From 8bbb6c6c683224d0f215acf492ca105ff7288e4c Mon Sep 17 00:00:00 2001 From: auricom <27022259+auricom@users.noreply.github.com> Date: Tue, 21 Nov 2023 23:04:39 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A5=20remove=20terraform?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/publish-terraform.yaml | 59 ------------------- .../apps/flux-system/kustomization.yaml | 1 - .../tf-controller/app/externalsecret.yaml | 38 ------------ .../tf-controller/app/helmrelease.yaml | 33 ----------- .../tf-controller/app/kustomization.yaml | 8 --- .../apps/flux-system/tf-controller/ks.yaml | 43 -------------- .../terraforms/kustomization.yaml | 7 --- .../terraforms/ocirepository.yaml | 12 ---- .../tf-controller/terraforms/terraform.yaml | 33 ----------- shell.nix | 13 ---- terraform/storage/minio/main.tf | 28 --------- terraform/storage/minio/providers.tf | 7 --- terraform/storage/minio/secrets.sops.yaml | 23 -------- terraform/storage/minio/svc_volsync.tf | 36 ----------- 14 files changed, 341 deletions(-) delete mode 100644 .github/workflows/publish-terraform.yaml delete mode 100644 kubernetes/apps/flux-system/tf-controller/app/externalsecret.yaml delete mode 100644 kubernetes/apps/flux-system/tf-controller/app/helmrelease.yaml delete mode 100644 kubernetes/apps/flux-system/tf-controller/app/kustomization.yaml delete mode 100644 kubernetes/apps/flux-system/tf-controller/ks.yaml delete mode 100644 kubernetes/apps/flux-system/tf-controller/terraforms/kustomization.yaml delete mode 100644 kubernetes/apps/flux-system/tf-controller/terraforms/ocirepository.yaml delete mode 100644 kubernetes/apps/flux-system/tf-controller/terraforms/terraform.yaml delete mode 100644 shell.nix delete mode 100644 terraform/storage/minio/main.tf delete mode 100644 terraform/storage/minio/providers.tf delete mode 100644 terraform/storage/minio/secrets.sops.yaml delete mode 100644 terraform/storage/minio/svc_volsync.tf diff --git a/.github/workflows/publish-terraform.yaml b/.github/workflows/publish-terraform.yaml deleted file mode 100644 index 39800fa83..000000000 --- a/.github/workflows/publish-terraform.yaml +++ /dev/null @@ -1,59 +0,0 @@ ---- -name: "Publish Terraform" - -on: - workflow_dispatch: - push: - branches: ["main"] - paths: ["terraform/**"] - -jobs: - publish-terraform: - name: Publish Terraform - runs-on: ubuntu-latest - permissions: - packages: write - id-token: write - steps: - - name: Generate Token - uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 - id: generate-token - with: - app_id: "${{ secrets.BOT_APP_ID }}" - private_key: "${{ secrets.BOT_APP_PRIVATE_KEY }}" - - - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - token: "${{ steps.generate-token.outputs.token }}" - - - name: Setup Homebrew - uses: Homebrew/actions/setup-homebrew@master - - - name: Setup Tools - shell: bash - run: brew install cosign fluxcd/tap/flux - - - name: Login to GitHub Container Registry - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 - with: - registry: ghcr.io - username: "${{ github.actor }}" - password: "${{ secrets.GITHUB_TOKEN }}" - - - name: Generate tag - id: generate-tag - shell: bash - run: echo "tag=ghcr.io/${{ github.repository_owner }}/manifests/terraform:$(git rev-parse --short HEAD)" >> "${GITHUB_OUTPUT}" - - - name: Publish manifests - shell: bash - run: | - flux push artifact