From c98fb40f46609b41ef93ffc1f7c029c3a8b1933d Mon Sep 17 00:00:00 2001 From: Matt Reeves Date: Sun, 13 Oct 2024 10:22:23 -0400 Subject: [PATCH 01/10] test --- .forgejo/workflows/tofu.yml | 14 +++++--------- terraform/kasm.tf | 2 +- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/.forgejo/workflows/tofu.yml b/.forgejo/workflows/tofu.yml index 0399581..ad97c7f 100644 --- a/.forgejo/workflows/tofu.yml +++ b/.forgejo/workflows/tofu.yml @@ -38,17 +38,13 @@ jobs: a4ed343a-bb92-4beb-a421-b2080005bf98 > virtual_environment_endpoint af0ed579-05f8-405f-b0f3-b208000620ca > vlan_gateway - - name: Create AWS Credentials Directory - run: mkdir -p ~/.aws - - name: Set AWS Credentials + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} run: | - echo "[default]" > ~/.aws/credentials - echo "aws_access_key_id=${{ secrets.AWS_ACCESS_KEY_ID }}" >> ~/.aws/credentials - echo "aws_secret_access_key=${{ secrets.AWS_SECRET_ACCESS_KEY }}" >> ~/.aws/credentials - - - name: Set Environment Variables - run: echo "AWS_EC2_METADATA_DISABLED=true" >> $GITHUB_ENV + echo "AWS Credentials Set" - name: Setup OpenTofu diff --git a/terraform/kasm.tf b/terraform/kasm.tf index f48bc29..22ae455 100644 --- a/terraform/kasm.tf +++ b/terraform/kasm.tf @@ -36,7 +36,7 @@ resource "proxmox_virtual_environment_vm" "Kasm" { # VM Disk Settings disk { datastore_id = "local-lvm" - size = 151 + size = 152 interface = "scsi0" } From ef5c58d015618c178206a7e6a47c7cc9c4e09008 Mon Sep 17 00:00:00 2001 From: Matt Reeves Date: Sun, 13 Oct 2024 10:48:04 -0400 Subject: [PATCH 02/10] test --- .forgejo/workflows/tofu.yml | 12 +++++------- terraform/kasm.tf | 2 +- terraform/provider.tf | 2 ++ terraform/vars.tf | 8 ++++++++ 4 files changed, 16 insertions(+), 8 deletions(-) diff --git a/.forgejo/workflows/tofu.yml b/.forgejo/workflows/tofu.yml index ad97c7f..83e0da9 100644 --- a/.forgejo/workflows/tofu.yml +++ b/.forgejo/workflows/tofu.yml @@ -22,6 +22,8 @@ jobs: base_url: https://vault.bitwarden.com secrets: | c65f8886-f6fb-4c17-bc79-b208000604bf > arrbuntu_ip_address + 2dae51bd-bd65-474c-971c-b20800f22afa > aws_access_key_id + 287c852d-f2b5-467d-bfc4-b20800f25f52 > aws_secret_access_key a54974b8-c6b3-4df7-9042-b20800064050 > downloaders_ip_address dacbeafa-c671-4b9c-9334-b2080006f75b > init_password 9ceabbd0-6492-4674-9bab-b2080006e333 > init_username @@ -38,13 +40,7 @@ jobs: a4ed343a-bb92-4beb-a421-b2080005bf98 > virtual_environment_endpoint af0ed579-05f8-405f-b0f3-b208000620ca > vlan_gateway - - name: Set AWS Credentials - env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} - run: | - echo "AWS Credentials Set" + - name: Setup OpenTofu @@ -55,6 +51,8 @@ jobs: run: | tofu init \ -var "arrbuntu_ip_address=${{ steps.bitwarden-secrets.outputs.arrbuntu_ip_address }}" \ + -var "aws_access_key_id=${{ steps.bitwarden-secrets.outputs.aws_access_key_id }}" \ + -var "aws_secret_access_key=${{ steps.bitwarden-secrets.outputs.aws_secret_access_key }}" \ -var "downloaders_ip_address=${{ steps.bitwarden-secrets.outputs.downloaders_ip_address }}" \ -var "init_password=${{ steps.bitwarden-secrets.outputs.init_password }}" \ -var "init_username=${{ steps.bitwarden-secrets.outputs.init_username }}" \ diff --git a/terraform/kasm.tf b/terraform/kasm.tf index 22ae455..f48bc29 100644 --- a/terraform/kasm.tf +++ b/terraform/kasm.tf @@ -36,7 +36,7 @@ resource "proxmox_virtual_environment_vm" "Kasm" { # VM Disk Settings disk { datastore_id = "local-lvm" - size = 152 + size = 151 interface = "scsi0" } diff --git a/terraform/provider.tf b/terraform/provider.tf index e76e1b8..d081208 100644 --- a/terraform/provider.tf +++ b/terraform/provider.tf @@ -19,6 +19,8 @@ terraform { endpoints = { s3 = var.s3_endpoint } + access_key = var.aws_access_key_id + secret_key = var.aws_secret_access_key } } diff --git a/terraform/vars.tf b/terraform/vars.tf index 84b1af3..55340df 100644 --- a/terraform/vars.tf +++ b/terraform/vars.tf @@ -60,4 +60,12 @@ variable "pve2_ip_address" { variable "s3_endpoint" { type = string +} + +variable "aws_secret_access_key" { + type = string +} + +variable "aws_access_key_id" { + type = string } \ No newline at end of file From 56508371d23f33d0c090b9cc326f59a7f5769c32 Mon Sep 17 00:00:00 2001 From: Matt Reeves Date: Sun, 13 Oct 2024 11:05:29 -0400 Subject: [PATCH 03/10] testing --- .forgejo/workflows/tofu.yml | 44 ++++++++++++++++++++----------------- terraform/kasm.tf | 2 +- 2 files changed, 25 insertions(+), 21 deletions(-) diff --git a/.forgejo/workflows/tofu.yml b/.forgejo/workflows/tofu.yml index 83e0da9..6ec269c 100644 --- a/.forgejo/workflows/tofu.yml +++ b/.forgejo/workflows/tofu.yml @@ -41,7 +41,29 @@ jobs: af0ed579-05f8-405f-b0f3-b208000620ca > vlan_gateway - + - name: Create tfvars file + working-directory: ./terraform + run: | + cat < terraform.tfvars + arrbuntu_ip_address = "${{ steps.bitwarden-secrets.outputs.arrbuntu_ip_address }}" + aws_access_key_id = "${{ steps.bitwarden-secrets.outputs.aws_access_key_id }}" + aws_secret_access_key = "${{ steps.bitwarden-secrets.outputs.aws_secret_access_key }}" + downloaders_ip_address = "${{ steps.bitwarden-secrets.outputs.downloaders_ip_address }}" + init_password = "${{ steps.bitwarden-secrets.outputs.init_password }}" + init_username = "${{ steps.bitwarden-secrets.outputs.init_username }}" + kasm_ip = "${{ steps.bitwarden-secrets.outputs.kasm_ip }}" + kasm_ssh_ip = "${{ steps.bitwarden-secrets.outputs.kasm_ssh_ip }}" + npm_ip_address = "${{ steps.bitwarden-secrets.outputs.npm_ip_address }}" + prox_ip_address = "${{ steps.bitwarden-secrets.outputs.prox_ip_address }}" + pve2_ip_address = "${{ steps.bitwarden-secrets.outputs.pve2_ip_address }}" + s3_endpoint = "${{ steps.bitwarden-secrets.outputs.s3_endpoint }}" + ssh_password = "${{ steps.bitwarden-secrets.outputs.ssh_password }}" + ssh_username = "${{ steps.bitwarden-secrets.outputs.ssh_username }}" + ubu_ip_address = "${{ steps.bitwarden-secrets.outputs.ubu_ip_address }}" + virtual_environment_api = "${{ steps.bitwarden-secrets.outputs.virtual_environment_api }}" + virtual_environment_endpoint = "${{ steps.bitwarden-secrets.outputs.virtual_environment_endpoint }}" + vlan_gateway = "${{ steps.bitwarden-secrets.outputs.vlan_gateway }}" + EOF - name: Setup OpenTofu uses: https://github.com/opentofu/setup-opentofu@v1.0.4 @@ -49,25 +71,7 @@ jobs: - name: Run OpenTofu Init working-directory: ./terraform run: | - tofu init \ - -var "arrbuntu_ip_address=${{ steps.bitwarden-secrets.outputs.arrbuntu_ip_address }}" \ - -var "aws_access_key_id=${{ steps.bitwarden-secrets.outputs.aws_access_key_id }}" \ - -var "aws_secret_access_key=${{ steps.bitwarden-secrets.outputs.aws_secret_access_key }}" \ - -var "downloaders_ip_address=${{ steps.bitwarden-secrets.outputs.downloaders_ip_address }}" \ - -var "init_password=${{ steps.bitwarden-secrets.outputs.init_password }}" \ - -var "init_username=${{ steps.bitwarden-secrets.outputs.init_username }}" \ - -var "kasm_ip=${{ steps.bitwarden-secrets.outputs.kasm_ip }}" \ - -var "kasm_ssh_ip=${{ steps.bitwarden-secrets.outputs.kasm_ssh_ip }}" \ - -var "npm_ip_address=${{ steps.bitwarden-secrets.outputs.npm_ip_address }}" \ - -var "prox_ip_address=${{ steps.bitwarden-secrets.outputs.prox_ip_address }}" \ - -var "pve2_ip_address=${{ steps.bitwarden-secrets.outputs.pve2_ip_address }}" \ - -var "s3_endpoint=${{ steps.bitwarden-secrets.outputs.s3_endpoint }}" \ - -var "ssh_password=${{ steps.bitwarden-secrets.outputs.ssh_password }}" \ - -var "ssh_username=${{ steps.bitwarden-secrets.outputs.ssh_username }}" \ - -var "ubu_ip_address=${{ steps.bitwarden-secrets.outputs.ubu_ip_address }}" \ - -var "virtual_environment_api=${{ steps.bitwarden-secrets.outputs.virtual_environment_api }}" \ - -var "virtual_environment_endpoint=${{ steps.bitwarden-secrets.outputs.virtual_environment_endpoint }}" \ - -var "vlan_gateway=${{ steps.bitwarden-secrets.outputs.vlan_gateway }}" + tofu init -var-file=terraform.tfvars - name: Run OpenTofu Plan diff --git a/terraform/kasm.tf b/terraform/kasm.tf index f48bc29..22ae455 100644 --- a/terraform/kasm.tf +++ b/terraform/kasm.tf @@ -36,7 +36,7 @@ resource "proxmox_virtual_environment_vm" "Kasm" { # VM Disk Settings disk { datastore_id = "local-lvm" - size = 151 + size = 152 interface = "scsi0" } From e55e394d537f2d9b4947226670e370502a1112db Mon Sep 17 00:00:00 2001 From: Matt Reeves Date: Sun, 13 Oct 2024 11:18:37 -0400 Subject: [PATCH 04/10] test --- terraform/cloud-init.tf | 17 +++++++---------- terraform/kasm.tf | 2 +- 2 files changed, 8 insertions(+), 11 deletions(-) diff --git a/terraform/cloud-init.tf b/terraform/cloud-init.tf index f322133..074e1d5 100644 --- a/terraform/cloud-init.tf +++ b/terraform/cloud-init.tf @@ -1,9 +1,6 @@ -data "local_file" "ssh_public_key" { - filename = "/home/mafyuh/.ssh/main_key.pub" -} - -data "local_file" "ssh_public_key_2" { - filename = "/home/mafyuh/.ssh/id_rsa.pub" +locals { + ssh_public_key_1 = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDndt2pi7jZx0qY1qn/UEn2AcZThxCQBvIGNytlPDz1cFNHjB1lGgHdI4uCw7fu2ET6/vpqHxjdQqB/Ehj2fajw1L2zncKB93NMv3pcq7ZJGwIgdw26vfBQZWFazaPk7O5rOGO1hWohE4YlejpOHYGCFs1pUxaC8DQPR0M6GvnccWxzJhpiO+NUeU8F/NC1uKLyypK8CpTmjVQaiTSgn/RorTf7A6sdzfWFndM7k6hw5NqqKVk0OhDfy/XCGQrIRh6/yxFbbthAUJgd8/djELlc7XQaG0nMSBtu6m8+VmMN8XO7FZmus8PwlcXPIhwos+vJlh2+xU+E7Ciwyw4WytCjuw67rL4REbdOh+zqZm//OMswvTxtDiRbTXTsOXqgyh5cOUcNub3UdAl6e7c2ZQT5lz5ZVCNNLVrFigvRE813YlKsoYu1p4XrtyHodeYEXgoLjU0jgRj0EmBEDriafo84lamHK7zItZllNH9hHKWs+iXiQQ4nVD65Ng0mYmM9OF76corqfIuQWkQd8kN2r5a0UHrl+tkhZOY3x3PB9r88yCPRdSkW8ICFObQ069yE4HU9kA41rVPXOU8zxK8UT2svTM0YRcDcfr2VUktU0wEP1ASv8nOAdvq7+pcqpoKrw3sZyyeLncxSAfJCRMjJvUDww92YSTjG4TCwY2gcPXRsww== Generated By Termius" + ssh_public_key_2 = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCt9kj7JcJVf8zfzLlsDv12d9dV7J4SM+Wrq7fWMUseCzl7BK3SX+cNFYWbkZsDsp81VtXrqXDpImIGc9KtRy1tvNmrd/+xlj6aVFH9tHYq//5pOC2C4wcf3wVlSazdhZ64qVwY4glr1Bs4M02GZ92VDjb51JvByl5kfgiKLqRiFyJHv9f5FYEfZqdLY+SKjd7H6fjhMTFTcyfXeGaifUTqogDXPLzk0iP0rx7C3oHOfsKKhZvUe/la9uYJGdbSeQX1H59KOVJQ7UQxr7wn+uu5e7IPPXiBoR4dBU8pAmtWgLo9F0ZdXgu2bOunUBIeL2/dj6xFCI3ZrQ3mLe+upoyhqLKh4+qi5SeQNcqXi7pHhcA1hGzmOMDrPXV/2DA0NcJ6v43qJFRn+Qp8Oy/zApvQ6F/opLhX0yghEc5ltmj+MPMom4ykKxpuGPUHxNplMgmVG+V/YlRXG9BATsQX35kt2lqivX9L4XppgJHhby0bJnZQKozExCn67w1rSW7MvYyo/W7aXK7ZGLIeH7sxqwwisQlbMjhVzYcods1p+JDi1VhNQUsc4nDA0ghk9PiSY11pwAvvzds46wZLMrxlNeIs2cEdghIi+5QO68qvZHODHrtiAn3yJ7qjarx5qOx5oe2DX2duY6/7cUEnwQFNX5z4hfeCCThz9jIn316Jk/oeXQ== admin@mafyuh.io" } resource "proxmox_virtual_environment_file" "cloud_config" { @@ -22,8 +19,8 @@ resource "proxmox_virtual_environment_file" "cloud_config" { - docker shell: /bin/bash ssh_authorized_keys: - - ${trimspace(data.local_file.ssh_public_key.content)} - - ${trimspace(data.local_file.ssh_public_key_2.content)} + - ${trimspace(local.ssh_public_key)} + - ${trimspace(local.ssh_public_key_2)} sudo: ALL=(ALL) NOPASSWD:ALL runcmd: - apt update @@ -58,8 +55,8 @@ resource "proxmox_virtual_environment_file" "cloud_config2" { - docker shell: /bin/bash ssh_authorized_keys: - - ${trimspace(data.local_file.ssh_public_key.content)} - - ${trimspace(data.local_file.ssh_public_key_2.content)} + - ${trimspace(local.ssh_public_key)} + - ${trimspace(local.ssh_public_key_2)} sudo: ALL=(ALL) NOPASSWD:ALL runcmd: - apt update diff --git a/terraform/kasm.tf b/terraform/kasm.tf index 22ae455..f48bc29 100644 --- a/terraform/kasm.tf +++ b/terraform/kasm.tf @@ -36,7 +36,7 @@ resource "proxmox_virtual_environment_vm" "Kasm" { # VM Disk Settings disk { datastore_id = "local-lvm" - size = 152 + size = 151 interface = "scsi0" } From cf67c7cd23e056c7d21c02319d324e6fdae589e3 Mon Sep 17 00:00:00 2001 From: Matt Reeves Date: Sun, 13 Oct 2024 11:20:22 -0400 Subject: [PATCH 05/10] test --- terraform/cloud-init.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/cloud-init.tf b/terraform/cloud-init.tf index 074e1d5..2202ec2 100644 --- a/terraform/cloud-init.tf +++ b/terraform/cloud-init.tf @@ -19,7 +19,7 @@ resource "proxmox_virtual_environment_file" "cloud_config" { - docker shell: /bin/bash ssh_authorized_keys: - - ${trimspace(local.ssh_public_key)} + - ${trimspace(local.ssh_public_key_1)} - ${trimspace(local.ssh_public_key_2)} sudo: ALL=(ALL) NOPASSWD:ALL runcmd: From ce7c0c1a46f8609dd357ad9bb03c8320f9de6f30 Mon Sep 17 00:00:00 2001 From: Matt Reeves Date: Sun, 13 Oct 2024 11:20:51 -0400 Subject: [PATCH 06/10] test --- terraform/cloud-init.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/cloud-init.tf b/terraform/cloud-init.tf index 2202ec2..e5f2125 100644 --- a/terraform/cloud-init.tf +++ b/terraform/cloud-init.tf @@ -55,7 +55,7 @@ resource "proxmox_virtual_environment_file" "cloud_config2" { - docker shell: /bin/bash ssh_authorized_keys: - - ${trimspace(local.ssh_public_key)} + - ${trimspace(local.ssh_public_key_1)} - ${trimspace(local.ssh_public_key_2)} sudo: ALL=(ALL) NOPASSWD:ALL runcmd: From 3ee1613978e9a46897757e6a6785974505de94dd Mon Sep 17 00:00:00 2001 From: Matt Reeves Date: Sun, 13 Oct 2024 16:20:24 -0400 Subject: [PATCH 07/10] add ntp playbook --- ansible/playbooks/ntp.yml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 ansible/playbooks/ntp.yml diff --git a/ansible/playbooks/ntp.yml b/ansible/playbooks/ntp.yml new file mode 100644 index 0000000..dccd146 --- /dev/null +++ b/ansible/playbooks/ntp.yml @@ -0,0 +1,33 @@ +--- +- name: Configure systemd-timesyncd to use router NTP server + hosts: all + become: true + + tasks: + - name: Ensure systemd-timesyncd is installed + apt: + name: systemd-timesyncd + state: present + update_cache: yes + + - name: Configure timesyncd to use the router's NTP server + lineinfile: + path: /etc/systemd/timesyncd.conf + regexp: '^NTP=' + line: 'NTP=10.0.0.1' + insertafter: '^\[Time\]' + state: present + + - name: Restart systemd-timesyncd to apply changes + systemd: + name: systemd-timesyncd + state: restarted + enabled: yes + + - name: Verify the NTP configuration + command: timedatectl status + register: timesync_status + + - name: Show the status of time synchronization + debug: + msg: "{{ timesync_status.stdout }}" From 5e34685a075948baa834e60b637766ef8a9d6da1 Mon Sep 17 00:00:00 2001 From: Matt Reeves Date: Sun, 13 Oct 2024 16:37:39 -0400 Subject: [PATCH 08/10] fix ntp --- ansible/playbooks/ntp.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/ansible/playbooks/ntp.yml b/ansible/playbooks/ntp.yml index dccd146..7097814 100644 --- a/ansible/playbooks/ntp.yml +++ b/ansible/playbooks/ntp.yml @@ -10,13 +10,12 @@ state: present update_cache: yes - - name: Configure timesyncd to use the router's NTP server - lineinfile: + - name: Configure timesyncd to use the router's NTP server using ini_file + ini_file: path: /etc/systemd/timesyncd.conf - regexp: '^NTP=' - line: 'NTP=10.0.0.1' - insertafter: '^\[Time\]' - state: present + section: Time + option: NTP + value: '10.0.0.1' - name: Restart systemd-timesyncd to apply changes systemd: From 169caf0b6b592eeffc2fabe6dd86feb67038bd09 Mon Sep 17 00:00:00 2001 From: Matt Reeves Date: Sun, 13 Oct 2024 16:39:05 -0400 Subject: [PATCH 09/10] test ntp --- ansible/playbooks/ntp.yml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/ansible/playbooks/ntp.yml b/ansible/playbooks/ntp.yml index 7097814..abfc0ed 100644 --- a/ansible/playbooks/ntp.yml +++ b/ansible/playbooks/ntp.yml @@ -10,12 +10,9 @@ state: present update_cache: yes - - name: Configure timesyncd to use the router's NTP server using ini_file - ini_file: - path: /etc/systemd/timesyncd.conf - section: Time - option: NTP - value: '10.0.0.1' + - name: Configure timesyncd to use the router's NTP server + shell: sed -i '/^NTP=/c\NTP=10.0.0.1' /etc/systemd/timesyncd.conf + - name: Restart systemd-timesyncd to apply changes systemd: From efa91713e6e867b39bbbb1441e1853331344c5fb Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 13 Oct 2024 15:00:33 +0000 Subject: [PATCH 10/10] :arrow_up: Update vaultwarden/server Docker tag to v1.32.2 --- docker/arm/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/arm/docker-compose.yml b/docker/arm/docker-compose.yml index 8716ca3..ac85c10 100644 --- a/docker/arm/docker-compose.yml +++ b/docker/arm/docker-compose.yml @@ -148,7 +148,7 @@ services: - gitea_main vaultwarden: - image: vaultwarden/server:1.32.1 + image: vaultwarden/server:1.32.2 container_name: vaultwarden ports: - 8989:80