major overhaul, preparing for kubernetes migration

Author: Mafyuh

.forgejo/workflows/tofu.yml

@@ -23,54 +23,33 @@ jobs:
           access_token: ${{ secrets.BW_ACCESS_TOKEN }}
           base_url: https://vault.bitwarden.com
           secrets: |
-            c65f8886-f6fb-4c17-bc79-b208000604bf > arrbuntu_ip_address
             2dae51bd-bd65-474c-971c-b20800f22afa > aws_access_key_id
             287c852d-f2b5-467d-bfc4-b20800f25f52 > aws_secret_access_key
-            a54974b8-c6b3-4df7-9042-b20800064050 > downloaders_ip_address
             3b222376-ccd9-4f44-a4b4-b222001af68a > grafana_auth
             030fbb6a-3b6d-40dc-9c26-b222001b0fb6 > grafana_url
-            dacbeafa-c671-4b9c-9334-b2080006f75b > init_password
-            9ceabbd0-6492-4674-9bab-b2080006e333 > init_username
-            0bc3c1a3-fc48-48ce-85c5-b2080007136a > kasm_ip
-            63ca1819-5090-4e30-9dba-b20800072718 > kasm_ssh_ip
-            47ef68aa-32a9-45b0-835d-b2080006ce38 > npm_ip_address
-            d0c7f3ec-8277-4b1b-9a1b-b2080006b842 > prox_ip_address
-            17ab7869-c7a1-4ece-8c64-b20800075213 > pve2_ip_address
             f8f85ab2-5f6d-46a7-9e06-b20800076d26 > s3_endpoint
-            68f1d77d-4e96-498a-9464-b208000679a4 > ssh_password
-            d0762ced-73de-4f30-aa1c-b20800069536 > ssh_username
-            d8017351-7a11-42e6-9e8d-b208000739b8 > ubu_ip_address
-            1d250f4a-ae18-4e19-934c-b2080005e132 > virtual_environment_api
-            a4ed343a-bb92-4beb-a421-b2080005bf98 > virtual_environment_endpoint
-            af0ed579-05f8-405f-b0f3-b208000620ca > vlan_gateway
+            b6dac092-df23-4e28-8449-b2770059096d > kube_config
 
       
       - name: Create tfvars file
         working-directory: ./terraform
         run: |
           cat <<EOF > terraform.tfvars
-          arrbuntu_ip_address = "${{ steps.bitwarden-secrets.outputs.arrbuntu_ip_address }}"
           aws_access_key_id = "${{ steps.bitwarden-secrets.outputs.aws_access_key_id }}"
           aws_secret_access_key = "${{ steps.bitwarden-secrets.outputs.aws_secret_access_key }}"
-          downloaders_ip_address = "${{ steps.bitwarden-secrets.outputs.downloaders_ip_address }}"
           grafana_auth = "${{ steps.bitwarden-secrets.outputs.grafana_auth }}"
           grafana_url = "${{ steps.bitwarden-secrets.outputs.grafana_url }}"
-          init_password = "${{ steps.bitwarden-secrets.outputs.init_password }}"
-          init_username = "${{ steps.bitwarden-secrets.outputs.init_username }}"
-          kasm_ip = "${{ steps.bitwarden-secrets.outputs.kasm_ip }}"
-          kasm_ssh_ip = "${{ steps.bitwarden-secrets.outputs.kasm_ssh_ip }}"
-          npm_ip_address = "${{ steps.bitwarden-secrets.outputs.npm_ip_address }}"
-          prox_ip_address = "${{ steps.bitwarden-secrets.outputs.prox_ip_address }}"
-          pve2_ip_address = "${{ steps.bitwarden-secrets.outputs.pve2_ip_address }}"
           s3_endpoint = "${{ steps.bitwarden-secrets.outputs.s3_endpoint }}"
-          ssh_password = "${{ steps.bitwarden-secrets.outputs.ssh_password }}"
-          ssh_username = "${{ steps.bitwarden-secrets.outputs.ssh_username }}"
-          ubu_ip_address = "${{ steps.bitwarden-secrets.outputs.ubu_ip_address }}"
-          virtual_environment_api = "${{ steps.bitwarden-secrets.outputs.virtual_environment_api }}"
-          virtual_environment_endpoint = "${{ steps.bitwarden-secrets.outputs.virtual_environment_endpoint }}"
-          vlan_gateway = "${{ steps.bitwarden-secrets.outputs.vlan_gateway }}"
           EOF
 
