Merge pull request 'dev' (#257) from dev into main

Reviewed-on: fenix-gitea-admin/iac-opentofu-private#257

.gitea/workflows/ci-test.yaml

@@ -6,7 +6,7 @@ on:
   workflow_dispatch:
 
 jobs:
-  hello: 
+  hello:
     #precisa da imagem costum do opentofu
     runs-on: [ fenix-opentofu ]
     env:
@@ -61,8 +61,6 @@ jobs:
       - name: Install dante-server
         run: |
           apt-get install -y dante-server
-          apt install -y openssl libssl-dev curl jq
-          npm install --force -g @bitwarden/cli 
 
 
       - name: Configure dante-server
@@ -87,15 +85,12 @@ jobs:
 
 
       - name: vaultwarden urls as secrets
+        working-directory: 
         run: |
-          echo "config"
           bw config server $VAULTWARDEN_LINK
-          echo "login"
           bw login --apikey
-          echo "session"
           BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
-          echo "$BW_SESSION"
+          
-          echo "getting item"
           bw get item "iac.proxmox.ssh.link"  --session "$BW_SESSION"  | jq -r '.notes' > "proxmox-ssh-link.txt"
 
       - name: Start cloudflared Access TCP -> SOCKS5 (background)
@@ -136,7 +131,7 @@ jobs:
         run: |
           pkill danted || true
           danted -f /etc/danted.conf -D > dante.log 2>&1 &
-          sleep 3 
+          sleep 3
           cat dante.log
           
 
@@ -144,7 +139,6 @@ jobs:
         working-directory: infra/iac
         run: |
           BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
-          echo "$BW_SESSION"
           
           # Ler o arquivo de referência
           for secret in $(jq -c '.secrets[]' secrets/vault-secrets-map.json); do
@@ -162,7 +156,6 @@ jobs:
             elif [ "$type" == "note" ]; then
               echo "note get"
               bw get item "$name"  --session "$BW_SESSION"  | jq -r '.notes' > "$output"
-              cat $output
             fi
           done
 

documentation/start.txt

@@ -5,7 +5,7 @@ https://opentofu.org/docs/intro/ - quick start and explaning who to work in team
 https://opentofu.org/docs/intro/ - CICD for opentofu explained
  
 
- 
+
 tofu init
 tofu plan --var-file=opentofu-varfile.json
 yes

main.tf

@@ -6,7 +6,7 @@ terraform {
     }   
     bitwarden = {
       source  = "maxlaverse/bitwarden"
-      version = ">= 0.16.0"
+      version = ">= 0.15.0"
     } 
     proxmox = {
       source = "bpg/proxmox"

vaultwarden.tf

@@ -25,37 +25,10 @@ resource "vaultwarden_organization_collection" "vaultwarden-collection-iac" {
   name            = "iac-collection"
 }
 
+
 resource "bitwarden_item_login" "administrative-user" {
   name     = "teste"
   username = "teste"
   password = "teste"
   collection_ids  = [vaultwarden_organization_collection.vaultwarden-collection-iac.id]
-}
+}
-
-
-resource "bitwarden_item_secure_note" "hosts-ini" {
-  name            = "iac.ansible.hosts.ini"
-  notes           = <<EOT
-  ${local.hosts_ini}
-EOT
-  organization_id = vaultwarden_organization.vaultwarden-organization-fenix-iac.id
-  collection_ids  = [vaultwarden_organization_collection.vaultwarden-collection-iac.id]
-  reprompt = true 
-}
-
-locals{
-
-  hosts_ini = <<EOT
-
-[master]
-master ansible_host=${var.proxmox_k8s_vms[0].ip} ansible_user=${var.proxmox_k8s_vms[0].extra_users[0].name} ansible_ssh_pass=${var.proxmox_k8s_vms[0].extra_users[0].password}
-
-[workers]
-%{ for i, vm in var.proxmox_k8s_vms ~}
-%{ if i != 0 }
-worker-${replace(vm.ip, ".", "-")} ansible_host=${vm.ip} ansible_user=${vm.extra_users[0].name} ansible_ssh_pass=${vm.extra_users[0].password}
-%{ endif }  
-%{ endfor }
-
-EOT
-  }