54c0b684c8
Merge pull request 'fix: remove proxmox snippet dependency for cloud-init' ( #34 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Failing after 5m14s
Reviewed-on: #34
2026-02-28 14:53:00 +00:00
2577669e12
fix: remove proxmox snippet dependency for cloud-init
Terraform Plan / Terraform Plan (push) Successful in 12s
2026-02-28 14:48:14 +00:00
dd3a37dfd1
Merge pull request 'stage' ( #33 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Failing after 3m19s
Reviewed-on: #33
2026-02-28 14:44:40 +00:00
35f0a0dccb
fix: disable terraform wrapper in plan workflow
Terraform Plan / Terraform Plan (push) Successful in 17s
2026-02-28 14:41:47 +00:00
583d5c3591
fix: use gitea checkout action in plan workflow
Terraform Plan / Terraform Plan (push) Failing after 26s
2026-02-28 14:39:45 +00:00
77626ed93c
fix: restore checkout in plan workflow
Terraform Plan / Terraform Plan (push) Failing after 27s
2026-02-28 14:38:21 +00:00
a5d5ddb618
fix: remove checkout action from plan workflow
Terraform Plan / Terraform Plan (push) Failing after 2s
2026-02-28 14:35:48 +00:00
a5f8d72bff
fix: disable artifact upload in plan workflow
Terraform Plan / Terraform Plan (push) Failing after 16s
2026-02-28 14:28:33 +00:00
335254b7b2
fix: remove cross-variable validation from worker lists
...
Terraform Plan / Terraform Plan (push) Failing after 17s
Terraform variable validation blocks can only reference the variable itself, so list length checks against worker_count were removed to restore init/plan.
2026-02-28 14:19:00 +00:00
21be01346b
feat: refactor infra to cp/wk kubeadm topology
...
Terraform Plan / Terraform Plan (push) Failing after 9s
Provision 3 thin control planes and 3 workers with role-specific sizing and VMID ranges (701/711), generate per-node cloud-init snippets with SSH key injection, and add NixOS kubeadm host/module scaffolding for cp-1..3 and wk-1..3.
2026-02-28 14:16:55 +00:00
ba1884bbc5
Merge pull request 'chore: disable VM tailscale bootstrap for now' ( #32 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Successful in 1m55s
Reviewed-on: #32
2026-02-28 13:47:11 +00:00
c516c8ba35
chore: disable VM tailscale bootstrap for now
...
Terraform Plan / Terraform Plan (push) Successful in 17s
Remove tailscale auth/bootstrap from cloud-init and workflows, keeping VM provisioning focused on core network behind pfSense while preserving SSH key cloud-init setup.
2026-02-28 13:46:11 +00:00
8b8bab77b0
Merge pull request 'fix: make cloud-init tailscale bootstrap resilient' ( #31 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Successful in 1m58s
Reviewed-on: #31
2026-02-28 13:31:07 +00:00
93bba9fbfc
fix: make cloud-init tailscale bootstrap resilient
...
Terraform Plan / Terraform Plan (push) Successful in 17s
Add retry loop for tailscale up during first boot and fallback without tag advertisement when tag auth is unavailable, so nodes still join tailnet.
2026-02-28 13:24:24 +00:00
6ef807e59c
Merge pull request 'refactor: move tailscale join fully into cloud-init' ( #30 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Successful in 2m2s
Reviewed-on: #30
2026-02-28 13:20:48 +00:00
8887a8bb87
refactor: move tailscale join fully into cloud-init
...
Terraform Plan / Terraform Plan (push) Successful in 18s
Remove guest-agent enrollment workflow, pass TS auth key through Terraform variables/secrets, and run tailscale up with tag:k8s during cloud-init bootstrap alongside SSH key injection.
2026-02-28 13:13:34 +00:00
32b1fcec58
Merge pull request 'fix: use POST for Proxmox guest agent ping endpoint' ( #29 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Has been cancelled
Reviewed-on: #29
2026-02-28 13:03:18 +00:00
c87bb16f10
fix: use POST for Proxmox guest agent ping endpoint
...
Terraform Plan / Terraform Plan (push) Successful in 19s
Proxmox returns 501 for GET /agent/ping; switch to POST so tailscale enrollment can detect guest-agent readiness.
