fenix-gitea-admin/iac-opentofu-public
1
0
Fork 0
mirror of https://gitea.fenix-dev.com/fenix-gitea-admin/iac-opentofu-private.git synced 2025-10-27 23:57:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: fenix-gitea-admin:V01-PROXMOX-VAULTWARDEN
Branches Tags
fenix-gitea-admin:fenix-admin fenix-gitea-admin:dev fenix-gitea-admin:main fenix-gitea-admin:fenix
fenix-gitea-admin:V01-PROXMOX-VAULTWARDEN
..
compare: fenix-gitea-admin:fenix
Branches Tags
fenix-gitea-admin:dev fenix-gitea-admin:fenix-admin fenix-gitea-admin:main fenix-gitea-admin:fenix
fenix-gitea-admin:V01-PROXMOX-VAULTWARDEN

1 Commits
V01-PROXMO ... fenix

Author SHA1 Message Date
fenix-gitea-admin
946987862e Update documentation/start.txt 2025-08-19 17:47:25 +00:00
5 changed files with 6 additions and 243 deletions
Expand all files Collapse all files

79
.gitea/workflows/ci-test.yaml
View File

@ -33,82 +33,6 @@ jobs:
token: ${{ secrets.GGITEA_TOKEN }} token: ${{ secrets.GGITEA_TOKEN }}
path: infra/secrets path: infra/secrets
- name: Install cloudflare prerequisites
run: |
apt-get install -y curl ca-certificates jq openssh-client net-tools iproute2
- name: Install cloudflared
run: |
# pacote .deb oficial - funcionará numa runner Ubuntu x86_64
curl -L -o cloudflared.deb https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
dpkg -i cloudflared.deb
cloudflared --version
- name: Install dante-server
run: |
apt-get install -y dante-server
- name: Configure dante-server
run: |
cat <<EOF | tee /etc/danted.conf
logoutput: stderr
internal: 127.0.0.1 port = 1080
external: lo
method: none
clientmethod: none
client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect disconnect
}
# encaminhar tudo para o listener TCP do cloudflared
socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
command: connect udpassociate bind
log: connect disconnect
}
EOF
- name: Start cloudflared Access TCP -> SOCKS5 (background)
env:
CF_SVC_ID: ${{ secrets.CF_SVC_ID }}
CF_SVC_SECRET: ${{ secrets.CF_SVC_SECRET }}
HOSTNAME: "proxmox-ssh.fenix-dev.com"
run: |
# Inicia cloudflared access tcp/ssh com service token e listener socks local
# O binário 'cloudflared' tem variações de flags entre versões; estes flags funcionam nas versões recentes.
nohup cloudflared access tcp \
--hostname "$HOSTNAME" \
--listener "tcp://127.0.0.1:1081" \
--service-token-id "$CF_SVC_ID" \
--service-token-secret "$CF_SVC_SECRET" \
> cloudflared.log 2>&1 &
# espera a porta do listener estar pronta (timeout 30s)
for i in $(seq 1 30); do
ss -tnl | grep -q ":1081" && break
sleep 1
done
if ! ss -tnl | grep -q ":1081"; then
echo "SOCKS listener not ready after 30s, printing cloudflared.log"
tail -n +1 cloudflared.log
cat cloudflared.log
exit 1
fi
echo "cloudflared socks listener ready at $SOCKS_LISTENER"
sleep 1
# opcional: ver primeiros logs
tail -n 50 cloudflared.log || true
- name: Start dante-server
run: |
pkill danted || true
danted -f /etc/danted.conf -D > dante.log 2>&1 &
sleep 3
cat dante.log
- name: vaultwarden login - name: vaultwarden login
working-directory: infra/iac working-directory: infra/iac
run: | run: |
@ -116,8 +40,7 @@ jobs:
- name: Init OpenTofu - name: Init OpenTofu
working-directory: infra/iac working-directory: infra/iac
run: | run: tofu init
tofu init
- name: Plan - name: Plan
working-directory: infra/iac working-directory: infra/iac

1
documentation/start.txt
View File

@ -5,7 +5,6 @@ https://opentofu.org/docs/intro/ - quick start and explaning who to work in team
https://opentofu.org/docs/intro/ - CICD for opentofu explained https://opentofu.org/docs/intro/ - CICD for opentofu explained
tofu init tofu init
tofu plan --var-file=opentofu-varfile.json tofu plan --var-file=opentofu-varfile.json
yes yes

