refactor!: remove AAP; add boot_disk_size; bundle opencode config (#2)

## Summary

- **BREAKING:** Removes the Ansible Automation Platform (AAP)
integration entirely (provider, all aap_* resources/data, and the dead
`private_ip_addr` / `proxyhost` variables that only fed the AAP host
block). Callers configuring VMs via Ansible should now drive it from
outside this module (e.g. cloud-init).
- Adds a new `boot_disk_size` variable that sets
`libvirt_volume.boot.capacity` in bytes so callers can grow the boot
disk beyond the source image's natural size — needed for Talos's small
nocloud qcow2.
- Bundles the previously-staged repo-local opencode config (the prior
commit on this branch).

## Test plan

- [x] Pre-commit hooks pass (terraform_validate, tflint, terraform_fmt,
terraform_docs, end-of-file-fixer all green locally; checkov has
soft-fail and runs in CI's container)
- [x] CI `make test` passes
- [x] Caller (`tfroot-libvirt`) plans cleanly after AAP arguments are
removed and the new k3s/talos modules are wired up

## Migration notes

Any caller passing the following arguments must drop them:

`enable_aap`, `aap_org_name`, `aap_inventory_name`,
`aap_job_template_name`, `private_ip_addr`, `proxyhost`

---------

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: xnoto

.github/workflows/ci.yml

@@ -13,9 +13,9 @@ permissions:
 jobs:
   test:
     name: Pre-commit Tests
-    runs-on: arc-dind
+    runs-on: ubuntu-latest
     container:
-      image: ghcr.io/makeitworkcloud/runner:latest
+      image: ghcr.io/makeitworkcloud/tfroot-runner:latest
     steps:
       - name: Checkout
         uses: actions/checkout@v4

README.md

@@ -31,14 +31,12 @@ module "vm" {
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
-| <a name="requirement_aap"></a> [aap](#requirement\_aap) | ~> 1.4.0 |
 | <a name="requirement_libvirt"></a> [libvirt](#requirement\_libvirt) | ~> 0.9.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aap"></a> [aap](#provider\_aap) | ~> 1.4.0 |
 | <a name="provider_libvirt"></a> [libvirt](#provider\_libvirt) | ~> 0.9.0 |
 
