infrastructure/scaleway.tf

99 lines
2.7 KiB
Terraform
Raw Normal View History

2024-09-25 11:23:52 +00:00
data "scaleway_account_project" "project" {
project_id = "${var.scaleway_project_id}"
}
2024-09-28 01:24:03 +00:00
resource "scaleway_account_ssh_key" "default" {
name = var.default_ssh_key.name
public_key = var.default_ssh_key.public_key
2024-09-25 11:23:52 +00:00
}
2024-09-26 13:49:09 +00:00
data "scaleway_iam_user" "serguzim" {
email = "tobias@msrg.cc"
}
2024-09-27 23:59:53 +00:00
locals {
service_buckets = {for key, val in var.services : key => val if val.bucket}
}
2024-09-25 11:23:52 +00:00
resource "scaleway_iam_application" "service_applications" {
2024-09-27 23:59:53 +00:00
for_each = local.service_buckets
2024-09-25 11:23:52 +00:00
name = each.value.name
}
resource "scaleway_iam_policy" "service_storage_policies" {
2024-09-27 23:59:53 +00:00
for_each = local.service_buckets
2024-09-25 11:23:52 +00:00
name = "${each.key}_storage_policy"
application_id = scaleway_iam_application.service_applications[each.key].id
rule {
project_ids = [data.scaleway_account_project.project.id]
permission_set_names = ["ObjectStorageFullAccess"]
}
}
resource "scaleway_object_bucket" "service_buckets" {
2024-09-27 23:59:53 +00:00
for_each = local.service_buckets
2024-09-25 11:23:52 +00:00
name = "${each.value.name}.serguzim.me"
lifecycle {
prevent_destroy = true
}
}
resource "scaleway_object_bucket_policy" "service_bucket_policies" {
2024-09-27 23:59:53 +00:00
for_each = local.service_buckets
2024-09-25 11:23:52 +00:00
bucket = scaleway_object_bucket.service_buckets[each.key].id
policy = jsonencode({
Version = "2023-04-17",
Id = "${each.key}_bucket_policy",
Statement = [
{
Sid = "Scaleway secure statement"
Effect = "Allow"
Action = "*"
Principal = {
2024-09-26 13:49:09 +00:00
SCW = "user_id:${data.scaleway_iam_user.serguzim.id}"
2024-09-25 11:23:52 +00:00
}
Resource = [
"${scaleway_object_bucket.service_buckets[each.key].name}",
"${scaleway_object_bucket.service_buckets[each.key].name}/*",
]
},
{
Sid = "${each.key} statement"
Effect = "Allow"
Action = "*"
Principal = {
SCW = "application_id:${scaleway_iam_application.service_applications[each.key].id}"
}
Resource = [
"${scaleway_object_bucket.service_buckets[each.key].name}",
"${scaleway_object_bucket.service_buckets[each.key].name}/*",
]
},
]
})
}
resource "time_rotating" "rotate_after_a_year" {
rotation_years = 1
}
resource "scaleway_iam_api_key" "service_keys" {
2024-09-27 23:59:53 +00:00
for_each = local.service_buckets
2024-09-25 11:23:52 +00:00
description = "Service key for ${each.key}"
application_id = scaleway_iam_application.service_applications[each.key].id
expires_at = time_rotating.rotate_after_a_year.rotation_rfc3339
}
2024-09-27 20:56:49 +00:00
resource "scaleway_registry_namespace" "public" {
name = "public.serguzim.net"
description = "Public container registry for serguzim.net"
is_public = true
}
resource "scaleway_registry_namespace" "private" {
name = "private.serguzim.net"
description = "Private container registry for serguzim.net"
is_public = false
}