From 19491c9d8c4eda12092d9d4d326b77c5501ab156 Mon Sep 17 00:00:00 2001
From: auricom <27022259+auricom@users.noreply.github.com>
Date: Tue, 21 Nov 2023 21:39:03 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=A7=20terraform?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../tf-controller/terraforms/kustomization.yaml |  2 +-
 .../tf-controller/terraforms/terraform.yaml     |  6 +-----
 shell.nix                                       | 13 +++++++++++++
 terraform/storage/minio/main.tf                 | 10 +++++-----
 terraform/storage/minio/providers.tf            | 17 ++++++-----------
 terraform/storage/minio/secrets.sops.yaml       |  6 +++---
 terraform/storage/minio/svc_volsync.tf          | 13 ++++++-------
 7 files changed, 35 insertions(+), 32 deletions(-)
 create mode 100644 shell.nix

diff --git a/kubernetes/apps/flux-system/tf-controller/terraforms/kustomization.yaml b/kubernetes/apps/flux-system/tf-controller/terraforms/kustomization.yaml
index b23cd6aaa..4743fc902 100644
--- a/kubernetes/apps/flux-system/tf-controller/terraforms/kustomization.yaml
+++ b/kubernetes/apps/flux-system/tf-controller/terraforms/kustomization.yaml
@@ -4,4 +4,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ./ocirepository.yaml
-  #- ./terraform.yaml
+  - ./terraform.yaml
diff --git a/kubernetes/apps/flux-system/tf-controller/terraforms/terraform.yaml b/kubernetes/apps/flux-system/tf-controller/terraforms/terraform.yaml
index d98bdf1a7..74b660d7c 100644
--- a/kubernetes/apps/flux-system/tf-controller/terraforms/terraform.yaml
+++ b/kubernetes/apps/flux-system/tf-controller/terraforms/terraform.yaml
@@ -8,15 +8,11 @@ spec:
   suspend: false
   approvePlan: auto
   interval: 12h
-  path: ./storage/apps
+  path: ./storage/minio
   sourceRef:
     kind: OCIRepository
     name: terraform
     namespace: flux-system
-  backendConfig:
-    disable: true
-  cliConfigSecretRef:
-    name: tf-controller-tfrc-secret
   runnerPodTemplate:
     spec:
       env:
diff --git a/shell.nix b/shell.nix
new file mode 100644
index 000000000..037bc77db
--- /dev/null
+++ b/shell.nix
@@ -0,0 +1,13 @@
+let
+  # Configure Nix to allow unfree packages.
+  config = {
+    allowUnfree = true;
+  };
+  pkgs = import <nixpkgs> {inherit config;};
+in
+  pkgs.mkShell {
+    buildInputs = with pkgs; [
+      terraform
+      tflint
+    ];
+  }
diff --git a/terraform/storage/minio/main.tf b/terraform/storage/minio/main.tf
index fa116a413..20cccda92 100644
--- a/terraform/storage/minio/main.tf
+++ b/terraform/storage/minio/main.tf
@@ -7,10 +7,6 @@ terraform {
     }
   }
   required_providers {
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = "2.23.0"
-    }
     sops = {
       source  = "carlpett/sops"
       version = "1.0.0"
@@ -19,10 +15,14 @@ terraform {
       source  = "hashicorp/time"
       version = "0.9.1"
     }
+    minio = {
+      source  = "aminueza/minio"
+      version = "~> 2.0"  # Replace with your desired version constraint
+    }
   }
   required_version = ">= 1.3.0"
 }
 
 data "sops_file" "secrets" {
-  source_file = "secrets.sops.yaml"
+  source_file = "./secrets.sops.yaml"
 }
diff --git a/terraform/storage/minio/providers.tf b/terraform/storage/minio/providers.tf
index 8067e2347..7a2d6a3f1 100644
--- a/terraform/storage/minio/providers.tf
+++ b/terraform/storage/minio/providers.tf
@@ -1,12 +1,7 @@
-provider "aws" {
-  access_key = "your_access_key"
-  secret_key = "your_secret_key"
-  region     = "us-east-1"
-  endpoints {
-    s3 = "base64decode(data.sops_file.secrets.data["minio_endpoint"])"
-  }
-  skip_credentials_validation = true
-  skip_metadata_api_check     = true
-  skip_requesting_account_id  = true
-  s3_force_path_style         = true
+provider "minio" {
+  minio_server   = data.sops_file.secrets.data["minio_server"]
+  minio_user     = data.sops_file.secrets.data["minio_root_user"]
+  minio_password = data.sops_file.secrets.data["minio_root_password"]
+  minio_region   = "us-east-1"
+  minio_ssl      = true
 }
diff --git a/terraform/storage/minio/secrets.sops.yaml b/terraform/storage/minio/secrets.sops.yaml
index 826e90cb4..aa94aeaf1 100644
--- a/terraform/storage/minio/secrets.sops.yaml
+++ b/terraform/storage/minio/secrets.sops.yaml
@@ -1,4 +1,4 @@
-minio_endpoint: ENC[AES256_GCM,data:Lx05cjWbTqmXpGMVjJIuFS0blA7m9P0gJH0p+Z8OteM=,iv:SvcuQojEK4nMXY+80oSGSnovKtN221xgGtRHd0U5OaA=,tag:UrWetEvmP4qkBo5kMfzALg==,type:str]
+minio_server: ENC[AES256_GCM,data:NYLbkjMG3Fr/aPhwirJPWQbiNgn+oSRDzw==,iv:BX5TwBgI/Qe+LZKJ343TNLOnTwtxv4UPDYWMtZof4QM=,tag:a/9r9UPYu2X6YpZFKeFhng==,type:str]
 minio_root_user: ENC[AES256_GCM,data:9n5EvcU=,iv:hMpFlmvwYcjHdcdg6zNfHimjhltgTUe7nBUMV6HQi/U=,tag:nSwSU0ebzbH1SWR0ULLhKg==,type:str]
 minio_root_password: ENC[AES256_GCM,data:TE4Etq58bqOdB6ya13cLfZBdgnI=,iv:y0UF4eC1Gx6zdNEuXTS5GbiYran45w63YjEu4od+ExY=,tag:Qyk+r8NIMc3NltagK5Rrjw==,type:str]
 sops:
@@ -16,8 +16,8 @@ sops:
             ZFlyQ1lGbnVPaSs4cytQYzNwRnJabmcKP0ogZqsaoD6heCqmObwttBgE039aLqe2
             R55NPkQJJyFSbDbdDmPApE4IwtXay54QGw2RR4AxOZW4G2dWhdzP3w==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-11-16T01:41:33Z"
-    mac: ENC[AES256_GCM,data:PBr4A9D6grWs7HgMGloDnDOhhT4/v4PvyqFxhdfzsm38FfZomceh7PpfMbdEH/Fv6Jsv9Z8f7aWTCt4IiSCGENJyZSGIL14ABDw/ao44Q1wtsh2Axjm4KWPr1iWWtu/Cbdv22vdbK2hlM0sXkCfiPboWIkVpaFTQQ5EW7+stryw=,iv:2Vdp7i4EdL/LVo9BD3PVCn5lan/J0khVdOcIIv66ayE=,tag:X5LdJESAcdDRXOQNlYoP3A==,type:str]
+    lastmodified: "2023-11-21T21:49:39Z"
+    mac: ENC[AES256_GCM,data:c88bI6mQ7jWt2x4+TUqyMYEcymeDrelAxn71Sk0UrDhy/nVQwzUK5kpgSsxKLm54KAYSgedhK+gd9lZtIMFb31tQovsqH2L3YwZEfZj/gRbeysfFNKDSNyYGcR1Qn21YlsVG3hjCow6/c7wadJdYH+7GfoGw4yMzfcreUs6QbYs=,iv:ElJDRvMhNPDgvBR2DKLJY2Nan7nY+SoK7AhZ+zEoAfs=,tag:bYYS/iTCLHNLr/srjyY72Q==,type:str]
     pgp: []
     unencrypted_regex: ^(kind)$
     version: 3.8.1
diff --git a/terraform/storage/minio/svc_volsync.tf b/terraform/storage/minio/svc_volsync.tf
index ee51cf042..2af77c802 100644
--- a/terraform/storage/minio/svc_volsync.tf
+++ b/terraform/storage/minio/svc_volsync.tf
@@ -1,15 +1,14 @@
-resource "aws_s3_bucket" "volsync" {
+resource "minio_s3_bucket" "volsync" {
   bucket = "volsync"
   acl    = "private"
 }
 
-resource "aws_iam_user" "volsync_user" {
+resource "minio_iam_user" "volsync_user" {
   name = "volsync"
 }
 
-resource "aws_iam_policy" "volsync_private" {
+resource "minio_iam_policy" "volsync_private" {
   name        = "volsync_private"
-  description = "Policy for volsync user to access volsync bucket"
 
   policy = jsonencode({
     Version = "2012-10-17",
@@ -31,7 +30,7 @@ resource "aws_iam_policy" "volsync_private" {
   })
 }
 
-resource "aws_iam_user_policy_attachment" "volsync_user_policy_attachment" {
-  user       = aws_iam_user.volsync_user.name
-  policy_arn = aws_iam_policy.volsync_private.arn
+resource "minio_iam_user_policy_attachment" "volsync_user_policy_attachment" {
+  user_name   = minio_iam_user.volsync_user.name
+  policy_name = minio_iam_policy.volsync_private.name
 }