r/ouranos
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
2ffcf005704bb0a157a977dfc99c3412f8c26963
ouranos/terraform/containers.tf

286 lines
7.4 KiB
HCL
Raw Blame History

locals {
# Common cloud-init configuration
base_cloud_init = <<EOT
#cloud-config
package_update: true
packages:
- apt-utils
- openssh-server
users:
- name: ${var.keeper_user}
uid: ${var.keeper_uid}
homedir: /srv/${var.keeper_user}
sudo: ALL=(ALL) NOPASSWD:ALL
shell: /bin/bash
groups: sudo
lock_passwd: true
EOT
# Uranian host definitions - Red Panda Approved
uranian_hosts = {
oberon = {
description = "Docker Host + MCP Switchboard - King of Fairies orchestrating containers and managing MCP infrastructure"
remote = "local"
role = "container_orchestration"
image = "noble"
config = {
"security.nesting" = true
"raw.lxc" = "lxc.apparmor.profile=unconfined"
}
devices = [{
name = "app_ports"
type = "proxy"
properties = {
listen = "tcp:0.0.0.0:25590-25599"
connect = "tcp:127.0.0.1:25590-25599"
}
}]
}
portia = {
description = "PostgreSQL Host - Intelligent database justice"
role = "database"
image = "noble"
config = {}
devices = []
}
ariel = {
description = "Neo4j Host - Ethereal graph connections"
role = "graph_database"
image = "noble"
config = {
"security.nesting" = true
"raw.lxc" = "lxc.apparmor.profile=unconfined"
}
devices = [{
name = "neo4j_ports"
type = "proxy"
properties = {
listen = "tcp:0.0.0.0:25554"
connect = "tcp:127.0.0.1:25554"
}
}]
}
miranda = {
description = "Dedicated Docker Host for MCP Servers - Curious bridge between worlds"
role = "mcp_docker_host"
image = "noble"
config = {
"security.nesting" = true
"raw.lxc" = "lxc.apparmor.profile=unconfined"
}
devices = [{
name = "mcp_containers"
type = "proxy"
properties = {
listen = "tcp:0.0.0.0:25530-25539"
connect = "tcp:127.0.0.1:25530-25539"
}
},
{
name = "mcpo_ports"
type = "proxy"
properties = {
listen = "tcp:0.0.0.0:25560-25569"
connect = "tcp:127.0.0.1:25560-25569"
}
}]
}
sycorax = {
description = "Arke LLM Proxy - Original magical language power"
role = "language_models"
image = "noble"
config = {
"security.nesting" = true
"raw.lxc" = "lxc.apparmor.profile=unconfined"
}
devices = [{
name = "arke_ports"
type = "proxy"
properties = {
listen = "tcp:0.0.0.0:25540-25544"
connect = "tcp:127.0.0.1:25540-25544"
}
}]
}
puck = {
description = "Python App Host - Shape-shifting trickster"
role = "application_runtime"
image = "questing"
config = {
"security.nesting" = true
"raw.lxc" = "lxc.apparmor.profile=unconfined"
}
devices = [{
name = "puck_ports"
type = "proxy"
properties = {
listen = "tcp:0.0.0.0:25570-25589"
connect = "tcp:127.0.0.1:25570-25589"
}
},
{
name = "puck_rdp"
type = "proxy"
properties = {
listen = "tcp:0.0.0.0:25589"
connect = "tcp:127.0.0.1:3389"
}
},
{
name = "gpu"
type = "gpu"
properties = {}
}
]
}
caliban = {
description = "Agent S MCP Server - Autonomous computer agent learning through environmental interaction"
role = "agent_automation"
image = "questing"
config = {
"security.nesting" = true
"raw.lxc" = "lxc.apparmor.profile=unconfined"
}
devices = [{
name = "caliban"
type = "proxy"
properties = {
listen = "tcp:0.0.0.0:25519"
connect = "tcp:127.0.0.1:3389"
}
},
{
name = "gpu"
type = "gpu"
properties = {}
}]
}
prospero = {
description = "Master magician observing events - PPLG observability stack with internal HAProxy"
role = "observability"
image = "noble"
config = {}
devices = [
{
name = "https_internal"
type = "proxy"
properties = {
listen = "tcp:0.0.0.0:25510"
connect = "tcp:127.0.0.1:443"
}
},
{
name = "http_redirect"
type = "proxy"
properties = {
listen = "tcp:0.0.0.0:25511"
connect = "tcp:127.0.0.1:80"
}
}
]
}
titania = {
description = "Proxy & SSO Services - Queen of the fairies managing access and authentication"
role = "proxy_sso"
image = "noble"
config = {
"security.nesting" = true
"raw.lxc" = "lxc.apparmor.profile=unconfined"
}
devices = [
{
name = "https_standard"
type = "proxy"
properties = {
listen = "tcp:0.0.0.0:443"
connect = "tcp:127.0.0.1:8443"
}
},
{
name = "http_redirect"
type = "proxy"
properties = {
listen = "tcp:0.0.0.0:80"
connect = "tcp:127.0.0.1:8080"
}
},
{
name = "gitea_ssh"
type = "proxy"
properties = {
listen = "tcp:0.0.0.0:22022"
connect = "tcp:127.0.0.1:22022"
}
}
]
}
rosalind = {
description = "Nextcloud Host - Witty and resourceful moon for cloud collaboration (PHP, Go, Node.js runtimes)"
role = "collaboration"
image = "noble"
config = {
"security.nesting" = true
"raw.lxc" = "lxc.apparmor.profile=unconfined"
}
devices = [{
name = "nextcloud_data"
type = "disk"
properties = {
source = "nextcloud-data"
pool = "default"
path = "/mnt/nextcloud"
}
}]
}
}
images = {
noble = incus_image.noble.fingerprint
plucky = incus_image.plucky.fingerprint
questing = incus_image.questing.fingerprint
}
}
resource "incus_instance" "uranian_hosts" {
for_each = local.uranian_hosts
name = each.key
project = var.project_name
profiles = [var.profile_name]
image = local.images[each.value.image]
ephemeral = false
dynamic "device" {
for_each = lookup(each.value, "devices", [])
content {
name = device.value.name
type = device.value.type
properties = device.value.properties
}
}
config = merge(
{
"user.access_Interface" = "eth0"
"cloud-init.user-data" = local.base_cloud_init
"user.Environment" = "sandbox"
"user.ManagedBy" = "terraform"
"user.Role" = each.value.role
},
each.value.config
)
file {
target_path = "/srv/${var.keeper_user}/.ssh/authorized_keys"
source_path = var.ssh_key_path
uid = var.keeper_uid
gid = var.keeper_uid
mode = 0750
create_directories = true
}
lifecycle {
ignore_changes = [config]
}
}
Reference in New Issue View Git Blame Copy Permalink