teste-0

.gitea/workflows/ci-test.yaml

@@ -15,4 +15,13 @@ jobs:
           apt-get update -y
 
       - name: Cloning iac repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v4
+
+      - name: Init OpenTofu
+        run: tofu init
+
+      - name: Plan
+        run: tofu plan -out=tfplan
+
+      - name: Apply
+        run: tofu apply -auto-approve tfplan

documentation/start.txt

@@ -0,0 +1,13 @@
+https://spacelift.io/blog/opentofu-tutorial - explaining language of opentofu
+
+https://opentofu.org/docs/intro/ - quick start and explaning who to work in team
+
+https://opentofu.org/docs/intro/ - CICD for opentofu explained
+
+
+tofu init
+tofu plan --var-file=opentofu-varfile.json
+yes
+
+tofu apply --var-file=opentofu-varfile.json
+yes

main.tf

@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 3.6"
+    }
+    vaultwarden = {
+      source = "ottramst/vaultwarden"
+      version = "0.4.4"
+    }
+  }
+  backend "consul" {
+    address = "consul-server.iac-consul.svc.cluster.local:8500"  # Consul service DNS inside cluster
+    path    = "opentofu/iac-fenix"                        # unique path per project
+    scheme  = "http"                                      # or "https" if you add TLS
+    lock    = true                                        # enable state locking
+  }
+}
+
+provider "random" {}

secrets/consul.secrets.tfvars

@@ -0,0 +1,2 @@
+consul_server   = "consul-server.iac-consul.svc.cluster.local:8500"
+# token is read automatically from CONSUL_HTTP_TOKEN

secrets/vaultwarden.secrets.tfvars

@@ -0,0 +1,4 @@
+vaultwarden_server   = "https://vaultwarden.example.com"
+vaultwarden_email    = "admin@example.com"
+vaultwarden_master_password = "SuperSecretMasterPassword"
+vaultwarden_admin_token = "tokenadmin"

variables/consul.variables.tf

@@ -0,0 +1,5 @@
+variable "consul_server" {
+  description = "consul server URL"
+  type        = string
+  sensitive   = false
+}

variables/vaultwarden.variables.tf

@@ -0,0 +1,23 @@
+variable "vaultwarden_server" {
+  description = "Vaultwarden server URL"
+  type        = string
+  sensitive   = false
+}
+
+variable "vaultwarden_email" {
+  description = "Vaultwarden login email"
+  type        = string
+  sensitive   = true
+}
+
+variable "vaultwarden_master_password" {
+  description = "Vaultwarden master password"
+  type        = string
+  sensitive   = true
+}
+
+variable "vaultwarden_admin_token" {
+  description = "Vaultwarden admin token"
+  type        = string
+  sensitive   = true
+}

vaultwarden.tf

@@ -0,0 +1,12 @@
+provider "vaultwarden" {
+  endpoint        = var.vaultwarden_server
+  email           = var.vaultwarden_email
+  master_password = var.vaultwarden_master_password
+  admin_token     = var.vaultwarden_admin_token
+}
+
+resource "vaultwarden_account_register" "vaultwarden-acount-fenix" {
+  name     = "fenix"
+  email    = var.vaultwarden_email
+  password = var.vaultwarden_master_password
+}