diff --git a/.github/workflows/terraform-bio.yml b/.github/workflows/terraform-bio.yml
new file mode 100644
index 00000000..02c097b6
--- /dev/null
+++ b/.github/workflows/terraform-bio.yml
@@ -0,0 +1,126 @@
+name: "TF Plan on a PR (BIO)"
+
+on:
+ push:
+ branches:
+ - main
+ paths:
+ - 'terraform/gozzi-01-bio/**'
+ pull_request:
+ paths:
+ - 'terraform/gozzi-01-bio/**'
+
+permissions:
+ contents: read
+ pull-requests: write
+
+jobs:
+ terraform:
+ name: "Terraform Diff"
+ runs-on: self-hosted
+ defaults:
+ run:
+ working-directory: terraform/gozzi-01-bio/
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v3
+
+ - uses: hashicorp/setup-terraform@v2
+ with:
+ cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+
+ - name: Create Pub key
+ run: |
+ mkdir -p ~/.ssh/
+ echo "${{ secrets.PUB_KEY }}" > ~/.ssh/id_rsa.pub
+
+ - name: Terraform fmt
+ id: fmt
+ run: terraform fmt -check
+ continue-on-error: true
+
+ - name: Terraform Init
+ id: init
+ run: terraform init
+
+ - name: Terraform Validate
+ id: validate
+ run: terraform validate -no-color
+
+ - name: Terraform Plan
+ id: plan
+ run: terraform plan -no-color -var onepassword_token=$OP_TOKEN -var onepassword_endpoint=$OP_ENDPOINT
+ continue-on-error: true
+ env:
+ OP_TOKEN: '${{ secrets.OP_TOKEN }}'
+ OP_ENDPOINT: '${{ secrets.OP_ENDPOINT }}'
+
+ - uses: actions/github-script@v6
+ if: github.event_name == 'pull_request'
+ env:
+ PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
+ with:
+ github-token: ${{ secrets.GITHUB_TOKEN }}
+ script: |
+ // 1. Retrieve existing bot comments for the PR
+ const { data: comments } = await github.rest.issues.listComments({
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ issue_number: context.issue.number,
+ })
+ const botComment = comments.find(comment => {
+ return comment.user.type === 'Bot' && comment.body.includes('Terraform Format and Style')
+ })
+
+ // 2. Prepare format of the comment
+ const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
+ #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
+ #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
+ Validation Output
+
+ \`\`\`\n
+ ${{ steps.validate.outputs.stdout }}
+ \`\`\`
+
+
+
+ #### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
+
+ Show Plan
+
+ \`\`\`\n
+ ${process.env.PLAN}
+ \`\`\`
+
+
+
+ *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`;
+
+ // 3. If we have a comment, update it, otherwise create a new one
+ if (botComment) {
+ github.rest.issues.updateComment({
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ comment_id: botComment.id,
+ body: output
+ })
+ } else {
+ github.rest.issues.createComment({
+ issue_number: context.issue.number,
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ body: output
+ })
+ }
+
+ - name: Terraform Plan Status
+ if: steps.plan.outcome == 'failure'
+ run: exit 1
+
+ - name: Terraform Apply
+ if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+ run: terraform apply -auto-approve -var onepassword_token=$OP_TOKEN -var onepassword_endpoint=$OP_ENDPOINT
+ env:
+ OP_TOKEN: '${{ secrets.OP_TOKEN }}'
+ OP_ENDPOINT: '${{ secrets.OP_ENDPOINT }}'
diff --git a/terraform/gozzi-01-bio/docker.tf b/terraform/gozzi-01-bio/docker.tf
new file mode 100644
index 00000000..49c49b29
--- /dev/null
+++ b/terraform/gozzi-01-bio/docker.tf
@@ -0,0 +1,161 @@
+resource "proxmox_virtual_environment_file" "cloud_config" {
+ content_type = "snippets"
+ datastore_id = "local"
+ node_name = "gozzi-pve"
+
+ source_raw {
+ data = < /dev/null",
+ #"sudo apt-get update",
+ #"sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y"
+ #]
+
+ connection {
+ host = element(element(self.ipv4_addresses, index(self.network_interface_names, "eth0")), 0)
+ type = "ssh"
+ user = "daniele"
+ private_key = local_file.docker_key_file.id
+ }
+ }
+
+}
+
+resource "random_password" "docker_password" {
+ length = 16
+ override_special = "_%@"
+ special = true
+}
+
+resource "tls_private_key" "docker_key" {
+ algorithm = "RSA"
+ rsa_bits = 2048
+}
+
+resource "local_file" "docker_key_file" {
+ content = tls_private_key.docker_key.private_key_pem
+ filename = "${path.module}/docker-ssh.key"
+ file_permission = 0600
+}
+
