Move terraform files into modules
This commit is contained in:
parent
4e495dbc51
commit
bae9fe9e0f
14 changed files with 286 additions and 104 deletions
93
main.tf
93
main.tf
|
@ -1,31 +1,4 @@
|
||||||
terraform {
|
terraform {
|
||||||
required_providers {
|
|
||||||
authentik = {
|
|
||||||
source = "goauthentik/authentik"
|
|
||||||
version = "~> 2024.8.0"
|
|
||||||
}
|
|
||||||
hcloud = {
|
|
||||||
source = "hetznercloud/hcloud"
|
|
||||||
version = "~> 1.45.0"
|
|
||||||
}
|
|
||||||
ovh = {
|
|
||||||
source = "ovh/ovh"
|
|
||||||
version = "~> 0.48.0"
|
|
||||||
}
|
|
||||||
postgresql = {
|
|
||||||
source = "cyrilgdn/postgresql"
|
|
||||||
version = "~> 1.23.0"
|
|
||||||
}
|
|
||||||
scaleway = {
|
|
||||||
source = "scaleway/scaleway"
|
|
||||||
version = "~> 2.43.0"
|
|
||||||
}
|
|
||||||
tailscale = {
|
|
||||||
source = "tailscale/tailscale"
|
|
||||||
version = "~> 0.16.0"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
backend "s3" {
|
backend "s3" {
|
||||||
bucket = var.backend_bucket
|
bucket = var.backend_bucket
|
||||||
access_key = var.backend_access_key
|
access_key = var.backend_access_key
|
||||||
|
@ -45,49 +18,39 @@ terraform {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
provider "authentik" {
|
module "services" {
|
||||||
url = "${var.authentik_url}"
|
source = "./modules/services"
|
||||||
token = "${var.authentik_token}"
|
|
||||||
|
authentik_url = "${var.authentik_url}"
|
||||||
|
authentik_token = "${var.authentik_token}"
|
||||||
|
|
||||||
|
postgresql_host = "${var.postgresql_host}"
|
||||||
|
postgresql_port = "${var.postgresql_port}"
|
||||||
|
postgresql_username = "${var.postgresql_username}"
|
||||||
|
postgresql_password = "${var.postgresql_password}"
|
||||||
|
|
||||||
|
services = var.services
|
||||||
}
|
}
|
||||||
|
|
||||||
provider "hcloud" {
|
module "infrastructure" {
|
||||||
token = "${var.hcloud_token}"
|
source = "./modules/infrastructure"
|
||||||
}
|
|
||||||
|
|
||||||
provider "ovh" {
|
hcloud_token = "${var.hcloud_token}"
|
||||||
endpoint = "ovh-eu"
|
|
||||||
application_key = "${var.ovh_application_key}"
|
|
||||||
application_secret = "${var.ovh_application_secret}"
|
|
||||||
consumer_key = "${var.ovh_consumer_key}"
|
|
||||||
}
|
|
||||||
|
|
||||||
provider "postgresql" {
|
ovh_application_key = "${var.ovh_application_key}"
|
||||||
host = "${var.postgresql_host}"
|
ovh_application_secret = "${var.ovh_application_secret}"
|
||||||
port = "${var.postgresql_port}"
|
ovh_consumer_key = "${var.ovh_consumer_key}"
|
||||||
database = "postgres"
|
|
||||||
username = "${var.postgresql_username}"
|
|
||||||
password = "${var.postgresql_password}"
|
|
||||||
sslmode = "verify-full"
|
|
||||||
connect_timeout = 15
|
|
||||||
}
|
|
||||||
|
|
||||||
provider "scaleway" {
|
scaleway_access_key = "${var.scaleway_access_key}"
|
||||||
organization_id = "${var.scaleway_organization_id}"
|
scaleway_secret_key = "${var.scaleway_secret_key}"
|
||||||
project_id = "${var.scaleway_project_id}"
|
scaleway_project_id = "${var.scaleway_project_id}"
|
||||||
access_key = "${var.scaleway_access_key}"
|
scaleway_organization_id = "${var.scaleway_organization_id}"
|
||||||
secret_key = "${var.scaleway_secret_key}"
|
|
||||||
region = "nl-ams"
|
|
||||||
zone = "nl-ams-1"
|
|
||||||
}
|
|
||||||
|
|
||||||
provider "tailscale" {
|
tailscale_api_key = "${var.tailscale_api_key}"
|
||||||
api_key = "${var.tailscale_api_key}"
|
tailscale_tailnet = "${var.tailscale_tailnet}"
|
||||||
tailnet = "${var.tailscale_tailnet}"
|
|
||||||
}
|
|
||||||
|
|
||||||
locals {
|
default_ssh_key = "${var.default_ssh_key}"
|
||||||
services_auth = {for key, val in var.services : key => val if val.auth}
|
|
||||||
services_database = {for key, val in var.services : key => val if val.database}
|
|
||||||
services_s3 = {for key, val in var.services : key => val if val.s3}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
