fenix-gitea-admin/iac-opentofu-public
1
0
Fork 0
mirror of https://gitea.fenix-dev.com/fenix-gitea-admin/iac-opentofu-private.git synced 2025-10-27 15:53:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: fenix-gitea-admin:fc2b08a458209289faf6977ad3fcd6cd5154c46f
Branches Tags
fenix-gitea-admin:fenix-admin fenix-gitea-admin:dev fenix-gitea-admin:main fenix-gitea-admin:fenix
fenix-gitea-admin:V01-PROXMOX-VAULTWARDEN
...
compare: fenix-gitea-admin:fenix-admin
Branches Tags
fenix-gitea-admin:dev fenix-gitea-admin:fenix-admin fenix-gitea-admin:main fenix-gitea-admin:fenix
fenix-gitea-admin:V01-PROXMOX-VAULTWARDEN

94 Commits
fc2b08a458 ... fenix-admi

Author SHA1 Message Date
tomas.limpinho
a4b33a570b secrets 2025-10-23 08:50:34 +01:00
fenix-gitea-admin
c7c1388112 Add secrets/iac.vaultwarden-link 2025-10-23 07:44:00 +00:00
fenix-gitea-admin
b875d6428b Add secrets/iac.proxmox.ssh.link 2025-10-23 07:43:24 +00:00
fenix-gitea-admin
e1b0d702c5 Update secrets/proxmox.secrets.tfvars 2025-10-23 07:41:14 +00:00
fenix-gitea-admin
a7f3b6d7e1 [deploy-opentofu] 
[deploy-opentofu]
 2025-10-21 19:25:08 +00:00
fenix-gitea-admin
fcc7c9814a Update proxmox.tf 2025-10-21 19:24:32 +00:00
fenix-gitea-admin
cc441d8ad8 [deploy-opentofu] 
[deploy-opentofu]
 2025-10-16 09:52:09 +00:00
fenix-gitea-admin
e71295794f [deploy-opentofu] 
[deploy-opentofu]
 2025-10-16 09:24:35 +00:00
fenix-gitea-admin
7c46db0253 [deploy-opentofu] 
[deploy-opentofu]
 2025-10-15 21:40:03 +00:00
fenix-gitea-admin
218ca3fc2f [deploy-opentofu] 
[deploy-opentofu]
 2025-10-15 21:32:42 +00:00
fenix-gitea-admin
58d080dadd a 2025-10-15 21:19:39 +00:00
fenix-gitea-admin
f797aa6d8b [deploy-opentofu] 2025-10-15 21:19:11 +00:00
fenix-gitea-admin
8b16085acf [deploy-opentofu] 2025-10-15 13:22:39 +00:00
fenix-gitea-admin
47102e563d [deploy-opentofu] 2025-10-15 13:17:55 +00:00
fenix-gitea-admin
d9f9620123 [deploy-opentofu] 2025-10-15 12:54:20 +00:00
fenix-gitea-admin
905b749a09 [deploy-opentofu] 
[deploy-opentofu]
 2025-10-15 12:24:17 +00:00
fenix-gitea-admin
992a949b6d [deploy-opentofu] 
[deploy-opentofu]
 2025-10-15 10:29:20 +00:00
fenix-gitea-admin
387702c3c3 [deploy-opentofu] 
[deploy-opentofu]
 2025-10-15 10:24:21 +00:00
fenix-gitea-admin
1bf18d13a3 [deploy-opentofu] 
[deploy-opentofu]
 2025-10-15 10:07:32 +00:00
fenix-gitea-admin
de1ea64e04 [deploy-opentofu] 
[deploy-opentofu]
 2025-10-15 10:02:47 +00:00
fenix-gitea-admin
9edc3fe55d [deploy-opentofu] 
[deploy-opentofu]
 2025-10-14 22:01:28 +00:00
fenix-gitea-admin
fd0763593f Update vaultwarden.tf 2025-10-12 21:41:12 +00:00
fenix-gitea-admin
fc5ae6402f [deploy-opentofu] 
[deploy-opentofu]
 2025-10-12 17:13:27 +00:00
fenix-gitea-admin
5412e499f2 [deploy-opentofu] 
[deploy-opentofu]
 2025-10-12 17:08:08 +00:00
fenix-gitea-admin
fa25d7073b [deploy-opentofu] 2025-10-12 17:02:14 +00:00
fenix-gitea-admin
2e81ffcdb1 [deploy-opentofu] 
[deploy-opentofu]
 2025-10-12 16:54:12 +00:00
fenix-gitea-admin
8d7636a925 Update documentation/Dockerfile 2025-10-12 10:51:57 +00:00
fenix-gitea-admin
49c5457547 [deploy-opentofu] 
[deploy-opentofu]
 2025-10-12 09:37:42 +00:00
fenix-gitea-admin
9b00c6d3f4 [deploy-opentofu] 
[deploy-opentofu]
 2025-10-12 09:12:36 +00:00
fenix-gitea-admin
7c1d265e75 [deploy-opentofu] 
[deploy-opentofu]
 2025-10-12 09:08:10 +00:00
fenix-gitea-admin
b6c3b5e80f [deploy-opentofu] 
[deploy-opentofu]
 2025-10-12 09:03:21 +00:00
fenix-gitea-admin
1f41c3dd53 [deploy-opentofu] 
[deploy-opentofu]
 2025-10-12 08:59:28 +00:00
fenix-gitea-admin
461c145e39 [deploy-opentofu] 
[deploy-opentofu]
 2025-10-11 22:50:06 +00:00
fenix-gitea-admin
aa106310ea [deploy-opentofu] 
[deploy-opentofu]
 2025-10-11 22:36:45 +00:00
fenix-gitea-admin
3d0a49f4fe [deploy-opentofu] 
[deploy-opentofu]
 2025-10-11 22:33:46 +00:00
fenix-gitea-admin
f0823e5716 [deploy-opentofu] 
[deploy-opentofu]
 2025-10-11 22:21:47 +00:00
fenix-gitea-admin
3c6731405d [deploy-opentofu] 
[deploy-opentofu]
 2025-10-11 22:12:30 +00:00
fenix-gitea-admin
0f346a4c73 [deploy-opentofu] 
[deploy-opentofu]
 2025-10-11 22:09:15 +00:00
fenix-gitea-admin
916944a150 [deploy-opentofu] 
[deploy-opentofu]
 2025-10-11 21:51:52 +00:00
fenix-gitea-admin
69150c506f [deploy-opentofu] 
[deploy-opentofu]
 2025-10-11 21:43:18 +00:00
fenix-gitea-admin
0304eb6927 [deploy-opentofu] 
[deploy-opentofu]
 2025-10-11 21:32:14 +00:00
fenix-gitea-admin
46da80161a [deploy-opentofu] 2025-10-11 21:22:48 +00:00
fenix-gitea-admin
337f1f573c [deploy-opentofu] 
Reviewed-on: fenix-gitea-admin/iac-opentofu-private#276
 2025-10-11 21:20:43 +00:00
fenix-gitea-admin
6d3ca1edb3 [deploy-opentofu] 2025-10-11 21:19:21 +00:00
fenix-gitea-admin
d300e27f9e Merge branch 'fenix-admin' into dev 2025-10-11 21:09:33 +00:00
fenix-gitea-admin
06b3f73d8d [deploy-opentofu] 
a
 2025-10-11 21:07:22 +00:00
fenix-gitea-admin
be6e459be5 Merge pull request '[deploy-opentofu]' (#274) from fenix-admin into dev 
Reviewed-on: fenix-gitea-admin/iac-opentofu-private#274
Reviewed-by: fenix <tomaslimpinho@gmail.com>
 2025-10-02 08:17:51 +00:00
fenix-gitea-admin
9e6e9bd147 [deploy-opentofu] 2025-10-02 08:17:10 +00:00
fenix-gitea-admin
fe60e4d672 Merge pull request '[deploy-opentofu]' (#273) from fenix-admin into dev 
Reviewed-on: fenix-gitea-admin/iac-opentofu-private#273
 2025-10-02 07:54:42 +00:00
fenix-gitea-admin
585bda0bd2 [deploy-opentofu] 2025-10-02 07:53:42 +00:00
fenix-gitea-admin
21e645a72c Merge pull request '[deploy-opentofu]' (#272) from fenix-admin into dev 
Reviewed-on: fenix-gitea-admin/iac-opentofu-private#272
 2025-09-21 15:18:33 +00:00
fenix-gitea-admin
9e0efc4f59 [deploy-opentofu] 2025-09-21 15:17:39 +00:00
fenix-gitea-admin
13c30fa900 Merge pull request '[deploy-opentofu]' (#271) from fenix-admin into dev 
Reviewed-on: fenix-gitea-admin/iac-opentofu-private#271
 2025-09-21 11:48:23 +00:00
fenix-gitea-admin
7513e9f600 [deploy-opentofu] 2025-09-21 11:47:39 +00:00
fenix-gitea-admin
4d3492c94a Merge pull request '[deploy-opentofu]' (#270) from fenix-admin into dev 
Reviewed-on: fenix-gitea-admin/iac-opentofu-private#270
 2025-09-21 11:39:03 +00:00
fenix-gitea-admin
c7bf70d14c Update main.tf 2025-09-21 11:38:09 +00:00
fenix-gitea-admin
a045a6593e Merge pull request '[deploy-opentofu]' (#269) from fenix-admin into dev 
Reviewed-on: fenix-gitea-admin/iac-opentofu-private#269
 2025-09-21 11:30:15 +00:00
fenix-gitea-admin
ef49235842 [deploy-opentofu] 2025-09-21 11:29:33 +00:00
fenix-gitea-admin
7ade4e335c Merge pull request '[deploy-opentofu]' (#268) from fenix-admin into dev 
Reviewed-on: fenix-gitea-admin/iac-opentofu-private#268
 2025-09-21 11:17:29 +00:00
fenix-gitea-admin
82faecd162 [deploy-opentofu] 2025-09-21 11:16:26 +00:00
fenix-gitea-admin
250b5ec5a0 Merge pull request '[deploy-opentofu]' (#267) from fenix-admin into dev 
Reviewed-on: fenix-gitea-admin/iac-opentofu-private#267
 2025-09-21 11:13:19 +00:00
fenix-gitea-admin
c6db073f7e [deploy-opentofu] 2025-09-21 11:12:15 +00:00
fenix-gitea-admin
525490ac84 Merge pull request '[deploy-opentofu]' (#266) from fenix-admin into dev 
Reviewed-on: fenix-gitea-admin/iac-opentofu-private#266
 2025-09-21 11:08:00 +00:00
fenix-gitea-admin
97aefe288a [deploy-opentofu] 2025-09-21 11:07:14 +00:00
fenix-gitea-admin
cce724f9d7 Merge pull request '[deploy-opentofu]' (#265) from fenix-admin into dev 
Reviewed-on: fenix-gitea-admin/iac-opentofu-private#265
 2025-09-21 10:56:34 +00:00
fenix-gitea-admin
3cf575d2d1 [deploy-opentofu] 2025-09-21 10:55:50 +00:00
fenix-gitea-admin
e9abf54677 Merge pull request '[deploy-opentofu]' (#264) from fenix-admin into dev 
Reviewed-on: fenix-gitea-admin/iac-opentofu-private#264
 2025-09-21 10:51:59 +00:00
fenix-gitea-admin
04e1cb7c9a [deploy-opentofu] 2025-09-21 10:51:06 +00:00
fenix-gitea-admin
0d510e4941 Merge pull request '[deploy-opentofu]' (#263) from fenix-admin into dev 
Reviewed-on: fenix-gitea-admin/iac-opentofu-private#263
 2025-09-21 10:44:21 +00:00
fenix-gitea-admin
a7ad7a0338 [deploy-opentofu] 2025-09-21 10:43:37 +00:00
fenix-gitea-admin
2ee2d36f16 Merge pull request '[deploy-opentofu]' (#262) from fenix-admin into dev 
Reviewed-on: fenix-gitea-admin/iac-opentofu-private#262
 2025-09-21 10:40:54 +00:00
fenix-gitea-admin
46cc36b013 [deploy-opentofu] 2025-09-21 10:40:11 +00:00
fenix-gitea-admin
16878eec71 Merge pull request 'fenix-admin' (#261) from fenix-admin into dev 
Reviewed-on: fenix-gitea-admin/iac-opentofu-private#261
 2025-09-21 10:38:33 +00:00
fenix-gitea-admin
f45492d630 [deploy-opentofu] 2025-09-21 10:37:49 +00:00
fenix-gitea-admin
a594314bb1 Update .gitea/workflows/ci-test.yaml 2025-09-21 10:37:32 +00:00
fenix-gitea-admin
4e36161371 Merge pull request '[deploy-opentofu]' (#260) from fenix-admin into dev 
Reviewed-on: fenix-gitea-admin/iac-opentofu-private#260
Reviewed-by: fenix <tomaslimpinho@gmail.com>
 2025-09-21 10:34:19 +00:00
fenix-gitea-admin
8ecd94f08c Merge branch 'dev' into fenix-admin 2025-09-21 10:32:28 +00:00
fenix-gitea-admin
67dd8b490c [deploy-opentofu] 2025-09-21 10:30:11 +00:00
fenix-gitea-admin
468a7c0d78 Merge pull request '[deploy-opentofu]' (#259) from fenix-admin into dev 
Reviewed-on: fenix-gitea-admin/iac-opentofu-private#259
 2025-09-21 10:21:12 +00:00
fenix-gitea-admin
035427e956 [deploy-opentofu] 2025-09-21 10:20:22 +00:00
fenix-gitea-admin
27132cf022 Merge pull request '[deploy-opentofu]' (#258) from fenix-admin into dev 
Reviewed-on: fenix-gitea-admin/iac-opentofu-private#258
 2025-09-21 10:09:59 +00:00
fenix-gitea-admin
ce73cf8a9a [deploy-opentofu] 2025-09-21 10:08:15 +00:00
fenix-gitea-admin
9e5efb3a90 Merge pull request 'Update README.md' (#256) from fenix-admin into dev 
Reviewed-on: fenix-gitea-admin/iac-opentofu-private#256
 2025-09-11 18:53:20 +00:00
fenix-gitea-admin
df4b2d1255 Update README.md 2025-09-11 18:50:32 +00:00
fenix-gitea-admin
54a6b90307 Merge pull request 'fenix-admin' (#255) from fenix-admin into dev 
Reviewed-on: fenix-gitea-admin/iac-opentofu-private#255
 2025-09-11 18:50:13 +00:00
fenix-gitea-admin
d8e3ed45b9 README 2025-09-11 18:44:43 +00:00
fenix-gitea-admin
f9a02d0a3b Merge pull request 'dev' (#249) from dev into fenix-admin 
Reviewed-on: fenix-gitea-admin/iac-opentofu-private#249
 2025-09-11 18:39:47 +00:00
fenix-gitea-admin
58ec08c79a dev 2025-09-11 18:38:58 +00:00
fenix-gitea-admin
a84c0de09f Merge pull request '[deploy-opentofu]' (#248) from fenix-admin into main 
Reviewed-on: fenix-gitea-admin/iac-opentofu-private#248
 2025-09-11 18:33:11 +00:00
fenix-gitea-admin
4d6491ff24 [deploy-opentofu] 2025-09-11 18:32:24 +00:00
fenix-gitea-admin
b5e2fd76a9 Merge pull request '[deploy-opentofu]' (#247) from fenix-admin into main 
Reviewed-on: fenix-gitea-admin/iac-opentofu-private#247
 2025-09-10 22:01:59 +00:00
fenix-gitea-admin
d04cc7477c [deploy-opentofu] 2025-09-10 22:01:24 +00:00
fenix-gitea-admin
a9213a040c Merge pull request '[deploy-opentofu]' (#246) from fenix-admin into main 
Reviewed-on: fenix-gitea-admin/iac-opentofu-private#246
 2025-09-10 20:36:09 +00:00
fenix-gitea-admin
0b0e3db854 [deploy-opentofu] 2025-09-10 20:35:02 +00:00
14 changed files with 112 additions and 42 deletions
Expand all files Collapse all files