6
main.tf
View File

@ -11,10 +11,10 @@ terraform {
bitwarden = { bitwarden = {
source = "maxlaverse/bitwarden" source = "maxlaverse/bitwarden"
version = ">= 0.15.0" version = ">= 0.15.0"
} }
proxmox = { proxmox = {
source = "bpg/proxmox" source = "telmate/proxmox"
version = "= 0.75.0" version = "3.0.2-rc03"
} }
} }
backend "consul" { backend "consul" {

134
proxmox.tf
View File

@ -1,133 +1,3 @@
provider "proxmox" { provider "proxmox" {
endpoint = var.proxmox_server pm_api_url = var.proxmox_server
api_token = var.proxmox_apikey }
ssh {
agent = true
username = var.proxmox_username_ssh
socks5_server = var.proxmox_server_ssh
password = var.proxmox_password_ssh
node {
name = "fenix"
address = "127.0.0.1"
port = 1081
}
}
}
resource "proxmox_virtual_environment_download_file" "latest_ubunto_cloud_img" {
content_type = "iso"
datastore_id = "local"
node_name = "fenix"
url = "https://cloud-images.ubuntu.com/jammy/20250725/jammy-server-cloudimg-amd64.img"
file_name = "jammyservercloudimgamd64.img"
}
resource "proxmox_virtual_environment_file" "cloud_init_yaml" {
node_name = "fenix"
datastore_id = "local-snippets"
content_type = "snippets"
source_raw {
file_name = "user-data-cloud-config.yaml"
data = <<-EOF
#cloud-config
users:
- default
- name: testeuser
groups: sudo
shell: /bin/bash
sudo: ALL=(ALL) NOPASSWD:ALL
ssh_pwauth: true
chpasswd:
list: |
testeuser:testepassword
expire: false
package_update: true
packages:
- qemu-guest-agent
- net-tools
- curl
runcmd:
- systemctl enable qemu-guest-agent
- systemctl start qemu-guest-agent
- echo "done" > /tmp/cloud-config.done
EOF
}
}
resource "proxmox_virtual_environment_vm" "proxmox-kubernetes-VM-template" {
depends_on = [proxmox_virtual_environment_download_file.latest_ubunto_cloud_img, proxmox_virtual_environment_file.cloud_init_yaml]
name = "proxmox-kubernetes-VM-template"
node_name = "fenix"
vm_id = 1002
template = true
started = false
agent {
enabled = true
}
tags = ["opentofu", "kubernetes", "fedora"]
machine = "q35"
bios = "seabios"
description = "kubernetes VM Template created via iac"
cpu {
cores = 2
}
memory {
dedicated = 4096
}
# Configuração do disco rígido
disk {
datastore_id = "local-lvm"
interface = "scsi1"
size = 64
}
disk {
datastore_id = "local-lvm"
file_id = proxmox_virtual_environment_download_file.latest_ubunto_cloud_img.id
interface = "scsi0"
file_format = "qcow2"
}
# Configuração da interface de rede
network_device {
bridge = "vmbr0"
model = "virtio"
}
initialization {
ip_config {
ipv4 {
address = "dhcp" # IP estático + máscara de rede
}
}
user_data_file_id = proxmox_virtual_environment_file.cloud_init_yaml.id
}
}
resource "proxmox_virtual_environment_vm" "VM-Kubernetes-01" {
depends_on = [proxmox_virtual_environment_vm.proxmox-kubernetes-VM-template]
name = "VM-Kubernetes-01"
node_name = "fenix"
clone {
vm_id = proxmox_virtual_environment_vm.proxmox-kubernetes-VM-template.id
}
agent {
enabled = true
}
}

29
proxmox.variables.tf
View File

@ -3,32 +3,3 @@ variable "proxmox_server" {
type = string type = string
sensitive = false sensitive = false
} }
variable "proxmox_server_ssh" {
description = "Proxmox server ssh url"
type = string
sensitive = false
}
variable "proxmox_username_ssh" {
description = "Proxmox server ssh username"
type = string
sensitive = false
}
variable "proxmox_password_ssh" {
description = "Proxmox server ssh password"
type = string
sensitive = true
}
variable "proxmox_apikey" {
description = "Proxmox server api key"
type = string
sensitive = true
}
variable "node_name" {
default = "fenix"
}