hosts = var.hosts
|
||||||
|
services = var.services
|
||||||
|
}
|
||||||
|
|
53
modules/infrastructure/main.tf
Normal file
53
modules/infrastructure/main.tf
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
terraform {
|
||||||
|
required_providers {
|
||||||
|
hcloud = {
|
||||||
|
source = "hetznercloud/hcloud"
|
||||||
|
version = "~> 1.45.0"
|
||||||
|
}
|
||||||
|
ovh = {
|
||||||
|
source = "ovh/ovh"
|
||||||
|
version = "~> 0.48.0"
|
||||||
|
}
|
||||||
|
scaleway = {
|
||||||
|
source = "scaleway/scaleway"
|
||||||
|
version = "~> 2.43.0"
|
||||||
|
}
|
||||||
|
tailscale = {
|
||||||
|
source = "tailscale/tailscale"
|
||||||
|
version = "~> 0.16.0"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
provider "hcloud" {
|
||||||
|
token = "${var.hcloud_token}"
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "ovh" {
|
||||||
|
endpoint = "ovh-eu"
|
||||||
|
application_key = "${var.ovh_application_key}"
|
||||||
|
application_secret = "${var.ovh_application_secret}"
|
||||||
|
consumer_key = "${var.ovh_consumer_key}"
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "scaleway" {
|
||||||
|
organization_id = "${var.scaleway_organization_id}"
|
||||||
|
project_id = "${var.scaleway_project_id}"
|
||||||
|
access_key = "${var.scaleway_access_key}"
|
||||||
|
secret_key = "${var.scaleway_secret_key}"
|
||||||
|
region = "nl-ams"
|
||||||
|
zone = "nl-ams-1"
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "tailscale" {
|
||||||
|
api_key = "${var.tailscale_api_key}"
|
||||||
|
tailnet = "${var.tailscale_tailnet}"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
locals {
|
||||||
|
services_auth = {for key, val in var.services : key => val if val.auth}
|
||||||
|
services_database = {for key, val in var.services : key => val if val.database}
|
||||||
|
services_s3 = {for key, val in var.services : key => val if val.s3}
|
||||||
|
}
|
37
modules/infrastructure/output.tf
Normal file
37
modules/infrastructure/output.tf
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
output "hosts" {
|
||||||
|
value = {
|
||||||
|
for subdomain in distinct([for record in ovh_domain_zone_record.server_records : record.subdomain]) :
|
||||||
|
subdomain => {
|
||||||
|
"ipv4_address" = try(
|
||||||
|
ovh_domain_zone_record.server_records["${subdomain}:ipv4"].target,
|
||||||
|
null
|
||||||
|
)
|
||||||
|
"ipv6_address" = try(
|
||||||
|
ovh_domain_zone_record.server_records["${subdomain}:ipv6"].target,
|
||||||
|
null
|
||||||
|
)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
output "scaleway_data" {
|
||||||
|
value = {
|
||||||
|
for key in keys(scaleway_iam_application.service_applications) : key => {
|
||||||
|
"access_key" = scaleway_iam_api_key.service_keys[key].access_key
|
||||||
|
"secret_key" = scaleway_iam_api_key.service_keys[key].secret_key
|
||||||
|
"name" = scaleway_object_bucket.service_buckets[key].name
|
||||||
|
"region" = scaleway_object_bucket.service_buckets[key].region
|
||||||
|
"endpoint" = scaleway_object_bucket.service_buckets[key].endpoint
|
||||||
|
"api_endpoint" = scaleway_object_bucket.service_buckets[key].api_endpoint
|
||||||
|
}
|
||||||
|
}
|
||||||
|
sensitive = true
|
||||||
|
}
|
||||||
|
|
||||||
|
output "scaleway_registry_endpoint_public" {
|
||||||
|
value = scaleway_registry_namespace.public.endpoint
|
||||||
|
}
|
||||||
|
|
||||||
|
output "scaleway_registry_endpoint_private" {
|
||||||
|
value = scaleway_registry_namespace.private.endpoint
|
||||||
|
}
|
75
modules/infrastructure/variables.tf
Normal file
75
modules/infrastructure/variables.tf
Normal file
|
@ -0,0 +1,75 @@
|
||||||
|
variable "hcloud_token" {
|
||||||
|
sensitive = true
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
variable "ovh_application_key" {
|
||||||
|
sensitive = true
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "ovh_application_secret" {
|
||||||
|
sensitive = true
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "ovh_consumer_key" {
|
||||||
|
sensitive = true
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
variable "scaleway_organization_id" {
|
||||||
|
sensitive = true
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "scaleway_project_id" {
|
||||||
|
sensitive = true
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "scaleway_access_key" {
|
||||||
|
sensitive = true
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "scaleway_secret_key" {
|
||||||
|
sensitive = true
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
variable "tailscale_api_key" {
|
||||||
|
sensitive = true
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "tailscale_tailnet" {
|
||||||
|
sensitive = false
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
variable "default_ssh_key" {
|
||||||
|
type = object({
|
||||||
|
name = string
|
||||||
|
public_key = string
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
variable "services" {
|
||||||
|
type = map(object({
|
||||||
|
name = string
|
||||||
|
subdomain = string
|
||||||
|
auth = bool
|
||||||
|
auth_redirects = optional(list(string))
|
||||||
|
s3 = bool
|
||||||
|
database = bool
|
||||||
|
}))
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "hosts" {
|
||||||
|
type = map(object({
|
||||||
|
hostname = string
|
||||||
|
rdns = string
|
||||||
|
provider = string
|
||||||
|
ipv4_address = optional(string)
|
||||||
|
ipv6_address = optional(string)
|
||||||
|
image = optional(string)
|
||||||
|
server_type = optional(string)
|
||||||
|
datacenter = optional(string)
|
||||||
|
}))
|
||||||
|
}
|
33
modules/services/main.tf
Normal file
33
modules/services/main.tf
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
terraform {
|
||||||
|
required_providers {
|
||||||
|
authentik = {
|
||||||
|
source = "goauthentik/authentik"
|
||||||
|
version = "~> 2024.8.0"
|
||||||
|
}
|
||||||
|
postgresql = {
|
||||||
|
source = "cyrilgdn/postgresql"
|
||||||
|
version = "~> 1.23.0"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "authentik" {
|
||||||
|
url = "${var.authentik_url}"
|
||||||
|
token = "${var.authentik_token}"
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "postgresql" {
|
||||||
|
host = "${var.postgresql_host}"
|
||||||
|
port = "${var.postgresql_port}"
|
||||||
|
database = "postgres"
|
||||||
|
username = "${var.postgresql_username}"
|
||||||
|
password = "${var.postgresql_password}"
|
||||||
|
sslmode = "verify-full"
|
||||||
|
connect_timeout = 15
|
||||||
|
}
|
||||||
|
|
||||||
|
locals {
|
||||||
|
services_auth = {for key, val in var.services : key => val if val.auth}
|
||||||
|
services_database = {for key, val in var.services : key => val if val.database}
|
||||||
|
services_s3 = {for key, val in var.services : key => val if val.s3}
|
||||||
|
}
|
21
modules/services/output.tf
Normal file
21
modules/services/output.tf
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
output "authentik_data" {
|
||||||
|
value = {
|
||||||
|
for key in keys(authentik_application.service_applications) : key => {
|
||||||
|
"base_url" = "${var.authentik_url}/application/o/${authentik_application.service_applications[key].slug}/"
|
||||||
|
"client_id" = authentik_provider_oauth2.service_providers[key].client_id
|
||||||
|
"client_secret" = authentik_provider_oauth2.service_providers[key].client_secret
|
||||||
|
}
|
||||||
|
}
|
||||||
|
sensitive = true
|
||||||
|
}
|
||||||
|
|
||||||
|
output "postgresql_data" {
|
||||||
|
value = {
|
||||||
|
for key in keys(postgresql_database.service_databases) : key => {
|
||||||
|
"user" = postgresql_role.service_roles[key].name
|
||||||
|
"pass" = postgresql_role.service_roles[key].password
|
||||||
|
"database" = postgresql_database.service_databases[key].name
|
||||||
|
}
|
||||||
|
}
|
||||||
|
sensitive = true
|
||||||
|
}
|
33
modules/services/variables.tf
Normal file
33
modules/services/variables.tf
