- HCL 48.5%
- Shell 36.9%
- Jinja 14.6%
7b4fb7b811
Some checks failed
lint / terraform (fmt + validate + tflint) (push) Failing after 9s
molecule / rtpengine role (molecule default) (push) Failing after 1m45s
lint / ansible (yamllint + ansible-lint + syntax-check) (push) Failing after 2m11s
security / checkov (terraform misconfig + secrets) (push) Successful in 2m25s
|
||
|---|---|---|
| .forgejo/workflows | ||
| ansible | ||
| cloud-init | ||
| local | ||
| scripts | ||
| terraform | ||
| .ansible-lint | ||
| .checkov.yml | ||
| .gitignore | ||
| .tflint.hcl | ||
| .yamllint.yml | ||
| LICENSE | ||
| README.md | ||
Orbital Setup
Customer-facing Infrastructure-As-Code (IaC) for Call Theory's Orbital AX and Call Center platform.
Handle first-time deployments and version updates using opinionated defaults.
Requirements
You will need the following tools and/or details before getting started:
tofu(orterraform),kubectl,helm- Your Call Theory container registry robot account username and token.
- An SSH public key for
authorized_keys
Need a container registry robot token? Contact Call Theory support
Quick Starts
On Premise
git clone https://git.calltheory.com/calltheory/orbital-setup.git
cd orbital-setup
git checkout v0.1.14
cd terraform/onprem/k3s
cp terraform.tfvars.example terraform.tfvars
nano terraform.tfvars # IPs, SSH user, etc.
tofu init && tofu apply
cd ../../..
export HARBOR_USERNAME='calltheory$orbital+yourcompany'
export HARBOR_TOKEN='robot_token_provided_by_calltheory'
export ORBITAL_CHART_VERSION=0.1.8
./scripts/install-onprem.sh
Vultr (K3s)
git clone https://git.calltheory.com/calltheory/orbital-setup.git
cd orbital-setup
git checkout v0.1.14 # see "Pinning a version" below
cd terraform/vultr/self-hosted-k3s
cp terraform.tfvars.example terraform.tfvars
nano terraform.tfvars
tofu init && tofu apply
cd ../../..
export HARBOR_USERNAME='calltheory$orbital+yourcompany'
export HARBOR_TOKEN='robot_token_provided_by_calltheory'
export ORBITAL_CHART_VERSION=0.1.8
./scripts/install-vultr.sh --skip-tofu
Then point DNS:
orbital.<your-domain>→ ingress LoadBalancer IP (kubectl -n orbital get svc)sip.orbital.<your-domain>→ first reserved IP fromtofu output edge_vip
Pinning a version
Tags on this repo line up with the chart version they ship with — v0.1.14
ships chart 0.1.14 and the matching rtpengine .deb. Always pin both
together for production:
git fetch --tags && git checkout v0.1.14
export ORBITAL_CHART_VERSION=0.1.14
For full re-provisioning, set ansible_branch = "v0.1.14" in
terraform.tfvars so cloud-init clones the same tag on each VM.
Testing
CI runs on every PR (.forgejo/workflows/):
lint.yml—tofu fmt/validate,tflint,yamllint,ansible-lint, playbook syntax-checksecurity.yml—checkovoverterraform/molecule.yml— full role test forrtpengineon Ubuntu 24.04 in Docker
To test edge-deployment using multipass locally:
./local/multipass-edge.sh
Run lint locally before pushing:
tofu fmt -check -recursive terraform/
yamllint .
cd ansible
ansible-lint
cd ..
Security
Report vulnerabilities privately to security@calltheory.com. Do not open public issues for security findings.
Contributing
Have an environment IaC you'd like to contribute? Open a pull-request!
License
This project is covered under the Apache 2.0 license. You can read the license here.