Add minio to terraform
This commit is contained in:
parent
4264017641
commit
37a304d161
9 changed files with 130 additions and 0 deletions
modules/services
|
@ -4,6 +4,10 @@ terraform {
|
|||
source = "goauthentik/authentik"
|
||||
version = "~> 2025.2.0"
|
||||
}
|
||||
minio = {
|
||||
source = "aminueza/minio"
|
||||
version = "~> 3.5.2"
|
||||
}
|
||||
mailcow = {
|
||||
source = "l-with/mailcow"
|
||||
version = "~> 0.7.5"
|
||||
|
@ -19,4 +23,7 @@ locals {
|
|||
services_auth = {for key, val in var.services : key => val if val.auth}
|
||||
services_database = {for key, val in var.services : key => val if val.database}
|
||||
services_mail = {for key, val in var.services : key => val if val.mail != null}
|
||||
|
||||
services_s3 = {for key, val in var.services : key => (val.s3_buckets != null) ? val.s3_buckets : [key] if (val.s3 == "internal")}
|
||||
buckets_s3 = merge([for key, val in local.services_s3 : {for bucket in val : bucket => key}]...)
|
||||
}
|
||||
|
|
56
modules/services/minio.tf
Normal file
56
modules/services/minio.tf
Normal file
|
@ -0,0 +1,56 @@
|
|||
# Create a user first
|
||||
resource "minio_iam_user" "service_users" {
|
||||
for_each = local.services_s3
|
||||
name = each.key
|
||||
}
|
||||
|
||||
resource "minio_accesskey" "service_access_keys" {
|
||||
for_each = local.services_s3
|
||||
user = minio_iam_user.service_users[each.key].name
|
||||
}
|
||||
|
||||
resource "minio_s3_bucket" "service_buckets" {
|
||||
for_each = local.buckets_s3
|
||||
bucket = replace("${each.key}.serguzim.me", "_", "-")
|
||||
lifecycle {
|
||||
prevent_destroy = true
|
||||
}
|
||||
}
|
||||
|
||||
resource "minio_iam_policy" "service_bucket_policies" {
|
||||
for_each = local.buckets_s3
|
||||
name = each.key
|
||||
policy = jsonencode({
|
||||
Version = "2012-10-17",
|
||||
Statement = [
|
||||
{
|
||||
Sid = "${each.key} statement"
|
||||
Effect = "Allow",
|
||||
Action = ["s3:*"],
|
||||
Principal = "*",
|
||||
Resource = "${minio_s3_bucket.service_buckets[each.key].arn}/*"
|
||||
}
|
||||
]
|
||||
})
|
||||
}
|
||||
|
||||
resource "minio_iam_user_policy_attachment" "service_bucket_policy_attachments" {
|
||||
for_each = local.buckets_s3
|
||||
user_name = minio_iam_user.service_users[each.value].id
|
||||
policy_name = minio_iam_policy.service_bucket_policies[each.key].id
|
||||
}
|
||||
|
||||
//resource "minio_iam_service_account" "service_accounts" {
|
||||
// for_each = minio_iam_user.service_users
|
||||
// target_user = each.value.name
|
||||
// policy = jsonencode({
|
||||
// Version = "2012-10-17",
|
||||
// Statement = [{
|
||||
// Action = [
|
||||
// "s3:*",
|
||||
// ],
|
||||
// "Effect": "Allow",
|
||||
// "Resource": []
|
||||
// }]
|
||||
// })
|
||||
//}
|
|
@ -9,6 +9,19 @@ output "authentik_data" {
|
|||
sensitive = true
|
||||
}
|
||||
|
||||
output "minio_data" {
|
||||
value = {
|
||||
for key, val in local.buckets_s3 : key => {
|
||||
access_key = minio_accesskey.service_access_keys[val].access_key
|
||||
secret_key = minio_accesskey.service_access_keys[val].secret_key
|
||||
name = minio_s3_bucket.service_buckets[key].bucket
|
||||
region = "eu-de-1" // TODO make dynamic
|
||||
api_endpoint = "https://s3.serguzim.me" // TODO make dynamic
|
||||
}
|
||||
}
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
output "postgresql_data" {
|
||||
value = {
|
||||
for key in keys(postgresql_database.service_databases) : key => {
|
||||
|
|
|
@ -17,6 +17,8 @@ variable "services" {
|
|||
auth = bool
|
||||
auth_cert = optional(string)
|
||||
auth_redirects = optional(list(string))
|
||||
s3 = optional(string)
|
||||
s3_buckets = optional(list(string))
|
||||
database = bool
|
||||
mail = optional(string)
|
||||
}))
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue