[deploy-opentofu]

2026-05-14 07:25:20 +00:00 · 2026-04-07 21:22:58 +00:00 · 2026-04-07 21:15:45 +00:00 · 2026-04-07 20:52:23 +00:00 · 2025-12-09 19:38:15 +00:00 · 2025-12-09 13:40:55 +00:00
13 changed files with 88 additions and 45 deletions
--- a/.gitea/workflows/ci-test.yaml
+++ b/.gitea/workflows/ci-test.yaml
@ -1,10 +1,10 @@
 name: IAC

-on:
+on: 
  push:
    branches: [ dev ]
  workflow_dispatch:
-
+ 
 jobs:
  hello: 
    #precisa da imagem costum do opentofu
@ -35,6 +35,11 @@ jobs:
        run: |
          apt-get update -y

+      - name: Install setup
+        run: |
+          apt install -y curl jq
+          curl -fsSL https://deb.nodesource.com/setup_18.x
+
      - name: Cloning iac repository
        uses: actions/checkout@v4
        with:
@ -60,9 +65,8 @@ jobs:

      - name: Install dante-server
        run: |
-          apt-get install -y dante-server
-          apt install -y openssl libssl-dev curl jq
-          npm install --force -g @bitwarden/cli 
+          apt-get install -y dante-server openssl 
+          #libssl1.1


      - name: Configure dante-server
@ -88,12 +92,16 @@ jobs:

      - name: vaultwarden urls as secrets
        run: |
+          echo "config"
+          echo "$VAULTWARDEN_LINK"
          bw config server $VAULTWARDEN_LINK
+          echo "login"
          bw login --apikey
+          echo "session"
          BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
-          echo ""
          echo "$BW_SESSION"
          echo "getting item"
+          bw get item "iac.proxmox.ssh.link"  --session "$BW_SESSION"
          bw get item "iac.proxmox.ssh.link"  --session "$BW_SESSION"  | jq -r '.notes' > "proxmox-ssh-link.txt"

      - name: Start cloudflared Access TCP -> SOCKS5 (background)
@ -160,7 +168,7 @@ jobs:
            elif [ "$type" == "note" ]; then
              echo "note get"
              bw get item "$name"  --session "$BW_SESSION"  | jq -r '.notes' > "$output"
-              cat $output
+              #cat $output
            fi
          done

--- a/README.md
+++ b/README.md
@ -1 +1,3 @@
-the most stable branch is main, dev is where tests are made, and the remaining branches are personal and can undergo changes at any time 
+the most stable branch is main, dev is where tests are made, and the remaining branches are personal and can undergo changes at any time 
+
+i had to redo consul
--- a/documentation/Dockerfile
+++ b/documentation/Dockerfile
@ -1,23 +1,31 @@
 FROM ghcr.io/opentofu/opentofu:1.9-minimal AS tofu

 FROM ubuntu:24.04
- 
+
 # Copy the tofu binary
 COPY --from=tofu /usr/local/bin/tofu /usr/local/bin/tofu

-# Install dependencies
+
+# Atualizar pacotes e instalar dependências básicas
 RUN apt-get update && apt-get install -y \
-    git \
    curl \
-    nodejs \
-    npm \
+    git \
    unzip \
+    jq \
+    gnupg \
+    ca-certificates \
    && rm -rf /var/lib/apt/lists/*

-RUN curl -L -o /tmp/bw.zip https://github.com/bitwarden/cli/releases/download/v1.22.1/bw-linux-1.22.1.zip \
-    && unzip /tmp/bw.zip -d /usr/local/bin \
-    && chmod +x /usr/local/bin/bw \
-    && rm /tmp/bw.zip
+# Instalar Node.js 18 via NodeSource
+RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - && \
+    apt-get install -y nodejs

+# Verificar versões (opcional para debug)
+RUN node -v && npm -v
+
+
+
+
+RUN npm install -g @bitwarden/cli

 WORKDIR /workspace
--- a/documentation/start.txt
+++ b/documentation/start.txt
@ -2,10 +2,10 @@ https://spacelift.io/blog/opentofu-tutorial - explaining language of opentofu

 https://opentofu.org/docs/intro/ - quick start and explaning who to work in team

-https://opentofu.org/docs/intro/ - CICD for opentofu explained
+https://opentofu.org/docs/intro/ - CICD for opentofu explained 
 

