Terraform

Docker/NPM/docker-compose.yaml

@@ -0,0 +1,38 @@
+version: '3.8'
+services:
+  app:
+    image: 'jc21/nginx-proxy-manager:latest'
+    restart: unless-stopped
+    ports:
+      # These ports are in format <host-port>:<container-port>
+      - '80:80' # Public HTTP Port
+      - '443:443' # Public HTTPS Port
+      - '81:81' # Admin Web Port
+      # Add any other Stream port you want to expose
+      # - '21:21' # FTP
+    environment:
+      # Mysql/Maria connection parameters:
+      DB_MYSQL_HOST: "db"
+      DB_MYSQL_PORT: 3306
+      DB_MYSQL_USER: "npm"
+      DB_MYSQL_PASSWORD: "npm"
+      DB_MYSQL_NAME: "npm"
+      # Uncomment this if IPv6 is not enabled on your host
+      # DISABLE_IPV6: 'true'
+    volumes:
+      - ./data:/data
+      - ./letsencrypt:/etc/letsencrypt
+    depends_on:
+      - db
+
+  db:
+    image: 'jc21/mariadb-aria:latest'
+    restart: unless-stopped
+    environment:
+      MYSQL_ROOT_PASSWORD: 'npm'
+      MYSQL_DATABASE: 'npm'
+      MYSQL_USER: 'npm'
+      MYSQL_PASSWORD: 'npm'
+      MARIADB_AUTO_UPGRADE: '1'
+    volumes:
+      - ./mysql:/var/lib/mysql

Docker/gitea/docker-compose.yaml

@@ -0,0 +1,51 @@
+version: "3"
+
+services:
+  traefik:
+    image: traefik:v2.9
+    container_name: traefik
+    ports:
+      - "80:80"
+      - "443:443"
+    command:
+      - "--api.insecure=true"  # Открытая панель управления Traefik, не рекомендуется для продакшена
+      - "--providers.docker=true"  # Включаем динамическое определение маршрутов на основе Docker контейнеров
+      - "--entrypoints.web.address=:80"  # HTTP (80 порт)
+      - "--entrypoints.websecure.address=:443"  # HTTPS (443 порт)
+      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"  # Включаем HTTP challenge для Let's Encrypt
+      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"  # Указываем HTTP endpoint для ACME
+      - "--certificatesresolvers.myresolver.acme.email=gba404@gmail.com"  # Ваш email для регистрации с Let's Encrypt
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"  # Файл для хранения сертификатов
+    volumes:
+      - ./letsencrypt:/letsencrypt  # Хранение сертификатов
+      - /var/run/docker.sock:/var/run/docker.sock:ro  # Доступ к Docker сокету
+
+  gitea:
+    image: gitea/gitea:latest
+    container_name: gitea
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+      - DB_TYPE=mysql
+      - DB_HOST=db:3306
+      - DB_NAME=gitea
+      - DB_USER=gitea
+      - DB_PASSWD=gitea_pass
+      - ROOT_URL=https://git.playgba.ru
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.gitea.rule=Host(`git.playgba.ru`)"  # Определение маршрута на основе домена
+      - "traefik.http.routers.gitea.entrypoints=websecure"  # Используем HTTPS
+      - "traefik.http.routers.gitea.tls.certresolver=myresolver"  # Указываем резолвер для получения сертификатов
+      - "traefik.http.services.gitea.loadbalancer.server.port=3000"  # Порт, на который проксируется запрос
+
+  db:
+    image: mysql:8.0
+    container_name: gitea_db
+    environment:
+      - MYSQL_ROOT_PASSWORD=8148
+      - MYSQL_DATABASE=gitea
+      - MYSQL_USER=gitea
+      - MYSQL_PASSWORD=1488
+    volumes:
+      - ./mysql:/var/lib/mysql