43
.gitea/workflows/ci-test.yaml
View File

@ -2,7 +2,7 @@ name: IAC
on: on:
push: push:
branches: [ main ] branches: [ dev ]
workflow_dispatch: workflow_dispatch:
jobs: jobs:
@ -17,6 +17,7 @@ jobs:
BW_PASSWORD: ${{ secrets.BW_PASSWORD }} BW_PASSWORD: ${{ secrets.BW_PASSWORD }}
BW_CLIENTID: ${{ secrets.BW_CLIENTID }} BW_CLIENTID: ${{ secrets.BW_CLIENTID }}
BW_CLIENTSECRET: ${{ secrets.BW_CLIENTSECRET }} BW_CLIENTSECRET: ${{ secrets.BW_CLIENTSECRET }}
VAULTWARDEN_LINK: ${{secrets.VAULTWARDEN_LINK }}
steps: steps:
@ -34,6 +35,11 @@ jobs:
run: | run: |
apt-get update -y apt-get update -y
- name: Install setup
run: |
apt install -y curl jq
curl -fsSL https://deb.nodesource.com/setup_18.x
- name: Cloning iac repository - name: Cloning iac repository
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
@ -59,7 +65,8 @@ jobs:
- name: Install dante-server - name: Install dante-server
run: | run: |
apt-get install -y dante-server apt-get install -y dante-server openssl
#libssl1.1
- name: Configure dante-server - name: Configure dante-server
@ -82,16 +89,32 @@ jobs:
} }
EOF EOF
- name: vaultwarden urls as secrets
run: |
echo "config"
echo "$VAULTWARDEN_LINK"
bw config server $VAULTWARDEN_LINK
echo "login"
bw login --apikey
echo "session"
BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
echo "$BW_SESSION"
echo "getting item"
bw get item "iac.proxmox.ssh.link" --session "$BW_SESSION"
bw get item "iac.proxmox.ssh.link" --session "$BW_SESSION" | jq -r '.notes' > "proxmox-ssh-link.txt"
- name: Start cloudflared Access TCP -> SOCKS5 (background) - name: Start cloudflared Access TCP -> SOCKS5 (background)
env: env:
CF_SVC_ID: ${{ secrets.CF_SVC_ID }} CF_SVC_ID: ${{ secrets.CF_SVC_ID }}
CF_SVC_SECRET: ${{ secrets.CF_SVC_SECRET }} CF_SVC_SECRET: ${{ secrets.CF_SVC_SECRET }}
HOSTNAME: "proxmox-ssh.fenix-dev.com"
run: | run: |
Hostname=$(cat proxmox-ssh-link.txt)
# Inicia cloudflared access tcp/ssh com service token e listener socks local # Inicia cloudflared access tcp/ssh com service token e listener socks local
# O binário 'cloudflared' tem variações de flags entre versões; estes flags funcionam nas versões recentes. # O binário 'cloudflared' tem variações de flags entre versões; estes flags funcionam nas versões recentes.
nohup cloudflared access tcp \ nohup cloudflared access tcp \
--hostname "$HOSTNAME" \ --hostname "$Hostname" \
--listener "tcp://127.0.0.1:1081" \ --listener "tcp://127.0.0.1:1081" \
--service-token-id "$CF_SVC_ID" \ --service-token-id "$CF_SVC_ID" \
--service-token-secret "$CF_SVC_SECRET" \ --service-token-secret "$CF_SVC_SECRET" \
@ -122,21 +145,12 @@ jobs:
sleep 3 sleep 3
cat dante.log cat dante.log
#- name: vaultwarden login
# working-directory: infra/iac
# run: |
# bw config server https://vaultwarden.fenix-dev.com
# #BW_SESSION=$(bw login)
# bw login --apikey
# BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
- name: vaultwarden getsecrets - name: vaultwarden getsecrets
working-directory: infra/iac working-directory: infra/iac
run: | run: |
bw config server https://vaultwarden.fenix-dev.com
bw login --apikey
BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw) BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
echo "$BW_SESSION"
# Ler o arquivo de referência # Ler o arquivo de referência
for secret in $(jq -c '.secrets[]' secrets/vault-secrets-map.json); do for secret in $(jq -c '.secrets[]' secrets/vault-secrets-map.json); do
@ -154,6 +168,7 @@ jobs:
elif [ "$type" == "note" ]; then elif [ "$type" == "note" ]; then
echo "note get" echo "note get"
bw get item "$name" --session "$BW_SESSION" | jq -r '.notes' > "$output" bw get item "$name" --session "$BW_SESSION" | jq -r '.notes' > "$output"
#cat $output
fi fi
done done

1
README.md Normal file
View File

@ -0,0 +1 @@
the most stable branch is main, dev is where tests are made, and the remaining branches are personal and can undergo changes at any time

24
documentation/Dockerfile
View File

@ -5,19 +5,27 @@ FROM ubuntu:24.04
# Copy the tofu binary # Copy the tofu binary
COPY --from=tofu /usr/local/bin/tofu /usr/local/bin/tofu COPY --from=tofu /usr/local/bin/tofu /usr/local/bin/tofu
# Install dependencies
# Atualizar pacotes e instalar dependências básicas
RUN apt-get update && apt-get install -y \ RUN apt-get update && apt-get install -y \
git \
curl \ curl \
nodejs \ git \
npm \
unzip \ unzip \
jq \
gnupg \
ca-certificates \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
RUN curl -L -o /tmp/bw.zip https://github.com/bitwarden/cli/releases/download/v1.22.1/bw-linux-1.22.1.zip \ # Instalar Node.js 18 via NodeSource
&& unzip /tmp/bw.zip -d /usr/local/bin \ RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - && \
&& chmod +x /usr/local/bin/bw \ apt-get install -y nodejs
&& rm /tmp/bw.zip
# Verificar versões (opcional para debug)
RUN node -v && npm -v
RUN npm install -g @bitwarden/cli
WORKDIR /workspace WORKDIR /workspace

2
main.tf
View File

@ -6,7 +6,7 @@ terraform {
} }
bitwarden = { bitwarden = {
source = "maxlaverse/bitwarden" source = "maxlaverse/bitwarden"
version = ">= 0.15.0" version = ">= 0.16.0"
} }
proxmox = { proxmox = {
source = "bpg/proxmox" source = "bpg/proxmox"

3
proxmox.tf
View File

@ -120,7 +120,7 @@ resource "proxmox_virtual_environment_vm" "proxmox-kubernetes-VM-template" {
# Configuração da interface de rede # Configuração da interface de rede
network_device { network_device {
bridge = "vmbr0" bridge = "vmbr0" # rede de gestão para comunicação com Cluster A
} }
initialization { initialization {
@ -132,6 +132,7 @@ initialization {
address = "dhcp" address = "dhcp"
} }
} }
user_data_file_id = proxmox_virtual_environment_file.cloud_init_yaml.id user_data_file_id = proxmox_virtual_environment_file.cloud_init_yaml.id
} }
} }

2
proxmox.variables.tf
View File

@ -40,6 +40,8 @@ variable "proxmox_k8s_vms" {
vm_id = number vm_id = number
node_name = string node_name = string
ip = string ip = string
ip2 = string
ip3 = string
cores = optional(number) cores = optional(number)
memory = optional(number) memory = optional(number)
data_store = optional(string) data_store = optional(string)

13
secrets-output/iac.ansible.hosts.ini Normal file
View File

@ -0,0 +1,13 @@
[master]
master1 ansible_host=192.168.1.99 ansible_user=user ansible_ssh_pass=pass ansible_ssh_common_args='-o StrictHostKeyChecking=no'
[workers]
worker-192-168-1-101 ansible_host=192.168.1.101 ansible_user=user ansible_ssh_pass=pass ansible_ssh_common_args='-o StrictHostKeyChecking=no'

