From 56508371d23f33d0c090b9cc326f59a7f5769c32 Mon Sep 17 00:00:00 2001 From: Matt Reeves Date: Sun, 13 Oct 2024 11:05:29 -0400 Subject: [PATCH 1/7] testing --- .forgejo/workflows/tofu.yml | 44 ++++++++++++++++++++----------------- terraform/kasm.tf | 2 +- 2 files changed, 25 insertions(+), 21 deletions(-) diff --git a/.forgejo/workflows/tofu.yml b/.forgejo/workflows/tofu.yml index 83e0da9..6ec269c 100644 --- a/.forgejo/workflows/tofu.yml +++ b/.forgejo/workflows/tofu.yml @@ -41,7 +41,29 @@ jobs: af0ed579-05f8-405f-b0f3-b208000620ca > vlan_gateway - + - name: Create tfvars file + working-directory: ./terraform + run: | + cat < terraform.tfvars + arrbuntu_ip_address = "${{ steps.bitwarden-secrets.outputs.arrbuntu_ip_address }}" + aws_access_key_id = "${{ steps.bitwarden-secrets.outputs.aws_access_key_id }}" + aws_secret_access_key = "${{ steps.bitwarden-secrets.outputs.aws_secret_access_key }}" + downloaders_ip_address = "${{ steps.bitwarden-secrets.outputs.downloaders_ip_address }}" + init_password = "${{ steps.bitwarden-secrets.outputs.init_password }}" + init_username = "${{ steps.bitwarden-secrets.outputs.init_username }}" + kasm_ip = "${{ steps.bitwarden-secrets.outputs.kasm_ip }}" + kasm_ssh_ip = "${{ steps.bitwarden-secrets.outputs.kasm_ssh_ip }}" + npm_ip_address = "${{ steps.bitwarden-secrets.outputs.npm_ip_address }}" + prox_ip_address = "${{ steps.bitwarden-secrets.outputs.prox_ip_address }}" + pve2_ip_address = "${{ steps.bitwarden-secrets.outputs.pve2_ip_address }}" + s3_endpoint = "${{ steps.bitwarden-secrets.outputs.s3_endpoint }}" + ssh_password = "${{ steps.bitwarden-secrets.outputs.ssh_password }}" + ssh_username = "${{ steps.bitwarden-secrets.outputs.ssh_username }}" + ubu_ip_address = "${{ steps.bitwarden-secrets.outputs.ubu_ip_address }}" + virtual_environment_api = "${{ steps.bitwarden-secrets.outputs.virtual_environment_api }}" + virtual_environment_endpoint = "${{ steps.bitwarden-secrets.outputs.virtual_environment_endpoint }}" + vlan_gateway = "${{ steps.bitwarden-secrets.outputs.vlan_gateway }}" + EOF - name: Setup OpenTofu uses: https://github.com/opentofu/setup-opentofu@v1.0.4 @@ -49,25 +71,7 @@ jobs: - name: Run OpenTofu Init working-directory: ./terraform run: | - tofu init \ - -var "arrbuntu_ip_address=${{ steps.bitwarden-secrets.outputs.arrbuntu_ip_address }}" \ - -var "aws_access_key_id=${{ steps.bitwarden-secrets.outputs.aws_access_key_id }}" \ - -var "aws_secret_access_key=${{ steps.bitwarden-secrets.outputs.aws_secret_access_key }}" \ - -var "downloaders_ip_address=${{ steps.bitwarden-secrets.outputs.downloaders_ip_address }}" \ - -var "init_password=${{ steps.bitwarden-secrets.outputs.init_password }}" \ - -var "init_username=${{ steps.bitwarden-secrets.outputs.init_username }}" \ - -var "kasm_ip=${{ steps.bitwarden-secrets.outputs.kasm_ip }}" \ - -var "kasm_ssh_ip=${{ steps.bitwarden-secrets.outputs.kasm_ssh_ip }}" \ - -var "npm_ip_address=${{ steps.bitwarden-secrets.outputs.npm_ip_address }}" \ - -var "prox_ip_address=${{ steps.bitwarden-secrets.outputs.prox_ip_address }}" \ - -var "pve2_ip_address=${{ steps.bitwarden-secrets.outputs.pve2_ip_address }}" \ - -var "s3_endpoint=${{ steps.bitwarden-secrets.outputs.s3_endpoint }}" \ - -var "ssh_password=${{ steps.bitwarden-secrets.outputs.ssh_password }}" \ - -var "ssh_username=${{ steps.bitwarden-secrets.outputs.ssh_username }}" \ - -var "ubu_ip_address=${{ steps.bitwarden-secrets.outputs.ubu_ip_address }}" \ - -var "virtual_environment_api=${{ steps.bitwarden-secrets.outputs.virtual_environment_api }}" \ - -var "virtual_environment_endpoint=${{ steps.bitwarden-secrets.outputs.virtual_environment_endpoint }}" \ - -var "vlan_gateway=${{ steps.bitwarden-secrets.outputs.vlan_gateway }}" + tofu init -var-file=terraform.tfvars - name: Run OpenTofu Plan diff --git a/terraform/kasm.tf b/terraform/kasm.tf index f48bc29..22ae455 100644 --- a/terraform/kasm.tf +++ b/terraform/kasm.tf @@ -36,7 +36,7 @@ resource "proxmox_virtual_environment_vm" "Kasm" { # VM Disk Settings disk { datastore_id = "local-lvm" - size = 151 + size = 152 interface = "scsi0" } From e55e394d537f2d9b4947226670e370502a1112db Mon Sep 17 00:00:00 2001 From: Matt Reeves Date: Sun, 13 Oct 2024 11:18:37 -0400 Subject: [PATCH 2/7] test --- terraform/cloud-init.tf | 17 +++++++---------- terraform/kasm.tf | 2 +- 2 files changed, 8 insertions(+), 11 deletions(-) diff --git a/terraform/cloud-init.tf b/terraform/cloud-init.tf index f322133..074e1d5 100644 --- a/terraform/cloud-init.tf +++ b/terraform/cloud-init.tf @@ -1,9 +1,6 @@ -data "local_file" "ssh_public_key" { - filename = "/home/mafyuh/.ssh/main_key.pub" -} - -data "local_file" "ssh_public_key_2" { - filename = "/home/mafyuh/.ssh/id_rsa.pub" +locals { + ssh_public_key_1 = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDndt2pi7jZx0qY1qn/UEn2AcZThxCQBvIGNytlPDz1cFNHjB1lGgHdI4uCw7fu2ET6/vpqHxjdQqB/Ehj2fajw1L2zncKB93NMv3pcq7ZJGwIgdw26vfBQZWFazaPk7O5rOGO1hWohE4YlejpOHYGCFs1pUxaC8DQPR0M6GvnccWxzJhpiO+NUeU8F/NC1uKLyypK8CpTmjVQaiTSgn/RorTf7A6sdzfWFndM7k6hw5NqqKVk0OhDfy/XCGQrIRh6/yxFbbthAUJgd8/djELlc7XQaG0nMSBtu6m8+VmMN8XO7FZmus8PwlcXPIhwos+vJlh2+xU+E7Ciwyw4WytCjuw67rL4REbdOh+zqZm//OMswvTxtDiRbTXTsOXqgyh5cOUcNub3UdAl6e7c2ZQT5lz5ZVCNNLVrFigvRE813YlKsoYu1p4XrtyHodeYEXgoLjU0jgRj0EmBEDriafo84lamHK7zItZllNH9hHKWs+iXiQQ4nVD65Ng0mYmM9OF76corqfIuQWkQd8kN2r5a0UHrl+tkhZOY3x3PB9r88yCPRdSkW8ICFObQ069yE4HU9kA41rVPXOU8zxK8UT2svTM0YRcDcfr2VUktU0wEP1ASv8nOAdvq7+pcqpoKrw3sZyyeLncxSAfJCRMjJvUDww92YSTjG4TCwY2gcPXRsww== Generated By Termius" + ssh_public_key_2 = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCt9kj7JcJVf8zfzLlsDv12d9dV7J4SM+Wrq7fWMUseCzl7BK3SX+cNFYWbkZsDsp81VtXrqXDpImIGc9KtRy1tvNmrd/+xlj6aVFH9tHYq//5pOC2C4wcf3wVlSazdhZ64qVwY4glr1Bs4M02GZ92VDjb51JvByl5kfgiKLqRiFyJHv9f5FYEfZqdLY+SKjd7H6fjhMTFTcyfXeGaifUTqogDXPLzk0iP0rx7C3oHOfsKKhZvUe/la9uYJGdbSeQX1H59KOVJQ7UQxr7wn+uu5e7IPPXiBoR4dBU8pAmtWgLo9F0ZdXgu2bOunUBIeL2/dj6xFCI3ZrQ3mLe+upoyhqLKh4+qi5SeQNcqXi7pHhcA1hGzmOMDrPXV/2DA0NcJ6v43qJFRn+Qp8Oy/zApvQ6F/opLhX0yghEc5ltmj+MPMom4ykKxpuGPUHxNplMgmVG+V/YlRXG9BATsQX35kt2lqivX9L4XppgJHhby0bJnZQKozExCn67w1rSW7MvYyo/W7aXK7ZGLIeH7sxqwwisQlbMjhVzYcods1p+JDi1VhNQUsc4nDA0ghk9PiSY11pwAvvzds46wZLMrxlNeIs2cEdghIi+5QO68qvZHODHrtiAn3yJ7qjarx5qOx5oe2DX2duY6/7cUEnwQFNX5z4hfeCCThz9jIn316Jk/oeXQ== admin@mafyuh.io" } resource "proxmox_virtual_environment_file" "cloud_config" { @@ -22,8 +19,8 @@ resource "proxmox_virtual_environment_file" "cloud_config" { - docker shell: /bin/bash ssh_authorized_keys: - - ${trimspace(data.local_file.ssh_public_key.content)} - - ${trimspace(data.local_file.ssh_public_key_2.content)} + - ${trimspace(local.ssh_public_key)} + - ${trimspace(local.ssh_public_key_2)} sudo: ALL=(ALL) NOPASSWD:ALL runcmd: - apt update @@ -58,8 +55,8 @@ resource "proxmox_virtual_environment_file" "cloud_config2" { - docker shell: /bin/bash ssh_authorized_keys: - - ${trimspace(data.local_file.ssh_public_key.content)} - - ${trimspace(data.local_file.ssh_public_key_2.content)} + - ${trimspace(local.ssh_public_key)} + - ${trimspace(local.ssh_public_key_2)} sudo: ALL=(ALL) NOPASSWD:ALL runcmd: - apt update diff --git a/terraform/kasm.tf b/terraform/kasm.tf index 22ae455..f48bc29 100644 --- a/terraform/kasm.tf +++ b/terraform/kasm.tf @@ -36,7 +36,7 @@ resource "proxmox_virtual_environment_vm" "Kasm" { # VM Disk Settings disk { datastore_id = "local-lvm" - size = 152 + size = 151 interface = "scsi0" } From cf67c7cd23e056c7d21c02319d324e6fdae589e3 Mon Sep 17 00:00:00 2001 From: Matt Reeves Date: Sun, 13 Oct 2024 11:20:22 -0400 Subject: [PATCH 3/7] test --- terraform/cloud-init.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/cloud-init.tf b/terraform/cloud-init.tf index 074e1d5..2202ec2 100644 --- a/terraform/cloud-init.tf +++ b/terraform/cloud-init.tf @@ -19,7 +19,7 @@ resource "proxmox_virtual_environment_file" "cloud_config" { - docker shell: /bin/bash ssh_authorized_keys: - - ${trimspace(local.ssh_public_key)} + - ${trimspace(local.ssh_public_key_1)} - ${trimspace(local.ssh_public_key_2)} sudo: ALL=(ALL) NOPASSWD:ALL runcmd: From ce7c0c1a46f8609dd357ad9bb03c8320f9de6f30 Mon Sep 17 00:00:00 2001 From: Matt Reeves Date: Sun, 13 Oct 2024 11:20:51 -0400 Subject: [PATCH 4/7] test --- terraform/cloud-init.