Docker/nextcloud/docker-compose.yaml

@@ -0,0 +1,37 @@
+version: '3'
+
+services:
+  nextcloud:
+    image: nextcloud:latest
+    restart: always
+    ports:
+      - 8080:80
+    volumes:
+      - ./nextcloud:/var/www/html
+    environment:
+      - POSTGRES_HOST=db
+      - POSTGRES_PASSWORD=8148
+      - POSTGRES_USER=next
+      - POSTGRES_DB=nextcloud
+    depends_on:
+      - db
+      - redis
+
+  db:
+    image: postgres:15
+    restart: always
+    volumes:
+      - ./db:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_DB=nextcloud
+      - POSTGRES_USER=next
+      - POSTGRES_PASSWORD=8148
+
+  redis:
+    image: redis:bookworm
+    restart: always
+    command: redis-server --requirepass 8148
+    environment:
+      - REDIS_PASSWORD=8148
+    volumes:
+      - ./redis:/data

NPM.tf

@@ -0,0 +1,52 @@
+resource "proxmox_vm_qemu" "NPM" {
+  count       = 1
+  name        = "NPM"
+  target_node = var.proxmox_host
+  clone       = "ubuntu-2404-template"
+  agent       = 1
+  os_type     = "cloud-init"
+  cores       = 2
+  sockets     = 1
+  cpu         = "host"
+  vmid        = 101
+  vcpus       = 1
+  memory      = 2048
+  scsihw      = "virtio-scsi-pci"
+  bootdisk    = "scsi0"
+  full_clone  = true
+
+  # Основной диск
+  disk {
+    slot     = "scsi0"
+    size     = "10G"
+    type     = "disk"
+    storage  = "local-lvm"
+    iothread = true
+    backup  = true
+  }
+
+  # Диск для cloud-init
+  disk {
+    slot    = "scsi1"
+    type    = "cloudinit"
+    storage = "local-lvm"
+  }
+
+  # Сетевой интерфейс
+  network {
+    model  = "virtio"
+    bridge = "vmbr0"
+  }
+
+  # Настройки сети для cloud-init
+  ipconfig0 = "ip=192.168.0.101/24,gw=192.168.0.1"
+
+  ciuser     = "root"
+  cipassword = "8148"
+  cicustom   = "user=local:snippets/NPM.yml"
+  
+  # Игнорирование изменений после создания виртуальной машины
+  lifecycle {
+    ignore_changes = [network, disk, bootdisk]
+  }
+}

cloud-init/NPM.yml

@@ -0,0 +1,19 @@
+#cloud-config
+users:
+  - name: root
+    ssh-authorized-keys:
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDItH73+vTvxxgMlv8vzpRt59KeKykYGhMhOCt+uWxbsuhjPvXRQC6dCwuDLy8heiYFO8bklOiLxLtz3GBOtp4OcjVRkgS7L4+qUn8QkAaJPQeEUuKADrCpxxLz0rYsgLo9WvQ9HS/WS15wmMHbSufGjXjhApZ3VODMyrtdaDOoyKm+YMahxY577TkX3yIdv3+yENPhP+rNdcWxFKYvEzOz2XACvq81fxfcYLN5opPbz+UILnQSyxI+TxZtzq3icPQAsVXPmZGBbryiSk3e5tFhE7ORkw1I2QG4CBEPZx+gAhbO0p3sCcdpLF7z4HxaGzJKpy6V8JxZHmLJCgQeSsgaeP3OvTU/lgsWw6xphEpQqJmb9dMjtJMyV8I/PxrLPP9ikh5tcqlXENLXSc6V4BkI1NUJZhYm0sYPcWW2ZeYy6gGzYiSgu3wqzqf0yG9j8NnMtdyvBLMhNKasqfd0CRK+CQ3apMghC68X7JK7CDA/edjfl2MA/QJ2ZoYBBzyXd9vUJgMlyZaxXG9NIA7rU88OZTmS+43y1BRNlkXh231EjtH7h25n+nYxYInFtFWbbi1liORxVO622Y4YnCdTJFoyiFGsuzSaDYfjRMzSHOjnUlUVsqYHPIfH6h/ZH5vVrAMihnIhqJDbi1rLtZVx0GsmpXMAWAee2oi4rEcEynydMQ== gba404@gmail.com
+    lock_passwd: false
+    passwd: 8148
+hostname: NPM
+package_update: true
+package_upgrade: true
+packages:
+  - curl
+  - docker.io
+  - docker-compose
+  - fish
+  - htop
+runcmd:
+  - systemctl start docker
+  - systemctl enable docker

