🔥 remove terraform

2025-09-17 18:24:14 +02:00 · 2023-11-21 23:04:39 +01:00
parent 19491c9d8c
commit 8bbb6c6c68
14 changed files with 0 additions and 341 deletions
--- a/.github/workflows/publish-terraform.yaml
+++ b/.github/workflows/publish-terraform.yaml
@@ -1,59 +0,0 @@
---
-name: "Publish Terraform"
-
-on:
-  workflow_dispatch:
-  push:
-    branches: ["main"]
-    paths: ["terraform/**"]
-
-jobs:
-  publish-terraform:
-    name: Publish Terraform
-    runs-on: ubuntu-latest
-    permissions:
-      packages: write
-      id-token: write
-    steps:
-      - name: Generate Token
-        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
-        id: generate-token
-        with:
-          app_id: "${{ secrets.BOT_APP_ID }}"
-          private_key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
-
-      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-        with:
-          token: "${{ steps.generate-token.outputs.token }}"
-
-      - name: Setup Homebrew
-        uses: Homebrew/actions/setup-homebrew@master
-
-      - name: Setup Tools
-        shell: bash
-        run: brew install cosign fluxcd/tap/flux
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
-        with:
-          registry: ghcr.io
-          username: "${{ github.actor }}"
-          password: "${{ secrets.GITHUB_TOKEN }}"
-
-      - name: Generate tag
-        id: generate-tag
-        shell: bash
-        run: echo "tag=ghcr.io/${{ github.repository_owner }}/manifests/terraform:$(git rev-parse --short HEAD)" >> "${GITHUB_OUTPUT}"
-
-      - name: Publish manifests
-        shell: bash
-        run: |
-          flux push artifact oci://${{ steps.generate-tag.outputs.tag }} \
-              --path="./terraform" \
-              --source="$(git config --get remote.origin.url)" \
-              --revision="$(git branch --show-current)/$(git rev-parse HEAD)"
-
-      - name: Tag manifests
-        shell: bash
-        run: flux tag artifact oci://${{ steps.generate-tag.outputs.tag }} --tag main
--- a/kubernetes/apps/flux-system/kustomization.yaml
+++ b/kubernetes/apps/flux-system/kustomization.yaml
@@ -7,6 +7,5 @@ resources:
  - ./namespace.yaml
  # Flux-Kustomizations
  - ./addons/ks.yaml
-  - ./tf-controller/ks.yaml
  - ./weave-gitops/ks.yaml
  # Standard Resources
--- a/kubernetes/apps/flux-system/tf-controller/app/externalsecret.yaml
+++ b/kubernetes/apps/flux-system/tf-controller/app/externalsecret.yaml
@@ -1,38 +0,0 @@
---
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: tf-controller-sops
-  namespace: flux-system
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: onepassword-connect
-  target:
-    name: tf-controller-sops-secret
-    creationPolicy: Owner
-  data:
-    - secretKey: keys.txt
-      remoteRef:
-        key: tf-controller
-        property: sops_key
---
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
-  name: tf-controller-op
-  namespace: flux-system
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: onepassword-connect
-  target:
-    name: tf-controller-op-secret
-    creationPolicy: Owner
-  data:
-    - secretKey: OP_CONNECT_TOKEN
-      remoteRef:
-        key: tf-controller
-        property: 1password_connect_token
--- a/kubernetes/apps/flux-system/tf-controller/app/helmrelease.yaml
+++ b/kubernetes/apps/flux-system/tf-controller/app/helmrelease.yaml
@@ -1,33 +0,0 @@
---
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: tf-controller
-  namespace: flux-system
-spec:
-  interval: 30m
-  chart:
-    spec:
-      chart: tf-controller
-      version: 0.15.1
-      sourceRef:
-        kind: HelmRepository
-        name: weaveworks
-        namespace: flux-system
-  maxHistory: 2
-  install:
-    remediation:
-      retries: 3
-  upgrade:
-    cleanupOnFail: true
-    remediation:
-      retries: 3
