Add Ansible boilerplate

.ansible-lint

@@ -0,0 +1,2 @@
+---
+offline: true

.editorconfig

@@ -8,6 +8,6 @@ trim_trailing_whitespace = true
 indent_style = space
 indent_size = 2
 
-[{*.go,go.mod}]
+[{*.go,*.cue,go.mod}]
 tab_width = 2
 indent_style = tab

.gitignore

@@ -1 +1,3 @@
 /result
+/.ansible/
+/inventory.json

Pulumi.yaml

@@ -2,3 +2,5 @@
 name: infra
 runtime: go
 description: FollieHiyuki's personal infrastructure
+config:
+  pulumi:disable-default-providers: ["*"]

README.adoc

@@ -8,24 +8,6 @@ Monorepo managing all of my cloud and home lab resources.
 
 This repository is small, and each Pulumi project is a 1-stack directory. Therefore, all Pulumi projects use the same name, while their stack names are chosen to be the parent directory name. The `+Pulumi.yaml+` file at repository's root is reused for every Pulumi projects inside.
 
-Repository's layout:
-
-[source,bash]
-----
-.
-├── stacks/ => Each directory inside is a separated Pulumi project
-└── ...
-----
-
-=== Tooling
-
-link:https://nixos.org[nix] is used to run tasks and manage other tools.
-
-* List available tasks: `+nix flake show+`
-* Invoke a task: `+nix run .#<task>+`
-* Enter a development shell: `+nix develop+`
-* Run linters: `+nix flake check+`
-
 == License
 
 Apache-2.0

ansible.cfg

@@ -0,0 +1,28 @@
+[defaults]
+gathering               = explicit
+interpreter_python      = auto_silent
+display_skipped_hosts   = False
+host_key_checking       = False
+deprecation_warnings    = True
+fact_caching            = jsonfile
+fact_caching_timeout    = 86400
+fact_caching_connection = ./.ansible/fact
+collections_path        = ./.ansible/collections
+inventory               = ./inventory.json
+filter_plugins          = ./filter_plugins
+roles_path              = ./roles
+
+[inventory]
+enable_plugins   = yaml
+cache            = True
+cache_plugin     = jsonfile
+cache_connection = ./.ansible/inventory
+
+[privilege_escalation]
+become_method = doas
+become_user   = root
+
+[ssh_connection]
+pipelining      = True
+scp_extra_args  = -O
+transfer_method = smart

cue.mod/module.cue

@@ -0,0 +1 @@
+module: "gitlab.com/FollieHiyuki/infra"

flake.nix

@@ -21,6 +21,7 @@
     flake-utils.lib.eachDefaultSystem (system:
       let
         inherit (nixpkgs) lib;
+        inherit (flake-utils.lib) mkApp;
         pkgs = nixpkgs.legacyPackages."${system}";
 
         treefmtEval = treefmt-nix.lib.evalModule pkgs ./treefmt.nix;
@@ -32,9 +33,15 @@
           export PULUMI_AUTOMATION_API_SKIP_VERSION_CHECK=true
         '';
 
-        pulumiInputs = with pkgs; [ go pulumi pulumiPackages.pulumi-language-go ];
+        pulumiInputs = with pkgs; [
+          go
+          pulumi
+          pulumiPackages.pulumi-language-go
+        ];
 
-        pulumiTasks =
+        # `pulumi up` -> nix run .#up:<stack>
+        # `pulumi preview` -> nix run .#plan:<stack>
+        targets.pulumi =
           let
             pulumiStacks = builtins.attrNames
               (lib.filterAttrs (key: value: value == "directory")
@@ -46,11 +53,15 @@
               up = "pulumi up --show-replacement-steps";
             };
           in
-          lib.mapAttrs
-            (key: command: lib.genAttrs
-              pulumiStacks
-              (stack:
-                flake-utils.lib.mkApp {
+          lib.concatMapAttrs
+            (name: value: lib.mapAttrs'
+              (key: val:
+                lib.nameValuePair (name + ":" + key) val)
+              value)
+            (lib.mapAttrs
+              (key: command: lib.genAttrs
+                pulumiStacks
+                (stack: mkApp {
                   drv = pkgs.writeShellApplication {
                     name = key + "-" + stack;
                     runtimeInputs = pulumiInputs;
@@ -62,24 +73,31 @@
                       ${command}
                     '';
                   };
-                }
+                })
               )
-            )
-            pulumiCommands;
+              pulumiCommands);
+
+        # Tasks using `cue` CLI
+        targets.cue."gen:hosts" = mkApp {
+          drv = pkgs.writeShellScriptBin "cue-gen-hosts" ''
+            ${pkgs.cue}/bin/cue export \
+              --force \
+              --expression inventory \
+              --out json \
+              --outfile inventory.json \
+              ./internal/hosts/*.cue
+          '';
+        };
       in
       {
-        # `pulumi up` -> nix run .#up:<stack>
-        # `pulumi preview` -> nix run .#plan:<stack>
-        apps = lib.concatMapAttrs
-          (name: value: lib.mapAttrs'
-            (key: val:
-              lib.nameValuePair (name + ":" + key) val
-            )
-            value
-          )
-          pulumiTasks;
+        apps = lib.foldr (a: b: a // b) { } (lib.attrValues targets);
 