+      - name: Make Kube directory
+        run: |
+          mkdir ~/.kube
+
+      - name: Create Kube Config
+        run: |
+          printf "%s" "${{ steps.bitwarden-secrets.outputs.kube_config }}" > ~/.kube/config
+
       - name: Setup OpenTofu
         uses: https://github.com/opentofu/setup-opentofu@v1.0.5
 

automations/README.md

@@ -0,0 +1,116 @@
+packer {
+  required_plugins {
+    name = {
+      version = "~> 1"
+      source  = "github.com/hashicorp/proxmox"
+    }
+  }
+}
+
+variable "proxmox_api_url" {
+    type = string
+}
+
+variable "proxmox_api_token_id" {
+    type = string
+}
+
+variable "proxmox_api_token_secret" {
+    type = string
+    sensitive = true
+}
+
+# Resource Definiation for the VM Template
+source "proxmox-clone" "debian2" {
+ 
+    # Proxmox Connection Settings
+    proxmox_url = "${var.proxmox_api_url}"
+    username = "${var.proxmox_api_token_id}"
+    token = "${var.proxmox_api_token_secret}"
+    insecure_skip_tls_verify = true
+    
+    # VM General Settings
+    node = "pve2"
+
+    
+    clone_vm_id = "8105"
+
+    vm_id = "9999"
+    vm_name = "debian-template"
+    template_description = "Debian Bullseye"
+
+    # VM System Settings
+    qemu_agent = true
+
+    # VM Hard Disk Settings
+    scsi_controller = "virtio-scsi-pci"
+
+    disks {
+        disk_size = "3G"
+        format = "raw"
+        storage_pool = "Fast500Gb"
+        type = "scsi"
+    }
+
+    # VM CPU Settings
+    cores = "2"
+    cpu_type = "x86-64-v2-AES"
+    
+    # VM Memory Settings
+    memory = "2048" 
+
+    # VM Network Settings
+    network_adapters {
+        model = "virtio"
+        bridge = "vmbr0"
+        firewall = "false"
+    }
+    
+
+    ssh_username = "mafyuh"
+    # WSL Filesystem
+    ssh_private_key_file = "~/.ssh/id_rsa"
+}
+
+
+build {
+
+    name = "debian"
+    sources = ["source.proxmox-clone.debian2"]
+
+    ## Cleanup for re-template
+    provisioner "shell" {
+        inline = [
+            "while [ ! -f /var/lib/cloud/instance/boot-finished ]; do echo 'Waiting for cloud-init...'; sleep 1; done",
+            "sudo rm /etc/ssh/ssh_host_*",
+            "sudo truncate -s 0 /etc/machine-id",
+            "sudo apt -y autoremove --purge",
+            "sudo apt -y clean",
+            "sudo apt -y autoclean",
+            "sudo cloud-init clean",
+            "sudo rm -f /var/lib/dbus/machine-id",
+            "sudo rm -f /var/lib/systemd/random-seed",
+            "sudo rm -f /etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg",
+            "sudo rm -f /etc/netplan/00-installer-config.yaml",
+            "sudo sync"
+        ]
+    }
+
+    provisioner "file" {
+        source = "files/pve.cfg"
+        destination = "/tmp/pve.cfg"
+    }
+
+    provisioner "shell" {
+        inline = [ "sudo cp /tmp/pve.cfg /etc/cloud/cloud.cfg.d/pve.cfg" ]
+    }
+
+    
+    provisioner "shell" {
+        inline = [
+            "sudo apt-get update",
+            "sudo apt-get -y upgrade"
+        ]
+    }
+
+}

docker/README.md

@@ -0,0 +1,116 @@
+packer {
+  required_plugins {
+    name = {
+      version = "~> 1"
+      source  = "github.com/hashicorp/proxmox"
+    }
+  }
+}
+
+variable "proxmox_api_url" {
+    type = string
+}
+
+variable "proxmox_api_token_id" {
+    type = string
+}
+
+variable "proxmox_api_token_secret" {
+    type = string
+    sensitive = true
+}
+
+# Resource Definiation for the VM Template
+source "proxmox-clone" "debian" {
+ 
+    # Proxmox Connection Settings
+    proxmox_url = "${var.proxmox_api_url}"
+    username = "${var.proxmox_api_token_id}"
+    token = "${var.proxmox_api_token_secret}"
+    insecure_skip_tls_verify = true
+    
+    # VM General Settings
+    node = "prox"
+
+    
+    clone_vm_id = "8104"
+
+    vm_id = "9998"
+    vm_name = "debian-template"
+    template_description = "Debian Bullseye"
+
+    # VM System Settings
+    qemu_agent = true
+
+    # VM Hard Disk Settings
+    scsi_controller = "virtio-scsi-pci"
+
+    disks {
+        disk_size = "3G"
+        format = "raw"
+        storage_pool = "Fast2Tb"
+        type = "scsi"
+    }
+
+    # VM CPU Settings
+    cores = "2"
+    cpu_type = "x86-64-v2-AES"
+    
+    # VM Memory Settings
+    memory = "2048" 
+
+    # VM Network Settings
+    network_adapters {
+        model = "virtio"
+        bridge = "vmbr0"
+        firewall = "false"
+    }
+    
+
+    ssh_username = "mafyuh"
+    # WSL Filesystem
+    ssh_private_key_file = "~/.ssh/id_rsa"
+}
+
+
+build {
+
+    name = "debian"
+    sources = ["source.proxmox-clone.debian"]
+
+    ## Cleanup for re-template
+    provisioner "shell" {
+        inline = [
+            "while [ ! -f /var/lib/cloud/instance/boot-finished ]; do echo 'Waiting for cloud-init...'; sleep 1; done",
+            "sudo rm /etc/ssh/ssh_host_*",
+            "sudo truncate -s 0 /etc/machine-id",
+            "sudo apt -y autoremove --purge",
+            "sudo apt -y clean",
+            "sudo apt -y autoclean",
+            "sudo cloud-init clean",
+            "sudo rm -f /var/lib/dbus/machine-id",
+            "sudo rm -f /var/lib/systemd/random-seed",
+            "sudo rm -f /etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg",
+            "sudo rm -f /etc/netplan/00-installer-config.yaml",
+            "sudo sync"
+        ]
+    }
+
+    provisioner "file" {
+        source = "files/pve.cfg"
+        destination = "/tmp/pve.cfg"
+    }
+
+    provisioner "shell" {
+        inline = [ "sudo cp /tmp/pve.cfg /etc/cloud/cloud.cfg.d/pve.cfg" ]
+    }
+
+    
+    provisioner "shell" {
+        inline = [
+            "sudo apt-get update",
+            "sudo apt-get -y upgrade"
+        ]
+    }
+
+}

packer/debian/debian-11-2.pkr.hcl

@@ -0,0 +1 @@
+datasource_list: [ConfigDrive, NoCloud]

packer/debian/debian-11.pkr.hcl

@@ -1,6 +1,3 @@
-[![OpenTofu](https://img.shields.io/badge/OpenTofu-v1.7.1-blue)](https://github.com/opentofu/opentofu) 
- 
-
 <div align="center">
 
 # IaC
@@ -10,9 +7,5 @@ Infrastructure as Code (IaC) for my homelab using OpenTofu.
 </div>
 
 
-## Overview
-
-This repository manages the infrastructure for my homelab using OpenTofu and Proxmox.
-
 
 

packer/debian/files/pve.cfg

@@ -0,0 +1,20 @@
+data "bitwarden-secrets_secret" "git_flux_password" {
+  id = "e507c0be-cc1e-4d5b-90a7-b2710067c651"
+}
+
+provider "flux" {
+  kubernetes = {
+    config_path = "~/.kube/config"
+  }
+  git = {
+    url = "https://git.mafyuh.dev/mafyuh/k3s"
+    http = {
+        username = "mafyuh"
+        password = data.bitwarden-secrets_secret.git_flux_password.value
+    }
+  }
+}
+
+resource "flux_bootstrap_git" "flux" {
+  path               = "cluster/production"
+}

terraform/README.md

@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    flux = {
+      source  = "fluxcd/flux"
+      version = "1.4.0"
+    }
+    bitwarden-secrets = {
+      source  = "sebastiaan-dev/bitwarden-secrets"
+      version = "0.1.2"
+    }
+  }
+}

terraform/flux/main.tf

@@ -24,51 +24,53 @@ terraform {
       source  = "bpg/proxmox"
       version = "0.70.0"
     }
+    bitwarden-secrets = {
+      source  = "sebastiaan-dev/bitwarden-secrets"
+      version = "0.1.2"
+    }
+    flux = {
+      source  = "fluxcd/flux"
+      version = "1.4.0"
+    }
   }
 }
 
+provider "bitwarden-secrets" {
+  access_token = var.access_token
+}
+
+
 provider "proxmox" {
-  endpoint = var.virtual_environment_endpoint
-  password = var.ssh_password
+  endpoint = data.bitwarden-secrets_secret.virtual_environment_endpoint.value
+  password = data.bitwarden-secrets_secret.ssh_password.value
   username = "root@pam"
   insecure = true
 
   ssh {
     agent = true
     username = "root"
-    password = var.ssh_password
+    password = data.bitwarden-secrets_secret.ssh_password.value
 
     node {
       name    = "prox"
-      address = var.prox_ip_address
+      address = data.bitwarden-secrets_secret.prox_ip_address.value
     }
 
     node {
       name    = "pve2"
-      address = var.pve2_ip_address
+      address = data.bitwarden-secrets_secret.pve2_ip_address.value
     }
   }
 }
 
 module "proxmox" {
   source = "./proxmox"
+  
+  providers = {
+    proxmox = proxmox
+  }
+}
 
-  virtual_environment_endpoint = var.virtual_environment_endpoint
-  virtual_environment_api = var.virtual_environment_api
-  arrbuntu_ip_address = var.arrbuntu_ip_address
-  vlan_gateway = var.vlan_gateway
-  downloaders_ip_address = var.downloaders_ip_address
-  ssh_password = var.ssh_password
-  ssh_username = var.ssh_username
-  prox_ip_address = var.prox_ip_address
-  npm_ip_address = var.npm_ip_address
-  init_username = var.init_username
-  init_password = var.init_password
-  kasm_ip = var.kasm_ip
-  kasm_ssh_ip = var.kasm_ssh_ip
-  ubu_ip_address = var.ubu_ip_address
-  pve2_ip_address = var.pve2_ip_address
-  s3_endpoint = var.s3_endpoint
-  aws_secret_access_key = var.aws_secret_access_key
-  aws_access_key_id = var.aws_access_key_id
-}
+module "flux" {
+  source = "./flux"
+}

terraform/flux/provider.tf

@@ -8,7 +8,7 @@ resource "proxmox_virtual_environment_vm" "Arrbuntu" {
     tags         = ["tofu", "ubuntu-22", "auto-homelab-repo", "infrastructure"]
 
     agent {
-      enabled = true # read 'Qemu guest agent' section, change to true only when ready
+      enabled = true 
     }
 
     clone {
@@ -47,8 +47,8 @@ resource "proxmox_virtual_environment_vm" "Arrbuntu" {
     initialization {
         ip_config {
             ipv4 {
-                address = var.arrbuntu_ip_address
-                gateway = var.vlan_gateway
+                address = data.bitwarden-secrets_secret.arrbuntu_ip.value
+                gateway = data.bitwarden-secrets_secret.vlan_gateway.value
             }
         }
 

terraform/main.tf

@@ -0,0 +1,45 @@
+resource "proxmox_virtual_environment_vm" "Debian-Base" {
+  name      = "debian-base"
+  node_name = "prox"
+  vm_id     = 8104
+  tags      = ["tofu"]
+  template  = true
+  started   = false
+
+  disk {
+    datastore_id = "Fast2Tb"
+    # See https://www.reddit.com/r/Proxmox/comments/1058ko7/comment/j3s4vli/ for how to inject qemu into base image
+    # virt-customize -a debian-11-generic-amd64-20241202-1949.img --install qemu-guest-agent
+    file_id      = "local:iso/debian-11-generic-amd64-20241202-1949.img"
+    interface    = "virtio0"
+    size         = 3
+  }
+
+  agent {
+    enabled = true
+  }
+
+  initialization {
+    ip_config {
+      ipv4 {
+        address = "dhcp"
+      }
+    }
+}
+
+serial_device {}
+
+network_device {
+    bridge = "vmbr0"
+}
+
+vga {
+        type = "serial0"
+    }
+
+cpu {
+        cores = 2
+        type  = "host"
+        architecture = "x86_64"
+    }
+}

terraform/proxmox/arrbuntu.tf

@@ -0,0 +1,45 @@
+resource "proxmox_virtual_environment_vm" "Debian-Base2" {
+  name      = "debian-base"
+  node_name = "pve2"
+  vm_id     = 8105
+  tags      = ["tofu"]
+  template  = true
+  started   = false
+
+  disk {
+    datastore_id = "Fast500Gb"
+    # See https://www.reddit.com/r/Proxmox/comments/1058ko7/comment/j3s4vli/ for how to inject qemu into base image
+    # virt-customize -a debian-11-generic-amd64-20241202-1949.img --install qemu-guest-agent
+    file_id      = "local:iso/debian-11-generic-amd64-20241202-1949.img"
+    interface    = "virtio0"
+    size         = 3
+  }
+
+  agent {
+    enabled = true
+  }
+
+  initialization {
+    ip_config {
+      ipv4 {
+        address = "dhcp"
+      }
+    }
+}
+
+serial_device {}
+
+network_device {
+    bridge = "vmbr0"
+}
+
+vga {
+        type = "serial0"
+    }
+
+cpu {
+        cores = 2
+        type  = "host"
+        architecture = "x86_64"
+    }
+}

terraform/proxmox/debian-base.tf

@@ -0,0 +1,67 @@
+resource "proxmox_virtual_environment_vm" "K3s-Master1" {
+
+    # VM General Settings
+    node_name    = "prox"
+    vm_id        = 329
+    name         = "K3s-Master1"
+    description  = "Kubernetes master"
+    tags         = ["tofu", "debian", "infrastructure", "k3s"]
+    started      = true
+
+    agent {
+      enabled = true # read 'Qemu guest agent' section, change to true only when ready
+    }
+
+    clone {
+        vm_id = 9998
+    }
+    
+    # VM CPU Settings
+    cpu {
+        cores = 4
+        type  = "host"
+        architecture = "x86_64"
+    }
+    
+    # VM Memory Settings
+    memory {
+        dedicated = 8192
+    }
+
+    # VM Network Settings
+    network_device {
+        bridge  = "vmbr0"
+        vlan_id = 1
+    }
+
+    # VM Disk Settings
+    disk {
+        datastore_id = "Fast2Tb"
+        size         = 300
+        interface    = "virtio0"
+    }
+
+    vga {
+        type = "serial0"
+    }
+
+    initialization {
+        ip_config {
+            ipv4 {
+                address = "dhcp"
+            }
+        }
+
+        user_data_file_id = proxmox_virtual_environment_file.cloud_config.id
+    }
+
+    lifecycle {
+        ignore_changes = [
+            initialization[0].user_account[0].keys,
+            initialization[0].user_account[0].password,
+            initialization[0].user_account[0].username,
+            initialization[0].user_data_file_id
+        ]
+    }
+
+}

terraform/proxmox/debian-base2.tf

@@ -0,0 +1,67 @@
+resource "proxmox_virtual_environment_vm" "K3s-Master2" {
+
+    # VM General Settings
+    node_name    = "pve2"
+    vm_id        = 321
+    name         = "K3s-Master2"
+    description  = "Kubernetes Master"
+    tags         = ["tofu", "debian", "infrastructure", "k3s"]
+    started      = true
+
+    agent {
+      enabled = true # read 'Qemu guest agent' section, change to true only when ready
+    }
+
+    clone {
+        vm_id = 9999
+    }
+    
+    # VM CPU Settings
+    cpu {
+        cores = 4
+        type  = "host"
+        architecture = "x86_64"
+    }
+    
+    # VM Memory Settings
+    memory {
+        dedicated = 8192
+    }
+
+    # VM Network Settings
+    network_device {
+        bridge  = "vmbr0"
+        vlan_id = 1
+    }
+
+    # VM Disk Settings
+    disk {
+        datastore_id = "Fast500Gb"
+        size         = 100
+        interface    = "virtio0"
+    }
+
+    vga {
+        type = "serial0"
+    }
+
+    initialization {
+        ip_config {
+            ipv4 {
+                address = "dhcp"
+            }
+        }
+
+        user_data_file_id = proxmox_virtual_environment_file.cloud_config2.id
+    }
+
+    lifecycle {
+        ignore_changes = [
+            initialization[0].user_account[0].keys,
+            initialization[0].user_account[0].password,
+            initialization[0].user_account[0].username,
+            initialization[0].user_data_file_id
+        ]
+    }
+
+}