cloud-init/gitea.yml

@@ -0,0 +1,19 @@
+#cloud-config
+users:
+  - name: root
+    ssh-authorized-keys:
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDItH73+vTvxxgMlv8vzpRt59KeKykYGhMhOCt+uWxbsuhjPvXRQC6dCwuDLy8heiYFO8bklOiLxLtz3GBOtp4OcjVRkgS7L4+qUn8QkAaJPQeEUuKADrCpxxLz0rYsgLo9WvQ9HS/WS15wmMHbSufGjXjhApZ3VODMyrtdaDOoyKm+YMahxY577TkX3yIdv3+yENPhP+rNdcWxFKYvEzOz2XACvq81fxfcYLN5opPbz+UILnQSyxI+TxZtzq3icPQAsVXPmZGBbryiSk3e5tFhE7ORkw1I2QG4CBEPZx+gAhbO0p3sCcdpLF7z4HxaGzJKpy6V8JxZHmLJCgQeSsgaeP3OvTU/lgsWw6xphEpQqJmb9dMjtJMyV8I/PxrLPP9ikh5tcqlXENLXSc6V4BkI1NUJZhYm0sYPcWW2ZeYy6gGzYiSgu3wqzqf0yG9j8NnMtdyvBLMhNKasqfd0CRK+CQ3apMghC68X7JK7CDA/edjfl2MA/QJ2ZoYBBzyXd9vUJgMlyZaxXG9NIA7rU88OZTmS+43y1BRNlkXh231EjtH7h25n+nYxYInFtFWbbi1liORxVO622Y4YnCdTJFoyiFGsuzSaDYfjRMzSHOjnUlUVsqYHPIfH6h/ZH5vVrAMihnIhqJDbi1rLtZVx0GsmpXMAWAee2oi4rEcEynydMQ== gba404@gmail.com
+    lock_passwd: false
+    passwd: 8148
+hostname: gitea
+package_update: true
+package_upgrade: true
+packages:
+  - curl
+  - docker.io
+  - docker-compose
+  - fish
+  - htop
+runcmd:
+  - systemctl start docker
+  - systemctl enable docker

cloud-init/next-cloud.yml

@@ -0,0 +1,19 @@
+#cloud-config
+users:
+  - name: root
+    ssh-authorized-keys:
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDItH73+vTvxxgMlv8vzpRt59KeKykYGhMhOCt+uWxbsuhjPvXRQC6dCwuDLy8heiYFO8bklOiLxLtz3GBOtp4OcjVRkgS7L4+qUn8QkAaJPQeEUuKADrCpxxLz0rYsgLo9WvQ9HS/WS15wmMHbSufGjXjhApZ3VODMyrtdaDOoyKm+YMahxY577TkX3yIdv3+yENPhP+rNdcWxFKYvEzOz2XACvq81fxfcYLN5opPbz+UILnQSyxI+TxZtzq3icPQAsVXPmZGBbryiSk3e5tFhE7ORkw1I2QG4CBEPZx+gAhbO0p3sCcdpLF7z4HxaGzJKpy6V8JxZHmLJCgQeSsgaeP3OvTU/lgsWw6xphEpQqJmb9dMjtJMyV8I/PxrLPP9ikh5tcqlXENLXSc6V4BkI1NUJZhYm0sYPcWW2ZeYy6gGzYiSgu3wqzqf0yG9j8NnMtdyvBLMhNKasqfd0CRK+CQ3apMghC68X7JK7CDA/edjfl2MA/QJ2ZoYBBzyXd9vUJgMlyZaxXG9NIA7rU88OZTmS+43y1BRNlkXh231EjtH7h25n+nYxYInFtFWbbi1liORxVO622Y4YnCdTJFoyiFGsuzSaDYfjRMzSHOjnUlUVsqYHPIfH6h/ZH5vVrAMihnIhqJDbi1rLtZVx0GsmpXMAWAee2oi4rEcEynydMQ== gba404@gmail.com
+    lock_passwd: false
+    passwd: 8148
+hostname: next-cloud
+package_update: true
+package_upgrade: true
+packages:
+  - curl
+  - docker.io
+  - docker-compose
+  - fish
+  - htop
+runcmd:
+  - systemctl start docker
+  - systemctl enable docker

