🚧 terraform

This commit is contained in:
auricom
2023-11-21 21:39:03 +01:00
parent 8c64aa1b86
commit 19491c9d8c
7 changed files with 35 additions and 32 deletions

View File

@@ -4,4 +4,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./ocirepository.yaml
#- ./terraform.yaml
- ./terraform.yaml

View File

@@ -8,15 +8,11 @@ spec:
suspend: false
approvePlan: auto
interval: 12h
path: ./storage/apps
path: ./storage/minio
sourceRef:
kind: OCIRepository
name: terraform
namespace: flux-system
backendConfig:
disable: true
cliConfigSecretRef:
name: tf-controller-tfrc-secret
runnerPodTemplate:
spec:
env:

13
shell.nix Normal file
View File

@@ -0,0 +1,13 @@
let
# Configure Nix to allow unfree packages.
config = {
allowUnfree = true;
};
pkgs = import <nixpkgs> {inherit config;};
in
pkgs.mkShell {
buildInputs = with pkgs; [
terraform
tflint
];
}

View File

@@ -7,10 +7,6 @@ terraform {
}
}
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.23.0"
}
sops = {
source = "carlpett/sops"
version = "1.0.0"
@@ -19,10 +15,14 @@ terraform {
source = "hashicorp/time"
version = "0.9.1"
}
minio = {
source = "aminueza/minio"
version = "~> 2.0" # Replace with your desired version constraint
}
}
required_version = ">= 1.3.0"
}
data "sops_file" "secrets" {
source_file = "secrets.sops.yaml"
source_file = "./secrets.sops.yaml"
}

View File

@@ -1,12 +1,7 @@
provider "aws" {
access_key = "your_access_key"
secret_key = "your_secret_key"
region = "us-east-1"
endpoints {
s3 = "base64decode(data.sops_file.secrets.data["minio_endpoint"])"
}
skip_credentials_validation = true
skip_metadata_api_check = true
skip_requesting_account_id = true
s3_force_path_style = true
provider "minio" {
minio_server = data.sops_file.secrets.data["minio_server"]
minio_user = data.sops_file.secrets.data["minio_root_user"]
minio_password = data.sops_file.secrets.data["minio_root_password"]
minio_region = "us-east-1"
minio_ssl = true
}

View File

@@ -1,4 +1,4 @@
minio_endpoint: ENC[AES256_GCM,data:Lx05cjWbTqmXpGMVjJIuFS0blA7m9P0gJH0p+Z8OteM=,iv:SvcuQojEK4nMXY+80oSGSnovKtN221xgGtRHd0U5OaA=,tag:UrWetEvmP4qkBo5kMfzALg==,type:str]
minio_server: ENC[AES256_GCM,data:NYLbkjMG3Fr/aPhwirJPWQbiNgn+oSRDzw==,iv:BX5TwBgI/Qe+LZKJ343TNLOnTwtxv4UPDYWMtZof4QM=,tag:a/9r9UPYu2X6YpZFKeFhng==,type:str]
minio_root_user: ENC[AES256_GCM,data:9n5EvcU=,iv:hMpFlmvwYcjHdcdg6zNfHimjhltgTUe7nBUMV6HQi/U=,tag:nSwSU0ebzbH1SWR0ULLhKg==,type:str]
minio_root_password: ENC[AES256_GCM,data:TE4Etq58bqOdB6ya13cLfZBdgnI=,iv:y0UF4eC1Gx6zdNEuXTS5GbiYran45w63YjEu4od+ExY=,tag:Qyk+r8NIMc3NltagK5Rrjw==,type:str]
sops:
@@ -16,8 +16,8 @@ sops:
ZFlyQ1lGbnVPaSs4cytQYzNwRnJabmcKP0ogZqsaoD6heCqmObwttBgE039aLqe2
R55NPkQJJyFSbDbdDmPApE4IwtXay54QGw2RR4AxOZW4G2dWhdzP3w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-11-16T01:41:33Z"
mac: ENC[AES256_GCM,data:PBr4A9D6grWs7HgMGloDnDOhhT4/v4PvyqFxhdfzsm38FfZomceh7PpfMbdEH/Fv6Jsv9Z8f7aWTCt4IiSCGENJyZSGIL14ABDw/ao44Q1wtsh2Axjm4KWPr1iWWtu/Cbdv22vdbK2hlM0sXkCfiPboWIkVpaFTQQ5EW7+stryw=,iv:2Vdp7i4EdL/LVo9BD3PVCn5lan/J0khVdOcIIv66ayE=,tag:X5LdJESAcdDRXOQNlYoP3A==,type:str]
lastmodified: "2023-11-21T21:49:39Z"
mac: ENC[AES256_GCM,data:c88bI6mQ7jWt2x4+TUqyMYEcymeDrelAxn71Sk0UrDhy/nVQwzUK5kpgSsxKLm54KAYSgedhK+gd9lZtIMFb31tQovsqH2L3YwZEfZj/gRbeysfFNKDSNyYGcR1Qn21YlsVG3hjCow6/c7wadJdYH+7GfoGw4yMzfcreUs6QbYs=,iv:ElJDRvMhNPDgvBR2DKLJY2Nan7nY+SoK7AhZ+zEoAfs=,tag:bYYS/iTCLHNLr/srjyY72Q==,type:str]
pgp: []
unencrypted_regex: ^(kind)$
version: 3.8.1

View File

@@ -1,15 +1,14 @@
resource "aws_s3_bucket" "volsync" {
resource "minio_s3_bucket" "volsync" {
bucket = "volsync"
acl = "private"
}
resource "aws_iam_user" "volsync_user" {
resource "minio_iam_user" "volsync_user" {
name = "volsync"
}
resource "aws_iam_policy" "volsync_private" {
resource "minio_iam_policy" "volsync_private" {
name = "volsync_private"
description = "Policy for volsync user to access volsync bucket"
policy = jsonencode({
Version = "2012-10-17",
@@ -31,7 +30,7 @@ resource "aws_iam_policy" "volsync_private" {
})
}
resource "aws_iam_user_policy_attachment" "volsync_user_policy_attachment" {
user = aws_iam_user.volsync_user.name
policy_arn = aws_iam_policy.volsync_private.arn
resource "minio_iam_user_policy_attachment" "volsync_user_policy_attachment" {
user_name = minio_iam_user.volsync_user.name
policy_name = minio_iam_policy.volsync_private.name
}