cc40dff49a
fix: allow required VM reboots and serialize apply
Terraform Plan / Terraform Plan (push) Successful in 18s
2026-02-28 18:55:07 +00:00
d190f64181
fix: ignore cloud-init ssh drift on existing VMs
Terraform Plan / Terraform Plan (push) Successful in 18s
2026-02-28 18:46:14 +00:00
2a5ecebd99
fix: repair SSH key step quoting in workflows
Terraform Plan / Terraform Plan (push) Successful in 17s
2026-02-28 18:36:58 +00:00
3ee5cfa823
fix: support base64 SSH private keys in workflows
Terraform Plan / Terraform Plan (push) Successful in 17s
2026-02-28 18:13:56 +00:00
2d9d6cdcd5
fix: normalize escaped SSH private key secrets
Terraform Plan / Terraform Plan (push) Successful in 18s
2026-02-28 17:57:58 +00:00
03fff813ac
fix: prefer SSH_KEY_PRIVATE and validate keypair fingerprint
Terraform Plan / Terraform Plan (push) Successful in 13s
2026-02-28 17:40:25 +00:00
c94c1f61d8
fix: force explicit SSH identity for kubeadm remote operations
Terraform Plan / Terraform Plan (push) Successful in 18s
2026-02-28 17:16:31 +00:00
046de9b3d4
fix: preseed known_hosts for kubeadm SSH operations
Terraform Plan / Terraform Plan (push) Successful in 19s
2026-02-28 17:07:43 +00:00
b6ce31ad6c
fix: avoid PATH override that hides bash on runners
Terraform Plan / Terraform Plan (push) Successful in 17s
2026-02-28 17:01:00 +00:00
71890c00c0
fix: load nix profile from root path on act runners
Terraform Plan / Terraform Plan (push) Successful in 17s
2026-02-28 16:57:08 +00:00
8d809355eb
fix: add nixbld users as explicit group members
Terraform Plan / Terraform Plan (push) Successful in 17s
2026-02-28 16:53:41 +00:00
7759c47fea
fix: provision nixbld users for root nix install
Terraform Plan / Terraform Plan (push) Successful in 18s
2026-02-28 16:49:45 +00:00
9e922dd62c
fix: create /nix when installing nix on root runners
Terraform Plan / Terraform Plan (push) Successful in 17s
2026-02-28 16:47:22 +00:00
5669305e59
feat: make kubeadm workflows auto-scale with terraform outputs
Terraform Plan / Terraform Plan (push) Successful in 19s
2026-02-28 16:43:22 +00:00
f341816112
feat: run kubeadm reconcile after terraform apply on master
Terraform Plan / Terraform Plan (push) Successful in 18s
2026-02-28 16:39:04 +00:00
c04ef106a3
fix: install nix tooling in bootstrap workflow when missing
Terraform Plan / Terraform Plan (push) Successful in 17s
2026-02-28 16:36:42 +00:00
8bcc162956
feat: auto-discover kubeadm node IPs from terraform state
Terraform Plan / Terraform Plan (push) Successful in 17s
2026-02-28 16:31:23 +00:00
b0779c51c0
feat: add gitea workflows for kubeadm bootstrap and reset
Terraform Plan / Terraform Plan (push) Successful in 17s
2026-02-28 16:26:51 +00:00
9fe845b53d
feat: add repeatable kubeadm rebuild and reset scripts
Terraform Plan / Terraform Plan (push) Successful in 17s
2026-02-28 16:24:45 +00:00
885a92f494
chore: add lightweight flake checks for kubeadm configs
Terraform Plan / Terraform Plan (push) Successful in 17s
2026-02-28 16:19:37 +00:00
91dd20e60e
fix: escape shell expansion in kubeadm helper scripts
Terraform Plan / Terraform Plan (push) Successful in 17s
2026-02-28 16:12:25 +00:00
abac6300ca
refactor: generate kubeadm host configs from flake
Terraform Plan / Terraform Plan (push) Successful in 17s
2026-02-28 16:09:05 +00:00
7206d8cd41
feat: implement kubeadm bootstrap scaffolding for Nix nodes
Terraform Plan / Terraform Plan (push) Successful in 18s
2026-02-28 16:04:14 +00:00
a99516a2a3
chore: format terraform configuration
Terraform Plan / Terraform Plan (push) Successful in 17s
2026-02-28 15:41:14 +00:00
5c69abf9ff
fix: disable automatic reboot for proxmox VM updates
Terraform Plan / Terraform Plan (push) Failing after 10s
2026-02-28 15:40:18 +00:00
16d5a87586
update: set wk-3 worker cores to 4
Terraform Plan / Terraform Plan (push) Successful in 18s
2026-02-28 15:35:52 +00:00
1304afd793
fix: harden destroy workflow and recover state push
Terraform Plan / Terraform Plan (push) Successful in 13s
2026-02-28 15:17:42 +00:00
df4740071a
fix: harden apply workflow for gitea runner
Terraform Plan / Terraform Plan (push) Successful in 17s
2026-02-28 15:10:33 +00:00
2577669e12
fix: remove proxmox snippet dependency for cloud-init
Terraform Plan / Terraform Plan (push) Successful in 12s
2026-02-28 14:48:14 +00:00
35f0a0dccb
fix: disable terraform wrapper in plan workflow
Terraform Plan / Terraform Plan (push) Successful in 17s
2026-02-28 14:41:47 +00:00
583d5c3591
fix: use gitea checkout action in plan workflow
Terraform Plan / Terraform Plan (push) Failing after 26s
2026-02-28 14:39:45 +00:00
77626ed93c
fix: restore checkout in plan workflow
Terraform Plan / Terraform Plan (push) Failing after 27s
2026-02-28 14:38:21 +00:00
a5d5ddb618
fix: remove checkout action from plan workflow
Terraform Plan / Terraform Plan (push) Failing after 2s
2026-02-28 14:35:48 +00:00
a5f8d72bff
fix: disable artifact upload in plan workflow
Terraform Plan / Terraform Plan (push) Failing after 16s
2026-02-28 14:28:33 +00:00
335254b7b2
fix: remove cross-variable validation from worker lists
...