cloud-init/planka.yml

@@ -0,0 +1,84 @@
+#cloud-config
+users:
+  - name: root
+    ssh-authorized-keys:
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDItH73+vTvxxgMlv8vzpRt59KeKykYGhMhOCt+uWxbsuhjPvXRQC6dCwuDLy8heiYFO8bklOiLxLtz3GBOtp4OcjVRkgS7L4+qUn8QkAaJPQeEUuKADrCpxxLz0rYsgLo9WvQ9HS/WS15wmMHbSufGjXjhApZ3VODMyrtdaDOoyKm+YMahxY577TkX3yIdv3+yENPhP+rNdcWxFKYvEzOz2XACvq81fxfcYLN5opPbz+UILnQSyxI+TxZtzq3icPQAsVXPmZGBbryiSk3e5tFhE7ORkw1I2QG4CBEPZx+gAhbO0p3sCcdpLF7z4HxaGzJKpy6V8JxZHmLJCgQeSsgaeP3OvTU/lgsWw6xphEpQqJmb9dMjtJMyV8I/PxrLPP9ikh5tcqlXENLXSc6V4BkI1NUJZhYm0sYPcWW2ZeYy6gGzYiSgu3wqzqf0yG9j8NnMtdyvBLMhNKasqfd0CRK+CQ3apMghC68X7JK7CDA/edjfl2MA/QJ2ZoYBBzyXd9vUJgMlyZaxXG9NIA7rU88OZTmS+43y1BRNlkXh231EjtH7h25n+nYxYInFtFWbbi1liORxVO622Y4YnCdTJFoyiFGsuzSaDYfjRMzSHOjnUlUVsqYHPIfH6h/ZH5vVrAMihnIhqJDbi1rLtZVx0GsmpXMAWAee2oi4rEcEynydMQ== gba404@gmail.com
+    lock_passwd: false
+    passwd: $1$/bB7Q1vR$Nz4PtA52uDdF6.pc.haec/
+hostname: planka
+package_update: true
+package_upgrade: true
+packages:
+  - curl
+  - docker.io
+  - docker-compose
+  - fish
+  - htop
+write_files:
+  - path: /root/docker-compose.yaml
+    content: |
+      version: '3'
+
+      services:
+        planka:
+          image: ghcr.io/plankanban/planka:latest
+          restart: on-failure
+          volumes:
+            - user-avatars:/app/public/user-avatars
+            - project-background-images:/app/public/project-background-images
+            - attachments:/app/private/attachments
+          ports:
+            - 3001:1337
+          environment:
+            - BASE_URL=http://192.168.0.104:3001
+            - DATABASE_URL=postgresql://postgres@postgres/planka
+            - SECRET_KEY=0aa5a62d38f7733356c6bcd22e570837d98898863c7f9275df279ae35b1dc968da9cd936de23de397e6051a288fa73d12c056a8b9da4da7d37f2d8fcfe8a00b7
+            - DEFAULT_ADMIN_EMAIL=gba404@gmail.com
+            - DEFAULT_ADMIN_PASSWORD=8148
+            - DEFAULT_ADMIN_NAME=Admin Admin
+            - DEFAULT_ADMIN_USERNAME=root
+          depends_on:
+            postgres:
+              condition: service_healthy
+
+        postgres:
+          image: postgres:16-alpine
+          restart: on-failure
+          volumes:
+            - db-data:/var/lib/postgresql/data
+          environment:
+            - POSTGRES_DB=planka
+            - POSTGRES_HOST_AUTH_METHOD=trust
+          healthcheck:
+            test: ["CMD-SHELL", "pg_isready -U postgres -d planka"]
+            interval: 10s
+            timeout: 5s
+            retries: 5
+
+      volumes:
+        user-avatars:
+        project-background-images:
+        attachments:
+        db-data:
+
+  - path: /etc/systemd/system/docker-compose.service
+    content: |
+      [Unit]
+      Description=Docker Compose Application Service
+      Requires=docker.service
+      After=docker.service
+
+      [Service]
+      WorkingDirectory=/root
+      ExecStart=/usr/local/bin/docker-compose up -d
+      ExecStop=/usr/local/bin/docker-compose down
+      Restart=always
+      TimeoutStartSec=0
+
+      [Install]
+      WantedBy=multi-user.target
+
+runcmd:
+  - systemctl daemon-reload
+  - systemctl enable docker-compose.service
+  - systemctl start docker-compose.service

