From 1405a9fab677b1a5f02706a44390c305e9e4faaf Mon Sep 17 00:00:00 2001 From: Matthew McKinnon Date: Sat, 2 Nov 2024 12:28:46 +1000 Subject: [PATCH] feat: add docker server --- .gitignore | 1 + .terraform.lock.hcl | 43 +++--- cloudinit.tf | 109 --------------- docker.tf | 107 +++++++++++++++ files/cloud_init.cloud_config | 16 --- main.backup | 240 ---------------------------------- prepareEnv.sh | 39 ++++++ provider.tf | 160 ++++++++++++++++------- 8 files changed, 279 insertions(+), 436 deletions(-) delete mode 100644 cloudinit.tf create mode 100644 docker.tf delete mode 100755 main.backup create mode 100755 prepareEnv.sh mode change 100755 => 100644 provider.tf diff --git a/.gitignore b/.gitignore index f97d9a4..10fe8ad 100755 --- a/.gitignore +++ b/.gitignore @@ -2,4 +2,5 @@ terraform.auto.tfvars .terraform tokens.txt terraform.tfstate* +.bitwarden/ diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index d683d23..400bbb4 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -1,23 +1,6 @@ # This file is maintained automatically by "tofu init". # Manual edits may be lost in future updates. -provider "registry.opentofu.org/hashicorp/local" { - version = "2.5.2" - hashes = [ - "h1:6lS+5A/4WFAqY3/RHWFRBSiFVLPRjvLaUgxPQvjXLHU=", - "zh:25b95b76ceaa62b5c95f6de2fa6e6242edbf51e7fc6c057b7f7101aa4081f64f", - "zh:3c974fdf6b42ca6f93309cf50951f345bfc5726ec6013b8832bcd3be0eb3429e", - "zh:5de843bf6d903f5cca97ce1061e2e06b6441985c68d013eabd738a9e4b828278", - "zh:86beead37c7b4f149a54d2ae633c99ff92159c748acea93ff0f3603d6b4c9f4f", - "zh:8e52e81d3dc50c3f79305d257da7fde7af634fed65e6ab5b8e214166784a720e", - "zh:9882f444c087c69559873b2d72eec406a40ede21acb5ac334d6563bf3a2387df", - "zh:a4484193d110da4a06c7bffc44cc6b61d3b5e881cd51df2a83fdda1a36ea25d2", - "zh:a53342426d173e29d8ee3106cb68abecdf4be301a3f6589e4e8d42015befa7da", - "zh:d25ef2aef6a9004363fc6db80305d30673fc1f7dd0b980d41d863b12dacd382a", - "zh:fa2d522fb323e2121f65b79709fd596514b293d816a1d969af8f72d108888e4c", - ] -} - provider "registry.opentofu.org/hashicorp/null" { version = "3.2.3" hashes = [ @@ -35,15 +18,25 @@ provider "registry.opentofu.org/hashicorp/null" { ] } -provider "registry.opentofu.org/hashicorp/template" { - version = "2.2.0" +provider "registry.opentofu.org/maxlaverse/bitwarden" { + version = "0.1.1" + constraints = "~> 0.1.0" hashes = [ - "h1:tdS0otiAtvUV8uLJWJNfcqOPo3llj7FyRzExw6X1srY=", - "zh:374c28bafc43cd65e578cb209efc9eee4c1cec7618f451528e928db98059e8c8", - "zh:6a2982e70fbc2ab2668d624c648ef2eb32243c1a1185246b03991a7a21326db9", - "zh:af83169c21bb13f141510a349e1f70cf7d893247a269bd71cad74dd22f1df0f5", - "zh:b81a5bedc91a1a81b938c393247248d6c3d1bd8ea685541f9c858908c0afb6b3", - "zh:de15486244af2d29d44d510d647cd6e0b1408e89952261013c572b7c9bfd744b", + "h1:ZtHaTCuLMChMG8AJ7M8/ZOMqCTdCMfLhxOWTlZb5LMo=", + "zh:190c3c9aab29815a0d6d5b7d0f0bcf299c08a36af0142a23e381894cf12ca342", + "zh:2a90054074e4c651e19b423b1c5a4fff75973f52a290890b06ebfb6aa73ea3a4", + "zh:38396bdc54fed6680a0303c7919a4fc417d5c4438ddb0e2e1a065091990bb350", + "zh:63e899f3a4bb735f50ad90bc839e5d0f68f8b1b96974d91832147d2d16997a88", + "zh:96da402041eeec5dec9d738777dcaa2c81742086ee2911bb2df9fd685709629b", + "zh:99c18a7e8a6ddc84947c19f051a896a20c20b84914895ba538d25b80fbc9cda6", + "zh:a95a5a3e62bf751a531df58ec555eb98ce13c00e40d343c293f621b4a5c80b6e", + "zh:b93b7e5ea921e425fbc901e7696702df80eb2b8243693abd18a4e6d3df0af6b0", + "zh:bb1228c8205d9b589674f853cc6c788de2a95e29f33f0c929727c1986a02e3b6", + "zh:beaf5ffa167de3c9ab01bf937b671ff90a65fd7de38612195da5f8d9e532c534", + "zh:d2849ed82549744fd8c36a3ae694b935ab3afe8fc7a78c60339581fed5d63112", + "zh:f90c25c736fa0f17f33c96d5ec0b7d45159397acfcdc0bce68e574d673f0f764", + "zh:fa91da4161f5b4580df79f10f891f5b88827941110fae1906a1a672b31a94dd0", + "zh:fae5d219184274ebbce7f6766398c44ec593c1ffb5d2e872a81478b5eb57f01d", ] } diff --git a/cloudinit.tf b/cloudinit.tf deleted file mode 100644 index 3a38ca7..0000000 --- a/cloudinit.tf +++ /dev/null @@ -1,109 +0,0 @@ -resource "null_resource" "cloud_init_deb" { - connection { - type = "ssh" - user = "root" - private_key = file("~/.ssh/pve2.comprofix.xyz") - host = "pve2.comprofix.xyz" - agent = true - } - - provisioner "file" { - source = "files/cloud_init.cloud_config" - destination = "/var/lib/vz/snippets/cloud_init_deb.yml" - } -} - - - -resource "proxmox_vm_qemu" "dev" { - - # VM General Settings - target_node = "pve" - vmid = "500" - name = "dev" - desc = "Dev Server" - - - # VM Advanced General Settings - onboot = true - scsihw = "virtio-scsi-single" - - # VM OS Settings - clone = "debian-12-generic-amd64" - clone_wait = 120 - timeouts { - create = "1h" - delete = "1h" - } - - # VM System Settings - agent = 1 - machine = "q35" - qemu_os = "l26" - - # VM CPU Settings - cores = 4 - sockets = 1 - cpu = "kvm64" - bios = "ovmf" - - startup = "" - - - # VM Memory Settings - memory = 16384 - - # VM Network Settings - network { - bridge = "vmbr0" - model = "virtio" - tag = "10" - } - - efidisk { - efitype = "4m" - storage = "local-zfs" - } - - disks { - ide { - ide2 { - cdrom { - passthrough = false - } - } - ide3 { - cloudinit { - storage = "local-zfs" - } - } - } - scsi { - scsi0 { - disk { - size = 20 - storage = "local-zfs" - } - } - } - } - - # VM Cloud-Init Settings - os_type = "cloud-init" - cicustom = "vendor=local:snippets/cloud_init_deb.yml" - #cloudinit_cdrom_storage = "local-zfs" - - # (Optional) IP Address and Gateway - ipconfig0 = "ip=10.10.10.22/24,gw=10.10.10.1" - nameserver = "10.10.10.1" - - # (Optional) Default User - ciuser = "${var.ci_user}" - cipassword = "${var.ci_password}" - - # (Optional) Add your SSH Public KEY - sshkeys = <> terraform.auto.tfvars +echo 'proxmox_api_token_id = "'$proxmox_api_token_id'"' >> terraform.auto.tfvars +echo 'proxmox_api_token_secret = "'$proxmox_api_token_secret'"' >> terraform.auto.tfvars +echo 'ci_user = "'$ci_user'"' >> terraform.auto.tfvars +echo 'ci_password = "'$ci_password'"' >> terraform.auto.tfvars +echo 'ssh_key = "'$ssh_key'"' >> terraform.auto.tfvars +echo 'teams = "'$teams'"' >> terraform.auto.tfvars +echo 'passphrase = "'$passphrase'"' >> terraform.auto.tfvars +echo 'tfusername = "'$tfusername'"' >> terraform.auto.tfvars +echo 'tfpassword = "'$tfpassword'"' >> terraform.auto.tfvars +echo 'tfurl = "'$tfurl'"' >> terraform.auto.tfvars + + +echo 'lxc_template = "debian-12-standard_12.7-1_amd64.tar.zst"' >> terraform.auto.tfvars + + + diff --git a/provider.tf b/provider.tf old mode 100755 new mode 100644 index 78c3467..f93f1d8 --- a/provider.tf +++ b/provider.tf @@ -1,56 +1,124 @@ -# Proxmox Provider -# --- -# Initial Provider Configuration for Proxmox - terraform { - - required_version = ">= 0.13.0" - - required_providers { - proxmox = { - source = "Telmate/proxmox" - version = "3.0.1-rc4" - } + required_providers { + proxmox = { + source = "Telmate/proxmox" + version = "3.0.1-rc4" } -} -variable "proxmox_api_url" { - type = string -} - -variable "proxmox_api_token_id" { - type = string -} - -variable "proxmox_api_token_secret" { - type = string -} - -variable "ci_user" { - type = string -} - -variable "ci_password" { - type = string -} - -variable "ssh_key" { - type = string + bitwarden = { + source = "maxlaverse/bitwarden" + version = "~> 0.1.0" + } + } + backend "pg" { + conn_str = "postgres://${var.tfusername}:${var.tfpassword}@${var.tfurl}" + } + encryption { + key_provider "pbkdf2" "mykey" { + passphrase = var.passphrase + key_length = 32 + salt_length = 16 + hash_function = "sha256" + } + method "aes_gcm" "secure_method" { + keys = key_provider.pbkdf2.mykey + } + state { + method = method.aes_gcm.secure_method + enforced = true + } + } } variable "teams" { - type = string + type = string + sensitive = true +} + +variable "ci_user" { + type = string + sensitive = true +} + +variable "ci_password" { + type = string + sensitive = true +} + +variable "lxc_template" { + type = string +} + +variable "proxmox_api_url" { + type = string + sensitive = true +} + +variable "proxmox_api_token_id" { + type = string + sensitive = true +} + +variable "proxmox_api_token_secret" { + type = string + sensitive = true +} + +variable "ssh_key" { + type = string + sensitive = true +} + +variable "passphrase" { + type = string + sensitive = true +} + +variable "tfusername" { + type = string + sensitive = true +} + +variable "tfpassword" { + type = string + sensitive = true +} + +variable "tfurl" { + type = string + sensitive = true +} + +variable "client_id" { + description = "Client ID for Bitwarden" + type = string + sensitive = true + +} + +variable "client_secret" { + description = "Client Secret for Bitwarden" + type = string + sensitive = true + +} + +variable "master_password" { + description = "Client Master Password for Bitwarden" + type = string + sensitive = true + } provider "proxmox" { - - pm_api_url = var.proxmox_api_url - pm_api_token_id = var.proxmox_api_token_id - pm_api_token_secret = var.proxmox_api_token_secret - pm_timeout = 3600 - pm_parallel = 2 # Fix vm hdd lock timeout - - # (Optional) Skip TLS Verification - # pm_tls_insecure = true - + pm_api_url = var.proxmox_api_url + pm_api_token_id = var.proxmox_api_token_id + pm_api_token_secret = var.proxmox_api_token_secret + pm_timeout = 3600 + pm_parallel = 2 # Fix VM HDD lock timeout + # Optional: Skip TLS Verification + # pm_tls_insecure = true } + + +