testing proxmox 1

.github/workflows/dns-update-dns.yml

@@ -8,11 +8,16 @@ on:
       - dev
     paths:
       - 'dns/dns-prod-1/terraform/*.tf'
+  # pull_request:
+  #   branches:
+  #     - main
+  #   paths:
+  #     - 'dns/dns-prod-1/terraform/*.tf'
   workflow_dispatch:
 
 defaults:
   run:
-    working-directory: ./dns/dns-prod-1/terraform  
+    working-directory: dns/dns-prod-1/terraform
 
 env:
   TF_VAR_TSIG_KEY_HOME: ${{ secrets.TSIG_KEY_HOME }}
@@ -77,5 +82,5 @@ jobs:
         run: exit 1
 
       - name: Terraform Apply
-        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+        if: github.event_name == 'push'
         run: terraform apply -auto-approve -input=false

.github/workflows/proxmox-update-vms.yml

@@ -0,0 +1,90 @@
+name: "Update VMS"
+
+on:
+  push:
+    branches:
+      - main
+      - test
+      - dev
+    paths:
+      - 'proxmox/prx-prod-2/terraform/*.tf'
+  pull_request:
+    branches:
+      - main
+      - test
+      - dev
+    paths:
+      - 'proxmox/prx-prod-2/terraform/*.tf'
+  workflow_dispatch:
+
+defaults:
+  run:
+    working-directory: proxmox/prx-prod-2/terraform
+
+env:
+  TF_VAR_PRX_PROD_2_URL: ${{ secrets.PRX_PROD_2_URL }}
+  TF_VAR_PRX_PROD_2_USER: ${{ secrets.PRX_PROD_2_USER }}
+  TF_VAR_PRX_PROD_2_TOKEN: ${{ secrets.PRX_PROD_2_TOKEN }}
+
+jobs:
+  terraform:
+    runs-on: "self-hosted"
+    steps:
+
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v1
+        with:
+          # terraform_version: 0.13.0:
+          cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
+
+      - name: Terraform Format
+        id: fmt
+        run: terraform fmt -check
+
+      - name: Terraform Init
+        id: init
+        run: terraform init
+
+      - name: Terraform Validate
+        id: validate
+        run: terraform validate -no-color
+
+      - name: Terraform Plan
+        id: plan
+        if: github.event_name == 'pull_request'
+        run: terraform plan -no-color -input=false
+        continue-on-error: true
+
+      - uses: actions/github-script@v6
+        if: github.event_name == 'pull_request'
+        env:
+          PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
+            #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
+            #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
+            #### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
+            <details><summary>Show Plan</summary>
+            \`\`\`\n
+            ${process.env.PLAN}
+            \`\`\`
+            </details>
+            *Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: output
+            })
+      - name: Terraform Plan Status
+        if: steps.plan.outcome == 'failure'
+        run: exit 1
+
+      - name: Terraform Apply
+        if: github.event_name == 'push'
+        run: terraform apply -auto-approve -input=false

ansible/playbooks/servers/install-core.yml

@@ -0,0 +1,11 @@
+- hosts: "{{ hosts }}"
+
+  become: yes
+  tasks:
+
+  - name: install core packages
+    apt:
+      name:
+        - prometheus-node-exporter
+        - nfs-common
+      update_cache: yes

ansible/playbooks/servers/install-docker.yml

@@ -0,0 +1,29 @@
+- hosts:
+  - srv-prod-1.home.clcreative.de
+  - srv-prod-2.home.clcreative.de
+
+  become: yes
+  tasks:
+
+    # Breaks existing Docker Servers!
+    # Change Tasks for separate group!
+
+    # Install Docker
+    # - name: install prerequisites
+    #   apt:
+    #     name:
+    #       - docker.io
+    #     update_cache: yes
+
+    # - name: add user permissions
+    #   shell: "usermod -aG docker {{ ansible_env.SUDO_USER }}"
+
+    # - name: Reset ssh connection for changes to take effect
+    #   meta: "reset_connection"
+
+    # Install Docker Compose
+    - name: install docker-compose
+      apt:
+        name: 
+          - docker-compose
+        update_cache: yes