Terraform Plan / Terraform Plan (push) Failing after 17s
Terraform variable validation blocks can only reference the variable itself, so list length checks against worker_count were removed to restore init/plan.
2026-02-28 14:19:00 +00:00
21be01346b
feat: refactor infra to cp/wk kubeadm topology
...
Terraform Plan / Terraform Plan (push) Failing after 9s
Provision 3 thin control planes and 3 workers with role-specific sizing and VMID ranges (701/711), generate per-node cloud-init snippets with SSH key injection, and add NixOS kubeadm host/module scaffolding for cp-1..3 and wk-1..3.
2026-02-28 14:16:55 +00:00
c516c8ba35
chore: disable VM tailscale bootstrap for now
...
Terraform Plan / Terraform Plan (push) Successful in 17s
Remove tailscale auth/bootstrap from cloud-init and workflows, keeping VM provisioning focused on core network behind pfSense while preserving SSH key cloud-init setup.
2026-02-28 13:46:11 +00:00
93bba9fbfc
fix: make cloud-init tailscale bootstrap resilient
...
Terraform Plan / Terraform Plan (push) Successful in 17s
Add retry loop for tailscale up during first boot and fallback without tag advertisement when tag auth is unavailable, so nodes still join tailnet.
2026-02-28 13:24:24 +00:00
8887a8bb87
refactor: move tailscale join fully into cloud-init
...
Terraform Plan / Terraform Plan (push) Successful in 18s
Remove guest-agent enrollment workflow, pass TS auth key through Terraform variables/secrets, and run tailscale up with tag:k8s during cloud-init bootstrap alongside SSH key injection.
2026-02-28 13:13:34 +00:00
c87bb16f10
fix: use POST for Proxmox guest agent ping endpoint
...
Terraform Plan / Terraform Plan (push) Successful in 19s
Proxmox returns 501 for GET /agent/ping; switch to POST so tailscale enrollment can detect guest-agent readiness.
2026-02-28 13:02:02 +00:00
0ea9888854
fix: include SSH key variable in destroy workflow
...
Terraform Plan / Terraform Plan (push) Successful in 17s
Pass SSH_KEY_PUBLIC in secrets.auto.tfvars so terraform destroy plan no longer prompts for required cloud-init variable.
2026-02-28 12:56:51 +00:00
3261b18f37
improve: fail fast and surface guest-agent API errors
...
Terraform Plan / Terraform Plan (push) Failing after 23s
Reduce agent wait timeout and print HTTP/auth errors during enrollment so hangs are visible and permission issues are diagnosable.
2026-02-28 12:52:15 +00:00
9740e9c6fb
fix: strip newlines from SSH_KEY_PUBLIC secret in workflows
...
Terraform Plan / Terraform Plan (push) Successful in 17s
Normalize SSH public key secret before writing secrets.auto.tfvars so wrapped/multiline key pastes do not break Terraform parsing.
2026-02-28 12:46:25 +00:00
f12e15e566
Merge remote-tracking branch 'origin/master' into stage
Terraform Plan / Terraform Plan (push) Failing after 14s
2026-02-28 12:45:15 +00:00
b3521d6c02
chore: remove baked SSH key from template user
...
Rely on cloud-init SSH key injection from secrets for access rotation instead of storing an authorized key in the template config.
2026-02-28 12:45:04 +00:00
17834b3aa7
update: rotate SSH access via cloud-init secret
...
Terraform Plan / Terraform Plan (push) Successful in 17s
Inject SSH public key through Terraform/cloud-init from Gitea secret so access can be rotated without rebuilding the template image.
2026-02-28 12:36:20 +00:00
017d5ce00d
Merge pull request 'stage' ( #26 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Has been cancelled
Reviewed-on: #26
2026-02-28 12:14:24 +00:00
6fada2f32a
refactor: use direct tailscale auth-key enrollment
...
Terraform Plan / Terraform Plan (push) Successful in 18s
Stop writing auth keys to guest files and enroll nodes by running tailscale up directly via Proxmox guest agent with VM-name hostnames.
2026-02-28 12:12:58 +00:00
510ba707ad
fix: stabilize tailscale enrollment without cloud-init rollback
...
Terraform Plan / Terraform Plan (push) Successful in 17s
Create /etc/tailscale before writing runtime key, add progress logging and unbuffered output in enroll script, and shorten guest-agent wait to fail faster when enrollment cannot run.
2026-02-28 12:09:40 +00:00
a2d61d6972
Merge pull request 'fix: make tailscale enrollment resilient when guest agent is unavailable' ( #25 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Has been cancelled
Reviewed-on: #25
2026-02-28 11:36:29 +00:00