-
+ 
 tofu init
 tofu plan --var-file=opentofu-varfile.json
 yes
--- a/merge_yaml.py
+++ b/merge_yaml.py
@ -1,5 +1,5 @@
 #!/usr/bin/env python3
-from ruamel.yaml import YAML
+from ruamel.yaml import YAML 
 import sys
 import json
 from collections.abc import Mapping
--- a/proxmox.tf
+++ b/proxmox.tf
@ -19,7 +19,7 @@ resource "proxmox_virtual_environment_download_file" "latest_ubunto_cloud_img" {
  content_type = "iso"
  datastore_id = "local"
  node_name    = "fenix"
-  url = "https://cloud-images.ubuntu.com/jammy/20250725/jammy-server-cloudimg-amd64.img"
+  url = "https://cloud-images.ubuntu.com/jammy/20260218/jammy-server-cloudimg-amd64.img"
  file_name = "jammyservercloudimgamd64.img"
 }

@ -105,6 +105,7 @@ resource "proxmox_virtual_environment_vm" "proxmox-kubernetes-VM-template" {

  cpu {
    cores = 2
+    type = "host"
  }

  memory {
@ -116,13 +117,14 @@ resource "proxmox_virtual_environment_vm" "proxmox-kubernetes-VM-template" {
    file_id      = proxmox_virtual_environment_download_file.latest_ubunto_cloud_img.id
    interface    = "scsi0"
    file_format  = "qcow2"
+    size         = 64
  }

  # Configuração da interface de rede
  network_device {
-    bridge = "vmbr0"
+    bridge = "vmbr0"  # rede de gestão para comunicação com Cluster B
  }
-
+  
 initialization {
    dns {
      servers = ["1.1.1.1"]
@ -132,6 +134,7 @@ initialization {
        address = "dhcp"
      }
    }
+
  user_data_file_id = proxmox_virtual_environment_file.cloud_init_yaml.id
 }
 }
@ -146,10 +149,12 @@ resource "proxmox_virtual_environment_vm" "k8s_vms" {
  
  clone {
    vm_id = proxmox_virtual_environment_vm.proxmox-kubernetes-VM-template.id
+    full = true
  }

  cpu {
    cores = each.value.cores
+    type = "host"
  }

  memory {
@ -162,6 +167,16 @@ resource "proxmox_virtual_environment_vm" "k8s_vms" {
    interface    = "scsi1"
  }

+  # Bloco dinâmico para lista de hostpci
+  dynamic "hostpci" {
+    for_each = try(each.value.hostpci, [])
+    content {
+      device = hostpci.value.device
+      pcie   = try(hostpci.value.pcie, true)
+      mapping = hostpci.value.mapping 
+    }
+  }
+
  initialization {
      ip_config {
        ipv4 {
--- a/proxmox.variables.tf
+++ b/proxmox.variables.tf
@ -40,6 +40,13 @@ variable "proxmox_k8s_vms" {
    vm_id     = number
    node_name  = string
    ip        = string
+    ip2        = string
+    ip3        = string
+    hostpci = optional(list(object({
+      pcie  = bool
+      device = string
+      mapping = string
+    })))
    cores     = optional(number)
    memory    = optional(number)
    data_store = optional(string)
--- a/secrets-output/iac.ansible.hosts.ini
+++ b/secrets-output/iac.ansible.hosts.ini
@ -0,0 +1,13 @@
+  
+[master]
+master1 ansible_host=192.168.1.99 ansible_user=user ansible_ssh_pass=pass ansible_ssh_common_args='-o StrictHostKeyChecking=no'
+
+[workers]
+  
+
+worker-192-168-1-101 ansible_host=192.168.1.101 ansible_user=user ansible_ssh_pass=pass ansible_ssh_common_args='-o StrictHostKeyChecking=no'
+  
+  
+
+
+
--- a/secrets/iac.proxmox.ssh.link
+++ b/secrets/iac.proxmox.ssh.link
@ -0,0 +1 @@
+proxmox-ssh.example.com
--- a/secrets/iac.vaultwarden-link
+++ b/secrets/iac.vaultwarden-link
@ -0,0 +1 @@
+https://vaultwarden.example.com
--- a/secrets/proxmox.secrets.tfvars
+++ b/secrets/proxmox.secrets.tfvars
@ -1,6 +1,6 @@
-proxmox_server   = "proxmox.example.com"
-PM_API_TOKEN_ID  = "tokenid"
-PM_API_TOKEN_SECRET = "tokensecret"
+#proxmox_server   = "proxmox.example.com"
+#PM_API_TOKEN_ID  = "tokenid"
+#PM_API_TOKEN_SECRET = "tokensecret"
 # tokenid is read automatically from PM_API_TOKEN_ID
 # token is read automatically from PM_API_TOKEN_SECRET

@ -20,6 +20,7 @@ proxmox_k8s_vms = [
    vm_id     = 3001
    node_name = "node"
    ip        = "192.168.1.99/24"
+    ip3       = "192.168.1.199/24"
    cores     = 2
    memory    = 2000
    disk_size = 32
@ -33,13 +34,14 @@ proxmox_k8s_vms = [
      }
    ]
    extra_packages = []
-    extra_runcmd   = []
+    extra_runcmd   = ["sudo ip addr add 192.168.1.199/24 dev eth0"]
  },
  {
    name      = "k8s-worker-01"
    vm_id     = 3002
    node_name = "node"
    ip        = "192.168.1.101/24"
+    ip3       = "192.168.1.201/24"
    cores     = 1
    memory    = 2000
    disk_size = 32
@ -53,6 +55,6 @@ proxmox_k8s_vms = [
      }
    ]
    extra_packages = []
-    extra_runcmd   = []
+    extra_runcmd   = ["sudo ip addr add 192.168.1.201/24 dev eth0"]
  },
 ]
--- a/secrets/vault-secrets-map.json
+++ b/secrets/vault-secrets-map.json
@ -1,7 +1,7 @@
 {
  "secrets": [
    { 
-      "name": "iac.opentofu.consul.secrets",
+      "name": "iac.opentofu.consul.secrets", 
      "type": "note",
      "output": "../secrets/secrets/consul.secrets.tfvars"
    },
--- a/vaultwarden.tf
+++ b/vaultwarden.tf
@ -10,12 +10,6 @@ provider "vaultwarden" {
  admin_token     = var.vaultwarden_admin_token
 }

-resource "vaultwarden_account_register" "vaultwarden-acount-fenix" {
-  name     = "fenix"
-  email    = var.vaultwarden_email
-  password = var.vaultwarden_master_password
-}
-
 resource "vaultwarden_organization" "vaultwarden-organization-fenix-iac" {
  name = "fenix-iac"
 }
@ -25,13 +19,6 @@ resource "vaultwarden_organization_collection" "vaultwarden-collection-iac" {
  name            = "iac-collection"
 }

-resource "bitwarden_item_login" "administrative-user" {
-  name     = "teste"
-  username = "teste"
-  password = "teste"
-  collection_ids  = [vaultwarden_organization_collection.vaultwarden-collection-iac.id]
-}
-

 resource "bitwarden_item_secure_note" "hosts-ini" {
  name            = "iac.ansible.hosts.ini"
@ -44,16 +31,15 @@ EOT
 }

 locals{
-
  hosts_ini = <<EOT

 [master]
-master ansible_host=${var.proxmox_k8s_vms[0].ip} ansible_user=${var.proxmox_k8s_vms[0].extra_users[0].name} ansible_ssh_pass=${var.proxmox_k8s_vms[0].extra_users[0].password}
+master1 ansible_host=${split("/", var.proxmox_k8s_vms[0].ip)[0]} ansible_user=${var.proxmox_k8s_vms[0].extra_users[0].name} ansible_ssh_pass=${var.proxmox_k8s_vms[0].extra_users[0].password} ansible_ssh_common_args='-o StrictHostKeyChecking=no'

