From ed9bc457f54c827422df49bf9a76ac8c471d8a5f Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Sun, 21 Sep 2025 22:47:38 +0200 Subject: [PATCH 01/39] Test IAC --- .github/workflows/apply.yaml | 25 +++++++++++++++++++++++++ .github/workflows/lint.yaml | 31 +++++++++++++++++++++++++++++++ .github/workflows/plan.yaml | 22 ++++++++++++++++++++++ README.md | 14 +++++++++----- terraform/backend.tf | 14 ++++++++++++++ terraform/main.tf | 2 +- terraform/variables.tf | 12 ++++++++++++ 7 files changed, 114 insertions(+), 6 deletions(-) create mode 100644 .github/workflows/apply.yaml create mode 100644 .github/workflows/lint.yaml create mode 100644 .github/workflows/plan.yaml create mode 100644 terraform/backend.tf diff --git a/.github/workflows/apply.yaml b/.github/workflows/apply.yaml new file mode 100644 index 0000000..7b35612 --- /dev/null +++ b/.github/workflows/apply.yaml @@ -0,0 +1,25 @@ +name: Apply Terraform plan + +on: + push: + branches: + - main + +permissions: + contents: read + pull-requests: write + +jobs: + apply: + runs-on: ubuntu-latest + name: Apply Terraform plan + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Terraform apply + uses: dflook/terraform-apply@v2 + with: + path: terraform-config \ No newline at end of file diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml new file mode 100644 index 0000000..d71a67b --- /dev/null +++ b/.github/workflows/lint.yaml @@ -0,0 +1,31 @@ +name: Lint Terraform plan + +on: + push: + branches-ignore: + - main + +jobs: + validate: + runs-on: ubuntu-latest + name: Validate Terraform configuration + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Terraform validate + uses: dflook/terraform-validate@v2 + with: + path: terraform-config + + fmt-check: + runs-on: ubuntu-latest + name: Check formatting of Terraform files + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Terraform fmt + uses: dflook/terraform-fmt-check@v2 + with: + path: terraform-config \ No newline at end of file diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml new file mode 100644 index 0000000..8a929a1 --- /dev/null +++ b/.github/workflows/plan.yaml @@ -0,0 +1,22 @@ +name: Create Terraform plan + +on: [pull_request] + +permissions: + contents: read + pull-requests: write + +jobs: + plan: + runs-on: ubuntu-latest + name: Create a Terraform plan + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Terraform plan + uses: dflook/terraform-plan@v2 + with: + path: terraform-config \ No newline at end of file diff --git a/README.md b/README.md index 413558f..9d0f9d8 100644 --- a/README.md +++ b/README.md @@ -2,15 +2,18 @@ # Cloudijs Platform -Hosting platform based on Kubernetes. This repository contain the IAC used to setup this platform on [Hetzner](https://www.hetzner.com). The platform relies heavily on the amazing [terraform-hcloud-kubernetes](https://github.com/hcloud-k8s/terraform-hcloud-kubernetes) Terraform module. +Hosting platform based on Kubernetes. This repository contain the Terraform used to setup this platform on [Hetzner](https://www.hetzner.com). The platform relies heavily on the amazing [terraform-hcloud-kubernetes](https://github.com/hcloud-k8s/terraform-hcloud-kubernetes) Terraform module. ## Deployment -To deploy the platform you will need a Hetzer account and create a [token](https://docs.hetzner.com/cloud/api/getting-started/generating-api-token/). Then run Terraform or Tofu after setting the token variable: +To deploy the platform you will need a Hetzner account and create a [token](https://docs.hetzner.com/cloud/api/getting-started/generating-api-token/). In this example a Hetzner object storage is used for storing the Terraform state. Then run Terraform or Tofu after setting the required variables: ```bash -export TF_VAR_hcloud_token="" -tofu plan -tofy apply +export TF_VAR_HCLOUD_TOKEN="" +export TF_VAR_STATE_BUCKET_NAME="" +export TF_VAR_STATE_BUCKET_ACCESS_KEY="" +export TF_VAR_STATE_BUCKET_SECRET_KEY="" +terraform plan +terraform apply ``` ## Sources @@ -20,6 +23,7 @@ tofy apply * https://registry.terraform.io/providers/hetznercloud/hcloud/latest * https://docs.hetzner.cloud/changelog#2025-04-23-talos-linux-v195-iso-now-available * https://github.com/hetznercloud/hcloud-cloud-controller-manager/tree/main +* https://github.com/dflook/terraform-github-actions ## License diff --git a/terraform/backend.tf b/terraform/backend.tf new file mode 100644 index 0000000..bbe51c5 --- /dev/null +++ b/terraform/backend.tf @@ -0,0 +1,14 @@ +terraform { + backend "s3" { + bucket = var.state_bucket_name + key = "platform/terraform.tfstate" + region = "us-east-1" # required but not used by Hetzner + endpoint = "https://fsn1.your-objectstorage.com" # change to your region endpoint (e.g., fsn1, nbx1, hel1) + use_path_style = true + skip_credentials_validation = true + skip_region_validation = true + skip_metadata_api_check = true + access_key = var.state_bucket_access_key + secret_key = var.state_bucket_secret_key + } +} \ No newline at end of file diff --git a/terraform/main.tf b/terraform/main.tf index e62ea46..a6124cd 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -21,4 +21,4 @@ module "kubernetes" { worker_nodepools = [ { name = "worker", type = "cpx11", location = "fsn1", count = 2 } ] -} +} \ No newline at end of file diff --git a/terraform/variables.tf b/terraform/variables.tf index 15e218d..067e650 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -1,3 +1,15 @@ +# Hetzner secrets variable "hcloud_token" { sensitive = true +} + +# Terraform state +variable "state_bucket_name" { + sensitive = true +} +variable "state_bucket_access_key" { + sensitive = true +} +variable "state_bucket_secret_key" { + sensitive = true } \ No newline at end of file From 029daf9d837b93e85064e19cca4210c7a63c54e9 Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Sun, 21 Sep 2025 22:54:52 +0200 Subject: [PATCH 02/39] Fix terraform aactions path --- .github/workflows/apply.yaml | 2 +- .github/workflows/lint.yaml | 4 ++-- .github/workflows/plan.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/apply.yaml b/.github/workflows/apply.yaml index 7b35612..5851683 100644 --- a/.github/workflows/apply.yaml +++ b/.github/workflows/apply.yaml @@ -22,4 +22,4 @@ jobs: - name: Terraform apply uses: dflook/terraform-apply@v2 with: - path: terraform-config \ No newline at end of file + path: terraform \ No newline at end of file diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index d71a67b..67ee0bf 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -16,7 +16,7 @@ jobs: - name: Terraform validate uses: dflook/terraform-validate@v2 with: - path: terraform-config + path: terraform fmt-check: runs-on: ubuntu-latest @@ -28,4 +28,4 @@ jobs: - name: Terraform fmt uses: dflook/terraform-fmt-check@v2 with: - path: terraform-config \ No newline at end of file + path: terraform \ No newline at end of file diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml index 8a929a1..8667840 100644 --- a/.github/workflows/plan.yaml +++ b/.github/workflows/plan.yaml @@ -19,4 +19,4 @@ jobs: - name: Terraform plan uses: dflook/terraform-plan@v2 with: - path: terraform-config \ No newline at end of file + path: terraform \ No newline at end of file From 0c471a1d11748c2e3240471634c4020fdcfc1843 Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Sun, 21 Sep 2025 22:57:18 +0200 Subject: [PATCH 03/39] Fix Terraform Lint --- .github/workflows/lint.yaml | 4 ++-- terraform/backend.tf | 18 +++++++++--------- terraform/variables.tf | 8 ++++---- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 67ee0bf..04f9d08 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -8,7 +8,7 @@ on: jobs: validate: runs-on: ubuntu-latest - name: Validate