diff --git a/CLAUDE.md b/CLAUDE.md new file mode 100644 index 0000000..3299458 --- /dev/null +++ b/CLAUDE.md @@ -0,0 +1,47 @@ +# CLAUDE.md + +## Commandes Ansible + +Toujours `--ask-vault-pass`, jamais `--vault-password-file`. + +```bash +# Déployer tout +ansible-playbook -i ansible/inventory/hosts.yml ansible/site.yml --ask-vault-pass + +# Un seul playbook +ansible-playbook -i ansible/inventory/hosts.yml ansible/playbooks/forgejo.yml --ask-vault-pass + +# Éditer le vault +ansible-vault edit ansible/inventory/group_vars/all/vault.yml --ask-vault-pass +``` + +## SSH agent (obligatoire avant Ansible) + +```bash +eval $(ssh-agent -s) && ssh-add ~/.ssh/homelab +``` + +## Infrastructure + +| Hôte | IP | Rôle | +|------|----|------| +| Proxmox | 192.168.1.242 | Hyperviseur | +| vm-gateway | 192.168.1.254 | WireGuard | +| vm-forgejo | 192.168.1.50 | Forgejo :3000 | +| vm-nextcloud | 192.168.1.51 | Nextcloud :8080 | +| vm-tools | 192.168.1.52 | Stirling PDF :8081 | +| VPS Scaleway | 51.158.126.113 | Caddy + WireGuard | +| QNAP | 192.168.1.208 | NAS NFS/SMB | + +## Vault — variables clés + +`vault_forgejo_db_password`, `vault_forgejo_domain`, `vault_nextcloud_db_password`, +`vault_nextcloud_admin_user`, `vault_nextcloud_admin_password`, `vault_nextcloud_domain`, +`vault_admin_password`, `vault_wg_*` + +## Pièges connus + +- Les VMs Rocky Linux utilisent `firewalld`, le VPS Debian utilise `ufw` +- Docker gère lui-même les règles firewalld — ne pas les gérer dans les playbooks +- `NEXTCLOUD_TRUSTED_DOMAINS` n'est lu qu'au premier démarrage — utiliser `occ` pour modifier après install +- Le VPS a `ansible_user: Elewyn` (root SSH désactivé) diff --git a/homelab.md b/README.md similarity index 100% rename from homelab.md rename to README.md diff --git a/terraform/proxmox/main.tf b/terraform/proxmox/main.tf index 1514d13..6531807 100644 --- a/terraform/proxmox/main.tf +++ b/terraform/proxmox/main.tf @@ -1,122 +1,122 @@ -# Provider Proxmox (bpg) - plus moderne, pas le bug user list de telmate -terraform { - required_providers { - proxmox = { - source = "bpg/proxmox" - version = "~> 0.78" - } - } -} - -provider "proxmox" { - endpoint = var.proxmox_url - api_token = var.proxmox_api_token - insecure = true - - ssh { - agent = false - } -} - -# --- Locals : configuration centralisee des VMs --- -locals { - vms = { - gateway = { - vmid = 200 - cores = 1 - memory = 512 - balloon = 256 - disk = 10 - ip = var.gateway_ip - } - forgejo = { - vmid = 201 - cores = 2 - memory = 1024 - balloon = 512 - disk = 20 - ip = var.forgejo_ip - } - nextcloud = { - vmid = 202 - cores = 4 - memory = 6144 - balloon = 2048 - disk = 20 - ip = var.nextcloud_ip - } - tools = { - vmid = 203 - cores = 2 - memory = 2048 - balloon = 1024 - disk = 10 - ip = var.tools_ip - } - } -} - -# --- VMs generees dynamiquement par clonage du template --- -resource "proxmox_virtual_environment_vm" "vm" { - for_each = local.vms - - name = each.key - node_name = var.proxmox_node - vm_id = each.value.vmid - - clone { - vm_id = var.template_vmid - } - - scsi_hardware = "virtio-scsi-single" - - cpu { - cores = each.value.cores - sockets = 1 - type = "x86-64-v2-AES" - } - - memory { - dedicated = each.value.memory - floating = each.value.balloon - } - - agent { - enabled = true - timeout = "10s" - } - - disk { - interface = "scsi0" - size = each.value.disk - datastore_id = var.storage_name - } - - network_device { - bridge = var.network_bridge - model = "virtio" - } - - initialization { - ip_config { - ipv4 { - address = "${each.value.ip}/24" - gateway = var.network_gateway - } - } - dns { - servers = [var.dns_server] - } - user_account { - username = var.ci_user - keys = [var.ssh_public_key] - } - } - - lifecycle { - ignore_changes = [ - initialization, - network_device - ] - } -} +# Provider Proxmox (bpg) +terraform { + required_providers { + proxmox = { + source = "bpg/proxmox" + version = "~> 0.78" + } + } +} + +provider "proxmox" { + endpoint = var.proxmox_url + api_token = var.proxmox_api_token + insecure = true + + ssh { + agent = false + } +} + +# --- Locals : configuration centralisee des VMs --- +locals { + vms = { + gateway = { + vmid = 200 + cores = 1 + memory = 512 + balloon = 256 + disk = 10 + ip = var.gateway_ip + } + forgejo = { + vmid = 201 + cores = 2 + memory = 1024 + balloon = 512 + disk = 20 + ip = var.forgejo_ip + } + nextcloud = { + vmid = 202 + cores = 4 + memory = 6144 + balloon = 2048 + disk = 20 + ip = var.nextcloud_ip + } + tools = { + vmid = 203 + cores = 2 + memory = 2048 + balloon = 1024 + disk = 10 + ip = var.tools_ip + } + } +} + +# --- VMs generees dynamiquement par clonage du template --- +resource "proxmox_virtual_environment_vm" "vm" { + for_each = local.vms + + name = each.key + node_name = var.proxmox_node + vm_id = each.value.vmid + + clone { + vm_id = var.template_vmid + } + + scsi_hardware = "virtio-scsi-single" + + cpu { + cores = each.value.cores + sockets = 1 + type = "x86-64-v2-AES" + } + + memory { + dedicated = each.value.memory + floating = each.value.balloon + } + + agent { + enabled = true + timeout = "10s" + } + + disk { + interface = "scsi0" + size = each.value.disk + datastore_id = var.storage_name + } + + network_device { + bridge = var.network_bridge + model = "virtio" + } + + initialization { + ip_config { + ipv4 { + address = "${each.value.ip}/24" + gateway = var.network_gateway + } + } + dns { + servers = [var.dns_server] + } + user_account { + username = var.ci_user + keys = [var.ssh_public_key] + } + } + + lifecycle { + ignore_changes = [ + initialization, + network_device + ] + } +}