🔥 remove terraform

2025-09-17 18:24:14 +02:00 · 2023-11-21 23:04:39 +01:00
parent 19491c9d8c
commit 8bbb6c6c68
14 changed files with 0 additions and 341 deletions
--- a/.github/workflows/publish-terraform.yaml
+++ b/.github/workflows/publish-terraform.yaml
@@ -1,59 +0,0 @@
 ---
 name: "Publish Terraform"
 on:
  workflow_dispatch:
  push:
    branches: ["main"]
    paths: ["terraform/**"]
 jobs:
  publish-terraform:
    name: Publish Terraform
    runs-on: ubuntu-latest
    permissions:
      packages: write
      id-token: write
    steps:
      - name: Generate Token
        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
        id: generate-token
        with:
          app_id: "${{ secrets.BOT_APP_ID }}"
          private_key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
      - name: Checkout
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
        with:
          token: "${{ steps.generate-token.outputs.token }}"
      - name: Setup Homebrew
        uses: Homebrew/actions/setup-homebrew@master
      - name: Setup Tools
        shell: bash
        run: brew install cosign fluxcd/tap/flux
      - name: Login to GitHub Container Registry
        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
        with:
          registry: ghcr.io
          username: "${{ github.actor }}"
          password: "${{ secrets.GITHUB_TOKEN }}"
      - name: Generate tag
        id: generate-tag
        shell: bash
        run: echo "tag=ghcr.io/${{ github.repository_owner }}/manifests/terraform:$(git rev-parse --short HEAD)" >> "${GITHUB_OUTPUT}"
      - name: Publish manifests
        shell: bash
        run: |
          flux push artifact oci://${{ steps.generate-tag.outputs.tag }} \
              --path="./terraform" \
              --source="$(git config --get remote.origin.url)" \
              --revision="$(git branch --show-current)/$(git rev-parse HEAD)"
      - name: Tag manifests
        shell: bash
        run: flux tag artifact oci://${{ steps.generate-tag.outputs.tag }} --tag main
--- a/kubernetes/apps/flux-system/kustomization.yaml
+++ b/kubernetes/apps/flux-system/kustomization.yaml
@@ -7,6 +7,5 @@ resources:
  - ./namespace.yaml
  # Flux-Kustomizations
  - ./addons/ks.yaml
  - ./tf-controller/ks.yaml
  - ./weave-gitops/ks.yaml
  # Standard Resources
--- a/kubernetes/apps/flux-system/tf-controller/app/externalsecret.yaml
+++ b/kubernetes/apps/flux-system/tf-controller/app/externalsecret.yaml
@@ -1,38 +0,0 @@
 ---
 # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
  name: tf-controller-sops
  namespace: flux-system
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: onepassword-connect
  target:
    name: tf-controller-sops-secret
    creationPolicy: Owner
  data:
    - secretKey: keys.txt
      remoteRef:
        key: tf-controller
        property: sops_key
 ---
 # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/external-secrets.io/externalsecret_v1beta1.json
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
  name: tf-controller-op
  namespace: flux-system
 spec:
  secretStoreRef:
    kind: ClusterSecretStore
    name: onepassword-connect
  target:
    name: tf-controller-op-secret
    creationPolicy: Owner
  data:
    - secretKey: OP_CONNECT_TOKEN
      remoteRef:
        key: tf-controller
        property: 1password_connect_token
--- a/kubernetes/apps/flux-system/tf-controller/app/helmrelease.yaml
+++ b/kubernetes/apps/flux-system/tf-controller/app/helmrelease.yaml
@@ -1,33 +0,0 @@
 ---
 # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helm.toolkit.fluxcd.io/helmrelease_v2beta1.json
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
  name: tf-controller
  namespace: flux-system
 spec:
  interval: 30m
  chart:
    spec:
      chart: tf-controller
      version: 0.15.1
      sourceRef:
        kind: HelmRepository
        name: weaveworks
        namespace: flux-system
  maxHistory: 2
  install:
    remediation:
      retries: 3
  upgrade:
    cleanupOnFail: true
    remediation:
      retries: 3
  uninstall:
    keepHistory: false
  values:
    installCRDs: true
    metrics:
      enabled: true
      serviceMonitor:
        enabled: true
--- a/kubernetes/apps/flux-system/tf-controller/app/kustomization.yaml
+++ b/kubernetes/apps/flux-system/tf-controller/app/kustomization.yaml
@@ -1,8 +0,0 @@
 ---
 # yaml-language-server: $schema=https://json.schemastore.org/kustomization
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: flux-system
 resources:
  - ./externalsecret.yaml
  - ./helmrelease.yaml
--- a/kubernetes/apps/flux-system/tf-controller/ks.yaml
+++ b/kubernetes/apps/flux-system/tf-controller/ks.yaml
@@ -1,43 +0,0 @@
 ---
 # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomize.toolkit.fluxcd.io/kustomization_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
  name: cluster-apps-tf-controller
  namespace: flux-system
  labels:
    substitution.flux.home.arpa/enabled: "true"
 spec:
  dependsOn:
    - name: cluster-apps-external-secrets-stores
  path: ./kubernetes/apps/flux-system/tf-controller/app
  prune: true
  sourceRef:
    kind: GitRepository
    name: home-ops-kubernetes
  wait: true
  interval: 30m
  retryInterval: 1m
  timeout: 5m
 ---
 # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomize.toolkit.fluxcd.io/kustomization_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
  name: cluster-apps-tf-controller-terraforms
  namespace: flux-system
  labels:
    substitution.flux.home.arpa/enabled: "true"
 spec:
  dependsOn:
    - name: cluster-apps-external-secrets-stores
    - name: cluster-apps-tf-controller
  path: ./kubernetes/apps/flux-system/tf-controller/terraforms
  prune: true
  sourceRef:
    kind: GitRepository
    name: home-ops-kubernetes
  wait: false
  interval: 30m
  retryInterval: 1m
  timeout: 5m
--- a/kubernetes/apps/flux-system/tf-controller/terraforms/kustomization.yaml
+++ b/kubernetes/apps/flux-system/tf-controller/terraforms/kustomization.yaml
@@ -1,7 +0,0 @@
 ---
 # yaml-language-server: $schema=https://json.schemastore.org/kustomization
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - ./ocirepository.yaml
  - ./terraform.yaml
--- a/kubernetes/apps/flux-system/tf-controller/terraforms/ocirepository.yaml
+++ b/kubernetes/apps/flux-system/tf-controller/terraforms/ocirepository.yaml
@@ -1,12 +0,0 @@
 ---
 # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/source.toolkit.fluxcd.io/ocirepository_v1beta2.json
 apiVersion: source.toolkit.fluxcd.io/v1beta2
 kind: OCIRepository
 metadata:
  name: terraform
  namespace: flux-system
 spec:
  interval: 1m
  url: oci://ghcr.io/auricom/manifests/terraform
  ref:
    tag: main
--- a/kubernetes/apps/flux-system/tf-controller/terraforms/terraform.yaml
+++ b/kubernetes/apps/flux-system/tf-controller/terraforms/terraform.yaml
@@ -1,33 +0,0 @@
 # yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/infra.contrib.fluxcd.io/terraform_v1alpha2.json
 apiVersion: infra.contrib.fluxcd.io/v1alpha2
 kind: Terraform
 metadata:
  name: storage-apps
  namespace: flux-system
 spec:
  suspend: false
  approvePlan: auto
  interval: 12h
  path: ./storage/minio
  sourceRef:
    kind: OCIRepository
    name: terraform
    namespace: flux-system
  runnerPodTemplate:
    spec:
      env:
        - name: OP_CONNECT_HOST
          value: http://onepassword-connect.kube-system.svc.cluster.local:8080
        - name: OP_CONNECT_TOKEN
          valueFrom:
            secretKeyRef:
              name: tf-controller-op-secret
              key: OP_CONNECT_TOKEN
      volumeMounts:
        - name: sops
          mountPath: /home/runner/.config/sops/age/keys.txt
          subPath: keys.txt
      volumes:
        - name: sops
          secret:
