terraform-proxmox/prep.sh at master · joevizcara/terraform-proxmox · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
#!/bin/bash

cat << 'EOF'
╭───────────────────────────────────╮
│ Proxmox GitOps - This script will │
│ manifest an Ubuntu LXC that hosts │
│ GitLab Runner and OpenTofu to     │
│ manage your Proxmox resources.    │
│ Press Enter to proceed.           │
╰───────────────────────────────────╯
EOF

read -p ""
echo The script is preparing your PVE. Please maintain this console open.
echo ────────────────────────────────────────────────────────────────────
sleep 2

VMID=100
EXISTING_VMIDS=$( ( qm list | awk 'NR>1 {print $1}' ; pct list | awk 'NR>1 {print $1}' ) | sort -nu )

does_vmid_exist() {
    local vmid=$1
    echo "$EXISTING_VMIDS" | grep -qw "$vmid"
}

while does_vmid_exist $VMID ; do
    VMID=$(( VMID + 1 ))
done

pveam download local ubuntu-24.04-standard_24.04-2_amd64.tar.zst

pct create $VMID local:vztmpl/ubuntu-24.04-standard_24.04-2_amd64.tar.zst \
  --hostname gitlab-runner \
  --password changeme \
  --unprivileged 1 \
  --cores 1 \
  --memory 512 \
  --swap 0 \
  --storage local-lvm \
  --rootfs 4 \
  --net0 name=eth0,bridge=vmbr0,ip=dhcp
  # --onboot 1

pct start $VMID && \

sleep 7 && \

pct exec $VMID -- apt update && \
pct exec $VMID -- apt full-upgrade -y && \
pct exec $VMID -- apt install curl -y && \
pct exec $VMID -- curl --proto '=https' --tlsv1.2 -fsSL https://get.opentofu.org/install-opentofu.sh -o install-opentofu.sh && \
pct exec $VMID -- chmod +x install-opentofu.sh && \
pct exec $VMID -- ./install-opentofu.sh --install-method deb && \
pct exec $VMID -- wget https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh && \
pct exec $VMID -- chmod +x script.deb.sh && \
pct exec $VMID -- ./script.deb.sh && \
pct exec $VMID -- apt install gitlab-runner -y && \
read -p "Enter the Authentication Token of your GitLab Project Runner: " PROJECT_REGISTRATION_TOKEN && \
pct exec $VMID -- gitlab-runner register --non-interactive --url "https://gitlab.com/" --registration-token "$PROJECT_REGISTRATION_TOKEN" --executor "shell" --description "GitLab Runner on PVE LXC" --maintenance-note "" --tag-list "" --run-untagged="true" --locked="false" --access-level="not_protected" && \
pct exec $VMID -- mkdir -p /home/gitlab-runner/.ssh/ && \
pct exec $VMID -- chown -R gitlab-runner:gitlab-runner /home/gitlab-runner/ && \
pct exec $VMID -- ssh-keygen -t rsa -f /home/gitlab-runner/.ssh/id_rsa -N "" && \
pct exec $VMID -- bash -c "ssh-copy-id -i /home/gitlab-runner/.ssh/id_rsa.pub -o StrictHostKeyChecking=no root@$(awk 'NR==2 {print $1}' /etc/hosts)" && \
pct exec $VMID -- chown -R gitlab-runner:gitlab-runner /home/gitlab-runner/ && \
pct exec $VMID -- bash -c "cp /home/gitlab-runner/.ssh/* .ssh" && \
pct exec $VMID -- reboot && \

pveum user add tofu-user@pam && \

pveum group add tofu-group && \

pveum user modify tofu-user@pam -group tofu-group && \

pveum role add tofu-role -privs "Datastore.Allocate Datastore.AllocateSpace Datastore.AllocateTemplate Datastore.Audit Group.Allocate Mapping.Audit Mapping.Modify Mapping.Use Permissions.Modify Pool.Allocate Pool.Audit Realm.Allocate Realm.AllocateUser SDN.Allocate SDN.Audit SDN.Use Sys.AccessNetwork Sys.Audit Sys.Console Sys.Incoming Sys.Modify Sys.PowerMgmt Sys.Syslog User.Modify VM.Allocate VM.Audit VM.Backup VM.Clone VM.Config.CDROM VM.Config.CPU VM.Config.Cloudinit VM.Config.Disk VM.Config.HWType VM.Config.Memory VM.Config.Network VM.Config.Options VM.Console VM.GuestAgent.Audit VM.GuestAgent.FileRead VM.GuestAgent.FileSystemMgmt VM.GuestAgent.FileWrite VM.GuestAgent.Unrestricted VM.Migrate VM.PowerMgmt VM.Replicate VM.Snapshot VM.Snapshot.Rollback" && \

pveum user token add tofu-user@pam tofu-token -privsep 0 > credentials.txt && \

pveum acl modify / -group tofu-group -role tofu-role && \

pvesm set local --content import,rootdir,images,iso,vztmpl,backup,snippets && \

echo -e "\nGitLab Runner LXC\nun: root\npw: changeme\n" >> credentials.txt && \

cat << 'EOF'
╭───────────────────────────────────────────────────────╮
│ The Proxmox API token and runner LXC credentials are  │
│ in plain text at ./credentials.txt. Consider deleting │
│ that file after saving it into somewhere secure.      │
╰───────────────────────────────────────────────────────╯
EOF