ansible/playbooks/servers/install-sshauth.yml

@@ -0,0 +1,23 @@
+- hosts: all
+
+  become: yes
+  tasks:
+
+  # Deploy SSH Key
+  # --
+  - name: install public keys
+    ansible.posix.authorized_key:
+      user: "{{ lookup('env','USER') }}"
+      state: present
+      key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"  
+
+
+  # Set all sudoers to no password
+  # --
+  - name: change sudoers file
+    lineinfile:
+      path: /etc/sudoers
+      state: present
+      regexp: '^%sudo'
+      line: '%sudo ALL=(ALL) NOPASSWD: ALL'
+      validate: /usr/sbin/visudo -cf %s

ansible/playbooks/servers/install-vm-core.yml

@@ -0,0 +1,19 @@
+- hosts: "{{ hosts }}"
+
+  become: yes
+  tasks:
+
+  - name: install core packages
+    apt:
+      name:
+        - prometheus-node-exporter
+        - nfs-common
+        - qemu-guest-agent
+        - unzip
+      update_cache: yes
+
+  - name: start guest qemu-guest-agent
+    service:
+      name: qemu-guest-agent
+      state: started
+      enabled: yes

ansible/playbooks/servers/update-aptpackages.yml

@@ -0,0 +1,29 @@
+- hosts: "{{ hosts }}"
+
+  become: yes
+  tasks:
+    # Upgrade packages
+    - name: upgrade apt packages
+      become: true
+      apt:
+        upgrade: yes
+        update_cache: yes
+
+    # Check if reboot is required
+    - name: check if system reboot is required
+      become: true
+      stat:
+        path: /var/run/reboot-required
+      register: reboot_required
+
+    # Send Discord message when reboot is required
+    - name: Send Discord message
+      uri:
+        url: "{{ discord_webhook_url }}"
+        method: POST
+        body_format: json
+        body: '{"content": "Reboot required on {{ inventory_hostname }}"}'
+        headers:
+          Content-Type: application/json
+        status_code: 204
+      when: reboot_required.stat.exists

ansible/playbooks/servers/update-diskspace.yml

@@ -0,0 +1,23 @@
+- hosts: "{{ hosts }}"
+
+  tasks:
+
+    - name: Get disk usage
+      command: df -h
+      register: disk_usage
+
+    - name: Check disk space available
+      shell: df -h / | awk 'NR==2 {print $5}'
+      register: disk_usage
+
+    # Send Discord message when disk space is over 80%
+    - name: Send Discord message
+      uri:
+        url: "{{ discord_webhook_url }}"
+        method: POST
+        body_format: json
+        body: '{"content": "Disk space on {{ inventory_hostname }} is above 80%!"}'
+        headers:
+          Content-Type: application/json
+        status_code: 204
+      when: disk_usage.stdout[:-1]|int > 80

ansible/playbooks/servers/update-dockercleanup.yml

@@ -0,0 +1,13 @@
+- hosts: "{{ hosts }}"
+
+  tasks:
+
+    - name: Prune non-dangling, and dangling images
+      community.docker.docker_prune:
+        containers: false
+        images: true
+        images_filters:
+          dangling: false
+        networks: false
+        volumes: false
+        builder_cache: false

proxmox/prx-prod-2/terraform/_provider.tf

@@ -0,0 +1,37 @@
+terraform {
+  required_version = ">= 0.13.0"
+
+  required_providers {
+    proxmox = {
+      source = "telmate/proxmox"
+      version = "=2.9.14"
+    }
+  }
+  cloud {
+    organization = "clcreative"
+
+    workspaces {
+      name = "prx-prod-2"
+    }
+  }
+}
+
+variable "PRX_PROD_2_URL" {
+    type = string
+}
+
+variable "PRX_PROD_2_USER" {
+    type = string
+}
+
+variable "PRX_PROD_2_TOKEN" {
+    type = string
+    sensitive = true
+}
+
+provider "proxmox" {
+    pm_api_url = var.PRX_PROD_2_URL
+    pm_api_token_id = var.PRX_PROD_2_USER
+    pm_api_token_secret = var.PRX_PROD_2_TOKEN
+    pm_tls_insecure = false
+}

proxmox/prx-prod-2/terraform/server/server.tf

@@ -0,0 +1,90 @@
+resource "proxmox_vm_qemu" "srv-demo-5" {
+    name = "srv-demo-5"
+    desc = "Demo Server 5"
+    agent = 1
+    target_node = "prx-prod-1"
+
+    tags = "test"
+
+    onboot = true
+    automatic_reboot = true
+    qemu_os = "other"
+
+    vmid = 307
+    clone = "ubuntu-server-test-1"
+    full_clone = true
+    define_connection_info = true
+
+    cores = 1
+    sockets = 1
+    cpu = "host"
+    memory = 2048
+
+    network {
+        bridge = "vmbr0"
+        model  = "virtio"
+    }
+
+    scsihw = "virtio-scsi-pci"
+
+    disk {
+        storage = "local-ssd"
+        type = "virtio"
+        size = "40G"
+    }
+
+    # Cloud Init Settings 
+    os_type = "cloud-init" 
+    ipconfig0 = "ip=10.20.3.7/16,gw=10.20.0.1"
+    nameserver = "10.20.0.1"
+    ciuser = "xcad"
+    cipassword = "testtest"
+    sshkeys = <<EOF
+    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCsYvxYCpI90al2rJiyccPYNrvjHKLhvgTJVDssAL29jAPhl46gQctL98yZ+Rx9E3dLiHhs8SP14X2m50XbxX+QnjEjq2ywCqu359YMiitvaOgWMzKIaeiwnDngHc5NY+eC8t88bhhKmQPjejmdLSApLu7ObJ/9by2fjWptmqrkkhc1WQs58oYwNDenOd9UNaWcXtyPf2AGIIze2r1cFaEwAPyNtTlzCeqj41jKHLYorvU0CU5KUqgcgswXSgOC+moYac4WIUJCZCCU/s354NpKcJMYN/eiEpK1nZR/jhIe/pEsG4oIbCHy7f+PZruNhF6hi8UvhT+MHS0wwID/gj+UQPyg9GVieiQ1hv+NpLImkTdVJKemMf02548jEPhcrgLowuBemvtf4NHJE0FUH3chTu/Ioi66XKiedWdHMGLTBlWIUMuIYzHeFWLzCg8BqpQK0D7H48W7aku6JgWfhBdy5COvaglpRxlTAac8KURNtR1FRjxX9Lh1hHU+i5nLhIc= WSL2/XWIN
+    EOF
+}
+
+resource "proxmox_vm_qemu" "srv-demo-6" {
+    name = "srv-demo-6"
+    desc = "Demo Server 6"
+    agent = 1
+    target_node = "prx-prod-1"
+
+    tags = "test"
+
+    onboot = true
+    automatic_reboot = true
+    qemu_os = "other"
+
+    vmid = 308
+    clone = "ubuntu-server-test-1"
+    full_clone = true
+    define_connection_info = true
+
+    cores = 1
+    sockets = 1
+    cpu = "host"
+    memory = 2048
+
+    network {
+        bridge = "vmbr0"
+        model  = "virtio"
+    }
+
+    scsihw = "virtio-scsi-pci"
+
+    disk {
+        storage = "local-ssd"
+        type = "virtio"
+        size = "40G"
+    }
+
+    # Cloud Init Settings 
+    os_type = "cloud-init" 
+    ipconfig0 = "ip=10.20.3.8/16,gw=10.20.0.1"
+    nameserver = "10.20.0.1"
+    ciuser = "xcad"
+    sshkeys = <<EOF
+    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCsYvxYCpI90al2rJiyccPYNrvjHKLhvgTJVDssAL29jAPhl46gQctL98yZ+Rx9E3dLiHhs8SP14X2m50XbxX+QnjEjq2ywCqu359YMiitvaOgWMzKIaeiwnDngHc5NY+eC8t88bhhKmQPjejmdLSApLu7ObJ/9by2fjWptmqrkkhc1WQs58oYwNDenOd9UNaWcXtyPf2AGIIze2r1cFaEwAPyNtTlzCeqj41jKHLYorvU0CU5KUqgcgswXSgOC+moYac4WIUJCZCCU/s354NpKcJMYN/eiEpK1nZR/jhIe/pEsG4oIbCHy7f+PZruNhF6hi8UvhT+MHS0wwID/gj+UQPyg9GVieiQ1hv+NpLImkTdVJKemMf02548jEPhcrgLowuBemvtf4NHJE0FUH3chTu/Ioi66XKiedWdHMGLTBlWIUMuIYzHeFWLzCg8BqpQK0D7H48W7aku6JgWfhBdy5COvaglpRxlTAac8KURNtR1FRjxX9Lh1hHU+i5nLhIc= WSL2/XWIN
+    EOF
+}