mirror of
https://github.com/auricom/home-cluster.git
synced 2025-09-17 18:24:14 +02:00
🚧 terraform
This commit is contained in:
@@ -4,4 +4,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ./ocirepository.yaml
|
||||
#- ./terraform.yaml
|
||||
- ./terraform.yaml
|
||||
|
@@ -8,15 +8,11 @@ spec:
|
||||
suspend: false
|
||||
approvePlan: auto
|
||||
interval: 12h
|
||||
path: ./storage/apps
|
||||
path: ./storage/minio
|
||||
sourceRef:
|
||||
kind: OCIRepository
|
||||
name: terraform
|
||||
namespace: flux-system
|
||||
backendConfig:
|
||||
disable: true
|
||||
cliConfigSecretRef:
|
||||
name: tf-controller-tfrc-secret
|
||||
runnerPodTemplate:
|
||||
spec:
|
||||
env:
|
||||
|
13
shell.nix
Normal file
13
shell.nix
Normal file
@@ -0,0 +1,13 @@
|
||||
let
|
||||
# Configure Nix to allow unfree packages.
|
||||
config = {
|
||||
allowUnfree = true;
|
||||
};
|
||||
pkgs = import <nixpkgs> {inherit config;};
|
||||
in
|
||||
pkgs.mkShell {
|
||||
buildInputs = with pkgs; [
|
||||
terraform
|
||||
tflint
|
||||
];
|
||||
}
|
@@ -7,10 +7,6 @@ terraform {
|
||||
}
|
||||
}
|
||||
required_providers {
|
||||
kubernetes = {
|
||||
source = "hashicorp/kubernetes"
|
||||
version = "2.23.0"
|
||||
}
|
||||
sops = {
|
||||
source = "carlpett/sops"
|
||||
version = "1.0.0"
|
||||
@@ -19,10 +15,14 @@ terraform {
|
||||
source = "hashicorp/time"
|
||||
version = "0.9.1"
|
||||
}
|
||||
minio = {
|
||||
source = "aminueza/minio"
|
||||
version = "~> 2.0" # Replace with your desired version constraint
|
||||
}
|
||||
}
|
||||
required_version = ">= 1.3.0"
|
||||
}
|
||||
|
||||
data "sops_file" "secrets" {
|
||||
source_file = "secrets.sops.yaml"
|
||||
source_file = "./secrets.sops.yaml"
|
||||
}
|
||||
|
@@ -1,12 +1,7 @@
|
||||
provider "aws" {
|
||||
access_key = "your_access_key"
|
||||
secret_key = "your_secret_key"
|
||||
region = "us-east-1"
|
||||
endpoints {
|
||||
s3 = "base64decode(data.sops_file.secrets.data["minio_endpoint"])"
|
||||
}
|
||||
skip_credentials_validation = true
|
||||
skip_metadata_api_check = true
|
||||
skip_requesting_account_id = true
|
||||
s3_force_path_style = true
|
||||
provider "minio" {
|
||||
minio_server = data.sops_file.secrets.data["minio_server"]
|
||||
minio_user = data.sops_file.secrets.data["minio_root_user"]
|
||||
minio_password = data.sops_file.secrets.data["minio_root_password"]
|
||||
minio_region = "us-east-1"
|
||||
minio_ssl = true
|
||||
}
|
||||
|
@@ -1,4 +1,4 @@
|
||||
minio_endpoint: ENC[AES256_GCM,data:Lx05cjWbTqmXpGMVjJIuFS0blA7m9P0gJH0p+Z8OteM=,iv:SvcuQojEK4nMXY+80oSGSnovKtN221xgGtRHd0U5OaA=,tag:UrWetEvmP4qkBo5kMfzALg==,type:str]
