Mafyuh · Oct 13, 2024 · Oct 13, 2024 · Oct 13, 2024 · Oct 13, 2024 · Oct 13, 2024
Showing with 73 additions and 39 deletions.

+26 −28 .forgejo/workflows/tofu.yml

+29 −0 ansible/playbooks/ntp.yml

+1 −1 docker/arm/docker-compose.yml

+7 −10 terraform/cloud-init.tf

+2 −0 terraform/provider.tf

+8 −0 terraform/vars.tf
diff --git a/.forgejo/workflows/tofu.yml b/.forgejo/workflows/tofu.yml
@@ -22,6 +22,8 @@ jobs:
           base_url: https://vault.bitwarden.com
           secrets: |
             c65f8886-f6fb-4c17-bc79-b208000604bf > arrbuntu_ip_address
+            2dae51bd-bd65-474c-971c-b20800f22afa > aws_access_key_id
+            287c852d-f2b5-467d-bfc4-b20800f25f52 > aws_secret_access_key
             a54974b8-c6b3-4df7-9042-b20800064050 > downloaders_ip_address
             dacbeafa-c671-4b9c-9334-b2080006f75b > init_password
             9ceabbd0-6492-4674-9bab-b2080006e333 > init_username
@@ -38,42 +40,38 @@ jobs:
             a4ed343a-bb92-4beb-a421-b2080005bf98 > virtual_environment_endpoint
             af0ed579-05f8-405f-b0f3-b208000620ca > vlan_gateway
 
-      - name: Create AWS Credentials Directory
-        run: mkdir -p ~/.aws
-
-      - name: Set AWS Credentials
+      
+      - name: Create tfvars file
+        working-directory: ./terraform
         run: |
-          echo "[default]" > ~/.aws/credentials
-          echo "aws_access_key_id=${{ secrets.AWS_ACCESS_KEY_ID }}" >> ~/.aws/credentials
-          echo "aws_secret_access_key=${{ secrets.AWS_SECRET_ACCESS_KEY }}" >> ~/.aws/credentials
-
-      - name: Set Environment Variables
-        run: echo "AWS_EC2_METADATA_DISABLED=true" >> $GITHUB_ENV
-
+          cat <<EOF > terraform.tfvars
+          arrbuntu_ip_address = "${{ steps.bitwarden-secrets.outputs.arrbuntu_ip_address }}"
+          aws_access_key_id = "${{ steps.bitwarden-secrets.outputs.aws_access_key_id }}"
+          aws_secret_access_key = "${{ steps.bitwarden-secrets.outputs.aws_secret_access_key }}"
+          downloaders_ip_address = "${{ steps.bitwarden-secrets.outputs.downloaders_ip_address }}"
+          init_password = "${{ steps.bitwarden-secrets.outputs.init_password }}"
+          init_username = "${{ steps.bitwarden-secrets.outputs.init_username }}"
+          kasm_ip = "${{ steps.bitwarden-secrets.outputs.kasm_ip }}"
+          kasm_ssh_ip = "${{ steps.bitwarden-secrets.outputs.kasm_ssh_ip }}"
+          npm_ip_address = "${{ steps.bitwarden-secrets.outputs.npm_ip_address }}"
+          prox_ip_address = "${{ steps.bitwarden-secrets.outputs.prox_ip_address }}"
+          pve2_ip_address = "${{ steps.bitwarden-secrets.outputs.pve2_ip_address }}"
+          s3_endpoint = "${{ steps.bitwarden-secrets.outputs.s3_endpoint }}"
+          ssh_password = "${{ steps.bitwarden-secrets.outputs.ssh_password }}"
+          ssh_username = "${{ steps.bitwarden-secrets.outputs.ssh_username }}"
+          ubu_ip_address = "${{ steps.bitwarden-secrets.outputs.ubu_ip_address }}"
+          virtual_environment_api = "${{ steps.bitwarden-secrets.outputs.virtual_environment_api }}"
+          virtual_environment_endpoint = "${{ steps.bitwarden-secrets.outputs.virtual_environment_endpoint }}"
+          vlan_gateway = "${{ steps.bitwarden-secrets.outputs.vlan_gateway }}"
+          EOF
 
       - name: Setup OpenTofu
         uses: https://github.com/opentofu/setup-opentofu@v1.0.4
 
