Merge pull request 'dev' (#257) from dev into main

Reviewed-on: fenix-gitea-admin/iac-opentofu-private#257

.gitea/workflows/ci-test.yaml

@@ -2,7 +2,7 @@ name: IAC
 
 on:
   push:
-    branches: [ main ]
+    branches: [ dev ]
   workflow_dispatch:
 
 jobs:
@@ -17,6 +17,7 @@ jobs:
       BW_PASSWORD: ${{ secrets.BW_PASSWORD }}
       BW_CLIENTID: ${{ secrets.BW_CLIENTID }}
       BW_CLIENTSECRET: ${{ secrets.BW_CLIENTSECRET }}
+      VAULTWARDEN_LINK: ${{secrets.VAULTWARDEN_LINK }}
       
     steps:
 
@@ -82,16 +83,27 @@ jobs:
           }
           EOF
 
+
+      - name: vaultwarden urls as secrets
+        working-directory: 
+        run: |
+          bw config server $VAULTWARDEN_LINK
+          bw login --apikey
+          BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
+          
+          bw get item "iac.proxmox.ssh.link"  --session "$BW_SESSION"  | jq -r '.notes' > "proxmox-ssh-link.txt"
+
       - name: Start cloudflared Access TCP -> SOCKS5 (background)
         env:
           CF_SVC_ID: ${{ secrets.CF_SVC_ID }}
           CF_SVC_SECRET: ${{ secrets.CF_SVC_SECRET }}
-          HOSTNAME: "proxmox-ssh.fenix-dev.com"
         run: |
+          Hostname=$(cat proxmox-ssh-link.txt)
+
           # Inicia cloudflared access tcp/ssh com service token e listener socks local
           # O binário 'cloudflared' tem variações de flags entre versões; estes flags funcionam nas versões recentes.
           nohup cloudflared access tcp \
-            --hostname "$HOSTNAME" \
+            --hostname "$Hostname" \
             --listener "tcp://127.0.0.1:1081" \
             --service-token-id "$CF_SVC_ID" \
             --service-token-secret "$CF_SVC_SECRET" \
@@ -122,20 +134,10 @@ jobs:
           sleep 3
           cat dante.log
           
-      #- name: vaultwarden login
-      #  working-directory: infra/iac
-      #  run: |
-      #    bw config server https://vaultwarden.fenix-dev.com
-      #    #BW_SESSION=$(bw login)
-      #    bw login --apikey
-      #    BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
-          
 
       - name: vaultwarden getsecrets
         working-directory: infra/iac
         run: |
-          bw config server https://vaultwarden.fenix-dev.com
-          bw login --apikey
           BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
           
           # Ler o arquivo de referência

LICENSE

@@ -0,0 +1,18 @@
+MIT License
+
+Copyright (c) 2025 fenix-gitea-admin
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and 
+associated documentation files (the "Software"), to deal in the Software without restriction, including 
+without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 
+copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the 
+following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial 
+portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT 
+LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO 
+EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER 
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE 
+USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -0,0 +1 @@
+the most stable branch is main, dev is where tests are made, and the remaining branches are personal and can undergo changes at any time 

secrets/proxmox.secrets.tfvars

@@ -3,3 +3,56 @@ PM_API_TOKEN_ID  = "tokenid"
 PM_API_TOKEN_SECRET = "tokensecret"
 # tokenid is read automatically from PM_API_TOKEN_ID
 # token is read automatically from PM_API_TOKEN_SECRET
+
+
+
+proxmox_server   = "https://proxmox.example.com:443/api2/json"
+proxmox_apikey   = "user@pam!token=fdjkdslfjdsflkj"
+proxmox_server_ssh = "127.0.0.1:1080"
+proxmox_username_ssh = "user"
+proxmox_password_ssh = "password"
+# tokenid is read automatically from PM_API_TOKEN_ID
+# token is read automatically from PM_API_TOKEN_SECRET
+
+proxmox_k8s_vms = [
+  {
+    name      = "k8s-master-01"
+    vm_id     = 3001
+    node_name = "node"
+    ip        = "192.168.1.99/24"
+    cores     = 2
+    memory    = 2000
+    disk_size = 32
+    data_store = "local-lvm"
+    gateway = "192.168.1.1"
+    extra_users = [
+      {
+        name  = "user"
+        password  = "pass"
+        groups = ["sudo"]
+      }
+    ]
+    extra_packages = []
+    extra_runcmd   = []
+  },
+  {
+    name      = "k8s-worker-01"
+    vm_id     = 3002
+    node_name = "node"
+    ip        = "192.168.1.101/24"
+    cores     = 1
+    memory    = 2000
+    disk_size = 32
+    data_store = "local-lvm"
+    gateway = "192.168.1.1"
+    extra_users = [
+      {
+        name  = "user"
+        password  = "pass"
+        groups = ["sudo"]
+      }
+    ]
+    extra_packages = []
+    extra_runcmd   = []
+  },
+]

secrets/vaultwarden.secrets.tfvars

@@ -4,3 +4,5 @@ vaultwarden_master_password = "SuperSecretMasterPassword"
 vaultwarden_admin_token = "tokenadmin"
 vaultwarden_client_id = "clientid"
 vaultwarden_client_secret = "clientsecret" 
+# email is read automatically from BW_EMAIL
+# password is read automatically from BW_PASSWORD