diff --git a/.github/workflows/dns-update-dns.yml b/.github/workflows/dns-update-dns.yml
index 062ea05..3fb29db 100644
--- a/.github/workflows/dns-update-dns.yml
+++ b/.github/workflows/dns-update-dns.yml
@@ -8,11 +8,16 @@ on:
- dev
paths:
- 'dns/dns-prod-1/terraform/*.tf'
+ # pull_request:
+ # branches:
+ # - main
+ # paths:
+ # - 'dns/dns-prod-1/terraform/*.tf'
workflow_dispatch:
defaults:
run:
- working-directory: ./dns/dns-prod-1/terraform
+ working-directory: dns/dns-prod-1/terraform
env:
TF_VAR_TSIG_KEY_HOME: ${{ secrets.TSIG_KEY_HOME }}
@@ -77,5 +82,5 @@ jobs:
run: exit 1
- name: Terraform Apply
- if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+ if: github.event_name == 'push'
run: terraform apply -auto-approve -input=false
diff --git a/.github/workflows/proxmox-update-vms.yml b/.github/workflows/proxmox-update-vms.yml
new file mode 100644
index 0000000..3bd981b
--- /dev/null
+++ b/.github/workflows/proxmox-update-vms.yml
@@ -0,0 +1,90 @@
+name: "Update VMS"
+
+on:
+ push:
+ branches:
+ - main
+ - test
+ - dev
+ paths:
+ - 'proxmox/prx-prod-2/terraform/*.tf'
+ pull_request:
+ branches:
+ - main
+ - test
+ - dev
+ paths:
+ - 'proxmox/prx-prod-2/terraform/*.tf'
+ workflow_dispatch:
+
+defaults:
+ run:
+ working-directory: proxmox/prx-prod-2/terraform
+
+env:
+ TF_VAR_PRX_PROD_2_URL: ${{ secrets.PRX_PROD_2_URL }}
+ TF_VAR_PRX_PROD_2_USER: ${{ secrets.PRX_PROD_2_USER }}
+ TF_VAR_PRX_PROD_2_TOKEN: ${{ secrets.PRX_PROD_2_TOKEN }}
+
+jobs:
+ terraform:
+ runs-on: "self-hosted"
+ steps:
+
+ - name: Checkout
+ uses: actions/checkout@v3
+
+ - name: Setup Terraform
+ uses: hashicorp/setup-terraform@v1
+ with:
+ # terraform_version: 0.13.0:
+ cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+
+ - name: Terraform Format
+ id: fmt
+ run: terraform fmt -check
+
+ - name: Terraform Init
+ id: init
+ run: terraform init
+
+ - name: Terraform Validate
+ id: validate
+ run: terraform validate -no-color
+
+ - name: Terraform Plan
+ id: plan
+ if: github.event_name == 'pull_request'
+ run: terraform plan -no-color -input=false
+ continue-on-error: true
+
+ - uses: actions/github-script@v6
+ if: github.event_name == 'pull_request'
+ env:
+ PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
+ with:
+ github-token: ${{ secrets.GITHUB_TOKEN }}
+ script: |
+ const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
+ #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
+ #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
+ #### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
+ Show Plan
+ \`\`\`\n
+ ${process.env.PLAN}
+ \`\`\`
+
+ *Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
+ github.rest.issues.createComment({
+ issue_number: context.issue.number,
+ owner: context.repo.owner,
+ repo: context.repo.repo,
+ body: output
+ })
+ - name: Terraform Plan Status
+ if: steps.plan.outcome == 'failure'
+ run: exit 1
+
+ - name: Terraform Apply
+ if: github.event_name == 'push'
+ run: terraform apply -auto-approve -input=false
diff --git a/ansible/playbooks/servers/install-core.yml b/ansible/playbooks/servers/install-core.yml
new file mode 100644
index 0000000..fb180d9
--- /dev/null
+++ b/ansible/playbooks/servers/install-core.yml
@@ -0,0 +1,11 @@
+- hosts: "{{ hosts }}"
+
+ become: yes
+ tasks:
+
+ - name: install core packages
+ apt:
+ name:
+ - prometheus-node-exporter
+ - nfs-common
+ update_cache: yes
diff --git a/ansible/playbooks/servers/install-docker.yml b/ansible/playbooks/servers/install-docker.yml
new file mode 100644
index 0000000..fd162a9
--- /dev/null
+++ b/ansible/playbooks/servers/install-docker.yml
@@ -0,0 +1,29 @@
+- hosts:
+ - srv-prod-1.home.clcreative.de
+ - srv-prod-2.home.clcreative.de
+
+ become: yes
+ tasks:
+
+ # Breaks existing Docker Servers!
+ # Change Tasks for separate group!
+
+ # Install Docker
+ # - name: install prerequisites
+ # apt:
+ # name:
+ # - docker.io
+ # update_cache: yes
+
+ # - name: add user permissions
+ # shell: "usermod -aG docker {{ ansible_env.SUDO_USER }}"
+
+ # - name: Reset ssh connection for changes to take effect
+ # meta: "reset_connection"
+
+ # Install Docker Compose
+ - name: install docker-compose
+ apt:
+ name:
+ - docker-compose
+ update_cache: yes
diff --git a/ansible/playbooks/servers/install-sshauth.yml b/ansible/playbooks/servers/install-sshauth.yml
new file mode 100644
index 0000000..4a8d817
--- /dev/null
+++ b/ansible/playbooks/servers/install-sshauth.yml
@@ -0,0 +1,23 @@
+- hosts: all
+
+ become: yes
+ tasks:
+
+ # Deploy SSH Key
+ # --
+ - name: install public keys
+ ansible.posix.authorized_key:
+ user: "{{ lookup('env','USER') }}"
+ state: present
+ key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
+
+
+ # Set all sudoers to no password
+ # --
+ - name: change sudoers file
+ lineinfile:
+ path: /etc/sudoers
+ state: present
+ regexp: '^%sudo'
+ line: '%sudo ALL=(ALL) NOPASSWD: ALL'
+ validate: /usr/sbin/visudo -cf %s
diff --git a/ansible/playbooks/servers/install-vm-core.yml b/ansible/playbooks/servers/install-vm-core.yml
new file mode 100644
index 0000000..34b0860
--- /dev/null
+++ b/ansible/playbooks/servers/install-vm-core.yml
@@ -0,0 +1,19 @@
+- hosts: "{{ hosts }}"
+
+ become: yes
+ tasks:
+
+ - name: install core packages
+ apt:
+ name:
+ - prometheus-node-exporter
+ - nfs-common
+ - qemu-guest-agent
+ - unzip
+ update_cache: yes
+
+ - name: start guest qemu-guest-agent
+ service:
+ name: qemu-guest-agent
+ state: started
+ enabled: yes
diff --git a/ansible/playbooks/servers/update-aptpackages.yml b/ansible/playbooks/servers/update-aptpackages.yml
new file mode 100644
index 0000000..c68232a
--- /dev/null
+++ b/ansible/playbooks/servers/update-aptpackages.yml
@@ -0,0 +1,29 @@
+- hosts: "{{ hosts }}"
+
+ become: yes
+ tasks:
+ # Upgrade packages
+ - name: upgrade apt packages
+ become: true
+ apt:
+ upgrade: yes
+ update_cache: yes
+
+ # Check if reboot is required
+ - name: check if system reboot is required
+ become: true
+ stat:
+ path: /var/run/reboot-required
+ register: reboot_required
+
+ # Send Discord message when reboot is required
+ - name: Send Discord message
+ uri:
+ url: "{{ discord_webhook_url }}"
+ method: POST
+ body_format: json
+ body: '{"content": "Reboot required on {{ inventory_hostname }}"}'
+ headers:
+ Content-Type: application/json
+ status_code: 204
+ when: reboot_required.stat.exists
diff --git a/ansible/playbooks/servers/update-diskspace.yml b/ansible/playbooks/servers/update-diskspace.yml
new file mode 100644
index 0000000..ab4b013
--- /dev/null
+++ b/ansible/playbooks/servers/update-diskspace.yml
