94 lines
3.3 KiB
HCL
94 lines
3.3 KiB
HCL
data "scaleway_account_project" "project" {
|
|
project_id = "${var.scaleway_project_id}"
|
|
}
|
|
|
|
resource "scaleway_account_ssh_key" "openpgp_0xAB920993" {
|
|
name = "openpgp:0xAB920993"
|
|
public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCkmWZmum4cVeDy5+9N1HdUzfnjEHSJ900ucD8F0wAy4MV1cdPYnZ4u5PFv5XMfmvA9SJ+VFsr0lhYlr+GQBG9aCCAdMJVVmEz3SccT6dp6ZYywT158RNshzfCe9ylWKK80+W7XnDXhdkec7aK+BQn5wOER3A3mUqRR0JDXWga9jyakH1K6OwXmQOO419bJWs2uCT1ZEgndHxKJEt2pEvoSz7z8p1SS2zyro+R3YtvL9WiDo3+0yPFYficNDr7s39yF5IJE+KTqAlCn5R2+kJ54lRmzB8oNS2jGwK2Q6wtph4AmfnlJTMODG2U2RjUltH2MIDXIYe2epATWL8qhkI4LTr38C7QR3DeJQsel/yTWdYqGakvU6Ge/xkbsaWOrSDTV3bPgKHzlL+dIKaGpV+5usZN4fpOLOb/nmYy3ekLpobzxza7rBRT2CxXS72DoPFaRE1ye7SxhcsLBNwre9YQFE4VvUZwJYkWz2V7eqGrk8VYnmQmT/bnUnMnVwMpeDc7pFKAFndIUxifoOj77c98Tdy3ncdS7SOd7+zRbLG+7k0UU1k89o1+tfREAddUJYR4RvB6g0kCyjpwOf1Pt4zhJR3y/zpsCCc5UnzK9X2kEo/8TSyvTr+GBiFVp5yLYgwCPJSNna33YX7+c3oLRM1QGgtqZk9qnGX9hgP8qpF8Akw== openpgp:0xAB920993"
|
|
}
|
|
|
|
data "scaleway_iam_user" "serguzim" {
|
|
email = "tobias@msrg.cc"
|
|
}
|
|
|
|
resource "scaleway_iam_application" "service_applications" {
|
|
for_each = var.service_buckets
|
|
name = each.value.name
|
|
}
|
|
|
|
resource "scaleway_iam_policy" "service_storage_policies" {
|
|
for_each = var.service_buckets
|
|
name = "${each.key}_storage_policy"
|
|
application_id = scaleway_iam_application.service_applications[each.key].id
|
|
rule {
|
|
project_ids = [data.scaleway_account_project.project.id]
|
|
permission_set_names = ["ObjectStorageFullAccess"]
|
|
}
|
|
}
|
|
|
|
resource "scaleway_object_bucket" "service_buckets" {
|
|
for_each = var.service_buckets
|
|
name = "${each.value.name}.serguzim.me"
|
|
lifecycle {
|
|
prevent_destroy = true
|
|
}
|
|
}
|
|
|
|
resource "scaleway_object_bucket_policy" "service_bucket_policies" {
|
|
for_each = var.service_buckets
|
|
bucket = scaleway_object_bucket.service_buckets[each.key].id
|
|
policy = jsonencode({
|
|
Version = "2023-04-17",
|
|
Id = "${each.key}_bucket_policy",
|
|
Statement = [
|
|
{
|
|
Sid = "Scaleway secure statement"
|
|
Effect = "Allow"
|
|
Action = "*"
|
|
Principal = {
|
|
SCW = "user_id:${data.scaleway_iam_user.serguzim.id}"
|
|
}
|
|
Resource = [
|
|
"${scaleway_object_bucket.service_buckets[each.key].name}",
|
|
"${scaleway_object_bucket.service_buckets[each.key].name}/*",
|
|
]
|
|
},
|
|
{
|
|
Sid = "${each.key} statement"
|
|
Effect = "Allow"
|
|
Action = "*"
|
|
Principal = {
|
|
SCW = "application_id:${scaleway_iam_application.service_applications[each.key].id}"
|
|
}
|
|
Resource = [
|
|
"${scaleway_object_bucket.service_buckets[each.key].name}",
|
|
"${scaleway_object_bucket.service_buckets[each.key].name}/*",
|
|
]
|
|
},
|
|
]
|
|
})
|
|
}
|
|
|
|
resource "time_rotating" "rotate_after_a_year" {
|
|
rotation_years = 1
|
|
}
|
|
|
|
resource "scaleway_iam_api_key" "service_keys" {
|
|
for_each = var.service_buckets
|
|
description = "Service key for ${each.key}"
|
|
application_id = scaleway_iam_application.service_applications[each.key].id
|
|
expires_at = time_rotating.rotate_after_a_year.rotation_rfc3339
|
|
}
|
|
|
|
|
|
resource "scaleway_registry_namespace" "public" {
|
|
name = "public.serguzim.net"
|
|
description = "Public container registry for serguzim.net"
|
|
is_public = true
|
|
}
|
|
|
|
resource "scaleway_registry_namespace" "private" {
|
|
name = "private.serguzim.net"
|
|
description = "Private container registry for serguzim.net"
|
|
is_public = false
|
|
}
|