serguzim/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactor s3 in opentofu to allow internal/external provider selection

Browse source
This commit is contained in:
Tobias Reisinger 2025-06-08 01:23:40 +02:00
parent 9af19f51fa
commit b336d01858
Signed by: serguzim
GPG key ID: 13AD60C237A28DFE
4 changed files with 5 additions and 42 deletions

4
modules/infrastructure/main.tf
View file

@ -29,9 +29,7 @@ terraform {
locals {
services_auth = {for key, val in var.services : key => val if val.auth}
services_database = {for key, val in var.services : key => val if val.database}
services_s3 = {for key, val in var.services : key => (val.s3_buckets != null) ? val.s3_buckets : [key] if val.s3}
services_s3 = {for key, val in var.services : key => (val.s3_buckets != null) ? val.s3_buckets : [key] if (val.s3 == "external")}
buckets_s3 = merge([for key, val in local.services_s3 : {for bucket in val : bucket => key}]...)
hetzner_hosts = {for key, val in var.hosts : key => val if val.provider == "hetzner"}

2
modules/infrastructure/variables.tf
View file

@ -35,7 +35,7 @@ variable "services" {
auth = bool
auth_cert = optional(string)
auth_redirects = optional(list(string))
s3 = bool
s3 = optional(string)
s3_buckets = optional(list(string))
database = bool
}))

39
services.auto.tfvars
View file

@ -32,7 +32,6 @@ services = {
]
auth = false
database = true
s3 = false
},
"authentik" = {
@ -47,7 +46,6 @@ services = {
certificates = ["auth.serguzim.me"]
auth = false
database = true
s3 = false
mail = "auth"
},
@ -55,7 +53,6 @@ services = {
host = "*"
auth = false
database = false
s3 = false
},
"briefing" = {
@ -69,7 +66,6 @@ services = {
}
auth = false
database = false
s3 = false
}
"caddy" = {
@ -96,7 +92,6 @@ services = {
]
auth = false
database = false
s3 = false
},
"deploy" = {
@ -111,7 +106,6 @@ services = {
}
auth = false
database = false
s3 = false
}
"dokku" = {
@ -154,14 +148,12 @@ services = {
]
auth = false
database = false
s3 = false
},
"extra_services" = {
host = "node001"
auth = false
database = false
s3 = false
},
#"factorio" = {
@ -198,7 +190,6 @@ services = {
# ]
# auth = false
# database = false
# s3 = false
#}
"forgejo" = {
@ -229,7 +220,7 @@ services = {
auth = true
auth_redirects = ["https://git.serguzim.me/user/oauth2/auth.serguzim.me/callback"]
database = true
s3 = true
s3 = "external"
mail = "git"
},
@ -237,14 +228,12 @@ services = {
host = "node001"
auth = false
database = false
s3 = false
},
"healthcheck" = {
host = "node001"
auth = false
database = false
s3 = false
},
"gatus" = {
@ -261,7 +250,6 @@ services = {
}]
auth = false
database = false
s3 = false
mail = "status"
},
@ -284,7 +272,6 @@ services = {
}
auth = false
database = false
s3 = false
mail = "inventory"
},
@ -309,7 +296,6 @@ services = {
auth = true
auth_redirects = ["https://gallery.serguzim.me/auth/login"]
database = false
s3 = false
},
"influxdb" = {
@ -334,7 +320,6 @@ services = {
}
auth = false
database = false
s3 = false
},
"jellyfin" = {
@ -362,14 +347,12 @@ services = {
}
auth = false
database = false
s3 = false
},
"lego" = {
host = "*"
auth = false
database = false
s3 = false
},
mailcowdockerized = {
@ -429,7 +412,6 @@ services = {
]
auth = false
database = false
s3 = false
},
"lgtm_stack" = {
@ -460,7 +442,7 @@ services = {
auth = true
auth_redirects = ["https://monitoring.serguzim.me/login/generic_oauth"]
database = true
s3 = true
s3 = "external"
s3_buckets = ["mimir_blocks", "mimir_alertmanager", "mimir_ruler"]
mail = "monitoring"
}
@ -493,7 +475,6 @@ services = {
}]
auth = false
database = false
s3 = false
},
"minio" = {
@ -519,14 +500,12 @@ services = {
auth = true
auth_redirects = ["https://console.s3.serguzim.me/oauth_callback"]
database = false
s3 = false
},
"node_exporter" = {
host = "*"
auth = false
database = false
s3 = false
},
"ntfy" = {
@ -551,7 +530,6 @@ services = {
}
auth = false
database = false
s3 = false
},
"postgresql" = {
@ -574,7 +552,6 @@ services = {
certificates = ["db.serguzim.me"]
auth = false
database = false
s3 = false
},
"reitanlage_oranienburg" = {
@ -598,7 +575,6 @@ services = {
}
auth = false
database = false
s3 = false
},
"shlink" = {
@ -628,7 +604,6 @@ services = {
}
auth = false
database = true
s3 = false
},
"synapse" = {
@ -665,7 +640,6 @@ services = {
auth = true
auth_redirects = ["https://matrix.serguzim.me/_synapse/client/oidc/callback"]
database = true
s3 = false
mail = "matrix"
},
@ -684,7 +658,6 @@ services = {
}
auth = false
database = true
s3 = false
},
"teamspeak_fallback" = {
@ -723,7 +696,6 @@ services = {
]
auth = false
database = false
s3 = false
}
"tinytinyrss" = {
@ -737,7 +709,6 @@ services = {
}
auth = false
database = true
s3 = false
},
"umami" = {
@ -751,7 +722,6 @@ services = {
}
auth = false
database = true
s3 = false
},
"vikunja" = {
@ -773,7 +743,6 @@ services = {
auth = true
auth_redirects = ["https://todo.serguzim.me/auth/openid/authserguzimme"]
database = true
s3 = false
mail = "todo"
},
@ -781,7 +750,6 @@ services = {
host = "*"
auth = false
database = false
s3 = false
mail = "watchtower"
},
@ -796,7 +764,6 @@ services = {
}
auth = false
database = false
s3 = false
},
"wiki_js" = {
@ -810,7 +777,6 @@ services = {
auth = true
auth_redirects = ["https://wiki.serguzim.me/login/f792bc7d-1a25-4437-944e-55eaf0111102/callback"]
database = true
s3 = false
mail = "wiki"
},
@ -836,6 +802,5 @@ services = {
}
auth = false
database = true
s3 = false
}
}

2
variables.tf
View file

@ -156,7 +156,7 @@ variable "services" {
auth = bool
auth_cert = optional(string)
auth_redirects = optional(list(string))
s3 = bool
s3 = optional(string)
s3_buckets = optional(list(string))
database = bool
mail = optional(string)