@@ -0,0 +1,23 @@
+- hosts: "{{ hosts }}"
+
+ tasks:
+
+ - name: Get disk usage
+ command: df -h
+ register: disk_usage
+
+ - name: Check disk space available
+ shell: df -h / | awk 'NR==2 {print $5}'
+ register: disk_usage
+
+ # Send Discord message when disk space is over 80%
+ - name: Send Discord message
+ uri:
+ url: "{{ discord_webhook_url }}"
+ method: POST
+ body_format: json
+ body: '{"content": "Disk space on {{ inventory_hostname }} is above 80%!"}'
+ headers:
+ Content-Type: application/json
+ status_code: 204
+ when: disk_usage.stdout[:-1]|int > 80
diff --git a/ansible/playbooks/servers/update-dockercleanup.yml b/ansible/playbooks/servers/update-dockercleanup.yml
new file mode 100644
index 0000000..671099b
--- /dev/null
+++ b/ansible/playbooks/servers/update-dockercleanup.yml
@@ -0,0 +1,13 @@
+- hosts: "{{ hosts }}"
+
+ tasks:
+
+ - name: Prune non-dangling, and dangling images
+ community.docker.docker_prune:
+ containers: false
+ images: true
+ images_filters:
+ dangling: false
+ networks: false
+ volumes: false
+ builder_cache: false
diff --git a/proxmox/prx-prod-2/terraform/_provider.tf b/proxmox/prx-prod-2/terraform/_provider.tf
new file mode 100644
index 0000000..5595767
--- /dev/null
+++ b/proxmox/prx-prod-2/terraform/_provider.tf
@@ -0,0 +1,37 @@
+terraform {
+ required_version = ">= 0.13.0"
+
+ required_providers {
+ proxmox = {
+ source = "telmate/proxmox"
+ version = "=2.9.14"
+ }
+ }
+ cloud {
+ organization = "clcreative"
+
+ workspaces {
+ name = "prx-prod-2"
+ }
+ }
+}
+
+variable "PRX_PROD_2_URL" {
+ type = string
+}
+
+variable "PRX_PROD_2_USER" {
+ type = string
+}
+
+variable "PRX_PROD_2_TOKEN" {
+ type = string
+ sensitive = true
+}
+
+provider "proxmox" {
+ pm_api_url = var.PRX_PROD_2_URL
+ pm_api_token_id = var.PRX_PROD_2_USER
+ pm_api_token_secret = var.PRX_PROD_2_TOKEN
+ pm_tls_insecure = false
+}
diff --git a/proxmox/prx-prod-2/terraform/server/server.tf b/proxmox/prx-prod-2/terraform/server/server.tf
new file mode 100644
index 0000000..241a630
--- /dev/null
+++ b/proxmox/prx-prod-2/terraform/server/server.tf
@@ -0,0 +1,90 @@
+resource "proxmox_vm_qemu" "srv-demo-5" {
+ name = "srv-demo-5"
+ desc = "Demo Server 5"
+ agent = 1
+ target_node = "prx-prod-1"
+
+ tags = "test"
+
+ onboot = true
+ automatic_reboot = true
+ qemu_os = "other"
+
+ vmid = 307
+ clone = "ubuntu-server-test-1"
+ full_clone = true
+ define_connection_info = true
+
+ cores = 1
+ sockets = 1
+ cpu = "host"
+ memory = 2048
+
+ network {
+ bridge = "vmbr0"
+ model = "virtio"
+ }
+
+ scsihw = "virtio-scsi-pci"
+
+ disk {
+ storage = "local-ssd"
+ type = "virtio"
+ size = "40G"
+ }
+
+ # Cloud Init Settings
+ os_type = "cloud-init"
+ ipconfig0 = "ip=10.20.3.7/16,gw=10.20.0.1"
+ nameserver = "10.20.0.1"
+ ciuser = "xcad"
+ cipassword = "testtest"
+ sshkeys = <