From 73dd2e18ffdf2f36a3690c19e2501d3cf986b65c Mon Sep 17 00:00:00 2001 From: MichaelFisher1997 Date: Fri, 18 Apr 2025 10:51:00 +0100 Subject: [PATCH 01/11] terraform fmt --- terraform/cloud-init.tf | 15 ++++++++++++++ terraform/files/cloud_init_global.yaml | 27 +++++++++++++++++++++++++- terraform/main.tf | 2 ++ 3 files changed, 43 insertions(+), 1 deletion(-) diff --git a/terraform/cloud-init.tf b/terraform/cloud-init.tf index 18bffae..6c11712 100644 --- a/terraform/cloud-init.tf +++ b/terraform/cloud-init.tf @@ -15,3 +15,18 @@ resource "local_file" "cloud_init_global" { filename = "${path.module}/files/cloud_init_global.yaml" } +#resource "null_resource" "upload_cloud_init_alpaca" { +# count = var.alpaca_vm_count +# +# connection { +# type = "ssh" +# user = "root" +# private_key = var.ssh_key +# host = var.target_node +# } +# +# provisioner "file" { +# source = local_file.cloud_init_alpaca[count.index].filename +# destination = "/var/lib/vz/snippets/cloud_init_alpaca_${count.index + 1}.yaml" +# } +#} diff --git a/terraform/files/cloud_init_global.yaml b/terraform/files/cloud_init_global.yaml index bb5991d..9d6ad29 100644 --- a/terraform/files/cloud_init_global.yaml +++ b/terraform/files/cloud_init_global.yaml @@ -1,5 +1,30 @@ #cloud-config -hostname: ${hostname} + +package_update: true +package_upgrade: true + +# APT fails to acquire GPG keys if package dirmngr is missing +bootcmd: + - [ cloud-init-per, once, dirmngr-aptupdate, apt-get, update ] + - [ cloud-init-per, once, dirmngr-aptinstall, apt-get, install, dirmngr, -y ] + - [ cloud-init-per, once, dirmngr-aptinstall, apt-get, install, gnupg2, -y ] + +packages: + - jq + - curl + - qemu-guest-agent + - salt-minion + +users: +- name: stuart + groups: sudo + shell: /bin/bash + sudo: ['ALL=(ALL) NOPASSWD:ALL'] + ssh_authorized_keys: + - ${ssh_key} + +preserve_hostname: false +manage_etc_hosts: false fqdn: ${hostname}.${domain} #cloud-config diff --git a/terraform/main.tf b/terraform/main.tf index d9edf7a..9e6e2ee 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -21,6 +21,7 @@ resource "proxmox_vm_qemu" "alpacas" { target_node = var.target_node clone = var.clone_template full_clone = true + os_type = "cloud-init" agent = 1 sockets = var.sockets @@ -63,6 +64,7 @@ resource "proxmox_vm_qemu" "llamas" { target_node = var.target_node clone = var.clone_template full_clone = true + os_type = "cloud-init" agent = 1 sockets = var.sockets From 8f1ee24440a95fd11cd3e7f7a7ab0d60733ec7d4 Mon Sep 17 00:00:00 2001 From: MichaelFisher1997 Date: Fri, 18 Apr 2025 10:52:42 +0100 Subject: [PATCH 02/11] terraform fmt --- terraform/terraform.tfvars | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform/terraform.tfvars b/terraform/terraform.tfvars index 3e9b95b..234ce68 100644 --- a/terraform/terraform.tfvars +++ b/terraform/terraform.tfvars @@ -1,8 +1,8 @@ target_node = "flex" -clone_template = "Alpine-TemplateV2" +clone_template = "ubuntu-cloudinit" vm_name = "alpine-vm" -cores = 2 -memory = 2048 +cores = 1 +memory = 1024 disk_size = "15G" sockets = 1 bridge = "vmbr0" From bfbf0680e2eda107d0b05da9d769a1410488f4a6 Mon Sep 17 00:00:00 2001 From: MichaelFisher1997 Date: Fri, 18 Apr 2025 10:54:10 +0100 Subject: [PATCH 03/11] terraform fmt --- terraform/files/cloud_init_global.