fenix-gitea-admin/iac-opentofu-public
1
0
Fork 0
mirror of https://gitea.fenix-dev.com/fenix-gitea-admin/iac-opentofu-private.git synced 2026-05-14 13:25:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: fenix-gitea-admin:dev
Branches Tags
fenix-gitea-admin:fenix-admin fenix-gitea-admin:dev fenix-gitea-admin:main fenix-gitea-admin:fenix
fenix-gitea-admin:V01-PROXMOX-VAULTWARDEN
..
compare: fenix-gitea-admin:870a07b97e9a03543768c83b1516303778bcf1bd
Branches Tags
fenix-gitea-admin:dev fenix-gitea-admin:fenix-admin fenix-gitea-admin:main fenix-gitea-admin:fenix
fenix-gitea-admin:V01-PROXMOX-VAULTWARDEN

2 Commits
dev ... 870a07b97e

Author SHA1 Message Date
fenix-gitea-admin
870a07b97e Merge pull request 'dev' (#257) from dev into main 
Reviewed-on: fenix-gitea-admin/iac-opentofu-private#257
 2025-09-11 18:54:13 +00:00
fenix-gitea-admin
2a61b166b4 Merge pull request 'dev' (#251) from dev into main 
Reviewed-on: fenix-gitea-admin/iac-opentofu-private#251
 2025-09-11 18:41:23 +00:00
14 changed files with 41 additions and 116 deletions
Expand all files Collapse all files

19
.gitea/workflows/ci-test.yaml
View File

@ -35,11 +35,6 @@ jobs:
run: | run: |
apt-get update -y apt-get update -y
- name: Install setup
run: |
apt install -y curl jq
curl -fsSL https://deb.nodesource.com/setup_18.x
- name: Cloning iac repository - name: Cloning iac repository
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
@ -65,8 +60,7 @@ jobs:
- name: Install dante-server - name: Install dante-server
run: | run: |
apt-get install -y dante-server openssl apt-get install -y dante-server
#libssl1.1
- name: Configure dante-server - name: Configure dante-server
@ -91,17 +85,12 @@ jobs:
- name: vaultwarden urls as secrets - name: vaultwarden urls as secrets
working-directory:
run: | run: |
echo "config"
echo "$VAULTWARDEN_LINK"
bw config server $VAULTWARDEN_LINK bw config server $VAULTWARDEN_LINK
echo "login"
bw login --apikey bw login --apikey
echo "session"
BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw) BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
echo "$BW_SESSION"
echo "getting item"
bw get item "iac.proxmox.ssh.link" --session "$BW_SESSION"
bw get item "iac.proxmox.ssh.link" --session "$BW_SESSION" | jq -r '.notes' > "proxmox-ssh-link.txt" bw get item "iac.proxmox.ssh.link" --session "$BW_SESSION" | jq -r '.notes' > "proxmox-ssh-link.txt"
- name: Start cloudflared Access TCP -> SOCKS5 (background) - name: Start cloudflared Access TCP -> SOCKS5 (background)
@ -150,7 +139,6 @@ jobs:
working-directory: infra/iac working-directory: infra/iac
run: | run: |
BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw) BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
echo "$BW_SESSION"
# Ler o arquivo de referência # Ler o arquivo de referência
for secret in $(jq -c '.secrets[]' secrets/vault-secrets-map.json); do for secret in $(jq -c '.secrets[]' secrets/vault-secrets-map.json); do
@ -168,7 +156,6 @@ jobs:
elif [ "$type" == "note" ]; then elif [ "$type" == "note" ]; then
echo "note get" echo "note get"
bw get item "$name" --session "$BW_SESSION" | jq -r '.notes' > "$output" bw get item "$name" --session "$BW_SESSION" | jq -r '.notes' > "$output"
#cat $output
fi fi
done done

2
README.md
View File

@ -1,3 +1 @@
the most stable branch is main, dev is where tests are made, and the remaining branches are personal and can undergo changes at any time the most stable branch is main, dev is where tests are made, and the remaining branches are personal and can undergo changes at any time
i had to redo consul

24
documentation/Dockerfile
View File

@ -5,27 +5,19 @@ FROM ubuntu:24.04
# Copy the tofu binary # Copy the tofu binary
COPY --from=tofu /usr/local/bin/tofu /usr/local/bin/tofu COPY --from=tofu /usr/local/bin/tofu /usr/local/bin/tofu
# Install dependencies
# Atualizar pacotes e instalar dependências básicas
RUN apt-get update && apt-get install -y \ RUN apt-get update && apt-get install -y \
curl \
git \ git \
curl \
nodejs \
npm \
unzip \ unzip \
jq \
gnupg \
ca-certificates \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
# Instalar Node.js 18 via NodeSource RUN curl -L -o /tmp/bw.zip https://github.com/bitwarden/cli/releases/download/v1.22.1/bw-linux-1.22.1.zip \
RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - && \ && unzip /tmp/bw.zip -d /usr/local/bin \
apt-get install -y nodejs && chmod +x /usr/local/bin/bw \
&& rm /tmp/bw.zip
# Verificar versões (opcional para debug)
RUN node -v && npm -v
RUN npm install -g @bitwarden/cli
WORKDIR /workspace WORKDIR /workspace

2
main.tf
View File

@ -6,7 +6,7 @@ terraform {
} }
bitwarden = { bitwarden = {
source = "maxlaverse/bitwarden" source = "maxlaverse/bitwarden"
version = ">= 0.16.0" version = ">= 0.15.0"
} }
proxmox = { proxmox = {
source = "bpg/proxmox" source = "bpg/proxmox"

19
proxmox.tf
View File

@ -19,7 +19,7 @@ resource "proxmox_virtual_environment_download_file" "latest_ubunto_cloud_img" {
content_type = "iso" content_type = "iso"
datastore_id = "local" datastore_id = "local"
node_name = "fenix" node_name = "fenix"
url = "https://cloud-images.ubuntu.com/jammy/20260218/jammy-server-cloudimg-amd64.img" url = "https://cloud-images.ubuntu.com/jammy/20250725/jammy-server-cloudimg-amd64.img"
file_name = "jammyservercloudimgamd64.img" file_name = "jammyservercloudimgamd64.img"
} }
@ -105,7 +105,6 @@ resource "proxmox_virtual_environment_vm" "proxmox-kubernetes-VM-template" {
cpu { cpu {
cores = 2 cores = 2
type = "host"
} }
memory { memory {
@ -117,12 +116,11 @@ resource "proxmox_virtual_environment_vm" "proxmox-kubernetes-VM-template" {
file_id = proxmox_virtual_environment_download_file.latest_ubunto_cloud_img.id file_id = proxmox_virtual_environment_download_file.latest_ubunto_cloud_img.id
interface = "scsi0" interface = "scsi0"
file_format = "qcow2" file_format = "qcow2"
size = 64
} }
# Configuração da interface de rede # Configuração da interface de rede
network_device { network_device {
bridge = "vmbr0" # rede de gestão para comunicação com Cluster B bridge = "vmbr0"
} }
initialization { initialization {
@ -134,7 +132,6 @@ initialization {
address = "dhcp" address = "dhcp"
} }
} }
user_data_file_id = proxmox_virtual_environment_file.cloud_init_yaml.id user_data_file_id = proxmox_virtual_environment_file.cloud_init_yaml.id
} }
} }
@ -149,12 +146,10 @@ resource "proxmox_virtual_environment_vm" "k8s_vms" {
clone { clone {
vm_id = proxmox_virtual_environment_vm.proxmox-kubernetes-VM-template.id vm_id = proxmox_virtual_environment_vm.proxmox-kubernetes-VM-template.id
full = true
} }
cpu { cpu {
cores = each.value.cores cores = each.value.cores
type = "host"
} }
memory { memory {
@ -167,16 +162,6 @@ resource "proxmox_virtual_environment_vm" "k8s_vms" {
interface = "scsi1" interface = "scsi1"
} }
# Bloco dinâmico para lista de hostpci
dynamic "hostpci" {
for_each = try(each.value.hostpci, [])
content {
device = hostpci.value.device
pcie = try(hostpci.value.pcie, true)
mapping = hostpci.value.mapping
}
}
initialization { initialization {
ip_config { ip_config {
ipv4 { ipv4 {

7
proxmox.variables.tf
View File

@ -40,13 +40,6 @@ variable "proxmox_k8s_vms" {
vm_id = number vm_id = number
node_name = string node_name = string
ip = string ip = string
ip2 = string
ip3 = string
hostpci = optional(list(object({
pcie = bool
device = string
mapping = string
})))
cores = optional(number) cores = optional(number)
memory = optional(number) memory = optional(number)
data_store = optional(string) data_store = optional(string)

13
secrets-output/iac.ansible.hosts.ini
View File

@ -1,13 +0,0 @@
[master]
master1 ansible_host=192.168.1.99 ansible_user=user ansible_ssh_pass=pass ansible_ssh_common_args='-o StrictHostKeyChecking=no'
[workers]
worker-192-168-1-101 ansible_host=192.168.1.101 ansible_user=user ansible_ssh_pass=pass ansible_ssh_common_args='-o StrictHostKeyChecking=no'

1
secrets/iac.proxmox.ssh.link
View File

@ -1 +0,0 @@
proxmox-ssh.example.com

1
secrets/iac.vaultwarden-link
View File

@ -1 +0,0 @@
https://vaultwarden.example.com

12
secrets/proxmox.secrets.tfvars
View File

@ -1,6 +1,6 @@
#proxmox_server = "proxmox.example.com" proxmox_server = "proxmox.example.com"
#PM_API_TOKEN_ID = "tokenid" PM_API_TOKEN_ID = "tokenid"
#PM_API_TOKEN_SECRET = "tokensecret" PM_API_TOKEN_SECRET = "tokensecret"
# tokenid is read automatically from PM_API_TOKEN_ID # tokenid is read automatically from PM_API_TOKEN_ID
# token is read automatically from PM_API_TOKEN_SECRET # token is read automatically from PM_API_TOKEN_SECRET
@ -20,7 +20,6 @@ proxmox_k8s_vms = [
vm_id = 3001 vm_id = 3001
node_name = "node" node_name = "node"
ip = "192.168.1.99/24" ip = "192.168.1.99/24"
ip3 = "192.168.1.199/24"
cores = 2 cores = 2
memory = 2000 memory = 2000
disk_size = 32 disk_size = 32
@ -34,14 +33,13 @@ proxmox_k8s_vms = [
} }
] ]
extra_packages = [] extra_packages = []
extra_runcmd = ["sudo ip addr add 192.168.1.199/24 dev eth0"] extra_runcmd = []
}, },
{ {
name = "k8s-worker-01" name = "k8s-worker-01"
vm_id = 3002 vm_id = 3002
node_name = "node" node_name = "node"
ip = "192.168.1.101/24" ip = "192.168.1.101/24"
ip3 = "192.168.1.201/24"
cores = 1 cores = 1
memory = 2000 memory = 2000
disk_size = 32 disk_size = 32
@ -55,6 +53,6 @@ proxmox_k8s_vms = [
} }
] ]
extra_packages = [] extra_packages = []
extra_runcmd = ["sudo ip addr add 192.168.1.201/24 dev eth0"] extra_runcmd = []
}, },
] ]

33
vaultwarden.tf
View File

@ -10,6 +10,12 @@ provider "vaultwarden" {
admin_token = var.vaultwarden_admin_token admin_token = var.vaultwarden_admin_token
} }
resource "vaultwarden_account_register" "vaultwarden-acount-fenix" {
name = "fenix"
email = var.vaultwarden_email
password = var.vaultwarden_master_password
}
resource "vaultwarden_organization" "vaultwarden-organization-fenix-iac" { resource "vaultwarden_organization" "vaultwarden-organization-fenix-iac" {
name = "fenix-iac" name = "fenix-iac"
} }
@ -20,28 +26,9 @@ resource "vaultwarden_organization_collection" "vaultwarden-collection-iac" {
} }
resource "bitwarden_item_secure_note" "hosts-ini" { resource "bitwarden_item_login" "administrative-user" {
name = "iac.ansible.hosts.ini" name = "teste"
notes = <<EOT username = "teste"
${local.hosts_ini} password = "teste"
EOT
organization_id = vaultwarden_organization.vaultwarden-organization-fenix-iac.id
collection_ids = [vaultwarden_organization_collection.vaultwarden-collection-iac.id] collection_ids = [vaultwarden_organization_collection.vaultwarden-collection-iac.id]
reprompt = true
} }
locals{
hosts_ini = <<EOT
[master]
master1 ansible_host=${split("/", var.proxmox_k8s_vms[0].ip)[0]} ansible_user=${var.proxmox_k8s_vms[0].extra_users[0].name} ansible_ssh_pass=${var.proxmox_k8s_vms[0].extra_users[0].password} ansible_ssh_common_args='-o StrictHostKeyChecking=no'
[workers]
%{ for i, vm in var.proxmox_k8s_vms ~}
%{ if i != 0 }
worker-${replace(split("/", vm.ip)[0], ".", "-")} ansible_host=${split("/", vm.ip)[0]} ansible_user=${vm.extra_users[0].name} ansible_ssh_pass=${vm.extra_users[0].password} ansible_ssh_common_args='-o StrictHostKeyChecking=no'
%{ endif }
%{ endfor }
EOT
}