terraform/proxmox/k3s-master1.tf

@@ -0,0 +1,67 @@
+resource "proxmox_virtual_environment_vm" "K3s-Master3" {
+
+    # VM General Settings
+    node_name    = "prox"
+    vm_id        = 330
+    name         = "K3s-Master3"
+    description  = "Kubernetes master"
+    tags         = ["tofu", "debian", "infrastructure", "k3s"]
+    started      = true
+
+    agent {
+      enabled = true # read 'Qemu guest agent' section, change to true only when ready
+    }
+
+    clone {
+        vm_id = 9998
+    }
+    
+    # VM CPU Settings
+    cpu {
+        cores = 4
+        type  = "host"
+        architecture = "x86_64"
+    }
+    
+    # VM Memory Settings
+    memory {
+        dedicated = 8192
+    }
+
+    # VM Network Settings
+    network_device {
+        bridge  = "vmbr0"
+        vlan_id = 1
+    }
+
+    # VM Disk Settings
+    disk {
+        datastore_id = "Fast2Tb"
+        size         = 100
+        interface    = "virtio0"
+    }
+
+    vga {
+        type = "serial0"
+    }
+
+    initialization {
+        ip_config {
+            ipv4 {
+                address = "dhcp"
+            }
+        }
+
+        user_data_file_id = proxmox_virtual_environment_file.cloud_config.id
+    }
+
+    lifecycle {
+        ignore_changes = [
+            initialization[0].user_account[0].keys,
+            initialization[0].user_account[0].password,
+            initialization[0].user_account[0].username,
+            initialization[0].user_data_file_id
+        ]
+    }
+
+}

terraform/proxmox/k3s-master2.tf

@@ -44,8 +44,8 @@ resource "proxmox_virtual_environment_vm" "Kasm" {
   initialization {
     ip_config {
       ipv4 {
-        address = var.kasm_ip
-        gateway = var.vlan_gateway
+        address = data.bitwarden-secrets_secret.kasm_ip.value
+        gateway = data.bitwarden-secrets_secret.vlan_gateway.value
       }
     }
 

terraform/proxmox/k3s-master3.tf

@@ -47,8 +47,8 @@ resource "proxmox_virtual_environment_vm" "NPM" {
     initialization {
         ip_config {
             ipv4 {
-                address = var.npm_ip_address
-                gateway = var.vlan_gateway
+                address = data.bitwarden-secrets_secret.npm_ip_address.value
+                gateway = data.bitwarden-secrets_secret.vlan_gateway.value
             }
         }
 

terraform/proxmox/kasm.tf

@@ -4,28 +4,9 @@ terraform {
       source  = "bpg/proxmox"
       version = "0.70.0"
     }
-  }
-}
-
-provider "proxmox" {
-  endpoint = var.virtual_environment_endpoint
-  password = var.ssh_password
-  username = "root@pam"
-  insecure = true
-
-  ssh {
-    agent = true
-    username = "root"
-    password = var.ssh_password
-
-    node {
-      name    = "prox"
-      address = var.prox_ip_address
-    }
-
-    node {
-      name    = "pve2"
-      address = var.pve2_ip_address
+    bitwarden-secrets = {
+      source  = "sebastiaan-dev/bitwarden-secrets"
+      version = "0.1.2"
     }
   }
-}
+}

