Skip to content

Merge pull request #91 from lab-astr0rack-net/dex #41

Merge pull request #91 from lab-astr0rack-net/dex

Merge pull request #91 from lab-astr0rack-net/dex #41

name: "Proxmox Ansible Configuration Apply"
on:
push:
branches:
- main
paths:
- 'ansible/roles/proxmox/**'
- 'ansible/playbooks/proxmox.yml'
workflow_dispatch:
jobs:
ansible:
name: "Ansible"
runs-on: ubuntu-latest
container:
image: ghcr.io/lab-astr0rack-net/ansible:latest
options: --cap-add=NET_ADMIN --cap-add=NET_RAW --dns=1.1.1.1 --dns=100.100.100.100 --add-host proxmox.lab.astr0rack.net:192.168.55.2
volumes:
- /var/lib:/var/lib
- /dev/net/tun:/dev/net/tun
defaults:
run:
working-directory: ansible
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup ssh key
env:
SSH_KEY: ${{ secrets.ANSIBLE_SSH_KEY }}
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "$SSH_KEY" > ~/.ssh/id_ed25519
chmod 400 ~/.ssh/id_ed25519
- name: Tailscale
uses: tailscale/github-action@v1
id: ts-login
with:
authkey: ${{ secrets.TAILSCALE_AUTHKEY }}
- name: Ping proxmox
run: ansible --ssh-extra-args '"-o StrictHostKeyChecking=accept-new"' -i inventory.yml -m ping proxmox
- name: Run the proxmox playbook
env:
ANSIBLE_BECOME_PASSWORD: ${{ secrets.ANSIBLE_BECOME_PASSWORD }}
TF_PROXMOX_PASSWORD: ${{ secrets.TF_PROXMOX_PASSWORD }}
TF_POSTGRES_PASSWORD: ${{ secrets.TF_POSTGRES_PASSWORD }}
PM_CLOUDFLARE_API: ${{ secrets.PM_CLOUDFLARE_API }}
PM_DISCORD_WEBHOOK_URL: ${{ secrets.PM_DISCORD_WEBHOOK_URL }}
WT_DISCORD_WEBHOOK_URL: ${{ secrets.WT_DISCORD_WEBHOOK_URL }}
TF_KEYCLOAK_ADMIN_PASSWORD: ${{ secrets.TF_KEYCLOAK_ADMIN_PASSWORD }}
ANSIBLE_DEX_PROXMOX_CLIENT_SECRET: ${{ secrets.ANSIBLE_DEX_PROXMOX_CLIENT_SECRET }}
ANSIBLE_DEX_GITHUB_CLIENT_ID: ${{ secrets.ANSIBLE_DEX_GITHUB_CLIENT_ID }}
ANSIBLE_DEX_GITHUB_CLIENT_SECRET: ${{ secrets.ANSIBLE_DEX_GITHUB_CLIENT_SECRET }}
run: ansible-playbook playbooks/proxmox.yml --tags all,env --extra-vars "ansible_become_password=$ANSIBLE_BECOME_PASSWORD"
- name: Logout of Tailscale
id: ts-logout
if: steps.ts-login.conclusion == 'success'
run: sudo tailscale logout
- name: Notify discord
uses: up9cloud/[email protected]
if: cancelled() == false
env:
GITHUB_JOB_STATUS: ${{ job.status }}
DISCORD_WEBHOOK_URL: ${{ secrets.LAB_DISCORD_WEBHOOK }}