|
||||
minio_server: ENC[AES256_GCM,data:NYLbkjMG3Fr/aPhwirJPWQbiNgn+oSRDzw==,iv:BX5TwBgI/Qe+LZKJ343TNLOnTwtxv4UPDYWMtZof4QM=,tag:a/9r9UPYu2X6YpZFKeFhng==,type:str]
|
||||
minio_root_user: ENC[AES256_GCM,data:9n5EvcU=,iv:hMpFlmvwYcjHdcdg6zNfHimjhltgTUe7nBUMV6HQi/U=,tag:nSwSU0ebzbH1SWR0ULLhKg==,type:str]
|
||||
minio_root_password: ENC[AES256_GCM,data:TE4Etq58bqOdB6ya13cLfZBdgnI=,iv:y0UF4eC1Gx6zdNEuXTS5GbiYran45w63YjEu4od+ExY=,tag:Qyk+r8NIMc3NltagK5Rrjw==,type:str]
|
||||
sops:
|
||||
@@ -16,8 +16,8 @@ sops:
|
||||
ZFlyQ1lGbnVPaSs4cytQYzNwRnJabmcKP0ogZqsaoD6heCqmObwttBgE039aLqe2
|
||||
R55NPkQJJyFSbDbdDmPApE4IwtXay54QGw2RR4AxOZW4G2dWhdzP3w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-11-16T01:41:33Z"
|
||||
mac: ENC[AES256_GCM,data:PBr4A9D6grWs7HgMGloDnDOhhT4/v4PvyqFxhdfzsm38FfZomceh7PpfMbdEH/Fv6Jsv9Z8f7aWTCt4IiSCGENJyZSGIL14ABDw/ao44Q1wtsh2Axjm4KWPr1iWWtu/Cbdv22vdbK2hlM0sXkCfiPboWIkVpaFTQQ5EW7+stryw=,iv:2Vdp7i4EdL/LVo9BD3PVCn5lan/J0khVdOcIIv66ayE=,tag:X5LdJESAcdDRXOQNlYoP3A==,type:str]
|
||||
lastmodified: "2023-11-21T21:49:39Z"
|
||||
mac: ENC[AES256_GCM,data:c88bI6mQ7jWt2x4+TUqyMYEcymeDrelAxn71Sk0UrDhy/nVQwzUK5kpgSsxKLm54KAYSgedhK+gd9lZtIMFb31tQovsqH2L3YwZEfZj/gRbeysfFNKDSNyYGcR1Qn21YlsVG3hjCow6/c7wadJdYH+7GfoGw4yMzfcreUs6QbYs=,iv:ElJDRvMhNPDgvBR2DKLJY2Nan7nY+SoK7AhZ+zEoAfs=,tag:bYYS/iTCLHNLr/srjyY72Q==,type:str]
|
||||
pgp: []
|
||||
unencrypted_regex: ^(kind)$
|
||||
version: 3.8.1
|
||||
|
@@ -1,15 +1,14 @@
|
||||
resource "aws_s3_bucket" "volsync" {
|
||||
resource "minio_s3_bucket" "volsync" {
|
||||
bucket = "volsync"
|
||||
acl = "private"
|
||||
}
|
||||
|
||||
resource "aws_iam_user" "volsync_user" {
|
||||
resource "minio_iam_user" "volsync_user" {
|
||||
name = "volsync"
|
||||
}
|
||||
|
||||
resource "aws_iam_policy" "volsync_private" {
|
||||
resource "minio_iam_policy" "volsync_private" {
|
||||
name = "volsync_private"
|
||||
description = "Policy for volsync user to access volsync bucket"
|
||||
|
||||
policy = jsonencode({
|
||||
Version = "2012-10-17",
|
||||
@@ -31,7 +30,7 @@ resource "aws_iam_policy" "volsync_private" {
|
||||
})
|
||||
}
|
||||
|
||||
resource "aws_iam_user_policy_attachment" "volsync_user_policy_attachment" {
|
||||
user = aws_iam_user.volsync_user.name
|
||||
policy_arn = aws_iam_policy.volsync_private.arn
|
||||
resource "minio_iam_user_policy_attachment" "volsync_user_policy_attachment" {
|
||||
user_name = minio_iam_user.volsync_user.name
|
||||
policy_name = minio_iam_policy.volsync_private.name
|
||||
}
|
||||
|
Reference in New Issue
Block a user