-        checks.treefmt = treefmtEval.config.build.check self;
+        checks = {
+          treefmt = treefmtEval.config.build.check self;
+          ansible-lint = pkgs.writeShellScriptBin "ansible-lint" ''
+            ${pkgs.ansible-lint}/bin/ansible-lint ./playbooks/
+          '';
+        };
 
         formatter = treefmtEval.config.build.wrapper;
 

go.mod

@@ -1,3 +1,3 @@
 module infra
 
-go 1.20
+go 1.21.4

internal/hosts/hosts.go

@@ -0,0 +1,7 @@
+/*
+ *  SPDX-FileCopyrightText: 2023 Hoang Nguyen <folliekazetani@protonmail.com>
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ */
+
+package hosts

internal/hosts/inventory.cue

@@ -0,0 +1,9 @@
+// SPDX-FileCopyrightText: 2023 Hoang Nguyen <folliekazetani@protonmail.com>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package hosts
+
+// Common variables
+_user: "follie"
+_port: 22

internal/hosts/schema.cue

@@ -0,0 +1,39 @@
+// SPDX-FileCopyrightText: 2023 Hoang Nguyen <folliekazetani@protonmail.com>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package hosts
+
+// NOTE: allow only Ansible's inventory parameters (custom variables can be defined in group_vars or host_vars files)
+// Ref: https://docs.ansible.com/ansible/latest/inventory_guide/intro_inventory.html#connecting-to-hosts-behavioral-inventory-parameters
+#Params: [
+	"ansible_connection" |
+	"ansible_host" |
+	"ansible_port" |
+	"ansible_user" |
+	"ansible_password" |
+	"ansible_ssh_private_key_file" |
+	"ansible_ssh_common_args" |
+	"ansible_sftp_extra_args" |
+	"ansible_scp_extra_args" |
+	"ansible_ssh_extra_args" |
+	"ansible_ssh_pipelining" |
+	"ansible_ssh_executable" |
+	"ansible_become" |
+	"ansible_become_method" |
+	"ansible_become_user" |
+	"ansible_become_password" |
+	"ansible_become_exe" |
+	"ansible_become_flags" |
+	"ansible_shell_type" |
+	=~"^ansible_[a-z]+_interpreter$" |
+	"ansible_shell_executable",
+]: string | int
+
+#Group: close({
+	hosts: [string]: #Params
+	vars?: #Params
+	children?: [...string]
+})
+
+inventory: [string]: #Group

treefmt.nix

@@ -4,9 +4,8 @@
  *  SPDX-License-Identifier: Apache-2.0
  */
 
-{ pkgs, ... }:
-{
-  projectRootFile = ".git/config";
+_: {
+  projectRootFile = "flake.nix";
 
   # List of formatters: https://github.com/numtide/treefmt-nix/tree/main/programs
   programs = builtins.listToAttrs (
@@ -16,7 +15,8 @@
         value.enable = true;
       })
       [
-        "gofumpt"
+        "cue"
+        # "golangci-lint"
         "nixpkgs-fmt"
         "shellcheck"
         "shfmt"
@@ -24,14 +24,4 @@
         "taplo"
       ]
   );
-
-  settings.formatter.golangci-lint = {
-    command = with pkgs; writeShellApplication {
-      name = "golangci";
-      runtimeInputs = [ go golangci-lint ];
-      text = "golangci-lint run";
-    };
-    options = [ "run" ];
-    includes = [ ".golangci.yml" "*.go" ];
-  };
 }