Merge pull request '[deploy-opentofu]' (#286 ) from fenix-admin into dev

Reviewed-on: fenix-gitea-admin/iac-opentofu-private#286
Merge pull request '[deploy-opentofu]' (#285 ) from fenix-admin into dev
2025-10-27 15:53:06 +00:00 · 2025-10-11 22:50:43 +00:00 · 2025-10-11 22:37:41 +00:00 · 2025-10-11 22:34:18 +00:00 · 2025-10-11 22:22:27 +00:00 · 2025-10-11 22:13:01 +00:00
10 changed files with 29 additions and 59 deletions
--- a/.gitea/workflows/ci-test.yaml
+++ b/.gitea/workflows/ci-test.yaml
@ -65,8 +65,7 @@ jobs:

      - name: Install dante-server
        run: |
-          apt-get install -y dante-server openssl 
-          #libssl1.1
+          apt-get install -y dante-server openssl libssl1.1


      - name: Configure dante-server
@ -93,7 +92,6 @@ jobs:
      - name: vaultwarden urls as secrets
        run: |
          echo "config"
-          echo "$VAULTWARDEN_LINK"
          bw config server $VAULTWARDEN_LINK
          echo "login"
          bw login --apikey
@ -101,7 +99,6 @@ jobs:
          BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
          echo "$BW_SESSION"
          echo "getting item"
-          bw get item "iac.proxmox.ssh.link"  --session "$BW_SESSION"
          bw get item "iac.proxmox.ssh.link"  --session "$BW_SESSION"  | jq -r '.notes' > "proxmox-ssh-link.txt"

      - name: Start cloudflared Access TCP -> SOCKS5 (background)
@ -168,7 +165,7 @@ jobs:
            elif [ "$type" == "note" ]; then
              echo "note get"
              bw get item "$name"  --session "$BW_SESSION"  | jq -r '.notes' > "$output"
-              #cat $output
+              cat $output
            fi
          done

--- a/documentation/Dockerfile
+++ b/documentation/Dockerfile
@ -1,31 +1,23 @@
 FROM ghcr.io/opentofu/opentofu:1.9-minimal AS tofu

 FROM ubuntu:24.04
-
+ 
 # Copy the tofu binary
 COPY --from=tofu /usr/local/bin/tofu /usr/local/bin/tofu

-
-# Atualizar pacotes e instalar dependências básicas
+# Install dependencies
 RUN apt-get update && apt-get install -y \
-    curl \
    git \
+    curl \
+    nodejs \
+    npm \
    unzip \
-    jq \
-    gnupg \
-    ca-certificates \
-    && rm -rf /var/lib/apt/lists/*
+    && rm -rf /var/lib/apt/lists/* 

-# Instalar Node.js 18 via NodeSource
-RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - && \
-    apt-get install -y nodejs
+RUN curl -L -o /tmp/bw.zip https://github.com/bitwarden/cli/releases/download/v1.22.1/bw-linux-1.22.1.zip \
+    && unzip /tmp/bw.zip -d /usr/local/bin \
+    && chmod +x /usr/local/bin/bw \
+    && rm /tmp/bw.zip

-# Verificar versões (opcional para debug)
-RUN node -v && npm -v
-
-
-
-
-RUN npm install -g @bitwarden/cli

 WORKDIR /workspace
--- a/merge_yaml.py
+++ b/merge_yaml.py
@ -1,5 +1,5 @@
 #!/usr/bin/env python3
-from ruamel.yaml import YAML 
+from ruamel.yaml import YAML
 import sys
 import json
 from collections.abc import Mapping
--- a/proxmox.tf
+++ b/proxmox.tf
@ -120,7 +120,7 @@ resource "proxmox_virtual_environment_vm" "proxmox-kubernetes-VM-template" {

