init do setup

digitalocean/auth.tf

@@ -0,0 +1,4 @@
+
+provider "digitalocean" {
+  token = var.digitalocean_token
+}

digitalocean/common.tf

@@ -0,0 +1,15 @@
+
+# resource "digitalocean_ssh_key" "default" {
+#   name       = "Terraform"
+#   public_key = file("~/.ssh/terraform.pub")
+# }
+
+resource "digitalocean_custom_image" "talos" {
+  # for_each    = { for idx, name in var.regions : name => idx }
+  for_each    = { "ams3" : 0 }
+  name        = "talos"
+  regions     = [each.key]
+  description = "Talos version ${var.talos_version}"
+  url         = "https://github.com/siderolabs/talos/releases/download/${var.talos_version}/digital-ocean-amd64.raw.gz"
+  tags        = var.tags
+}

digitalocean/instances-controlplane.tf

@@ -0,0 +1,24 @@
+
+# resource "digitalocean_droplet" "controlplane" {
+#   count              = lookup(var.controlplane, "count", 0)
+#   location           = element(var.regions, count.index)
+#   name               = "controlplane-${count.index + 1}"
+#   ssh_keys           = [digitalocean_ssh_key.default.fingerprint]
+#   image              = var.image
+#   region             = element(var.regions, count.index)
+#   size               = lookup(var.controlplane, "type", "cpx11")
+#   resize_disk        = false
+#   private_networking = false
+#   backups            = false
+#   ipv6               = true
+#   user_data          = ""
+
+#   lifecycle {
+#     ignore_changes = [
+#       resize_disk,
+#       image,
+#       user_data,
+#       ssh_keys,
+#     ]
+#   }
+# }

digitalocean/network.tf

@@ -0,0 +1,7 @@
+
+resource "digitalocean_vpc" "main" {
+  for_each = { for idx, name in var.regions : name => idx }
+  name     = "main-${each.key}"
+  region   = each.key
+  ip_range = cidrsubnet(var.vpc_main_cidr, 8, each.value)
+}

digitalocean/variables.tf

@@ -0,0 +1,107 @@
+
+variable "digitalocean_token" {
+  description = "The DigitalOcean cloud token (export TF_VAR_hcloud_token=$TOKEN)"
+  type        = string
+  sensitive   = true
+}
+
+variable "regions" {
+  description = "The id of the hezner region (oreder is important)"
+  type        = list(string)
+  default     = ["lon1", "ams3", "fra1"]
+}
+
+variable "kubernetes" {
+  type = map(string)
+  default = {
+    podSubnets     = "10.32.0.0/12,fd40:10:32::/102"
+    serviceSubnets = "10.200.0.0/22,fd40:10:200::/112"
+    nodeSubnets    = "192.168.0.0/16"
+    domain         = "cluster.local"
+    apiDomain      = "api.cluster.local"
+    clusterName    = "talos-k8s-digitalocean"
+    tokenMachine   = ""
+    caMachine      = ""
+    token          = ""
+    ca             = ""
+  }
+}
+
+variable "vpc_main_cidr" {
+  description = "Local subnet rfc1918"
+  type        = string
+  default     = "172.16.0.0/16"
+}
+
+variable "controlplane" {
+  description = "Property of controlplane"
+  type        = map(any)
+  default = {
+    count   = 0,
+    type    = "cpx11"
+    type_lb = "" # lb11, if "" use floating-ip
+  }
+}
+
+variable "instances" {
+  description = "Map of region's properties"
+  type        = map(any)
+  default = {
+    "nbg1" = {
+      web_count    = 0,
+      web_type     = "cx11",
+      worker_count = 0,
+      worker_type  = "cx11",
+    },
+    "fsn1" = {
+      web_count    = 0,
+      web_type     = "cx11",
+      worker_count = 0,
+      worker_type  = "cx11",
+    }
+    "hel1" = {
+      web_count    = 0,
+      web_type     = "cx11",
+      worker_count = 0,
+      worker_type  = "cx11",
+    }
+  }
+}
+
+variable "talos_version" {
+  description = "Tags version"
+  type        = string
+  default     = "v1.2.4"
+}
+
+variable "tags" {
+  description = "Tags of resources"
+  type        = list(string)
+  default     = ["Develop"]
+}
+
+variable "whitelist_admins" {
+  description = "Whitelist for administrators"
+  default     = ["0.0.0.0/0", "::/0"]
+}
+
+variable "whitelist_web" {
+  description = "Whitelist for web (default Cloudflare network)"
+  default = [
+    "173.245.48.0/20",
+    "103.21.244.0/22",
+    "103.22.200.0/22",
+    "103.31.4.0/22",
+    "141.101.64.0/18",
+    "108.162.192.0/18",
+    "190.93.240.0/20",
+    "188.114.96.0/20",
+    "197.234.240.0/22",
+    "198.41.128.0/17",
+    "162.158.0.0/15",
+    "172.64.0.0/13",
+    "131.0.72.0/22",
+    "104.16.0.0/13",
+    "104.24.0.0/14",
+  ]
+}

