mafyuh/iac
1
0
Fork 0
Code Issues 5 Pull requests 10 Projects 1 Wiki Activity Actions

Merge branch 'main' into renovate/ghcr.io-requarks-wiki-2.x
All checks were successful
Lint on PR / Lint YAML files (pull_request) Successful in 9s
Details
Deploy to Hosts / deploy (pull_request) Successful in 53s
Details

Browse source
This commit is contained in:
Matt Reeves 2024-10-13 20:43:37 -04:00
commit 4aabec0bf9
10 changed files with 139 additions and 51 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

90
.forgejo/workflows/tofu.yml
View file

@ -1,32 +1,92 @@
name: Terraform Apply
name: OpenTofu Automation
on:
push:
branches:
- main
paths:
- 'terraform/**'
jobs:
terraform:
runs-on: ubuntu-latest
deploy:
runs-on: docker
container:
image: node:22
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Download OpenTofu Installer
- name: Get Secrets from Bitwarden
id: bitwarden-secrets
uses: https://github.com/bitwarden/sm-action@v2
with:
access_token: ${{ secrets.BW_ACCESS_TOKEN }}
base_url: https://vault.bitwarden.com
secrets: |
c65f8886-f6fb-4c17-bc79-b208000604bf > arrbuntu_ip_address
2dae51bd-bd65-474c-971c-b20800f22afa > aws_access_key_id
287c852d-f2b5-467d-bfc4-b20800f25f52 > aws_secret_access_key
a54974b8-c6b3-4df7-9042-b20800064050 > downloaders_ip_address
dacbeafa-c671-4b9c-9334-b2080006f75b > init_password
9ceabbd0-6492-4674-9bab-b2080006e333 > init_username
0bc3c1a3-fc48-48ce-85c5-b2080007136a > kasm_ip
63ca1819-5090-4e30-9dba-b20800072718 > kasm_ssh_ip
47ef68aa-32a9-45b0-835d-b2080006ce38 > npm_ip_address
d0c7f3ec-8277-4b1b-9a1b-b2080006b842 > prox_ip_address
17ab7869-c7a1-4ece-8c64-b20800075213 > pve2_ip_address
f8f85ab2-5f6d-46a7-9e06-b20800076d26 > s3_endpoint
68f1d77d-4e96-498a-9464-b208000679a4 > ssh_password
d0762ced-73de-4f30-aa1c-b20800069536 > ssh_username
d8017351-7a11-42e6-9e8d-b208000739b8 > ubu_ip_address
1d250f4a-ae18-4e19-934c-b2080005e132 > virtual_environment_api
a4ed343a-bb92-4beb-a421-b2080005bf98 > virtual_environment_endpoint
af0ed579-05f8-405f-b0f3-b208000620ca > vlan_gateway
- name: Create tfvars file
working-directory: ./terraform
run: |
curl --proto '=https' --tlsv1.2 -fsSL https://get.opentofu.org/install-opentofu.sh -o install-opentofu.sh
chmod +x install-opentofu.sh
cat <<EOF > terraform.tfvars
arrbuntu_ip_address = "${{ steps.bitwarden-secrets.outputs.arrbuntu_ip_address }}"
aws_access_key_id = "${{ steps.bitwarden-secrets.outputs.aws_access_key_id }}"
aws_secret_access_key = "${{ steps.bitwarden-secrets.outputs.aws_secret_access_key }}"
downloaders_ip_address = "${{ steps.bitwarden-secrets.outputs.downloaders_ip_address }}"
init_password = "${{ steps.bitwarden-secrets.outputs.init_password }}"
init_username = "${{ steps.bitwarden-secrets.outputs.init_username }}"
kasm_ip = "${{ steps.bitwarden-secrets.outputs.kasm_ip }}"
kasm_ssh_ip = "${{ steps.bitwarden-secrets.outputs.kasm_ssh_ip }}"
npm_ip_address = "${{ steps.bitwarden-secrets.outputs.npm_ip_address }}"
prox_ip_address = "${{ steps.bitwarden-secrets.outputs.prox_ip_address }}"
pve2_ip_address = "${{ steps.bitwarden-secrets.outputs.pve2_ip_address }}"
s3_endpoint = "${{ steps.bitwarden-secrets.outputs.s3_endpoint }}"
ssh_password = "${{ steps.bitwarden-secrets.outputs.ssh_password }}"
ssh_username = "${{ steps.bitwarden-secrets.outputs.ssh_username }}"
ubu_ip_address = "${{ steps.bitwarden-secrets.outputs.ubu_ip_address }}"
virtual_environment_api = "${{ steps.bitwarden-secrets.outputs.virtual_environment_api }}"
virtual_environment_endpoint = "${{ steps.bitwarden-secrets.outputs.virtual_environment_endpoint }}"
vlan_gateway = "${{ steps.bitwarden-secrets.outputs.vlan_gateway }}"
EOF
- name: Inspect and Install OpenTofu
run: ./install-opentofu.sh --install-method deb
- name: Setup OpenTofu
uses: https://github.com/opentofu/setup-opentofu@v1.0.4
- name: Clean up Installer Script
run: rm -f install-opentofu.sh
- name: Initialize OpenTofu
run: tofu init
- name: Run OpenTofu Init
working-directory: ./terraform
run: |
tofu init -var-file=terraform.tfvars
- name: Apply OpenTofu
run: tofu apply -input=false
- name: Run OpenTofu Plan
id: plan
working-directory: ./terraform
run: tofu plan -no-color
- name: Display Plan Output
run: |
echo "Plan output:"
echo "${{ steps.plan.outputs.stdout }}"
- name: Apply the Plan
if: success()
working-directory: ./terraform
run: tofu apply -auto-approve