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
variable "authentik_url" {
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "authentik_token" {
|
||||||
|
sensitive = true
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
variable "postgresql_host" {
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "postgresql_port" {
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "postgresql_username" {
|
||||||
|
sensitive = true
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "postgresql_password" {
|
||||||
|
sensitive = true
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
variable "services" {
|
||||||
|
type = map(object({
|
||||||
|
name = string
|
||||||
|
subdomain = string
|
||||||
|
auth = bool
|
||||||
|
auth_redirects = optional(list(string))
|
||||||
|
s3 = bool
|
||||||
|
database = bool
|
||||||
|
}))
|
||||||
|
}
|
45
output.tf
45
output.tf
|
@ -1,38 +1,14 @@
|
||||||
output "hosts" {
|
output "hosts" {
|
||||||
value = {
|
value = module.infrastructure.hosts
|
||||||
for subdomain in distinct([for record in ovh_domain_zone_record.server_records : record.subdomain]) :
|
|
||||||
subdomain => {
|
|
||||||
"ipv4_address" = try(
|
|
||||||
ovh_domain_zone_record.server_records["${subdomain}:ipv4"].target,
|
|
||||||
null
|
|
||||||
)
|
|
||||||
"ipv6_address" = try(
|
|
||||||
ovh_domain_zone_record.server_records["${subdomain}:ipv6"].target,
|
|
||||||
null
|
|
||||||
)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
output "authentik_data" {
|
output "authentik_data" {
|
||||||
value = {
|
value = module.services.authentik_data
|
||||||
for key in keys(authentik_application.service_applications) : key => {
|
|
||||||
"base_url" = "${var.authentik_url}/application/o/${authentik_application.service_applications[key].slug}/"
|
|
||||||
"client_id" = authentik_provider_oauth2.service_providers[key].client_id
|
|
||||||
"client_secret" = authentik_provider_oauth2.service_providers[key].client_secret
|
|
||||||
}
|
|
||||||
}
|
|
||||||
sensitive = true
|
sensitive = true
|
||||||
}
|
}
|
||||||
|
|
||||||
output "postgresql_data" {
|
output "postgresql_data" {
|
||||||
value = {
|
value = module.services.postgresql_data
|
||||||
for key in keys(postgresql_database.service_databases) : key => {
|
|
||||||
"user" = postgresql_role.service_roles[key].name
|
|
||||||
"pass" = postgresql_role.service_roles[key].password
|
|
||||||
"database" = postgresql_database.service_databases[key].name
|
|
||||||
}
|
|
||||||
}
|
|
||||||
sensitive = true
|
sensitive = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -44,23 +20,14 @@ output "postgresql" {
|
||||||
}
|
}
|
||||||
|
|
||||||
output "scaleway_data" {
|
output "scaleway_data" {
|
||||||
value = {
|
value = module.infrastructure.scaleway_data
|
||||||
for key in keys(scaleway_iam_application.service_applications) : key => {
|
|
||||||
"access_key" = scaleway_iam_api_key.service_keys[key].access_key
|
|
||||||
"secret_key" = scaleway_iam_api_key.service_keys[key].secret_key
|
|
||||||
"name" = scaleway_object_bucket.service_buckets[key].name
|
|
||||||
"region" = scaleway_object_bucket.service_buckets[key].region
|
|
||||||
"endpoint" = scaleway_object_bucket.service_buckets[key].endpoint
|
|
||||||
"api_endpoint" = scaleway_object_bucket.service_buckets[key].api_endpoint
|
|
||||||
}
|
|
||||||
}
|
|
||||||
sensitive = true
|
sensitive = true
|
||||||
}
|
}
|
||||||
|
|
||||||
output "scaleway_registry_endpoint_public" {
|
output "scaleway_registry_endpoint_public" {
|
||||||
value = scaleway_registry_namespace.public.endpoint
|
value = module.infrastructure.scaleway_registry_endpoint_public
|
||||||
}
|
}
|
||||||
|
|
||||||
output "scaleway_registry_endpoint_private" {
|
output "scaleway_registry_endpoint_private" {
|
||||||
value = scaleway_registry_namespace.private.endpoint
|
value = module.infrastructure.scaleway_registry_endpoint_private
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue