Refactor output
This commit is contained in:
parent
01ee9d4b44
commit
8ad3a4a041
9 changed files with 52 additions and 47 deletions
|
@ -11,7 +11,7 @@ data "authentik_property_mapping_provider_scope" "default_scopes" {
|
|||
}
|
||||
|
||||
resource "authentik_provider_oauth2" "service_providers" {
|
||||
for_each = local.service_auths
|
||||
for_each = local.services_auth
|
||||
name = each.value.name
|
||||
client_type = "confidential"
|
||||
client_id = each.value.name
|
||||
|
@ -21,7 +21,7 @@ resource "authentik_provider_oauth2" "service_providers" {
|
|||
}
|
||||
|
||||
resource "authentik_application" "service_applications" {
|
||||
for_each = local.service_auths
|
||||
for_each = local.services_auth
|
||||
name = each.value.name
|
||||
slug = "${each.value.subdomain}-serguzim-me"
|
||||
protocol_provider = authentik_provider_oauth2.service_providers[each.key].id
|
||||
|
|
4
main.tf
4
main.tf
|
@ -86,6 +86,8 @@ provider "tailscale" {
|
|||
}
|
||||
|
||||
locals {
|
||||
service_auths = {for key, val in var.services : key => val if val.auth}
|
||||
services_auth = {for key, val in var.services : key => val if val.auth}
|
||||
services_database = {for key, val in var.services : key => val if val.database}
|
||||
services_s3 = {for key, val in var.services : key => val if val.s3}
|
||||
}
|
||||
|
||||
|
|
29
output.tf
29
output.tf
|
@ -16,7 +16,7 @@ output "hosts" {
|
|||
|
||||
output "authentik_data" {
|
||||
value = {
|
||||
for key, val in local.service_auths : key => {
|
||||
for key, val in local.services_auth : key => {
|
||||
"base_url" = "${var.authentik_url}/application/o/${authentik_application.service_applications[key].slug}"
|
||||
"client_id" = authentik_provider_oauth2.service_providers[key].client_id
|
||||
"client_secret" = authentik_provider_oauth2.service_providers[key].client_secret
|
||||
|
@ -25,8 +25,14 @@ output "authentik_data" {
|
|||
sensitive = true
|
||||
}
|
||||
|
||||
output "postgresql_service_roles" {
|
||||
value = postgresql_role.service_roles
|
||||
output "postgresql_data" {
|
||||
value = {
|
||||
for key, val in local.services_auth : key => {
|
||||
"user" = postgresql_role.service_roles[key].name
|
||||
"pass" = postgresql_role.service_roles[key].password
|
||||
"database" = postgresql_database.service_databases[key].name
|
||||
}
|
||||
}
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
|
@ -37,15 +43,20 @@ output "postgresql" {
|
|||
}
|
||||
}
|
||||
|
||||
output "scaleway_service_keys" {
|
||||
value = scaleway_iam_api_key.service_keys
|
||||
output "scaleway_data" {
|
||||
value = {
|
||||
for key, val in local.services_s3 : key => {
|
||||
"access_key" = scaleway_iam_api_key.service_keys[key].access_key
|
||||
"secret_key" = scaleway_iam_api_key.service_keys[key].secret_key
|
||||
"name" = scaleway_object_bucket.service_buckets[key].name
|
||||
"region" = scaleway_object_bucket.service_buckets[key].region
|
||||
"endpoint" = scaleway_object_bucket.service_buckets[key].endpoint
|
||||
"api_endpoint" = scaleway_object_bucket.service_buckets[key].api_endpoint
|
||||
}
|
||||
}
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
output "scaleway_service_buckets" {
|
||||
value = scaleway_object_bucket.service_buckets
|
||||
}
|
||||
|
||||
output "scaleway_registry_endpoint_public" {
|
||||
value = scaleway_registry_namespace.public.endpoint
|
||||
}
|
||||
|
|
|
@ -1,23 +1,18 @@
|
|||
locals {
|
||||
service_databases = {for key, val in var.services : key => val if val.database}
|
||||
}
|
||||
|
||||
|
||||
resource "random_password" "postgresql_service_passwords" {
|
||||
for_each = local.service_databases
|
||||
for_each = local.services_database
|
||||
length = 32
|
||||
special = false
|
||||
}
|
||||
|
||||
resource "postgresql_role" "service_roles" {
|
||||
for_each = local.service_databases
|
||||
for_each = local.services_database
|
||||
name = each.value.name
|
||||
login = true
|
||||
password = random_password.postgresql_service_passwords[each.key].result
|
||||
}
|
||||
|
||||
resource "postgresql_database" "service_databases" {
|
||||
for_each = local.service_databases
|
||||
for_each = local.services_database
|
||||
name = each.value.name
|
||||
owner = postgresql_role.service_roles[each.key].name
|
||||
}
|
||||
|
|
|
@ -71,11 +71,11 @@ forgejo_env:
|
|||
FORGEJO__actions__ENABLED: true
|
||||
|
||||
FORGEJO__storage__STORAGE_TYPE: minio
|
||||
FORGEJO__storage__MINIO_ENDPOINT: "{{ opentofu.scaleway_service_buckets.forgejo.api_endpoint | urlsplit('hostname') }}"
|
||||
FORGEJO__storage__MINIO_ACCESS_KEY_ID: "{{ opentofu.scaleway_service_keys.forgejo.access_key }}"
|
||||
FORGEJO__storage__MINIO_SECRET_ACCESS_KEY: "{{ opentofu.scaleway_service_keys.forgejo.secret_key }}"
|
||||
FORGEJO__storage__MINIO_BUCKET: "{{ opentofu.scaleway_service_buckets.forgejo.name }}"
|
||||
FORGEJO__storage__MINIO_LOCATION: "{{ opentofu.scaleway_service_buckets.forgejo.region }}"
|
||||
FORGEJO__storage__MINIO_ENDPOINT: "{{ opentofu.scaleway_data.forgejo.api_endpoint | urlsplit('hostname') }}"
|
||||
FORGEJO__storage__MINIO_ACCESS_KEY_ID: "{{ opentofu.scaleway_data.forgejo.access_key }}"
|
||||
FORGEJO__storage__MINIO_SECRET_ACCESS_KEY: "{{ opentofu.scaleway_data.forgejo.secret_key }}"
|
||||
FORGEJO__storage__MINIO_BUCKET: "{{ opentofu.scaleway_data.forgejo.name }}"
|
||||
FORGEJO__storage__MINIO_LOCATION: "{{ opentofu.scaleway_data.forgejo.region }}"
|
||||
FORGEJO__storage__MINIO_USE_SSL: true
|
||||
|
||||
FORGEJO__other__SHOW_FOOTER_VERSION: true
|
||||
|
|
|
@ -6,8 +6,8 @@ linkwarden_db_user: "{{ opentofu.postgresql_service_roles.linkwarden.name }}"
|
|||
linkwarden_db_pass: "{{ opentofu.postgresql_service_roles.linkwarden.password }}"
|
||||
linkwarden_db_database: linkwarden
|
||||
|
||||
linkwarden_s3_accesskey: "{{ opentofu.scaleway_service_keys.linkwarden.access_key }}"
|
||||
linkwarden_s3_secretkey: "{{ opentofu.scaleway_service_keys.linkwarden.secret_key }}"
|
||||
linkwarden_s3_accesskey: "{{ opentofu.scaleway_data.linkwarden.access_key }}"
|
||||
linkwarden_s3_secretkey: "{{ opentofu.scaleway_data.linkwarden.secret_key }}"
|
||||
|
||||
linkwarden_svc:
|
||||
domain: bookmarks.serguzim.me
|
||||
|
@ -21,9 +21,9 @@ linkwarden_env:
|
|||
|
||||
SPACES_KEY: "{{ linkwarden_s3_accesskey }}"
|
||||
SPACES_SECRET: "{{ linkwarden_s3_secretkey }}"
|
||||
SPACES_ENDPOINT: "{{ opentofu.scaleway_service_buckets.linkwarden.api_endpoint }}"
|
||||
SPACES_BUCKET_NAME: "{{ opentofu.scaleway_service_buckets.linkwarden.name }}"
|
||||
SPACES_REGION: "{{ opentofu.scaleway_service_buckets.linkwarden.region }}"
|
||||
SPACES_ENDPOINT: "{{ opentofu.scaleway_data.linkwarden.api_endpoint }}"
|
||||
SPACES_BUCKET_NAME: "{{ opentofu.scaleway_data.linkwarden.name }}"
|
||||
SPACES_REGION: "{{ opentofu.scaleway_data.linkwarden.region }}"
|
||||
SPACES_FORCE_PATH_STYLE: false
|
||||
|
||||
NEXT_PUBLIC_DISABLE_REGISTRATION: true
|
||||
|
|
14
scaleway.tf
14
scaleway.tf
|
@ -11,17 +11,13 @@ data "scaleway_iam_user" "serguzim" {
|
|||
email = "tobias@msrg.cc"
|
||||
}
|
||||
|
||||
locals {
|
||||
service_buckets = {for key, val in var.services : key => val if val.bucket}
|
||||
}
|
||||
|
||||
resource "scaleway_iam_application" "service_applications" {
|
||||
for_each = local.service_buckets
|
||||
for_each = local.services_s3
|
||||
name = each.value.name
|
||||
}
|
||||
|
||||
resource "scaleway_iam_policy" "service_storage_policies" {
|
||||
for_each = local.service_buckets
|
||||
for_each = local.services_s3
|
||||
name = "${each.key}_storage_policy"
|
||||
application_id = scaleway_iam_application.service_applications[each.key].id
|
||||
rule {
|
||||
|
@ -31,7 +27,7 @@ resource "scaleway_iam_policy" "service_storage_policies" {
|
|||
}
|
||||
|
||||
resource "scaleway_object_bucket" "service_buckets" {
|
||||
for_each = local.service_buckets
|
||||
for_each = local.services_s3
|
||||
name = "${each.value.name}.serguzim.me"
|
||||
lifecycle {
|
||||
prevent_destroy = true
|
||||
|
@ -39,7 +35,7 @@ resource "scaleway_object_bucket" "service_buckets" {
|
|||
}
|
||||
|
||||
resource "scaleway_object_bucket_policy" "service_bucket_policies" {
|
||||
for_each = local.service_buckets
|
||||
for_each = local.services_s3
|
||||
bucket = scaleway_object_bucket.service_buckets[each.key].id
|
||||
policy = jsonencode({
|
||||
Version = "2023-04-17",
|
||||
|
@ -78,7 +74,7 @@ resource "time_rotating" "rotate_after_a_year" {
|
|||
}
|
||||
|
||||
resource "scaleway_iam_api_key" "service_keys" {
|
||||
for_each = local.service_buckets
|
||||
for_each = local.services_s3
|
||||
description = "Service key for ${each.key}"
|
||||
application_id = scaleway_iam_application.service_applications[each.key].id
|
||||
expires_at = time_rotating.rotate_after_a_year.rotation_rfc3339
|
||||
|
|
|
@ -3,7 +3,7 @@ services = {
|
|||
name = "acme_dns"
|
||||
subdomain = "acme"
|
||||
auth = false
|
||||
bucket = false
|
||||
s3 = false
|
||||
database = true
|
||||
},
|
||||
"forgejo" = {
|
||||
|
@ -11,35 +11,36 @@ services = {
|
|||
subdomain = "git"
|
||||
auth = true
|
||||
auth_redirects = ["https://git.serguzim.me/user/oauth2/auth.serguzim.me/callback"]
|
||||
bucket = true
|
||||
s3 = true
|
||||
database = true
|
||||
},
|
||||
"linkwarden" = {
|
||||
name = "linkwarden"
|
||||
subdomain = "bookmarks"
|
||||
auth = true
|
||||
bucket = true
|
||||
auth_redirects = ["https://bookmarks.serguzim.me/api/v1/auth/callback/authentik"]
|
||||
s3 = true
|
||||
database = true
|
||||
},
|
||||
"tinytinyrss" = {
|
||||
name = "tinytinyrss"
|
||||
subdomain = "rss"
|
||||
auth = false
|
||||
bucket = false
|
||||
s3 = false
|
||||
database = true
|
||||
},
|
||||
"umami" = {
|
||||
name = "umami"
|
||||
subdomain = "analytics"
|
||||
auth = false
|
||||
bucket = false
|
||||
s3 = false
|
||||
database = true
|
||||
},
|
||||
"wiki_js" = {
|
||||
name = "wiki_js"
|
||||
subdomain = "wiki"
|
||||
auth = true
|
||||
bucket = false
|
||||
s3 = false
|
||||
database = true
|
||||
},
|
||||
}
|
||||
|
|
|
@ -107,7 +107,7 @@ variable "services" {
|
|||
subdomain = string
|
||||
auth = bool
|
||||
auth_redirects = optional(list(string))
|
||||
bucket = bool
|
||||
s3 = bool
|
||||
database = bool
|
||||
}))
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue