Merge pull request '[deploy-opentofu]' (#286) from fenix-admin into dev

Reviewed-on: fenix-gitea-admin/iac-opentofu-private#286

.gitea/workflows/ci-test.yaml

@@ -65,8 +65,7 @@ jobs:
 
       - name: Install dante-server
         run: |
-          apt-get install -y dante-server openssl 
-          #libssl1.1
+          apt-get install -y dante-server openssl libssl1.1
 
 
       - name: Configure dante-server
@@ -93,7 +92,6 @@ jobs:
       - name: vaultwarden urls as secrets
         run: |
           echo "config"
-          echo "$VAULTWARDEN_LINK"
           bw config server $VAULTWARDEN_LINK
           echo "login"
           bw login --apikey
@@ -101,7 +99,6 @@ jobs:
           BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
           echo "$BW_SESSION"
           echo "getting item"
-          bw get item "iac.proxmox.ssh.link"  --session "$BW_SESSION"
           bw get item "iac.proxmox.ssh.link"  --session "$BW_SESSION"  | jq -r '.notes' > "proxmox-ssh-link.txt"
 
       - name: Start cloudflared Access TCP -> SOCKS5 (background)
@@ -168,7 +165,7 @@ jobs:
             elif [ "$type" == "note" ]; then
               echo "note get"
               bw get item "$name"  --session "$BW_SESSION"  | jq -r '.notes' > "$output"
-              #cat $output
+              cat $output
             fi
           done
 

README.md

@@ -1,3 +1 @@
-the most stable branch is main, dev is where tests are made, and the remaining branches are personal and can undergo changes at any time 
-
-i had to redo consul
+the most stable branch is main, dev is where tests are made, and the remaining branches are personal and can undergo changes at any time 

documentation/Dockerfile

@@ -1,31 +1,23 @@
 FROM ghcr.io/opentofu/opentofu:1.9-minimal AS tofu
 
 FROM ubuntu:24.04
-
+ 
 # Copy the tofu binary
 COPY --from=tofu /usr/local/bin/tofu /usr/local/bin/tofu
 
-
-# Atualizar pacotes e instalar dependências básicas
+# Install dependencies
 RUN apt-get update && apt-get install -y \
-    curl \
     git \
+    curl \
+    nodejs \
+    npm \
     unzip \
-    jq \
-    gnupg \
-    ca-certificates \
-    && rm -rf /var/lib/apt/lists/*
+    && rm -rf /var/lib/apt/lists/* 
 
-# Instalar Node.js 18 via NodeSource
-RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - && \
-    apt-get install -y nodejs
+RUN curl -L -o /tmp/bw.zip https://github.com/bitwarden/cli/releases/download/v1.22.1/bw-linux-1.22.1.zip \
+    && unzip /tmp/bw.zip -d /usr/local/bin \
+    && chmod +x /usr/local/bin/bw \
+    && rm /tmp/bw.zip
 
-# Verificar versões (opcional para debug)
-RUN node -v && npm -v
-
-
-
-
-RUN npm install -g @bitwarden/cli
 
 WORKDIR /workspace

documentation/start.txt

@@ -2,7 +2,7 @@ https://spacelift.io/blog/opentofu-tutorial - explaining language of opentofu
 
 https://opentofu.org/docs/intro/ - quick start and explaning who to work in team
 
-https://opentofu.org/docs/intro/ - CICD for opentofu explained 
+https://opentofu.org/docs/intro/ - CICD for opentofu explained
  
 
  

merge_yaml.py

@@ -1,5 +1,5 @@
 #!/usr/bin/env python3
-from ruamel.yaml import YAML 
+from ruamel.yaml import YAML
 import sys
 import json
 from collections.abc import Mapping

proxmox.tf

@@ -19,7 +19,7 @@ resource "proxmox_virtual_environment_download_file" "latest_ubunto_cloud_img" {
   content_type = "iso"
   datastore_id = "local"
   node_name    = "fenix"
-  url = "https://cloud-images.ubuntu.com/jammy/20260218/jammy-server-cloudimg-amd64.img"
+  url = "https://cloud-images.ubuntu.com/jammy/20250725/jammy-server-cloudimg-amd64.img"
   file_name = "jammyservercloudimgamd64.img"
 }
 
@@ -105,7 +105,6 @@ resource "proxmox_virtual_environment_vm" "proxmox-kubernetes-VM-template" {
 
   cpu {
     cores = 2
-    type = "host"
   }
 
   memory {
@@ -117,14 +116,13 @@ resource "proxmox_virtual_environment_vm" "proxmox-kubernetes-VM-template" {
     file_id      = proxmox_virtual_environment_download_file.latest_ubunto_cloud_img.id
     interface    = "scsi0"
     file_format  = "qcow2"
-    size         = 64
   }
 
   # Configuração da interface de rede
   network_device {
-    bridge = "vmbr0"  # rede de gestão para comunicação com Cluster B
+    bridge = "vmbr0"
   }
-  
+
 initialization {
     dns {
       servers = ["1.1.1.1"]
@@ -134,7 +132,6 @@ initialization {
         address = "dhcp"
       }
     }
-
   user_data_file_id = proxmox_virtual_environment_file.cloud_init_yaml.id
  }
 }
@@ -149,12 +146,10 @@ resource "proxmox_virtual_environment_vm" "k8s_vms" {
   
   clone {
     vm_id = proxmox_virtual_environment_vm.proxmox-kubernetes-VM-template.id
-    full = true
   }
 
   cpu {
     cores = each.value.cores
-    type = "host"
   }
 
   memory {
@@ -167,16 +162,6 @@ resource "proxmox_virtual_environment_vm" "k8s_vms" {
     interface    = "scsi1"
   }
 
