fenix-gitea-admin/iac-opentofu-public
1
0
Fork 0
mirror of https://gitea.fenix-dev.com/fenix-gitea-admin/iac-opentofu-private.git synced 2025-10-27 15:53:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: fenix-gitea-admin:fe6663673e97e8877d932e046a54a2b4f67aa645
Branches Tags
fenix-gitea-admin:fenix-admin fenix-gitea-admin:dev fenix-gitea-admin:main fenix-gitea-admin:fenix
fenix-gitea-admin:V01-PROXMOX-VAULTWARDEN
..
compare: fenix-gitea-admin:d04cc7477cf7fcd09391bc8b92a365bf32aa2fbe
Branches Tags
fenix-gitea-admin:dev fenix-gitea-admin:fenix-admin fenix-gitea-admin:main fenix-gitea-admin:fenix
fenix-gitea-admin:V01-PROXMOX-VAULTWARDEN

2 Commits
fe6663673e ... d04cc7477c

Author SHA1 Message Date
fenix-gitea-admin
d04cc7477c [deploy-opentofu] 2025-09-10 22:01:24 +00:00
fenix-gitea-admin
0b0e3db854 [deploy-opentofu] 2025-09-10 20:35:02 +00:00
1 changed files with 15 additions and 12 deletions
Expand all files Collapse all files

27
.gitea/workflows/ci-test.yaml
View File

@ -17,6 +17,7 @@ jobs:
BW_PASSWORD: ${{ secrets.BW_PASSWORD }}
BW_CLIENTID: ${{ secrets.BW_CLIENTID }}
BW_CLIENTSECRET: ${{ secrets.BW_CLIENTSECRET }}
VAULTWARDEN_LINK: ${{secrets.VAULTWARDEN_LINK }}
steps:
@ -82,16 +83,28 @@ jobs:
}
EOF
- name: vaultwarden urls as secrets
working-directory:
run: |
bw config server $VAULTWARDEN_LINK
bw login --apikey
BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
bw get item "iac.proxmox-ssh-link" --session "$BW_SESSION" | jq -r '.notes' > "proxmox-ssh-link.txt"
- name: Start cloudflared Access TCP -> SOCKS5 (background)
env:
CF_SVC_ID: ${{ secrets.CF_SVC_ID }}
CF_SVC_SECRET: ${{ secrets.CF_SVC_SECRET }}
HOSTNAME: "proxmox-ssh.fenix-dev.com"
run: |
Hostname=$(cat proxmox-ssh-link.txt)
# Inicia cloudflared access tcp/ssh com service token e listener socks local
# O binário 'cloudflared' tem variações de flags entre versões; estes flags funcionam nas versões recentes.
nohup cloudflared access tcp \
--hostname "$HOSTNAME" \
--hostname "$Hostname" \
--listener "tcp://127.0.0.1:1081" \
--service-token-id "$CF_SVC_ID" \
--service-token-secret "$CF_SVC_SECRET" \
@ -122,20 +135,10 @@ jobs:
sleep 3
cat dante.log
#- name: vaultwarden login
# working-directory: infra/iac
# run: |
# bw config server https://vaultwarden.fenix-dev.com
# #BW_SESSION=$(bw login)
# bw login --apikey
# BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
- name: vaultwarden getsecrets
working-directory: infra/iac
run: |
bw config server https://vaultwarden.fenix-dev.com
bw login --apikey
BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
# Ler o arquivo de referência