       - name: Run OpenTofu Init
         working-directory: ./terraform
         run: |
-          tofu init \
-            -var "arrbuntu_ip_address=${{ steps.bitwarden-secrets.outputs.arrbuntu_ip_address }}" \
-            -var "downloaders_ip_address=${{ steps.bitwarden-secrets.outputs.downloaders_ip_address }}" \
-            -var "init_password=${{ steps.bitwarden-secrets.outputs.init_password }}" \
-            -var "init_username=${{ steps.bitwarden-secrets.outputs.init_username }}" \
-            -var "kasm_ip=${{ steps.bitwarden-secrets.outputs.kasm_ip }}" \
-            -var "kasm_ssh_ip=${{ steps.bitwarden-secrets.outputs.kasm_ssh_ip }}" \
-            -var "npm_ip_address=${{ steps.bitwarden-secrets.outputs.npm_ip_address }}" \
-            -var "prox_ip_address=${{ steps.bitwarden-secrets.outputs.prox_ip_address }}" \
-            -var "pve2_ip_address=${{ steps.bitwarden-secrets.outputs.pve2_ip_address }}" \
-            -var "s3_endpoint=${{ steps.bitwarden-secrets.outputs.s3_endpoint }}" \
-            -var "ssh_password=${{ steps.bitwarden-secrets.outputs.ssh_password }}" \
-            -var "ssh_username=${{ steps.bitwarden-secrets.outputs.ssh_username }}" \
-            -var "ubu_ip_address=${{ steps.bitwarden-secrets.outputs.ubu_ip_address }}" \
-            -var "virtual_environment_api=${{ steps.bitwarden-secrets.outputs.virtual_environment_api }}" \
-            -var "virtual_environment_endpoint=${{ steps.bitwarden-secrets.outputs.virtual_environment_endpoint }}" \
-            -var "vlan_gateway=${{ steps.bitwarden-secrets.outputs.vlan_gateway }}"
+          tofu init -var-file=terraform.tfvars
 
 
       - name: Run OpenTofu Plan

diff --git a/ansible/playbooks/ntp.yml b/ansible/playbooks/ntp.yml
@@ -0,0 +1,29 @@
+---
+- name: Configure systemd-timesyncd to use router NTP server
+  hosts: all
+  become: true
+
+  tasks:
+    - name: Ensure systemd-timesyncd is installed
+      apt:
+        name: systemd-timesyncd
+        state: present
+        update_cache: yes
+
+    - name: Configure timesyncd to use the router's NTP server
+      shell: sed -i '/^NTP=/c\NTP=10.0.0.1' /etc/systemd/timesyncd.conf
+
+
+    - name: Restart systemd-timesyncd to apply changes
+      systemd:
+        name: systemd-timesyncd
+        state: restarted
+        enabled: yes
+
+    - name: Verify the NTP configuration
+      command: timedatectl status
+      register: timesync_status
+
+    - name: Show the status of time synchronization
+      debug:
+        msg: "{{ timesync_status.stdout }}"
diff --git a/docker/arm/docker-compose.yml b/docker/arm/docker-compose.yml
@@ -148,7 +148,7 @@ services:
       - gitea_main
 
   vaultwarden:
-    image: vaultwarden/server:1.32.1
+    image: vaultwarden/server:1.32.2
     container_name: vaultwarden
     ports:
       - 8989:80

diff --git a/terraform/cloud-init.tf b/terraform/cloud-init.tf
@@ -1,9 +1,6 @@
-data "local_file" "ssh_public_key" {
-  filename = "/home/mafyuh/.ssh/main_key.pub"
-}
-
-data "local_file" "ssh_public_key_2" {
-  filename = "/home/mafyuh/.ssh/id_rsa.pub"
+locals {
+  ssh_public_key_1 = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDndt2pi7jZx0qY1qn/UEn2AcZThxCQBvIGNytlPDz1cFNHjB1lGgHdI4uCw7fu2ET6/vpqHxjdQqB/Ehj2fajw1L2zncKB93NMv3pcq7ZJGwIgdw26vfBQZWFazaPk7O5rOGO1hWohE4YlejpOHYGCFs1pUxaC8DQPR0M6GvnccWxzJhpiO+NUeU8F/NC1uKLyypK8CpTmjVQaiTSgn/RorTf7A6sdzfWFndM7k6hw5NqqKVk0OhDfy/XCGQrIRh6/yxFbbthAUJgd8/djELlc7XQaG0nMSBtu6m8+VmMN8XO7FZmus8PwlcXPIhwos+vJlh2+xU+E7Ciwyw4WytCjuw67rL4REbdOh+zqZm//OMswvTxtDiRbTXTsOXqgyh5cOUcNub3UdAl6e7c2ZQT5lz5ZVCNNLVrFigvRE813YlKsoYu1p4XrtyHodeYEXgoLjU0jgRj0EmBEDriafo84lamHK7zItZllNH9hHKWs+iXiQQ4nVD65Ng0mYmM9OF76corqfIuQWkQd8kN2r5a0UHrl+tkhZOY3x3PB9r88yCPRdSkW8ICFObQ069yE4HU9kA41rVPXOU8zxK8UT2svTM0YRcDcfr2VUktU0wEP1ASv8nOAdvq7+pcqpoKrw3sZyyeLncxSAfJCRMjJvUDww92YSTjG4TCwY2gcPXRsww== Generated By Termius"
+  ssh_public_key_2 = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCt9kj7JcJVf8zfzLlsDv12d9dV7J4SM+Wrq7fWMUseCzl7BK3SX+cNFYWbkZsDsp81VtXrqXDpImIGc9KtRy1tvNmrd/+xlj6aVFH9tHYq//5pOC2C4wcf3wVlSazdhZ64qVwY4glr1Bs4M02GZ92VDjb51JvByl5kfgiKLqRiFyJHv9f5FYEfZqdLY+SKjd7H6fjhMTFTcyfXeGaifUTqogDXPLzk0iP0rx7C3oHOfsKKhZvUe/la9uYJGdbSeQX1H59KOVJQ7UQxr7wn+uu5e7IPPXiBoR4dBU8pAmtWgLo9F0ZdXgu2bOunUBIeL2/dj6xFCI3ZrQ3mLe+upoyhqLKh4+qi5SeQNcqXi7pHhcA1hGzmOMDrPXV/2DA0NcJ6v43qJFRn+Qp8Oy/zApvQ6F/opLhX0yghEc5ltmj+MPMom4ykKxpuGPUHxNplMgmVG+V/YlRXG9BATsQX35kt2lqivX9L4XppgJHhby0bJnZQKozExCn67w1rSW7MvYyo/W7aXK7ZGLIeH7sxqwwisQlbMjhVzYcods1p+JDi1VhNQUsc4nDA0ghk9PiSY11pwAvvzds46wZLMrxlNeIs2cEdghIi+5QO68qvZHODHrtiAn3yJ7qjarx5qOx5oe2DX2duY6/7cUEnwQFNX5z4hfeCCThz9jIn316Jk/oeXQ== admin@mafyuh.io"
 }
 
 resource "proxmox_virtual_environment_file" "cloud_config" {
@@ -22,8 +19,8 @@ resource "proxmox_virtual_environment_file" "cloud_config" {
           - docker
         shell: /bin/bash
         ssh_authorized_keys:
-          - ${trimspace(data.local_file.ssh_public_key.content)}
-          - ${trimspace(data.local_file.ssh_public_key_2.content)}
+          - ${trimspace(local.ssh_public_key_1)}
+          - ${trimspace(local.ssh_public_key_2)}
         sudo: ALL=(ALL) NOPASSWD:ALL
     runcmd:
         - apt update
@@ -58,8 +55,8 @@ resource "proxmox_virtual_environment_file" "cloud_config2" {
           - docker
         shell: /bin/bash
         ssh_authorized_keys:
-          - ${trimspace(data.local_file.ssh_public_key.content)}
-          - ${trimspace(data.local_file.ssh_public_key_2.content)}
+          - ${trimspace(local.ssh_public_key_1)}
+          - ${trimspace(local.ssh_public_key_2)}
         sudo: ALL=(ALL) NOPASSWD:ALL
     runcmd:
         - apt update

diff --git a/terraform/provider.tf b/terraform/provider.tf
@@ -19,6 +19,8 @@ terraform {
     endpoints = {
       s3 = var.s3_endpoint
     }
+    access_key = var.aws_access_key_id
+    secret_key = var.aws_secret_access_key
   }
 }
 

diff --git a/terraform/vars.tf b/terraform/vars.tf
@@ -60,4 +60,12 @@ variable "pve2_ip_address" {
 
 variable "s3_endpoint" {
         type = string
+}
+
+variable "aws_secret_access_key" {
+  type = string
+}
+
+variable "aws_access_key_id" {
+  type = string
 }