gitea.tf

@@ -0,0 +1,52 @@
+resource "proxmox_vm_qemu" "gitea" {
+  count       = 1
+  name        = "gitea"
+  target_node = var.proxmox_host
+  clone       = "ubuntu-2404-template"
+  agent       = 1
+  os_type     = "cloud-init"
+  vmid        = 103
+  cores       = 2
+  sockets     = 1
+  cpu         = "host"
+  vcpus       = 1
+  memory      = 4096
+  scsihw      = "virtio-scsi-pci"
+  bootdisk    = "scsi0"
+  full_clone  = true
+
+  # Основной диск
+  disk {
+    slot     = "scsi0"
+    size     = "20G"
+    type     = "disk"
+    storage  = "local-lvm"
+    iothread = true
+  }
+
+  # Диск для cloud-init
+  disk {
+    slot    = "scsi1"
+    type    = "cloudinit"
+    storage = "local-lvm"
+    backup  = true
+  }
+
+  # Сетевой интерфейс
+  network {
+    model  = "virtio"
+    bridge = "vmbr0"
+  }
+
+  # Настройки сети для cloud-init
+  ipconfig0 = "ip=192.168.0.103/24,gw=192.168.0.1"
+
+  ciuser     = "root"
+  cipassword = "8148"
+  cicustom   = "user=local:snippets/gitea.yml"
+  
+  # Игнорирование изменений после создания виртуальной машины
+  lifecycle {
+    ignore_changes = [network, disk, bootdisk]
+  }
+}

main.tf

@@ -0,0 +1,16 @@
+terraform {
+  required_providers {
+    proxmox = {
+      source = "registry.local/telmate/proxmox"
+      version = "3.0.1-rc4"
+    }
+  }
+}
+ 
+provider "proxmox" {
+  pm_api_url          = var.api_url
+  pm_api_token_id     = var.token_id
+  pm_api_token_secret = var.token_secret
+  pm_tls_insecure     = true # Change to false if you have your 
+  pm_parallel = 1
+}

nextcloud.tf

@@ -0,0 +1,52 @@
+resource "proxmox_vm_qemu" "next-cloud" {
+  count       = 1
+  name        = "next-cloud"
+  target_node = var.proxmox_host
+  clone       = "ubuntu-2404-template"
+  agent       = 1
+  os_type     = "cloud-init"
+  vmid        = 102
+  cores       = 2
+  sockets     = 1
+  cpu         = "host"
+  vcpus       = 1
+  memory      = 4096
+  scsihw      = "virtio-scsi-pci"
+  bootdisk    = "scsi0"
+  full_clone  = true
+
+  # Основной диск
+  disk {
+    slot     = "scsi0"
+    size     = "50G"
+    type     = "disk"
+    storage  = "local-lvm"
+    iothread = true
+  }
+
+  # Диск для cloud-init
+  disk {
+    slot    = "scsi1"
+    type    = "cloudinit"
+    storage = "local-lvm"
+    backup  = true
+  }
+
+  # Сетевой интерфейс
+  network {
+    model  = "virtio"
+    bridge = "vmbr0"
+  }
+
+  # Настройки сети для cloud-init
+  ipconfig0 = "ip=192.168.0.102/24,gw=192.168.0.1"
+
+  ciuser     = "root"
+  cipassword = "8148"
+  cicustom   = "user=local:snippets/next-cloud.yml"
+  
+  # Игнорирование изменений после создания виртуальной машины
+  lifecycle {
+    ignore_changes = [network, disk, bootdisk]
+  }
+}

