diff --git a/.forgejo/workflows/tofu.yml b/.forgejo/workflows/tofu.yml index f9c974e..34726e2 100644 --- a/.forgejo/workflows/tofu.yml +++ b/.forgejo/workflows/tofu.yml @@ -1,32 +1,92 @@ -name: Terraform Apply +name: OpenTofu Automation on: push: + branches: + - main paths: - 'terraform/**' jobs: - terraform: - runs-on: ubuntu-latest + deploy: + runs-on: docker + container: + image: node:22 steps: - name: Checkout code uses: actions/checkout@v4 - - name: Download OpenTofu Installer + - name: Get Secrets from Bitwarden + id: bitwarden-secrets + uses: https://github.com/bitwarden/sm-action@v2 + with: + access_token: ${{ secrets.BW_ACCESS_TOKEN }} + base_url: https://vault.bitwarden.com + secrets: | + c65f8886-f6fb-4c17-bc79-b208000604bf > arrbuntu_ip_address + 2dae51bd-bd65-474c-971c-b20800f22afa > aws_access_key_id + 287c852d-f2b5-467d-bfc4-b20800f25f52 > aws_secret_access_key + a54974b8-c6b3-4df7-9042-b20800064050 > downloaders_ip_address + dacbeafa-c671-4b9c-9334-b2080006f75b > init_password + 9ceabbd0-6492-4674-9bab-b2080006e333 > init_username + 0bc3c1a3-fc48-48ce-85c5-b2080007136a > kasm_ip + 63ca1819-5090-4e30-9dba-b20800072718 > kasm_ssh_ip + 47ef68aa-32a9-45b0-835d-b2080006ce38 > npm_ip_address + d0c7f3ec-8277-4b1b-9a1b-b2080006b842 > prox_ip_address + 17ab7869-c7a1-4ece-8c64-b20800075213 > pve2_ip_address + f8f85ab2-5f6d-46a7-9e06-b20800076d26 > s3_endpoint + 68f1d77d-4e96-498a-9464-b208000679a4 > ssh_password + d0762ced-73de-4f30-aa1c-b20800069536 > ssh_username + d8017351-7a11-42e6-9e8d-b208000739b8 > ubu_ip_address + 1d250f4a-ae18-4e19-934c-b2080005e132 > virtual_environment_api + a4ed343a-bb92-4beb-a421-b2080005bf98 > virtual_environment_endpoint + af0ed579-05f8-405f-b0f3-b208000620ca > vlan_gateway + + + - name: Create tfvars file + working-directory: ./terraform run: | - curl --proto '=https' --tlsv1.2 -fsSL https://get.opentofu.org/install-opentofu.sh -o install-opentofu.sh - chmod +x install-opentofu.sh + cat < terraform.tfvars + arrbuntu_ip_address = "${{ steps.bitwarden-secrets.outputs.arrbuntu_ip_address }}" + aws_access_key_id = "${{ steps.bitwarden-secrets.outputs.aws_access_key_id }}" + aws_secret_access_key = "${{ steps.bitwarden-secrets.outputs.aws_secret_access_key }}" + downloaders_ip_address = "${{ steps.bitwarden-secrets.outputs.downloaders_ip_address }}" + init_password = "${{ steps.bitwarden-secrets.outputs.init_password }}" + init_username = "${{ steps.bitwarden-secrets.outputs.init_username }}" + kasm_ip = "${{ steps.bitwarden-secrets.outputs.kasm_ip }}" + kasm_ssh_ip = "${{ steps.bitwarden-secrets.outputs.kasm_ssh_ip }}" + npm_ip_address = "${{ steps.bitwarden-secrets.outputs.npm_ip_address }}" + prox_ip_address = "${{ steps.bitwarden-secrets.outputs.prox_ip_address }}" + pve2_ip_address = "${{ steps.bitwarden-secrets.outputs.pve2_ip_address }}" + s3_endpoint = "${{ steps.bitwarden-secrets.outputs.s3_endpoint }}" + ssh_password = "${{ steps.bitwarden-secrets.outputs.ssh_password }}" + ssh_username = "${{ steps.bitwarden-secrets.outputs.ssh_username }}" + ubu_ip_address = "${{ steps.bitwarden-secrets.outputs.ubu_ip_address }}" + virtual_environment_api = "${{ steps.bitwarden-secrets.outputs.virtual_environment_api }}" + virtual_environment_endpoint = "${{ steps.bitwarden-secrets.outputs.virtual_environment_endpoint }}" + vlan_gateway = "${{ steps.bitwarden-secrets.outputs.vlan_gateway }}" + EOF - - name: Inspect and Install OpenTofu - run: ./install-opentofu.sh --install-method deb + - name: Setup OpenTofu + uses: https://github.com/opentofu/setup-opentofu@v1.0.4 - - name: Clean up Installer Script - run: rm -f install-opentofu.sh - - - name: Initialize OpenTofu - run: tofu init + - name: Run OpenTofu Init working-directory: ./terraform + run: | + tofu init -var-file=terraform.tfvars - - name: Apply OpenTofu - run: tofu apply -input=false + + - name: Run OpenTofu Plan + id: plan working-directory: ./terraform + run: tofu plan -no-color + + - name: Display Plan Output + run: | + echo "Plan output:" + echo "${{ steps.plan.outputs.stdout }}" + + - name: Apply the Plan + if: success() + working-directory: ./terraform + run: tofu apply -auto-approve diff --git a/ansible/playbooks/ntp.yml b/ansible/playbooks/ntp.yml new file mode 100644 index 0000000..abfc0ed --- /dev/null +++ b/ansible/playbooks/ntp.yml @@ -0,0 +1,29 @@ +--- +- name: Configure systemd-timesyncd to use router NTP server + hosts: all + become: true + + tasks: + - name: Ensure systemd-timesyncd is installed + apt: + name: systemd-timesyncd + state: present + update_cache: yes + + - name: Configure timesyncd to use the router's NTP server + shell: sed -i '/^NTP=/c\NTP=10.0.0.1' /etc/systemd/timesyncd.conf + + + - name: Restart systemd-timesyncd to apply changes + systemd: + name: systemd-timesyncd + state: restarted + enabled: yes + + - name: Verify the NTP configuration + command: timedatectl status + register: timesync_status + + - name: Show the status of time synchronization + debug: + msg: "{{ timesync_status.stdout }}" diff --git a/docker/arm/docker-compose.yml b/docker/arm/docker-compose.yml index 227ba3c..94b2f4e 100644 --- a/docker/arm/docker-compose.yml +++ b/docker/arm/docker-compose.yml @@ -148,7 +148,7 @@ services: - gitea_main vaultwarden: - image: vaultwarden/server:1.32.1 + image: vaultwarden/server:1.32.2 container_name: vaultwarden ports: - 8989:80 diff --git a/docker/cf/docker-compose.yml b/docker/cf/docker-compose.yml index 4df9a2a..ffa709d 100644 --- a/docker/cf/docker-compose.yml +++ b/docker/cf/docker-compose.yml @@ -7,7 +7,7 @@ services: wallos: container_name: wallos - image: bellamy/wallos:2.29.2 + image: bellamy/wallos:2.30.0 ports: - "8282:80/tcp" environment: diff --git a/docker/whisper/docker-compose.yml b/docker/whisper/docker-compose.yml deleted file mode 100644 index 32b4942..0000000 --- a/docker/whisper/docker-compose.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -version: "2.1" -services: - whisperasr: - container_name: whisper - image: onerahmet/openai-whisper-asr-webservice:v1.6.0-gpu - environment: - - ASR_MODEL=base.en - - ASR_ENGINE=faster_whisper - ports: - - 9000:9000 - deploy: - resources: - reservations: - devices: - - driver: nvidia - count: 1 - capabilities: [gpu] - restart: unless-stopped diff --git a/terraform/cloud-init.tf b/terraform/cloud-init.tf index f322133..e5f2125 100644 --- a/terraform/cloud-init.tf +++ b/terraform/cloud-init.tf @@ -1,9 +1,6 @@ -data "local_file" "ssh_public_key" { - filename = "/home/mafyuh/.ssh/main_key.pub" -} - -data "local_file" "ssh_public_key_2" { - filename = "/home/mafyuh/.ssh/id_rsa.pub" +locals { + ssh_public_key_1 = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDndt2pi7jZx0qY1qn/UEn2AcZThxCQBvIGNytlPDz1cFNHjB1lGgHdI4uCw7fu2ET6/vpqHxjdQqB/Ehj2fajw1L2zncKB93NMv3pcq7ZJGwIgdw26vfBQZWFazaPk7O5rOGO1hWohE4YlejpOHYGCFs1pUxaC8DQPR0M6GvnccWxzJhpiO+NUeU8F/NC1uKLyypK8CpTmjVQaiTSgn/RorTf7A6sdzfWFndM7k6hw5NqqKVk0OhDfy/XCGQrIRh6/yxFbbthAUJgd8/djELlc7XQaG0nMSBtu6m8+VmMN8XO7FZmus8PwlcXPIhwos+vJlh2+xU+E7Ciwyw4WytCjuw67rL4REbdOh+zqZm//OMswvTxtDiRbTXTsOXqgyh5cOUcNub3UdAl6e7c2ZQT5lz5ZVCNNLVrFigvRE813YlKsoYu1p4XrtyHodeYEXgoLjU0jgRj0EmBEDriafo84lamHK7zItZllNH9hHKWs+iXiQQ4nVD65Ng0mYmM9OF76corqfIuQWkQd8kN2r5a0UHrl+tkhZOY3x3PB9r88yCPRdSkW8ICFObQ069yE4HU9kA41rVPXOU8zxK8UT2svTM0YRcDcfr2VUktU0wEP1ASv8nOAdvq7+pcqpoKrw3sZyyeLncxSAfJCRMjJvUDww92YSTjG4TCwY2gcPXRsww== Generated By Termius" + ssh_public_key_2 = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCt9kj7JcJVf8zfzLlsDv12d9dV7J4SM+Wrq7fWMUseCzl7BK3SX+cNFYWbkZsDsp81VtXrqXDpImIGc9KtRy1tvNmrd/+xlj6aVFH9tHYq//5pOC2C4wcf3wVlSazdhZ64qVwY4glr1Bs4M02GZ92VDjb51JvByl5kfgiKLqRiFyJHv9f5FYEfZqdLY+SKjd7H6fjhMTFTcyfXeGaifUTqogDXPLzk0iP0rx7C3oHOfsKKhZvUe/la9uYJGdbSeQX1H59KOVJQ7UQxr7wn+uu5e7IPPXiBoR4dBU8pAmtWgLo9F0ZdXgu2bOunUBIeL2/dj6xFCI3ZrQ3mLe+upoyhqLKh4+qi5SeQNcqXi7pHhcA1hGzmOMDrPXV/2DA0NcJ6v43qJFRn+Qp8Oy/zApvQ6F/opLhX0yghEc5ltmj+MPMom4ykKxpuGPUHxNplMgmVG+V/YlRXG9BATsQX35kt2lqivX9L4XppgJHhby0bJnZQKozExCn67w1rSW7MvYyo/W7aXK7ZGLIeH7sxqwwisQlbMjhVzYcods1p+JDi1VhNQUsc4nDA0ghk9PiSY11pwAvvzds46wZLMrxlNeIs2cEdghIi+5QO68qvZHODHrtiAn3yJ7qjarx5qOx5oe2DX2duY6/7cUEnwQFNX5z4hfeCCThz9jIn316Jk/oeXQ== admin@mafyuh.io" } resource "proxmox_virtual_environment_file" "cloud_config" { @@ -22,8 +19,8 @@ resource "proxmox_virtual_environment_file" "cloud_config" { - docker shell: /bin/bash ssh_authorized_keys: - - ${trimspace(data.local_file.ssh_public_key.content)} - - ${trimspace(data.local_file.ssh_public_key_2.content)} + - ${trimspace(local.ssh_public_key_1)} + - ${trimspace(local.ssh_public_key_2)} sudo: ALL=(ALL) NOPASSWD:ALL runcmd: - apt update @@ -58,8 +55,8 @@ resource "proxmox_virtual_environment_file" "cloud_config2" { - docker shell: /bin/bash ssh_authorized_keys: - - ${trimspace(data.local_file.ssh_public_key.content)} - - ${trimspace(data.local_file.ssh_public_key_2.content)} + - ${trimspace(local.ssh_public_key_1)} + - ${trimspace(local.ssh_public_key_2)} sudo: ALL=(ALL) NOPASSWD:ALL runcmd: - apt update diff --git a/terraform/kasm.tf b/terraform/kasm.tf index 9fa950a..f48bc29 100644 --- a/terraform/kasm.tf +++ b/terraform/kasm.tf @@ -36,7 +36,7 @@ resource "proxmox_virtual_environment_vm" "Kasm" { # VM Disk Settings disk { datastore_id = "local-lvm" - size = 150 + size = 151 interface = "scsi0" } diff --git a/terraform/provider.tf b/terraform/provider.tf index e76e1b8..d081208 100644 --- a/terraform/provider.tf +++ b/terraform/provider.tf @@ -19,6 +19,8 @@ terraform { endpoints = { s3 = var.s3_endpoint } + access_key = var.aws_access_key_id + secret_key = var.aws_secret_access_key } } diff --git a/terraform/secrets.tfvars b/terraform/secrets.tfvars new file mode 100644 index 0000000..ff7e4e1 --- /dev/null +++ b/terraform/secrets.tfvars @@ -0,0 +1,15 @@ +arrbuntu_ip_address = "" +downloaders_ip_address = "" +init_password = "" +kasm_ip = "" +kasm_ssh_ip = "" +npm_ip_address = "" +prox_ip_address = "" +pve2_ip_address = "" +s3_endpoint = "" +ssh_password = "" +ssh_username = "" +ubu_ip_address = "" +virtual_environment_api = "" +virtual_environment_endpoint = "" +vlan_gateway = "" diff --git a/terraform/vars.tf b/terraform/vars.tf index 60ca8e4..55340df 100644 --- a/terraform/vars.tf +++ b/terraform/vars.tf @@ -18,10 +18,6 @@ variable "downloaders_ip_address" { type = string } -variable "whisper_ip_address" { - type = string -} - variable "ssh_password" { type = string } @@ -64,4 +60,12 @@ variable "pve2_ip_address" { variable "s3_endpoint" { type = string +} + +variable "aws_secret_access_key" { + type = string +} + +variable "aws_access_key_id" { + type = string } \ No newline at end of file