2026-02-28 13:02:02 +00:00
a891109ee9
Merge pull request 'stage' ( #28 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Has been cancelled
Reviewed-on: #28
2026-02-28 12:58:11 +00:00
0ea9888854
fix: include SSH key variable in destroy workflow
...
Terraform Plan / Terraform Plan (push) Successful in 17s
Pass SSH_KEY_PUBLIC in secrets.auto.tfvars so terraform destroy plan no longer prompts for required cloud-init variable.
2026-02-28 12:56:51 +00:00
3261b18f37
improve: fail fast and surface guest-agent API errors
...
Terraform Plan / Terraform Plan (push) Failing after 23s
Reduce agent wait timeout and print HTTP/auth errors during enrollment so hangs are visible and permission issues are diagnosable.
2026-02-28 12:52:15 +00:00
2d455929bd
Merge pull request 'stage' ( #27 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Has been cancelled
Reviewed-on: #27
2026-02-28 12:48:21 +00:00
9740e9c6fb
fix: strip newlines from SSH_KEY_PUBLIC secret in workflows
...
Terraform Plan / Terraform Plan (push) Successful in 17s
Normalize SSH public key secret before writing secrets.auto.tfvars so wrapped/multiline key pastes do not break Terraform parsing.
2026-02-28 12:46:25 +00:00
f12e15e566
Merge remote-tracking branch 'origin/master' into stage
Terraform Plan / Terraform Plan (push) Failing after 14s
2026-02-28 12:45:15 +00:00
b3521d6c02
chore: remove baked SSH key from template user
...
Rely on cloud-init SSH key injection from secrets for access rotation instead of storing an authorized key in the template config.
2026-02-28 12:45:04 +00:00
17834b3aa7
update: rotate SSH access via cloud-init secret
...
Terraform Plan / Terraform Plan (push) Successful in 17s
Inject SSH public key through Terraform/cloud-init from Gitea secret so access can be rotated without rebuilding the template image.
2026-02-28 12:36:20 +00:00
017d5ce00d
Merge pull request 'stage' ( #26 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Has been cancelled
Reviewed-on: #26
2026-02-28 12:14:24 +00:00
6fada2f32a
refactor: use direct tailscale auth-key enrollment
...
Terraform Plan / Terraform Plan (push) Successful in 18s
Stop writing auth keys to guest files and enroll nodes by running tailscale up directly via Proxmox guest agent with VM-name hostnames.
2026-02-28 12:12:58 +00:00
510ba707ad
fix: stabilize tailscale enrollment without cloud-init rollback
...
Terraform Plan / Terraform Plan (push) Successful in 17s
Create /etc/tailscale before writing runtime key, add progress logging and unbuffered output in enroll script, and shorten guest-agent wait to fail faster when enrollment cannot run.
2026-02-28 12:09:40 +00:00
a2d61d6972
Merge pull request 'fix: make tailscale enrollment resilient when guest agent is unavailable' ( #25 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Has been cancelled
Reviewed-on: #25
2026-02-28 11:36:29 +00:00
6fbc4dd80f
fix: make tailscale enrollment resilient when guest agent is unavailable
...
Terraform Plan / Terraform Plan (push) Successful in 18s
Increase guest-agent wait window and treat agent-unavailable as warning by default, while keeping strict failure optional via TAILSCALE_ENROLL_STRICT secret.
2026-02-28 10:34:46 +00:00
5acb8370cc
Merge pull request 'fix: parse terraform output JSON robustly in enroll step' ( #24 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Failing after 16m5s
Reviewed-on: #24
2026-02-28 02:29:06 +00:00
f207f774de
fix: parse terraform output JSON robustly in enroll step
...
Terraform Plan / Terraform Plan (push) Successful in 19s
Handle setup-terraform wrapper prefixes by decoding from first JSON object before reading VM outputs.
2026-02-28 02:21:57 +00:00
1a309cbe4f
Merge pull request 'feat: enroll tailscale via Proxmox guest agent by VMID' ( #23 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Failing after 1m56s
Reviewed-on: #23
2026-02-28 02:16:58 +00:00
83d277d144
feat: enroll tailscale via Proxmox guest agent by VMID
...
Terraform Plan / Terraform Plan (push) Successful in 19s
Replace SSH/IP-based enrollment with Proxmox API guest-agent execution using Terraform outputs, set per-VM hostnames from resource names, and reset cloned tailscale state before join for unique node identities.
