Merge branch 'main' into renovate/ghcr.io-requarks-wiki-2.x

Author: Matt Reeves

.forgejo/workflows/tofu.yml

@@ -1,32 +1,92 @@
-name: Terraform Apply
+name: OpenTofu Automation
 
 on:
   push:
+    branches:
+      - main
     paths:
       - 'terraform/**'
 
 jobs:
-  terraform:
-    runs-on: ubuntu-latest
+  deploy:
+    runs-on: docker
+    container:
+      image: node:22
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      - name: Download OpenTofu Installer
+      - name: Get Secrets from Bitwarden
+        id: bitwarden-secrets
+        uses: https://github.com/bitwarden/sm-action@v2
+        with:
+          access_token: ${{ secrets.BW_ACCESS_TOKEN }}
+          base_url: https://vault.bitwarden.com
+          secrets: |
+            c65f8886-f6fb-4c17-bc79-b208000604bf > arrbuntu_ip_address
+            2dae51bd-bd65-474c-971c-b20800f22afa > aws_access_key_id
+            287c852d-f2b5-467d-bfc4-b20800f25f52 > aws_secret_access_key
+            a54974b8-c6b3-4df7-9042-b20800064050 > downloaders_ip_address
+            dacbeafa-c671-4b9c-9334-b2080006f75b > init_password
+            9ceabbd0-6492-4674-9bab-b2080006e333 > init_username
+            0bc3c1a3-fc48-48ce-85c5-b2080007136a > kasm_ip
+            63ca1819-5090-4e30-9dba-b20800072718 > kasm_ssh_ip
+            47ef68aa-32a9-45b0-835d-b2080006ce38 > npm_ip_address
+            d0c7f3ec-8277-4b1b-9a1b-b2080006b842 > prox_ip_address
+            17ab7869-c7a1-4ece-8c64-b20800075213 > pve2_ip_address
+            f8f85ab2-5f6d-46a7-9e06-b20800076d26 > s3_endpoint
+            68f1d77d-4e96-498a-9464-b208000679a4 > ssh_password
+            d0762ced-73de-4f30-aa1c-b20800069536 > ssh_username
+            d8017351-7a11-42e6-9e8d-b208000739b8 > ubu_ip_address
+            1d250f4a-ae18-4e19-934c-b2080005e132 > virtual_environment_api
+            a4ed343a-bb92-4beb-a421-b2080005bf98 > virtual_environment_endpoint
+            af0ed579-05f8-405f-b0f3-b208000620ca > vlan_gateway
+
+      
+      - name: Create tfvars file
+        working-directory: ./terraform
         run: |
-          curl --proto '=https' --tlsv1.2 -fsSL https://get.opentofu.org/install-opentofu.sh -o install-opentofu.sh
-          chmod +x install-opentofu.sh
+          cat <<EOF > terraform.tfvars
+          arrbuntu_ip_address = "${{ steps.bitwarden-secrets.outputs.arrbuntu_ip_address }}"
+          aws_access_key_id = "${{ steps.bitwarden-secrets.outputs.aws_access_key_id }}"
+          aws_secret_access_key = "${{ steps.bitwarden-secrets.outputs.aws_secret_access_key }}"
+          downloaders_ip_address = "${{ steps.bitwarden-secrets.outputs.downloaders_ip_address }}"
+          init_password = "${{ steps.bitwarden-secrets.outputs.init_password }}"
+          init_username = "${{ steps.bitwarden-secrets.outputs.init_username }}"
+          kasm_ip = "${{ steps.bitwarden-secrets.outputs.kasm_ip }}"
+          kasm_ssh_ip = "${{ steps.bitwarden-secrets.outputs.kasm_ssh_ip }}"
+          npm_ip_address = "${{ steps.bitwarden-secrets.outputs.npm_ip_address }}"
+          prox_ip_address = "${{ steps.bitwarden-secrets.outputs.prox_ip_address }}"
+          pve2_ip_address = "${{ steps.bitwarden-secrets.outputs.pve2_ip_address }}"
+          s3_endpoint = "${{ steps.bitwarden-secrets.outputs.s3_endpoint }}"
+          ssh_password = "${{ steps.bitwarden-secrets.outputs.ssh_password }}"
+          ssh_username = "${{ steps.bitwarden-secrets.outputs.ssh_username }}"
+          ubu_ip_address = "${{ steps.bitwarden-secrets.outputs.ubu_ip_address }}"
+          virtual_environment_api = "${{ steps.bitwarden-secrets.outputs.virtual_environment_api }}"
+          virtual_environment_endpoint = "${{ steps.bitwarden-secrets.outputs.virtual_environment_endpoint }}"
+          vlan_gateway = "${{ steps.bitwarden-secrets.outputs.vlan_gateway }}"
+          EOF
 
-      - name: Inspect and Install OpenTofu
-        run: ./install-opentofu.sh --install-method deb
+      - name: Setup OpenTofu
+        uses: https://github.com/opentofu/setup-opentofu@v1.0.4
 
-      - name: Clean up Installer Script
-        run: rm -f install-opentofu.sh
+      - name: Run OpenTofu Init
+        working-directory: ./terraform
+        run: |
+          tofu init -var-file=terraform.tfvars
 
-      - name: Initialize OpenTofu
-        run: tofu init
+
+      - name: Run OpenTofu Plan
+        id: plan
         working-directory: ./terraform
+        run: tofu plan -no-color
+
+      - name: Display Plan Output
+        run: |
+          echo "Plan output:"
+          echo "${{ steps.plan.outputs.stdout }}"
 
-      - name: Apply OpenTofu
-        run: tofu apply -input=false
+      - name: Apply the Plan
+        if: success()
         working-directory: ./terraform
+        run: tofu apply -auto-approve

ansible/playbooks/ntp.yml

@@ -0,0 +1,29 @@
+---
+- name: Configure systemd-timesyncd to use router NTP server
+  hosts: all
+  become: true
+
+  tasks:
+    - name: Ensure systemd-timesyncd is installed
+      apt:
+        name: systemd-timesyncd
+        state: present
+        update_cache: yes
+
+    - name: Configure timesyncd to use the router's NTP server
+      shell: sed -i '/^NTP=/c\NTP=10.0.0.1' /etc/systemd/timesyncd.conf
+
+
+    - name: Restart systemd-timesyncd to apply changes
+      systemd:
+        name: systemd-timesyncd
+        state: restarted
+        enabled: yes
+
+    - name: Verify the NTP configuration
+      command: timedatectl status
+      register: timesync_status
+
+    - name: Show the status of time synchronization
+      debug:
+        msg: "{{ timesync_status.stdout }}"

docker/arm/docker-compose.yml

@@ -148,7 +148,7 @@ services:
       - gitea_main
 
   vaultwarden:
-    image: vaultwarden/server:1.32.1
+    image: vaultwarden/server:1.32.2
     container_name: vaultwarden
     ports:
       - 8989:80

docker/cf/docker-compose.yml

@@ -7,7 +7,7 @@ services:
 
   wallos:
     container_name: wallos
-    image: bellamy/wallos:2.29.2
+    image: bellamy/wallos:2.30.0
     ports:
       - "8282:80/tcp"
     environment:

docker/whisper/docker-compose.yml

@@ -1,9 +1,6 @@
-data "local_file" "ssh_public_key" {
-  filename = "/home/mafyuh/.ssh/main_key.pub"
-}
-
-data "local_file" "ssh_public_key_2" {
-  filename = "/home/mafyuh/.ssh/id_rsa.pub"
+locals {
+  ssh_public_key_1 = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDndt2pi7jZx0qY1qn/UEn2AcZThxCQBvIGNytlPDz1cFNHjB1lGgHdI4uCw7fu2ET6/vpqHxjdQqB/Ehj2fajw1L2zncKB93NMv3pcq7ZJGwIgdw26vfBQZWFazaPk7O5rOGO1hWohE4YlejpOHYGCFs1pUxaC8DQPR0M6GvnccWxzJhpiO+NUeU8F/NC1uKLyypK8CpTmjVQaiTSgn/RorTf7A6sdzfWFndM7k6hw5NqqKVk0OhDfy/XCGQrIRh6/yxFbbthAUJgd8/djELlc7XQaG0nMSBtu6m8+VmMN8XO7FZmus8PwlcXPIhwos+vJlh2+xU+E7Ciwyw4WytCjuw67rL4REbdOh+zqZm//OMswvTxtDiRbTXTsOXqgyh5cOUcNub3UdAl6e7c2ZQT5lz5ZVCNNLVrFigvRE813YlKsoYu1p4XrtyHodeYEXgoLjU0jgRj0EmBEDriafo84lamHK7zItZllNH9hHKWs+iXiQQ4nVD65Ng0mYmM9OF76corqfIuQWkQd8kN2r5a0UHrl+tkhZOY3x3PB9r88yCPRdSkW8ICFObQ069yE4HU9kA41rVPXOU8zxK8UT2svTM0YRcDcfr2VUktU0wEP1ASv8nOAdvq7+pcqpoKrw3sZyyeLncxSAfJCRMjJvUDww92YSTjG4TCwY2gcPXRsww== Generated By Termius"
+  ssh_public_key_2 = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCt9kj7JcJVf8zfzLlsDv12d9dV7J4SM+Wrq7fWMUseCzl7BK3SX+cNFYWbkZsDsp81VtXrqXDpImIGc9KtRy1tvNmrd/+xlj6aVFH9tHYq//5pOC2C4wcf3wVlSazdhZ64qVwY4glr1Bs4M02GZ92VDjb51JvByl5kfgiKLqRiFyJHv9f5FYEfZqdLY+SKjd7H6fjhMTFTcyfXeGaifUTqogDXPLzk0iP0rx7C3oHOfsKKhZvUe/la9uYJGdbSeQX1H59KOVJQ7UQxr7wn+uu5e7IPPXiBoR4dBU8pAmtWgLo9F0ZdXgu2bOunUBIeL2/dj6xFCI3ZrQ3mLe+upoyhqLKh4+qi5SeQNcqXi7pHhcA1hGzmOMDrPXV/2DA0NcJ6v43qJFRn+Qp8Oy/zApvQ6F/opLhX0yghEc5ltmj+MPMom4ykKxpuGPUHxNplMgmVG+V/YlRXG9BATsQX35kt2lqivX9L4XppgJHhby0bJnZQKozExCn67w1rSW7MvYyo/W7aXK7ZGLIeH7sxqwwisQlbMjhVzYcods1p+JDi1VhNQUsc4nDA0ghk9PiSY11pwAvvzds46wZLMrxlNeIs2cEdghIi+5QO68qvZHODHrtiAn3yJ7qjarx5qOx5oe2DX2duY6/7cUEnwQFNX5z4hfeCCThz9jIn316Jk/oeXQ== admin@mafyuh.io"
 }
 
 resource "proxmox_virtual_environment_file" "cloud_config" {
@@ -22,8 +19,8 @@ resource "proxmox_virtual_environment_file" "cloud_config" {
           - docker
         shell: /bin/bash
         ssh_authorized_keys:
-          - ${trimspace(data.local_file.ssh_public_key.content)}
-          - ${trimspace(data.local_file.ssh_public_key_2.content)}
+          - ${trimspace(local.ssh_public_key_1)}
+          - ${trimspace(local.ssh_public_key_2)}
         sudo: ALL=(ALL) NOPASSWD:ALL
     runcmd:
         - apt update
@@ -58,8 +55,8 @@ resource "proxmox_virtual_environment_file" "cloud_config2" {
           - docker
         shell: /bin/bash
         ssh_authorized_keys:
-          - ${trimspace(data.local_file.ssh_public_key.content)}
-          - ${trimspace(data.local_file.ssh_public_key_2.content)}
+          - ${trimspace(local.ssh_public_key_1)}
+          - ${trimspace(local.ssh_public_key_2)}
         sudo: ALL=(ALL) NOPASSWD:ALL
     runcmd:
         - apt update

terraform/cloud-init.tf

@@ -36,7 +36,7 @@ resource "proxmox_virtual_environment_vm" "Kasm" {
   # VM Disk Settings
   disk {
     datastore_id = "local-lvm"
-    size         = 150
+    size         = 151
     interface    = "scsi0"
   }
 

terraform/kasm.tf

@@ -19,6 +19,8 @@ terraform {
     endpoints = {
       s3 = var.s3_endpoint
     }
+    access_key = var.aws_access_key_id
+    secret_key = var.aws_secret_access_key
   }
 }
 

terraform/provider.tf

@@ -0,0 +1,15 @@
+arrbuntu_ip_address = ""
+downloaders_ip_address = ""
+init_password = ""
+kasm_ip = ""
+kasm_ssh_ip = ""
+npm_ip_address = ""
+prox_ip_address = ""
+pve2_ip_address = ""
+s3_endpoint = ""
+ssh_password = ""
+ssh_username = ""
+ubu_ip_address = ""
+virtual_environment_api = ""
+virtual_environment_endpoint = ""
+vlan_gateway = ""

terraform/secrets.tfvars

@@ -18,10 +18,6 @@ variable "downloaders_ip_address" {
         type = string
 }
 
-variable "whisper_ip_address" {
-        type = string
-}
-
 variable "ssh_password" {
         type = string
 }
@@ -64,4 +60,12 @@ variable "pve2_ip_address" {
 
 variable "s3_endpoint" {
         type = string
+}
+
+variable "aws_secret_access_key" {
+  type = string
+}
+
+variable "aws_access_key_id" {
+  type = string
 }