Merge pull request '[deploy-opentofu]' (#271) from fenix-admin into dev

Reviewed-on: fenix-gitea-admin/iac-opentofu-private#271

.gitea/workflows/ci-test.yaml

@@ -6,7 +6,7 @@ on:
   workflow_dispatch:
 
 jobs:
-  hello:
+  hello: 
     #precisa da imagem costum do opentofu
     runs-on: [ fenix-opentofu ]
     env:
@@ -61,6 +61,8 @@ jobs:
       - name: Install dante-server
         run: |
           apt-get install -y dante-server
+          apt install -y openssl libssl-dev curl jq
+          npm install -g @bitwarden/cli
 
 
       - name: Configure dante-server
@@ -85,12 +87,13 @@ jobs:
 
 
       - name: vaultwarden urls as secrets
-        working-directory: 
         run: |
           bw config server $VAULTWARDEN_LINK
           bw login --apikey
           BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
-          
+          echo ""
+          echo "$BW_SESSION"
+          echo "getting item"
           bw get item "iac.proxmox.ssh.link"  --session "$BW_SESSION"  | jq -r '.notes' > "proxmox-ssh-link.txt"
 
       - name: Start cloudflared Access TCP -> SOCKS5 (background)
@@ -131,7 +134,7 @@ jobs:
         run: |
           pkill danted || true
           danted -f /etc/danted.conf -D > dante.log 2>&1 &
-          sleep 3
+          sleep 3 
           cat dante.log
           
 
@@ -139,6 +142,7 @@ jobs:
         working-directory: infra/iac
         run: |
           BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
+          echo "$BW_SESSION"
           
           # Ler o arquivo de referência
           for secret in $(jq -c '.secrets[]' secrets/vault-secrets-map.json); do
@@ -156,6 +160,7 @@ jobs:
             elif [ "$type" == "note" ]; then
               echo "note get"
               bw get item "$name"  --session "$BW_SESSION"  | jq -r '.notes' > "$output"
+              cat $output
             fi
           done
 

main.tf

@@ -6,7 +6,7 @@ terraform {
     }   
     bitwarden = {
       source  = "maxlaverse/bitwarden"
-      version = ">= 0.15.0"
+      version = ">= 0.16.0"
     } 
     proxmox = {
       source = "bpg/proxmox"

vaultwarden.tf

@@ -25,10 +25,37 @@ resource "vaultwarden_organization_collection" "vaultwarden-collection-iac" {
   name            = "iac-collection"
 }
 
-
 resource "bitwarden_item_login" "administrative-user" {
   name     = "teste"
   username = "teste"
   password = "teste"
   collection_ids  = [vaultwarden_organization_collection.vaultwarden-collection-iac.id]
-}
+}
+
+
+resource "bitwarden_item_secure_note" "hosts-ini" {
+  name            = "iac.ansible.hosts.ini"
+  notes           = <<EOT
+  ${local.hosts_ini}
+EOT
+  organization_id = vaultwarden_organization.vaultwarden-organization-fenix-iac.id
+  collection_ids  = [vaultwarden_organization_collection.vaultwarden-collection-iac.id]
+  reprompt = true 
+}
+
+locals{
+
+  hosts_ini = <<EOT
+
+[master]
+master ansible_host=${var.proxmox_k8s_vms[0].ip} ansible_user=${var.proxmox_k8s_vms[0].extra_users[0].name} ansible_ssh_pass=${var.proxmox_k8s_vms[0].extra_users[0].password}
+
+[workers]
+%{ for i, vm in var.proxmox_k8s_vms ~}
+%{ if i != 0 }
+worker-${replace(vm.ip, ".", "-")} ansible_host=${vm.ip} ansible_user=${vm.extra_users[0].name} ansible_ssh_pass=${vm.extra_users[0].password}
+%{ endif }  
+%{ endfor }
+
+EOT
+  }