Migration to Talos only cluster

.github/workflows/apply-dev.yml

@@ -0,0 +1,19 @@
+name: Apply DEV
+
+on:
+  push:
+    branches-ignore:
+      - master
+
+jobs:
+  apply-dev:
+    uses: ./.github/workflows/shared-tf-apply.yml
+    with:
+      environment: dev
+    secrets:
+      bitwarden_access_token: ${{ secrets.BITWARDEN_API_TOKEN_DEV }}
+      azuread_credentials: ${{ secrets.AZUREAD_CREDENTIALS_DEV }}
+      cloudflare_api_token: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+      pagerduty_api_token: ${{ secrets.PAGERDUTY_API_TOKEN_DEV }}
+      b2_application_key_id: ${{ secrets.B2_APPLICATION_KEY_ID }}
+      b2_application_key: ${{ secrets.B2_APPLICATION_KEY }}

.github/workflows/apply-prod.yml

@@ -0,0 +1,19 @@
+name: Apply PROD
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  apply-dev:
+    uses: ./.github/workflows/shared-tf-apply.yml
+    with:
+      environment: prod
+    secrets:
+      bitwarden_access_token: ${{ secrets.BITWARDEN_API_TOKEN_PROD }}
+      azuread_credentials: ${{ secrets.AZUREAD_CREDENTIALS_PROD }}
+      cloudflare_api_token: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+      pagerduty_api_token: ${{ secrets.PAGERDUTY_API_TOKEN_PROD }}
+      b2_application_key_id: ${{ secrets.B2_APPLICATION_KEY_ID }}
+      b2_application_key: ${{ secrets.B2_APPLICATION_KEY }}

.github/workflows/plan-prod.yml

@@ -0,0 +1,19 @@
+name: Plan PROD
+
+on:
+  pull_request:
+    branches:
+      - master
+
+jobs:
+  plan-prod:
+    uses: ./.github/workflows/shared-tf-plan.yml
+    with:
+      environment: prod
+    secrets:
+      bitwarden_access_token: ${{ secrets.BITWARDEN_API_TOKEN_PROD }}
+      azuread_credentials: ${{ secrets.AZUREAD_CREDENTIALS_PROD }}
+      cloudflare_api_token: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+      pagerduty_api_token: ${{ secrets.PAGERDUTY_API_TOKEN_PROD }}
+      b2_application_key_id: ${{ secrets.B2_APPLICATION_KEY_ID }}
+      b2_application_key: ${{ secrets.B2_APPLICATION_KEY }}

.github/workflows/shared-tf-apply.yml

@@ -0,0 +1,52 @@
+on:
+  workflow_call:
+    inputs:
+      environment:
+        required: true
+        type: string
+    secrets:
+      bitwarden_access_token:
+        required: true
+      bitwarden_project_id:
+        required: true
+      azuread_credentials:
+        required: true
+      cloudflare_api_token:
+        required: true
+      pagerduty_api_token:
+        required: true
+      b2_application_key_id:
+        required: true
+      b2_application_key:
+        required: true
+
+jobs:
+  terraform-apply:
+    runs-on: ubuntu-latest
+    env:
+      TF_WORKSPACE: ${{ inputs.environment }}
+      TF_VAR_bitwarden_access_token: ${{ secrets.bitwarden_access_token }}
+      TF_VAR_aad_credentials: ${{ secrets.azuread_credentials }}
+      TF_VAR_cloudflare_api_token: ${{ secrets.cloudflare_api_token }}
+      TF_VAR_pagerduty_api_token: '${{ secrets.pagerduty_api_token }}'
+      TF_VAR_bitwarden_project_id: ${{ secrets.bitwarden_project_id }}
+      TF_VAR_B2_APPLICATION_KEY_ID: ${{ secrets.b2_application_key_id }}
+      TF_VAR_B2_APPLICATION_KEY: ${{ secrets.b2_application_key }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Terraform
+        uses: hashicorp/setup-terraform@v3
+
+      - name: Terraform Init
+        run: terraform init -input=false
+        working-directory: ./terraform
+
+      - name: Terraform Plan
+        run: terraform plan -input=false -var-file=../environments/${{ inputs.environment }}.tfvars -out=tfplan
+        working-directory: ./terraform
+
+      - name: Terraform Apply
+        run: terraform apply -input=false -var-file=../environments/${{ inputs.environment }}.tfvars -auto-approve tfplan
+        working-directory: ./terraform

.github/workflows/shared-tf-plan.yml

@@ -0,0 +1,48 @@
+on:
+  workflow_call:
+    inputs:
+      environment:
+        required: true
+        type: string
+    secrets:
+      bitwarden_access_token:
+        required: true
+      bitwarden_project_id:
+        required: true
+      azuread_credentials:
+        required: true
+      cloudflare_api_token:
+        required: true
+      pagerduty_api_token:
+        required: true
+      b2_application_key_id:
+        required: true
+      b2_application_key:
+        required: true
+
+jobs:
+  terraform-plan:
+    runs-on: ubuntu-latest
+    env:
+      TF_WORKSPACE: ${{ inputs.environment }}
+      TF_VAR_bitwarden_access_token: ${{ secrets.bitwarden_access_token }}
+      TF_VAR_aad_credentials: ${{ secrets.azuread_credentials }}
+      TF_VAR_cloudflare_api_token: ${{ secrets.cloudflare_api_token }}
+      TF_VAR_pagerduty_api_token: '${{ secrets.pagerduty_api_token }}'
+      TF_VAR_bitwarden_project_id: ${{ secrets.bitwarden_project_id }}
+      TF_VAR_b2_application_key_id: ${{ secrets.b2_application_key_id }}
+      TF_VAR_b2_application_key: ${{ secrets.b2_application_key }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Terraform
+        uses: hashicorp/setup-terraform@v3
+
+      - name: Terraform Init
+        run: terraform init -input=false
+        working-directory: ./terraform
+
+      - name: Terraform Plan
+        run: terraform plan -input=false -var-file=../environments/${{ inputs.environment }}.tfvars
+        working-directory: ./terraform

.gitignore

@@ -1,3 +1,5 @@
+creds.*.tfvars
+
 # Local .terraform directories
 **/.terraform/*
 

environments/dev.tfvars

@@ -0,0 +1,3 @@
+environment_name        = "dev"
+root_domain             = "homecentr.one"
+pagerduty_tenant_domain = "homecentr-lab.eu.pagerduty.com"

environments/prod.tfvars

@@ -0,0 +1,3 @@
+environment_name        = "prod"
+root_domain             = "homecentr.one"
+pagerduty_tenant_domain = "homecentr.eu.pagerduty.com"