From 908f9748bdd9679f8f5e57dec1909bf482670939 Mon Sep 17 00:00:00 2001 From: Vezpi Date: Fri, 5 Dec 2025 19:36:03 +0000 Subject: [PATCH 1/8] add: semaphore-vms terraform project for semaphore UI --- terraform/projects/semaphore-vms/main.tf | 33 +++++++++++++++++++ terraform/projects/semaphore-vms/provider.tf | 18 ++++++++++ terraform/projects/semaphore-vms/variables.tf | 10 ++++++ 3 files changed, 61 insertions(+) create mode 100644 terraform/projects/semaphore-vms/main.tf create mode 100644 terraform/projects/semaphore-vms/provider.tf create mode 100644 terraform/projects/semaphore-vms/variables.tf diff --git a/terraform/projects/semaphore-vms/main.tf b/terraform/projects/semaphore-vms/main.tf new file mode 100644 index 0000000..e827fb0 --- /dev/null +++ b/terraform/projects/semaphore-vms/main.tf @@ -0,0 +1,33 @@ +module "pve_vm" { + source = "../../modules/pve_vm" + for_each = local.vm_list + + node_name = each.value.node_name + vm_name = each.value.vm_name + vm_cpu = each.value.vm_cpu + vm_ram = each.value.vm_ram + vm_vlan = each.value.vm_vlan +} + +locals { + # Ordered list of VM hostnames + sem_hosts = ["sem01", "sem02", "sem03"] + + # Create a map: host -> node + vm_list = { + for idx, host in local.sem_hosts : + host => { + node_name = data.proxmox_virtual_environment_nodes.pve_nodes.names[idx] + vm_name = host + vm_cpu = 1 + vm_ram = 2048 + vm_vlan = 66 + } + } +} + +data "proxmox_virtual_environment_nodes" "pve_nodes" {} + +output "vm_ip" { + value = { for k, v in module.pve_vm : k => v.vm_ip } +} diff --git a/terraform/projects/semaphore-vms/provider.tf b/terraform/projects/semaphore-vms/provider.tf new file mode 100644 index 0000000..518dd4c --- /dev/null +++ b/terraform/projects/semaphore-vms/provider.tf @@ -0,0 +1,18 @@ +terraform { + required_providers { + proxmox = { + source = "bpg/proxmox" + } + } +} + +provider "proxmox" { + endpoint = var.proxmox_endpoint + api_token = var.proxmox_api_token + insecure = false + ssh { + agent = false + private_key = file("~/.ssh/id_ed25519") + username = "root" + } +} diff --git a/terraform/projects/semaphore-vms/variables.tf b/terraform/projects/semaphore-vms/variables.tf new file mode 100644 index 0000000..fb37c8d --- /dev/null +++ b/terraform/projects/semaphore-vms/variables.tf @@ -0,0 +1,10 @@ +variable "proxmox_endpoint" { + description = "Proxmox URL endpoint" + type = string +} + +variable "proxmox_api_token" { + description = "Proxmox API token" + type = string + sensitive = true +} \ No newline at end of file -- 2.49.1 From 6b1c582ca67a01e09941b1d9b479e848817b95d5 Mon Sep 17 00:00:00 2001 From: Vezpi Date: Fri, 5 Dec 2025 19:50:22 +0000 Subject: [PATCH 2/8] add: install_nginx.yml --- ansible/playbooks/install_nginx.yml | 46 +++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 ansible/playbooks/install_nginx.yml diff --git a/ansible/playbooks/install_nginx.yml b/ansible/playbooks/install_nginx.yml new file mode 100644 index 0000000..dd297f3 --- /dev/null +++ b/ansible/playbooks/install_nginx.yml @@ -0,0 +1,46 @@ +--- +- name: Demo Playbook - Install Nginx and Serve Hostname Page + hosts: all + become: true + + tasks: + - name: Ensure apt cache is updated + ansible.builtin.apt: + update_cache: true + cache_valid_time: 3600 + + - name: Install nginx + ansible.builtin.apt: + name: nginx + state: present + + - name: Create index.html with hostname + ansible.builtin.copy: + dest: /var/www/html/index.html + content: | + + Demo + +

Hostname: {{ inventory_hostname }}

+ + + owner: www-data + group: www-data + mode: "0644" + + - name: Allow HTTP through firewall + community.general.ufw: + rule: allow + port: "80" + proto: tcp + + - name: Enable ufw + community.general.ufw: + state: enabled + enabled: true + + - name: Ensure nginx is running + ansible.builtin.service: + name: nginx + state: started + enabled: true -- 2.49.1 From 87c5a9386d89b5b93520d7da1a10e584d6cc086f Mon Sep 17 00:00:00 2001 From: Vezpi Date: Fri, 5 Dec 2025 21:24:21 +0000 Subject: [PATCH 3/8] remove: firewall section --- ansible/playbooks/install_nginx.yml | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/ansible/playbooks/install_nginx.yml b/ansible/playbooks/install_nginx.yml index dd297f3..31cf775 100644 --- a/ansible/playbooks/install_nginx.yml +++ b/ansible/playbooks/install_nginx.yml @@ -28,17 +28,6 @@ group: www-data mode: "0644" - - name: Allow HTTP through firewall - community.general.ufw: - rule: allow - port: "80" - proto: tcp - - - name: Enable ufw - community.general.ufw: - state: enabled - enabled: true - - name: Ensure nginx is running ansible.builtin.service: name: nginx -- 2.49.1 From 72bf321145fab528f2d06674e63949df248fad9e Mon Sep 17 00:00:00 2001 From: Vezpi Date: Sat, 6 Dec 2025 16:52:01 +0000 Subject: [PATCH 4/8] feat: use multiple ssh key in pve_vm module --- terraform/modules/pve_vm/main.tf | 3 +-- terraform/modules/pve_vm/variables.tf | 11 +++++++---- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/terraform/modules/pve_vm/main.tf b/terraform/modules/pve_vm/main.tf index 7c5b31b..3560e18 100644 --- a/terraform/modules/pve_vm/main.tf +++ b/terraform/modules/pve_vm/main.tf @@ -26,8 +26,7 @@ resource "proxmox_virtual_environment_file" "cloud_config" { - name: ${var.vm_user} groups: sudo shell: /bin/bash - ssh-authorized-keys: - - "${var.vm_user_sshkey}" # Inject user's SSH key + ssh-authorized-keys: ${jsonencode(var.vm_user_sshkeys)} # Inject user's SSH key sudo: ALL=(ALL) NOPASSWD:ALL runcmd: - systemctl enable qemu-guest-agent diff --git a/terraform/modules/pve_vm/variables.tf b/terraform/modules/pve_vm/variables.tf index 44a0f0a..50a21c8 100644 --- a/terraform/modules/pve_vm/variables.tf +++ b/terraform/modules/pve_vm/variables.tf @@ -26,10 +26,13 @@ variable "vm_user" { default = "vez" } -variable "vm_user_sshkey" { - description = "Admin user SSH key of the VM" - type = string - default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID62LmYRu1rDUha3timAIcA39LtcIOny1iAgFLnxoBxm vez@bastion" +variable "vm_user_sshkeys" { + description = "Admin user SSH keys of the VM" + type = list(string) + default = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID62LmYRu1rDUha3timAIcA39LtcIOny1iAgFLnxoBxm vez@bastion", + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHovfHKpqTvwj5zrcSuSZALa8iiH6qBvE5dyJCz9eQ2k vez@surface" + ] } variable "vm_cpu" { -- 2.49.1 From b028018d7e7cfcde6f4fee1b3ced8f175a528ee3 Mon Sep 17 00:00:00 2001 From: Vezpi Date: Thu, 11 Dec 2025 19:50:04 +0000 Subject: [PATCH 5/8] change: use username/password instead of ssh key --- terraform/projects/semaphore-vms/provider.tf | 5 +++-- terraform/projects/semaphore-vms/variables.tf | 12 ++++++++++++ 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/terraform/projects/semaphore-vms/provider.tf b/terraform/projects/semaphore-vms/provider.tf index 518dd4c..03f728a 100644 --- a/terraform/projects/semaphore-vms/provider.tf +++ b/terraform/projects/semaphore-vms/provider.tf @@ -12,7 +12,8 @@ provider "proxmox" { insecure = false ssh { agent = false - private_key = file("~/.ssh/id_ed25519") - username = "root" + # private_key = file("~/.ssh/id_ed25519") + username = var.proxmox_ssh_username + password = var.proxmox_ssh_password } } diff --git a/terraform/projects/semaphore-vms/variables.tf b/terraform/projects/semaphore-vms/variables.tf index fb37c8d..e85102e 100644 --- a/terraform/projects/semaphore-vms/variables.tf +++ b/terraform/projects/semaphore-vms/variables.tf @@ -7,4 +7,16 @@ variable "proxmox_api_token" { description = "Proxmox API token" type = string sensitive = true +} + +variable "proxmox_ssh_username" { + description = "Proxmox SSH username" + type = string + sensitive = true +} + +variable "proxmox_ssh_password" { + description = "Proxmox SSH password" + type = string + sensitive = true } \ No newline at end of file -- 2.49.1 From f4d67bee86e5e1ef47bd0c632de12ce05d039d5f Mon Sep 17 00:00:00 2001 From: Vezpi Date: Fri, 12 Dec 2025 20:45:24 +0000 Subject: [PATCH 6/8] add: proxmox project with terraform_user.yml --- .../{ => ansiform}/inventories/terraform.yml | 0 .../{ => ansiform}/playbooks/deploy_tf.yml | 0 .../playbooks/install_nginx.yml | 0 .../roles/terraform_vm/defaults/main.yml | 0 .../roles/terraform_vm/tasks/main.yml | 0 ansible/proxmox/terraform_user.yml | 20 +++++++++++++++++++ 6 files changed, 20 insertions(+) rename ansible/{ => ansiform}/inventories/terraform.yml (100%) rename ansible/{ => ansiform}/playbooks/deploy_tf.yml (100%) rename ansible/{ => ansiform}/playbooks/install_nginx.yml (100%) rename ansible/{ => ansiform}/roles/terraform_vm/defaults/main.yml (100%) rename ansible/{ => ansiform}/roles/terraform_vm/tasks/main.yml (100%) create mode 100644 ansible/proxmox/terraform_user.yml diff --git a/ansible/inventories/terraform.yml b/ansible/ansiform/inventories/terraform.yml similarity index 100% rename from ansible/inventories/terraform.yml rename to ansible/ansiform/inventories/terraform.yml diff --git a/ansible/playbooks/deploy_tf.yml b/ansible/ansiform/playbooks/deploy_tf.yml similarity index 100% rename from ansible/playbooks/deploy_tf.yml rename to ansible/ansiform/playbooks/deploy_tf.yml diff --git a/ansible/playbooks/install_nginx.yml b/ansible/ansiform/playbooks/install_nginx.yml similarity index 100% rename from ansible/playbooks/install_nginx.yml rename to ansible/ansiform/playbooks/install_nginx.yml diff --git a/ansible/roles/terraform_vm/defaults/main.yml b/ansible/ansiform/roles/terraform_vm/defaults/main.yml similarity index 100% rename from ansible/roles/terraform_vm/defaults/main.yml rename to ansible/ansiform/roles/terraform_vm/defaults/main.yml diff --git a/ansible/roles/terraform_vm/tasks/main.yml b/ansible/ansiform/roles/terraform_vm/tasks/main.yml similarity index 100% rename from ansible/roles/terraform_vm/tasks/main.yml rename to ansible/ansiform/roles/terraform_vm/tasks/main.yml diff --git a/ansible/proxmox/terraform_user.yml b/ansible/proxmox/terraform_user.yml new file mode 100644 index 0000000..a2098ff --- /dev/null +++ b/ansible/proxmox/terraform_user.yml @@ -0,0 +1,20 @@ +--- +- name: Create Terraform local user for Proxmox + hosts: nodes + become: true + tasks: + + - name: Create terraform user + ansible.builtin.user: + name: "{{ terraform_user }}" + password: "{{ terraform_password | password_hash('sha512') }}" + shell: /bin/bash + + - name: Create sudoers file for terraform user + ansible.builtin.copy: + dest: /etc/sudoers.d/{{ terraform_user }} + mode: '0440' + content: | + {{ terraform_user }} ALL=(root) NOPASSWD: /sbin/pvesm + {{ terraform_user }} ALL=(root) NOPASSWD: /sbin/qm + {{ terraform_user }} ALL=(root) NOPASSWD: /usr/bin/tee /var/lib/vz/* \ No newline at end of file -- 2.49.1 From 6a57609f8a67653176b7e769e92c595b492fe830 Mon Sep 17 00:00:00 2001 From: Vezpi Date: Sat, 13 Dec 2025 21:35:26 +0000 Subject: [PATCH 7/8] change: set insecure to true --- terraform/projects/semaphore-vms/provider.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/projects/semaphore-vms/provider.tf b/terraform/projects/semaphore-vms/provider.tf index 03f728a..3b03a6d 100644 --- a/terraform/projects/semaphore-vms/provider.tf +++ b/terraform/projects/semaphore-vms/provider.tf @@ -9,7 +9,7 @@ terraform { provider "proxmox" { endpoint = var.proxmox_endpoint api_token = var.proxmox_api_token - insecure = false + insecure = true ssh { agent = false # private_key = file("~/.ssh/id_ed25519") -- 2.49.1 From 1bffdef5fee94ca732625ce470a3b53158e1b221 Mon Sep 17 00:00:00 2001 From: Vezpi Date: Mon, 15 Dec 2025 19:38:03 +0000 Subject: [PATCH 8/8] revert: insecure to false --- terraform/projects/semaphore-vms/provider.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/projects/semaphore-vms/provider.tf b/terraform/projects/semaphore-vms/provider.tf index 3b03a6d..03f728a 100644 --- a/terraform/projects/semaphore-vms/provider.tf +++ b/terraform/projects/semaphore-vms/provider.tf @@ -9,7 +9,7 @@ terraform { provider "proxmox" { endpoint = var.proxmox_endpoint api_token = var.proxmox_api_token - insecure = true + insecure = false ssh { agent = false # private_key = file("~/.ssh/id_ed25519") -- 2.49.1