74eeabb354
Some checks failed
PR Checks / tofu-checks (pull_request) Failing after 2s
1/1 projects applied successfully.
Reusable OpenTofu module for creating isolated tenant VMs with: - Public IP on vmbr1 (bridged, firewall=true) - Cloud-init: password auth, fail2ban, UFW hardening - Per-VM Proxmox firewall (IN: SSH+ICMP, OUT: allow, block SMTP) Includes test-tenant VM (185.47.204.227) for verification. Changes: - modules/tenant-vm/ — reusable module (VM + FW + cloud-init) - environments/production/tenant-vms.tf — tenant VM definitions - policies/security.rego — require firewall=true on vmbr1 - atlantis.yaml — trigger on module file changes - main.tf — updated host prerequisites comment Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
35 lines
836 B
YAML
35 lines
836 B
YAML
# Atlantis repo-level config
|
|
# Defines how Atlantis should plan/apply for this repository
|
|
version: 3
|
|
projects:
|
|
- name: production
|
|
dir: environments/production
|
|
workspace: default
|
|
workflow: proxmox
|
|
autoplan:
|
|
when_modified:
|
|
- "**/*.tf"
|
|
- "**/*.tfvars"
|
|
- "../../modules/**/*.tf"
|
|
- "../../modules/**/*.tftpl"
|
|
enabled: true
|
|
apply_requirements:
|
|
- approved
|
|
|
|
workflows:
|
|
proxmox:
|
|
plan:
|
|
steps:
|
|
- env:
|
|
name: PROXMOX_VE_API_TOKEN
|
|
command: "sops -d --extract '[\"proxmox_api_token\"]' proxmox.secrets.yaml"
|
|
- init
|
|
- plan
|
|
apply:
|
|
steps:
|
|
- env:
|
|
name: PROXMOX_VE_API_TOKEN
|
|
command: "sops -d --extract '[\"proxmox_api_token\"]' proxmox.secrets.yaml"
|
|
- init
|
|
- apply
|