diff --git a/.github/workflows/dns-update-dns.yml b/.github/workflows/dns-update-dns.yml index 062ea05..3fb29db 100644 --- a/.github/workflows/dns-update-dns.yml +++ b/.github/workflows/dns-update-dns.yml @@ -8,11 +8,16 @@ on: - dev paths: - 'dns/dns-prod-1/terraform/*.tf' + # pull_request: + # branches: + # - main + # paths: + # - 'dns/dns-prod-1/terraform/*.tf' workflow_dispatch: defaults: run: - working-directory: ./dns/dns-prod-1/terraform + working-directory: dns/dns-prod-1/terraform env: TF_VAR_TSIG_KEY_HOME: ${{ secrets.TSIG_KEY_HOME }} @@ -77,5 +82,5 @@ jobs: run: exit 1 - name: Terraform Apply - if: github.ref == 'refs/heads/main' && github.event_name == 'push' + if: github.event_name == 'push' run: terraform apply -auto-approve -input=false diff --git a/.github/workflows/proxmox-update-vms.yml b/.github/workflows/proxmox-update-vms.yml new file mode 100644 index 0000000..3bd981b --- /dev/null +++ b/.github/workflows/proxmox-update-vms.yml @@ -0,0 +1,90 @@ +name: "Update VMS" + +on: + push: + branches: + - main + - test + - dev + paths: + - 'proxmox/prx-prod-2/terraform/*.tf' + pull_request: + branches: + - main + - test + - dev + paths: + - 'proxmox/prx-prod-2/terraform/*.tf' + workflow_dispatch: + +defaults: + run: + working-directory: proxmox/prx-prod-2/terraform + +env: + TF_VAR_PRX_PROD_2_URL: ${{ secrets.PRX_PROD_2_URL }} + TF_VAR_PRX_PROD_2_USER: ${{ secrets.PRX_PROD_2_USER }} + TF_VAR_PRX_PROD_2_TOKEN: ${{ secrets.PRX_PROD_2_TOKEN }} + +jobs: + terraform: + runs-on: "self-hosted" + steps: + + - name: Checkout + uses: actions/checkout@v3 + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v1 + with: + # terraform_version: 0.13.0: + cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} + + - name: Terraform Format + id: fmt + run: terraform fmt -check + + - name: Terraform Init + id: init + run: terraform init + + - name: Terraform Validate + id: validate + run: terraform validate -no-color + + - name: Terraform Plan + id: plan + if: github.event_name == 'pull_request' + run: terraform plan -no-color -input=false + continue-on-error: true + + - uses: actions/github-script@v6 + if: github.event_name == 'pull_request' + env: + PLAN: "terraform\n${{ steps.plan.outputs.stdout }}" + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` + #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` + #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\` + #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` +
Show Plan + \`\`\`\n + ${process.env.PLAN} + \`\`\` +
+ *Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`; + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }) + - name: Terraform Plan Status + if: steps.plan.outcome == 'failure' + run: exit 1 + + - name: Terraform Apply + if: github.event_name == 'push' + run: terraform apply -auto-approve -input=false diff --git a/ansible/playbooks/servers/install-core.yml b/ansible/playbooks/servers/install-core.yml new file mode 100644 index 0000000..fb180d9 --- /dev/null +++ b/ansible/playbooks/servers/install-core.yml @@ -0,0 +1,11 @@ +- hosts: "{{ hosts }}" + + become: yes + tasks: + + - name: install core packages + apt: + name: + - prometheus-node-exporter + - nfs-common + update_cache: yes diff --git a/ansible/playbooks/servers/install-docker.yml b/ansible/playbooks/servers/install-docker.yml new file mode 100644 index 0000000..fd162a9 --- /dev/null +++ b/ansible/playbooks/servers/install-docker.yml @@ -0,0 +1,29 @@ +- hosts: + - srv-prod-1.home.clcreative.de + - srv-prod-2.home.clcreative.de + + become: yes + tasks: + + # Breaks existing Docker Servers! + # Change Tasks for separate group! + + # Install Docker + # - name: install prerequisites + # apt: + # name: + # - docker.io + # update_cache: yes + + # - name: add user permissions + # shell: "usermod -aG docker {{ ansible_env.SUDO_USER }}" + + # - name: Reset ssh connection for changes to take effect + # meta: "reset_connection" + + # Install Docker Compose + - name: install docker-compose + apt: + name: + - docker-compose + update_cache: yes diff --git a/ansible/playbooks/servers/install-sshauth.yml b/ansible/playbooks/servers/install-sshauth.yml new file mode 100644 index 0000000..4a8d817 --- /dev/null +++ b/ansible/playbooks/servers/install-sshauth.yml @@ -0,0 +1,23 @@ +- hosts: all + + become: yes + tasks: + + # Deploy SSH Key + # -- + - name: install public keys + ansible.posix.authorized_key: + user: "{{ lookup('env','USER') }}" + state: present + key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" + + + # Set all sudoers to no password + # -- + - name: change sudoers file + lineinfile: + path: /etc/sudoers + state: present + regexp: '^%sudo' + line: '%sudo ALL=(ALL) NOPASSWD: ALL' + validate: /usr/sbin/visudo -cf %s diff --git a/ansible/playbooks/servers/install-vm-core.yml b/ansible/playbooks/servers/install-vm-core.yml new file mode 100644 index 0000000..34b0860 --- /dev/null +++ b/ansible/playbooks/servers/install-vm-core.yml @@ -0,0 +1,19 @@ +- hosts: "{{ hosts }}" + + become: yes + tasks: + + - name: install core packages + apt: + name: + - prometheus-node-exporter + - nfs-common + - qemu-guest-agent + - unzip + update_cache: yes + + - name: start guest qemu-guest-agent + service: + name: qemu-guest-agent + state: started + enabled: yes diff --git a/ansible/playbooks/servers/update-aptpackages.yml b/ansible/playbooks/servers/update-aptpackages.yml new file mode 100644 index 0000000..c68232a --- /dev/null +++ b/ansible/playbooks/servers/update-aptpackages.yml @@ -0,0 +1,29 @@ +- hosts: "{{ hosts }}" + + become: yes + tasks: + # Upgrade packages + - name: upgrade apt packages + become: true + apt: + upgrade: yes + update_cache: yes + + # Check if reboot is required + - name: check if system reboot is required + become: true + stat: + path: /var/run/reboot-required + register: reboot_required + + # Send Discord message when reboot is required + - name: Send Discord message + uri: + url: "{{ discord_webhook_url }}" + method: POST + body_format: json + body: '{"content": "Reboot required on {{ inventory_hostname }}"}' + headers: + Content-Type: application/json + status_code: 204 + when: reboot_required.stat.exists diff --git a/ansible/playbooks/servers/update-diskspace.yml b/ansible/playbooks/servers/update-diskspace.yml new file mode 100644 index 0000000..ab4b013 --- /dev/null +++ b/ansible/playbooks/servers/update-diskspace.yml @@ -0,0 +1,23 @@ +- hosts: "{{ hosts }}" + + tasks: + + - name: Get disk usage + command: df -h + register: disk_usage + + - name: Check disk space available + shell: df -h / | awk 'NR==2 {print $5}' + register: disk_usage + + # Send Discord message when disk space is over 80% + - name: Send Discord message + uri: + url: "{{ discord_webhook_url }}" + method: POST + body_format: json + body: '{"content": "Disk space on {{ inventory_hostname }} is above 80%!"}' + headers: + Content-Type: application/json + status_code: 204 + when: disk_usage.stdout[:-1]|int > 80 diff --git a/ansible/playbooks/servers/update-dockercleanup.yml b/ansible/playbooks/servers/update-dockercleanup.yml new file mode 100644 index 0000000..671099b --- /dev/null +++ b/ansible/playbooks/servers/update-dockercleanup.yml @@ -0,0 +1,13 @@ +- hosts: "{{ hosts }}" + + tasks: + + - name: Prune non-dangling, and dangling images + community.docker.docker_prune: + containers: false + images: true + images_filters: + dangling: false + networks: false + volumes: false + builder_cache: false diff --git a/proxmox/prx-prod-2/terraform/_provider.tf b/proxmox/prx-prod-2/terraform/_provider.tf new file mode 100644 index 0000000..5595767 --- /dev/null +++ b/proxmox/prx-prod-2/terraform/_provider.tf @@ -0,0 +1,37 @@ +terraform { + required_version = ">= 0.13.0" + + required_providers { + proxmox = { + source = "telmate/proxmox" + version = "=2.9.14" + } + } + cloud { + organization = "clcreative" + + workspaces { + name = "prx-prod-2" + } + } +} + +variable "PRX_PROD_2_URL" { + type = string +} + +variable "PRX_PROD_2_USER" { + type = string +} + +variable "PRX_PROD_2_TOKEN" { + type = string + sensitive = true +} + +provider "proxmox" { + pm_api_url = var.PRX_PROD_2_URL + pm_api_token_id = var.PRX_PROD_2_USER + pm_api_token_secret = var.PRX_PROD_2_TOKEN + pm_tls_insecure = false +} diff --git a/proxmox/prx-prod-2/terraform/server/server.tf b/proxmox/prx-prod-2/terraform/server/server.tf new file mode 100644 index 0000000..241a630 --- /dev/null +++ b/proxmox/prx-prod-2/terraform/server/server.tf @@ -0,0 +1,90 @@ +resource "proxmox_vm_qemu" "srv-demo-5" { + name = "srv-demo-5" + desc = "Demo Server 5" + agent = 1 + target_node = "prx-prod-1" + + tags = "test" + + onboot = true + automatic_reboot = true + qemu_os = "other" + + vmid = 307 + clone = "ubuntu-server-test-1" + full_clone = true + define_connection_info = true + + cores = 1 + sockets = 1 + cpu = "host" + memory = 2048 + + network { + bridge = "vmbr0" + model = "virtio" + } + + scsihw = "virtio-scsi-pci" + + disk { + storage = "local-ssd" + type = "virtio" + size = "40G" + } + + # Cloud Init Settings + os_type = "cloud-init" + ipconfig0 = "ip=10.20.3.7/16,gw=10.20.0.1" + nameserver = "10.20.0.1" + ciuser = "xcad" + cipassword = "testtest" + sshkeys = <