            secretName: tf-controller-sops-secret
--- a/shell.nix
+++ b/shell.nix
@@ -1,13 +0,0 @@
 let
  # Configure Nix to allow unfree packages.
  config = {
    allowUnfree = true;
  };
  pkgs = import <nixpkgs> {inherit config;};
 in
  pkgs.mkShell {
    buildInputs = with pkgs; [
      terraform
      tflint
    ];
  }
--- a/terraform/storage/minio/main.tf
+++ b/terraform/storage/minio/main.tf
@@ -1,28 +0,0 @@
 terraform {
  cloud {
    hostname     = "app.terraform.io"
    organization = "onedr0p"
    workspaces {
      name = "arpa-home-storage"
    }
  }
  required_providers {
    sops = {
      source  = "carlpett/sops"
      version = "1.0.0"
    }
    time = {
      source  = "hashicorp/time"
      version = "0.9.1"
    }
    minio = {
      source  = "aminueza/minio"
      version = "~> 2.0"  # Replace with your desired version constraint
    }
  }
  required_version = ">= 1.3.0"
 }
 data "sops_file" "secrets" {
  source_file = "./secrets.sops.yaml"
 }
--- a/terraform/storage/minio/providers.tf
+++ b/terraform/storage/minio/providers.tf
@@ -1,7 +0,0 @@
 provider "minio" {
  minio_server   = data.sops_file.secrets.data["minio_server"]
  minio_user     = data.sops_file.secrets.data["minio_root_user"]
  minio_password = data.sops_file.secrets.data["minio_root_password"]
  minio_region   = "us-east-1"
  minio_ssl      = true
 }
--- a/terraform/storage/minio/secrets.sops.yaml
+++ b/terraform/storage/minio/secrets.sops.yaml
@@ -1,23 +0,0 @@
 minio_server: ENC[AES256_GCM,data:NYLbkjMG3Fr/aPhwirJPWQbiNgn+oSRDzw==,iv:BX5TwBgI/Qe+LZKJ343TNLOnTwtxv4UPDYWMtZof4QM=,tag:a/9r9UPYu2X6YpZFKeFhng==,type:str]
 minio_root_user: ENC[AES256_GCM,data:9n5EvcU=,iv:hMpFlmvwYcjHdcdg6zNfHimjhltgTUe7nBUMV6HQi/U=,tag:nSwSU0ebzbH1SWR0ULLhKg==,type:str]
 minio_root_password: ENC[AES256_GCM,data:TE4Etq58bqOdB6ya13cLfZBdgnI=,iv:y0UF4eC1Gx6zdNEuXTS5GbiYran45w63YjEu4od+ExY=,tag:Qyk+r8NIMc3NltagK5Rrjw==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVy9DRjhqOW05Wm4rNXZo
            bFJxem9UZjNSQW5UaTRZaWQ1clZQSHJrNHpVCmo3Y0RPd1BRRC9ZZHJ0SndSUXJv
            UkpPWTNOUWFPL1hCUGJrTFBPZml5QncKLS0tIGI5UUJKMXR0d1d3ZzRDSURuWVFl
            ZFlyQ1lGbnVPaSs4cytQYzNwRnJabmcKP0ogZqsaoD6heCqmObwttBgE039aLqe2
            R55NPkQJJyFSbDbdDmPApE4IwtXay54QGw2RR4AxOZW4G2dWhdzP3w==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2023-11-21T21:49:39Z"
    mac: ENC[AES256_GCM,data:c88bI6mQ7jWt2x4+TUqyMYEcymeDrelAxn71Sk0UrDhy/nVQwzUK5kpgSsxKLm54KAYSgedhK+gd9lZtIMFb31tQovsqH2L3YwZEfZj/gRbeysfFNKDSNyYGcR1Qn21YlsVG3hjCow6/c7wadJdYH+7GfoGw4yMzfcreUs6QbYs=,iv:ElJDRvMhNPDgvBR2DKLJY2Nan7nY+SoK7AhZ+zEoAfs=,tag:bYYS/iTCLHNLr/srjyY72Q==,type:str]
    pgp: []
    unencrypted_regex: ^(kind)$
    version: 3.8.1
--- a/terraform/storage/minio/svc_volsync.tf
+++ b/terraform/storage/minio/svc_volsync.tf
@@ -1,36 +0,0 @@
 resource "minio_s3_bucket" "volsync" {
  bucket = "volsync"
  acl    = "private"
 }
 resource "minio_iam_user" "volsync_user" {
  name = "volsync"
 }
 resource "minio_iam_policy" "volsync_private" {
  name        = "volsync_private"
  policy = jsonencode({
    Version = "2012-10-17",
    Statement = [
      {
        Action = [
          "s3:ListBucket",
          "s3:PutObject",
          "s3:GetObject",
          "s3:DeleteObject"
        ],
        Effect = "Allow",
        Resource = [
          "arn:aws:s3:::volsync/*",
          "arn:aws:s3:::volsync"
        ]
      }
    ]
  })
 }
 resource "minio_iam_user_policy_attachment" "volsync_user_policy_attachment" {
  user_name   = minio_iam_user.volsync_user.name
  policy_name = minio_iam_policy.volsync_private.name
 }