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/cloud-init.tf b/terraform/cloud-init.tf index 2202ec2..e5f2125 100644 --- a/terraform/cloud-init.tf +++ b/terraform/cloud-init.tf @@ -55,7 +55,7 @@ resource "proxmox_virtual_environment_file" "cloud_config2" { - docker shell: /bin/bash ssh_authorized_keys: - - ${trimspace(local.ssh_public_key)} + - ${trimspace(local.ssh_public_key_1)} - ${trimspace(local.ssh_public_key_2)} sudo: ALL=(ALL) NOPASSWD:ALL runcmd: From 3ee1613978e9a46897757e6a6785974505de94dd Mon Sep 17 00:00:00 2001 From: Matt Reeves Date: Sun, 13 Oct 2024 16:20:24 -0400 Subject: [PATCH 5/7] add ntp playbook --- ansible/playbooks/ntp.yml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 ansible/playbooks/ntp.yml diff --git a/ansible/playbooks/ntp.yml b/ansible/playbooks/ntp.yml new file mode 100644 index 0000000..dccd146 --- /dev/null +++ b/ansible/playbooks/ntp.yml @@ -0,0 +1,33 @@ +--- +- name: Configure systemd-timesyncd to use router NTP server + hosts: all + become: true + + tasks: + - name: Ensure systemd-timesyncd is installed + apt: + name: systemd-timesyncd + state: present + update_cache: yes + + - name: Configure timesyncd to use the router's NTP server + lineinfile: + path: /etc/systemd/timesyncd.conf + regexp: '^NTP=' + line: 'NTP=10.0.0.1' + insertafter: '^\[Time\]' + state: present + + - name: Restart systemd-timesyncd to apply changes + systemd: + name: systemd-timesyncd + state: restarted + enabled: yes + + - name: Verify the NTP configuration + command: timedatectl status + register: timesync_status + + - name: Show the status of time synchronization + debug: + msg: "{{ timesync_status.stdout }}" From 5e34685a075948baa834e60b637766ef8a9d6da1 Mon Sep 17 00:00:00 2001 From: Matt Reeves Date: Sun, 13 Oct 2024 16:37:39 -0400 Subject: [PATCH 6/7] fix ntp --- ansible/playbooks/ntp.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/ansible/playbooks/ntp.yml b/ansible/playbooks/ntp.yml index dccd146..7097814 100644 --- a/ansible/playbooks/ntp.yml +++ b/ansible/playbooks/ntp.yml @@ -10,13 +10,12 @@ state: present update_cache: yes - - name: Configure timesyncd to use the router's NTP server - lineinfile: + - name: Configure timesyncd to use the router's NTP server using ini_file + ini_file: path: /etc/systemd/timesyncd.conf - regexp: '^NTP=' - line: 'NTP=10.0.0.1' - insertafter: '^\[Time\]' - state: present + section: Time + option: NTP + value: '10.0.0.1' - name: Restart systemd-timesyncd to apply changes systemd: From 169caf0b6b592eeffc2fabe6dd86feb67038bd09 Mon Sep 17 00:00:00 2001 From: Matt Reeves Date: Sun, 13 Oct 2024 16:39:05 -0400 Subject: [PATCH 7/7] test ntp --- ansible/playbooks/ntp.yml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/ansible/playbooks/ntp.yml b/ansible/playbooks/ntp.yml index 7097814..abfc0ed 100644 --- a/ansible/playbooks/ntp.yml +++ b/ansible/playbooks/ntp.yml @@ -10,12 +10,9 @@ state: present update_cache: yes - - name: Configure timesyncd to use the router's NTP server using ini_file - ini_file: - path: /etc/systemd/timesyncd.conf - section: Time - option: NTP - value: '10.0.0.1' + - name: Configure timesyncd to use the router's NTP server + shell: sed -i '/^NTP=/c\NTP=10.0.0.1' /etc/systemd/timesyncd.conf + - name: Restart systemd-timesyncd to apply changes systemd: