f341816112
feat: run kubeadm reconcile after terraform apply on master
Terraform Plan / Terraform Plan (push) Successful in 18s
2026-02-28 16:39:04 +00:00
c04ef106a3
fix: install nix tooling in bootstrap workflow when missing
Terraform Plan / Terraform Plan (push) Successful in 17s
2026-02-28 16:36:42 +00:00
c154ff4d15
Merge pull request 'stage' ( #39 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Successful in 27s
Reviewed-on: #39
2026-02-28 16:34:24 +00:00
8bcc162956
feat: auto-discover kubeadm node IPs from terraform state
Terraform Plan / Terraform Plan (push) Successful in 17s
2026-02-28 16:31:23 +00:00
b0779c51c0
feat: add gitea workflows for kubeadm bootstrap and reset
Terraform Plan / Terraform Plan (push) Successful in 17s
2026-02-28 16:26:51 +00:00
9fe845b53d
feat: add repeatable kubeadm rebuild and reset scripts
Terraform Plan / Terraform Plan (push) Successful in 17s
2026-02-28 16:24:45 +00:00
885a92f494
chore: add lightweight flake checks for kubeadm configs
Terraform Plan / Terraform Plan (push) Successful in 17s
2026-02-28 16:19:37 +00:00
91dd20e60e
fix: escape shell expansion in kubeadm helper scripts
Terraform Plan / Terraform Plan (push) Successful in 17s
2026-02-28 16:12:25 +00:00
abac6300ca
refactor: generate kubeadm host configs from flake
Terraform Plan / Terraform Plan (push) Successful in 17s
2026-02-28 16:09:05 +00:00
7206d8cd41
feat: implement kubeadm bootstrap scaffolding for Nix nodes
Terraform Plan / Terraform Plan (push) Successful in 18s
2026-02-28 16:04:14 +00:00
a42d44bb27
Merge pull request 'stage' ( #38 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Successful in 27s
Reviewed-on: #38
2026-02-28 15:41:58 +00:00
a99516a2a3
chore: format terraform configuration
Terraform Plan / Terraform Plan (push) Successful in 17s
2026-02-28 15:41:14 +00:00
5c69abf9ff
fix: disable automatic reboot for proxmox VM updates
Terraform Plan / Terraform Plan (push) Failing after 10s
2026-02-28 15:40:18 +00:00
5fc8bcc406
Merge pull request 'update: set wk-3 worker cores to 4' ( #37 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Failing after 2m54s
Reviewed-on: #37
2026-02-28 15:36:30 +00:00
16d5a87586
update: set wk-3 worker cores to 4
Terraform Plan / Terraform Plan (push) Successful in 18s
2026-02-28 15:35:52 +00:00
9a02c05983
Merge pull request 'fix: harden destroy workflow and recover state push' ( #36 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Successful in 5m13s
Reviewed-on: #36
2026-02-28 15:20:29 +00:00
1304afd793
fix: harden destroy workflow and recover state push
Terraform Plan / Terraform Plan (push) Successful in 13s
2026-02-28 15:17:42 +00:00
d1dcbe0feb
Merge pull request 'fix: harden apply workflow for gitea runner' ( #35 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Has been cancelled
Reviewed-on: #35
2026-02-28 15:14:24 +00:00
df4740071a
fix: harden apply workflow for gitea runner
Terraform Plan / Terraform Plan (push) Successful in 17s
2026-02-28 15:10:33 +00:00
54c0b684c8
Merge pull request 'fix: remove proxmox snippet dependency for cloud-init' ( #34 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Failing after 5m14s
Reviewed-on: #34
2026-02-28 14:53:00 +00:00
2577669e12
fix: remove proxmox snippet dependency for cloud-init
Terraform Plan / Terraform Plan (push) Successful in 12s
2026-02-28 14:48:14 +00:00
dd3a37dfd1
Merge pull request 'stage' ( #33 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Failing after 3m19s
Reviewed-on: #33
2026-02-28 14:44:40 +00:00
35f0a0dccb
fix: disable terraform wrapper in plan workflow
Terraform Plan / Terraform Plan (push) Successful in 17s
2026-02-28 14:41:47 +00:00
583d5c3591
fix: use gitea checkout action in plan workflow
Terraform Plan / Terraform Plan (push) Failing after 26s
2026-02-28 14:39:45 +00:00
77626ed93c
fix: restore checkout in plan workflow
Terraform Plan / Terraform Plan (push) Failing after 27s
2026-02-28 14:38:21 +00:00
a5d5ddb618
fix: remove checkout action from plan workflow
Terraform Plan / Terraform Plan (push) Failing after 2s
2026-02-28 14:35:48 +00:00
a5f8d72bff
fix: disable artifact upload in plan workflow
Terraform Plan / Terraform Plan (push) Failing after 16s
2026-02-28 14:28:33 +00:00
335254b7b2
fix: remove cross-variable validation from worker lists
...
Terraform Plan / Terraform Plan (push) Failing after 17s
Terraform variable validation blocks can only reference the variable itself, so list length checks against worker_count were removed to restore init/plan.
2026-02-28 14:19:00 +00:00
21be01346b
feat: refactor infra to cp/wk kubeadm topology
...
Terraform Plan / Terraform Plan (push) Failing after 9s
Provision 3 thin control planes and 3 workers with role-specific sizing and VMID ranges (701/711), generate per-node cloud-init snippets with SSH key injection, and add NixOS kubeadm host/module scaffolding for cp-1..3 and wk-1..3.
2026-02-28 14:16:55 +00:00
ba1884bbc5
Merge pull request 'chore: disable VM tailscale bootstrap for now' ( #32 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Successful in 1m55s
Reviewed-on: #32
2026-02-28 13:47:11 +00:00
c516c8ba35
chore: disable VM tailscale bootstrap for now
...
Terraform Plan / Terraform Plan (push) Successful in 17s
Remove tailscale auth/bootstrap from cloud-init and workflows, keeping VM provisioning focused on core network behind pfSense while preserving SSH key cloud-init setup.
2026-02-28 13:46:11 +00:00
8b8bab77b0
Merge pull request 'fix: make cloud-init tailscale bootstrap resilient' ( #31 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Successful in 1m58s
Reviewed-on: #31
2026-02-28 13:31:07 +00:00
93bba9fbfc
fix: make cloud-init tailscale bootstrap resilient
...
Terraform Plan / Terraform Plan (push) Successful in 17s
Add retry loop for tailscale up during first boot and fallback without tag advertisement when tag auth is unavailable, so nodes still join tailnet.
2026-02-28 13:24:24 +00:00
6ef807e59c
Merge pull request 'refactor: move tailscale join fully into cloud-init' ( #30 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Successful in 2m2s
Reviewed-on: #30
2026-02-28 13:20:48 +00:00
8887a8bb87
refactor: move tailscale join fully into cloud-init
...
Terraform Plan / Terraform Plan (push) Successful in 18s
Remove guest-agent enrollment workflow, pass TS auth key through Terraform variables/secrets, and run tailscale up with tag:k8s during cloud-init bootstrap alongside SSH key injection.
2026-02-28 13:13:34 +00:00
32b1fcec58
Merge pull request 'fix: use POST for Proxmox guest agent ping endpoint' ( #29 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Has been cancelled
Reviewed-on: #29
2026-02-28 13:03:18 +00:00
c87bb16f10
fix: use POST for Proxmox guest agent ping endpoint
...
Terraform Plan / Terraform Plan (push) Successful in 19s
Proxmox returns 501 for GET /agent/ping; switch to POST so tailscale enrollment can detect guest-agent readiness.
2026-02-28 13:02:02 +00:00
a891109ee9
Merge pull request 'stage' ( #28 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Has been cancelled
Reviewed-on: #28
2026-02-28 12:58:11 +00:00
0ea9888854
fix: include SSH key variable in destroy workflow
...
Terraform Plan / Terraform Plan (push) Successful in 17s
Pass SSH_KEY_PUBLIC in secrets.auto.tfvars so terraform destroy plan no longer prompts for required cloud-init variable.
2026-02-28 12:56:51 +00:00
3261b18f37
improve: fail fast and surface guest-agent API errors
...
Terraform Plan / Terraform Plan (push) Failing after 23s
Reduce agent wait timeout and print HTTP/auth errors during enrollment so hangs are visible and permission issues are diagnosable.
2026-02-28 12:52:15 +00:00
2d455929bd
Merge pull request 'stage' ( #27 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Has been cancelled
Reviewed-on: #27
2026-02-28 12:48:21 +00:00
9740e9c6fb
fix: strip newlines from SSH_KEY_PUBLIC secret in workflows
...
Terraform Plan / Terraform Plan (push) Successful in 17s
Normalize SSH public key secret before writing secrets.auto.tfvars so wrapped/multiline key pastes do not break Terraform parsing.
2026-02-28 12:46:25 +00:00
f12e15e566
Merge remote-tracking branch 'origin/master' into stage
Terraform Plan / Terraform Plan (push) Failing after 14s
2026-02-28 12:45:15 +00:00
b3521d6c02
chore: remove baked SSH key from template user
...
Rely on cloud-init SSH key injection from secrets for access rotation instead of storing an authorized key in the template config.
2026-02-28 12:45:04 +00:00
17834b3aa7
update: rotate SSH access via cloud-init secret
...
Terraform Plan / Terraform Plan (push) Successful in 17s
Inject SSH public key through Terraform/cloud-init from Gitea secret so access can be rotated without rebuilding the template image.
2026-02-28 12:36:20 +00:00
017d5ce00d
Merge pull request 'stage' ( #26 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Has been cancelled
Reviewed-on: #26
2026-02-28 12:14:24 +00:00
6fada2f32a
refactor: use direct tailscale auth-key enrollment
...
Terraform Plan / Terraform Plan (push) Successful in 18s
Stop writing auth keys to guest files and enroll nodes by running tailscale up directly via Proxmox guest agent with VM-name hostnames.
2026-02-28 12:12:58 +00:00
510ba707ad
fix: stabilize tailscale enrollment without cloud-init rollback
...
Terraform Plan / Terraform Plan (push) Successful in 17s
Create /etc/tailscale before writing runtime key, add progress logging and unbuffered output in enroll script, and shorten guest-agent wait to fail faster when enrollment cannot run.
2026-02-28 12:09:40 +00:00
a2d61d6972
Merge pull request 'fix: make tailscale enrollment resilient when guest agent is unavailable' ( #25 ) from stage into master
...
Terraform Apply / Terraform Apply (push) Has been cancelled
Reviewed-on: #25
2026-02-28 11:36:29 +00:00
6fbc4dd80f
fix: make tailscale enrollment resilient when guest agent is unavailable
...
Terraform Plan / Terraform Plan (push) Successful in 18s
Increase guest-agent wait window and treat agent-unavailable as warning by default, while keeping strict failure optional via TAILSCALE_ENROLL_STRICT secret.
2026-02-28 10:34:46 +00:00