-  # Bloco dinâmico para lista de hostpci
-  dynamic "hostpci" {
-    for_each = try(each.value.hostpci, [])
-    content {
-      device = hostpci.value.device
-      pcie   = try(hostpci.value.pcie, true)
-      mapping = hostpci.value.mapping 
-    }
-  }
-
   initialization {
       ip_config {
         ipv4 {

proxmox.variables.tf

@@ -40,13 +40,6 @@ variable "proxmox_k8s_vms" {
     vm_id     = number
     node_name  = string
     ip        = string
-    ip2        = string
-    ip3        = string
-    hostpci = optional(list(object({
-      pcie  = bool
-      device = string
-      mapping = string
-    })))
     cores     = optional(number)
     memory    = optional(number)
     data_store = optional(string)

secrets-output/iac.ansible.hosts.ini

@@ -1,13 +0,0 @@
-  
-[master]
-master1 ansible_host=192.168.1.99 ansible_user=user ansible_ssh_pass=pass ansible_ssh_common_args='-o StrictHostKeyChecking=no'
-
-[workers]
-  
-
-worker-192-168-1-101 ansible_host=192.168.1.101 ansible_user=user ansible_ssh_pass=pass ansible_ssh_common_args='-o StrictHostKeyChecking=no'
-  
-  
-
-
-

secrets/iac.proxmox.ssh.link

@@ -1 +0,0 @@
-proxmox-ssh.example.com

secrets/iac.vaultwarden-link

@@ -1 +0,0 @@
-https://vaultwarden.example.com

secrets/proxmox.secrets.tfvars

@@ -1,6 +1,6 @@
-#proxmox_server   = "proxmox.example.com"
-#PM_API_TOKEN_ID  = "tokenid"
-#PM_API_TOKEN_SECRET = "tokensecret"
+proxmox_server   = "proxmox.example.com"
+PM_API_TOKEN_ID  = "tokenid"
+PM_API_TOKEN_SECRET = "tokensecret"
 # tokenid is read automatically from PM_API_TOKEN_ID
 # token is read automatically from PM_API_TOKEN_SECRET
 
@@ -20,7 +20,6 @@ proxmox_k8s_vms = [
     vm_id     = 3001
     node_name = "node"
     ip        = "192.168.1.99/24"
-    ip3       = "192.168.1.199/24"
     cores     = 2
     memory    = 2000
     disk_size = 32
@@ -34,14 +33,13 @@ proxmox_k8s_vms = [
       }
     ]
     extra_packages = []
-    extra_runcmd   = ["sudo ip addr add 192.168.1.199/24 dev eth0"]
+    extra_runcmd   = []
   },
   {
     name      = "k8s-worker-01"
     vm_id     = 3002
     node_name = "node"
     ip        = "192.168.1.101/24"
-    ip3       = "192.168.1.201/24"
     cores     = 1
     memory    = 2000
     disk_size = 32
@@ -55,6 +53,6 @@ proxmox_k8s_vms = [
       }
     ]
     extra_packages = []
-    extra_runcmd   = ["sudo ip addr add 192.168.1.201/24 dev eth0"]
+    extra_runcmd   = []
   },
 ]

vaultwarden.tf

@@ -10,6 +10,12 @@ provider "vaultwarden" {
   admin_token     = var.vaultwarden_admin_token
 }
 
+resource "vaultwarden_account_register" "vaultwarden-acount-fenix" {
+  name     = "fenix"
+  email    = var.vaultwarden_email
+  password = var.vaultwarden_master_password
+}
+
 resource "vaultwarden_organization" "vaultwarden-organization-fenix-iac" {
   name = "fenix-iac"
 }
@@ -19,6 +25,13 @@ resource "vaultwarden_organization_collection" "vaultwarden-collection-iac" {
   name            = "iac-collection"
 }
 
+resource "bitwarden_item_login" "administrative-user" {
+  name     = "teste"
+  username = "teste"
+  password = "teste"
+  collection_ids  = [vaultwarden_organization_collection.vaultwarden-collection-iac.id]
+}
+
 
 resource "bitwarden_item_secure_note" "hosts-ini" {
   name            = "iac.ansible.hosts.ini"
@@ -31,15 +44,16 @@ EOT
 }
 
 locals{
+
   hosts_ini = <<EOT
 
 [master]
-master1 ansible_host=${split("/", var.proxmox_k8s_vms[0].ip)[0]} ansible_user=${var.proxmox_k8s_vms[0].extra_users[0].name} ansible_ssh_pass=${var.proxmox_k8s_vms[0].extra_users[0].password} ansible_ssh_common_args='-o StrictHostKeyChecking=no'
+master ansible_host=${var.proxmox_k8s_vms[0].ip} ansible_user=${var.proxmox_k8s_vms[0].extra_users[0].name} ansible_ssh_pass=${var.proxmox_k8s_vms[0].extra_users[0].password}
 
 [workers]
 %{ for i, vm in var.proxmox_k8s_vms ~}
 %{ if i != 0 }
-worker-${replace(split("/", vm.ip)[0], ".", "-")} ansible_host=${split("/", vm.ip)[0]} ansible_user=${vm.extra_users[0].name} ansible_ssh_pass=${vm.extra_users[0].password} ansible_ssh_common_args='-o StrictHostKeyChecking=no'
+worker-${replace(vm.ip, ".", "-")} ansible_host=${vm.ip} ansible_user=${vm.extra_users[0].name} ansible_ssh_pass=${vm.extra_users[0].password}
 %{ endif }  
 %{ endfor }