Compare commits

...

2 commits

Author SHA1 Message Date
26f8224941
make Dependabot tofu validate stubs satisfy provider validators (#132)
Some checks failed
Deploy (on merge) / Discover hosts (push) Has been cancelled
Terraform / Plan (push) Has been cancelled
Deploy (on merge) / deploy (push) Has been cancelled
Terraform / Apply (push) Has been cancelled
2026-06-12 19:25:24 +01:00
8665a5fe99
remove stale promtail/rc.d leftovers, rss DNS record, fix london-c host description (#131) 2026-06-12 19:24:39 +01:00
6 changed files with 15 additions and 75 deletions

View file

@ -37,9 +37,19 @@ jobs:
# secrets.yaml is decrypted from SOPS at plan time and can't be # secrets.yaml is decrypted from SOPS at plan time and can't be
# produced here, so stub the keys the config reads (kept in sync by # produced here, so stub the keys the config reads (kept in sync by
# deriving them from the actual secrets["..."] references). # deriving them from the actual secrets["..."] references).
# Stub values must satisfy provider config validators: hcloud
# requires a 64-char token, and Grafana's fleet_management_auth
# must look like `username:password`.
stub64=$(printf 'stub%.0s' {1..16})
grep -rhoE 'secrets\["[^"]+"\]' . \ grep -rhoE 'secrets\["[^"]+"\]' . \
| sed -E 's/.*secrets\["([^"]+)"\].*/\1: "stub"/' \ | sed -E 's/.*secrets\["([^"]+)"\].*/\1/' \
| sort -u > secrets.yaml | sort -u \
| while read -r key; do
case "$key" in
*_auth) echo "$key: \"stub:stub\"" ;;
*) echo "$key: \"$stub64\"" ;;
esac
done > secrets.yaml
tofu init -backend=false tofu init -backend=false
tofu validate tofu validate

View file

@ -1,6 +1,6 @@
--- ---
host_role: idle host_role: utility
host_description: "Idle/available" host_description: "Octopus Energy exporter, edge utility box"
host_location: "London" host_location: "London"
prometheus_location: london prometheus_location: london

View file

@ -1,32 +0,0 @@
---
server:
http_listen_port: 9080
grpc_listen_port: 0
positions:
filename: /tmp/positions.yaml
clients:
- url: http://192.168.1.254:3100/loki/api/v1/push
scrape_configs:
- job_name: london-b
static_configs:
- targets:
- localhost
labels:
job: varlogs
instance: london-b
__path__: /var/log/*log
- targets:
- localhost
labels:
job: plex
instance: london-b
__path__: /var/lib/plexmediaserver/Library/Application Support/Plex Media Server/Logs/*log
- targets:
- localhost
labels:
job: jellyfin
instance: london-b
__path__: /var/log/jellyfin/*log

View file

@ -1,14 +0,0 @@
[Unit]
Description=Promtail service
After=network.target
[Service]
Type=simple
User=root
ExecStart=/usr/bin/promtail -config.file /etc/promtail/config.yml
TimeoutSec=60
Restart=on-failure
RestartSec=2
[Install]
WantedBy=multi-user.target

View file

@ -1,24 +0,0 @@
# /etc/rc.conf — london-a (FreeBSD)
# Captured 2026-03-22
clear_tmp_enable="YES"
hostname="london-a"
ifconfig_em0="inet 192.168.1.254 netmask 255.255.255.0"
defaultrouter="192.168.1.1"
ifconfig_em0_ipv6="inet6 accept_rtadv"
sshd_enable="YES"
ntpd_enable="YES"
powerd_enable="YES"
moused_nondefault_enable="NO"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"
zfs_enable="YES"
grafana_enable="YES"
prometheus_enable="YES"
node_exporter_enable="YES"
tailscaled_enable="YES"
influxd_enable="NO"
libvirtd_enable="NO"
redis_enable="NO"
postgresql_enable="NO"
node_exporter_listen_address="100.122.219.41:9100"

View file

@ -16,7 +16,7 @@ resource "hcloud_zone_rrset" "A_helsinki_a" {
"@", "apps", "auth", "bitwarden", "download", "git", "helsinki-a", "@", "apps", "auth", "bitwarden", "download", "git", "helsinki-a",
"jellyfin", "jellyfin-requests", "ldap", "lidarr", "london-a", "music", "naveen", "jellyfin", "jellyfin-requests", "ldap", "lidarr", "london-a", "music", "naveen",
"plex", "prowlarr", "radarr", "readarr", "request", "plex", "prowlarr", "radarr", "readarr", "request",
"rss", "sonarr", "soulseek", "status", "sonarr", "soulseek", "status",
]) ])
zone = hcloud_zone.pezsh.name zone = hcloud_zone.pezsh.name
name = each.value name = each.value