29
ansible/playbooks/ntp.yml Normal file
View file

@ -0,0 +1,29 @@
---
- name: Configure systemd-timesyncd to use router NTP server
hosts: all
become: true
tasks:
- name: Ensure systemd-timesyncd is installed
apt:
name: systemd-timesyncd
state: present
update_cache: yes
- name: Configure timesyncd to use the router's NTP server
shell: sed -i '/^NTP=/c\NTP=10.0.0.1' /etc/systemd/timesyncd.conf
- name: Restart systemd-timesyncd to apply changes
systemd:
name: systemd-timesyncd
state: restarted
enabled: yes
- name: Verify the NTP configuration
command: timedatectl status
register: timesync_status
- name: Show the status of time synchronization
debug:
msg: "{{ timesync_status.stdout }}"

2
docker/arm/docker-compose.yml
View file

@ -148,7 +148,7 @@ services:
- gitea_main
vaultwarden:
image: vaultwarden/server:1.32.1
image: vaultwarden/server:1.32.2
container_name: vaultwarden
ports:
- 8989:80

2
docker/cf/docker-compose.yml
View file

@ -7,7 +7,7 @@ services:
wallos:
container_name: wallos
image: bellamy/wallos:2.29.2
image: bellamy/wallos:2.30.0
ports:
- "8282:80/tcp"
environment:

19
docker/whisper/docker-compose.yml
View file

@ -1,19 +0,0 @@
---
version: "2.1"
services:
whisperasr:
container_name: whisper
image: onerahmet/openai-whisper-asr-webservice:v1.6.0-gpu
environment:
- ASR_MODEL=base.en
- ASR_ENGINE=faster_whisper
ports:
- 9000:9000
deploy:
resources:
reservations:
devices:
- driver: nvidia
count: 1
capabilities: [gpu]
restart: unless-stopped