+output "docker_password" {
+ value = random_password.docker_password.result
+ sensitive = true
+}
+
+output "docker_private_key" {
+ value = tls_private_key.docker_key.private_key_pem
+ sensitive = true
+}
+
+output "docker_public_key" {
+ value = tls_private_key.docker_key.public_key_openssh
+}
+
+output "docker_ip" {
+ #value = flatten(proxmox_virtual_environment_vm.docker[*].ipv4_addresses)
+ value = flatten(proxmox_virtual_environment_vm.docker[*].ipv4_addresses[1])
+}
+
+#output "docker_image_id" {
+# value = proxmox_virtual_environment_file.ubuntu2204_cloud_image.id
+#}
diff --git a/terraform/gozzi-01-bio/images.tf b/terraform/gozzi-01-bio/images.tf
index 64ec44b9..c70e0359 100644
--- a/terraform/gozzi-01-bio/images.tf
+++ b/terraform/gozzi-01-bio/images.tf
@@ -13,46 +13,47 @@ resource "proxmox_virtual_environment_file" "almalinux_8_cloud_image" {
}
# AlmaLinux 8 UEFI
-resource "proxmox_virtual_environment_file" "almalinux_8_uefi_cloud_image" {
-
- content_type = "iso"
- datastore_id = "local"
- node_name = "gozzi-pve"
-
- source_file {
- path = "https://repo.almalinux.org/almalinux/8/cloud/x86_64/images/AlmaLinux-8-GenericCloud-UEFI-latest.x86_64.qcow2"
- file_name = "AlmaLinux-8-GenericCloud-UEFI-latest.x86_64.img"
- }
-
-}
+##resource "proxmox_virtual_environment_file" "almalinux_8_uefi_cloud_image" {
+##
+## content_type = "iso"
+## datastore_id = "local"
+## node_name = "gozzi-pve"
+##
+## source_file {
+## path = "https://repo.almalinux.org/almalinux/8/cloud/x86_64/images/AlmaLinux-8-GenericCloud-UEFI-latest.x86_64.qcow2"
+## file_name = "AlmaLinux-8-GenericCloud-UEFI-latest.x86_64.img"
+## }
+##
+##}
#AlmaLinux 9
-resource "proxmox_virtual_environment_file" "almalinux_9_cloud_image" {
-
- content_type = "iso"
- datastore_id = "local"
- node_name = "gozzi-pve"
-
- source_file {
- path = "https://repo.almalinux.org/almalinux/9/cloud/x86_64/images/AlmaLinux-9-GenericCloud-latest.x86_64.qcow2"
- file_name = "AlmaLinux-9-GenericCloud-latest.x86_64.img"
- }
-
-}
+##resource "proxmox_virtual_environment_file" "almalinux_9_cloud_image" {
+##
+## content_type = "iso"
+## datastore_id = "local"
+## node_name = "gozzi-pve"
+##
+## source_file {
+## path = "https://repo.almalinux.org/almalinux/9/cloud/x86_64/images/AlmaLinux-9-GenericCloud-latest.x86_64.qcow2"
+## file_name = "AlmaLinux-9-GenericCloud-latest.x86_64.img"
+## }
+##
+##}
# AliLinux 2
-resource "proxmox_virtual_environment_file" "alilinux_cloud_image" {
-
- content_type = "iso"
- datastore_id = "local"
- node_name = "gozzi-pve"
-
- source_file {
- path = "https://alinux2.oss-cn-hangzhou.aliyuncs.com/aliyun_2_1903_x64_20G_nocloud_alibase_20220525.qcow2"
- file_name = "aliyun_2_1903_x64_20G_nocloud_alibase_20220525.img"
- }
-
-}
+#resource "proxmox_virtual_environment_file" "alilinux_cloud_image" {
+#
+# content_type = "iso"
+# datastore_id = "local"
+# node_name = "gozzi-pve"
+#
+# source_file {
+# path = "https://alinux2.oss-cn-hangzhou.aliyuncs.com/aliyun_2_1903_x64_20G_nocloud_alibase_20230103.qcow2"
+# file_name = "aliyun_2_1903_x64_20G_nocloud_alibase.img"
+# min_tls = "1.2"
+# }
+#
+#}
## AliLinux 3
#resource "proxmox_virtual_environment_file" "alilinux3_cloud_image" {
diff --git a/terraform/gozzi-01-bio/provider.tf b/terraform/gozzi-01-bio/provider.tf
index ebd71e9e..1a214401 100644
--- a/terraform/gozzi-01-bio/provider.tf
+++ b/terraform/gozzi-01-bio/provider.tf
@@ -11,7 +11,7 @@ terraform {
required_providers {
proxmox = {
source = "bpg/proxmox"
- version = "0.13.0"
+ version = "0.60.0"
}
onepassword = {
@@ -23,13 +23,11 @@ terraform {
}
provider "proxmox" {
- virtual_environment {
- endpoint = data.onepassword_item.gozzi_01_bio_token.hostname
- username = data.onepassword_item.gozzi_01_bio_token.username
- password = data.onepassword_item.gozzi_01_bio_token.password
- #otp = data.external.gozzi_01_bio_token_otp.result.otp
- insecure = true
- }
+ endpoint = data.onepassword_item.gozzi_01_bio_token.hostname
+ username = data.onepassword_item.gozzi_01_bio_token.username
+ password = data.onepassword_item.gozzi_01_bio_token.password
+ #otp = data.external.gozzi_01_bio_token_otp.result.otp
+ insecure = true
}
provider "onepassword" {