Merge pull request 'stage' (#18) from stage into master

Reviewed-on: #18

.gitea/workflows/terraform-apply.yml

@@ -0,0 +1,43 @@
+name: Gitea Actions Demo
+run-name: ${{ gitea.actor }} is deploying with Terraform 🚀
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  terraform:
+    name: "Terraform Apply"
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      pull-requests: write
+
+    env:
+      TF_VAR_SSH_KEY_PUBLIC: ${{ secrets.SSH_KEY_PUBLIC }}
+      TF_VAR_TS_AUTHKEY: ${{ secrets.TS_AUTHKEY }}
+      TF_VAR_proxmox_password: ${{ secrets.PROXMOX_PASSWORD }}
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Terraform
+        uses: hashicorp/setup-terraform@v2
+        with:
+          terraform_version: 1.6.6
+
+      - name: Terraform Init
+        working-directory: terraform
+        run: terraform init
+
+      - name: Terraform Plan
+        working-directory: terraform
+        run: terraform plan
+
+      - name: Terraform Apply
+        working-directory: terraform
+        run: terraform apply -auto-approve
+

.gitea/workflows/terraform-destroy.yml

@@ -0,0 +1,38 @@
+name: Gitea Destroy Terraform
+run-name: ${{ gitea.actor }} triggered a Terraform Destroy 🧨
+
+on:
+  workflow_dispatch: # Manual trigger
+
+jobs:
+  destroy:
+    name: "Terraform Destroy"
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      pull-requests: write
+
+    env:
+      TF_VAR_SSH_KEY: ${{ secrets.TF_VAR_SSH_KEY_PUBLIC }}
+      TF_VAR_TS_AUTHKEY: ${{ secrets.TF_VAR_TS_AUTHKEY }}
+      TF_VAR_PROXMOX_PASSWORD: ${{ secrets.TF_VAR_PROXMOX_PASSWORD }}
+
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Terraform
+        uses: hashicorp/setup-terraform@v2
+        with:
+          terraform_version: 1.6.6
+
+      - name: Terraform Init
+        working-directory: terraform
+        run: terraform init
+
+      - name: Terraform Destroy
+        working-directory: terraform
+        run: terraform destroy -auto-approve
+

.gitea/workflows/terraform-plan.yml

@@ -1,7 +1,11 @@
 name: Gitea Actions Demo
 run-name: ${{ gitea.actor }} is testing out Gitea Actions 🚀
 
-on: [push]
+on:
+  push:
+    branches:
+      - stage
+      - test
 
 jobs:
   terraform:
@@ -12,6 +16,11 @@ jobs:
       contents: read
       pull-requests: write
 
+    env:
+      TF_VAR_SSH_KEY_PUBLIC: ${{ secrets.SSH_KEY_PUBLIC }}
+      TF_VAR_TS_AUTHKEY: ${{ secrets.TS_AUTHKEY }}
+      TF_VAR_proxmox_password: ${{ secrets.PROXMOX_PASSWORD }}
+
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -21,11 +30,6 @@ jobs:
         with:
           terraform_version: 1.6.6
 
-      - name: Inject sensitive secrets
-        working-directory: terraform
-        run: |
-          echo 'proxmox_password = "${{ secrets.PROXMOX_PASSWORD }}"' >> terraform.tfvars
-
       - name: Terraform Init
         working-directory: terraform
         run: terraform init

.gitignore

@@ -1,2 +1,6 @@
 ./terraform/.terraform
 terraform/.terraform/
+terraform/test-apply.sh
+terraform/test-plan.sh
+terraform/test-destroy.sh
+terraform/tfplan

terraform/.terraform.lock.hcl

@@ -1,6 +1,42 @@
 # This file is maintained automatically by "terraform init".
 # Manual edits may be lost in future updates.
 
+provider "registry.terraform.io/hashicorp/local" {
+  version = "2.5.2"
+  hashes = [
+    "h1:JlMZD6nYqJ8sSrFfEAH0Vk/SL8WLZRmFaMUF9PJK5wM=",
+    "zh:136299545178ce281c56f36965bf91c35407c11897f7082b3b983d86cb79b511",
+    "zh:3b4486858aa9cb8163378722b642c57c529b6c64bfbfc9461d940a84cd66ebea",
+    "zh:4855ee628ead847741aa4f4fc9bed50cfdbf197f2912775dd9fe7bc43fa077c0",
+    "zh:4b8cd2583d1edcac4011caafe8afb7a95e8110a607a1d5fb87d921178074a69b",
+    "zh:52084ddaff8c8cd3f9e7bcb7ce4dc1eab00602912c96da43c29b4762dc376038",
+    "zh:71562d330d3f92d79b2952ffdda0dad167e952e46200c767dd30c6af8d7c0ed3",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:805f81ade06ff68fa8b908d31892eaed5c180ae031c77ad35f82cb7a74b97cf4",
+    "zh:8b6b3ebeaaa8e38dd04e56996abe80db9be6f4c1df75ac3cccc77642899bd464",
+    "zh:ad07750576b99248037b897de71113cc19b1a8d0bc235eb99173cc83d0de3b1b",
+    "zh:b9f1c3bfadb74068f5c205292badb0661e17ac05eb23bfe8bd809691e4583d0e",
+    "zh:cc4cbcd67414fefb111c1bf7ab0bc4beb8c0b553d01719ad17de9a047adff4d1",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/template" {
+  version = "2.2.0"
+  hashes = [
+    "h1:94qn780bi1qjrbC3uQtjJh3Wkfwd5+tTtJHOb7KTg9w=",
+    "zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386",
+    "zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53",
+    "zh:09ba83c0625b6fe0a954da6fbd0c355ac0b7f07f86c91a2a97849140fea49603",
+    "zh:0e3a6c8e16f17f19010accd0844187d524580d9fdb0731f675ffcf4afba03d16",
+    "zh:45f2c594b6f2f34ea663704cc72048b212fe7d16fb4cfd959365fa997228a776",
+    "zh:77ea3e5a0446784d77114b5e851c970a3dde1e08fa6de38210b8385d7605d451",
+    "zh:8a154388f3708e3df5a69122a23bdfaf760a523788a5081976b3d5616f7d30ae",
+    "zh:992843002f2db5a11e626b3fc23dc0c87ad3729b3b3cff08e32ffb3df97edbde",
+    "zh:ad906f4cebd3ec5e43d5cd6dc8f4c5c9cc3b33d2243c89c5fc18f97f7277b51d",
+    "zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2",
+  ]
+}
+
 provider "registry.terraform.io/telmate/proxmox" {
   version     = "3.0.1-rc8"
   constraints = "3.0.1-rc8"

terraform/cloud-init.tf

@@ -0,0 +1,17 @@
+### Global cloud-init template (for all VMs)
+
+data "template_file" "cloud_init_global" {
+  template = file("${path.module}/files/cloud_init_global.yaml")
+
+  vars = {
+    hostname       = "generic"
+    domain         = "home.arpa"
+    TS_AUTHKEY     = var.TS_AUTHKEY
+    SSH_KEY_PUBLIC = var.SSH_KEY_PUBLIC
+  }
+}
+
+resource "local_file" "cloud_init_global" {
+  content  = data.template_file.cloud_init_global.rendered
+  filename = "${path.module}/files/cloud_init_global.yaml"
+}

terraform/files/cloud_init.yaml

@@ -0,0 +1,9 @@
+#cloud-config
+hostname: ${hostname}
+fqdn: ${hostname}.${domain}
+
+runcmd:
+  - curl -fsSL https://tailscale.com/install.sh | sh
+  - tailscale up --auth-key=${TS_AUTHKEY}
+  - tailscale set --ssh
+

terraform/files/cloud_init_base.yaml

@@ -0,0 +1,6 @@
+#cloud-config
+runcmd:
+  - curl -fsSL https://tailscale.com/install.sh | sh
+  - tailscale up --auth-key=${TS_AUTHKEY}
+  - tailscale set --ssh
+

terraform/files/cloud_init_global.yaml

@@ -0,0 +1,48 @@
+#cloud-config
+#cloud-config
+hostname: myvm
+manage_etc_hosts: true
+resolv_conf:
+  nameservers:
+    - 8.8.8.8
+    - 1.1.1.1
+
+package_update: true
+package_upgrade: true
+
+# APT fails to acquire GPG keys if package dirmngr is missing
+bootcmd:
+  - [ cloud-init-per, once, dirmngr-aptupdate, apt-get, update ]
+  - [ cloud-init-per, once, dirmngr-aptinstall, apt-get, install, dirmngr, -y ]
+  - [ cloud-init-per, once, dirmngr-aptinstall, apt-get, install, gnupg2, -y ]
+
+packages:
+  - jq
+  - curl
+  - qemu-guest-agent
+
+users:
+- name: stuart
+  groups: sudo
+  shell: /bin/bash
+  sudo: ['ALL=(ALL) NOPASSWD:ALL']
+  ssh_authorized_keys:
+    - ${SSH_KEY_PUBLIC}
+
+preserve_hostname: false
+fqdn: ${hostname}.${domain}
+
+#cloud-config
+# The above header must generally appear on the first line of a cloud config
+# file, but all other lines that begin with a # are optional comments.
+
+runcmd:
+  # One-command install, from https://tailscale.com/download/
+  - ['sh', '-c', 'curl -fsSL https://tailscale.com/install.sh | sh']
+  # Set sysctl settings for IP forwarding (useful when configuring an exit node)
+  - ['sh', '-c', "echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf && echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf && sudo sysctl -p /etc/sysctl.d/99-tailscale.conf" ]
+  # Generate an auth key from your Admin console
+  # https://login.tailscale.com/admin/settings/keys
+  # and replace the placeholder below
+  - ['tailscale', 'up', '--auth-key=${TS_AUTHKEY}']
+

terraform/main.tf

@@ -15,22 +15,42 @@ provider "proxmox" {
 }
 
 resource "proxmox_vm_qemu" "alpacas" {
-  count       = var.alpaca_count
+  count       = var.alpaca_vm_count
-  vmid        = 500 + count.index
   name        = "alpaca-${count.index + 1}"
+  vmid        = 500 + count.index + 1
   target_node = var.target_node
   clone       = var.clone_template
-  sockets     = var.sockets
+  full_clone  = true
-  cores       = var.cores
+  os_type     = "cloud-init"
-  memory      = var.memory
   agent       = 1
-  boot        = "order=scsi0"
 
-  disk {
+  sockets   = var.sockets
-    slot    = "scsi0"
+  cores     = var.cores
-    type    = "disk"
+  memory    = var.memory
-    size    = var.disk_size
+  scsihw    = "virtio-scsi-pci"
-    storage = var.storage
+  boot      = "order=virtio0"
+  bootdisk  = "virtio0"
+  ipconfig0 = "ip=dhcp"
+  cicustom  = "user=local:snippets/cloud_init_global.yaml"
+
+
+  disks {
+    virtio {
+      virtio0 {
+        disk {
+          size    = var.disk_size
+          storage = var.storage
+        }
+      }
+    }
+
+    ide {
+      ide2 {
+        cloudinit {
+          storage = var.storage
+        }
+      }
+    }
   }
 
   network {
@@ -40,25 +60,46 @@ resource "proxmox_vm_qemu" "alpacas" {
   }
 }
 
+
 resource "proxmox_vm_qemu" "llamas" {
-  count       = var.llama_count
+  count       = var.llama_vm_count
-  vmid        = 600 + count.index
   name        = "llama-${count.index + 1}"
+  vmid        = 600 + count.index + 1
   target_node = var.target_node
   clone       = var.clone_template
-  sockets     = var.sockets
+  full_clone  = true
-  cores       = var.cores
+  os_type     = "cloud-init"
-  memory      = var.memory
   agent       = 1
-  boot        = "order=scsi0"
 
-  disk {
+  sockets   = var.sockets
-    slot    = "scsi0"
+  cores     = var.cores
-    type    = "disk"
+  memory    = var.memory
-    size    = var.disk_size
+  scsihw    = "virtio-scsi-pci"
-    storage = var.storage
+  boot      = "order=virtio0"
+  bootdisk  = "virtio0"
+  ipconfig0 = "ip=dhcp"
+  cicustom  = "user=local:snippets/cloud_init_global.yaml"
+
+  disks {
+    virtio {
+      virtio0 {
+        disk {
+          size    = var.disk_size
+          storage = var.storage
+        }
+      }
+    }
+
+    ide {
+      ide2 {
+        cloudinit {
+          storage = var.storage
+        }
+      }
+    }
   }
 
+
   network {
     id     = 0
     model  = "virtio"
@@ -66,4 +107,3 @@ resource "proxmox_vm_qemu" "llamas" {
   }
 }
 
-

terraform/terraform.tfstate

@@ -1,7 +1,7 @@
 {
   "version": 4,
   "terraform_version": "1.11.4",
-  "serial": 25,
+  "serial": 31,
   "lineage": "7a39dd41-1655-172c-950b-b8c5398caf69",
   "outputs": {},
   "resources": [],

terraform/terraform.tfstate.backup

@@ -1,12 +1,23 @@
 {
   "version": 4,
   "terraform_version": "1.11.4",
-  "serial": 23,
+  "serial": 28,
   "lineage": "7a39dd41-1655-172c-950b-b8c5398caf69",
   "outputs": {
-    "vm_clones": {
+    "alpaca_vm_ids": {
+      "value": {
+        "alpaca-1": 501
+      },
+      "type": [
+        "object",
+        {
+          "alpaca-1": "number"
+        }
+      ]
+    },
+    "alpaca_vm_names": {
       "value": [
-        "Alpine-Template"
+        "alpaca-1"
       ],
       "type": [
         "tuple",
@@ -15,20 +26,20 @@
         ]
       ]
     },
-    "vm_ids": {
+    "llama_vm_ids": {
       "value": {
-        "Alpine-1": 400
+        "llama-1": 601
       },
       "type": [
         "object",
         {
-          "Alpine-1": "number"
+          "llama-1": "number"
         }
       ]
     },
-    "vm_names": {
+    "llama_vm_names": {
       "value": [
-        "Alpine-1"
+        "llama-1"
       ],
       "type": [
         "tuple",
@@ -42,7 +53,7 @@
     {
       "mode": "managed",
       "type": "proxmox_vm_qemu",
-      "name": "alpine",
+      "name": "alpacas",
       "provider": "provider[\"registry.terraform.io/telmate/proxmox\"]",
       "instances": [
         {
@@ -117,7 +128,7 @@
             "hastate": "",
             "hostpci": [],
             "hotplug": "network,disk,usb",
-            "id": "flex/qemu/400",
+            "id": "flex/qemu/501",
             "ipconfig0": null,
             "ipconfig1": null,
             "ipconfig10": null,
@@ -138,7 +149,7 @@
             "linked_vmid": 0,
             "machine": "",
             "memory": 2048,
-            "name": "Alpine-1",
+            "name": "alpaca-1",
             "nameserver": null,
             "network": [
               {
@@ -146,7 +157,7 @@
                 "firewall": false,
                 "id": 0,
                 "link_down": false,
-                "macaddr": "bc:24:11:42:6e:29",
+                "macaddr": "bc:24:11:9a:b0:73",
                 "model": "virtio",
                 "mtu": 0,
                 "queues": 0,
@@ -177,7 +188,7 @@
                 "product": "",
                 "serial": "",
                 "sku": "",
-                "uuid": "7e462704-9013-4e96-9652-37e66a7cdf5f",
+                "uuid": "9bb69618-0076-490d-95fe-c762e09d5326",
                 "version": ""
               }
             ],
@@ -201,7 +212,189 @@
             "vcpus": 0,
             "vga": [],
             "vm_state": "running",
-            "vmid": 400
+            "vmid": 501
+          },
+          "sensitive_attributes": [
+            [
+              {
+                "type": "get_attr",
+                "value": "ssh_private_key"
+              }
+            ],
+            [
+              {
+                "type": "get_attr",
+                "value": "cipassword"
+              }
+            ]
+          ],
+          "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWZhdWx0IjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInJlYWQiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19"
+        }
+      ]
+    },
+    {
+      "mode": "managed",
+      "type": "proxmox_vm_qemu",
+      "name": "llamas",
+      "provider": "provider[\"registry.terraform.io/telmate/proxmox\"]",
+      "instances": [
+        {
+          "index_key": 0,
+          "schema_version": 0,
+          "attributes": {
+            "additional_wait": 5,
+            "agent": 1,
+            "agent_timeout": 90,
+            "args": "",
+            "automatic_reboot": true,
+            "balloon": 0,
+            "bios": "seabios",
+            "boot": "order=scsi0",
+            "bootdisk": "",
+            "ci_wait": null,
+            "cicustom": null,
+            "cipassword": "",
+            "ciupgrade": false,
+            "ciuser": "",
+            "clone": "Alpine-Template",
+            "clone_id": null,
+            "clone_wait": 10,
+            "cores": 2,
+            "cpu": null,
+            "cpu_type": "host",
+            "current_node": "flex",
+            "default_ipv4_address": "",
+            "default_ipv6_address": "",
+            "define_connection_info": true,
+            "desc": "Managed by Terraform.",
+            "disk": [
+              {
+                "asyncio": "",
+                "backup": true,
+                "cache": "",
+                "discard": false,
+                "disk_file": "",
+                "emulatessd": false,
+                "format": "raw",
+                "id": 0,
+                "iops_r_burst": 0,
+                "iops_r_burst_length": 0,
+                "iops_r_concurrent": 0,
+                "iops_wr_burst": 0,
+                "iops_wr_burst_length": 0,
+                "iops_wr_concurrent": 0,
+                "iothread": false,
+                "iso": "",
+                "linked_disk_id": -1,
+                "mbps_r_burst": 0,
+                "mbps_r_concurrent": 0,
+                "mbps_wr_burst": 0,
+                "mbps_wr_concurrent": 0,
+                "passthrough": false,
+                "readonly": false,
+                "replicate": false,
+                "serial": "",
+                "size": "15G",
+                "slot": "scsi0",
+                "storage": "Flash",
+                "type": "disk",
+                "wwn": ""
+              }
+            ],
+            "disks": [],
+            "efidisk": [],
+            "force_create": false,
+            "force_recreate_on_change_of": null,
+            "full_clone": true,
+            "hagroup": "",
+            "hastate": "",
+            "hostpci": [],
+            "hotplug": "network,disk,usb",
+            "id": "flex/qemu/601",
+            "ipconfig0": null,
+            "ipconfig1": null,
+            "ipconfig10": null,
+            "ipconfig11": null,
+            "ipconfig12": null,
+            "ipconfig13": null,
+            "ipconfig14": null,
+            "ipconfig15": null,
+            "ipconfig2": null,
+            "ipconfig3": null,
+            "ipconfig4": null,
+            "ipconfig5": null,
+            "ipconfig6": null,
+            "ipconfig7": null,
+            "ipconfig8": null,
+            "ipconfig9": null,
+            "kvm": true,
+            "linked_vmid": 0,
+            "machine": "",
+            "memory": 2048,
+            "name": "llama-1",
+            "nameserver": null,
+            "network": [
+              {
+                "bridge": "vmbr0",
+                "firewall": false,
+                "id": 0,
+                "link_down": false,
+                "macaddr": "bc:24:11:16:44:6b",
+                "model": "virtio",
+                "mtu": 0,
+                "queues": 0,
+                "rate": 0,
+                "tag": 0
+              }
+            ],
+            "numa": false,
+            "onboot": false,
+            "os_network_config": null,
+            "os_type": "cloud-init",
+            "pci": [],
+            "pcis": [],
+            "pool": "",
+            "protection": false,
+            "pxe": null,
+            "qemu_os": "l26",
+            "reboot_required": false,
+            "scsihw": "lsi",
+            "searchdomain": null,
+            "serial": [],
+            "skip_ipv4": false,
+            "skip_ipv6": false,
+            "smbios": [
+              {
+                "family": "",
+                "manufacturer": "",
+                "product": "",
+                "serial": "",
+                "sku": "",
+                "uuid": "99429525-6c01-4278-83cc-f6ebdb348577",
+                "version": ""
+              }
+            ],
+            "sockets": 1,
+            "ssh_forward_ip": null,
+            "ssh_host": "",
+            "ssh_port": "22",
+            "ssh_private_key": null,
+            "ssh_user": null,
+            "sshkeys": null,
+            "startup": "",
+            "tablet": true,
+            "tags": "",
+            "target_node": "flex",
+            "target_nodes": null,
+            "timeouts": null,
+            "tpm_state": [],
+            "unused_disk": [],
+            "usb": [],
+            "usbs": [],
+            "vcpus": 0,
+            "vga": [],
+            "vm_state": "running",
+            "vmid": 601
           },
           "sensitive_attributes": [
             [

terraform/terraform.tfvars

@@ -1,13 +1,12 @@
 target_node    = "flex"
-clone_template = "Alpine-Template"
+clone_template = "ubuntu-cloudinit"
 vm_name        = "alpine-vm"
-cores          = 2
+cores          = 1
-memory         = 2048
+memory         = 1024
 disk_size      = "15G"
 sockets        = 1
 bridge         = "vmbr0"
 disk_type      = "scsi"
 storage        = "Flash"
 pm_api_url     = "https://100.105.0.115:8006/api2/json"
-pm_user        = "terraform-prov@pve"
+pm_user        = "terraform-prov@pve"
-

terraform/variables.tf

@@ -62,3 +62,24 @@ variable "llama_count" {
   description = "How many Llama VMs to create"
 }
 
+variable "alpaca_vm_count" {
+  type        = number
+  default     = 1
+  description = "How many Alpaca VMs to create"
+}
+
+variable "llama_vm_count" {
+  type        = number
+  default     = 1
+  description = "How many Llama VMs to create"
+}
+
+variable "TS_AUTHKEY" {
+  type        = string
+  description = "Tailscale auth key used in cloud-init"
+}
+
+variable "SSH_KEY_PUBLIC" {
+  type        = string
+  description = "My Public SSH key fo ssh auth list"
+}