 [workers]
 %{ for i, vm in var.proxmox_k8s_vms ~}
 %{ if i != 0 }
-worker-${replace(vm.ip, ".", "-")} ansible_host=${vm.ip} ansible_user=${vm.extra_users[0].name} ansible_ssh_pass=${vm.extra_users[0].password}
+worker-${replace(split("/", vm.ip)[0], ".", "-")} ansible_host=${split("/", vm.ip)[0]} ansible_user=${vm.extra_users[0].name} ansible_ssh_pass=${vm.extra_users[0].password} ansible_ssh_common_args='-o StrictHostKeyChecking=no'
 %{ endif }  
 %{ endfor }
Author	SHA1	Message	Date
fenix-gitea-admin	91c89163ab	[deploy-opentofu] [deploy-opentofu]	2026-04-07 21:22:58 +00:00
fenix-gitea-admin	765d969477	[deploy-opentofu] [deploy-opentofu]	2026-04-07 21:15:45 +00:00
fenix-gitea-admin	e09fa70452	consul consul	2026-04-07 20:52:23 +00:00
fenix-gitea-admin	705c5df1f5	[deploy-opentofu] [deploy-opentofu]	2025-12-09 19:38:15 +00:00
fenix-gitea-admin	88de7affda	[deploy-opentofu] [deploy-opentofu]	2025-12-09 13:40:55 +00:00
fenix-gitea-admin	4934c33104	c c	2025-12-08 15:26:32 +00:00
fenix-gitea-admin	d2241e2dfa	Update proxmox.variables.tf	2025-12-08 15:25:54 +00:00
fenix-gitea-admin	6fc1890c1c	[deploy-opentofu] [deploy-opentofu]	2025-12-08 15:18:37 +00:00
fenix-gitea-admin	3e49c091f5	a a	2025-12-08 15:17:35 +00:00
fenix-gitea-admin	39cb2a6c20	[deploy-opentofu] [deploy-opentofu]	2025-12-08 15:05:01 +00:00
fenix-gitea-admin	c11f2e3c25	a a	2025-12-08 15:04:19 +00:00
fenix-gitea-admin	badfc5fa24	[deploy-opentofu] [deploy-opentofu]	2025-12-08 14:42:03 +00:00
fenix-gitea-admin	d3db951dfa	[deploy-opentofu] [deploy-opentofu]	2025-12-08 14:33:59 +00:00
fenix-gitea-admin	7a32716a23	Update proxmox.variables.tf	2025-12-08 14:26:40 +00:00
fenix-gitea-admin	1a8f746bbd	Update proxmox.tf	2025-12-02 14:14:36 +00:00
fenix-gitea-admin	c70b254a84	[deploy-opentofu]	2025-11-07 17:21:29 +00:00
fenix-gitea-admin	fb1f46a27d	Update proxmox.tf	2025-11-05 19:15:36 +00:00
fenix-gitea-admin	3a6706b9bc	Update proxmox.tf	2025-11-05 14:33:56 +00:00
fenix-gitea-admin	a9ad0e9330	[deploy-opentofu]	2025-11-03 22:15:43 +00:00
fenix-gitea-admin	0e904c0366	[deploy-opentofu] [deploy-opentofu]	2025-11-03 20:01:54 +00:00
fenix-gitea-admin	8097582377	[deploy-opentofu]	2025-11-03 19:59:37 +00:00
fenix-gitea-admin	a56cd76a0b	[deploy-opentofu]	2025-10-29 13:02:13 +00:00
fenix-gitea-admin	5559b61530	[deploy-opentofu] [deploy-opentofu]	2025-10-28 20:24:17 +00:00
tomas.limpinho	a4b33a570b	secrets	2025-10-23 08:50:34 +01:00
fenix-gitea-admin	c7c1388112	Add secrets/iac.vaultwarden-link	2025-10-23 07:44:00 +00:00
fenix-gitea-admin	b875d6428b	Add secrets/iac.proxmox.ssh.link	2025-10-23 07:43:24 +00:00
fenix-gitea-admin	e1b0d702c5	Update secrets/proxmox.secrets.tfvars	2025-10-23 07:41:14 +00:00
fenix-gitea-admin	a7f3b6d7e1	[deploy-opentofu] [deploy-opentofu]	2025-10-21 19:25:08 +00:00
fenix-gitea-admin	fcc7c9814a	Update proxmox.tf	2025-10-21 19:24:32 +00:00
fenix-gitea-admin	cc441d8ad8	[deploy-opentofu] [deploy-opentofu]	2025-10-16 09:52:09 +00:00
fenix-gitea-admin	e71295794f	[deploy-opentofu] [deploy-opentofu]	2025-10-16 09:24:35 +00:00
fenix-gitea-admin	7c46db0253	[deploy-opentofu] [deploy-opentofu]	2025-10-15 21:40:03 +00:00
fenix-gitea-admin	218ca3fc2f	[deploy-opentofu] [deploy-opentofu]	2025-10-15 21:32:42 +00:00
fenix-gitea-admin	58d080dadd	a	2025-10-15 21:19:39 +00:00
fenix-gitea-admin	f797aa6d8b	[deploy-opentofu]	2025-10-15 21:19:11 +00:00
fenix-gitea-admin	8b16085acf	[deploy-opentofu]	2025-10-15 13:22:39 +00:00
fenix-gitea-admin	47102e563d	[deploy-opentofu]	2025-10-15 13:17:55 +00:00