Terraform configuration + name: Validate Terraform steps: - name: Checkout uses: actions/checkout@v4 @@ -20,7 +20,7 @@ jobs: fmt-check: runs-on: ubuntu-latest - name: Check formatting of Terraform files + name: Check Terraform formatting steps: - name: Checkout uses: actions/checkout@v4 diff --git a/terraform/backend.tf b/terraform/backend.tf index bbe51c5..abd2bd3 100644 --- a/terraform/backend.tf +++ b/terraform/backend.tf @@ -1,14 +1,14 @@ terraform { backend "s3" { - bucket = var.state_bucket_name - key = "platform/terraform.tfstate" - region = "us-east-1" # required but not used by Hetzner - endpoint = "https://fsn1.your-objectstorage.com" # change to your region endpoint (e.g., fsn1, nbx1, hel1) - use_path_style = true + bucket = var.state_bucket_name + key = "platform/terraform.tfstate" + region = "us-east-1" # required but not used by Hetzner + endpoint = "https://fsn1.your-objectstorage.com" # change to your region endpoint (e.g., fsn1, nbx1, hel1) + use_path_style = true skip_credentials_validation = true - skip_region_validation = true - skip_metadata_api_check = true - access_key = var.state_bucket_access_key - secret_key = var.state_bucket_secret_key + skip_region_validation = true + skip_metadata_api_check = true + access_key = var.state_bucket_access_key + secret_key = var.state_bucket_secret_key } } \ No newline at end of file diff --git a/terraform/variables.tf b/terraform/variables.tf index 067e650..b25d6ca 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -1,15 +1,15 @@ # Hetzner secrets variable "hcloud_token" { - sensitive = true + sensitive = true } # Terraform state variable "state_bucket_name" { - sensitive = true + sensitive = true } variable "state_bucket_access_key" { - sensitive = true + sensitive = true } variable "state_bucket_secret_key" { - sensitive = true + sensitive = true } \ No newline at end of file From 3e07923a46ec7d2f16a0422d1b3adf10eb9f6d60 Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Sun, 21 Sep 2025 23:00:30 +0200 Subject: [PATCH 04/39] Rename GH action --- .github/workflows/lint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 04f9d08..8ff4bf6 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -20,7 +20,7 @@ jobs: fmt-check: runs-on: ubuntu-latest - name: Check Terraform formatting + name: Terraform formatting steps: - name: Checkout uses: actions/checkout@v4 From 982dec62204504b4560a2bf76a781e8f1fda0c7e Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Mon, 22 Sep 2025 00:29:22 +0200 Subject: [PATCH 05/39] Test secrets --- .github/workflows/apply.yaml | 6 +++++- .github/workflows/plan.yaml | 6 +++++- terraform/backend.tf | 6 +++--- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/.github/workflows/apply.yaml b/.github/workflows/apply.yaml index 5851683..96f2651 100644 --- a/.github/workflows/apply.yaml +++ b/.github/workflows/apply.yaml @@ -22,4 +22,8 @@ jobs: - name: Terraform apply uses: dflook/terraform-apply@v2 with: - path: terraform \ No newline at end of file + path: terraform + backend_config: | + bucket=${{ secrets.TF_STATE_BUCKET_NAME }} + access_key=${{ secrets.TF_STATE_ACCESS_KEY }} + secret_key=${{ secrets.TF_STATE_SECRET_KEY }} \ No newline at end of file diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml index 8667840..00cba7c 100644 --- a/.github/workflows/plan.yaml +++ b/.github/workflows/plan.yaml @@ -19,4 +19,8 @@ jobs: - name: Terraform plan uses: dflook/terraform-plan@v2 with: - path: terraform \ No newline at end of file + path: terraform + backend_config: | + bucket=${{ secrets.TF_STATE_BUCKET_NAME }} + access_key=${{ secrets.TF_STATE_ACCESS_KEY }} + secret_key=${{ secrets.TF_STATE_SECRET_KEY }} \ No newline at end of file diff --git a/terraform/backend.tf b/terraform/backend.tf index abd2bd3..e51b314 100644 --- a/terraform/backend.tf +++ b/terraform/backend.tf @@ -1,6 +1,6 @@ terraform { backend "s3" { - bucket = var.state_bucket_name + #bucket = var.state_bucket_name key = "platform/terraform.tfstate" region = "us-east-1" # required but not used by Hetzner endpoint = "https://fsn1.your-objectstorage.com" # change to your region endpoint (e.g., fsn1, nbx1, hel1) @@ -8,7 +8,7 @@ terraform { skip_credentials_validation = true skip_region_validation = true skip_metadata_api_check = true - access_key = var.state_bucket_access_key - secret_key = var.state_bucket_secret_key + #access_key = var.state_bucket_access_key + #secret_key = var.state_bucket_secret_key } } \ No newline at end of file From 1a481bf0aa846179aae1de03a60d3c5e3914f8ed Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Mon, 22 Sep 2025 00:35:25 +0200 Subject: [PATCH 06/39] Test secrets --- terraform/backend.tf | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/terraform/backend.tf b/terraform/backend.tf index e51b314..a16eeec 100644 --- a/terraform/backend.tf +++ b/terraform/backend.tf @@ -1,9 +1,11 @@ terraform { backend "s3" { #bucket = var.state_bucket_name - key = "platform/terraform.tfstate" - region = "us-east-1" # required but not used by Hetzner - endpoint = "https://fsn1.your-objectstorage.com" # change to your region endpoint (e.g., fsn1, nbx1, hel1) + key = "platform/terraform.tfstate" + region = "us-east-1" # required but not used by Hetzner + endpoints = { + s3 = "https://fsn1.your-objectstorage.com" # change to your region endpoint (e.g., fsn1, nbx1, hel1) + } use_path_style = true skip_credentials_validation = true skip_region_validation = true From 2ba607bee6be4a0072a7819b474b8c9fea28016e Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Mon, 22 Sep 2025 00:53:28 +0200 Subject: [PATCH 07/39] Test secrets --- terraform/backend.tf | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/terraform/backend.tf b/terraform/backend.tf index a16eeec..4dae2dc 100644 --- a/terraform/backend.tf +++ b/terraform/backend.tf @@ -1,16 +1,14 @@ terraform { backend "s3" { - #bucket = var.state_bucket_name + bucket = "platform-state" key = "platform/terraform.tfstate" region = "us-east-1" # required but not used by Hetzner endpoints = { - s3 = "https://fsn1.your-objectstorage.com" # change to your region endpoint (e.g., fsn1, nbx1, hel1) + s3 = "https://fsn1.your-objectstorage.com" # Falkenstein region } use_path_style = true skip_credentials_validation = true skip_region_validation = true skip_metadata_api_check = true - #access_key = var.state_bucket_access_key - #secret_key = var.state_bucket_secret_key } } \ No newline at end of file From 13e055258d9388d7c48e387a8fa1ed36c72dbed9 Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Mon, 22 Sep 2025 01:02:36 +0200 Subject: [PATCH 08/39] Test secrets --- .github/workflows/apply.yaml | 9 ++++----- .github/workflows/plan.yaml | 9 ++++----- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/.github/workflows/apply.yaml b/.github/workflows/apply.yaml index 96f2651..943af25 100644 --- a/.github/workflows/apply.yaml +++ b/.github/workflows/apply.yaml @@ -15,6 +15,9 @@ jobs: name: Apply Terraform plan env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + AWS_ACCESS_KEY_ID: ${{ secrets.TF_STATE_ACCESS_KEY }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_STATE_SECRET_KEY }} + AWS_CA_BUNDLE: "" steps: - name: Checkout uses: actions/checkout@v4 @@ -22,8 +25,4 @@ jobs: - name: Terraform apply uses: dflook/terraform-apply@v2 with: - path: terraform - backend_config: | - bucket=${{ secrets.TF_STATE_BUCKET_NAME }} - access_key=${{ secrets.TF_STATE_ACCESS_KEY }} - secret_key=${{ secrets.TF_STATE_SECRET_KEY }} \ No newline at end of file + path: terraform \ No newline at end of file diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml index 00cba7c..87c0b05 100644 --- a/.github/workflows/plan.yaml +++ b/.github/workflows/plan.yaml @@ -12,6 +12,9 @@ jobs: name: Create a Terraform plan env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + AWS_ACCESS_KEY_ID: ${{ secrets.TF_STATE_ACCESS_KEY }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_STATE_SECRET_KEY }} + AWS_CA_BUNDLE: "" steps: - name: Checkout uses: actions/checkout@v4 @@ -19,8 +22,4 @@ jobs: - name: Terraform plan uses: dflook/terraform-plan@v2 with: - path: terraform - backend_config: | - bucket=${{ secrets.TF_STATE_BUCKET_NAME }} - access_key=${{ secrets.TF_STATE_ACCESS_KEY }} - secret_key=${{ secrets.TF_STATE_SECRET_KEY }} \ No newline at end of file + path: terraform \ No newline at end of file From 58d6f853a782e25666ab40564dc41f0b36575e53 Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Mon, 22 Sep 2025 09:22:42 +0200 Subject: [PATCH 09/39] Test secrets --- terraform/backend.tf | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/terraform/backend.tf b/terraform/backend.tf index 4dae2dc..498d3d0 100644 --- a/terraform/backend.tf +++ b/terraform/backend.tf @@ -3,12 +3,11 @@ terraform { bucket = "platform-state" key = "platform/terraform.tfstate" region = "us-east-1" # required but not used by Hetzner - endpoints = { - s3 = "https://fsn1.your-objectstorage.com" # Falkenstein region - } + endpoints = { s3 = "https://fsn1.your-objectstorage.com" } # Falkenstein region use_path_style = true skip_credentials_validation = true skip_region_validation = true + skip_requesting_account_id = true skip_metadata_api_check = true } } \ No newline at end of file From 7ea30350e71cc8c3aa8a8b2f021e177bad280c38 Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Mon, 22 Sep 2025 09:26:40 +0200 Subject: [PATCH 10/39] Test secrets --- .github/workflows/apply.yaml | 1 + .github/workflows/plan.yaml | 1 + terraform/variables.tf | 11 ----------- 3 files changed, 2 insertions(+), 11 deletions(-) diff --git a/.github/workflows/apply.yaml b/.github/workflows/apply.yaml index 943af25..c784e44 100644 --- a/.github/workflows/apply.yaml +++ b/.github/workflows/apply.yaml @@ -15,6 +15,7 @@ jobs: name: Apply Terraform plan env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + TF_VAR_hcloud_token: ${{ secrets.TF_HCLOUD_TOKEN }} AWS_ACCESS_KEY_ID: ${{ secrets.TF_STATE_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_STATE_SECRET_KEY }} AWS_CA_BUNDLE: "" diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml index 87c0b05..3fffb52 100644 --- a/.github/workflows/plan.yaml +++ b/.github/workflows/plan.yaml @@ -12,6 +12,7 @@ jobs: name: Create a Terraform plan env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + TF_VAR_hcloud_token: ${{ secrets.TF_HCLOUD_TOKEN }} AWS_ACCESS_KEY_ID: ${{ secrets.TF_STATE_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_STATE_SECRET_KEY }} AWS_CA_BUNDLE: "" diff --git a/terraform/variables.tf b/terraform/variables.tf index b25d6ca..7ac31a3 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -1,15 +1,4 @@ # Hetzner secrets variable "hcloud_token" { sensitive = true -} - -# Terraform state -variable "state_bucket_name" { - sensitive = true -} -variable "state_bucket_access_key" { - sensitive = true -} -variable "state_bucket_secret_key" { - sensitive = true } \ No newline at end of file From 1ff2456ee39807b8fe501a2e8111bc41d55a77a7 Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Mon, 22 Sep 2025 09:28:34 +0200 Subject: [PATCH 11/39] Test --- terraform/backend.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/terraform/backend.tf b/terraform/backend.tf index 498d3d0..f49c4bf 100644 --- a/terraform/backend.tf +++ b/terraform/backend.tf @@ -1,9 +1,9 @@ terraform { backend "s3" { - bucket = "platform-state" - key = "platform/terraform.tfstate" - region = "us-east-1" # required but not used by Hetzner - endpoints = { s3 = "https://fsn1.your-objectstorage.com" } # Falkenstein region + bucket = "platform-state" + key = "platform/terraform.tfstate" + region = "us-east-1" # required but not used by Hetzner + endpoints = { s3 = "https://fsn1.your-objectstorage.com" } # Falkenstein region use_path_style = true skip_credentials_validation = true skip_region_validation = true From ab0cbcce2bdb2a44001b591ac1aee815e620b971 Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Tue, 10 Mar 2026 17:44:45 +0100 Subject: [PATCH 12/39] Add first IAC setup --- .gitignore | 8 ++- README.md | 43 ++++++++++++---- Taskfile.yml | 57 ++++++++++++++++++++++ {terraform => infra}/backend.tf | 6 +-- infra/main.tf | 39 +++++++++++++++ infra/manifests/issuer.yaml | 13 +++++ infra/modules/cloudijs-system/main.tf | 44 +++++++++++++++++ infra/modules/cloudijs-system/variables.tf | 15 ++++++ infra/provider.tf | 34 +++++++++++++ infra/variables.tf | 35 +++++++++++++ terraform/main.tf | 24 --------- terraform/variables.tf | 4 -- 12 files changed, 278 insertions(+), 44 deletions(-) create mode 100644 Taskfile.yml rename {terraform => infra}/backend.tf (70%) create mode 100644 infra/main.tf create mode 100644 infra/manifests/issuer.yaml create mode 100644 infra/modules/cloudijs-system/main.tf create mode 100644 infra/modules/cloudijs-system/variables.tf create mode 100644 infra/provider.tf create mode 100644 infra/variables.tf delete mode 100644 terraform/main.tf delete mode 100644 terraform/variables.tf diff --git a/.gitignore b/.gitignore index 4104e39..86ce1b7 100644 --- a/.gitignore +++ b/.gitignore @@ -7,5 +7,9 @@ terraform.tfvars *.auto.tfvars # secrets -kubeconfig -talosconfig \ No newline at end of file +.kubeconfig +.kubeconfig.bak +.talosconfig +.talosconfig.bak +.env +.environment diff --git a/README.md b/README.md index 9d0f9d8..64209da 100644 --- a/README.md +++ b/README.md @@ -2,19 +2,42 @@ # Cloudijs Platform -Hosting platform based on Kubernetes. This repository contain the Terraform used to setup this platform on [Hetzner](https://www.hetzner.com). The platform relies heavily on the amazing [terraform-hcloud-kubernetes](https://github.com/hcloud-k8s/terraform-hcloud-kubernetes) Terraform module. +Hosting platform based on Kubernetes. This repository contain the Terraform code used to setup this platform on [Hetzner](https://www.hetzner.com). The platform relies heavily on the amazing [terraform-hcloud-kubernetes](https://github.com/hcloud-k8s/terraform-hcloud-kubernetes) Tofu/Terraform module. + +## Pre-requisites + +* [Hetzner Account](https://www.hetzner.com) +* [OpenTofu](https://opentofu.org/docs/intro/install/) +* [Taskfile](https://taskfile.dev/docs/installation) ## Deployment -To deploy the platform you will need a Hetzner account and create a [token](https://docs.hetzner.com/cloud/api/getting-started/generating-api-token/). In this example a Hetzner object storage is used for storing the Terraform state. Then run Terraform or Tofu after setting the required variables: -```bash -export TF_VAR_HCLOUD_TOKEN="" -export TF_VAR_STATE_BUCKET_NAME="" -export TF_VAR_STATE_BUCKET_ACCESS_KEY="" -export TF_VAR_STATE_BUCKET_SECRET_KEY="" -terraform plan -terraform apply +To deploy the platform you will need a Hetzner account, create an S3 bucket and create an [API token](https://docs.hetzner.com/cloud/api/getting-started/generating-api-token/). Make sure to gather the values for the S3 bucket configuration. These can be specified as environment variables or in an `.env` file: +```sh +export HCLOUD_TOKEN="" + +export STATE_BUCKET_NAME="" +export STATE_BUCKET_KEY="" + +export STATE_BUCKET_ACCESS_KEY="" +export STATE_BUCKET_SECRET_KEY="" +``` +``` +# .env + +HCLOUD_TOKEN="" + +STATE_BUCKET_NAME="" +STATE_BUCKET_KEY="" + +STATE_BUCKET_ACCESS_KEY="" +STATE_BUCKET_SECRET_KEY="" +``` +Run Tofu after setting the required variables to setup the platform: +```sh +task create ``` +Other available tasks like destroying the