-  uninstall:
-    keepHistory: false
-  values:
-    installCRDs: true
-    metrics:
-      enabled: true
-      serviceMonitor:
-        enabled: true
--- a/kubernetes/apps/flux-system/tf-controller/app/kustomization.yaml
+++ b/kubernetes/apps/flux-system/tf-controller/app/kustomization.yaml
@@ -1,8 +0,0 @@
---
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: flux-system
-resources:
-  - ./externalsecret.yaml
-  - ./helmrelease.yaml
--- a/kubernetes/apps/flux-system/tf-controller/ks.yaml
+++ b/kubernetes/apps/flux-system/tf-controller/ks.yaml
@@ -1,43 +0,0 @@
---
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomize.toolkit.fluxcd.io/kustomization_v1.json
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: cluster-apps-tf-controller
-  namespace: flux-system
-  labels:
-    substitution.flux.home.arpa/enabled: "true"
-spec:
-  dependsOn:
-    - name: cluster-apps-external-secrets-stores
-  path: ./kubernetes/apps/flux-system/tf-controller/app
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: home-ops-kubernetes
-  wait: true
-  interval: 30m
-  retryInterval: 1m
-  timeout: 5m
---
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomize.toolkit.fluxcd.io/kustomization_v1.json
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: cluster-apps-tf-controller-terraforms
-  namespace: flux-system
-  labels:
-    substitution.flux.home.arpa/enabled: "true"
-spec:
-  dependsOn:
-    - name: cluster-apps-external-secrets-stores
-    - name: cluster-apps-tf-controller
-  path: ./kubernetes/apps/flux-system/tf-controller/terraforms
-  prune: true
-  sourceRef:
-    kind: GitRepository
-    name: home-ops-kubernetes
-  wait: false
-  interval: 30m
-  retryInterval: 1m
-  timeout: 5m
--- a/kubernetes/apps/flux-system/tf-controller/terraforms/kustomization.yaml
+++ b/kubernetes/apps/flux-system/tf-controller/terraforms/kustomization.yaml
@@ -1,7 +0,0 @@
---
-# yaml-language-server: $schema=https://json.schemastore.org/kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - ./ocirepository.yaml
-  - ./terraform.yaml
--- a/kubernetes/apps/flux-system/tf-controller/terraforms/ocirepository.yaml
+++ b/kubernetes/apps/flux-system/tf-controller/terraforms/ocirepository.yaml
@@ -1,12 +0,0 @@
---
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/source.toolkit.fluxcd.io/ocirepository_v1beta2.json
-apiVersion: source.toolkit.fluxcd.io/v1beta2
-kind: OCIRepository
-metadata:
-  name: terraform
-  namespace: flux-system
-spec:
-  interval: 1m
-  url: oci://ghcr.io/auricom/manifests/terraform
-  ref:
-    tag: main
--- a/kubernetes/apps/flux-system/tf-controller/terraforms/terraform.yaml
+++ b/kubernetes/apps/flux-system/tf-controller/terraforms/terraform.yaml
@@ -1,33 +0,0 @@
-# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/infra.contrib.fluxcd.io/terraform_v1alpha2.json
-apiVersion: infra.contrib.fluxcd.io/v1alpha2
-kind: Terraform
-metadata:
-  name: storage-apps
-  namespace: flux-system
-spec:
-  suspend: false
-  approvePlan: auto
-  interval: 12h
-  path: ./storage/minio
-  sourceRef:
-    kind: OCIRepository
-    name: terraform
-    namespace: flux-system
-  runnerPodTemplate:
-    spec:
-      env:
-        - name: OP_CONNECT_HOST
-          value: http://onepassword-connect.kube-system.svc.cluster.local:8080
-        - name: OP_CONNECT_TOKEN
-          valueFrom:
-            secretKeyRef:
-              name: tf-controller-op-secret
-              key: OP_CONNECT_TOKEN
-      volumeMounts:
-        - name: sops
-          mountPath: /home/runner/.config/sops/age/keys.txt
-          subPath: keys.txt
-      volumes:
-        - name: sops
-          secret:
-            secretName: tf-controller-sops-secret
--- a/shell.nix
+++ b/shell.nix
@@ -1,13 +0,0 @@
-let
-  # Configure Nix to allow unfree packages.
