vm
and configuration using Terraform and Ansible, integrated with secure secretmanagement via Vault and SOPS.
This generated module was created with dagger init as a starting point for VM-related
operations. It demonstrates key DevOps tasks such as decrypting secrets, applying
Terraform infrastructure changes, generating dynamic Ansible inventories, and
executing Ansible playbooks to configure VMs. The module is designed to be flexible
and extensible to support your infrastructure automation needs.
The primary function Bake orchestrates this workflow, accepting Terraform directories,
encrypted files, Vault credentials, and Ansible parameters as inputs. It optionally
decrypts SOPS-encrypted configuration files before applying Terraform operations,
then parses Terraform outputs to generate inventory files for Ansible. It supports
multiple inventory types and allows you to specify Ansible playbooks and credentials.
This module can be invoked from the Dagger CLI or programmatically via the SDK,
making it suitable for integrating into CI/CD pipelines, GitOps workflows, or
custom operator/controller logic.
Future enhancements planned include:
- Rendering manifests or configs to branches/PRs for GitOps-style deployments
- Seamless integration with SOPS for secret management and decryption
- Advanced Terraform execution and output parsing features
- Enhanced Ansible inventory generation and execution customization
- VM testing and validation steps post-provisioning
- Automated merge requests/PR handling post-deployment
This documentation serves both as a high-level overview and a detailed guide
to the module’s capabilities and intended use cases.
Installation
dagger install github.com/stuttgart-things/blueprints/vm@v1.12.0Entrypoint
Return Type
VmExample
dagger -m github.com/stuttgart-things/blueprints/vm@cb8e3d7e584f8e6487cb2089f8d71c8c0bb512d9 call \
func (m *MyModule) Example() *dagger.Vm {
return dag.
Vm()
}@function
def example() -> dagger.Vm:
return (
dag.vm()
)@func()
example(): Vm {
return dag
.vm()
}Types
Vm 🔗
baseImage() 🔗
Return Type
String !Example
dagger -m github.com/stuttgart-things/blueprints/vm@cb8e3d7e584f8e6487cb2089f8d71c8c0bb512d9 call \
base-imagefunc (m *MyModule) Example(ctx context.Context) string {
return dag.
Vm().
BaseImage(ctx)
}@function
async def example() -> str:
return await (
dag.vm()
.base_image()
)@func()
async example(): Promise<string> {
return dag
.vm()
.baseImage()
}executeTerraform() 🔗
Return Type
Directory !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| terraformDir | Directory ! | - | No description provided |
| operation | String | "apply" | No description provided |
| variables | String | - | e.g., "cpu=4,ram=4096,storage=100" |
| vaultRoleId | Secret | - | vaultRoleID |
| vaultSecretId | Secret | - | vaultSecretID |
| vaultToken | Secret | - | vaultToken |
Example
dagger -m github.com/stuttgart-things/blueprints/vm@cb8e3d7e584f8e6487cb2089f8d71c8c0bb512d9 call \
execute-terraform --terraform-dir DIR_PATHfunc (m *MyModule) Example(terraformDir *dagger.Directory) *dagger.Directory {
return dag.
Vm().
ExecuteTerraform(terraformDir)
}@function
def example(terraform_dir: dagger.Directory) -> dagger.Directory:
return (
dag.vm()
.execute_terraform(terraform_dir)
)@func()
example(terraformDir: Directory): Directory {
return dag
.vm()
.executeTerraform(terraformDir)
}outputTerraformRun() 🔗
Return Type
String !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| terraformDir | Directory ! | - | No description provided |
Example
dagger -m github.com/stuttgart-things/blueprints/vm@cb8e3d7e584f8e6487cb2089f8d71c8c0bb512d9 call \
output-terraform-run --terraform-dir DIR_PATHfunc (m *MyModule) Example(ctx context.Context, terraformDir *dagger.Directory) string {
return dag.
Vm().
OutputTerraformRun(ctx, terraformDir)
}@function
async def example(terraform_dir: dagger.Directory) -> str:
return await (
dag.vm()
.output_terraform_run(terraform_dir)
)@func()
async example(terraformDir: Directory): Promise<string> {
return dag
.vm()
.outputTerraformRun(terraformDir)
}bakeLocal() 🔗
Return Type
Directory !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| terraformDir | Directory ! | - | No description provided |
| operation | String | "apply" | No description provided |
| variables | String | - | e.g., "cpu=4,ram=4096,storage=100" |
| encryptedFile | File | - | No description provided |
| sopsKey | Secret | - | No description provided |
| vaultRoleId | Secret | - | No description provided |
| vaultSecretId | Secret | - | No description provided |
| vaultToken | Secret | - | vaultToken |
| vaultUrl | Secret | - | No description provided |
| ansibleInventoryTemplate | File | - | No description provided |
| ansiblePlaybooks | String | - | No description provided |
| ansibleRequirementsFile | File | - | No description provided |
| ansibleUser | Secret | - | No description provided |
| ansiblePassword | Secret | - | No description provided |
| ansibleParameters | String | - | No description provided |
| ansibleInventoryType | String | "default" | No description provided |
| ansibleWaitTimeout | Integer | 30 | No description provided |
Example
dagger -m github.com/stuttgart-things/blueprints/vm@cb8e3d7e584f8e6487cb2089f8d71c8c0bb512d9 call \
bake-local --terraform-dir DIR_PATHfunc (m *MyModule) Example(terraformDir *dagger.Directory) *dagger.Directory {
return dag.
Vm().
BakeLocal(terraformDir)
}@function
def example(terraform_dir: dagger.Directory) -> dagger.Directory:
return (
dag.vm()
.bake_local(terraform_dir)
)@func()
example(terraformDir: Directory): Directory {
return dag
.vm()
.bakeLocal(terraformDir)
}bakeFromGit() 🔗
Return Type
Directory !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| gitRepository | String ! | - | Repository to clone from GitHub |
| gitRef | String | "main" | Ref/Branch to checkout - If not specified, defaults to "main" |
| gitToken | Secret | - | Github token for authentication (private repositories) |
Example
dagger -m github.com/stuttgart-things/blueprints/vm@cb8e3d7e584f8e6487cb2089f8d71c8c0bb512d9 call \
bake-from-git --git-repository stringfunc (m *MyModule) Example(gitRepository string) *dagger.Directory {
return dag.
Vm().
BakeFromGit(gitRepository)
}@function
def example(git_repository: str) -> dagger.Directory:
return (
dag.vm()
.bake_from_git(git_repository)
)@func()
example(gitRepository: string): Directory {
return dag
.vm()
.bakeFromGit(gitRepository)
}executeAnsible() 🔗
Return Type
Boolean !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| src | Directory | - | No description provided |
| playbooks | String ! | - | No description provided |
| requirements | File | - | No description provided |
| inventory | File | - | No description provided |
| parameters | String | - | No description provided |
| vaultAppRoleId | Secret | - | No description provided |
| vaultSecretId | Secret | - | No description provided |
| vaultUrl | Secret | - | No description provided |
| sshUser | Secret | - | No description provided |
| sshPassword | Secret | - | No description provided |
Example
dagger -m github.com/stuttgart-things/blueprints/vm@cb8e3d7e584f8e6487cb2089f8d71c8c0bb512d9 call \
execute-ansible --playbooks stringfunc (m *MyModule) Example(ctx context.Context, playbooks string) bool {
return dag.
Vm().
ExecuteAnsible(ctxplaybooks)
}@function
async def example(playbooks: str) -> bool:
return await (
dag.vm()
.execute_ansible(playbooks)
)@func()
async example(playbooks: string): Promise<boolean> {
return dag
.vm()
.executeAnsible(playbooks)
}decryptSops() 🔗
Return Type
String !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| sopsKey | Secret ! | - | No description provided |
| encryptedFile | File ! | - | No description provided |
Example
dagger -m github.com/stuttgart-things/blueprints/vm@cb8e3d7e584f8e6487cb2089f8d71c8c0bb512d9 call \
decrypt-sops --sops-key env:MYSECRET --encrypted-file file:pathfunc (m *MyModule) Example(ctx context.Context, sopsKey *dagger.Secret, encryptedFile *dagger.File) string {
return dag.
Vm().
DecryptSops(ctx, sopsKey, encryptedFile)
}@function
async def example(sops_key: dagger.Secret, encrypted_file: dagger.File) -> str:
return await (
dag.vm()
.decrypt_sops(sops_key, encrypted_file)
)@func()
async example(sopsKey: Secret, encryptedFile: File): Promise<string> {
return dag
.vm()
.decryptSops(sopsKey, encryptedFile)
}