environment can be found using the `task` command. ## Sources @@ -27,4 +50,4 @@ terraform apply ## License -[MIT license](LICENSE) \ No newline at end of file +[MIT license](LICENSE) diff --git a/Taskfile.yml b/Taskfile.yml new file mode 100644 index 0000000..43e4c56 --- /dev/null +++ b/Taskfile.yml @@ -0,0 +1,57 @@ +--- +version: "3" + +dotenv: + - .env + - ../.env + +tasks: + default: + desc: List available tasks + cmds: + - task --list-all + + create: + desc: Create all resources + dir: infra/ + cmds: + - tofu init -backend-config="bucket=${STATE_BUCKET_NAME}" -backend-config="key=${STATE_BUCKET_KEY}" -upgrade + - tofu apply -auto-approve + env: + AWS_ACCESS_KEY_ID: + sh: echo "${STATE_BUCKET_ACCESS_KEY}" + AWS_SECRET_ACCESS_KEY: + sh: echo "${STATE_BUCKET_SECRET_KEY}" + TF_VAR_hcloud_token: + sh: echo "${HCLOUD_TOKEN}" + + delete: + desc: Destroy all resources + dir: infra/ + cmds: + - cmd: tofu state rm 'module.kubernetes.talos_machine_configuration_apply.worker' + ignore_error: true + - cmd: tofu state rm 'module.kubernetes.talos_machine_configuration_apply.control_plane' + ignore_error: true + - cmd: tofu state rm 'module.kubernetes.talos_machine_secrets.this' + ignore_error: true + - cmd: tofu destroy -auto-approve + - cmd: rm -rf terraform terraform.lock.hcl ../.kubeconfig ../.kubeconfig.bak ../.talosconfig ../.talosconfig.bak + env: + AWS_ACCESS_KEY_ID: + sh: echo "${STATE_BUCKET_ACCESS_KEY}" + AWS_SECRET_ACCESS_KEY: + sh: echo "${STATE_BUCKET_SECRET_KEY}" + TF_VAR_hcloud_token: + sh: echo "${HCLOUD_TOKEN}" + + validate: + desc: Run syntax and linting checks + cmds: + - cmd: tflint --chdir infra/ + + recreate: + desc: Recreate all resources + cmds: + - task: delete + - task: create diff --git a/terraform/backend.tf b/infra/backend.tf similarity index 70% rename from terraform/backend.tf rename to infra/backend.tf index f49c4bf..8dcd10b 100644 --- a/terraform/backend.tf +++ b/infra/backend.tf @@ -1,8 +1,6 @@ terraform { backend "s3" { - bucket = "platform-state" - key = "platform/terraform.tfstate" - region = "us-east-1" # required but not used by Hetzner + region = "us-east-1" # Required but not used by Hetzner endpoints = { s3 = "https://fsn1.your-objectstorage.com" } # Falkenstein region use_path_style = true skip_credentials_validation = true @@ -10,4 +8,4 @@ terraform { skip_requesting_account_id = true skip_metadata_api_check = true } -} \ No newline at end of file +} diff --git a/infra/main.tf b/infra/main.tf new file mode 100644 index 0000000..06f3203 --- /dev/null +++ b/infra/main.tf @@ -0,0 +1,39 @@ +module "kubernetes" { + source = "hcloud-k8s/kubernetes/hcloud" + version = "3.26.1" + + # General configuration + cluster_name = "platform" + hcloud_token = var.hcloud_token + + cluster_delete_protection = false + + # Export configs for talosctl and kubectl + cluster_kubeconfig_path = var.kubernetes_config_path + cluster_talosconfig_path = var.talos_config_path + + # Firewall configuration + firewall_use_current_ipv4 = true + + # Enable Cilium Gateway API and Cert Manager + cert_manager_enabled = true + cilium_gateway_api_enabled = true + + control_plane_nodepools = [ + { name = "control", type = "cx23", location = "fsn1", count = 1 } + ] + worker_nodepools = [ + { name = "worker", type = "cx33", location = "fsn1", count = 2 } + ] +} + +# Setup Cloudijs System +module "cloudijs-system" { + depends_on = [module.kubernetes] + source = "./modules/cloudijs-system" + + namespace = var.system_namespace + repository_url = var.repository_url + repository_ref = var.repository_ref + repository_path = var.repository_path +} \ No newline at end of file diff --git a/infra/manifests/issuer.yaml b/infra/manifests/issuer.yaml new file mode 100644 index 0000000..e909522 --- /dev/null +++ b/infra/manifests/issuer.yaml @@ -0,0 +1,13 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: http-issuer +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + privateKeySecretRef: + name: http-issuer-account-key + solvers: + - http01: + ingress: + ingressClassName: nginx diff --git a/infra/modules/cloudijs-system/main.tf b/infra/modules/cloudijs-system/main.tf new file mode 100644 index 0000000..672e247 --- /dev/null +++ b/infra/modules/cloudijs-system/main.tf @@ -0,0 +1,44 @@ +# Create namespace for Cloudijs system deployments +resource "kubernetes_namespace_v1" "platform_system" { + metadata { + name = var.namespace + } +} + +# Deploy and configure Flux Operator +resource "helm_release" "flux_operator" { + depends_on = [kubernetes_namespace_v1.platform_system] + + name = "flux-operator" + namespace = var.namespace + repository = "oci://ghcr.io/controlplaneio-fluxcd/charts" + chart = "flux-operator" +} + +resource "helm_release" "flux_instance" { + depends_on = [helm_release.flux_operator] + + name = "flux" + namespace = var.namespace + repository = "oci://ghcr.io/controlplaneio-fluxcd/charts" + chart = "flux-instance" + + set = [ + { + name = "instance.sync.kind" + value = "GitRepository" + }, + { + name = "instance.sync.url" + value = var.repository_url + }, + { + name = "instance.sync.ref" + value = var.repository_ref + }, + { + name = "instance.sync.path" + value = var.repository_path + } + ] +} \ No newline at end of file diff --git a/infra/modules/cloudijs-system/variables.tf b/infra/modules/cloudijs-system/variables.tf new file mode 100644 index 0000000..0d3a23d --- /dev/null +++ b/infra/modules/cloudijs-system/variables.tf @@ -0,0 +1,15 @@ +variable "namespace" { + type = string +} + +variable "repository_url" { + type = string +} + +variable "repository_ref" { + type = string +} + +variable "repository_path" { + type = string +} \ No newline at end of file diff --git a/infra/provider.tf b/infra/provider.tf new file mode 100644 index 0000000..8424261 --- /dev/null +++ b/infra/provider.tf @@ -0,0 +1,34 @@ +terraform { + required_version = ">=1.9.0" + + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + version = "3.0.1" + } + helm = { + source = "hashicorp/helm" + version = "3.1.1" + } + } +} + +provider "kubernetes" { + host = module.kubernetes.kubeconfig_data["server"] + + cluster_ca_certificate = module.kubernetes.kubeconfig_data["ca"] + + client_certificate = module.kubernetes.kubeconfig_data["cert"] + client_key = module.kubernetes.kubeconfig_data["key"] +} + +provider "helm" { + kubernetes = { + host = module.kubernetes.kubeconfig_data["server"] + + cluster_ca_certificate = module.kubernetes.kubeconfig_data["ca"] + + client_certificate = module.kubernetes.kubeconfig_data["cert"] + client_key = module.kubernetes.kubeconfig_data["key"] + } +} diff --git a/infra/variables.tf b/infra/variables.tf new file mode 100644 index 0000000..0a99a59 --- /dev/null +++ b/infra/variables.tf @@ -0,0 +1,35 @@ +# Hetzner secrets +variable "hcloud_token" { + sensitive = true + type = string +} + +# Config paths +variable "kubernetes_config_path" { + default = "../.kubeconfig" + type = string +} +variable "talos_config_path" { + default = "../.talosconfig" + type = string +} + +# System variables +variable "system_namespace" { + default = "cloudijs-system" + type = string +} + +# Git repository +variable "repository_url" { + default = "https://github.com/cloudijs/platform" + type = string +} +variable "repository_ref" { + default = "refs/heads/main" + type = string +} +variable "repository_path" { + default = "apps" + type = string +} \ No newline at end of file diff --git a/terraform/main.tf b/terraform/main.tf deleted file mode 100644 index a6124cd..0000000 --- a/terraform/main.tf +++ /dev/null @@ -1,24 +0,0 @@ -module "kubernetes" { - source = "hcloud-k8s/kubernetes/hcloud" - version = "3.1.0" - - cluster_delete_protection = false - - cluster_name = "platform" - hcloud_token = var.hcloud_token - - # Export configs for Talos and Kube API access - cluster_kubeconfig_path = "kubeconfig" - cluster_talosconfig_path = "talosconfig" - - # Addons - cert_manager_enabled = true - ingress_nginx_enabled = true - - control_plane_nodepools = [ - { name = "control", type = "cx22", location = "fsn1", count = 1 } - ] - worker_nodepools = [ - { name = "worker", type = "cpx11", location = "fsn1", count = 2 } - ] -} \ No newline at end of file diff --git a/terraform/variables.tf b/terraform/variables.tf deleted file mode 100644 index 7ac31a3..0000000 --- a/terraform/variables.tf +++ /dev/null @@ -1,4 +0,0 @@ -# Hetzner secrets -variable "hcloud_token" { - sensitive = true -} \ No newline at end of file From da500adeb5b0d94a9deb1275e0ecb2d57ca40d2a Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Tue, 10 Mar 2026 17:46:51 +0100 Subject: [PATCH 13/39] Fix incorrect path in GH Actions --- .github/workflows/lint.