diff --git a/ansible/inventories/terraform.yml b/ansible/ansiform/inventories/terraform.yml
similarity index 100%
rename from ansible/inventories/terraform.yml
rename to ansible/ansiform/inventories/terraform.yml
diff --git a/ansible/playbooks/deploy_tf.yml b/ansible/ansiform/playbooks/deploy_tf.yml
similarity index 100%
rename from ansible/playbooks/deploy_tf.yml
rename to ansible/ansiform/playbooks/deploy_tf.yml
diff --git a/ansible/ansiform/playbooks/install_nginx.yml b/ansible/ansiform/playbooks/install_nginx.yml
new file mode 100644
index 0000000..31cf775
--- /dev/null
+++ b/ansible/ansiform/playbooks/install_nginx.yml
@@ -0,0 +1,35 @@
+---
+- name: Demo Playbook - Install Nginx and Serve Hostname Page
+ hosts: all
+ become: true
+
+ tasks:
+ - name: Ensure apt cache is updated
+ ansible.builtin.apt:
+ update_cache: true
+ cache_valid_time: 3600
+
+ - name: Install nginx
+ ansible.builtin.apt:
+ name: nginx
+ state: present
+
+ - name: Create index.html with hostname
+ ansible.builtin.copy:
+ dest: /var/www/html/index.html
+ content: |
+
+ Demo
+
+ Hostname: {{ inventory_hostname }}
+
+
+ owner: www-data
+ group: www-data
+ mode: "0644"
+
+ - name: Ensure nginx is running
+ ansible.builtin.service:
+ name: nginx
+ state: started
+ enabled: true
diff --git a/ansible/roles/terraform_vm/defaults/main.yml b/ansible/ansiform/roles/terraform_vm/defaults/main.yml
similarity index 100%
rename from ansible/roles/terraform_vm/defaults/main.yml
rename to ansible/ansiform/roles/terraform_vm/defaults/main.yml
diff --git a/ansible/roles/terraform_vm/tasks/main.yml b/ansible/ansiform/roles/terraform_vm/tasks/main.yml
similarity index 100%
rename from ansible/roles/terraform_vm/tasks/main.yml
rename to ansible/ansiform/roles/terraform_vm/tasks/main.yml
diff --git a/ansible/proxmox/terraform_user.yml b/ansible/proxmox/terraform_user.yml
new file mode 100644
index 0000000..a2098ff
--- /dev/null
+++ b/ansible/proxmox/terraform_user.yml
@@ -0,0 +1,20 @@
+---
+- name: Create Terraform local user for Proxmox
+ hosts: nodes
+ become: true
+ tasks:
+
+ - name: Create terraform user
+ ansible.builtin.user:
+ name: "{{ terraform_user }}"
+ password: "{{ terraform_password | password_hash('sha512') }}"
+ shell: /bin/bash
+
+ - name: Create sudoers file for terraform user
+ ansible.builtin.copy:
+ dest: /etc/sudoers.d/{{ terraform_user }}
+ mode: '0440'
+ content: |
+ {{ terraform_user }} ALL=(root) NOPASSWD: /sbin/pvesm
+ {{ terraform_user }} ALL=(root) NOPASSWD: /sbin/qm
+ {{ terraform_user }} ALL=(root) NOPASSWD: /usr/bin/tee /var/lib/vz/*
\ No newline at end of file
diff --git a/terraform/modules/pve_vm/main.tf b/terraform/modules/pve_vm/main.tf
index 7c5b31b..3560e18 100644
--- a/terraform/modules/pve_vm/main.tf
+++ b/terraform/modules/pve_vm/main.tf
@@ -26,8 +26,7 @@ resource "proxmox_virtual_environment_file" "cloud_config" {
- name: ${var.vm_user}
groups: sudo
shell: /bin/bash
- ssh-authorized-keys:
- - "${var.vm_user_sshkey}" # Inject user's SSH key
+ ssh-authorized-keys: ${jsonencode(var.vm_user_sshkeys)} # Inject user's SSH key
sudo: ALL=(ALL) NOPASSWD:ALL
runcmd:
- systemctl enable qemu-guest-agent
diff --git a/terraform/modules/pve_vm/variables.tf b/terraform/modules/pve_vm/variables.tf
index 44a0f0a..50a21c8 100644
--- a/terraform/modules/pve_vm/variables.tf
+++ b/terraform/modules/pve_vm/variables.tf
@@ -26,10 +26,13 @@ variable "vm_user" {
default = "vez"
}
-variable "vm_user_sshkey" {
- description = "Admin user SSH key of the VM"
- type = string
- default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID62LmYRu1rDUha3timAIcA39LtcIOny1iAgFLnxoBxm vez@bastion"
+variable "vm_user_sshkeys" {
+ description = "Admin user SSH keys of the VM"
+ type = list(string)
+ default = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID62LmYRu1rDUha3timAIcA39LtcIOny1iAgFLnxoBxm vez@bastion",
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHovfHKpqTvwj5zrcSuSZALa8iiH6qBvE5dyJCz9eQ2k vez@surface"
+ ]
}
variable "vm_cpu" {
diff --git a/terraform/projects/semaphore-vms/main.tf b/terraform/projects/semaphore-vms/main.tf
new file mode 100644
index 0000000..e827fb0
--- /dev/null
+++ b/terraform/projects/semaphore-vms/main.tf
@@ -0,0 +1,33 @@
+module "pve_vm" {
+ source = "../../modules/pve_vm"
+ for_each = local.vm_list
+
+ node_name = each.value.node_name
+ vm_name = each.value.vm_name
+ vm_cpu = each.value.vm_cpu
+ vm_ram = each.value.vm_ram
+ vm_vlan = each.value.vm_vlan
+}
+
+locals {
+ # Ordered list of VM hostnames
+ sem_hosts = ["sem01", "sem02", "sem03"]
+
+ # Create a map: host -> node
+ vm_list = {
+ for idx, host in local.sem_hosts :
+ host => {
+ node_name = data.proxmox_virtual_environment_nodes.pve_nodes.names[idx]
+ vm_name = host
+ vm_cpu = 1
+ vm_ram = 2048
+ vm_vlan = 66
+ }
+ }
+}
+
+data "proxmox_virtual_environment_nodes" "pve_nodes" {}
+
+output "vm_ip" {
+ value = { for k, v in module.pve_vm : k => v.vm_ip }
+}
diff --git a/terraform/projects/semaphore-vms/provider.tf b/terraform/projects/semaphore-vms/provider.tf
new file mode 100644
index 0000000..03f728a
--- /dev/null
+++ b/terraform/projects/semaphore-vms/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+ required_providers {
+ proxmox = {
+ source = "bpg/proxmox"
+ }
+ }
+}
+
+provider "proxmox" {
+ endpoint = var.proxmox_endpoint
+ api_token = var.proxmox_api_token
+ insecure = false
+ ssh {
+ agent = false
+ # private_key = file("~/.ssh/id_ed25519")
+ username = var.proxmox_ssh_username
+ password = var.proxmox_ssh_password
+ }
+}
diff --git a/terraform/projects/semaphore-vms/variables.tf b/terraform/projects/semaphore-vms/variables.tf
new file mode 100644
index 0000000..e85102e
--- /dev/null
+++ b/terraform/projects/semaphore-vms/variables.tf
@@ -0,0 +1,22 @@
+variable "proxmox_endpoint" {
+ description = "Proxmox URL endpoint"
+ type = string
+}
+
+variable "proxmox_api_token" {
+ description = "Proxmox API token"
+ type = string
+ sensitive = true
+}
+
+variable "proxmox_ssh_username" {
+ description = "Proxmox SSH username"
+ type = string
+ sensitive = true
+}
+
+variable "proxmox_ssh_password" {
+ description = "Proxmox SSH password"
+ type = string
+ sensitive = true
+}
\ No newline at end of file