fenix-gitea-admin	d9f9620123	[deploy-opentofu]	2025-10-15 12:54:20 +00:00
fenix-gitea-admin	905b749a09	[deploy-opentofu] [deploy-opentofu]	2025-10-15 12:24:17 +00:00
fenix-gitea-admin	992a949b6d	[deploy-opentofu] [deploy-opentofu]	2025-10-15 10:29:20 +00:00
fenix-gitea-admin	387702c3c3	[deploy-opentofu] [deploy-opentofu]	2025-10-15 10:24:21 +00:00
fenix-gitea-admin	1bf18d13a3	[deploy-opentofu] [deploy-opentofu]	2025-10-15 10:07:32 +00:00
fenix-gitea-admin	de1ea64e04	[deploy-opentofu] [deploy-opentofu]	2025-10-15 10:02:47 +00:00
fenix-gitea-admin	9edc3fe55d	[deploy-opentofu] [deploy-opentofu]	2025-10-14 22:01:28 +00:00
fenix-gitea-admin	fd0763593f	Update vaultwarden.tf	2025-10-12 21:41:12 +00:00
fenix-gitea-admin	fc5ae6402f	[deploy-opentofu] [deploy-opentofu]	2025-10-12 17:13:27 +00:00
fenix-gitea-admin	5412e499f2	[deploy-opentofu] [deploy-opentofu]	2025-10-12 17:08:08 +00:00
fenix-gitea-admin	fa25d7073b	[deploy-opentofu]	2025-10-12 17:02:14 +00:00
fenix-gitea-admin	2e81ffcdb1	[deploy-opentofu] [deploy-opentofu]	2025-10-12 16:54:12 +00:00
fenix-gitea-admin	8d7636a925	Update documentation/Dockerfile	2025-10-12 10:51:57 +00:00
fenix-gitea-admin	49c5457547	[deploy-opentofu] [deploy-opentofu]	2025-10-12 09:37:42 +00:00
fenix-gitea-admin	9b00c6d3f4	[deploy-opentofu] [deploy-opentofu]	2025-10-12 09:12:36 +00:00
fenix-gitea-admin	7c1d265e75	[deploy-opentofu] [deploy-opentofu]	2025-10-12 09:08:10 +00:00
fenix-gitea-admin	b6c3b5e80f	[deploy-opentofu] [deploy-opentofu]	2025-10-12 09:03:21 +00:00
fenix-gitea-admin	1f41c3dd53	[deploy-opentofu] [deploy-opentofu]	2025-10-12 08:59:28 +00:00
fenix-gitea-admin	461c145e39	[deploy-opentofu] [deploy-opentofu]	2025-10-11 22:50:06 +00:00
fenix-gitea-admin	aa106310ea	[deploy-opentofu] [deploy-opentofu]	2025-10-11 22:36:45 +00:00
fenix-gitea-admin	3d0a49f4fe	[deploy-opentofu] [deploy-opentofu]	2025-10-11 22:33:46 +00:00
fenix-gitea-admin	f0823e5716	[deploy-opentofu] [deploy-opentofu]	2025-10-11 22:21:47 +00:00
fenix-gitea-admin	3c6731405d	[deploy-opentofu] [deploy-opentofu]	2025-10-11 22:12:30 +00:00
fenix-gitea-admin	0f346a4c73	[deploy-opentofu] [deploy-opentofu]	2025-10-11 22:09:15 +00:00
fenix-gitea-admin	916944a150	[deploy-opentofu] [deploy-opentofu]	2025-10-11 21:51:52 +00:00
fenix-gitea-admin	69150c506f	[deploy-opentofu] [deploy-opentofu]	2025-10-11 21:43:18 +00:00
fenix-gitea-admin	0304eb6927	[deploy-opentofu] [deploy-opentofu]	2025-10-11 21:32:14 +00:00
fenix-gitea-admin	46da80161a	[deploy-opentofu]	2025-10-11 21:22:48 +00:00
fenix-gitea-admin	337f1f573c	[deploy-opentofu] Reviewed-on: fenix-gitea-admin/iac-opentofu-private#276	2025-10-11 21:20:43 +00:00
fenix-gitea-admin	6d3ca1edb3	[deploy-opentofu]	2025-10-11 21:19:21 +00:00
fenix-gitea-admin	d300e27f9e	Merge branch 'fenix-admin' into dev	2025-10-11 21:09:33 +00:00
fenix-gitea-admin	06b3f73d8d	[deploy-opentofu] a	2025-10-11 21:07:22 +00:00
fenix-gitea-admin	be6e459be5	Merge pull request '[deploy-opentofu]' (#274 ) from fenix-admin into dev Reviewed-on: fenix-gitea-admin/iac-opentofu-private#274 Reviewed-by: fenix <tomaslimpinho@gmail.com>	2025-10-02 08:17:51 +00:00
fenix-gitea-admin	9e6e9bd147	[deploy-opentofu]	2025-10-02 08:17:10 +00:00
fenix-gitea-admin	fe60e4d672	Merge pull request '[deploy-opentofu]' (#273 ) from fenix-admin into dev Reviewed-on: fenix-gitea-admin/iac-opentofu-private#273	2025-10-02 07:54:42 +00:00
fenix-gitea-admin	585bda0bd2	[deploy-opentofu]	2025-10-02 07:53:42 +00:00