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 8ff4bf6..ca695b1 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -16,7 +16,7 @@ jobs: - name: Terraform validate uses: dflook/terraform-validate@v2 with: - path: terraform + path: infra fmt-check: runs-on: ubuntu-latest @@ -28,4 +28,4 @@ jobs: - name: Terraform fmt uses: dflook/terraform-fmt-check@v2 with: - path: terraform \ No newline at end of file + path: infra \ No newline at end of file From 749c585699b1b63fb8dd30c6c3425e5269629be1 Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Tue, 10 Mar 2026 17:48:22 +0100 Subject: [PATCH 14/39] Reformat TF code to match fmt cmd --- infra/main.tf | 2 +- infra/provider.tf | 8 ++++---- infra/variables.tf | 14 +++++++------- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/infra/main.tf b/infra/main.tf index 06f3203..34a6233 100644 --- a/infra/main.tf +++ b/infra/main.tf @@ -30,7 +30,7 @@ module "kubernetes" { # Setup Cloudijs System module "cloudijs-system" { depends_on = [module.kubernetes] - source = "./modules/cloudijs-system" + source = "./modules/cloudijs-system" namespace = var.system_namespace repository_url = var.repository_url diff --git a/infra/provider.tf b/infra/provider.tf index 8424261..fec69fc 100644 --- a/infra/provider.tf +++ b/infra/provider.tf @@ -3,11 +3,11 @@ terraform { required_providers { kubernetes = { - source = "hashicorp/kubernetes" + source = "hashicorp/kubernetes" version = "3.0.1" } helm = { - source = "hashicorp/helm" + source = "hashicorp/helm" version = "3.1.1" } } @@ -19,7 +19,7 @@ provider "kubernetes" { cluster_ca_certificate = module.kubernetes.kubeconfig_data["ca"] client_certificate = module.kubernetes.kubeconfig_data["cert"] - client_key = module.kubernetes.kubeconfig_data["key"] + client_key = module.kubernetes.kubeconfig_data["key"] } provider "helm" { @@ -29,6 +29,6 @@ provider "helm" { cluster_ca_certificate = module.kubernetes.kubeconfig_data["ca"] client_certificate = module.kubernetes.kubeconfig_data["cert"] - client_key = module.kubernetes.kubeconfig_data["key"] + client_key = module.kubernetes.kubeconfig_data["key"] } } diff --git a/infra/variables.tf b/infra/variables.tf index 0a99a59..849f4fd 100644 --- a/infra/variables.tf +++ b/infra/variables.tf @@ -1,35 +1,35 @@ # Hetzner secrets variable "hcloud_token" { sensitive = true - type = string + type = string } # Config paths variable "kubernetes_config_path" { default = "../.kubeconfig" - type = string + type = string } variable "talos_config_path" { default = "../.talosconfig" - type = string + type = string } # System variables variable "system_namespace" { default = "cloudijs-system" - type = string + type = string } # Git repository variable "repository_url" { default = "https://github.com/cloudijs/platform" - type = string + type = string } variable "repository_ref" { default = "refs/heads/main" - type = string + type = string } variable "repository_path" { default = "apps" - type = string + type = string } \ No newline at end of file From 472011ca9bb5d1f660a37ba3c2244868a8307510 Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Tue, 10 Mar 2026 17:49:10 +0100 Subject: [PATCH 15/39] Fix incorrect path in GH Actions --- .github/workflows/plan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml index 3fffb52..4cfaff2 100644 --- a/.github/workflows/plan.yaml +++ b/.github/workflows/plan.yaml @@ -23,4 +23,4 @@ jobs: - name: Terraform plan uses: dflook/terraform-plan@v2 with: - path: terraform \ No newline at end of file + path: infra \ No newline at end of file From 8d302c43e366f60d5d3e92d0729e8f4cd2ea4dd8 Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Tue, 10 Mar 2026 18:06:13 +0100 Subject: [PATCH 16/39] Test backend config --- .github/workflows/plan.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml index 4cfaff2..83d3047 100644 --- a/.github/workflows/plan.yaml +++ b/.github/workflows/plan.yaml @@ -13,6 +13,8 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} TF_VAR_hcloud_token: ${{ secrets.TF_HCLOUD_TOKEN }} + STATE_BUCKET_NAME: ${{ secrets.TF_STATE_BUCKET_NAME }} + STATE_BUCKET_KEY: ${{ secrets.TF_STATE_BUCKET_KEY }} AWS_ACCESS_KEY_ID: ${{ secrets.TF_STATE_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_STATE_SECRET_KEY }} AWS_CA_BUNDLE: "" @@ -23,4 +25,5 @@ jobs: - name: Terraform plan uses: dflook/terraform-plan@v2 with: - path: infra \ No newline at end of file + path: infra + backend_config: bucket=${{ env.STATE_BUCKET_NAME }} key=${{ env.STATE_BUCKET_KEY }} \ No newline at end of file From 1ec1a539be09d7cde2ffbe02f4a7258958265479 Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Tue, 10 Mar 2026 18:14:11 +0100 Subject: [PATCH 17/39] Test backend config --- .github/workflows/apply.yaml | 13 ++++++++++++- .github/workflows/plan.yaml | 8 ++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/.github/workflows/apply.yaml b/.github/workflows/apply.yaml index c784e44..40667bf 100644 --- a/.github/workflows/apply.yaml +++ b/.github/workflows/apply.yaml @@ -16,6 +16,8 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} TF_VAR_hcloud_token: ${{ secrets.TF_HCLOUD_TOKEN }} + STATE_BUCKET_NAME: ${{ secrets.TF_STATE_BUCKET_NAME }} + STATE_BUCKET_KEY: ${{ secrets.TF_STATE_BUCKET_KEY }} AWS_ACCESS_KEY_ID: ${{ secrets.TF_STATE_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_STATE_SECRET_KEY }} AWS_CA_BUNDLE: "" @@ -23,7 +25,16 @@ jobs: - name: Checkout uses: actions/checkout@v4 + - name: Setup Packer + uses: hashicorp-contrib/setup-packer@v3 + with: + packer-version: 1.15.0 + + - name: Setup Talosctl + run: brew install siderolabs/tap/sidero-tools + - name: Terraform apply uses: dflook/terraform-apply@v2 with: - path: terraform \ No newline at end of file + path: terraform + backend_config: bucket=${{ env.STATE_BUCKET_NAME }} key=${{ env.STATE_BUCKET_KEY }} \ No newline at end of file diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml index 83d3047..4663e7f 100644 --- a/.github/workflows/plan.yaml +++ b/.github/workflows/plan.yaml @@ -22,6 +22,14 @@ jobs: - name: Checkout uses: actions/checkout@v4 + - name: Setup Packer + uses: hashicorp-contrib/setup-packer@v3 + with: + packer-version: 1.15.0 + + - name: Setup Talosctl + run: brew install siderolabs/tap/sidero-tools + - name: Terraform plan uses: dflook/terraform-plan@v2 with: From af587b4f4f9396e2a4bd0e311c469196bc16a478 Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Tue, 10 Mar 2026 18:17:20 +0100 Subject: [PATCH 18/39] Test backend config --- .github/workflows/apply.yaml | 2 +- .github/workflows/plan.