Initial Commit

2025-09-28 17:43:23 +10:00
commit 0d81d80e28
14 changed files with 375 additions and 0 deletions
--- a/opentofu/200-github.tf
+++ b/opentofu/200-github.tf
@ -0,0 +1,40 @@
+resource "proxmox_lxc" "ghshr" {
+
+  target_node  = "pve"
+  vmid         = "200"
+  hostname     = "ghshr"
+  ostemplate   = "local:vztmpl/debian-13-standard_13.1-1_amd64.tar.zst"
+  password     = var.ci_password
+  unprivileged = false
+  ostype       = "debian"
+  onboot       = true
+  start        = true
+  startup      = "order=1000"
+
+
+  ssh_public_keys = <<EOF
+    ${var.ssh_key}
+    EOF
+
+  memory = "4096"
+  swap   = "512"
+
+  rootfs {
+    storage = "local-zfs"
+    size    = "8G"
+  }
+
+  features {
+    fuse    = true
+    nesting = true
+    mount   = "nfs;cifs"
+  }
+
+  network {
+    name   = "eth0"
+    bridge = "vmbr0"
+    ip     = "10.10.10.8/24"
+    gw     = "10.10.10.1"
+    tag    = 10
+  }
+}
--- a/opentofu/prepareEnv.sh
+++ b/opentofu/prepareEnv.sh
@ -0,0 +1,34 @@
+#!/bin/bash
+
+bw config server https://vault.comprofix.com
+bw login
+export BW_SESSION=$(bw unlock --raw)
+bw sync
+
+echo "Please wait while we prepare terraform.auto.tfvars"
+
+proxmox_api_url=$(bw get --session $BW_SESSION uri proxmox_api)
+proxmox_api_token_id=$(bw get --session $BW_SESSION username f295a859-154a-482d-8129-c6ec6e06131e)
+proxmox_api_token_secret=$(bw get --session $BW_SESSION password f295a859-154a-482d-8129-c6ec6e06131e)
+ci_user=$(bw get --session $BW_SESSION username ci_details)
+ci_password=$(bw get --session $BW_SESSION password ci_details)
+ssh_key=$(bw get --session $BW_SESSION notes ssh_public_key_main)
+passphrase=$(bw get --session $BW_SESSION password state_passphrase)
+tfusername=$(bw get --session $BW_SESSION username tofu_postgres)
+tfpassword=$(bw get --session $BW_SESSION password tofu_postgres)
+tfurl=$(bw get --session $BW_SESSION uri tofu_postgres)
+
+echo 'proxmox_api_url = "'$proxmox_api_url'"' > terraform.auto.tfvars
+echo 'proxmox_api_token_id = "'$proxmox_api_token_id'"' >> terraform.auto.tfvars
+echo 'proxmox_api_token_secret = "'$proxmox_api_token_secret'"' >> terraform.auto.tfvars
+echo 'ci_user = "'$ci_user'"' >> terraform.auto.tfvars
+echo 'ci_password = "'$ci_password'"' >> terraform.auto.tfvars
+echo 'ssh_key = "'$ssh_key'"' >> terraform.auto.tfvars
+echo 'passphrase = "'$passphrase'"' >> terraform.auto.tfvars
+
+export PG_CONN_STR="postgres://$tfusername:$tfpassword@$tfurl"
+
+
+
+
+
--- a/opentofu/provider.tf
+++ b/opentofu/provider.tf
@ -0,0 +1,78 @@
+terraform {
+  required_providers {
+    proxmox = {
+      source  = "telmate/proxmox"
+      version = "3.0.2-rc04"
+    }
+
+    bitwarden = {
+      source  = "maxlaverse/bitwarden"
+      version = ">= 0.13.6"
+    }
+  }
+
+  backend "pg" {}
+  encryption {
+    key_provider "pbkdf2" "mykey" {
+      passphrase    = var.passphrase
+      key_length    = 32
+      salt_length   = 16
+      hash_function = "sha256"
+    }
+    method "aes_gcm" "secure_method" {
+      keys = key_provider.pbkdf2.mykey
+    }
+    state {
+      method   = method.aes_gcm.secure_method
+      enforced = true
+    }
+  }
+}
+
+variable "ci_user" {
+  type      = string
+  sensitive = true
+}
+
+variable "ci_password" {
+  type      = string
+  sensitive = true
+}
+
+variable "proxmox_api_url" {
+  type      = string
+  sensitive = true
+}
+
+variable "proxmox_api_token_id" {
+  type      = string
+  sensitive = true
+}
+
+variable "proxmox_api_token_secret" {
+  type      = string
+  sensitive = true
+}
+
+variable "ssh_key" {
+  type      = string
+  sensitive = true
+}
+
+variable "passphrase" {
+  type      = string
+  sensitive = true
+}
+
+provider "proxmox" {
+  pm_api_url  = var.proxmox_api_url
+  pm_user     = "root@pam"
+  pm_password = var.proxmox_api_token_secret
+  pm_timeout  = 3600
+  pm_parallel = 2 # Fix VM HDD lock timeout
+  # Optional: Skip TLS Verification
+  pm_tls_insecure = true
+
+}
+
+