-  config = {
-    allowUnfree = true;
-  };
-  pkgs = import <nixpkgs> {inherit config;};
-in
-  pkgs.mkShell {
-    buildInputs = with pkgs; [
-      terraform
-      tflint
-    ];
-  }
--- a/terraform/storage/minio/main.tf
+++ b/terraform/storage/minio/main.tf
@@ -1,28 +0,0 @@
-terraform {
-  cloud {
-    hostname     = "app.terraform.io"
-    organization = "onedr0p"
-    workspaces {
-      name = "arpa-home-storage"
-    }
-  }
-  required_providers {
-    sops = {
-      source  = "carlpett/sops"
-      version = "1.0.0"
-    }
-    time = {
-      source  = "hashicorp/time"
-      version = "0.9.1"
-    }
-    minio = {
-      source  = "aminueza/minio"
-      version = "~> 2.0"  # Replace with your desired version constraint
-    }
-  }
-  required_version = ">= 1.3.0"
-}
-
-data "sops_file" "secrets" {
-  source_file = "./secrets.sops.yaml"
-}
--- a/terraform/storage/minio/providers.tf
+++ b/terraform/storage/minio/providers.tf
@@ -1,7 +0,0 @@
-provider "minio" {
-  minio_server   = data.sops_file.secrets.data["minio_server"]
-  minio_user     = data.sops_file.secrets.data["minio_root_user"]
-  minio_password = data.sops_file.secrets.data["minio_root_password"]
-  minio_region   = "us-east-1"
-  minio_ssl      = true
-}
--- a/terraform/storage/minio/secrets.sops.yaml
+++ b/terraform/storage/minio/secrets.sops.yaml
@@ -1,23 +0,0 @@
-minio_server: ENC[AES256_GCM,data:NYLbkjMG3Fr/aPhwirJPWQbiNgn+oSRDzw==,iv:BX5TwBgI/Qe+LZKJ343TNLOnTwtxv4UPDYWMtZof4QM=,tag:a/9r9UPYu2X6YpZFKeFhng==,type:str]
-minio_root_user: ENC[AES256_GCM,data:9n5EvcU=,iv:hMpFlmvwYcjHdcdg6zNfHimjhltgTUe7nBUMV6HQi/U=,tag:nSwSU0ebzbH1SWR0ULLhKg==,type:str]
-minio_root_password: ENC[AES256_GCM,data:TE4Etq58bqOdB6ya13cLfZBdgnI=,iv:y0UF4eC1Gx6zdNEuXTS5GbiYran45w63YjEu4od+ExY=,tag:Qyk+r8NIMc3NltagK5Rrjw==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVy9DRjhqOW05Wm4rNXZo
-            bFJxem9UZjNSQW5UaTRZaWQ1clZQSHJrNHpVCmo3Y0RPd1BRRC9ZZHJ0SndSUXJv
-            UkpPWTNOUWFPL1hCUGJrTFBPZml5QncKLS0tIGI5UUJKMXR0d1d3ZzRDSURuWVFl
-            ZFlyQ1lGbnVPaSs4cytQYzNwRnJabmcKP0ogZqsaoD6heCqmObwttBgE039aLqe2
-            R55NPkQJJyFSbDbdDmPApE4IwtXay54QGw2RR4AxOZW4G2dWhdzP3w==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-11-21T21:49:39Z"
-    mac: ENC[AES256_GCM,data:c88bI6mQ7jWt2x4+TUqyMYEcymeDrelAxn71Sk0UrDhy/nVQwzUK5kpgSsxKLm54KAYSgedhK+gd9lZtIMFb31tQovsqH2L3YwZEfZj/gRbeysfFNKDSNyYGcR1Qn21YlsVG3hjCow6/c7wadJdYH+7GfoGw4yMzfcreUs6QbYs=,iv:ElJDRvMhNPDgvBR2DKLJY2Nan7nY+SoK7AhZ+zEoAfs=,tag:bYYS/iTCLHNLr/srjyY72Q==,type:str]
-    pgp: []
-    unencrypted_regex: ^(kind)$
-    version: 3.8.1
--- a/terraform/storage/minio/svc_volsync.tf
+++ b/terraform/storage/minio/svc_volsync.tf
@@ -1,36 +0,0 @@
-resource "minio_s3_bucket" "volsync" {
-  bucket = "volsync"
-  acl    = "private"
-}
-
-resource "minio_iam_user" "volsync_user" {
-  name = "volsync"
-}
-
-resource "minio_iam_policy" "volsync_private" {
-  name        = "volsync_private"
-
-  policy = jsonencode({
-    Version = "2012-10-17",
-    Statement = [
-      {
-        Action = [
-          "s3:ListBucket",
-          "s3:PutObject",
-          "s3:GetObject",
-          "s3:DeleteObject"
-        ],
-        Effect = "Allow",
-        Resource = [
-          "arn:aws:s3:::volsync/*",
-          "arn:aws:s3:::volsync"
-        ]
-      }
-    ]
-  })
-}
-
-resource "minio_iam_user_policy_attachment" "volsync_user_policy_attachment" {
-  user_name   = minio_iam_user.volsync_user.name
-  policy_name = minio_iam_policy.volsync_private.name
-}