save some steps on orb settings

jbartus · jbartus · commit d45a28d182f8 · 2025-05-27T11:35:10.000-04:00
diff --git a/orb.sh.tpl b/orb.sh.tpl
@@ -9,12 +9,17 @@ chmod +x /usr/libexec/docker/cli-plugins/docker-compose
 
 docker pull netboxlabs/orb-agent:latest
 
-mkdir /opt/orb
-cd /opt/orb
+cd /root
 
 cat << 'EOF' > orb.yaml
 ${orb_yaml}
 EOF
 
-echo "docker run -u root -v /opt/orb:/opt/orb/ netboxlabs/orb-agent:latest run -c /opt/orb/orb.yaml" > /opt/orb/scan.sh
-chmod +x /opt/orb/scan.sh
+cat << 'EOF' > scan.sh
+docker run -u root -v /root:/opt/orb/ \
+  -e DIODE_CLIENT_ID=$${DIODE_CLIENT_ID} \
+  -e DIODE_CLIENT_SECRET=$${DIODE_CLIENT_SECRET} \
+  netboxlabs/orb-agent:latest run -c /opt/orb/orb.yaml
+EOF
+
+chmod +x scan.sh
diff --git a/orb.tf b/orb.tf
@@ -29,11 +29,16 @@ resource "aws_iam_instance_profile" "orb_instance_profile" {
 }
 
 resource "aws_instance" "orb_instance" {
-  ami                         = data.aws_ssm_parameter.al2023_ami_arm64.value
-  instance_type               = "t4g.large"
-  subnet_id                   = module.vpc.public_subnets[0]
-  vpc_security_group_ids      = [aws_security_group.nbc.id]
-  user_data                   = templatefile("${path.module}/orb.sh.tpl", { orb_yaml = templatefile("${path.module}/orb.yaml.tpl", { diode_server = aws_instance.nbe_instance.private_ip }) })
+  ami                    = data.aws_ssm_parameter.al2023_ami_arm64.value
+  instance_type          = "t4g.large"
+  subnet_id              = module.vpc.public_subnets[0]
+  vpc_security_group_ids = [aws_security_group.nbc.id]
+  user_data = templatefile("${path.module}/orb.sh.tpl", {
+    orb_yaml = templatefile("${path.module}/orb.yaml.tpl", {
+      diode_server  = aws_instance.nbe_instance.private_ip,
+      public_subnet = module.vpc.public_subnet_objects[0].cidr_block
+    })
+  })
   associate_public_ip_address = true
   iam_instance_profile        = aws_iam_instance_profile.orb_instance_profile.name
 }
diff --git a/orb.yaml.tpl b/orb.yaml.tpl
@@ -6,13 +6,14 @@ orb:
     common:
       diode:
         target: grpc://${diode_server}:80/diode
-        client_id: FIXME
-        client_secret: FIXME
+        client_id: $${DIODE_CLIENT_ID}
+        client_secret: $${DIODE_CLIENT_SECRET}
         agent_name: orb1
   policies:
     network_discovery:
       public_subnets:
         config:
         scope:
           targets: 
-            - 10.0.1.0/24
+            - ${public_subnet}
+          fast_mode: True
