initial commit

incus/.terraform.lock.hcl

@@ -0,0 +1,22 @@
+# This file is maintained automatically by "tofu init".
+# Manual edits may be lost in future updates.
+
+provider "registry.opentofu.org/lxc/incus" {
+  version = "1.0.2"
+  hashes = [
+    "h1:skSyqJPnvwhbfSrmVVY05I/js7qvX8T8Cd182tnTetc=",
+    "zh:0f312afd0bc27c111c5b4e41b6274dfe4401c3b5c60e4bd519425c547c5c2316",
+    "zh:396587c30adce1b57400ecf1a43df8d4fcbdf5172e3e359f58f7147520891546",
+    "zh:40310405f58493af0e68b1040d62286cd5e6d25b96b5e2d1534d155a98375eba",
+    "zh:4991adf7f290ffc840a1123b300163b8db25a6c4b096648c7b576a6661980ed5",
+    "zh:5d71a5c949a5ad01d075f856475e7de95df16b50d52e546a2257e5c56bfa9150",
+    "zh:60e5fde27aa605abab8487d6ed8a8bb66de88f5e1ba31bb05364b4379fde5f83",
+    "zh:63f9b65382bcb88efd0d9aa8422987405fcf00d4f5b63fbe1ae030438fb55eb7",
+    "zh:79acebe8ed9627dffc369058e54bbb933b5568fee02de3cc353274d728c07597",
+    "zh:97170106b7520d7c025ccfe392a0b7c2d172e63f00f656989b08d0b6ece56573",
+    "zh:9c8fc5d4b26dc21e6d75d6ac127502a797d7e9253bd10b236914db51fa1fc4d7",
+    "zh:b2b8cabdfa681efffa3599468257b185f7a7e24ec6e624e57f75920aa1e7c134",
+    "zh:d32129503b83790752482e0d794ffb9b04f7a893cc113d834654a8ddb028402f",
+    "zh:ebd2fb8d94d72bc28c5655c29c6e6048cc31ef3650d0e166aaf3d82a31673cd5",
+  ]
+}

incus/groups.tf

@@ -0,0 +1,21 @@
+resource "incus_cluster_group" "default" {
+  name        = "default"
+  description = "Default cluster group"
+}
+
+resource "incus_cluster_group_member" "hypervisor" {
+  for_each      = var.incus_hypervisors
+  cluster_group = incus_cluster_group.default.name
+  member        = each.key
+}
+
+resource "incus_cluster_group" "witness" {
+  name        = "witness"
+  description = "Inactive hosts only for keeping database quorum"
+}
+
+resource "incus_cluster_group_member" "witness" {
+  for_each      = var.incus_witnesses
+  cluster_group = incus_cluster_group.witness.name
+  member        = each.key
+}

incus/members.auto.tfvars

@@ -0,0 +1,10 @@
+incus_hypervisors = {
+  "hv-01" = "https://192.168.0.11:8443"
+  "hv-02" = "https://192.168.0.12:8443"
+}
+
+incus_witnesses = {
+  "nuc" = "https://192.168.0.11:8443"
+}
+
+incus_token = "eyJjbGllbnRfbmFtZSI6InRmIiwiZmluZ2VycHJpbnQiOiIxYjNmZGJmNTNlZTdlODc4NDllY2RiNTkyYzNkYTRkYmE0M2I3Mjg1OTFlYTAxYmE1NTNkZGRmYzJjNTBjNWMzIiwiYWRkcmVzc2VzIjpbIjE5Mi4xNjguMC4xMTo4NDQzIl0sInNlY3JldCI6IjAzNzFmMTdjMDc1OGU2ZmU5ZGJjNTkwZmNhYTAzOTllYWJkMDY3N2E4ODIzMGY1ZjkyYzdlNjNlYmMyYmU0NDQiLCJleHBpcmVzX2F0IjoiMDAwMS0wMS0wMVQwMDowMDowMFoifQ==" 

incus/network.auto.tfvars

@@ -0,0 +1,3 @@
+incus_networks = {
+  "main" = 0
+}

incus/network.tf

@@ -0,0 +1,28 @@
+resource "incus_network" "main_bridge" {
+  for_each = var.incus_hypervisors
+  name     = "main"
+  target   = each.key
+  type     = "physical"
+  config   = {
+    "parent" = "br0"
+  }
+}
+
+resource "incus_network" "main_dummy" {
+  for_each = var.incus_witnesses
+  name     = "main"
+  target   = each.key
+  type     = "physical"
+  config   = {
+    "parent" = "dummy0"
+  }
+}
+
+resource "incus_network" "main" {
+  depends_on = [
+    incus_network.main_bridge,
+    incus_network.main_dummy
+  ]
+  name       = "main"
+  type     = "physical"
+}

incus/provider.tf

@@ -0,0 +1,22 @@
+terraform {
+  required_providers {
+    incus = {
+      source = "lxc/incus"
+    }
+  }
+}
+
+provider "incus" {
+  generate_client_certificates = true
+  accept_remote_certificate    = true
+  default_remote               = keys(var.incus_hypervisors)[0]
+
+  dynamic "remote" {
+    for_each = var.incus_hypervisors
+    content {
+      name    = remote.key
+      address = remote.value
+      token   = var.incus_token
+    }
+  }
+}

incus/variables.tf

@@ -0,0 +1,17 @@
+variable "incus_hypervisors" {
+  type = map(string)
+}
+
+variable "incus_witnesses" {
+  type = map(string)
+}
+
+variable "incus_token" {
+  type      = string
+  sensitive = true
+  description = "The common authentication token for all Incus remotes"
+}
+
+variable "incus_networks" {
+  type = map(number)
+}