mirror of
https://gitea.fenix-dev.com/fenix-gitea-admin/iac-opentofu-private.git
synced 2025-10-27 15:53:06 +00:00
Compare commits
50 Commits
main
...
461c145e39
| Author | SHA1 | Date | |
|---|---|---|---|
| 461c145e39 | |||
| aa106310ea | |||
| 3d0a49f4fe | |||
| f0823e5716 | |||
| 3c6731405d | |||
| 0f346a4c73 | |||
| 916944a150 | |||
| 69150c506f | |||
| 0304eb6927 | |||
| 46da80161a | |||
| 337f1f573c | |||
| 6d3ca1edb3 | |||
| d300e27f9e | |||
| 06b3f73d8d | |||
| be6e459be5 | |||
| 9e6e9bd147 | |||
| fe60e4d672 | |||
| 585bda0bd2 | |||
| 21e645a72c | |||
| 9e0efc4f59 | |||
| 13c30fa900 | |||
| 7513e9f600 | |||
| 4d3492c94a | |||
| c7bf70d14c | |||
| a045a6593e | |||
| ef49235842 | |||
| 7ade4e335c | |||
| 82faecd162 | |||
| 250b5ec5a0 | |||
| c6db073f7e | |||
| 525490ac84 | |||
| 97aefe288a | |||
| cce724f9d7 | |||
| 3cf575d2d1 | |||
| e9abf54677 | |||
| 04e1cb7c9a | |||
| 0d510e4941 | |||
| a7ad7a0338 | |||
| 2ee2d36f16 | |||
| 46cc36b013 | |||
| 16878eec71 | |||
| f45492d630 | |||
| a594314bb1 | |||
| 4e36161371 | |||
| 8ecd94f08c | |||
| 67dd8b490c | |||
| 468a7c0d78 | |||
| 035427e956 | |||
| 27132cf022 | |||
| ce73cf8a9a |
@ -35,6 +35,11 @@ jobs:
|
|||||||
run: |
|
run: |
|
||||||
apt-get update -y
|
apt-get update -y
|
||||||
|
|
||||||
|
- name: Install setup
|
||||||
|
run: |
|
||||||
|
apt install -y curl jq
|
||||||
|
curl -fsSL https://deb.nodesource.com/setup_18.x
|
||||||
|
|
||||||
- name: Cloning iac repository
|
- name: Cloning iac repository
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
with:
|
with:
|
||||||
@ -60,7 +65,7 @@ jobs:
|
|||||||
|
|
||||||
- name: Install dante-server
|
- name: Install dante-server
|
||||||
run: |
|
run: |
|
||||||
apt-get install -y dante-server
|
apt-get install -y dante-server openssl libssl1.1
|
||||||
|
|
||||||
|
|
||||||
- name: Configure dante-server
|
- name: Configure dante-server
|
||||||
@ -85,12 +90,15 @@ jobs:
|
|||||||
|
|
||||||
|
|
||||||
- name: vaultwarden urls as secrets
|
- name: vaultwarden urls as secrets
|
||||||
working-directory:
|
|
||||||
run: |
|
run: |
|
||||||
|
echo "config"
|
||||||
bw config server $VAULTWARDEN_LINK
|
bw config server $VAULTWARDEN_LINK
|
||||||
|
echo "login"
|
||||||
bw login --apikey
|
bw login --apikey
|
||||||
|
echo "session"
|
||||||
BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
|
BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
|
||||||
|
echo "$BW_SESSION"
|
||||||
|
echo "getting item"
|
||||||
bw get item "iac.proxmox.ssh.link" --session "$BW_SESSION" | jq -r '.notes' > "proxmox-ssh-link.txt"
|
bw get item "iac.proxmox.ssh.link" --session "$BW_SESSION" | jq -r '.notes' > "proxmox-ssh-link.txt"
|
||||||
|
|
||||||
- name: Start cloudflared Access TCP -> SOCKS5 (background)
|
- name: Start cloudflared Access TCP -> SOCKS5 (background)
|
||||||
@ -139,6 +147,7 @@ jobs:
|
|||||||
working-directory: infra/iac
|
working-directory: infra/iac
|
||||||
run: |
|
run: |
|
||||||
BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
|
BW_SESSION=$(bw unlock "$BW_PASSWORD" --raw)
|
||||||
|
echo "$BW_SESSION"
|
||||||
|
|
||||||
# Ler o arquivo de referência
|
# Ler o arquivo de referência
|
||||||
for secret in $(jq -c '.secrets[]' secrets/vault-secrets-map.json); do
|
for secret in $(jq -c '.secrets[]' secrets/vault-secrets-map.json); do
|
||||||
@ -156,6 +165,7 @@ jobs:
|
|||||||
elif [ "$type" == "note" ]; then
|
elif [ "$type" == "note" ]; then
|
||||||
echo "note get"
|
echo "note get"
|
||||||
bw get item "$name" --session "$BW_SESSION" | jq -r '.notes' > "$output"
|
bw get item "$name" --session "$BW_SESSION" | jq -r '.notes' > "$output"
|
||||||
|
cat $output
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
|
|||||||
2
main.tf
2
main.tf
@ -6,7 +6,7 @@ terraform {
|
|||||||
}
|
}
|
||||||
bitwarden = {
|
bitwarden = {
|
||||||
source = "maxlaverse/bitwarden"
|
source = "maxlaverse/bitwarden"
|
||||||
version = ">= 0.15.0"
|
version = ">= 0.16.0"
|
||||||
}
|
}
|
||||||
proxmox = {
|
proxmox = {
|
||||||
source = "bpg/proxmox"
|
source = "bpg/proxmox"
|
||||||
|
|||||||
@ -25,10 +25,37 @@ resource "vaultwarden_organization_collection" "vaultwarden-collection-iac" {
|
|||||||
name = "iac-collection"
|
name = "iac-collection"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
resource "bitwarden_item_login" "administrative-user" {
|
resource "bitwarden_item_login" "administrative-user" {
|
||||||
name = "teste"
|
name = "teste"
|
||||||
username = "teste"
|
username = "teste"
|
||||||
password = "teste"
|
password = "teste"
|
||||||
collection_ids = [vaultwarden_organization_collection.vaultwarden-collection-iac.id]
|
collection_ids = [vaultwarden_organization_collection.vaultwarden-collection-iac.id]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
resource "bitwarden_item_secure_note" "hosts-ini" {
|
||||||
|
name = "iac.ansible.hosts.ini"
|
||||||
|
notes = <<EOT
|
||||||
|
${local.hosts_ini}
|
||||||
|
EOT
|
||||||
|
organization_id = vaultwarden_organization.vaultwarden-organization-fenix-iac.id
|
||||||
|
collection_ids = [vaultwarden_organization_collection.vaultwarden-collection-iac.id]
|
||||||
|
reprompt = true
|
||||||
|
}
|
||||||
|
|
||||||
|
locals{
|
||||||
|
|
||||||
|
hosts_ini = <<EOT
|
||||||
|
|
||||||
|
[master]
|
||||||
|
master ansible_host=${var.proxmox_k8s_vms[0].ip} ansible_user=${var.proxmox_k8s_vms[0].extra_users[0].name} ansible_ssh_pass=${var.proxmox_k8s_vms[0].extra_users[0].password}
|
||||||
|
|
||||||
|
[workers]
|
||||||
|
%{ for i, vm in var.proxmox_k8s_vms ~}
|
||||||
|
%{ if i != 0 }
|
||||||
|
worker-${replace(vm.ip, ".", "-")} ansible_host=${vm.ip} ansible_user=${vm.extra_users[0].name} ansible_ssh_pass=${vm.extra_users[0].password}
|
||||||
|
%{ endif }
|
||||||
|
%{ endfor }
|
||||||
|
|
||||||
|
EOT
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user