terraform/proxmox/npm.tf

@@ -0,0 +1,19 @@
+data "bitwarden-secrets_secret" "npm_ip_address" {
+  id = "47ef68aa-32a9-45b0-835d-b2080006ce38"
+}
+
+data "bitwarden-secrets_secret" "kasm_ip" {
+  id = "0bc3c1a3-fc48-48ce-85c5-b2080007136a"
+}
+
+data "bitwarden-secrets_secret" "vlan_gateway" {
+  id = "af0ed579-05f8-405f-b0f3-b208000620ca"
+}
+
+data "bitwarden-secrets_secret" "ubu_ip" {
+  id = "d8017351-7a11-42e6-9e8d-b208000739b8"
+}
+
+data "bitwarden-secrets_secret" "arrbuntu_ip" {
+  id = "c65f8886-f6fb-4c17-bc79-b208000604bf"
+}

terraform/proxmox/provider.tf

@@ -47,8 +47,8 @@ resource "proxmox_virtual_environment_vm" "Ubu" {
     initialization {
         ip_config {
             ipv4 {
-                address = var.ubu_ip_address
-                gateway = var.vlan_gateway
+                address = data.bitwarden-secrets_secret.ubu_ip.value
+                gateway = data.bitwarden-secrets_secret.vlan_gateway.value
             }
         }
 

terraform/proxmox/secrets.tf

@@ -0,0 +1,19 @@
+data "bitwarden-secrets_secret" "virtual_environment_endpoint" {
+  id = "a4ed343a-bb92-4beb-a421-b2080005bf98"
+}
+
+data "bitwarden-secrets_secret" "virtual_environment_api" {
+  id = "1d250f4a-ae18-4e19-934c-b2080005e132"
+}
+
+data "bitwarden-secrets_secret" "ssh_password" {
+  id = "68f1d77d-4e96-498a-9464-b208000679a4"
+}
+
+data "bitwarden-secrets_secret" "prox_ip_address" {
+  id = "d0c7f3ec-8277-4b1b-9a1b-b2080006b842"
+}
+
+data "bitwarden-secrets_secret" "pve2_ip_address" {
+  id = "17ab7869-c7a1-4ece-8c64-b20800075213"
+}

terraform/proxmox/ubu.tf

@@ -1,96 +1,8 @@
-# Define each required variable
-variable "arrbuntu_ip_address" {
-  description = "IP address for Arrbuntu VM"
-  type        = string
-}
-
-variable "init_username" {
-  description = "Username for initial configuration"
-  type        = string
-}
-
-variable "downloaders_ip_address" {
-  description = "IP address for Downloaders VM"
-  type        = string
-}
-
-variable "npm_ip_address" {
-  description = "IP address for NPM VM"
-  type        = string
-}
-
-variable "prox_ip_address" {
-  description = "IP address for Proxmox server"
-  type        = string
-}
-
-variable "kasm_ssh_ip" {
-  description = "IP address for Kasm SSH"
-  type        = string
-}
-
-variable "aws_secret_access_key" {
-  description = "AWS Secret Access Key"
-  type        = string
-  sensitive   = true
-}
-
-variable "vlan_gateway" {
-  description = "Gateway IP for VLAN"
-  type        = string
-}
-
-variable "virtual_environment_endpoint" {
-  description = "Endpoint for virtual environment API"
-  type        = string
-}
-
-variable "kasm_ip" {
-  description = "IP address for Kasm"
-  type        = string
-}
-
-variable "ssh_username" {
-  description = "Username for SSH access"
-  type        = string
-}
-
-variable "init_password" {
-  description = "Password for initial configuration"
-  type        = string
-  sensitive   = true
-}
-
-variable "aws_access_key_id" {
-  description = "AWS Access Key ID"
-  type        = string
-}
-
-variable "pve2_ip_address" {
-  description = "IP address for PVE2 Proxmox server"
-  type        = string
-}
-
 variable "s3_endpoint" {
   description = "Endpoint for S3 storage"
   type        = string
 }
 
-variable "ubu_ip_address" {
-  description = "IP address for Ubu VM"
-  type        = string
-}
-
-variable "virtual_environment_api" {
-  description = "API endpoint for virtual environment"
-  type        = string
-}
-
-variable "ssh_password" {
-  description = "Password for SSH access"
-  type        = string
-  sensitive   = true
-}
 
 variable "grafana_auth" {
   description = "Service Account token"
@@ -102,4 +14,10 @@ variable "grafana_url" {
   description = "Grafana Url"
   type        = string
   sensitive   = true
+}
+
+variable "access_token" {
+  description = "Access Token for BWS"
+  type        = string
+  sensitive   = true
 }