Iac
No description available
Install / Use
/learn @chkpwd/IacREADME
Overview
This repository provides a set of tools and configurations for automating tasks across environments. It includes Ansible playbooks and roles, Docker configurations, Kubernetes manifests, Terraform modules, and Packer scripts. Secrets are managed through various methods, most notably Bitwarden Secrets Manager. The project is designed with flexibility in mind, allowing me to configure every inch of my infrastructure programmatically while being modular.
About The Lab
Kubernetes
Core Components
- Cilium: Internal Kubernetes networking plugin.
- Cert-manager: Creates SSL certificates for services in the cluster.
- External DNS: Syncs DNS records from Kubernetes ingresses to a DNS provider.
- External Secrets: Manages Kubernetes secrets using Bitwarden.
- Ingress NGINX: NGINX-based ingress controller for Kubernetes.
- Rook Ceph: Open-Source, Cloud-Native Storage for Kubernetes.
- Tofu Controller: Runs Terraform from within a Kubernetes cluster.
Terraform
❯ tree -L1 terraform
terraform
├── _modules
├── _templates
├── authentik
├── aws
[...]
Core Components
bws-cache
Securely retrieves secrets into the Terraform state by making API requests to a secrets management service (like Bitwarden) using an access token. By leveraging the bws-cache, it ensures sensitive information is dynamically fetched and securely passed into the Terraform state without hardcoding secrets, minimizing exposure risks.
<details> <summary>Example</summary>[...]
for key in key_name:
bws_response = requests.get(
f"http://mgmt-srv-01:5000/key/{key}",
headers={"Authorization": f"Bearer {access_token}"},
timeout=10,
).json()
logging.debug(bws_response)
try:
results.append(bws_response['value'])
except KeyError as exc:
raise InvalidToken(
"Token is invalid or does not have permissions to read value"
) from exc
[...]
resource "radarr_download_client_sabnzbd" "sabnzbd" {
enable = true
priority = 1
name = "sabnzbd"
host = "sabnzbd.${var.cluster_media_domain}"
url_base = "/"
port = var.ports["sabnzbd"]
movie_category = "movies"
api_key = data.external.bws_lookup.result["infra-media-secrets_sabnzbd_api_key"]
}
Ansible
Core Components
N/A
Equipment
<details open> <summary>Kubernetes</summary>| Name | Device | CPU | OS Disk | Data Disk | RAM | OS | Purpose | | --------- | ------------ | -------- | -------- | --------- | ---- | ------ | -------------------- | | ct-k3s-01 | Lenovo M710q | i5-6500T | 64GB SSD | 1TB NVME | 32GB | Kairos | control-plane/worker | | ct-k3s-02 | Lenovo M710q | i5-6500T | 64GB SSD | 1TB NVME | 32GB | Kairos | control-plane/worker | | ct-k3s-03 | Lenovo M710q | i5-6500T | 64GB SSD | 1TB NVME | 32GB | Kairos | control-plane/worker |
</details> <details> <summary>Servers</summary>| Name | Device | CPU | OS Disk | Data Disk | RAM | OS | Purpose | | -------- | ------------- | ---------- | -------- | --------- | ----- | --------- | ------------- | | WhiteBox | Custom | TR 2970W | 128GB | 6TB | 128GB | Proxmox | VM/Containers | | Synology | RS819 | - | - | 4x4TB SHR | - | DSM 7 | Storage | | mgmt-pi | Raspberry Pi4 | Cortex A72 | 64GB SSD | - | 8GB | Debian 12 | Misc Software |
</details> <details> <summary>Network</summary>| Device | Purpose | | ----------- | ---------------- | | Dell 7040 | Network - Router | | TL-SG1016PE | Network - Switch |
</details> <p align="right">(<a href="#readme-top">back to top</a>)</p>Roadmap
- Finish README
Related Skills
node-connect
349.9kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
prose
349.9kOpenProse VM skill pack. Activate on any `prose` command, .prose files, or OpenProse mentions; orchestrates multi-agent workflows.
frontend-design
109.8kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
349.9kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
