From 696ccc41f71dc451e7fba820ae8fc93bec6823af Mon Sep 17 00:00:00 2001 From: Ryan Date: Wed, 15 Jun 2022 21:35:33 -0400 Subject: [PATCH] create ansible vault; start vars terraform; put state in s3 bucket --- machines/vaults/secrets.yml | 0 machines/vms/main.tf | 60 +++++++++++++++++++++++++++++++++---- machines/vms/outputs.tf | 0 machines/vms/vars.tf | 11 +++++++ 4 files changed, 65 insertions(+), 6 deletions(-) create mode 100644 machines/vaults/secrets.yml create mode 100644 machines/vms/outputs.tf create mode 100644 machines/vms/vars.tf diff --git a/machines/vaults/secrets.yml b/machines/vaults/secrets.yml new file mode 100644 index 0000000..e69de29 diff --git a/machines/vms/main.tf b/machines/vms/main.tf index cf83fbf..1a0e101 100644 --- a/machines/vms/main.tf +++ b/machines/vms/main.tf @@ -1,15 +1,63 @@ terraform { + required_version = ">= 0.14" + required_providers { proxmox = { source = "telmate/proxmox" + version = "2.9.10" } + + ansiblevault = { + source = "MeilleursAgents/ansiblevault" + version = "2.2.0" + } + } + + backend "s3" { + bucket = var.bucket + key = var.key + + endpoint = var.endpoint + + access_key = var.access_key + secret_key = var.secret_key + + region = var.region + skip_credentials_validation = true + skip_metadata_api_check = true + skip_region_validation = true + force_path_style = true } } +provider "ansiblevault" { + alias = "vault" + vault_path = "" + root_folder = "../vaults/secrets.yml" +} + +data "ansiblevault_path" "proxmox_api_url" { + provider = ansiblevault.vault + path = "./secrets.yml" + key = "proxmox.api_url" +} + +data "ansiblevault_path" "proxmox_token_id" { + provider = ansiblevault.vault + path = "./secrets.yml" + key = "proxmox.api_token_id" +} + +data "ansiblevault_path" "proxmox_token_secret" { + provider = ansiblevault.vault + path = "./secrets.yml" + key = "proxmox.api_token_secret" +} + provider "proxmox" { - pm_api_url = "" - pm_api_token_id = "" - pm_api_token_secret = "" + pm_api_url = data.ansiblevault_path.proxmox_api_url.value + pm_api_token_id = data.ansiblevault_path.proxmox_token_id.value + pm_api_token_secret = data.ansiblevault_path.proxmox_token_secret.value pm_tls_insecure = true } @@ -18,7 +66,7 @@ resource "proxmox_vm_qemu" "media-server" { name = "plex" vmid = "200" target_node = "milkyway" - clone = "ubuntu-2004-cloud" + clone = var.base_image agent = 1 os_type = "cloud-init" cores = 4 @@ -54,7 +102,7 @@ resource "proxmox_vm_qemu" "media-manager" { name = "media-manager" vmid = "201" target_node = "milkyway" - clone = "ubuntu-2004-cloud" + clone = var.base_image agent = 1 os_type = "cloud-init" cores = 4 @@ -90,7 +138,7 @@ resource "proxmox_vm_qemu" "pi_hole" { name = "pihole-${count.index + 1}" vmid = "202" target_node = "recyclebin" - clone = "ubuntu-2004-cloud" + clone = var.base_image agent = 1 os_type = "cloud-init" cores = 2 diff --git a/machines/vms/outputs.tf b/machines/vms/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/machines/vms/vars.tf b/machines/vms/vars.tf new file mode 100644 index 0000000..53ac49a --- /dev/null +++ b/machines/vms/vars.tf @@ -0,0 +1,11 @@ +variable "ssh_key" { + type = string + description = "public key for ssh connection" + default = "" +} + +variable "base_image" { + type = string + description = "Cloud Image template on Proxmox" + deafult = "ubuntu-2004-cloud" +} \ No newline at end of file