revert: insecure to false

ansible/ansiform/playbooks/install_nginx.yml

@@ -0,0 +1,35 @@
+---
+- name: Demo Playbook - Install Nginx and Serve Hostname Page
+  hosts: all
+  become: true
+
+  tasks:
+    - name: Ensure apt cache is updated
+      ansible.builtin.apt:
+        update_cache: true
+        cache_valid_time: 3600
+
+    - name: Install nginx
+      ansible.builtin.apt:
+        name: nginx
+        state: present
+
+    - name: Create index.html with hostname
+      ansible.builtin.copy:
+        dest: /var/www/html/index.html
+        content: |
+          <html>
+          <head><title>Demo</title></head>
+          <body>
+              <h1>Hostname: {{ inventory_hostname }}</h1>
+          </body>
+          </html>
+        owner: www-data
+        group: www-data
+        mode: "0644"
+
+    - name: Ensure nginx is running
+      ansible.builtin.service:
+        name: nginx
+        state: started
+        enabled: true

ansible/proxmox/terraform_user.yml

@@ -0,0 +1,20 @@
+---
+- name: Create Terraform local user for Proxmox
+  hosts: nodes
+  become: true
+  tasks:
+  
+    - name: Create terraform user
+      ansible.builtin.user:
+        name: "{{ terraform_user }}"
+        password: "{{ terraform_password | password_hash('sha512') }}"
+        shell: /bin/bash
+
+    - name: Create sudoers file for terraform user
+      ansible.builtin.copy:
+        dest: /etc/sudoers.d/{{ terraform_user }}
+        mode: '0440'
+        content: |
+          {{ terraform_user }} ALL=(root) NOPASSWD: /sbin/pvesm
+          {{ terraform_user }} ALL=(root) NOPASSWD: /sbin/qm
+          {{ terraform_user }} ALL=(root) NOPASSWD: /usr/bin/tee /var/lib/vz/*

terraform/modules/pve_vm/main.tf

@@ -26,8 +26,7 @@ resource "proxmox_virtual_environment_file" "cloud_config" {
       - name: ${var.vm_user}
         groups: sudo
         shell: /bin/bash
-        ssh-authorized-keys:
-          - "${var.vm_user_sshkey}" # Inject user's SSH key
+        ssh-authorized-keys: ${jsonencode(var.vm_user_sshkeys)} # Inject user's SSH key
         sudo: ALL=(ALL) NOPASSWD:ALL
     runcmd:
       - systemctl enable qemu-guest-agent 

terraform/modules/pve_vm/variables.tf

@@ -26,10 +26,13 @@ variable "vm_user" {
   default     = "vez"
 }
 
-variable "vm_user_sshkey" {
-  description = "Admin user SSH key of the VM"
-  type        = string
-  default     = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID62LmYRu1rDUha3timAIcA39LtcIOny1iAgFLnxoBxm vez@bastion"
+variable "vm_user_sshkeys" {
+  description = "Admin user SSH keys of the VM"
+  type        = list(string)
+  default     = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID62LmYRu1rDUha3timAIcA39LtcIOny1iAgFLnxoBxm vez@bastion",
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHovfHKpqTvwj5zrcSuSZALa8iiH6qBvE5dyJCz9eQ2k vez@surface"
+  ]
 }
 
 variable "vm_cpu" {

terraform/projects/semaphore-vms/main.tf

@@ -0,0 +1,33 @@
+module "pve_vm" {
+  source    = "../../modules/pve_vm"
+  for_each  = local.vm_list
+
+  node_name = each.value.node_name
+  vm_name   = each.value.vm_name
+  vm_cpu    = each.value.vm_cpu
+  vm_ram    = each.value.vm_ram
+  vm_vlan   = each.value.vm_vlan
+}
+
+locals {
+  # Ordered list of VM hostnames
+  sem_hosts = ["sem01", "sem02", "sem03"]
+
+  # Create a map: host -> node
+  vm_list = {
+    for idx, host in local.sem_hosts :
+    host => {
+      node_name = data.proxmox_virtual_environment_nodes.pve_nodes.names[idx]
+      vm_name   = host
+      vm_cpu    = 1
+      vm_ram    = 2048
+      vm_vlan   = 66
+    }
+  }
+}
+
+data "proxmox_virtual_environment_nodes" "pve_nodes" {}
+
+output "vm_ip" {
+  value = { for k, v in module.pve_vm : k => v.vm_ip }
+}

terraform/projects/semaphore-vms/provider.tf

@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    proxmox = {
+      source = "bpg/proxmox"
+    }
+  }
+}
+
+provider "proxmox" {
+  endpoint  = var.proxmox_endpoint
+  api_token = var.proxmox_api_token
+  insecure  = false
+  ssh {
+    agent       = false
+    # private_key = file("~/.ssh/id_ed25519")
+    username    = var.proxmox_ssh_username
+    password    = var.proxmox_ssh_password
+  }
+}

terraform/projects/semaphore-vms/variables.tf

@@ -0,0 +1,22 @@
+variable "proxmox_endpoint" {
+  description = "Proxmox URL endpoint"
+  type        = string
+}
+
+variable "proxmox_api_token" {
+  description = "Proxmox API token"
+  type        = string
+  sensitive   = true
+}
+
+variable "proxmox_ssh_username" {
+  description = "Proxmox SSH username"
+  type        = string
+  sensitive   = true
+}
+
+variable "proxmox_ssh_password" {
+  description = "Proxmox SSH password"
+  type        = string
+  sensitive   = true
+}