mirror of
https://gitea.fenix-dev.com/fenix-gitea-admin/iac-opentofu-private.git
synced 2025-10-27 15:53:06 +00:00
Compare commits
2 Commits
a7f3b6d7e1
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| 870a07b97e | |||
| 2a61b166b4 |
@ -1,12 +1,12 @@
|
||||
name: IAC
|
||||
|
||||
on:
|
||||
on:
|
||||
push:
|
||||
branches: [ dev ]
|
||||
workflow_dispatch:
|
||||
|
||||
|
||||
jobs:
|
||||
hello:
|
||||
hello:
|
||||
#precisa da imagem costum do opentofu
|
||||
runs-on: [ fenix-opentofu ]
|
||||
env:
|
||||
@ -35,11 +35,6 @@ jobs:
|
||||
run: |
|
||||
apt-get update -y
|
||||
|
||||
- name: Install setup
|
||||
run: |
|
||||
apt install -y curl jq
|
||||
curl -fsSL https://deb.nodesource.com/setup_18.x
|
||||
|
||||
- name: Cloning iac repository
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
@ -65,8 +60,7 @@ jobs:
|
||||
|
||||
- name: Install dante-server
|
||||
run: |
|
||||
apt-get install -y dante-server openssl
|
||||
#libssl1.1
|
||||
apt-get install -y dante-server
|
||||
|
||||
|
||||
- name: Configure dante-server
|
||||
@ -91,17 +85,12 @@ jobs:
|
||||
|
||||
|
||||
- name: vaultwarden urls as secrets
|
||||
working-directory:
|
||||
run: |
|
||||
echo "config"
|
||||
echo "$VAULTWARDEN_LINK"
|
||||
bw config server $VAULTWARDEN_LINK
|
||||
echo "login"
|
||||
bw login --apikey
|
||||
echo "session"
|
||||
BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
|
||||
echo "$BW_SESSION"
|
||||
echo "getting item"
|
||||
bw get item "iac.proxmox.ssh.link" --session "$BW_SESSION"
|
||||
|
||||
bw get item "iac.proxmox.ssh.link" --session "$BW_SESSION" | jq -r '.notes' > "proxmox-ssh-link.txt"
|
||||
|
||||
- name: Start cloudflared Access TCP -> SOCKS5 (background)
|
||||
@ -142,7 +131,7 @@ jobs:
|
||||
run: |
|
||||
pkill danted || true
|
||||
danted -f /etc/danted.conf -D > dante.log 2>&1 &
|
||||
sleep 3
|
||||
sleep 3
|
||||
cat dante.log
|
||||
|
||||
|
||||
@ -150,7 +139,6 @@ jobs:
|
||||
working-directory: infra/iac
|
||||
run: |
|
||||
BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
|
||||
echo "$BW_SESSION"
|
||||
|
||||
# Ler o arquivo de referência
|
||||
for secret in $(jq -c '.secrets[]' secrets/vault-secrets-map.json); do
|
||||
@ -168,7 +156,6 @@ jobs:
|
||||
elif [ "$type" == "note" ]; then
|
||||
echo "note get"
|
||||
bw get item "$name" --session "$BW_SESSION" | jq -r '.notes' > "$output"
|
||||
#cat $output
|
||||
fi
|
||||
done
|
||||
|
||||
|
||||
@ -1,31 +1,23 @@
|
||||
FROM ghcr.io/opentofu/opentofu:1.9-minimal AS tofu
|
||||
|
||||
FROM ubuntu:24.04
|
||||
|
||||
|
||||
# Copy the tofu binary
|
||||
COPY --from=tofu /usr/local/bin/tofu /usr/local/bin/tofu
|
||||
|
||||
|
||||
# Atualizar pacotes e instalar dependências básicas
|
||||
# Install dependencies
|
||||
RUN apt-get update && apt-get install -y \
|
||||
curl \
|
||||
git \
|
||||
curl \
|
||||
nodejs \
|
||||
npm \
|
||||
unzip \
|
||||
jq \
|
||||
gnupg \
|
||||
ca-certificates \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Instalar Node.js 18 via NodeSource
|
||||
RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - && \
|
||||
apt-get install -y nodejs
|
||||
RUN curl -L -o /tmp/bw.zip https://github.com/bitwarden/cli/releases/download/v1.22.1/bw-linux-1.22.1.zip \
|
||||
&& unzip /tmp/bw.zip -d /usr/local/bin \
|
||||
&& chmod +x /usr/local/bin/bw \
|
||||
&& rm /tmp/bw.zip
|
||||
|
||||
# Verificar versões (opcional para debug)
|
||||
RUN node -v && npm -v
|
||||
|
||||
|
||||
|
||||
|
||||
RUN npm install -g @bitwarden/cli
|
||||
|
||||
WORKDIR /workspace
|
||||
@ -5,7 +5,7 @@ https://opentofu.org/docs/intro/ - quick start and explaning who to work in team
|
||||
https://opentofu.org/docs/intro/ - CICD for opentofu explained
|
||||
|
||||
|
||||
|
||||
|
||||
tofu init
|
||||
tofu plan --var-file=opentofu-varfile.json
|
||||
yes
|
||||
|
||||
2
main.tf
2
main.tf
@ -6,7 +6,7 @@ terraform {
|
||||
}
|
||||
bitwarden = {
|
||||
source = "maxlaverse/bitwarden"
|
||||
version = ">= 0.16.0"
|
||||
version = ">= 0.15.0"
|
||||
}
|
||||
proxmox = {
|
||||
source = "bpg/proxmox"
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
#!/usr/bin/env python3
|
||||
from ruamel.yaml import YAML
|
||||
from ruamel.yaml import YAML
|
||||
import sys
|
||||
import json
|
||||
from collections.abc import Mapping
|
||||
|
||||
@ -120,7 +120,7 @@ resource "proxmox_virtual_environment_vm" "proxmox-kubernetes-VM-template" {
|
||||
|
||||
# Configuração da interface de rede
|
||||
network_device {
|
||||
bridge = "vmbr0" # rede de gestão para comunicação com Cluster A
|
||||
bridge = "vmbr0"
|
||||
}
|
||||
|
||||
initialization {
|
||||
@ -132,7 +132,6 @@ initialization {
|
||||
address = "dhcp"
|
||||
}
|
||||
}
|
||||
|
||||
user_data_file_id = proxmox_virtual_environment_file.cloud_init_yaml.id
|
||||
}
|
||||
}
|
||||
|
||||
@ -40,8 +40,6 @@ variable "proxmox_k8s_vms" {
|
||||
vm_id = number
|
||||
node_name = string
|
||||
ip = string
|
||||
ip2 = string
|
||||
ip3 = string
|
||||
cores = optional(number)
|
||||
memory = optional(number)
|
||||
data_store = optional(string)
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
{
|
||||
"secrets": [
|
||||
{
|
||||
"name": "iac.opentofu.consul.secrets",
|
||||
"name": "iac.opentofu.consul.secrets",
|
||||
"type": "note",
|
||||
"output": "../secrets/secrets/consul.secrets.tfvars"
|
||||
},
|
||||
|
||||
@ -16,13 +16,6 @@ resource "vaultwarden_account_register" "vaultwarden-acount-fenix" {
|
||||
password = var.vaultwarden_master_password
|
||||
}
|
||||
|
||||
resource "bitwarden_item_login" "administrative-user" {
|
||||
name = "teste"
|
||||
username = "teste"
|
||||
password = "teste"
|
||||
collection_ids = [vaultwarden_organization_collection.vaultwarden-collection-iac.id]
|
||||
}
|
||||
|
||||
resource "vaultwarden_organization" "vaultwarden-organization-fenix-iac" {
|
||||
name = "fenix-iac"
|
||||
}
|
||||
@ -33,28 +26,9 @@ resource "vaultwarden_organization_collection" "vaultwarden-collection-iac" {
|
||||
}
|
||||
|
||||
|
||||
resource "bitwarden_item_secure_note" "hosts-ini" {
|
||||
name = "iac.ansible.hosts.ini"
|
||||
notes = <<EOT
|
||||
${local.hosts_ini}
|
||||
EOT
|
||||
organization_id = vaultwarden_organization.vaultwarden-organization-fenix-iac.id
|
||||
resource "bitwarden_item_login" "administrative-user" {
|
||||
name = "teste"
|
||||
username = "teste"
|
||||
password = "teste"
|
||||
collection_ids = [vaultwarden_organization_collection.vaultwarden-collection-iac.id]
|
||||
reprompt = true
|
||||
}
|
||||
|
||||
locals{
|
||||
hosts_ini = <<EOT
|
||||
|
||||
[master]
|
||||
master1 ansible_host=${split("/", var.proxmox_k8s_vms[0].ip)[0]} ansible_user=${var.proxmox_k8s_vms[0].extra_users[0].name} ansible_ssh_pass=${var.proxmox_k8s_vms[0].extra_users[0].password} ansible_ssh_common_args='-o StrictHostKeyChecking=no'
|
||||
|
||||
[workers]
|
||||
%{ for i, vm in var.proxmox_k8s_vms ~}
|
||||
%{ if i != 0 }
|
||||
worker-${replace(split("/", vm.ip)[0], ".", "-")} ansible_host=${split("/", vm.ip)[0]} ansible_user=${vm.extra_users[0].name} ansible_ssh_pass=${vm.extra_users[0].password} ansible_ssh_common_args='-o StrictHostKeyChecking=no'
|
||||
%{ endif }
|
||||
%{ endfor }
|
||||
|
||||
EOT
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user