Refactor output

2024-09-28 18:24:07 +02:00 · 2024-09-28 18:24:07 +02:00 · 8ad3a4a041
commit 8ad3a4a041
parent 01ee9d4b44
9 changed files with 52 additions and 47 deletions
--- a/authentik.tf
+++ b/authentik.tf
@ -11,7 +11,7 @@ data "authentik_property_mapping_provider_scope" "default_scopes" {
 }

 resource "authentik_provider_oauth2" "service_providers" {
-  for_each           = local.service_auths
+  for_each           = local.services_auth
  name               = each.value.name
  client_type        = "confidential"
  client_id          = each.value.name
@ -21,7 +21,7 @@ resource "authentik_provider_oauth2" "service_providers" {
 }

 resource "authentik_application" "service_applications" {
-  for_each          = local.service_auths
+  for_each          = local.services_auth
  name              = each.value.name
  slug              = "${each.value.subdomain}-serguzim-me"
  protocol_provider = authentik_provider_oauth2.service_providers[each.key].id
--- a/main.tf
+++ b/main.tf
@ -86,6 +86,8 @@ provider "tailscale" {
 }

 locals {
-  service_auths = {for key, val in var.services : key => val if val.auth}
+  services_auth = {for key, val in var.services : key => val if val.auth}
+  services_database = {for key, val in var.services : key => val if val.database}
+  services_s3 = {for key, val in var.services : key => val if val.s3}
 }

--- a/output.tf
+++ b/output.tf
@ -16,7 +16,7 @@ output "hosts" {

 output "authentik_data" {
  value = {
-    for key, val in local.service_auths : key => {
+    for key, val in local.services_auth : key => {
      "base_url"      = "${var.authentik_url}/application/o/${authentik_application.service_applications[key].slug}"
      "client_id"     = authentik_provider_oauth2.service_providers[key].client_id
      "client_secret" = authentik_provider_oauth2.service_providers[key].client_secret
@ -25,8 +25,14 @@ output "authentik_data" {
  sensitive = true
 }

-output "postgresql_service_roles" {
-  value = postgresql_role.service_roles
+output "postgresql_data" {
+  value = {
+    for key, val in local.services_auth : key => {
+      "user"      = postgresql_role.service_roles[key].name
+      "pass"      = postgresql_role.service_roles[key].password
+      "database"  = postgresql_database.service_databases[key].name
+    }
+  }
  sensitive = true
 }

@ -37,13 +43,18 @@ output "postgresql" {
  }
 }

-output "scaleway_service_keys" {
-  value       = scaleway_iam_api_key.service_keys
-  sensitive   = true
-}
-
-output "scaleway_service_buckets" {
-  value       = scaleway_object_bucket.service_buckets
+output "scaleway_data" {
+  value = {
+    for key, val in local.services_s3 : key => {
+      "access_key"   = scaleway_iam_api_key.service_keys[key].access_key
+      "secret_key"   = scaleway_iam_api_key.service_keys[key].secret_key
+      "name"         = scaleway_object_bucket.service_buckets[key].name
+      "region"       = scaleway_object_bucket.service_buckets[key].region
+      "endpoint"     = scaleway_object_bucket.service_buckets[key].endpoint
+      "api_endpoint" = scaleway_object_bucket.service_buckets[key].api_endpoint
+    }
+  }
+  sensitive = true
 }

 output "scaleway_registry_endpoint_public" {
--- a/postgresql.tf
+++ b/postgresql.tf
@ -1,23 +1,18 @@
-locals {
-  service_databases = {for key, val in var.services : key => val if val.database}
-}
-
-
 resource "random_password" "postgresql_service_passwords" {
-  for_each = local.service_databases
+  for_each = local.services_database
  length  = 32
  special = false
 }

 resource "postgresql_role" "service_roles" {
-  for_each = local.service_databases
+  for_each = local.services_database
  name     = each.value.name
  login    = true
  password = random_password.postgresql_service_passwords[each.key].result
 }

 resource "postgresql_database" "service_databases" {
-  for_each = local.service_databases
+  for_each = local.services_database
  name     = each.value.name
  owner    = postgresql_role.service_roles[each.key].name
 }
--- a/roles/forgejo/vars/main.yml
+++ b/roles/forgejo/vars/main.yml
@ -71,11 +71,11 @@ forgejo_env:
  FORGEJO__actions__ENABLED: true

  FORGEJO__storage__STORAGE_TYPE: minio
-  FORGEJO__storage__MINIO_ENDPOINT: "{{ opentofu.scaleway_service_buckets.forgejo.api_endpoint | urlsplit('hostname') }}"
-  FORGEJO__storage__MINIO_ACCESS_KEY_ID: "{{ opentofu.scaleway_service_keys.forgejo.access_key }}"
-  FORGEJO__storage__MINIO_SECRET_ACCESS_KEY: "{{ opentofu.scaleway_service_keys.forgejo.secret_key }}"
-  FORGEJO__storage__MINIO_BUCKET: "{{ opentofu.scaleway_service_buckets.forgejo.name }}"
-  FORGEJO__storage__MINIO_LOCATION: "{{ opentofu.scaleway_service_buckets.forgejo.region }}"
+  FORGEJO__storage__MINIO_ENDPOINT: "{{ opentofu.scaleway_data.forgejo.api_endpoint | urlsplit('hostname') }}"
+  FORGEJO__storage__MINIO_ACCESS_KEY_ID: "{{ opentofu.scaleway_data.forgejo.access_key }}"
+  FORGEJO__storage__MINIO_SECRET_ACCESS_KEY: "{{ opentofu.scaleway_data.forgejo.secret_key }}"
+  FORGEJO__storage__MINIO_BUCKET: "{{ opentofu.scaleway_data.forgejo.name }}"
+  FORGEJO__storage__MINIO_LOCATION: "{{ opentofu.scaleway_data.forgejo.region }}"
  FORGEJO__storage__MINIO_USE_SSL: true

  FORGEJO__other__SHOW_FOOTER_VERSION: true
--- a/roles/linkwarden/vars/main.yml
+++ b/roles/linkwarden/vars/main.yml
@ -6,8 +6,8 @@ linkwarden_db_user: "{{ opentofu.postgresql_service_roles.linkwarden.name }}"
 linkwarden_db_pass: "{{ opentofu.postgresql_service_roles.linkwarden.password }}"
 linkwarden_db_database: linkwarden

-linkwarden_s3_accesskey: "{{ opentofu.scaleway_service_keys.linkwarden.access_key }}"
-linkwarden_s3_secretkey: "{{ opentofu.scaleway_service_keys.linkwarden.secret_key }}"
+linkwarden_s3_accesskey: "{{ opentofu.scaleway_data.linkwarden.access_key }}"
+linkwarden_s3_secretkey: "{{ opentofu.scaleway_data.linkwarden.secret_key }}"

 linkwarden_svc:
  domain: bookmarks.serguzim.me
@ -21,9 +21,9 @@ linkwarden_env:

  SPACES_KEY: "{{ linkwarden_s3_accesskey }}"
  SPACES_SECRET: "{{ linkwarden_s3_secretkey }}"
-  SPACES_ENDPOINT: "{{ opentofu.scaleway_service_buckets.linkwarden.api_endpoint }}"
-  SPACES_BUCKET_NAME: "{{ opentofu.scaleway_service_buckets.linkwarden.name }}"
-  SPACES_REGION: "{{ opentofu.scaleway_service_buckets.linkwarden.region }}"
+  SPACES_ENDPOINT: "{{ opentofu.scaleway_data.linkwarden.api_endpoint }}"
+  SPACES_BUCKET_NAME: "{{ opentofu.scaleway_data.linkwarden.name }}"
+  SPACES_REGION: "{{ opentofu.scaleway_data.linkwarden.region }}"
  SPACES_FORCE_PATH_STYLE: false

  NEXT_PUBLIC_DISABLE_REGISTRATION: true
--- a/scaleway.tf
+++ b/scaleway.tf
@ -11,17 +11,13 @@ data "scaleway_iam_user" "serguzim" {
  email = "tobias@msrg.cc"
 }

-locals {
-  service_buckets = {for key, val in var.services : key => val if val.bucket}
-}
-
 resource "scaleway_iam_application" "service_applications" {
-  for_each = local.service_buckets
+  for_each = local.services_s3
  name = each.value.name
 }

 resource "scaleway_iam_policy" "service_storage_policies" {
-  for_each = local.service_buckets
+  for_each = local.services_s3
  name = "${each.key}_storage_policy"
  application_id = scaleway_iam_application.service_applications[each.key].id
  rule {
@ -31,7 +27,7 @@ resource "scaleway_iam_policy" "service_storage_policies" {
 }

 resource "scaleway_object_bucket" "service_buckets" {
-  for_each = local.service_buckets
+  for_each = local.services_s3
  name = "${each.value.name}.serguzim.me"
  lifecycle {
   prevent_destroy = true
@ -39,7 +35,7 @@ resource "scaleway_object_bucket" "service_buckets" {
 }

 resource "scaleway_object_bucket_policy" "service_bucket_policies" {
-  for_each = local.service_buckets
+  for_each = local.services_s3
  bucket = scaleway_object_bucket.service_buckets[each.key].id
  policy = jsonencode({
    Version = "2023-04-17",
@ -78,7 +74,7 @@ resource "time_rotating" "rotate_after_a_year" {
 }

 resource "scaleway_iam_api_key" "service_keys" {
-  for_each       = local.service_buckets
+  for_each       = local.services_s3
  description    = "Service key for ${each.key}"
  application_id = scaleway_iam_application.service_applications[each.key].id
  expires_at     = time_rotating.rotate_after_a_year.rotation_rfc3339
--- a/services.auto.tfvars
+++ b/services.auto.tfvars
@ -3,7 +3,7 @@ services = {
    name = "acme_dns"
    subdomain = "acme"
    auth = false
-    bucket = false
+    s3 = false
    database = true
  },
  "forgejo" = {
@ -11,35 +11,36 @@ services = {
    subdomain = "git"
    auth = true
    auth_redirects = ["https://git.serguzim.me/user/oauth2/auth.serguzim.me/callback"]
-    bucket = true
+    s3 = true
    database = true
  },
  "linkwarden" = {
    name = "linkwarden"
    subdomain = "bookmarks"
    auth = true
-    bucket = true
+    auth_redirects = ["https://bookmarks.serguzim.me/api/v1/auth/callback/authentik"]
+    s3 = true
    database = true
  },
  "tinytinyrss" = {
    name = "tinytinyrss"
    subdomain = "rss"
    auth = false
-    bucket = false
+    s3 = false
    database = true
  },
  "umami" = {
    name = "umami"
    subdomain = "analytics"
    auth = false
-    bucket = false
+    s3 = false
    database = true
  },
  "wiki_js" = {
    name = "wiki_js"
    subdomain = "wiki"
    auth = true
-    bucket = false
+    s3 = false
    database = true
  },
 }
--- a/variables.tf
+++ b/variables.tf
@ -107,7 +107,7 @@ variable "services" {
    subdomain = string
    auth = bool
    auth_redirects = optional(list(string))
-    bucket = bool
+    s3 = bool
    database = bool
  }))
 }