fenix-gitea-admin/iac-opentofu-public
1
0
Fork 0
mirror of https://gitea.fenix-dev.com/fenix-gitea-admin/iac-opentofu-private.git synced 2025-10-27 15:53:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: fenix-gitea-admin:fc2b08a458209289faf6977ad3fcd6cd5154c46f
Branches Tags
fenix-gitea-admin:fenix-admin fenix-gitea-admin:dev fenix-gitea-admin:main fenix-gitea-admin:fenix
fenix-gitea-admin:V01-PROXMOX-VAULTWARDEN
...
compare: fenix-gitea-admin:b5e2fd76a9e257cc888497dd910a5d42e43c8651
Branches Tags
fenix-gitea-admin:dev fenix-gitea-admin:fenix-admin fenix-gitea-admin:main fenix-gitea-admin:fenix
fenix-gitea-admin:V01-PROXMOX-VAULTWARDEN

4 Commits
fc2b08a458 ... b5e2fd76a9

Author SHA1 Message Date
fenix-gitea-admin
b5e2fd76a9 Merge pull request '[deploy-opentofu]' (#247) from fenix-admin into main 
Reviewed-on: fenix-gitea-admin/iac-opentofu-private#247
 2025-09-10 22:01:59 +00:00
fenix-gitea-admin
d04cc7477c [deploy-opentofu] 2025-09-10 22:01:24 +00:00
fenix-gitea-admin
a9213a040c Merge pull request '[deploy-opentofu]' (#246) from fenix-admin into main 
Reviewed-on: fenix-gitea-admin/iac-opentofu-private#246
 2025-09-10 20:36:09 +00:00
fenix-gitea-admin
0b0e3db854 [deploy-opentofu] 2025-09-10 20:35:02 +00:00
1 changed files with 15 additions and 12 deletions
Expand all files Collapse all files

27
.gitea/workflows/ci-test.yaml
View File

@ -17,6 +17,7 @@ jobs:
BW_PASSWORD: ${{ secrets.BW_PASSWORD }} BW_PASSWORD: ${{ secrets.BW_PASSWORD }}
BW_CLIENTID: ${{ secrets.BW_CLIENTID }} BW_CLIENTID: ${{ secrets.BW_CLIENTID }}
BW_CLIENTSECRET: ${{ secrets.BW_CLIENTSECRET }} BW_CLIENTSECRET: ${{ secrets.BW_CLIENTSECRET }}
VAULTWARDEN_LINK: ${{secrets.VAULTWARDEN_LINK }}
steps: steps:
@ -82,16 +83,28 @@ jobs:
} }
EOF EOF
- name: vaultwarden urls as secrets
working-directory:
run: |
bw config server $VAULTWARDEN_LINK
bw login --apikey
BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
bw get item "iac.proxmox-ssh-link" --session "$BW_SESSION" | jq -r '.notes' > "proxmox-ssh-link.txt"
- name: Start cloudflared Access TCP -> SOCKS5 (background) - name: Start cloudflared Access TCP -> SOCKS5 (background)
env: env:
CF_SVC_ID: ${{ secrets.CF_SVC_ID }} CF_SVC_ID: ${{ secrets.CF_SVC_ID }}
CF_SVC_SECRET: ${{ secrets.CF_SVC_SECRET }} CF_SVC_SECRET: ${{ secrets.CF_SVC_SECRET }}
HOSTNAME: "proxmox-ssh.fenix-dev.com"
run: | run: |
Hostname=$(cat proxmox-ssh-link.txt)
# Inicia cloudflared access tcp/ssh com service token e listener socks local # Inicia cloudflared access tcp/ssh com service token e listener socks local
# O binário 'cloudflared' tem variações de flags entre versões; estes flags funcionam nas versões recentes. # O binário 'cloudflared' tem variações de flags entre versões; estes flags funcionam nas versões recentes.
nohup cloudflared access tcp \ nohup cloudflared access tcp \
--hostname "$HOSTNAME" \ --hostname "$Hostname" \
--listener "tcp://127.0.0.1:1081" \ --listener "tcp://127.0.0.1:1081" \
--service-token-id "$CF_SVC_ID" \ --service-token-id "$CF_SVC_ID" \
--service-token-secret "$CF_SVC_SECRET" \ --service-token-secret "$CF_SVC_SECRET" \
@ -122,20 +135,10 @@ jobs:
sleep 3 sleep 3
cat dante.log cat dante.log
#- name: vaultwarden login
# working-directory: infra/iac
# run: |
# bw config server https://vaultwarden.fenix-dev.com
# #BW_SESSION=$(bw login)
# bw login --apikey
# BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
- name: vaultwarden getsecrets - name: vaultwarden getsecrets
working-directory: infra/iac working-directory: infra/iac
run: | run: |
bw config server https://vaultwarden.fenix-dev.com
bw login --apikey
BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw) BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
# Ler o arquivo de referência # Ler o arquivo de referência