/Nv9s10KhaHurC1vTkH2QcSfgfEQogVKgQ=,tag:KW+x7QzGAWzWYrRty7cRGQ==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1986cspgjd7xhdwfwmyplc5jsjk43gewedu7s3sr7gwwhrdp7rgzq6t4ax9 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoSWVCYnZNU2o0QUR4c0dB - YTM4STNhN2duK1prS2NmUlg1aytIWFdvb3lVClBHdkpiUDhZQUV6V1ZWcExTUFcw - VFhUMCtvVlNkRXBObXB2Y05kMDZ5SDQKLS0tIDFrY0ZNUUljN3RFaDVQK24rVWQz - WWw1VGVKWjRWdEJsMnJTTDU1aUJqS00KFPmfeX3J10uIEv9XoMuPlMRMXDhonaCA - YX3K7cXUz/IrtkBxFef5ea5DaAGRCz4FPgY4Rc7hNz7mLZDl7xmzwQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-11-27T02:30:37Z" - mac: ENC[AES256_GCM,data:jzptpTo2uYedm/zzyIALUZ2/ALF/7+tjnNESzIUEIGWoTR9sO2HqCyLwvkQqd7xVT2IKR8O2ukBzJTcke+0dFr1saFmk8Ul4i6bwVJGMytHzBH/Y33FKMo0Lm6m3RYdyU1c00fMLymKz7cSMprhL8FZrNs9RVLA3UPmnBxSsORM=,iv:tVpQu6UvT3Z81Xu/lKq6uTNtK6npKAhf2bQDyqXW7bQ=,tag:9HAvMZ9JYV/RBSK37C/iEA==,type:str] - pgp: [] - unencrypted_regex: ^(kind)$ - version: 3.7.3 diff --git a/infrastructure/vault/servers/playbooks/apps.yml b/infrastructure/vault/servers/playbooks/apps.yml deleted file mode 100644 index d960dd7aa0..0000000000 --- a/infrastructure/vault/servers/playbooks/apps.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: Storage - hosts: - - storage - become: true - gather_facts: true - any_errors_fatal: true - pre_tasks: - - name: Pausing for 5 seconds... - ansible.builtin.pause: - seconds: 5 - roles: - - role: apps.storage - tags: - - apps.storage diff --git a/infrastructure/vault/servers/playbooks/cluster-installation.yml b/infrastructure/vault/servers/playbooks/cluster-installation.yml deleted file mode 100644 index 6d6913db58..0000000000 --- a/infrastructure/vault/servers/playbooks/cluster-installation.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: Cluster Installation - hosts: - - storage - become: true - gather_facts: true - any_errors_fatal: true - pre_tasks: - - name: Pausing for 2 seconds... - ansible.builtin.pause: - seconds: 2 - tasks: - - name: Install Kubernetes - ansible.builtin.include_role: - name: xanmanning.k3s - public: true - vars: - k3s_state: installed diff --git a/infrastructure/vault/servers/playbooks/cluster-nuke.yml b/infrastructure/vault/servers/playbooks/cluster-nuke.yml deleted file mode 100644 index d16437aa04..0000000000 --- a/infrastructure/vault/servers/playbooks/cluster-nuke.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -- name: Cluster Nuke - hosts: - - storage - become: true - gather_facts: true - any_errors_fatal: true - pre_tasks: - - name: Pausing for 2 seconds... - ansible.builtin.pause: - seconds: 2 - tasks: - - name: Uninstall k3s - ansible.builtin.include_role: - name: xanmanning.k3s - public: true - vars: - k3s_state: uninstalled - - name: Gather list of CNI files - ansible.builtin.find: - paths: /etc/cni/net.d - patterns: "*" - hidden: true - register: directory_contents - - name: Delete CNI files - ansible.builtin.file: - path: "{{ item.path }}" - state: absent - loop: "{{ directory_contents.files }}" diff --git a/infrastructure/vault/servers/playbooks/cluster-prepare.yml b/infrastructure/vault/servers/playbooks/cluster-prepare.yml deleted file mode 100644 index 14e421bdaa..0000000000 --- a/infrastructure/vault/servers/playbooks/cluster-prepare.yml +++ /dev/null @@ -1,169 +0,0 @@ ---- -# TODO: Add bonding to /etc/modules-load.d/modules.conf -# TODO: Add netplan config for bond0 -- name: Cluster Prepare - hosts: - - storage - become: true - gather_facts: true - any_errors_fatal: true - pre_tasks: - - name: Pausing for 2 seconds... - ansible.builtin.pause: - seconds: 2 - tasks: - - name: Locale - block: - - name: Locale | Set timezone - community.general.timezone: - name: "{{ timezone | default('America/New_York') }}" - - name: Packages - block: - - name: Packages | Add apt repositories - ansible.builtin.apt_repository: - repo: "{{ item }}" - update_cache: true - loop: "{{ packages_repositories | default([]) }}" - - name: Packages | Install common packages - ansible.builtin.apt: - name: "{{ packages_install | default([]) }}" - install_recommends: false - - name: Packages | Remove packages - ansible.builtin.apt: - name: "{{ packages_remove | default([]) }}" - state: absent - autoremove: true - - name: User - block: - - name: User | Create group - ansible.builtin.group: - gid: "{{ create_group.id }}" - name: "{{ create_group.name }}" - state: present - - name: User | Create user - ansible.builtin.user: - uid: "{{ create_user.id }}" - name: "{{ create_user.name }}" - shell: /usr/bin/fish - group: "{{ create_group.name }}" - groups: "{{ create_user.additional_groups }}" - append: true - - name: User | Add user to sudoers - ansible.builtin.copy: - content: "{{ create_user.name }} ALL=(ALL:ALL) NOPASSWD:ALL" - dest: "/etc/sudoers.d/{{ create_user.name }}_nopasswd" - mode: "0440" - - name: User | Add additional user SSH public keys - ansible.posix.authorized_key: - user: "{{ create_user.name }}" - key: "{{ item }}" - loop: "{{ ssh_authorized_keys | default([]) }}" - - name: User | Silence the login prompt - ansible.builtin.file: - dest: "/home/{{ create_user.name }}/.hushlogin" - state: touch - owner: "{{ create_user.name }}" - mode: "0775" - modification_time: preserve - access_time: preserve - - name: Network - block: - - name: Network | Set hostname to inventory hostname - ansible.builtin.hostname: - name: "{{ inventory_hostname }}" - - name: Network | Update /etc/hosts to include hostname - ansible.builtin.blockinfile: - path: /etc/hosts - mode: "0644" - create: true - block: | - 127.0.0.1 localhost - 127.0.1.1 {{ inventory_hostname }} - - name: NFS - block: - - name: NFS | Update configuration - ansible.builtin.blockinfile: - path: /etc/nfs.conf.d/local.conf - mode: "0644" - create: true - block: | - [nfsd] - vers2 = n - vers3 = n - threads = 16 - [mountd] - manage-gids = 1 - - name: File System - block: - - name: File System | Disable swap - ansible.builtin.command: swapoff -a - when: ansible_swaptotal_mb > 0 - - name: File System | Disable swap on boot - ansible.posix.mount: - name: "{{ item }}" - fstype: swap - state: absent - loop: ["swap", "none"] - - name: System - block: - - name: System | Disable apparmor and mitigations in grub - ansible.builtin.replace: - path: /etc/default/grub - regexp: '^(GRUB_CMDLINE_LINUX=(?:(?![" ]{{ item.key | regex_escape }}=).)*)(?:[" ]{{ item.key | regex_escape }}=\S+)?(.*")$' - replace: '\1 {{ item.key }}={{ item.value }}\2' - with_dict: "{{ grub_config }}" - vars: - grub_config: - apparmor: "0" - mitigations: "off" - register: grub_status - - name: System | Run grub-mkconfig - ansible.builtin.command: update-grub - when: grub_status.changed - - name: Notifications - block: - - name: Notifications | Copy /etc/aliases - notify: Restart msmtpd - ansible.builtin.template: - src: aliases.j2 - dest: /etc/aliases - mode: "0644" - - name: Notifications | Copy /etc/msmtprc - notify: Restart msmtpd - ansible.builtin.template: - src: msmtprc.j2 - dest: /etc/msmtprc - mode: "0644" - - name: Notifications | Copy /etc/smartd.conf - notify: Restart smartd - ansible.builtin.template: - src: smartd.conf.j2 - dest: /etc/smartd.conf - mode: "0644" - - name: Notifications | Copy /etc/zfs/zed.d/zed.rc - notify: Restart zed - ansible.builtin.template: - src: zed.rc.j2 - dest: /etc/zfs/zed.d/zed.rc - mode: "0644" - - handlers: - - name: Reboot - ansible.builtin.reboot: - msg: Rebooting nodes - reboot_timeout: 3600 - - name: Restart msmtpd - ansible.builtin.service: - name: msmtpd.service - enabled: true - state: restarted - - name: Restart smartd - ansible.builtin.service: - name: smartd.service - enabled: true - state: restarted - - name: Restart zed - ansible.builtin.service: - name: zed.service - enabled: true - state: restarted diff --git a/infrastructure/vault/servers/playbooks/templates/aliases.j2 b/infrastructure/vault/servers/playbooks/templates/aliases.j2 deleted file mode 100644 index 64506e4e6e..0000000000 --- a/infrastructure/vault/servers/playbooks/templates/aliases.j2 +++ /dev/null @@ -1,14 +0,0 @@ -# /etc/aliases -mailer-daemon: postmaster@ -postmaster: root@ -nobody: root@ -hostmaster: root@ -usenet: root@ -news: root@ -webmaster: root@ -www: root@ -ftp: root@ -abuse: root@ -noc: root@ -security: root@ -root: twitlin@286k.co diff --git a/infrastructure/vault/servers/playbooks/templates/msmtprc.j2 b/infrastructure/vault/servers/playbooks/templates/msmtprc.j2 deleted file mode 100644 index 1aeac53a9e..0000000000 --- a/infrastructure/vault/servers/playbooks/templates/msmtprc.j2 +++ /dev/null @@ -1,15 +0,0 @@ -defaults -auth off -tls off -tls_trust_file /etc/ssl/certs/ca-certificates.crt -logfile /var/log/msmtp - -account maddy -host smtp-relay.286k.co -port 25 -from osiris@286k.co -tls_starttls off - -account default: maddy - -aliases /etc/aliases diff --git a/infrastructure/vault/servers/playbooks/templates/smartd.conf.j2 b/infrastructure/vault/servers/playbooks/templates/smartd.conf.j2 deleted file mode 100644 index 0ca7e5c115..0000000000 --- a/infrastructure/vault/servers/playbooks/templates/smartd.conf.j2 +++ /dev/null @@ -1,2 +0,0 @@ -# /etc/smartd.conf -DEVICESCAN -a -o on -S on -n standby,q -s (S/../.././02|L/../../6/03) -W 4,35,40 -m osiris@286k.co diff --git a/infrastructure/vault/servers/playbooks/templates/zed.rc.j2 b/infrastructure/vault/servers/playbooks/templates/zed.rc.j2 deleted file mode 100644 index 38d882abd2..0000000000 --- a/infrastructure/vault/servers/playbooks/templates/zed.rc.j2 +++ /dev/null @@ -1,8 +0,0 @@ -# /etc/zfs/zed.d/zed.rc -ZED_DEBUG_LOG="/var/log/zed.debug.log" -ZED_EMAIL_ADDR="osiris@286k.co" -ZED_EMAIL_PROG="mail" -ZED_EMAIL_OPTS="-s '@SUBJECT@' @ADDRESS@ -r osiris@286k.co" -ZED_NOTIFY_VERBOSE=1 -ZED_NOTIFY_DATA=1 -ZED_USE_ENCLOSURE_LEDS=1 diff --git a/infrastructure/storage/apps/.terraform.lock.hcl b/terraform/storage/apps/.terraform.lock.hcl similarity index 62% rename from infrastructure/storage/apps/.terraform.lock.hcl rename to terraform/storage/apps/.terraform.lock.hcl index d56cfe717d..6ee5b74f09 100644 --- a/infrastructure/storage/apps/.terraform.lock.hcl +++ b/terraform/storage/apps/.terraform.lock.hcl @@ -12,6 +12,13 @@ provider "registry.terraform.io/carlpett/sops" { "h1:eyhWU7mN5Q++hYu7j/w8aACehkiaFcdYp84pEF1n7XM=", "h1:tnN2Mgl0NUF3cg7a0HtGmtOhHcG+tkaT6ncOPRuA9l8=", "h1:xkTdN4nYt3PM5Sx09j/g+vnFWU2njQCO6CXza034R1I=", + "zh:064e63ea800cd1a8e575064097bc7de6fd5faa8ad50dbb3f2f9d8a3ebc9d7b97", + "zh:0663900085949d2faf24c170c7cdfbf76e545797915cc331da8304144c02bf27", + "zh:2ff26c7e5ee356c30791a12dd8e114c6237bd873d09e52805cb30dd5d758ed23", + "zh:44211fa474112ad0c9fcdae03f13ec7c75cdefd3ab29979b99cb834208055593", + "zh:6c3ab441c12b9679ad1dcac580d1ee7782f0d94efe6da6e983435ed39335cd3f", + "zh:8924cc939b52382ef042dc38bde93cdf438ff0aeab5e1801fbd198f05b80cd47", + "zh:ebc189ce22c23b903399f71e33d465001a79d7de7f7bf115c7763fcf794f4b58", ] } @@ -30,6 +37,18 @@ provider "registry.terraform.io/hashicorp/kubernetes" { "h1:sXCkOxRoMFTJnBMRmQlem2S5euv65k4veJQN5LaJayI=", "h1:uosKyesMfmeKIcxjMLaHVMW3uW3zVy50Bzvx2jpsNoE=", "h1:xyFc77aYkPoU4Xt1i5t0B1IaS8TbTtp9aCSuQKDayII=", + "zh:10488a12525ed674359585f83e3ee5e74818b5c98e033798351678b21b2f7d89", + "zh:1102ba5ca1a595f880e67102bbf999cc8b60203272a078a5b1e896d173f3f34b", + "zh:1347cf958ed3f3f80b3c7b3e23ddda3d6c6573a81847a8ee92b7df231c238bf6", + "zh:2cb18e9f5156bc1b1ee6bc580a709f7c2737d142722948f4a6c3c8efe757fa8d", + "zh:5506aa6f28dcca2a265ccf8e34478b5ec2cb43b867fe6d93b0158f01590fdadd", + "zh:6217a20686b631b1dcb448ee4bc795747ebc61b56fbe97a1ad51f375ebb0d996", + "zh:8accf916c00579c22806cb771e8909b349ffb7eb29d9c5468d0a3f3166c7a84a", + "zh:9379b0b54a0fa030b19c7b9356708ec8489e194c3b5e978df2d31368563308e5", + "zh:aa99c580890691036c2931841e88e7ee80d59ae52289c8c2c28ea0ac23e31520", + "zh:c57376d169875990ac68664d227fb69cd0037b92d0eba6921d757c3fd1879080", + "zh:e6068e3f94f6943b5586557b73f109debe19d1a75ca9273a681d22d1ce066579", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } diff --git a/infrastructure/storage/apps/app_kopia.tf b/terraform/storage/apps/app_kopia.tf similarity index 100% rename from infrastructure/storage/apps/app_kopia.tf rename to terraform/storage/apps/app_kopia.tf diff --git a/infrastructure/storage/apps/app_minio.tf b/terraform/storage/apps/app_minio.tf similarity index 100% rename from infrastructure/storage/apps/app_minio.tf rename to terraform/storage/apps/app_minio.tf diff --git a/infrastructure/storage/apps/app_node_exporter.tf b/terraform/storage/apps/app_node_exporter.tf similarity index 100% rename from infrastructure/storage/apps/app_node_exporter.tf rename to terraform/storage/apps/app_node_exporter.tf diff --git a/infrastructure/storage/apps/app_smartctl_exporter.tf b/terraform/storage/apps/app_smartctl_exporter.tf similarity index 100% rename from infrastructure/storage/apps/app_smartctl_exporter.tf rename to terraform/storage/apps/app_smartctl_exporter.tf diff --git a/infrastructure/storage/apps/app_vector_agent.tf b/terraform/storage/apps/app_vector_agent.tf similarity index 100% rename from infrastructure/storage/apps/app_vector_agent.tf rename to terraform/storage/apps/app_vector_agent.tf diff --git a/infrastructure/storage/apps/main.tf b/terraform/storage/apps/main.tf similarity index 100% rename from infrastructure/storage/apps/main.tf rename to terraform/storage/apps/main.tf diff --git a/infrastructure/storage/apps/providers.tf b/terraform/storage/apps/providers.tf similarity index 100% rename from infrastructure/storage/apps/providers.tf rename to terraform/storage/apps/providers.tf diff --git a/infrastructure/storage/apps/secret.sops.yaml b/terraform/storage/apps/secret.sops.yaml similarity index 100% rename from infrastructure/storage/apps/secret.sops.yaml rename to terraform/storage/apps/secret.sops.yaml diff --git a/infrastructure/storage/apps/templates/repository.config.tftpl b/terraform/storage/apps/templates/repository.config.tftpl similarity index 100% rename from infrastructure/storage/apps/templates/repository.config.tftpl rename to terraform/storage/apps/templates/repository.config.tftpl diff --git a/infrastructure/storage/apps/templates/vector.yaml.tftpl b/terraform/storage/apps/templates/vector.yaml.tftpl similarity index 100% rename from infrastructure/storage/apps/templates/vector.yaml.tftpl rename to terraform/storage/apps/templates/vector.yaml.tftpl diff --git a/infrastructure/storage/apps/variables.tf b/terraform/storage/apps/variables.tf similarity index 100% rename from infrastructure/storage/apps/variables.tf rename to terraform/storage/apps/variables.tf