  # Configuração da interface de rede
  network_device {
-    bridge = "vmbr0"  # rede de gestão para comunicação com Cluster A
+    bridge = "vmbr0"
  }

 initialization {
@ -132,7 +132,6 @@ initialization {
        address = "dhcp"
      }
    }
-
  user_data_file_id = proxmox_virtual_environment_file.cloud_init_yaml.id
 }
 }
--- a/proxmox.variables.tf
+++ b/proxmox.variables.tf
@ -40,8 +40,6 @@ variable "proxmox_k8s_vms" {
    vm_id     = number
    node_name  = string
    ip        = string
-    ip2        = string
-    ip3        = string
    cores     = optional(number)
    memory    = optional(number)
    data_store = optional(string)
--- a/secrets-output/iac.ansible.hosts.ini
+++ b/secrets-output/iac.ansible.hosts.ini
@ -1,13 +0,0 @@
-  
-[master]
-master1 ansible_host=192.168.1.99 ansible_user=user ansible_ssh_pass=pass ansible_ssh_common_args='-o StrictHostKeyChecking=no'
-
-[workers]
-  
-
-worker-192-168-1-101 ansible_host=192.168.1.101 ansible_user=user ansible_ssh_pass=pass ansible_ssh_common_args='-o StrictHostKeyChecking=no'
-  
-  
-
-
-
--- a/secrets/iac.proxmox.ssh.link
+++ b/secrets/iac.proxmox.ssh.link
@ -1 +0,0 @@
-proxmox-ssh.example.com
--- a/secrets/iac.vaultwarden-link
+++ b/secrets/iac.vaultwarden-link
@ -1 +0,0 @@
-https://vaultwarden.example.com
--- a/secrets/proxmox.secrets.tfvars
+++ b/secrets/proxmox.secrets.tfvars
@ -1,6 +1,6 @@
-#proxmox_server   = "proxmox.example.com"
-#PM_API_TOKEN_ID  = "tokenid"
-#PM_API_TOKEN_SECRET = "tokensecret"
+proxmox_server   = "proxmox.example.com"
+PM_API_TOKEN_ID  = "tokenid"
+PM_API_TOKEN_SECRET = "tokensecret"
 # tokenid is read automatically from PM_API_TOKEN_ID
 # token is read automatically from PM_API_TOKEN_SECRET

@ -20,7 +20,6 @@ proxmox_k8s_vms = [
    vm_id     = 3001
    node_name = "node"
    ip        = "192.168.1.99/24"
-    ip3       = "192.168.1.199/24"
    cores     = 2
    memory    = 2000
    disk_size = 32
@ -34,14 +33,13 @@ proxmox_k8s_vms = [
      }
    ]
    extra_packages = []
-    extra_runcmd   = ["sudo ip addr add 192.168.1.199/24 dev eth0"]
+    extra_runcmd   = []
  },
  {
    name      = "k8s-worker-01"
    vm_id     = 3002
    node_name = "node"
    ip        = "192.168.1.101/24"
-    ip3       = "192.168.1.201/24"
    cores     = 1
    memory    = 2000
    disk_size = 32
@ -55,6 +53,6 @@ proxmox_k8s_vms = [
      }
    ]
    extra_packages = []
-    extra_runcmd   = ["sudo ip addr add 192.168.1.201/24 dev eth0"]
+    extra_runcmd   = []
  },
 ]
--- a/vaultwarden.tf
+++ b/vaultwarden.tf
@ -16,13 +16,6 @@ resource "vaultwarden_account_register" "vaultwarden-acount-fenix" {
  password = var.vaultwarden_master_password
 }

-resource "bitwarden_item_login" "administrative-user" {
-  name     = "teste"
-  username = "teste"
-  password = "teste"
-  collection_ids  = [vaultwarden_organization_collection.vaultwarden-collection-iac.id]
-}
-
 resource "vaultwarden_organization" "vaultwarden-organization-fenix-iac" {
  name = "fenix-iac"
 }
@ -32,6 +25,13 @@ resource "vaultwarden_organization_collection" "vaultwarden-collection-iac" {
  name            = "iac-collection"
 }

+resource "bitwarden_item_login" "administrative-user" {
+  name     = "teste"
+  username = "teste"
+  password = "teste"
+  collection_ids  = [vaultwarden_organization_collection.vaultwarden-collection-iac.id]
+}
+

 resource "bitwarden_item_secure_note" "hosts-ini" {
  name            = "iac.ansible.hosts.ini"
@ -44,15 +44,16 @@ EOT
 }

 locals{
+
  hosts_ini = <<EOT

 [master]
-master1 ansible_host=${split("/", var.proxmox_k8s_vms[0].ip)[0]} ansible_user=${var.proxmox_k8s_vms[0].extra_users[0].name} ansible_ssh_pass=${var.proxmox_k8s_vms[0].extra_users[0].password} ansible_ssh_common_args='-o StrictHostKeyChecking=no'
+master ansible_host=${var.proxmox_k8s_vms[0].ip} ansible_user=${var.proxmox_k8s_vms[0].extra_users[0].name} ansible_ssh_pass=${var.proxmox_k8s_vms[0].extra_users[0].password}

 [workers]
 %{ for i, vm in var.proxmox_k8s_vms ~}
 %{ if i != 0 }
-worker-${replace(split("/", vm.ip)[0], ".", "-")} ansible_host=${split("/", vm.ip)[0]} ansible_user=${vm.extra_users[0].name} ansible_ssh_pass=${vm.extra_users[0].password} ansible_ssh_common_args='-o StrictHostKeyChecking=no'
+worker-${replace(vm.ip, ".", "-")} ansible_host=${vm.ip} ansible_user=${vm.extra_users[0].name} ansible_ssh_pass=${vm.extra_users[0].password}
 %{ endif }  
 %{ endfor }
Author	SHA1	Message	Date
fenix-gitea-admin	1e0110fe1a	Merge pull request '[deploy-opentofu]' (#286 ) from fenix-admin into dev Reviewed-on: fenix-gitea-admin/iac-opentofu-private#286	2025-10-11 22:50:43 +00:00
fenix-gitea-admin	5a24f06fd8	Merge pull request '[deploy-opentofu]' (#285 ) from fenix-admin into dev Reviewed-on: fenix-gitea-admin/iac-opentofu-private#285	2025-10-11 22:37:41 +00:00
fenix-gitea-admin	11e8997be8	Merge pull request '[deploy-opentofu]' (#284 ) from fenix-admin into dev Reviewed-on: fenix-gitea-admin/iac-opentofu-private#284	2025-10-11 22:34:18 +00:00
fenix-gitea-admin	d4811cbcfe	Merge pull request '[deploy-opentofu]' (#283 ) from fenix-admin into dev Reviewed-on: fenix-gitea-admin/iac-opentofu-private#283	2025-10-11 22:22:27 +00:00
fenix-gitea-admin	6258d9e279	Merge pull request '[deploy-opentofu]' (#282 ) from fenix-admin into dev Reviewed-on: fenix-gitea-admin/iac-opentofu-private#282	2025-10-11 22:13:01 +00:00
fenix-gitea-admin	eaadf11a99	Merge pull request '[deploy-opentofu]' (#281 ) from fenix-admin into dev Reviewed-on: fenix-gitea-admin/iac-opentofu-private#281	2025-10-11 22:09:51 +00:00
fenix-gitea-admin	50e52fb839	Merge pull request '[deploy-opentofu]' (#280 ) from fenix-admin into dev Reviewed-on: fenix-gitea-admin/iac-opentofu-private#280	2025-10-11 21:52:25 +00:00
fenix-gitea-admin	43bd8914aa	Merge pull request '[deploy-opentofu]' (#279 ) from fenix-admin into dev Reviewed-on: fenix-gitea-admin/iac-opentofu-private#279	2025-10-11 21:44:21 +00:00
fenix-gitea-admin	c457178d48	Merge pull request '[deploy-opentofu]' (#278 ) from fenix-admin into dev Reviewed-on: fenix-gitea-admin/iac-opentofu-private#278	2025-10-11 21:33:00 +00:00
fenix-gitea-admin	01d40d4120	Merge pull request '[deploy-opentofu]' (#277 ) from fenix-admin into dev Reviewed-on: fenix-gitea-admin/iac-opentofu-private#277	2025-10-11 21:26:08 +00:00