digitalocean/versions.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    digitalocean = {
+      source  = "digitalocean/digitalocean"
+      version = "2.23.0"
+    }
+  }
+}

system_os/.gitignore

@@ -1 +1,2 @@
 *.raw.xz
+*.raw.gz

system_os/digitalocean/Makefile

@@ -4,3 +4,6 @@ init:
 
 release:
 	packer build -only=release.digitalocean.talos .
+
+develop:
+	packer build -only=develop.digitalocean.talos .

system_os/digitalocean/do.pkr.hcl

@@ -2,7 +2,7 @@
 packer {
   required_plugins {
     digitalocean = {
-      version = ">= 1.0.0"
+      version = ">= 1.0.4"
       source  = "github.com/hashicorp/digitalocean"
     }
   }
@@ -10,14 +10,12 @@ packer {
 
 source "digitalocean" "talos" {
   api_token    = var.do_api_token
-  image        = "debian-10-x64"
+  image        = "debian-11-x64"
   region       = var.do_region
-  size         = "s-1vcpu-1gb"
+  size         = "s-1vcpu-512mb-10gb"
   monitoring   = false
-  rescue       = true
+  # rescue       = true
-
   ipv6         = true
-  private_networking = false
 
   ssh_username = "root"
 
@@ -25,6 +23,7 @@ source "digitalocean" "talos" {
   snapshot_regions = [var.do_region]
 }
 
+# FIXME
 build {
   name    = "release"
   sources = ["source.digitalocean.talos"]
@@ -32,8 +31,24 @@ build {
   provisioner "shell" {
     inline = [
       "apt-get install -y wget",
-      "wget -O /tmp/digital-ocean.tar.gz https://github.com/talos-systems/talos/releases/download/${var.talos_version}/digital-ocean-amd64.tar.gz",
+      "wget -O /tmp/talos.raw.gz https://github.com/talos-systems/talos/releases/download/${var.talos_version}/digital-ocean-amd64.raw.gz",
-      "cd /tmp && tar xzf /tmp/digital-ocean.tar.gz && dd if=/tmp/disk.raw of=/dev/vda",
+      "gzip -d -c /tmp/talos.raw.gz | dd of=/dev/vda && sync",
+    ]
+  }
+}
+
+build {
+  name    = "develop"
+  sources = ["source.digitalocean.talos"]
+
+  provisioner "file" {
+    source      = "digital-ocean-amd64.raw.gz"
+    destination = "/tmp/talos.raw.gz"
+  }
+  provisioner "shell" {
+    inline = [
+      "sync",
+      "gzip -d -c /tmp/talos.raw.gz | dd of=/dev/vda && sync ||:",
     ]
   }
 }

system_os/digitalocean/variables.pkr.hcl

@@ -7,10 +7,10 @@ variable "do_api_token" {
 
 variable "do_region" {
   type      = string
-  default   = "lon1"
+  default   = "ams3"
 }
 
 variable "talos_version" {
   type    = string
-  default = "v1.0.3"
+  default = "v1.2.4"
 }