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/apply.yaml b/.github/workflows/apply.yaml index 40667bf..8cdcb8e 100644 --- a/.github/workflows/apply.yaml +++ b/.github/workflows/apply.yaml @@ -31,7 +31,7 @@ jobs: packer-version: 1.15.0 - name: Setup Talosctl - run: brew install siderolabs/tap/sidero-tools + run: curl -sL https://talos.dev/install | sh - name: Terraform apply uses: dflook/terraform-apply@v2 diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml index 4663e7f..cca6789 100644 --- a/.github/workflows/plan.yaml +++ b/.github/workflows/plan.yaml @@ -28,7 +28,7 @@ jobs: packer-version: 1.15.0 - name: Setup Talosctl - run: brew install siderolabs/tap/sidero-tools + run: curl -sL https://talos.dev/install | sh - name: Terraform plan uses: dflook/terraform-plan@v2 From 8827171c0ecf6eae8d786b40ba63106ffcd57803 Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Tue, 10 Mar 2026 18:26:56 +0100 Subject: [PATCH 19/39] Test backend config --- .github/workflows/apply.yaml | 8 ++------ .github/workflows/plan.yaml | 8 ++------ 2 files changed, 4 insertions(+), 12 deletions(-) diff --git a/.github/workflows/apply.yaml b/.github/workflows/apply.yaml index 8cdcb8e..019f173 100644 --- a/.github/workflows/apply.yaml +++ b/.github/workflows/apply.yaml @@ -25,13 +25,9 @@ jobs: - name: Checkout uses: actions/checkout@v4 - - name: Setup Packer - uses: hashicorp-contrib/setup-packer@v3 + - uses: ConorMacBride/install-package@v1 with: - packer-version: 1.15.0 - - - name: Setup Talosctl - run: curl -sL https://talos.dev/install | sh + brew: packer talosctl - name: Terraform apply uses: dflook/terraform-apply@v2 diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml index cca6789..17b4901 100644 --- a/.github/workflows/plan.yaml +++ b/.github/workflows/plan.yaml @@ -22,13 +22,9 @@ jobs: - name: Checkout uses: actions/checkout@v4 - - name: Setup Packer - uses: hashicorp-contrib/setup-packer@v3 + - uses: ConorMacBride/install-package@v1 with: - packer-version: 1.15.0 - - - name: Setup Talosctl - run: curl -sL https://talos.dev/install | sh + brew: packer talosctl - name: Terraform plan uses: dflook/terraform-plan@v2 From d410fe81b07c33ec234cac3c336c7019b9c12d02 Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Tue, 10 Mar 2026 22:07:17 +0100 Subject: [PATCH 20/39] Test backend config --- .github/workflows/apply.yaml | 5 +++-- .github/workflows/plan.yaml | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/apply.yaml b/.github/workflows/apply.yaml index 019f173..a6037c4 100644 --- a/.github/workflows/apply.yaml +++ b/.github/workflows/apply.yaml @@ -25,9 +25,10 @@ jobs: - name: Checkout uses: actions/checkout@v4 - - uses: ConorMacBride/install-package@v1 + - uses: awalsh128/cache-apt-pkgs-action@latest with: - brew: packer talosctl + packages: packer talosctl + version: 1.6 - name: Terraform apply uses: dflook/terraform-apply@v2 diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml index 17b4901..a3f288d 100644 --- a/.github/workflows/plan.yaml +++ b/.github/workflows/plan.yaml @@ -22,9 +22,10 @@ jobs: - name: Checkout uses: actions/checkout@v4 - - uses: ConorMacBride/install-package@v1 + - uses: awalsh128/cache-apt-pkgs-action@latest with: - brew: packer talosctl + packages: packer talosctl + version: 1.0 - name: Terraform plan uses: dflook/terraform-plan@v2 From 4806e735180d4da37c658d22cbe35e721d211890 Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Tue, 10 Mar 2026 22:31:25 +0100 Subject: [PATCH 21/39] Test backend config --- .github/workflows/apply.yaml | 17 +++++++++++++---- .github/workflows/plan.yaml | 17 +++++++++++++---- 2 files changed, 26 insertions(+), 8 deletions(-) diff --git a/.github/workflows/apply.yaml b/.github/workflows/apply.yaml index a6037c4..1c43f8e 100644 --- a/.github/workflows/apply.yaml +++ b/.github/workflows/apply.yaml @@ -25,10 +25,19 @@ jobs: - name: Checkout uses: actions/checkout@v4 - - uses: awalsh128/cache-apt-pkgs-action@latest - with: - packages: packer talosctl - version: 1.6 + - name: Setup Homebrew + run: | + /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" + env: + NONINTERACTIVE: 1 + + - name: Install Packer + run: | + /home/linuxbrew/.linuxbrew/bin/brew tap hashicorp/tap + /home/linuxbrew/.linuxbrew/bin/brew install hashicorp/tap/packer + + - name: Install Talosctl + run: brew install siderolabs/tap/talosctl - name: Terraform apply uses: dflook/terraform-apply@v2 diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml index a3f288d..ccfcb67 100644 --- a/.github/workflows/plan.yaml +++ b/.github/workflows/plan.yaml @@ -22,10 +22,19 @@ jobs: - name: Checkout uses: actions/checkout@v4 - - uses: awalsh128/cache-apt-pkgs-action@latest - with: - packages: packer talosctl - version: 1.0 + - name: Setup Homebrew + run: | + /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" + env: + NONINTERACTIVE: 1 + + - name: Install Packer + run: | + /home/linuxbrew/.linuxbrew/bin/brew tap hashicorp/tap + /home/linuxbrew/.linuxbrew/bin/brew install hashicorp/tap/packer + + - name: Install Talosctl + run: brew install siderolabs/tap/talosctl - name: Terraform plan uses: dflook/terraform-plan@v2 From a1bd83c1eb3c004bf93e6b1b11519e594e035a35 Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Tue, 10 Mar 2026 22:33:20 +0100 Subject: [PATCH 22/39] Test backend config --- .github/workflows/apply.yaml | 2 +- .github/workflows/plan.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/apply.yaml b/.github/workflows/apply.yaml index 1c43f8e..1aafeed 100644 --- a/.github/workflows/apply.yaml +++ b/.github/workflows/apply.yaml @@ -37,7 +37,7 @@ jobs: /home/linuxbrew/.linuxbrew/bin/brew install hashicorp/tap/packer - name: Install Talosctl - run: brew install siderolabs/tap/talosctl + run: /home/linuxbrew/.linuxbrew/bin/brew install siderolabs/tap/talosctl - name: Terraform apply uses: dflook/terraform-apply@v2 diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml index ccfcb67..dfd90f9 100644 --- a/.github/workflows/plan.yaml +++ b/.github/workflows/plan.yaml @@ -34,7 +34,7 @@ jobs: /home/linuxbrew/.linuxbrew/bin/brew install hashicorp/tap/packer - name: Install Talosctl - run: brew install siderolabs/tap/talosctl + run: /home/linuxbrew/.linuxbrew/bin/brew install siderolabs/tap/talosctl - name: Terraform plan uses: dflook/terraform-plan@v2 From 4ff8e7afd39e57e8d530950d22623099e6bf6248 Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Tue, 10 Mar 2026 22:39:10 +0100 Subject: [PATCH 23/39] Test backend config --- .github/workflows/apply.yaml | 3 +++ .github/workflows/plan.yaml | 3 +++ 2 files changed, 6 insertions(+) diff --git a/.github/workflows/apply.yaml b/.github/workflows/apply.yaml index 1aafeed..fb968e0 100644 --- a/.github/workflows/apply.yaml +++ b/.github/workflows/apply.yaml @@ -28,6 +28,9 @@ jobs: - name: Setup Homebrew run: | /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" + echo >> ~/.bashrc + echo 'eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv bash)"' >> ~/.bashrc + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv bash)" env: NONINTERACTIVE: 1 diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml index dfd90f9..4143a9f 100644 --- a/.github/workflows/plan.yaml +++ b/.github/workflows/plan.yaml @@ -25,6 +25,9 @@ jobs: - name: Setup Homebrew run: | /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" + echo >> ~/.bashrc + echo 'eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv bash)"' >> ~/.bashrc + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv bash)" env: NONINTERACTIVE: 1 From 2aa70ea716bf4960af21f29c0a8dca08d7fd05ab Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Tue, 10 Mar 2026 22:49:12 +0100 Subject: [PATCH 24/39] Test backend config --- .github/workflows/apply.yaml | 6 +++--- .github/workflows/plan.yaml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/apply.yaml b/.github/workflows/apply.yaml index fb968e0..d873cb8 100644 --- a/.github/workflows/apply.yaml +++ b/.github/workflows/apply.yaml @@ -36,8 +36,8 @@ jobs: - name: Install Packer run: | - /home/linuxbrew/.linuxbrew/bin/brew tap hashicorp/tap - /home/linuxbrew/.linuxbrew/bin/brew install hashicorp/tap/packer + apt update + apt install packer - name: Install Talosctl run: /home/linuxbrew/.linuxbrew/bin/brew install siderolabs/tap/talosctl @@ -45,5 +45,5 @@ jobs: - name: Terraform apply uses: dflook/terraform-apply@v2 with: - path: terraform + path: infra backend_config: bucket=${{ env.STATE_BUCKET_NAME }} key=${{ env.STATE_BUCKET_KEY }} \ No newline at end of file diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml index 4143a9f..b8ca7d0 100644 --- a/.github/workflows/plan.yaml +++ b/.github/workflows/plan.yaml @@ -33,8 +33,8 @@ jobs: - name: Install Packer run: | - /home/linuxbrew/.linuxbrew/bin/brew tap hashicorp/tap - /home/linuxbrew/.linuxbrew/bin/brew install hashicorp/tap/packer + apt update + apt install packer - name: Install Talosctl run: /home/linuxbrew/.linuxbrew/bin/brew install siderolabs/tap/talosctl From 5a78008e9643cf9022b343fbe545cad2c082ebb5 Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Tue, 10 Mar 2026 22:50:55 +0100 Subject: [PATCH 25/39] Test backend config --- .github/workflows/apply.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/apply.yaml b/.github/workflows/apply.yaml index d873cb8..67699ec 100644 --- a/.github/workflows/apply.yaml +++ b/.github/workflows/apply.yaml @@ -36,8 +36,8 @@ jobs: - name: Install Packer run: | - apt update - apt install packer + sudo apt update + sudo apt install packer - name: Install Talosctl run: /home/linuxbrew/.linuxbrew/bin/brew install siderolabs/tap/talosctl From 958e54a5d2cd01904a61c86c818cfd2e6a856f5c Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Tue, 10 Mar 2026 22:51:04 +0100 Subject: [PATCH 26/39] Test backend config --- .github/workflows/plan.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml index b8ca7d0..4572f47 100644 --- a/.github/workflows/plan.yaml +++ b/.github/workflows/plan.yaml @@ -33,8 +33,8 @@ jobs: - name: Install Packer run: | - apt update - apt install packer + sudo apt update + sudo apt install packer - name: Install Talosctl run: /home/linuxbrew/.linuxbrew/bin/brew install siderolabs/tap/talosctl From 402fa4137b63f97a464796f9fa63f641446a3fd9 Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Tue, 10 Mar 2026 22:53:44 +0100 Subject: [PATCH 27/39] Test backend config --- .github/workflows/plan.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml index 4572f47..fd7db77 100644 --- a/.github/workflows/plan.yaml +++ b/.github/workflows/plan.yaml @@ -33,6 +33,8 @@ jobs: - name: Install Packer run: | + sudo wget -O - https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg + sudo echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(grep -oP '(?<=UBUNTU_CODENAME=).*' /etc/os-release || lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list sudo apt update sudo apt install packer From f4af7e0cf246dd37b94b199b9f07ec7504c9a0ea Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Tue, 10 Mar 2026 23:06:48 +0100 Subject: [PATCH 28/39] Test backend config --- .github/workflows/apply.yaml | 2 ++ .github/workflows/plan.yaml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/apply.yaml b/.github/workflows/apply.yaml index 67699ec..bad29ed 100644 --- a/.github/workflows/apply.yaml +++ b/.github/workflows/apply.yaml @@ -38,6 +38,8 @@ jobs: run: | sudo apt update sudo apt install packer + packer + locate packer - name: Install Talosctl run: /home/linuxbrew/.linuxbrew/bin/brew install siderolabs/tap/talosctl diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml index fd7db77..f33bb55 100644 --- a/.github/workflows/plan.yaml +++ b/.github/workflows/plan.yaml @@ -39,7 +39,7 @@ jobs: sudo apt install packer - name: Install Talosctl - run: /home/linuxbrew/.linuxbrew/bin/brew install siderolabs/tap/talosctl + run: curl -sL https://talos.dev/install | sh - name: Terraform plan uses: dflook/terraform-plan@v2 From f2a7f20466df18efdf512629e4fe462ba312f3ea Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Tue, 10 Mar 2026 23:19:10 +0100 Subject: [PATCH 29/39] Test backend config --- .github/workflows/plan.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml index f33bb55..f15c189 100644 --- a/.github/workflows/plan.yaml +++ b/.github/workflows/plan.yaml @@ -37,6 +37,8 @@ jobs: sudo echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(grep -oP '(?<=UBUNTU_CODENAME=).*' /etc/os-release || lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list sudo apt update sudo apt install packer + packer + locate packer - name: Install Talosctl run: curl -sL https://talos.dev/install | sh From 87358a4d735814b94e035d7385627bf4ecfee7ff Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Tue, 10 Mar 2026 23:20:54 +0100 Subject: [PATCH 30/39] Test backend config --- .github/workflows/plan.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml index f15c189..f33bb55 100644 --- a/.github/workflows/plan.yaml +++ b/.github/workflows/plan.yaml @@ -37,8 +37,6 @@ jobs: sudo echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(grep -oP '(?<=UBUNTU_CODENAME=).*' /etc/os-release || lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list sudo apt update sudo apt install packer - packer - locate packer - name: Install Talosctl run: curl -sL https://talos.dev/install | sh From 4157ab472dae1159e4618ace4d3bbc5a8da4729e Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Tue, 10 Mar 2026 23:27:06 +0100 Subject: [PATCH 31/39] Test backend config --- .github/workflows/plan.yaml | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml index f33bb55..c81b5a0 100644 --- a/.github/workflows/plan.yaml +++ b/.github/workflows/plan.yaml @@ -22,14 +22,14 @@ jobs: - name: Checkout uses: actions/checkout@v4 - - name: Setup Homebrew - run: | - /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" - echo >> ~/.bashrc - echo 'eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv bash)"' >> ~/.bashrc - eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv bash)" - env: - NONINTERACTIVE: 1 + # - name: Setup Homebrew + # run: | + # /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" + # echo >> ~/.bashrc + # echo 'eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv bash)"' >> ~/.bashrc + # eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv bash)" + # env: + # NONINTERACTIVE: 1 - name: Install Packer run: | @@ -41,6 +41,11 @@ jobs: - name: Install Talosctl run: curl -sL https://talos.dev/install | sh + - name: Test + run: | + whereis packer + whereis talosctl + - name: Terraform plan uses: dflook/terraform-plan@v2 with: From 468ca534077c1bfa8391066198a98a1c4b99706e Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Tue, 10 Mar 2026 23:30:11 +0100 Subject: [PATCH 32/39] Test backend config --- .github/workflows/plan.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml index c81b5a0..962cc57 100644 --- a/.github/workflows/plan.yaml +++ b/.github/workflows/plan.yaml @@ -43,8 +43,10 @@ jobs: - name: Test run: | - whereis packer - whereis talosctl + command -v packer >/dev/null + echo $? + command -v talosctl >/dev/null + echo $? - name: Terraform plan uses: dflook/terraform-plan@v2 From 4d5824f64c9d66ac78bfb8b9b264f677c7cbad24 Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Tue, 10 Mar 2026 23:32:48 +0100 Subject: [PATCH 33/39] Test backend config --- .github/workflows/plan.