17
terraform/cloud-init.tf
View file

@ -1,9 +1,6 @@
data "local_file" "ssh_public_key" {
filename = "/home/mafyuh/.ssh/main_key.pub"
}
data "local_file" "ssh_public_key_2" {
filename = "/home/mafyuh/.ssh/id_rsa.pub"
locals {
ssh_public_key_1 = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDndt2pi7jZx0qY1qn/UEn2AcZThxCQBvIGNytlPDz1cFNHjB1lGgHdI4uCw7fu2ET6/vpqHxjdQqB/Ehj2fajw1L2zncKB93NMv3pcq7ZJGwIgdw26vfBQZWFazaPk7O5rOGO1hWohE4YlejpOHYGCFs1pUxaC8DQPR0M6GvnccWxzJhpiO+NUeU8F/NC1uKLyypK8CpTmjVQaiTSgn/RorTf7A6sdzfWFndM7k6hw5NqqKVk0OhDfy/XCGQrIRh6/yxFbbthAUJgd8/djELlc7XQaG0nMSBtu6m8+VmMN8XO7FZmus8PwlcXPIhwos+vJlh2+xU+E7Ciwyw4WytCjuw67rL4REbdOh+zqZm//OMswvTxtDiRbTXTsOXqgyh5cOUcNub3UdAl6e7c2ZQT5lz5ZVCNNLVrFigvRE813YlKsoYu1p4XrtyHodeYEXgoLjU0jgRj0EmBEDriafo84lamHK7zItZllNH9hHKWs+iXiQQ4nVD65Ng0mYmM9OF76corqfIuQWkQd8kN2r5a0UHrl+tkhZOY3x3PB9r88yCPRdSkW8ICFObQ069yE4HU9kA41rVPXOU8zxK8UT2svTM0YRcDcfr2VUktU0wEP1ASv8nOAdvq7+pcqpoKrw3sZyyeLncxSAfJCRMjJvUDww92YSTjG4TCwY2gcPXRsww== Generated By Termius"
ssh_public_key_2 = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCt9kj7JcJVf8zfzLlsDv12d9dV7J4SM+Wrq7fWMUseCzl7BK3SX+cNFYWbkZsDsp81VtXrqXDpImIGc9KtRy1tvNmrd/+xlj6aVFH9tHYq//5pOC2C4wcf3wVlSazdhZ64qVwY4glr1Bs4M02GZ92VDjb51JvByl5kfgiKLqRiFyJHv9f5FYEfZqdLY+SKjd7H6fjhMTFTcyfXeGaifUTqogDXPLzk0iP0rx7C3oHOfsKKhZvUe/la9uYJGdbSeQX1H59KOVJQ7UQxr7wn+uu5e7IPPXiBoR4dBU8pAmtWgLo9F0ZdXgu2bOunUBIeL2/dj6xFCI3ZrQ3mLe+upoyhqLKh4+qi5SeQNcqXi7pHhcA1hGzmOMDrPXV/2DA0NcJ6v43qJFRn+Qp8Oy/zApvQ6F/opLhX0yghEc5ltmj+MPMom4ykKxpuGPUHxNplMgmVG+V/YlRXG9BATsQX35kt2lqivX9L4XppgJHhby0bJnZQKozExCn67w1rSW7MvYyo/W7aXK7ZGLIeH7sxqwwisQlbMjhVzYcods1p+JDi1VhNQUsc4nDA0ghk9PiSY11pwAvvzds46wZLMrxlNeIs2cEdghIi+5QO68qvZHODHrtiAn3yJ7qjarx5qOx5oe2DX2duY6/7cUEnwQFNX5z4hfeCCThz9jIn316Jk/oeXQ== admin@mafyuh.io"
}
resource "proxmox_virtual_environment_file" "cloud_config" {
@ -22,8 +19,8 @@ resource "proxmox_virtual_environment_file" "cloud_config" {
- docker
shell: /bin/bash
ssh_authorized_keys:
- ${trimspace(data.local_file.ssh_public_key.content)}
- ${trimspace(data.local_file.ssh_public_key_2.content)}
- ${trimspace(local.ssh_public_key_1)}
- ${trimspace(local.ssh_public_key_2)}
sudo: ALL=(ALL) NOPASSWD:ALL
runcmd:
- apt update
@ -58,8 +55,8 @@ resource "proxmox_virtual_environment_file" "cloud_config2" {
- docker
shell: /bin/bash
ssh_authorized_keys:
- ${trimspace(data.local_file.ssh_public_key.content)}
- ${trimspace(data.local_file.ssh_public_key_2.content)}
- ${trimspace(local.ssh_public_key_1)}
- ${trimspace(local.ssh_public_key_2)}
sudo: ALL=(ALL) NOPASSWD:ALL
runcmd:
- apt update

2
terraform/kasm.tf
View file

@ -36,7 +36,7 @@ resource "proxmox_virtual_environment_vm" "Kasm" {
# VM Disk Settings
disk {
datastore_id = "local-lvm"
size = 150
size = 151
interface = "scsi0"
}

2
terraform/provider.tf
View file

@ -19,6 +19,8 @@ terraform {
endpoints = {
s3 = var.s3_endpoint
}
access_key = var.aws_access_key_id
secret_key = var.aws_secret_access_key
}
}

15
terraform/secrets.tfvars Normal file
View file

@ -0,0 +1,15 @@
arrbuntu_ip_address = ""
downloaders_ip_address = ""
init_password = ""
kasm_ip = ""
kasm_ssh_ip = ""
npm_ip_address = ""
prox_ip_address = ""
pve2_ip_address = ""
s3_endpoint = ""
ssh_password = ""
ssh_username = ""
ubu_ip_address = ""
virtual_environment_api = ""
virtual_environment_endpoint = ""
vlan_gateway = ""

12
terraform/vars.tf
View file

@ -18,10 +18,6 @@ variable "downloaders_ip_address" {
type = string
}
variable "whisper_ip_address" {
type = string
}
variable "ssh_password" {
type = string
}
@ -65,3 +61,11 @@ variable "pve2_ip_address" {
variable "s3_endpoint" {
type = string
}
variable "aws_secret_access_key" {
type = string
}
variable "aws_access_key_id" {
type = string
}