2026-02-28 02:14:39 +00:00
5e1fd2e9f3
Merge pull request 'fix: make tailscale enrollment clone-safe and hostname-aware' ( #22 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Successful in 1m54s
Reviewed-on: #22
2026-02-28 02:02:49 +00:00
3335020db5
fix: make tailscale enrollment clone-safe and hostname-aware
...
Terraform Plan / Terraform Plan (push) Successful in 17s
Reset cloned tailscale state before first join, remove one-shot marker dependency, and allow workflow host entries in host=hostname format so nodes join with VM-aligned tailscale names.
2026-02-28 02:01:48 +00:00
9ce06671c9
Merge pull request 'fix: align VM boot disk and add Terraform safety workflows' ( #21 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Successful in 1m59s
Reviewed-on: #21
2026-02-28 01:26:59 +00:00
a7f68c0c4b
fix: tolerate extra output in destroy guard parser
...
Terraform Plan / Terraform Plan (push) Successful in 3m34s
Parse the first JSON object from terraform show output to avoid failures when extra non-JSON lines are present.
2026-02-28 01:23:07 +00:00
d1a7ccc98c
chore: serialize Terraform workflows to prevent races
...
Terraform Plan / Terraform Plan (push) Failing after 3m34s
Add global workflow concurrency group with queueing enabled so plan/apply/destroy runs do not overlap and contend for shared remote state.
2026-02-28 01:17:51 +00:00
afe19041d9
fix: make destroy guard parse tfplan JSON robustly
...
Terraform Plan / Terraform Plan (push) Has been cancelled
Use terraform show with no-color and resilient JSON extraction to avoid parser failures when workflow output includes non-JSON noise.
2026-02-28 01:16:19 +00:00
c9be2a2fc8
fix: align VM boot disk and add Terraform safety workflows
...
Terraform Plan / Terraform Plan (push) Failing after 3m35s
Switch VM boot order/disks to scsi0 to match cloned NixOS template boot layout, add destroy guards to plan/apply workflows, and replace destroy workflow with a confirmed manual dispatch nuke flow that uses remote B2 state.
2026-02-28 01:10:31 +00:00
5fc58dfc98
Merge pull request 'stage' ( #20 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Successful in 4m28s
Reviewed-on: #20
2026-02-28 01:01:31 +00:00
1c4a27bca3
Merge branch 'master' into stage
Terraform Plan / Terraform Plan (push) Successful in 16s
2026-02-28 01:00:47 +00:00
47f950d667
fix: update S3 backend config for Terraform init
...
Terraform Plan / Terraform Plan (push) Successful in 17s
Use non-deprecated s3 endpoint settings, switch to use_path_style, and trim newline characters from B2 credentials when generating backend.hcl in CI.
2026-02-28 00:56:12 +00:00
b0768db7a7
feat: store Terraform state in Backblaze B2
...
Terraform Plan / Terraform Plan (push) Failing after 9s
Configure an s3 backend and initialize Terraform in CI with backend config from Gitea secrets so state persists across runs and apply operations stay consistent.
2026-02-28 00:52:40 +00:00
c0dd091b51
chore: align template base with live VM config
...
Terraform Plan / Terraform Plan (push) Successful in 16s
Set NixOS stateVersion to 25.05 and include neovim in the default utility package set.
2026-02-28 00:44:08 +00:00
595df12b3e
update: automate tailscale enrollment from Gitea secrets
...
Terraform Plan / Terraform Plan (push) Successful in 16s
Add a first-boot tailscale enrollment service to the NixOS template and wire terraform-apply to inject TS auth key at runtime from secrets, so keys are not baked into templates or repo files.
2026-02-28 00:33:14 +00:00
735e9df9f1
Merge pull request 'stage' ( #19 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Successful in 4m25s
Reviewed-on: #19
2026-02-28 00:13:24 +00:00
e714a56980
update: switch Terraform to NixOS template workflow
...
Terraform Plan / Terraform Plan (push) Successful in 17s
- Point clone_template to nixos-template and trim cloud-init to Nix-safe hostname/DNS only
- Remove SSH/Tailscale cloud-init variables and workflow secret dependencies
- Add reusable NixOS template-base config with bootloader, Tailscale, fish, and utility packages
2026-02-28 00:06:25 +00:00
