mirror of
https://gitea.fenix-dev.com/fenix-gitea-admin/iac-opentofu-private.git
synced 2025-10-27 15:53:06 +00:00
Compare commits
2 Commits
a4b33a570b
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| 870a07b97e | |||
| 2a61b166b4 |
@ -35,11 +35,6 @@ jobs:
|
||||
run: |
|
||||
apt-get update -y
|
||||
|
||||
- name: Install setup
|
||||
run: |
|
||||
apt install -y curl jq
|
||||
curl -fsSL https://deb.nodesource.com/setup_18.x
|
||||
|
||||
- name: Cloning iac repository
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
@ -65,8 +60,7 @@ jobs:
|
||||
|
||||
- name: Install dante-server
|
||||
run: |
|
||||
apt-get install -y dante-server openssl
|
||||
#libssl1.1
|
||||
apt-get install -y dante-server
|
||||
|
||||
|
||||
- name: Configure dante-server
|
||||
@ -91,17 +85,12 @@ jobs:
|
||||
|
||||
|
||||
- name: vaultwarden urls as secrets
|
||||
working-directory:
|
||||
run: |
|
||||
echo "config"
|
||||
echo "$VAULTWARDEN_LINK"
|
||||
bw config server $VAULTWARDEN_LINK
|
||||
echo "login"
|
||||
bw login --apikey
|
||||
echo "session"
|
||||
BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
|
||||
echo "$BW_SESSION"
|
||||
echo "getting item"
|
||||
bw get item "iac.proxmox.ssh.link" --session "$BW_SESSION"
|
||||
|
||||
bw get item "iac.proxmox.ssh.link" --session "$BW_SESSION" | jq -r '.notes' > "proxmox-ssh-link.txt"
|
||||
|
||||
- name: Start cloudflared Access TCP -> SOCKS5 (background)
|
||||
@ -150,7 +139,6 @@ jobs:
|
||||
working-directory: infra/iac
|
||||
run: |
|
||||
BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
|
||||
echo "$BW_SESSION"
|
||||
|
||||
# Ler o arquivo de referência
|
||||
for secret in $(jq -c '.secrets[]' secrets/vault-secrets-map.json); do
|
||||
@ -168,7 +156,6 @@ jobs:
|
||||
elif [ "$type" == "note" ]; then
|
||||
echo "note get"
|
||||
bw get item "$name" --session "$BW_SESSION" | jq -r '.notes' > "$output"
|
||||
#cat $output
|
||||
fi
|
||||
done
|
||||
|
||||
|
||||
@ -5,27 +5,19 @@ FROM ubuntu:24.04
|
||||
# Copy the tofu binary
|
||||
COPY --from=tofu /usr/local/bin/tofu /usr/local/bin/tofu
|
||||
|
||||
|
||||
# Atualizar pacotes e instalar dependências básicas
|
||||
# Install dependencies
|
||||
RUN apt-get update && apt-get install -y \
|
||||
curl \
|
||||
git \
|
||||
curl \
|
||||
nodejs \
|
||||
npm \
|
||||
unzip \
|
||||
jq \
|
||||
gnupg \
|
||||
ca-certificates \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Instalar Node.js 18 via NodeSource
|
||||
RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - && \
|
||||
apt-get install -y nodejs
|
||||
RUN curl -L -o /tmp/bw.zip https://github.com/bitwarden/cli/releases/download/v1.22.1/bw-linux-1.22.1.zip \
|
||||
&& unzip /tmp/bw.zip -d /usr/local/bin \
|
||||
&& chmod +x /usr/local/bin/bw \
|
||||
&& rm /tmp/bw.zip
|
||||
|
||||
# Verificar versões (opcional para debug)
|
||||
RUN node -v && npm -v
|
||||
|
||||
|
||||
|
||||
|
||||
RUN npm install -g @bitwarden/cli
|
||||
|
||||
WORKDIR /workspace
|
||||
2
main.tf
2
main.tf
@ -6,7 +6,7 @@ terraform {
|
||||
}
|
||||
bitwarden = {
|
||||
source = "maxlaverse/bitwarden"
|
||||
version = ">= 0.16.0"
|
||||
version = ">= 0.15.0"
|
||||
}
|
||||
proxmox = {
|
||||
source = "bpg/proxmox"
|
||||
|
||||
@ -120,7 +120,7 @@ resource "proxmox_virtual_environment_vm" "proxmox-kubernetes-VM-template" {
|
||||
|
||||
# Configuração da interface de rede
|
||||
network_device {
|
||||
bridge = "vmbr0" # rede de gestão para comunicação com Cluster A
|
||||
bridge = "vmbr0"
|
||||
}
|
||||
|
||||
initialization {
|
||||
@ -132,7 +132,6 @@ initialization {
|
||||
address = "dhcp"
|
||||
}
|
||||
}
|
||||
|
||||
user_data_file_id = proxmox_virtual_environment_file.cloud_init_yaml.id
|
||||
}
|
||||
}
|
||||
|
||||
@ -40,8 +40,6 @@ variable "proxmox_k8s_vms" {
|
||||
vm_id = number
|
||||
node_name = string
|
||||
ip = string
|
||||
ip2 = string
|
||||
ip3 = string
|
||||
cores = optional(number)
|
||||
memory = optional(number)
|
||||
data_store = optional(string)
|
||||
|
||||
@ -1,13 +0,0 @@
|
||||
|
||||
[master]
|
||||
master1 ansible_host=192.168.1.99 ansible_user=user ansible_ssh_pass=pass ansible_ssh_common_args='-o StrictHostKeyChecking=no'
|
||||
|
||||
[workers]
|
||||
|
||||
|
||||
worker-192-168-1-101 ansible_host=192.168.1.101 ansible_user=user ansible_ssh_pass=pass ansible_ssh_common_args='-o StrictHostKeyChecking=no'
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
@ -1 +0,0 @@
|
||||
proxmox-ssh.example.com
|
||||
@ -1 +0,0 @@
|
||||
https://vaultwarden.example.com
|
||||
@ -1,6 +1,6 @@
|
||||
#proxmox_server = "proxmox.example.com"
|
||||
#PM_API_TOKEN_ID = "tokenid"
|
||||
#PM_API_TOKEN_SECRET = "tokensecret"
|
||||
proxmox_server = "proxmox.example.com"
|
||||
PM_API_TOKEN_ID = "tokenid"
|
||||
PM_API_TOKEN_SECRET = "tokensecret"
|
||||
# tokenid is read automatically from PM_API_TOKEN_ID
|
||||
# token is read automatically from PM_API_TOKEN_SECRET
|
||||
|
||||
@ -20,7 +20,6 @@ proxmox_k8s_vms = [
|
||||
vm_id = 3001
|
||||
node_name = "node"
|
||||
ip = "192.168.1.99/24"
|
||||
ip3 = "192.168.1.199/24"
|
||||
cores = 2
|
||||
memory = 2000
|
||||
disk_size = 32
|
||||
@ -34,14 +33,13 @@ proxmox_k8s_vms = [
|
||||
}
|
||||
]
|
||||
extra_packages = []
|
||||
extra_runcmd = ["sudo ip addr add 192.168.1.199/24 dev eth0"]
|
||||
extra_runcmd = []
|
||||
},
|
||||
{
|
||||
name = "k8s-worker-01"
|
||||
vm_id = 3002
|
||||
node_name = "node"
|
||||
ip = "192.168.1.101/24"
|
||||
ip3 = "192.168.1.201/24"
|
||||
cores = 1
|
||||
memory = 2000
|
||||
disk_size = 32
|
||||
@ -55,6 +53,6 @@ proxmox_k8s_vms = [
|
||||
}
|
||||
]
|
||||
extra_packages = []
|
||||
extra_runcmd = ["sudo ip addr add 192.168.1.201/24 dev eth0"]
|
||||
extra_runcmd = []
|
||||
},
|
||||
]
|
||||
@ -16,13 +16,6 @@ resource "vaultwarden_account_register" "vaultwarden-acount-fenix" {
|
||||
password = var.vaultwarden_master_password
|
||||
}
|
||||
|
||||
resource "bitwarden_item_login" "administrative-user" {
|
||||
name = "teste"
|
||||
username = "teste"
|
||||
password = "teste"
|
||||
collection_ids = [vaultwarden_organization_collection.vaultwarden-collection-iac.id]
|
||||
}
|
||||
|
||||
resource "vaultwarden_organization" "vaultwarden-organization-fenix-iac" {
|
||||
name = "fenix-iac"
|
||||
}
|
||||
@ -33,28 +26,9 @@ resource "vaultwarden_organization_collection" "vaultwarden-collection-iac" {
|
||||
}
|
||||
|
||||
|
||||
resource "bitwarden_item_secure_note" "hosts-ini" {
|
||||
name = "iac.ansible.hosts.ini"
|
||||
notes = <<EOT
|
||||
${local.hosts_ini}
|
||||
EOT
|
||||
organization_id = vaultwarden_organization.vaultwarden-organization-fenix-iac.id
|
||||
resource "bitwarden_item_login" "administrative-user" {
|
||||
name = "teste"
|
||||
username = "teste"
|
||||
password = "teste"
|
||||
collection_ids = [vaultwarden_organization_collection.vaultwarden-collection-iac.id]
|
||||
reprompt = true
|
||||
}
|
||||
|
||||
locals{
|
||||
hosts_ini = <<EOT
|
||||
|
||||
[master]
|
||||
master1 ansible_host=${split("/", var.proxmox_k8s_vms[0].ip)[0]} ansible_user=${var.proxmox_k8s_vms[0].extra_users[0].name} ansible_ssh_pass=${var.proxmox_k8s_vms[0].extra_users[0].password} ansible_ssh_common_args='-o StrictHostKeyChecking=no'
|
||||
|
||||
[workers]
|
||||
%{ for i, vm in var.proxmox_k8s_vms ~}
|
||||
%{ if i != 0 }
|
||||
worker-${replace(split("/", vm.ip)[0], ".", "-")} ansible_host=${split("/", vm.ip)[0]} ansible_user=${vm.extra_users[0].name} ansible_ssh_pass=${vm.extra_users[0].password} ansible_ssh_common_args='-o StrictHostKeyChecking=no'
|
||||
%{ endif }
|
||||
%{ endfor }
|
||||
|
||||
EOT
|
||||
}
|
||||
Reference in New Issue
Block a user