From b11ae8b40869ade18736ebbaea8a6ce6b3d9d6d8 Mon Sep 17 00:00:00 2001 From: clincha Date: Thu, 25 Jan 2024 19:37:04 +0000 Subject: [PATCH 01/18] Move into TF dir --- {containers => terraform}/Dockerfile | 2 +- Makefile => terraform/Makefile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename {containers => terraform}/Dockerfile (76%) rename Makefile => terraform/Makefile (92%) diff --git a/containers/Dockerfile b/terraform/Dockerfile similarity index 76% rename from containers/Dockerfile rename to terraform/Dockerfile index fdec266..e8910e3 100644 --- a/containers/Dockerfile +++ b/terraform/Dockerfile @@ -1,3 +1,3 @@ FROM docker.io/clincha/terraform-provider-proxmox-azrm:1.0.12 -COPY ../terraform . \ No newline at end of file +COPY . . \ No newline at end of file diff --git a/Makefile b/terraform/Makefile similarity index 92% rename from Makefile rename to terraform/Makefile index b87ed9a..f369cc4 100644 --- a/Makefile +++ b/terraform/Makefile @@ -11,7 +11,7 @@ all: build plan build: @echo "Building..." - @podman build . --file containers/Dockerfile --tag docker.io/clincha/terraform-init:${VERSION} + @podman build . --file Dockerfile --tag docker.io/clincha/terraform-init:${VERSION} debug: build @echo "Debugging..." From f2e56502d815b9998a4c42a9a487a84cb4be1191 Mon Sep 17 00:00:00 2001 From: clincha Date: Thu, 25 Jan 2024 20:05:38 +0000 Subject: [PATCH 02/18] Move working directory for pipeline run --- .github/workflows/template-terraform.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/template-terraform.yml b/.github/workflows/template-terraform.yml index fb356bf..eb4273a 100644 --- a/.github/workflows/template-terraform.yml +++ b/.github/workflows/template-terraform.yml @@ -92,6 +92,7 @@ jobs: - name: "Run the make command" run: make ${{ inputs.command }} ARM_ACCESS_KEY=${{ secrets.ARM_ACCESS_KEY }} + working-directory: terraform env: TF_VAR_ansible_id_rsa: ${{ secrets.ANSIBLE_PK }} TF_VAR_bristol_proxmox_token_secret: ${{ secrets.BRISTOL_PROXMOX_TOKEN_SECRET }} From 88280bd9e3d31c13e8c66e7ef36b8d54a764f764 Mon Sep 17 00:00:00 2001 From: clincha Date: Thu, 25 Jan 2024 20:24:41 +0000 Subject: [PATCH 03/18] packer with WireGuard --- .github/workflows/packer-build.yml | 45 ++++++++++++++++++++++-- .github/workflows/template-terraform.yml | 4 +-- 2 files changed, 44 insertions(+), 5 deletions(-) diff --git a/.github/workflows/packer-build.yml b/.github/workflows/packer-build.yml index 8a4b2c6..25adaee 100644 --- a/.github/workflows/packer-build.yml +++ b/.github/workflows/packer-build.yml @@ -1,11 +1,12 @@ name: packer-build - on: - workflow_dispatch: + push: + branches: + - "*" jobs: build-templates: - runs-on: self-hosted + runs-on: ubuntu-latest strategy: matrix: node: [ bri-s-01, bri-s-02, bri-s-03 ] @@ -13,6 +14,38 @@ jobs: - name: Checkout uses: actions/checkout@v3.1.0 + - name: "Install WireGuard" + run: | + sudo apt-get update + sudo apt-get install -y wireguard + # https://superuser.com/questions/1500691/usr-bin-wg-quick-line-31-resolvconf-command-not-found-wireguard-debian + ln -s /usr/bin/resolvectl /usr/local/bin/resolvconf + + - name: "Create WireGuard config" + run: | + sudo mkdir -p /etc/wireguard + sudo chmod 700 /etc/wireguard + sudo touch /etc/wireguard/wg0.conf + sudo chmod 600 /etc/wireguard/wg0.conf + sudo bash -c "cat > /etc/wireguard/wg0.conf" << EOF + [Interface] + PrivateKey = ${{ secrets.HL_PKR_PRIVATE_KEY }} + Address = 10.1.5.3/32 + DNS = 10.1.5.1 + + [Peer] + PublicKey = 6/tGUsqU3ib5LEEua2cLCUxSDFpiEFhOT0sGkqz0LHk= + PresharedKey = ${{ secrets.HL_PKR_PRESHARED_KEY }} + AllowedIPs = "10.1.5.1/32,10.1.5.2/32,192.168.1.11/24,10.1.1.1/24,10.1.2.1/24,10.1.3.1/24,0.0.0.0/0" + Endpoint = ${{ secrets.HL_ENDPOINT }} + EOF + + - name: "Start WireGuard" + run: | + sudo wg-quick up wg0 + sudo wg + ping 192.168.1.11 -c 3 + - name: Create SSH key run: 'echo "$ANSIBLE_PK" > id_rsa && chmod 600 id_rsa' shell: bash @@ -32,3 +65,9 @@ jobs: -var "proxmox_api_token_secret=${{ secrets.PACKER_BRISTOL_PROXMOX_TOKEN_SECRET }}" \ -var-file="nodes/${{ matrix.node }}.pkrvars.hcl" \ . + + - name: "Stop WireGuard" + if: always() + run: | + sudo wg-quick down wg0 + sudo rm -rf /etc/wireguard \ No newline at end of file diff --git a/.github/workflows/template-terraform.yml b/.github/workflows/template-terraform.yml index eb4273a..f410178 100644 --- a/.github/workflows/template-terraform.yml +++ b/.github/workflows/template-terraform.yml @@ -66,13 +66,13 @@ jobs: sudo chmod 600 /etc/wireguard/wg0.conf sudo bash -c "cat > /etc/wireguard/wg0.conf" << EOF [Interface] - PrivateKey = ${{ secrets.HL_PRIVATE_KEY }} + PrivateKey = ${{ secrets.HL_TF_PRIVATE_KEY }} Address = ${{ inputs.wg_address }} DNS = ${{ inputs.wg_dns }} [Peer] PublicKey = 6/tGUsqU3ib5LEEua2cLCUxSDFpiEFhOT0sGkqz0LHk= - PresharedKey = ${{ secrets.HL_PRESHARED_KEY }} + PresharedKey = ${{ secrets.HL_TF_PRESHARED_KEY }} AllowedIPs = ${{ inputs.wg_allowed_ips }} Endpoint = ${{ secrets.HL_ENDPOINT }} EOF From 317288f10b4edba90702a4c2f0a664798ebdce61 Mon Sep 17 00:00:00 2001 From: clincha Date: Thu, 25 Jan 2024 20:25:52 +0000 Subject: [PATCH 04/18] no quotes --- .github/workflows/packer-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/packer-build.yml b/.github/workflows/packer-build.yml index 25adaee..7f22018 100644 --- a/.github/workflows/packer-build.yml +++ b/.github/workflows/packer-build.yml @@ -36,7 +36,7 @@ jobs: [Peer] PublicKey = 6/tGUsqU3ib5LEEua2cLCUxSDFpiEFhOT0sGkqz0LHk= PresharedKey = ${{ secrets.HL_PKR_PRESHARED_KEY }} - AllowedIPs = "10.1.5.1/32,10.1.5.2/32,192.168.1.11/24,10.1.1.1/24,10.1.2.1/24,10.1.3.1/24,0.0.0.0/0" + AllowedIPs = 10.1.5.1/32,10.1.5.2/32,192.168.1.11/24,10.1.1.1/24,10.1.2.1/24,10.1.3.1/24,0.0.0.0/0 Endpoint = ${{ secrets.HL_ENDPOINT }} EOF From a8b1c4651273af65899f806bf9c5944ba5863308 Mon Sep 17 00:00:00 2001 From: clincha Date: Thu, 25 Jan 2024 20:30:24 +0000 Subject: [PATCH 05/18] install packer --- .github/workflows/packer-build.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/packer-build.yml b/.github/workflows/packer-build.yml index 7f22018..2c01661 100644 --- a/.github/workflows/packer-build.yml +++ b/.github/workflows/packer-build.yml @@ -46,6 +46,12 @@ jobs: sudo wg ping 192.168.1.11 -c 3 + - name: Install Packer + run: | + curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add - + sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" + sudo apt-get update && sudo apt-get install -y packer + - name: Create SSH key run: 'echo "$ANSIBLE_PK" > id_rsa && chmod 600 id_rsa' shell: bash @@ -60,7 +66,7 @@ jobs: - name: packer build working-directory: packer run: | - /usr/bin/packer build --force \ + packer