Merge pull request 'dev' (#257 ) from dev into main

Reviewed-on: fenix-gitea-admin/iac-opentofu-private#257
Merge pull request 'dev' (#251 ) from dev into main
2025-10-27 07:43:07 +00:00 · 2025-09-11 18:54:13 +00:00 · 2025-09-11 18:41:23 +00:00
6 changed files with 13 additions and 50 deletions
--- a/.gitea/workflows/ci-test.yaml
+++ b/.gitea/workflows/ci-test.yaml
@ -1,12 +1,12 @@
 name: IAC

-on: 
+on:
  push:
    branches: [ dev ]
  workflow_dispatch:
- 
+
 jobs:
-  hello: 
+  hello:
    #precisa da imagem costum do opentofu
    runs-on: [ fenix-opentofu ]
    env:
@ -35,11 +35,6 @@ jobs:
        run: |
          apt-get update -y

-      - name: Install setup
-        run: |
-          apt install -y curl jq
-          curl -fsSL https://deb.nodesource.com/setup_18.x
-
      - name: Cloning iac repository
        uses: actions/checkout@v4
        with:
@ -65,7 +60,7 @@ jobs:

      - name: Install dante-server
        run: |
-          apt-get install -y dante-server openssl libssl1.1
+          apt-get install -y dante-server


      - name: Configure dante-server
@ -90,15 +85,12 @@ jobs:


      - name: vaultwarden urls as secrets
+        working-directory: 
        run: |
-          echo "config"
          bw config server $VAULTWARDEN_LINK
-          echo "login"
          bw login --apikey
-          echo "session"
          BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
-          echo "$BW_SESSION"
-          echo "getting item"
+          
          bw get item "iac.proxmox.ssh.link"  --session "$BW_SESSION"  | jq -r '.notes' > "proxmox-ssh-link.txt"

      - name: Start cloudflared Access TCP -> SOCKS5 (background)
@ -139,7 +131,7 @@ jobs:
        run: |
          pkill danted || true
          danted -f /etc/danted.conf -D > dante.log 2>&1 &
-          sleep 3 
+          sleep 3
          cat dante.log
          

@ -147,7 +139,6 @@ jobs:
        working-directory: infra/iac
        run: |
          BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
-          echo "$BW_SESSION"
          
          # Ler o arquivo de referência
          for secret in $(jq -c '.secrets[]' secrets/vault-secrets-map.json); do
@ -165,7 +156,6 @@ jobs:
            elif [ "$type" == "note" ]; then
              echo "note get"
              bw get item "$name"  --session "$BW_SESSION"  | jq -r '.notes' > "$output"
-              cat $output
            fi
          done

--- a/documentation/Dockerfile
+++ b/documentation/Dockerfile
@ -12,7 +12,7 @@ RUN apt-get update && apt-get install -y \
    nodejs \
    npm \
    unzip \
-    && rm -rf /var/lib/apt/lists/* 
+    && rm -rf /var/lib/apt/lists/*

 RUN curl -L -o /tmp/bw.zip https://github.com/bitwarden/cli/releases/download/v1.22.1/bw-linux-1.22.1.zip \
    && unzip /tmp/bw.zip -d /usr/local/bin \
--- a/documentation/start.txt
+++ b/documentation/start.txt
@ -5,7 +5,7 @@ https://opentofu.org/docs/intro/ - quick start and explaning who to work in team
 https://opentofu.org/docs/intro/ - CICD for opentofu explained
 

- 
+
 tofu init
 tofu plan --var-file=opentofu-varfile.json
 yes
--- a/main.tf
+++ b/main.tf
@ -6,7 +6,7 @@ terraform {
    }   
    bitwarden = {
      source  = "maxlaverse/bitwarden"
-      version = ">= 0.16.0"
+      version = ">= 0.15.0"
    } 
    proxmox = {
      source = "bpg/proxmox"
--- a/secrets/vault-secrets-map.json
+++ b/secrets/vault-secrets-map.json
@ -1,7 +1,7 @@
 {
  "secrets": [
    { 
-      "name": "iac.opentofu.consul.secrets", 
+      "name": "iac.opentofu.consul.secrets",
      "type": "note",
      "output": "../secrets/secrets/consul.secrets.tfvars"
    },
--- a/vaultwarden.tf
+++ b/vaultwarden.tf
@ -25,37 +25,10 @@ resource "vaultwarden_organization_collection" "vaultwarden-collection-iac" {
  name            = "iac-collection"
 }

+
 resource "bitwarden_item_login" "administrative-user" {
  name     = "teste"
  username = "teste"
  password = "teste"
  collection_ids  = [vaultwarden_organization_collection.vaultwarden-collection-iac.id]
-}
-
-
-resource "bitwarden_item_secure_note" "hosts-ini" {
-  name            = "iac.ansible.hosts.ini"
-  notes           = <<EOT
-  ${local.hosts_ini}
-EOT
-  organization_id = vaultwarden_organization.vaultwarden-organization-fenix-iac.id
-  collection_ids  = [vaultwarden_organization_collection.vaultwarden-collection-iac.id]
-  reprompt = true 
-}
-
-locals{
-
-  hosts_ini = <<EOT
-
-[master]
-master ansible_host=${var.proxmox_k8s_vms[0].ip} ansible_user=${var.proxmox_k8s_vms[0].extra_users[0].name} ansible_ssh_pass=${var.proxmox_k8s_vms[0].extra_users[0].password}
-
-[workers]
-%{ for i, vm in var.proxmox_k8s_vms ~}
-%{ if i != 0 }
-worker-${replace(vm.ip, ".", "-")} ansible_host=${vm.ip} ansible_user=${vm.extra_users[0].name} ansible_ssh_pass=${vm.extra_users[0].password}
-%{ endif }  
-%{ endfor }
-
-EOT
-  }
+}
Author	SHA1	Message	Date
fenix-gitea-admin	870a07b97e	Merge pull request 'dev' (#257 ) from dev into main Reviewed-on: fenix-gitea-admin/iac-opentofu-private#257	2025-09-11 18:54:13 +00:00
fenix-gitea-admin	2a61b166b4	Merge pull request 'dev' (#251 ) from dev into main Reviewed-on: fenix-gitea-admin/iac-opentofu-private#251	2025-09-11 18:41:23 +00:00