 ## Modules
@@ -49,24 +47,17 @@ No modules.
 
 | Name | Type |
 |------|------|
-| aap_host.host | resource |
-| aap_job.job | resource |
 | [libvirt_cloudinit_disk.commoninit](https://registry.terraform.io/providers/dmacvicar/libvirt/latest/docs/resources/cloudinit_disk) | resource |
 | [libvirt_domain.vm](https://registry.terraform.io/providers/dmacvicar/libvirt/latest/docs/resources/domain) | resource |
 | [libvirt_volume.boot](https://registry.terraform.io/providers/dmacvicar/libvirt/latest/docs/resources/volume) | resource |
 | [libvirt_volume.cloudinit](https://registry.terraform.io/providers/dmacvicar/libvirt/latest/docs/resources/volume) | resource |
 | [libvirt_volume.extra](https://registry.terraform.io/providers/dmacvicar/libvirt/latest/docs/resources/volume) | resource |
-| aap_inventory.inventory | data source |
-| aap_job_template.job_template | data source |
-| aap_organization.org | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_aap_inventory_name"></a> [aap\_inventory\_name](#input\_aap\_inventory\_name) | Name of the AAP inventory to use. | `string` | `"libvirt-infra"` | no |
-| <a name="input_aap_job_template_name"></a> [aap\_job\_template\_name](#input\_aap\_job\_template\_name) | Name of the AAP job template to run.  If left empty, will default to configure\_<name> | `string` | `""` | no |
-| <a name="input_aap_org_name"></a> [aap\_org\_name](#input\_aap\_org\_name) | Name of the Ansible Automation Platform (AAP) organization. | `string` | `"Default"` | no |
+| <a name="input_boot_disk_size"></a> [boot\_disk\_size](#input\_boot\_disk\_size) | Boot disk virtual size in bytes. Null means use the source image's natural size. | `number` | `null` | no |
 | <a name="input_boot_image_url"></a> [boot\_image\_url](#input\_boot\_image\_url) | URL for the base QCOW2 image used as the boot disk. | `string` | `"https://download.fedoraproject.org/pub/fedora/linux/releases/43/Cloud/x86_64/images/Fedora-Cloud-Base-Generic-43-1.6.x86_64.qcow2"` | no |
 | <a name="input_bridge_name"></a> [bridge\_name](#input\_bridge\_name) | Name of the network bridge for the second network interface. | `string` | `"nm-bridge"` | no |
 | <a name="input_cloudinit_meta_data_template"></a> [cloudinit\_meta\_data\_template](#input\_cloudinit\_meta\_data\_template) | The template content for cloud-init meta-data configuration. | `string` | n/a | yes |
@@ -76,12 +67,9 @@ No modules.
 | <a name="input_cloudinit_user_data_template"></a> [cloudinit\_user\_data\_template](#input\_cloudinit\_user\_data\_template) | The template content for cloud-init user-data configuration. | `string` | n/a | yes |
 | <a name="input_cloudinit_user_data_vars"></a> [cloudinit\_user\_data\_vars](#input\_cloudinit\_user\_data\_vars) | Variable map for the cloud-init user-data template. Set to {} if not used. | `map(string)` | n/a | yes |
 | <a name="input_description"></a> [description](#input\_description) | Description for the libvirt domain (virtual machine). | `string` | `""` | no |
-| <a name="input_enable_aap"></a> [enable\_aap](#input\_enable\_aap) | Whether to provision Ansible Automation Platform (AAP) resources for this domain. | `bool` | `false` | no |
 | <a name="input_extra_volumes"></a> [extra\_volumes](#input\_extra\_volumes) | List of additional volumes to attach to the domain. Each object should contain:<br/>  - name: Name of the volume.<br/>  - size: Size of the volume in bytes.<br/>Example:<br/>[<br/>  {<br/>    name = "runner-var-lib-docker.qcow2"<br/>    size = 107374182400<br/>  }<br/>] | <pre>list(object({<br/>    name = string<br/>    size = number<br/>  }))</pre> | `[]` | no |
 | <a name="input_memory"></a> [memory](#input\_memory) | Amount of memory (in MB) to assign to the domain. | `number` | `2048` | no |
 | <a name="input_name"></a> [name](#input\_name) | The name of the libvirt domain (virtual machine) and related resources. | `string` | n/a | yes |
-| <a name="input_private_ip_addr"></a> [private\_ip\_addr](#input\_private\_ip\_addr) | Private IP address to assign to the VM (used for network config and inventory). | `string` | n/a | yes |
-| <a name="input_proxyhost"></a> [proxyhost](#input\_proxyhost) | Proxy host for SSH connection, used in ansible\_ssh\_common\_args. | `string` | n/a | yes |
 | <a name="input_storage_pool"></a> [storage\_pool](#input\_storage\_pool) | Name of the libvirt storage pool where volumes will be created. | `string` | `"default"` | no |
 | <a name="input_vcpu"></a> [vcpu](#input\_vcpu) | Number of virtual CPUs to assign to the domain. | `number` | `1` | no |
 

main.tf

@@ -1,6 +1,7 @@
 resource "libvirt_volume" "boot" {
-  name = "${var.name}-${substr(sha256(var.boot_image_url), 0, 8)}.qcow2"
-  pool = var.storage_pool
+  name     = "${var.name}-${substr(sha256(var.boot_image_url), 0, 8)}.qcow2"
+  pool     = var.storage_pool
+  capacity = var.boot_disk_size
 
   target = {
     format = {
@@ -165,48 +166,3 @@ resource "libvirt_domain" "vm" {
     ]
   }
 }
-
-data "aap_organization" "org" {
-  count      = var.enable_aap ? 1 : 0
-  name       = var.aap_org_name
-  depends_on = [libvirt_domain.vm]
-}
-
-data "aap_inventory" "inventory" {
-  count             = var.enable_aap ? 1 : 0
-  name              = var.aap_inventory_name
-  organization_name = data.aap_organization.org[0].name
-  depends_on        = [data.aap_organization.org]
-}
-
-resource "aap_host" "host" {
-  count        = var.enable_aap ? 1 : 0
-  name         = var.name
-  description  = var.description
-  inventory_id = data.aap_inventory.inventory[0].id
-  enabled      = true
-  variables = jsonencode({
-    ansible_host            = var.private_ip_addr
-    ansible_ssh_common_args = "-o ProxyCommand=\"ssh -o StrictHostKeyChecking=no -W %h:%p ${var.proxyhost}\""
-  })
-  depends_on = [data.aap_inventory.inventory]
-}
-
-data "aap_job_template" "job_template" {
-  count             = var.enable_aap ? 1 : 0
-  name              = var.aap_job_template_name != "" ? var.aap_job_template_name : "configure_${var.name}"
-  organization_name = data.aap_organization.org[0].name
-  depends_on        = [data.aap_organization.org]
-}
-
-resource "aap_job" "job" {
-  count           = var.enable_aap ? 1 : 0
-  job_template_id = data.aap_job_template.job_template[0].id
-  depends_on      = [aap_host.host, data.aap_job_template.job_template]
-
-  lifecycle {
-    replace_triggered_by = [
-      libvirt_domain.vm
-    ]
-  }
-}

opencode.json

@@ -0,0 +1,36 @@
+{
+  "$schema": "https://opencode.ai/config.json",
+  "mcp": {
+    "agent-hub": {"type": "local", "command": ["npx", "-y", "agent-hub-mcp@latest"], "enabled": true},
+    "context-mode": {"type": "local", "command": ["context-mode"], "enabled": true},
+    "context7": {"type": "remote", "url": "https://mcp.context7.com/mcp", "enabled": true},
+    "github": {"type": "remote", "url": "https://api.githubcopilot.com/mcp/", "enabled": true, "headers": {"Authorization": "Bearer {env:GITHUB_TOKEN}"}},
+    "opentofu-docs": {"type": "local", "command": ["npx", "-y", "@opentofu/opentofu-mcp-server"], "enabled": true},
+    "opencode-docs": {"enabled": false},
+    "aws-docs": {"enabled": false},
+    "kubernetes": {"enabled": false},
+    "tmux": {"enabled": false},
+    "linear": {"enabled": false},
+    "notion": {"enabled": false},
+    "aws-api-staging": {"enabled": false},
+    "aws-api-prod": {"enabled": false},
+    "grafana": {"enabled": false},
+    "terraform-docs": {"enabled": false},
+    "argocd-staging-eks": {"enabled": false},
+    "argocd-prod-eks": {"enabled": false}
+  },
+  "tools": {
+    "opencode-docs_*": false,
+    "aws-docs_*": false,
+    "kubernetes_*": false,
+    "tmux_*": false,
+    "linear_*": false,
+    "notion_*": false,
+    "aws-api-staging_*": false,
+    "aws-api-prod_*": false,
+    "grafana_*": false,
+    "terraform-docs_*": false,
+    "argocd-staging-eks_*": false,
+    "argocd-prod-eks_*": false
+  }
+}

providers.tf

@@ -6,9 +6,5 @@ terraform {
       source  = "dmacvicar/libvirt"
       version = "~> 0.9.0"
     }
-    aap = {
-      source  = "registry.terraform.io/ansible/aap"
-      version = "~> 1.4.0"
-    }
   }
 }

vars.tf

@@ -33,6 +33,12 @@ variable "boot_image_url" {
   default     = "https://download.fedoraproject.org/pub/fedora/linux/releases/43/Cloud/x86_64/images/Fedora-Cloud-Base-Generic-43-1.6.x86_64.qcow2"
 }
 
+variable "boot_disk_size" {
+  description = "Boot disk virtual size in bytes. Null means use the source image's natural size."
+  type        = number
+  default     = null
+}
+
 variable "extra_volumes" {
   description = <<EOF
 List of additional volumes to attach to the domain. Each object should contain:
@@ -88,37 +94,3 @@ variable "cloudinit_network_config_vars" {
   description = "Variable map for the cloud-init network configuration template."
   type        = map(string)
 }
-
-variable "private_ip_addr" {
-  description = "Private IP address to assign to the VM (used for network config and inventory)."
-  type        = string
-}
-
-variable "proxyhost" {
-  description = "Proxy host for SSH connection, used in ansible_ssh_common_args."
-  type        = string
-}
-
-variable "enable_aap" {
-  description = "Whether to provision Ansible Automation Platform (AAP) resources for this domain."
-  type        = bool
-  default     = false
-}
-
-variable "aap_org_name" {
-  description = "Name of the Ansible Automation Platform (AAP) organization."
-  type        = string
-  default     = "Default"
-}
-
-variable "aap_inventory_name" {
-  description = "Name of the AAP inventory to use."
-  type        = string
-  default     = "libvirt-infra"
-}
-
-variable "aap_job_template_name" {
-  description = "Name of the AAP job template to run.  If left empty, will default to configure_<name>"
-  type        = string
-  default     = ""
-}