build --force \ -var "ansible_ssh_password=${{ secrets.ANSIBLE_PASSWORD }}" \ -var "proxmox_api_token_secret=${{ secrets.PACKER_BRISTOL_PROXMOX_TOKEN_SECRET }}" \ -var-file="nodes/${{ matrix.node }}.pkrvars.hcl" \ From 7ebd096b7f794c538d4bae36fa310f43815d227c Mon Sep 17 00:00:00 2001 From: clincha Date: Thu, 25 Jan 2024 20:36:31 +0000 Subject: [PATCH 06/18] Fixed Terraform environment variable and ran packer in serial --- .github/workflows/packer-build.yml | 1 + .github/workflows/template-terraform.yml | 4 ++-- .github/workflows/terraform-apply.yml | 4 ++-- .github/workflows/terraform-destroy.yml | 4 ++-- .github/workflows/terraform-plan.yml | 4 ++-- 5 files changed, 9 insertions(+), 8 deletions(-) diff --git a/.github/workflows/packer-build.yml b/.github/workflows/packer-build.yml index 2c01661..c741036 100644 --- a/.github/workflows/packer-build.yml +++ b/.github/workflows/packer-build.yml @@ -8,6 +8,7 @@ jobs: build-templates: runs-on: ubuntu-latest strategy: + max-parallel: 1 matrix: node: [ bri-s-01, bri-s-02, bri-s-03 ] steps: diff --git a/.github/workflows/template-terraform.yml b/.github/workflows/template-terraform.yml index f410178..90abd62 100644 --- a/.github/workflows/template-terraform.yml +++ b/.github/workflows/template-terraform.yml @@ -32,10 +32,10 @@ on: BRISTOL_PROXMOX_TOKEN_SECRET: required: true description: "The HL Proxmox token secret" - HL_PRIVATE_KEY: + HL_TF_PRIVATE_KEY: required: true description: "The HL WireGuard private key" - HL_PRESHARED_KEY: + HL_TF_PRESHARED_KEY: required: true description: "The HL WireGuard preshared key" HL_ENDPOINT: diff --git a/.github/workflows/terraform-apply.yml b/.github/workflows/terraform-apply.yml index 55a8d4c..2bd5c2b 100644 --- a/.github/workflows/terraform-apply.yml +++ b/.github/workflows/terraform-apply.yml @@ -12,7 +12,7 @@ jobs: ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY }} ANSIBLE_PK: ${{ secrets.ANSIBLE_PK }} BRISTOL_PROXMOX_TOKEN_SECRET: ${{ secrets.BRISTOL_PROXMOX_TOKEN_SECRET }} - HL_PRIVATE_KEY: ${{ secrets.HL_PRIVATE_KEY }} - HL_PRESHARED_KEY: ${{ secrets.HL_PRESHARED_KEY }} + HL_TF_PRIVATE_KEY: ${{ secrets.HL_TF_PRIVATE_KEY }} + HL_TF_PRESHARED_KEY: ${{ secrets.HL_TF_PRESHARED_KEY }} HL_ENDPOINT: ${{ secrets.HL_ENDPOINT }} DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }} \ No newline at end of file diff --git a/.github/workflows/terraform-destroy.yml b/.github/workflows/terraform-destroy.yml index 3e3f20a..55292f6 100644 --- a/.github/workflows/terraform-destroy.yml +++ b/.github/workflows/terraform-destroy.yml @@ -12,7 +12,7 @@ jobs: ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY }} ANSIBLE_PK: ${{ secrets.ANSIBLE_PK }} BRISTOL_PROXMOX_TOKEN_SECRET: ${{ secrets.BRISTOL_PROXMOX_TOKEN_SECRET }} - HL_PRIVATE_KEY: ${{ secrets.HL_PRIVATE_KEY }} - HL_PRESHARED_KEY: ${{ secrets.HL_PRESHARED_KEY }} + HL_TF_PRIVATE_KEY: ${{ secrets.HL_TF_PRIVATE_KEY }} + HL_TF_PRESHARED_KEY: ${{ secrets.HL_TF_PRESHARED_KEY }} HL_ENDPOINT: ${{ secrets.HL_ENDPOINT }} DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }} \ No newline at end of file diff --git a/.github/workflows/terraform-plan.yml b/.github/workflows/terraform-plan.yml index 3995313..1ff24a9 100644 --- a/.github/workflows/terraform-plan.yml +++ b/.github/workflows/terraform-plan.yml @@ -13,7 +13,7 @@ jobs: ARM_ACCESS_KEY: ${{ secrets.ARM_ACCESS_KEY }} ANSIBLE_PK: ${{ secrets.ANSIBLE_PK }} BRISTOL_PROXMOX_TOKEN_SECRET: ${{ secrets.BRISTOL_PROXMOX_TOKEN_SECRET }} - HL_PRIVATE_KEY: ${{ secrets.HL_PRIVATE_KEY }} - HL_PRESHARED_KEY: ${{ secrets.HL_PRESHARED_KEY }} + HL_TF_PRIVATE_KEY: ${{ secrets.HL_TF_PRIVATE_KEY }} + HL_TF_PRESHARED_KEY: ${{ secrets.HL_TF_PRESHARED_KEY }} HL_ENDPOINT: ${{ secrets.HL_ENDPOINT }} DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }} \ No newline at end of file From 19f6fdef0412512324e09309ee4d63e65c2c7905 Mon Sep 17 00:00:00 2001 From: clincha Date: Thu, 25 Jan 2024 20:42:13 +0000 Subject: [PATCH 07/18] disable the firewall --- .github/workflows/packer-build.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/packer-build.yml b/.github/workflows/packer-build.yml index c741036..a54a109 100644 --- a/.github/workflows/packer-build.yml +++ b/.github/workflows/packer-build.yml @@ -59,11 +59,18 @@ jobs: env: ANSIBLE_PK: ${{ secrets.ANSIBLE_PK }} + - name: Disable the firewall + run: | + sudo ufw status + sudo ufw disable + sudo ufw status + - name: packer init working-directory: packer run: | /usr/bin/packer init . + - name: packer build working-directory: packer run: | From 505458ab4d1ab25ed8ab38b69170c5c6a14e9517 Mon Sep 17 00:00:00 2001 From: clincha Date: Thu, 25 Jan 2024 20:48:17 +0000 Subject: [PATCH 08/18] 10.1.5.3 --- packer/settings.pkr.hcl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packer/settings.pkr.hcl b/packer/settings.pkr.hcl index dc3ae49..0e3265c 100644 --- a/packer/settings.pkr.hcl +++ b/packer/settings.pkr.hcl @@ -83,7 +83,7 @@ variable "cloud_init_storage_pool" { variable "boot_command" { type = list(string) default = [ - " text inst.ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/rocky8.ks" + " text inst.ks=http://10.1.5.3:{{ .HTTPPort }}/rocky8.ks" ] description = "Command to send to the template as it starts up" } From 761a469bedfa9a4177e278a9c7751f1071a2bad4 Mon Sep 17 00:00:00 2001 From: clincha Date: Thu, 25 Jan 2024 20:55:25 +0000 Subject: [PATCH 09/18] on tag --- .github/workflows/packer-build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/packer-build.yml b/.github/workflows/packer-build.yml index a54a109..8620a9b 100644 --- a/.github/workflows/packer-build.yml +++ b/.github/workflows/packer-build.yml @@ -1,8 +1,8 @@ name: packer-build on: push: - branches: - - "*" + tags: + - "v*" jobs: build-templates: From 7d4460321559f0a829d48f2b9b787318157cc708 Mon Sep 17 00:00:00 2001 From: clincha Date: Sun, 28 Jan 2024 16:04:13 +0000 Subject: [PATCH 10/18] bump provider version --- .github/workflows/packer-build.yml | 4 +--- terraform/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/packer-build.yml b/.github/workflows/packer-build.yml index 8620a9b..f52b43c 100644 --- a/.github/workflows/packer-build.yml +++ b/.github/workflows/packer-build.yml @@ -1,8 +1,6 @@ name: packer-build on: - push: - tags: - - "v*" + workflow_dispatch: jobs: build-templates: diff --git a/terraform/Dockerfile b/terraform/Dockerfile index e8910e3..34ba3e5 100644 --- a/terraform/Dockerfile +++ b/terraform/Dockerfile @@ -1,3 +1,3 @@ -FROM docker.io/clincha/terraform-provider-proxmox-azrm:1.0.12 +FROM docker.io/clincha/terraform-provider-proxmox-azrm:1.0.14 COPY . . \ No newline at end of file From abafb25129347478e7ee7195a7ff4ca2bae2b17e Mon Sep 17 00:00:00 2001 From: clincha Date: Sun, 28 Jan 2024 16:09:50 +0000 Subject: [PATCH 11/18] bump version inside as well --- terraform/Dockerfile | 2 +- terraform/providers.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/Dockerfile b/terraform/Dockerfile index 34ba3e5..689d11d 100644 --- a/terraform/Dockerfile +++ b/terraform/Dockerfile @@ -1,3 +1,3 @@ -FROM docker.io/clincha/terraform-provider-proxmox-azrm:1.0.14 +FROM docker.io/clincha/terraform-provider-proxmox:1.0.14 COPY . . \ No newline at end of file diff --git a/terraform/providers.tf b/terraform/providers.tf index 1e6f1d8..1932658 100644 --- a/terraform/providers.tf +++ b/terraform/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { proxmox = { source = "telmate/proxmox" - version = "1.0.12" + version = "1.0.14" } azurerm = { source = "hashicorp/azurerm" From e085497df6901ccfc916c7846ed925f401dafb0c Mon Sep 17 00:00:00 2001 From: clincha Date: Sun, 28 Jan 2024 20:22:18 +0000 Subject: [PATCH 12/18] v1.0.16 --- terraform/Dockerfile | 2 +- terraform/providers.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/Dockerfile b/terraform/Dockerfile index 689d11d..99694d5 100644 --- a/terraform/Dockerfile +++ b/terraform/Dockerfile @@ -1,3 +1,3 @@ -FROM docker.io/clincha/terraform-provider-proxmox:1.0.14 +FROM docker.io/clincha/terraform-provider-proxmox:1.0.16 COPY . . \ No newline at end of file diff --git a/terraform/providers.tf b/terraform/providers.tf index 1932658..7d93638 100644 --- a/terraform/providers.tf +++ b/terraform/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { proxmox = { source = "telmate/proxmox" - version = "1.0.14" + version = "1.0.16" } azurerm = { source = "hashicorp/azurerm" From f18c84a8837e48fd16b1ed972bd388d9d84a0f62 Mon Sep 17 00:00:00 2001 From: clincha Date: Mon, 29 Jan 2024 18:36:29 +0000 Subject: [PATCH 13/18] run packer --- .github/workflows/packer-build.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/packer-build.yml b/.github/workflows/packer-build.yml index f52b43c..d992519 100644 --- a/.github/workflows/packer-build.yml +++ b/.github/workflows/packer-build.yml @@ -1,6 +1,9 @@ name: packer-build on: workflow_dispatch: + push: + branches: + - "*" jobs: build-templates: From 60af786788ce5880c3789d8c3a637649469d22ac Mon Sep 17 00:00:00 2001 From: clincha Date: Mon, 29 Jan 2024 18:57:06 +0000 Subject: [PATCH 14/18] Tidy --- .github/workflows/packer-build.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/packer-build.yml b/.github/workflows/packer-build.yml index d992519..9d28c11 100644 --- a/.github/workflows/packer-build.yml +++ b/.github/workflows/packer-build.yml @@ -1,9 +1,6 @@ name: packer-build on: workflow_dispatch: - push: - branches: - - "*" jobs: build-templates: @@ -11,7 +8,10 @@ jobs: strategy: max-parallel: 1 matrix: - node: [ bri-s-01, bri-s-02, bri-s-03 ] + node: + - "bri-s-01" + - "bri-s-02" + - "bri-s-03" steps: - name: Checkout uses: actions/checkout@v3.1.0 From d387ffc8c78dad1507d526a4a416c994c07cf34e Mon Sep 17 00:00:00 2001 From: clincha Date: Mon, 29 Jan 2024 18:58:00 +0000 Subject: [PATCH 15/18] bump checkout version --- .github/workflows/packer-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/packer-build.yml b/.github/workflows/packer-build.yml index 9d28c11..92338b8 100644 --- a/.github/workflows/packer-build.yml +++ b/.github/workflows/packer-build.yml @@ -14,7 +14,7 @@ jobs: - "bri-s-03" steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v4.1.1 - name: "Install WireGuard" run: | From b31babd1a6fb4cd2ad9536e35ccccae79a729062 Mon Sep 17 00:00:00 2001 From: clincha Date: Mon, 29 Jan 2024 19:17:29 +0000 Subject: [PATCH 16/18] Fixed a bug with secrets vs inputs for a template workflow --- .github/workflows/template-terraform.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/template-terraform.yml b/.github/workflows/template-terraform.yml index 90abd62..7b58374 100644 --- a/.github/workflows/template-terraform.yml +++ b/.github/workflows/template-terraform.yml @@ -66,15 +66,15 @@ jobs: sudo chmod 600 /etc/wireguard/wg0.conf sudo bash -c "cat > /etc/wireguard/wg0.conf" << EOF [Interface] - PrivateKey = ${{ secrets.HL_TF_PRIVATE_KEY }} + PrivateKey = ${{ inputs.HL_TF_PRIVATE_KEY }} Address = ${{ inputs.wg_address }} DNS = ${{ inputs.wg_dns }} [Peer] PublicKey = 6/tGUsqU3ib5LEEua2cLCUxSDFpiEFhOT0sGkqz0LHk= - PresharedKey = ${{ secrets.HL_TF_PRESHARED_KEY }} + PresharedKey = ${{ inputs.HL_TF_PRESHARED_KEY }} AllowedIPs = ${{ inputs.wg_allowed_ips }} - Endpoint = ${{ secrets.HL_ENDPOINT }} + Endpoint = ${{ inputs.HL_ENDPOINT }} EOF - name: "Start WireGuard" From bed18ade2f9049f41a3dc300ed816fa0f7584bfc Mon Sep 17 00:00:00 2001 From: clincha Date: Mon, 29 Jan 2024 19:21:02 +0000 Subject: [PATCH 17/18] back to secrets --- .github/workflows/template-terraform.yml | 6 +++--- .github/workflows/terraform-destroy.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/template-terraform.yml b/.github/workflows/template-terraform.yml index 7b58374..90abd62 100644 --- a/.github/workflows/template-terraform.yml +++ b/.github/workflows/template-terraform.yml @@ -66,15 +66,15 @@ jobs: sudo chmod 600 /etc/wireguard/wg0.conf sudo bash -c "cat > /etc/wireguard/wg0.conf" << EOF [Interface] - PrivateKey = ${{ inputs.HL_TF_PRIVATE_KEY }} + PrivateKey = ${{ secrets.HL_TF_PRIVATE_KEY }} Address = ${{ inputs.wg_address }} DNS = ${{ inputs.wg_dns }} [Peer] PublicKey = 6/tGUsqU3ib5LEEua2cLCUxSDFpiEFhOT0sGkqz0LHk= - PresharedKey = ${{ inputs.HL_TF_PRESHARED_KEY }} + PresharedKey = ${{ secrets.HL_TF_PRESHARED_KEY }} AllowedIPs = ${{ inputs.wg_allowed_ips }} - Endpoint = ${{ inputs.HL_ENDPOINT }} + Endpoint = ${{ secrets.HL_ENDPOINT }} EOF - name: "Start WireGuard" diff --git a/.github/workflows/terraform-destroy.yml b/.github/workflows/terraform-destroy.yml index 55292f6..6a4e830 100644 --- a/.github/workflows/terraform-destroy.yml +++ b/.github/workflows/terraform-destroy.yml @@ -4,7 +4,7 @@ on: workflow_dispatch: jobs: - plan: + destroy: uses: "./.github/workflows/template-terraform.yml" with: command: "destroy" From 0d93ab7da03e62eb52994379e17fa99658fb5d14 Mon Sep 17 00:00:00 2001 From: clincha Date: Mon, 29 Jan 2024 19:27:02 +0000 Subject: [PATCH 18/18] Add workflow dispatch for terraform apply --- .github/workflows/terraform-apply.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/terraform-apply.yml b/.github/workflows/terraform-apply.yml index 2bd5c2b..4385d1d 100644 --- a/.github/workflows/terraform-apply.yml +++ b/.github/workflows/terraform-apply.yml @@ -3,6 +3,7 @@ on: push: tags: - 'v*' + workflow_dispatch: jobs: apply: uses: "./.github/workflows/template-terraform.yml"