1
secrets/iac.proxmox.ssh.link Normal file
View File

@ -0,0 +1 @@
proxmox-ssh.example.com

1
secrets/iac.vaultwarden-link Normal file
View File

@ -0,0 +1 @@
https://vaultwarden.example.com

12
secrets/proxmox.secrets.tfvars
View File

@ -1,6 +1,6 @@
proxmox_server = "proxmox.example.com" #proxmox_server = "proxmox.example.com"
PM_API_TOKEN_ID = "tokenid" #PM_API_TOKEN_ID = "tokenid"
PM_API_TOKEN_SECRET = "tokensecret" #PM_API_TOKEN_SECRET = "tokensecret"
# tokenid is read automatically from PM_API_TOKEN_ID # tokenid is read automatically from PM_API_TOKEN_ID
# token is read automatically from PM_API_TOKEN_SECRET # token is read automatically from PM_API_TOKEN_SECRET
@ -20,6 +20,7 @@ proxmox_k8s_vms = [
vm_id = 3001 vm_id = 3001
node_name = "node" node_name = "node"
ip = "192.168.1.99/24" ip = "192.168.1.99/24"
ip3 = "192.168.1.199/24"
cores = 2 cores = 2
memory = 2000 memory = 2000
disk_size = 32 disk_size = 32
@ -33,13 +34,14 @@ proxmox_k8s_vms = [
} }
] ]
extra_packages = [] extra_packages = []
extra_runcmd = [] extra_runcmd = ["sudo ip addr add 192.168.1.199/24 dev eth0"]
}, },
{ {
name = "k8s-worker-01" name = "k8s-worker-01"
vm_id = 3002 vm_id = 3002
node_name = "node" node_name = "node"
ip = "192.168.1.101/24" ip = "192.168.1.101/24"
ip3 = "192.168.1.201/24"
cores = 1 cores = 1
memory = 2000 memory = 2000
disk_size = 32 disk_size = 32
@ -53,6 +55,6 @@ proxmox_k8s_vms = [
} }
] ]
extra_packages = [] extra_packages = []
extra_runcmd = [] extra_runcmd = ["sudo ip addr add 192.168.1.201/24 dev eth0"]
}, },
] ]

34
vaultwarden.tf
View File

@ -16,6 +16,13 @@ resource "vaultwarden_account_register" "vaultwarden-acount-fenix" {
password = var.vaultwarden_master_password password = var.vaultwarden_master_password
} }
resource "bitwarden_item_login" "administrative-user" {
name = "teste"
username = "teste"
password = "teste"
collection_ids = [vaultwarden_organization_collection.vaultwarden-collection-iac.id]
}
resource "vaultwarden_organization" "vaultwarden-organization-fenix-iac" { resource "vaultwarden_organization" "vaultwarden-organization-fenix-iac" {
name = "fenix-iac" name = "fenix-iac"
} }
@ -26,9 +33,28 @@ resource "vaultwarden_organization_collection" "vaultwarden-collection-iac" {
} }
resource "bitwarden_item_login" "administrative-user" { resource "bitwarden_item_secure_note" "hosts-ini" {
name = "teste" name = "iac.ansible.hosts.ini"
username = "teste" notes = <<EOT
password = "teste" ${local.hosts_ini}
EOT
organization_id = vaultwarden_organization.vaultwarden-organization-fenix-iac.id
collection_ids = [vaultwarden_organization_collection.vaultwarden-collection-iac.id] collection_ids = [vaultwarden_organization_collection.vaultwarden-collection-iac.id]
reprompt = true
}
locals{
hosts_ini = <<EOT
[master]
master1 ansible_host=${split("/", var.proxmox_k8s_vms[0].ip)[0]} ansible_user=${var.proxmox_k8s_vms[0].extra_users[0].name} ansible_ssh_pass=${var.proxmox_k8s_vms[0].extra_users[0].password} ansible_ssh_common_args='-o StrictHostKeyChecking=no'
[workers]
%{ for i, vm in var.proxmox_k8s_vms ~}
%{ if i != 0 }
worker-${replace(split("/", vm.ip)[0], ".", "-")} ansible_host=${split("/", vm.ip)[0]} ansible_user=${vm.extra_users[0].name} ansible_ssh_pass=${vm.extra_users[0].password} ansible_ssh_common_args='-o StrictHostKeyChecking=no'
%{ endif }
%{ endfor }
EOT
} }