From 0b0e3db85420b3395794f8f202e5bb7b467a2259 Mon Sep 17 00:00:00 2001
From: fenix-gitea-admin <danieldanieldanielg2@gmail.com>
Date: Wed, 10 Sep 2025 20:35:02 +0000
Subject: [PATCH] [deploy-opentofu]

---
 .gitea/workflows/ci-test.yaml | 27 ++++++++++++++++-----------
 1 file changed, 16 insertions(+), 11 deletions(-)

diff --git a/.gitea/workflows/ci-test.yaml b/.gitea/workflows/ci-test.yaml
index 996d193..b7888a6 100644
--- a/.gitea/workflows/ci-test.yaml
+++ b/.gitea/workflows/ci-test.yaml
@@ -17,6 +17,7 @@ jobs:
       BW_PASSWORD: ${{ secrets.BW_PASSWORD }}
       BW_CLIENTID: ${{ secrets.BW_CLIENTID }}
       BW_CLIENTSECRET: ${{ secrets.BW_CLIENTSECRET }}
+      VAULTWARDEN_LINK: ${{secrets.VAULTWARDEN_LINK }}
       
     steps:
 
@@ -82,16 +83,28 @@ jobs:
           }
           EOF
 
+
+      - name: vaultwarden urls as secrets
+        working-directory: 
+        run: |
+          bw config server $VAULTWARDEN_LINK
+          bw login --apikey
+          BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
+          
+          bw get item "iac.proxmox-ssh-link"  --session "$BW_SESSION"  | jq -r '.notes' > "proxmox-ssh-link.txt"
+
+
       - name: Start cloudflared Access TCP -> SOCKS5 (background)
         env:
           CF_SVC_ID: ${{ secrets.CF_SVC_ID }}
           CF_SVC_SECRET: ${{ secrets.CF_SVC_SECRET }}
-          HOSTNAME: "proxmox-ssh.fenix-dev.com"
         run: |
+          Hostname=$(cat proxmox-ssh-link.txt)
+
           # Inicia cloudflared access tcp/ssh com service token e listener socks local
           # O binário 'cloudflared' tem variações de flags entre versões; estes flags funcionam nas versões recentes.
           nohup cloudflared access tcp \
-            --hostname "$HOSTNAME" \
+            --hostname "$Hostname" \
             --listener "tcp://127.0.0.1:1081" \
             --service-token-id "$CF_SVC_ID" \
             --service-token-secret "$CF_SVC_SECRET" \
@@ -122,19 +135,11 @@ jobs:
           sleep 3
           cat dante.log
           
-      #- name: vaultwarden login
-      #  working-directory: infra/iac
-      #  run: |
-      #    bw config server https://vaultwarden.fenix-dev.com
-      #    #BW_SESSION=$(bw login)
-      #    bw login --apikey
-      #    BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
-          
 
       - name: vaultwarden getsecrets
         working-directory: infra/iac
         run: |
-          bw config server https://vaultwarden.fenix-dev.com
+          bw config server $VAULTWARDEN_LINK
           bw login --apikey
           BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)