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/files/cloud_init_global.yaml b/terraform/files/cloud_init_global.yaml index 9d6ad29..8b1dee9 100644 --- a/terraform/files/cloud_init_global.yaml +++ b/terraform/files/cloud_init_global.yaml @@ -21,7 +21,7 @@ users: shell: /bin/bash sudo: ['ALL=(ALL) NOPASSWD:ALL'] ssh_authorized_keys: - - ${ssh_key} + - ${SSH_KEY_PUBLIC} preserve_hostname: false manage_etc_hosts: false From 724a433d5ef36c34d8c5c6952e095999ff0132f1 Mon Sep 17 00:00:00 2001 From: MichaelFisher1997 Date: Fri, 18 Apr 2025 10:56:54 +0100 Subject: [PATCH 04/11] terraform fmt --- terraform/variables.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/terraform/variables.tf b/terraform/variables.tf index faacfdc..92a6b6f 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -79,3 +79,7 @@ variable "TS_AUTHKEY" { description = "Tailscale auth key used in cloud-init" } +variable "SSK_KEY_PUB" { + type = string + description = "My Public SSH key fo ssh auth list" +} From ba3fe8e7ff2b5bedad14ba15a082e785d56b6206 Mon Sep 17 00:00:00 2001 From: MichaelFisher1997 Date: Fri, 18 Apr 2025 11:01:55 +0100 Subject: [PATCH 05/11] terraform apply --- .gitea/workflows/terraform-apply.yml | 4 ++-- .gitea/workflows/terraform-plan.yml | 4 ++-- terraform/variables.tf | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.gitea/workflows/terraform-apply.yml b/.gitea/workflows/terraform-apply.yml index 44d41a8..15cd552 100644 --- a/.gitea/workflows/terraform-apply.yml +++ b/.gitea/workflows/terraform-apply.yml @@ -16,9 +16,8 @@ jobs: pull-requests: write env: - TF_VAR_SSH_KEY: ${{ secrets.SSH_KEY }} + TF_VAR_SSH_KEY_PUBLIC: ${{ secrets.SSH_KEY_PUBLIC }} TF_VAR_TS_AUTHKEY: ${{ secrets.TAILSCALE_KEY }} - TF_VAR_ssh_key: ${{ secrets.SSH_PUBLIC_KEY }} steps: - name: Checkout repository @@ -33,6 +32,7 @@ jobs: working-directory: terraform run: | echo 'proxmox_password = "${{ secrets.PROXMOX_PASSWORD }}"' >> terraform.tfvars + echo 'SSH_KEY_PUBLIC = "${{ secrets.SSH_KEY_PUBLIC }}"' >> terraform.tfvars - name: Terraform Init working-directory: terraform diff --git a/.gitea/workflows/terraform-plan.yml b/.gitea/workflows/terraform-plan.yml index 04f0cbe..67dab5d 100644 --- a/.gitea/workflows/terraform-plan.yml +++ b/.gitea/workflows/terraform-plan.yml @@ -17,9 +17,8 @@ jobs: pull-requests: write env: - TF_VAR_SSH_KEY: ${{ secrets.SSH_KEY }} + TF_VAR_SSH_KEY: ${{ secrets.SSH_KEY_PUBLIC }} TF_VAR_TS_AUTHKEY: ${{ secrets.TAILSCALE_KEY }} - # TF_VAR_ssh_key: ${{ secrets.SSH_PUBLIC_KEY }} steps: - name: Checkout repository @@ -34,6 +33,7 @@ jobs: working-directory: terraform run: | echo 'proxmox_password = "${{ secrets.PROXMOX_PASSWORD }}"' >> terraform.tfvars + echo 'SSH_KEY_PUBLIC = "${{ secrets.SSH_KEY_PUBLIC }}"' >> terraform.tfvars - name: Terraform Init working-directory: terraform diff --git a/terraform/variables.tf b/terraform/variables.tf index 92a6b6f..ef6f40a 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -79,7 +79,7 @@ variable "TS_AUTHKEY" { description = "Tailscale auth key used in cloud-init" } -variable "SSK_KEY_PUB" { +variable "SSK_KEY_PUBLIC" { type = string description = "My Public SSH key fo ssh auth list" } From 524bd92da4d63ae3524541c31fdf1da3d76e47c8 Mon Sep 17 00:00:00 2001 From: MichaelFisher1997 Date: Fri, 18 Apr 2025 11:26:17 +0100 Subject: [PATCH 06/11] terraform apply --- .gitignore | 4 ++++ terraform/.terraform.lock.hcl | 19 ------------------- terraform/cloud-init.tf | 1 + terraform/terraform.tfstate | 2 +- terraform/variables.tf | 2 +- 5 files changed, 7 insertions(+), 21 deletions(-) diff --git a/.gitignore b/.gitignore index e93f800..b402636 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,6 @@ ./terraform/.terraform terraform/.terraform/ +terraform/test-apply.sh +terraform/test-plan.sh +terraform/test-destroy.sh +terraform/tfplan diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl index f0afad1..6d24976 100644 --- a/terraform/.terraform.lock.hcl +++ b/terraform/.terraform.lock.hcl @@ -20,25 +20,6 @@ provider "registry.terraform.io/hashicorp/local" { ] } -provider "registry.terraform.io/hashicorp/null" { - version = "3.2.3" - hashes = [ - "h1:+AnORRgFbRO6qqcfaQyeX80W0eX3VmjadjnUFUJTiXo=", - "zh:22d062e5278d872fe7aed834f5577ba0a5afe34a3bdac2b81f828d8d3e6706d2", - "zh:23dead00493ad863729495dc212fd6c29b8293e707b055ce5ba21ee453ce552d", - "zh:28299accf21763ca1ca144d8f660688d7c2ad0b105b7202554ca60b02a3856d3", - "zh:55c9e8a9ac25a7652df8c51a8a9a422bd67d784061b1de2dc9fe6c3cb4e77f2f", - "zh:756586535d11698a216291c06b9ed8a5cc6a4ec43eee1ee09ecd5c6a9e297ac1", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:9d5eea62fdb587eeb96a8c4d782459f4e6b73baeece4d04b4a40e44faaee9301", - "zh:a6355f596a3fb8fc85c2fb054ab14e722991533f87f928e7169a486462c74670", - "zh:b5a65a789cff4ada58a5baffc76cb9767dc26ec6b45c00d2ec8b1b027f6db4ed", - "zh:db5ab669cf11d0e9f81dc380a6fdfcac437aea3d69109c7aef1a5426639d2d65", - "zh:de655d251c470197bcbb5ac45d289595295acb8f829f6c781d4a75c8c8b7c7dd", - "zh:f5c68199f2e6076bce92a12230434782bf768103a427e9bb9abee99b116af7b5", - ] -} - provider "registry.terraform.io/hashicorp/template" { version = "2.2.0" hashes = [ diff --git a/terraform/cloud-init.tf b/terraform/cloud-init.tf index 6c11712..3fb5da3 100644 --- a/terraform/cloud-init.tf +++ b/terraform/cloud-init.tf @@ -7,6 +7,7 @@ data "template_file" "cloud_init_global" { hostname = "generic" domain = "home.arpa" TS_AUTHKEY = var.TS_AUTHKEY + SSH_KEY_PUBLIC = var.SSH_KEY_PUBLIC } } diff --git a/terraform/terraform.tfstate b/terraform/terraform.tfstate index 06358c8..19d9355 100644 --- a/terraform/terraform.tfstate +++ b/terraform/terraform.tfstate @@ -1,6 +1,6 @@ { "version": 4, - "terraform_version": "1.8.3", + "terraform_version": "1.11.4", "serial": 31, "lineage": "7a39dd41-1655-172c-950b-b8c5398caf69", "outputs": {}, diff --git a/terraform/variables.tf b/terraform/variables.tf index ef6f40a..c05239f 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -79,7 +79,7 @@ variable "TS_AUTHKEY" { description = "Tailscale auth key used in cloud-init" } -variable "SSK_KEY_PUBLIC" { +variable "SSH_KEY_PUBLIC" { type = string description = "My Public SSH key fo ssh auth list" } From fcdde6cf1f8a32350989e299bd611e5ec2a0fa19 Mon Sep 17 00:00:00 2001 From: MichaelFisher1997 Date: Fri, 18 Apr 2025 11:27:41 +0100 Subject: [PATCH 07/11] terraform apply --- terraform/cloud-init.tf | 22 +++------------------- 1 file changed, 3 insertions(+), 19 deletions(-) diff --git a/terraform/cloud-init.tf b/terraform/cloud-init.tf index 3fb5da3..39f2a71 100644 --- a/terraform/cloud-init.tf +++ b/terraform/cloud-init.tf @@ -4,9 +4,9 @@ data "template_file" "cloud_init_global" { template = file("${path.module}/files/cloud_init_global.yaml") vars = { - hostname = "generic" - domain = "home.arpa" - TS_AUTHKEY = var.TS_AUTHKEY + hostname = "generic" + domain = "home.arpa" + TS_AUTHKEY = var.TS_AUTHKEY SSH_KEY_PUBLIC = var.SSH_KEY_PUBLIC } } @@ -15,19 +15,3 @@ resource "local_file" "cloud_init_global" { content = data.template_file.cloud_init_global.rendered filename = "${path.module}/files/cloud_init_global.yaml" } - -#resource "null_resource" "upload_cloud_init_alpaca" { -# count = var.alpaca_vm_count -# -# connection { -# type = "ssh" -# user = "root" -# private_key = var.ssh_key -# host = var.target_node -# } -# -# provisioner "file" { -# source = local_file.cloud_init_alpaca[count.index].filename -# destination = "/var/lib/vz/snippets/cloud_init_alpaca_${count.index + 1}.yaml" -# } -#} From 0c0cbc5defa68522c0368f69f64042076468bd16 Mon Sep 17 00:00:00 2001 From: MichaelFisher1997 Date: Fri, 18 Apr 2025 11:29:29 +0100 Subject: [PATCH 08/11] terraform apply --- terraform/terraform.tfvars | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/terraform/terraform.tfvars b/terraform/terraform.tfvars index 234ce68..486074c 100644 --- a/terraform/terraform.tfvars +++ b/terraform/terraform.tfvars @@ -9,5 +9,4 @@ bridge = "vmbr0" disk_type = "scsi" storage = "Flash" pm_api_url = "https://100.105.0.115:8006/api2/json" -pm_user = "terraform-prov@pve" - +pm_user = "terraform-prov@pve" \ No newline at end of file From 0e7860bfe7c781bba6b3ab4af0de995da3e17990 Mon Sep 17 00:00:00 2001 From: MichaelFisher1997 Date: Fri, 18 Apr 2025 11:35:01 +0100 Subject: [PATCH 09/11] Worflow: changes vars --- .gitea/workflows/terraform-apply.yml | 11 +++-------- .gitea/workflows/terraform-destroy.yml | 11 +++-------- .gitea/workflows/terraform-plan.yml | 11 +++-------- 3 files changed, 9 insertions(+), 24 deletions(-) diff --git a/.gitea/workflows/terraform-apply.yml b/.gitea/workflows/terraform-apply.yml index 15cd552..bd1fbf3 100644 --- a/.gitea/workflows/terraform-apply.yml +++ b/.gitea/workflows/terraform-apply.yml @@ -16,8 +16,9 @@ jobs: pull-requests: write env: - TF_VAR_SSH_KEY_PUBLIC: ${{ secrets.SSH_KEY_PUBLIC }} - TF_VAR_TS_AUTHKEY: ${{ secrets.TAILSCALE_KEY }} + TF_VAR_SSH_KEY: ${{ secrets.TF_VAR_SSH_KEY_PUBLIC }} + TF_VAR_TS_AUTHKEY: ${{ secrets.TF_VAR_TS_AUTHKEY }} + TF_VAR_PROXMOX_PASSWORD: ${{ secrets.TF_VAR_PROXMOX_PASSWORD }} steps: - name: Checkout repository @@ -28,12 +29,6 @@ jobs: with: terraform_version: 1.6.6 - - name: Inject sensitive secrets - working-directory: terraform - run: | - echo 'proxmox_password = "${{ secrets.PROXMOX_PASSWORD }}"' >> terraform.tfvars - echo 'SSH_KEY_PUBLIC = "${{ secrets.SSH_KEY_PUBLIC }}"' >> terraform.tfvars - - name: Terraform Init working-directory: terraform run: terraform init diff --git a/.gitea/workflows/terraform-destroy.yml b/.gitea/workflows/terraform-destroy.yml index 0ab30af..f082b60 100644 --- a/.gitea/workflows/terraform-destroy.yml +++ b/.gitea/workflows/terraform-destroy.yml @@ -14,9 +14,9 @@ jobs: pull-requests: write env: - TF_VAR_SSH_KEY: ${{ secrets.SSH_KEY }} - TF_VAR_TS_AUTHKEY: ${{ secrets.TAILSCALE_KEY }} - TF_VAR_ssh_key: ${{ secrets.SSH_PUBLIC_KEY }} + TF_VAR_SSH_KEY: ${{ secrets.TF_VAR_SSH_KEY_PUBLIC }} + TF_VAR_TS_AUTHKEY: ${{ secrets.TF_VAR_TS_AUTHKEY }} + TF_VAR_PROXMOX_PASSWORD: ${{ secrets.TF_VAR_PROXMOX_PASSWORD }} steps: @@ -28,11 +28,6 @@ jobs: with: terraform_version: 1.6.6 - - name: Inject sensitive secrets - working-directory: terraform - run: | - echo 'proxmox_password = "${{ secrets.PROXMOX_PASSWORD }}"' >> terraform.tfvars - - name: Terraform Init working-directory: terraform run: terraform init diff --git a/.gitea/workflows/terraform-plan.yml b/.gitea/workflows/terraform-plan.yml index 67dab5d..ffaa5a5 100644 --- a/.gitea/workflows/terraform-plan.yml +++ b/.gitea/workflows/terraform-plan.yml @@ -17,8 +17,9 @@ jobs: pull-requests: write env: - TF_VAR_SSH_KEY: ${{ secrets.SSH_KEY_PUBLIC }} - TF_VAR_TS_AUTHKEY: ${{ secrets.TAILSCALE_KEY }} + TF_VAR_SSH_KEY: ${{ secrets.TF_VAR_SSH_KEY_PUBLIC }} + TF_VAR_TS_AUTHKEY: ${{ secrets.TF_VAR_TS_AUTHKEY }} + TF_VAR_PROXMOX_PASSWORD: ${{ secrets.TF_VAR_PROXMOX_PASSWORD }} steps: - name: Checkout repository @@ -29,12 +30,6 @@ jobs: with: terraform_version: 1.6.6 - - name: Inject sensitive secrets - working-directory: terraform - run: | - echo 'proxmox_password = "${{ secrets.PROXMOX_PASSWORD }}"' >> terraform.tfvars - echo 'SSH_KEY_PUBLIC = "${{ secrets.SSH_KEY_PUBLIC }}"' >> terraform.tfvars - - name: Terraform Init working-directory: terraform run: terraform init From e04f10c5a3fa2ddf2face1b3e9582fc96a1ef124 Mon Sep 17 00:00:00 2001 From: MichaelFisher1997 Date: Fri, 18 Apr 2025 11:40:44 +0100 Subject: [PATCH 10/11] Worflow: changes vars --- .gitea/workflows/terraform-plan.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitea/workflows/terraform-plan.yml b/.gitea/workflows/terraform-plan.yml index ffaa5a5..51f09d0 100644 --- a/.gitea/workflows/terraform-plan.yml +++ b/.gitea/workflows/terraform-plan.yml @@ -17,9 +17,9 @@ jobs: pull-requests: write env: - TF_VAR_SSH_KEY: ${{ secrets.TF_VAR_SSH_KEY_PUBLIC }} - TF_VAR_TS_AUTHKEY: ${{ secrets.TF_VAR_TS_AUTHKEY }} - TF_VAR_PROXMOX_PASSWORD: ${{ secrets.TF_VAR_PROXMOX_PASSWORD }} + TF_VAR_SSH_KEY_PUBLIC: ${{ secrets.SSH_KEY_PUBLIC }} + TF_VAR_TS_AUTHKEY: ${{ secrets.TS_AUTHKEY }} + TF_VAR_proxmox_password: ${{ secrets.PROXMOX_PASSWORD }} steps: - name: Checkout repository From 7d04a2c4752ddcb9650dad2d98daf42a023ad3da Mon Sep 17 00:00:00 2001 From: MichaelFisher1997 Date: Fri, 18 Apr 2025 11:42:05 +0100 Subject: [PATCH 11/11] Worflow: changes vars --- .gitea/workflows/terraform-apply.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitea/workflows/terraform-apply.yml b/.gitea/workflows/terraform-apply.yml index bd1fbf3..4180a91 100644 --- a/.gitea/workflows/terraform-apply.yml +++ b/.gitea/workflows/terraform-apply.yml @@ -16,9 +16,9 @@ jobs: pull-requests: write env: - TF_VAR_SSH_KEY: ${{ secrets.TF_VAR_SSH_KEY_PUBLIC }} - TF_VAR_TS_AUTHKEY: ${{ secrets.TF_VAR_TS_AUTHKEY }} - TF_VAR_PROXMOX_PASSWORD: ${{ secrets.TF_VAR_PROXMOX_PASSWORD }} + TF_VAR_SSH_KEY_PUBLIC: ${{ secrets.SSH_KEY_PUBLIC }} + TF_VAR_TS_AUTHKEY: ${{ secrets.TS_AUTHKEY }} + TF_VAR_proxmox_password: ${{ secrets.PROXMOX_PASSWORD }} steps: - name: Checkout repository