From 9cb6a92e2aebb5cddef26f9ce8b58b4673938d78 Mon Sep 17 00:00:00 2001
From: gaia <gaia@gaia.com>
Date: Fri, 10 Apr 2026 11:33:32 -0300
Subject: [PATCH 1/3] feat: add terraform plan workflow

---
 .gitea/workflows/terraform-plan.yml | 56 +++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 .gitea/workflows/terraform-plan.yml

diff --git a/.gitea/workflows/terraform-plan.yml b/.gitea/workflows/terraform-plan.yml
new file mode 100644
index 0000000..33a8c77
--- /dev/null
+++ b/.gitea/workflows/terraform-plan.yml
@@ -0,0 +1,56 @@
+name: Terraform Plan
+
+on:
+  pull_request:
+    paths:
+      - 'terraform/**'
+    types:
+      - opened
+      - synchronize
+      - reopened
+
+env:
+  TF_CLOUD_ORGANIZATION: homelab_terraform
+  TF_WORKSPACE: homelab
+
+jobs:
+  terraform-plan:
+    name: Terraform Plan
+    runs-on: gitea-runner-hestia
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install Terraform
+        run: |
+          TERRAFORM_VERSION=1.10.0
+          curl -fsSL "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip" -o /tmp/terraform.zip
+          unzip -o /tmp/terraform.zip -d /usr/local/bin/
+          chmod +x /usr/local/bin/terraform
+          terraform version
+
+      - name: Write Terraform Cloud credentials
+        env:
+          TF_CLOUD_TOKEN: ${{ secrets.TF_CLOUD_TOKEN }}
+        run: |
+          mkdir -p ~/.terraform.d/credentials
+          cat > ~/.terraform.d/credentials/tfcred.tfrc << EOF
+credentials "app.terraform.io" {
+  token = "$TF_CLOUD_TOKEN"
+}
+EOF
+          echo "TF credentials configured"
+
+      - name: Terraform Init
+        working-directory: ./terraform
+        run: |
+          terraform init \
+            -backend=true \
+            -backend-config="organization=$TF_CLOUD_ORGANIZATION" \
+            -backend-config="workspaces.name=$TF_WORKSPACE" \
+            -reconfigure
+
+      - name: Terraform Plan
+        working-directory: ./terraform
+        run: |
+          terraform plan -no-color 2>&1 | tee /tmp/plan_output.txt

From ed0807c345135c55db6eb561b4e87696fe5b487d Mon Sep 17 00:00:00 2001
From: gaia <gaia@gaia.com>
Date: Fri, 10 Apr 2026 11:33:46 -0300
Subject: [PATCH 2/3] feat: add terraform apply workflow

---
 .gitea/workflows/terraform-apply.yml | 55 ++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100644 .gitea/workflows/terraform-apply.yml

diff --git a/.gitea/workflows/terraform-apply.yml b/.gitea/workflows/terraform-apply.yml
new file mode 100644
index 0000000..84da4e2
--- /dev/null
+++ b/.gitea/workflows/terraform-apply.yml
@@ -0,0 +1,55 @@
+name: Terraform Apply
+
+on:
+  workflow_dispatch:
+    inputs:
+      pr_number:
+        description: 'PR Number to comment on'
+        required: false
+        type: string
+
+env:
+  TF_CLOUD_ORGANIZATION: homelab_terraform
+  TF_WORKSPACE: homelab
+
+jobs:
+  terraform-apply:
+    name: Terraform Apply
+    runs-on: gitea-runner-hestia
+    environment: production
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install Terraform
+        run: |
+          TERRAFORM_VERSION=1.10.0
+          curl -fsSL "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip" -o /tmp/terraform.zip
+          unzip -o /tmp/terraform.zip -d /usr/local/bin/
+          chmod +x /usr/local/bin/terraform
+          terraform version
+
+      - name: Write Terraform Cloud credentials
+        env:
+          TF_CLOUD_TOKEN: ${{ secrets.TF_CLOUD_TOKEN }}
+        run: |
+          mkdir -p ~/.terraform.d/credentials
+          cat > ~/.terraform.d/credentials/tfcred.tfrc << EOF
+credentials "app.terraform.io" {
+  token = "$TF_CLOUD_TOKEN"
+}
+EOF
+
+      - name: Terraform Init
+        working-directory: ./terraform
+        run: |
+          terraform init \
+            -backend=true \
+            -backend-config="organization=$TF_CLOUD_ORGANIZATION" \
+            -backend-config="workspaces.name=$TF_WORKSPACE" \
+            -reconfigure
+
+      - name: Terraform Apply
+        working-directory: ./terraform
+        run: |
+          terraform apply -auto-approve -no-color 2>&1

From 7bbef1beb74f56e989b8b0a83af2bb9662432c19 Mon Sep 17 00:00:00 2001
From: Gaia <gaia@hackerfortress.cc>
Date: Fri, 10 Apr 2026 12:00:10 -0300
Subject: [PATCH 3/3] chore: update plan workflow

---
 .gitea/workflows/terraform-plan.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.gitea/workflows/terraform-plan.yml b/.gitea/workflows/terraform-plan.yml
index 33a8c77..4255365 100644
--- a/.gitea/workflows/terraform-plan.yml
+++ b/.gitea/workflows/terraform-plan.yml
@@ -34,7 +34,7 @@ jobs:
           TF_CLOUD_TOKEN: ${{ secrets.TF_CLOUD_TOKEN }}
         run: |
           mkdir -p ~/.terraform.d/credentials
-          cat > ~/.terraform.d/credentials/tfcred.tfrc << EOF
+          cat > ~/.terraform.d/credentials/tfcred.tfrc << 'EOF'
 credentials "app.terraform.io" {
   token = "$TF_CLOUD_TOKEN"
 }
@@ -54,3 +54,8 @@ EOF
         working-directory: ./terraform
         run: |
           terraform plan -no-color 2>&1 | tee /tmp/plan_output.txt
+
+      - name: Upload Plan Output
+        if: always()
+        run: |
+          cat /tmp/plan_output.txt || echo "No plan output"