oci://${{ steps.generate-tag.outputs.tag }} \ - --path="./terraform" \ - --source="$(git config --get remote.origin.url)" \ - --revision="$(git branch --show-current)/$(git rev-parse HEAD)" - - - name: Tag manifests - shell: bash - run: flux tag artifact oci://${{ steps.generate-tag.outputs.tag }} --tag main diff --git a/kubernetes/apps/flux-system/kustomization.yaml b/kubernetes/apps/flux-system/kustomization.yaml index 031318648..14967ade6 100644 --- a/kubernetes/apps/flux-system/kustomization.yaml +++ b/kubernetes/apps/flux-system/kustomization.yaml @@ -7,6 +7,5 @@ resources: - ./namespace.yaml # Flux-Kustomizations - ./addons/ks.yaml - - ./tf-controller/ks.yaml - ./weave-gitops/ks.yaml # Standard Resources diff --git a/kubernetes/apps/flux-system/tf-controller/app/externalsecret.yaml b/kubernetes/apps/flux-system/tf-controller/app/externalsecret.yaml deleted file mode 100644 index 1092d48fa..000000000 --- a/kubernetes/apps/flux-system/tf-controller/app/externalsecret.yaml +++ /dev/null @@ -1,38 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: tf-controller-sops - namespace: flux-system -spec: - secretStoreRef: - kind: ClusterSecretStore - name: onepassword-connect - target: - name: tf-controller-sops-secret - creationPolicy: Owner - data: - - secretKey: keys.txt - remoteRef: - key: tf-controller - property: sops_key ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: tf-controller-op - namespace: flux-system -spec: - secretStoreRef: - kind: ClusterSecretStore - name: onepassword-connect - target: - name: tf-controller-op-secret - creationPolicy: Owner - data: - - secretKey: OP_CONNECT_TOKEN - remoteRef: - key: tf-controller - property: 1password_connect_token diff --git a/kubernetes/apps/flux-system/tf-controller/app/helmrelease.yaml b/kubernetes/apps/flux-system/tf-controller/app/helmrelease.yaml deleted file mode 100644 index 202f2e9e6..000000000 --- a/kubernetes/apps/flux-system/tf-controller/app/helmrelease.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: tf-controller - namespace: flux-system -spec: - interval: 30m - chart: - spec: - chart: tf-controller - version: 0.15.1 - sourceRef: - kind: HelmRepository - name: weaveworks - namespace: flux-system - maxHistory: 2 - install: - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - retries: 3 - uninstall: - keepHistory: false - values: - installCRDs: true - metrics: - enabled: true - serviceMonitor: - enabled: true diff --git a/kubernetes/apps/flux-system/tf-controller/app/kustomization.yaml b/kubernetes/apps/flux-system/tf-controller/app/kustomization.yaml deleted file mode 100644 index 8dd57db30..000000000 --- a/kubernetes/apps/flux-system/tf-controller/app/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: flux-system -resources: - - ./externalsecret.yaml - - ./helmrelease.yaml diff --git a/kubernetes/apps/flux-system/tf-controller/ks.yaml b/kubernetes/apps/flux-system/tf-controller/ks.yaml deleted file mode 100644 index 1f26ed27d..000000000 --- a/kubernetes/apps/flux-system/tf-controller/ks.yaml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomize.toolkit.fluxcd.io/kustomization_v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: cluster-apps-tf-controller - namespace: flux-system - labels: - substitution.flux.home.arpa/enabled: "true" -spec: - dependsOn: - - name: cluster-apps-external-secrets-stores - path: ./kubernetes/apps/flux-system/tf-controller/app - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - wait: true - interval: 30m - retryInterval: 1m - timeout: 5m ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomize.toolkit.fluxcd.io/kustomization_v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: cluster-apps-tf-controller-terraforms - namespace: flux-system - labels: - substitution.flux.home.arpa/enabled: "true" -spec: - dependsOn: - - name: cluster-apps-external-secrets-stores - - name: cluster-apps-tf-controller - path: ./kubernetes/apps/flux-system/tf-controller/terraforms - prune: true - sourceRef: - kind: GitRepository - name: home-ops-kubernetes - wait: false - interval: 30m - retryInterval: 1m - timeout: 5m diff --git a/kubernetes/apps/flux-system/tf-controller/terraforms/kustomization.yaml b/kubernetes/apps/flux-system/tf-controller/terraforms/kustomization.yaml deleted file mode 100644 index 4743fc902..000000000 --- a/kubernetes/apps/flux-system/tf-controller/terraforms/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./ocirepository.yaml - - ./terraform.yaml diff --git a/kubernetes/apps/flux-system/tf-controller/terraforms/ocirepository.yaml b/kubernetes/apps/flux-system/tf-controller/terraforms/ocirepository.yaml deleted file mode 100644 index 909022d18..000000000 --- a/kubernetes/apps/flux-system/tf-controller/terraforms/ocirepository.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/source.toolkit.fluxcd.io/ocirepository_v1beta2.json -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: OCIRepository -metadata: - name: terraform - namespace: flux-system -spec: - interval: 1m - url: oci://ghcr.io/auricom/manifests/terraform - ref: - tag: main diff --git a/kubernetes/apps/flux-system/tf-controller/terraforms/terraform.yaml b/kubernetes/apps/flux-system/tf-controller/terraforms/terraform.yaml deleted file mode 100644 index 74b660d7c..000000000 --- a/kubernetes/apps/flux-system/tf-controller/terraforms/terraform.yaml +++ /dev/null @@ -1,33 +0,0 @@ -# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/infra.contrib.fluxcd.io/terraform_v1alpha2.json -apiVersion: infra.contrib.fluxcd.io/v1alpha2 -kind: Terraform -metadata: - name: storage-apps - namespace: flux-system -spec: - suspend: false - approvePlan: auto - interval: 12h - path: ./storage/minio - sourceRef: - kind: OCIRepository - name: terraform - namespace: flux-system - runnerPodTemplate: - spec: - env: - - name: OP_CONNECT_HOST - value: http://onepassword-connect.kube-system.svc.cluster.local:8080 - - name: OP_CONNECT_TOKEN - valueFrom: - secretKeyRef: - name: tf-controller-op-secret - key: OP_CONNECT_TOKEN - volumeMounts: - - name: sops - mountPath: /home/runner/.config/sops/age/keys.txt - subPath: keys.txt - volumes: - - name: sops - secret: - secretName: tf-controller-sops-secret diff --git a/shell.nix b/shell.nix deleted file mode 100644 index 037bc77db..000000000 --- a/shell.nix +++ /dev/null @@ -1,13 +0,0 @@ -let - # Configure Nix to allow unfree packages. - config = { - allowUnfree = true; - }; - pkgs = import {inherit config;}; -in - pkgs.mkShell { - buildInputs = with pkgs; [ - terraform - tflint - ]; - } diff --git a/terraform/storage/minio/main.tf b/terraform/storage/minio/main.tf deleted file mode 100644 index 20cccda92..000000000 --- a/terraform/storage/minio/main.tf +++ /dev/null @@ -1,28 +0,0 @@ -terraform { - cloud { - hostname = "app.terraform.io" - organization = "onedr0p" - workspaces { - name = "arpa-home-storage" - } - } - required_providers { - sops = { - source = "carlpett/sops" - version = "1.0.0" - } - time = { - source = "hashicorp/time" - version = "0.9.1" - } - minio = { - source = "aminueza/minio" - version = "~> 2.0" # Replace with your desired version constraint - } - } - required_version = ">= 1.3.0" -} - -data "sops_file" "secrets" { - source_file = "./secrets.sops.yaml" -} diff --git a/terraform/storage/minio/providers.tf b/terraform/storage/minio/providers.tf deleted file mode 100644 index 7a2d6a3f1..000000000 --- a/terraform/storage/minio/providers.tf +++ /dev/null @@ -1,7 +0,0 @@ -provider "minio" { - minio_server = data.sops_file.secrets.data["minio_server"] - minio_user = data.sops_file.secrets.data["minio_root_user"] - minio_password = data.sops_file.secrets.data["minio_root_password"] - minio_region = "us-east-1" - minio_ssl = true -} diff --git a/terraform/storage/minio/secrets.sops.yaml b/terraform/storage/minio/secrets.sops.yaml deleted file mode 100644 index aa94aeaf1..000000000 --- a/terraform/storage/minio/secrets.sops.yaml +++ /dev/null @@ -1,23 +0,0 @@ -minio_server: ENC[AES256_GCM,data:NYLbkjMG3Fr/aPhwirJPWQbiNgn+oSRDzw==,iv:BX5TwBgI/Qe+LZKJ343TNLOnTwtxv4UPDYWMtZof4QM=,tag:a/9r9UPYu2X6YpZFKeFhng==,type:str] -minio_root_user: ENC[AES256_GCM,data:9n5EvcU=,iv:hMpFlmvwYcjHdcdg6zNfHimjhltgTUe7nBUMV6HQi/U=,tag:nSwSU0ebzbH1SWR0ULLhKg==,type:str] -minio_root_password: ENC[AES256_GCM,data:TE4Etq58bqOdB6ya13cLfZBdgnI=,iv:y0UF4eC1Gx6zdNEuXTS5GbiYran45w63YjEu4od+ExY=,tag:Qyk+r8NIMc3NltagK5Rrjw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVy9DRjhqOW05Wm4rNXZo - bFJxem9UZjNSQW5UaTRZaWQ1clZQSHJrNHpVCmo3Y0RPd1BRRC9ZZHJ0SndSUXJv - UkpPWTNOUWFPL1hCUGJrTFBPZml5QncKLS0tIGI5UUJKMXR0d1d3ZzRDSURuWVFl - ZFlyQ1lGbnVPaSs4cytQYzNwRnJabmcKP0ogZqsaoD6heCqmObwttBgE039aLqe2 - R55NPkQJJyFSbDbdDmPApE4IwtXay54QGw2RR4AxOZW4G2dWhdzP3w== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-11-21T21:49:39Z" - mac: ENC[AES256_GCM,data:c88bI6mQ7jWt2x4+TUqyMYEcymeDrelAxn71Sk0UrDhy/nVQwzUK5kpgSsxKLm54KAYSgedhK+gd9lZtIMFb31tQovsqH2L3YwZEfZj/gRbeysfFNKDSNyYGcR1Qn21YlsVG3hjCow6/c7wadJdYH+7GfoGw4yMzfcreUs6QbYs=,iv:ElJDRvMhNPDgvBR2DKLJY2Nan7nY+SoK7AhZ+zEoAfs=,tag:bYYS/iTCLHNLr/srjyY72Q==,type:str] - pgp: [] - unencrypted_regex: ^(kind)$ - version: 3.8.1 diff --git a/terraform/storage/minio/svc_volsync.tf b/terraform/storage/minio/svc_volsync.tf deleted file mode 100644 index 2af77c802..000000000 --- a/terraform/storage/minio/svc_volsync.tf +++ /dev/null @@ -1,36 +0,0 @@ -resource "minio_s3_bucket" "volsync" { - bucket = "volsync" - acl = "private" -} - -resource "minio_iam_user" "volsync_user" { - name = "volsync" -} - -resource "minio_iam_policy" "volsync_private" { - name = "volsync_private" - - policy = jsonencode({ - Version = "2012-10-17", - Statement = [ - { - Action = [ - "s3:ListBucket", - "s3:PutObject", - "s3:GetObject", - "s3:DeleteObject" - ], - Effect = "Allow", - Resource = [ - "arn:aws:s3:::volsync/*", - "arn:aws:s3:::volsync" - ] - } - ] - }) -} - -resource "minio_iam_user_policy_attachment" "volsync_user_policy_attachment" { - user_name = minio_iam_user.volsync_user.name - policy_name = minio_iam_policy.volsync_private.name -}