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml index 962cc57..b880089 100644 --- a/.github/workflows/plan.yaml +++ b/.github/workflows/plan.yaml @@ -47,6 +47,7 @@ jobs: echo $? command -v talosctl >/dev/null echo $? + shell: sh - name: Terraform plan uses: dflook/terraform-plan@v2 From 1fb0839b19f9fbedb051373eb6c7c1b666f5cbc8 Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Tue, 10 Mar 2026 23:56:56 +0100 Subject: [PATCH 34/39] Test backend config --- .github/workflows/plan.yaml | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml index b880089..39a4155 100644 --- a/.github/workflows/plan.yaml +++ b/.github/workflows/plan.yaml @@ -42,12 +42,24 @@ jobs: run: curl -sL https://talos.dev/install | sh - name: Test - run: | - command -v packer >/dev/null - echo $? - command -v talosctl >/dev/null - echo $? shell: sh + run: | + set -eu + missing=0 + if ! command -v packer >/dev/null 2>&1; then + printf '\n%s' ' - packer is not installed or not in PATH. Install it at https://developer.hashicorp.com/packer/install' >&2 + missing=1 + fi + if ! command -v jq >/dev/null 2>&1; then + printf '\n%s' ' - jq is not installed or not in PATH. Install it at https://jqlang.org/download/' >&2 + missing=1 + fi + if ! command -v talosctl >/dev/null 2>&1; then + printf '\n%s' ' - talosctl is not installed or not in PATH. Install it at https://www.talos.dev/latest/talos-guides/install/talosctl' >&2 + missing=1 + fi + printf '%s' '{}' + exit "$missing" - name: Terraform plan uses: dflook/terraform-plan@v2 From 5399be601ade07dea7298f18dc892fb2689969b8 Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Wed, 11 Mar 2026 00:08:05 +0100 Subject: [PATCH 35/39] Test backend config --- .github/workflows/plan.yaml | 48 +++++++++++++++---------------------- 1 file changed, 19 insertions(+), 29 deletions(-) diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml index 39a4155..0669978 100644 --- a/.github/workflows/plan.yaml +++ b/.github/workflows/plan.yaml @@ -31,38 +31,28 @@ jobs: # env: # NONINTERACTIVE: 1 - - name: Install Packer - run: | - sudo wget -O - https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg - sudo echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(grep -oP '(?<=UBUNTU_CODENAME=).*' /etc/os-release || lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list - sudo apt update - sudo apt install packer - - - name: Install Talosctl - run: curl -sL https://talos.dev/install | sh + # - name: Install Packer + # run: | + # sudo wget -O - https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg + # sudo echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(grep -oP '(?<=UBUNTU_CODENAME=).*' /etc/os-release || lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list + # sudo apt update + # sudo apt install packer - - name: Test - shell: sh - run: | - set -eu - missing=0 - if ! command -v packer >/dev/null 2>&1; then - printf '\n%s' ' - packer is not installed or not in PATH. Install it at https://developer.hashicorp.com/packer/install' >&2 - missing=1 - fi - if ! command -v jq >/dev/null 2>&1; then - printf '\n%s' ' - jq is not installed or not in PATH. Install it at https://jqlang.org/download/' >&2 - missing=1 - fi - if ! command -v talosctl >/dev/null 2>&1; then - printf '\n%s' ' - talosctl is not installed or not in PATH. Install it at https://www.talos.dev/latest/talos-guides/install/talosctl' >&2 - missing=1 - fi - printf '%s' '{}' - exit "$missing" + # - name: Install Talosctl + # run: curl -sL https://talos.dev/install | sh - name: Terraform plan uses: dflook/terraform-plan@v2 with: path: infra - backend_config: bucket=${{ env.STATE_BUCKET_NAME }} key=${{ env.STATE_BUCKET_KEY }} \ No newline at end of file + backend_config: bucket=${{ env.STATE_BUCKET_NAME }} key=${{ env.STATE_BUCKET_KEY }} + env: + TERRAFORM_PRE_RUN: | + # Install latest Packer + sudo wget -O - https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg + sudo echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(grep -oP '(?<=UBUNTU_CODENAME=).*' /etc/os-release || lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list + sudo apt update + sudo apt install packer + + # Install latest Talosctl + curl -sL https://talos.dev/install | sh \ No newline at end of file From fce291d0e0dcdb1a95d75ea9699ab0dc69a87d11 Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Wed, 11 Mar 2026 00:09:47 +0100 Subject: [PATCH 36/39] Test backend config --- .github/workflows/plan.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml index 0669978..78f0557 100644 --- a/.github/workflows/plan.yaml +++ b/.github/workflows/plan.yaml @@ -49,10 +49,10 @@ jobs: env: TERRAFORM_PRE_RUN: | # Install latest Packer - sudo wget -O - https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg - sudo echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(grep -oP '(?<=UBUNTU_CODENAME=).*' /etc/os-release || lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list - sudo apt update - sudo apt install packer + wget -O - https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg + echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(grep -oP '(?<=UBUNTU_CODENAME=).*' /etc/os-release || lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list + apt update + apt install packer # Install latest Talosctl curl -sL https://talos.dev/install | sh \ No newline at end of file From fd01c45a3afbc001e57c95d229615445ce7d02b5 Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Wed, 11 Mar 2026 00:10:41 +0100 Subject: [PATCH 37/39] Test backend config --- .github/workflows/plan.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml index 78f0557..1313e72 100644 --- a/.github/workflows/plan.yaml +++ b/.github/workflows/plan.yaml @@ -49,8 +49,8 @@ jobs: env: TERRAFORM_PRE_RUN: | # Install latest Packer - wget -O - https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg - echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(grep -oP '(?<=UBUNTU_CODENAME=).*' /etc/os-release || lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list + wget -O - https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg + echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(grep -oP '(?<=UBUNTU_CODENAME=).*' /etc/os-release || lsb_release -cs) main" | tee /etc/apt/sources.list.d/hashicorp.list apt update apt install packer From 4d09608673e7536e278e02fc352e97a513751336 Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Wed, 11 Mar 2026 00:13:11 +0100 Subject: [PATCH 38/39] Test backend config --- .github/workflows/plan.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml index 1313e72..213c4a1 100644 --- a/.github/workflows/plan.yaml +++ b/.github/workflows/plan.yaml @@ -48,11 +48,14 @@ jobs: backend_config: bucket=${{ env.STATE_BUCKET_NAME }} key=${{ env.STATE_BUCKET_KEY }} env: TERRAFORM_PRE_RUN: | + # Install prerequisites + apt install -y lsb-release + # Install latest Packer wget -O - https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(grep -oP '(?<=UBUNTU_CODENAME=).*' /etc/os-release || lsb_release -cs) main" | tee /etc/apt/sources.list.d/hashicorp.list apt update - apt install packer + apt install -y packer # Install latest Talosctl curl -sL https://talos.dev/install | sh \ No newline at end of file From 28c7e32803ed2c67a158d54f20f95562ed958d60 Mon Sep 17 00:00:00 2001 From: Jona Koudijs Date: Wed, 11 Mar 2026 00:14:03 +0100 Subject: [PATCH 39/39] Test backend config --- .github/workflows/plan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml index 213c4a1..6f02ed2 100644 --- a/.github/workflows/plan.yaml +++ b/.github/workflows/plan.yaml @@ -49,12 +49,12 @@ jobs: env: TERRAFORM_PRE_RUN: | # Install prerequisites + apt update apt install -y lsb-release # Install latest Packer wget -O - https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(grep -oP '(?<=UBUNTU_CODENAME=).*' /etc/os-release || lsb_release -cs) main" | tee /etc/apt/sources.list.d/hashicorp.list - apt update apt install -y packer # Install latest Talosctl