planka.tf

@@ -0,0 +1,52 @@
+resource "proxmox_vm_qemu" "planka" {
+  count       = 1
+  name        = "planka"
+  target_node = var.proxmox_host
+  clone       = "ubuntu-2404-template"
+  agent       = 1
+  os_type     = "cloud-init"
+  vmid        = 104
+  cores       = 2
+  sockets     = 1
+  cpu         = "host"
+  vcpus       = 1
+  memory      = 4096
+  scsihw      = "virtio-scsi-pci"
+  bootdisk    = "scsi0"
+  full_clone  = true
+
+  # Основной диск
+  disk {
+    slot     = "scsi0"
+    size     = "20G"
+    type     = "disk"
+    storage  = "local-lvm"
+    iothread = true
+  }
+
+  # Диск для cloud-init
+  disk {
+    slot    = "scsi1"
+    type    = "cloudinit"
+    storage = "local-lvm"
+    backup  = true
+  }
+
+  # Сетевой интерфейс
+  network {
+    model  = "virtio"
+    bridge = "vmbr0"
+  }
+
+  # Настройки сети для cloud-init
+  ipconfig0 = "ip=192.168.0.104/24,gw=192.168.0.1"
+
+  ciuser     = "root"
+  cipassword = "8148"
+  cicustom   = "user=local:snippets/planka.yml"
+  
+  # Игнорирование изменений после создания виртуальной машины
+  lifecycle {
+    ignore_changes = [network, disk, bootdisk]
+  }
+}

vars.tf

@@ -0,0 +1,20 @@
+variable "ssh_key" {
+  default = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDItH73+vTvxxgMlv8vzpRt59KeKykYGhMhOCt+uWxbsuhjPvXRQC6dCwuDLy8heiYFO8bklOiLxLtz3GBOtp4OcjVRkgS7L4+qUn8QkAaJPQeEUuKADrCpxxLz0rYsgLo9WvQ9HS/WS15wmMHbSufGjXjhApZ3VODMyrtdaDOoyKm+YMahxY577TkX3yIdv3+yENPhP+rNdcWxFKYvEzOz2XACvq81fxfcYLN5opPbz+UILnQSyxI+TxZtzq3icPQAsVXPmZGBbryiSk3e5tFhE7ORkw1I2QG4CBEPZx+gAhbO0p3sCcdpLF7z4HxaGzJKpy6V8JxZHmLJCgQeSsgaeP3OvTU/lgsWw6xphEpQqJmb9dMjtJMyV8I/PxrLPP9ikh5tcqlXENLXSc6V4BkI1NUJZhYm0sYPcWW2ZeYy6gGzYiSgu3wqzqf0yG9j8NnMtdyvBLMhNKasqfd0CRK+CQ3apMghC68X7JK7CDA/edjfl2MA/QJ2ZoYBBzyXd9vUJgMlyZaxXG9NIA7rU88OZTmS+43y1BRNlkXh231EjtH7h25n+nYxYInFtFWbbi1liORxVO622Y4YnCdTJFoyiFGsuzSaDYfjRMzSHOjnUlUVsqYHPIfH6h/ZH5vVrAMihnIhqJDbi1rLtZVx0GsmpXMAWAee2oi4rEcEynydMQ== gba404@gmail.com"
+}
+variable "api_url" {
+  # The Proxmox Web UI address, with /api2/json added to it.
+  default = "https://192.168.0.100:8006/api2/json"
+}
+variable "proxmox_host" {
+  # The name of the Proxmox server listed under Datacenter
+  default = "pve"
+}
+variable "template_name" {
+  default = "ubuntu-2404-template"
+}
+variable "token_id" {
+  default = "root@pam!terraform"
+}
+variable "token_secret" {
+  default = "882ad9dc-6e4e-4d1d-87de-f4f48afc4b0d" # Enter your API Secret here
+}