From 01ca8c2a13e71569818ee1d0969b6b7ec29d22f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Huss?= Date: Fri, 26 Jan 2024 16:44:44 +0100 Subject: [PATCH] fix --- apps/code-server/index.yaml | 2 +- apps/code-server/presentation.tf | 2 +- apps/dbgate/index.yaml | 2 +- apps/dbgate/presentation.tf | 2 +- apps/dolibarr/application.tf | 4 +- apps/dolibarr/backups.tf | 12 +- apps/dolibarr/configmap.tf | 2 +- apps/dolibarr/index.yaml | 598 +++++++++++++-------------- apps/dolibarr/ingress.tf | 2 +- apps/dolibarr/ldap.tf | 2 +- apps/dolibarr/postgresql.tf | 10 +- apps/dolibarr/saml.tf | 2 +- apps/gitea/backups.tf | 10 +- apps/gitea/index.yaml | 544 ++++++++++++------------ apps/gitea/inline-config.tf | 8 +- apps/gitea/postgresql.tf | 10 +- apps/gitea/presentation.tf | 2 +- apps/gramo/index.yaml | 2 +- apps/gramo/presentation.tf | 2 +- apps/k8s-api/index.yaml | 2 +- apps/k8s-api/ingress.tf | 2 +- apps/nextcloud/backups.tf | 12 +- apps/nextcloud/index.yaml | 264 ++++++------ apps/nextcloud/postgresql.tf | 10 +- apps/nextcloud/presentation.tf | 2 +- apps/okd/index.yaml | 2 +- apps/okd/presentation.tf | 2 +- apps/sonar/index.yaml | 2 +- apps/traefik-ui/index.yaml | 2 +- apps/traefik-ui/presentation.tf | 2 +- apps/woodpecker/datas.tf | 4 +- apps/woodpecker/gitea_token.tf | 2 +- apps/woodpecker/index.yaml | 2 +- apps/woodpecker/presentation.tf | 2 +- meta/domain-devspaces/index.yaml | 2 +- meta/domain-devspaces/stations.tf | 2 +- monitor/alertmanager/index.yaml | 2 +- monitor/alertmanager/presentation.tf | 2 +- monitor/grafana/index.yaml | 2 +- monitor/grafana/presentation.tf | 2 +- monitor/loki-dashboard/index.yaml | 2 +- monitor/prometheus/index.yaml | 2 +- monitor/prometheus/presentation.tf | 2 +- monitor/thanos-ruler/index.yaml | 2 +- share/authentik-forward/index.yaml | 2 +- share/authentik/index.yaml | 236 +++++------ share/authentik/ingress.tf | 2 +- share/authentik/postgresql.tf | 10 +- share/dataset-pg/directus.tf | 10 +- share/dataset-pg/index.yaml | 186 ++++----- share/dataset-pg/postgresql.tf | 10 +- share/organisation/stages.tf | 2 +- share/wildduck/application.tf | 4 +- share/wildduck/haraka.tf | 4 +- share/wildduck/index.yaml | 2 +- share/wildduck/ingress.tf | 2 +- share/wildduck/webmail.tf | 6 +- share/wildduck/wildduck.tf | 6 +- share/wildduck/zonemta.tf | 4 +- 59 files changed, 1018 insertions(+), 1018 deletions(-) diff --git a/apps/code-server/index.yaml b/apps/code-server/index.yaml index 046b41f..ecfb72b 100644 --- a/apps/code-server/index.yaml +++ b/apps/code-server/index.yaml @@ -60,7 +60,7 @@ options: examples: - dev type: string - sub-domain: + sub_domain: default: code examples: - code diff --git a/apps/code-server/presentation.tf b/apps/code-server/presentation.tf index 361ae6d..e759401 100644 --- a/apps/code-server/presentation.tf +++ b/apps/code-server/presentation.tf @@ -1,5 +1,5 @@ locals { - dns_name = "${var.instance}.${var.sub-domain}.${var.domain_name}" + dns_name = "${var.instance}.${var.sub_domain}.${var.domain_name}" dns_names = [local.dns_name] app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) icon = "_static/src/browser/media/favicon-dark-support.svg" diff --git a/apps/dbgate/index.yaml b/apps/dbgate/index.yaml index 9f503a6..a154398 100644 --- a/apps/dbgate/index.yaml +++ b/apps/dbgate/index.yaml @@ -140,7 +140,7 @@ options: examples: - dev type: string - sub-domain: + sub_domain: default: dbgate examples: - dbgate diff --git a/apps/dbgate/presentation.tf b/apps/dbgate/presentation.tf index 9a3b2fa..6fea6bd 100644 --- a/apps/dbgate/presentation.tf +++ b/apps/dbgate/presentation.tf @@ -1,5 +1,5 @@ locals { - dns_name = "${var.sub-domain}.${var.domain_name}" + dns_name = "${var.sub_domain}.${var.domain_name}" dns_names = [local.dns_name] app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) icon = "logo192.png" diff --git a/apps/dolibarr/application.tf b/apps/dolibarr/application.tf index 0399e67..671911e 100644 --- a/apps/dolibarr/application.tf +++ b/apps/dolibarr/application.tf @@ -63,8 +63,8 @@ resource "authentik_application" "dolibarr_application_saml" { slug = "${var.component}-${var.instance}" group = var.app_group protocol_provider = authentik_provider_saml.dolibarr.id - meta_launch_url = format("https://%s.%s", var.sub-domain, var.domain_name) - meta_icon = format("https://%s.%s/%s", var.sub-domain, var.domain_name, "theme/dolibarr_256x256_color.png") + meta_launch_url = format("https://%s.%s", var.sub_domain, var.domain_name) + meta_icon = format("https://%s.%s/%s", var.sub_domain, var.domain_name, "theme/dolibarr_256x256_color.png") } resource "authentik_policy_binding" "dolibarr_saml_access_users" { diff --git a/apps/dolibarr/backups.tf b/apps/dolibarr/backups.tf index da67938..b46635b 100644 --- a/apps/dolibarr/backups.tf +++ b/apps/dolibarr/backups.tf @@ -10,17 +10,17 @@ resource "kubectl_manifest" "backup_schedule" { spec: backend: repoPasswordSecretRef: - key: "${var.backups.restic-key}" - name: "${var.backups.secret-name}" + key: "${var.backups.restic_key}" + name: "${var.backups.secret_name}" s3: accessKeyIDSecretRef: - key: "${var.backups.key-id-key}" - name: "${var.backups.secret-name}" + key: "${var.backups.key_id_key}" + name: "${var.backups.secret_name}" bucket: "${var.instance}-${var.namespace}" endpoint: "${var.backups.endpoint}/restic" secretAccessKeySecretRef: - key: "${var.backups.secret-key}" - name: "${var.backups.secret-name}" + key: "${var.backups.secret_key}" + name: "${var.backups.secret_name}" backup: schedule: "${var.backups.schedule.backup}" failedJobsHistoryLimit: 2 diff --git a/apps/dolibarr/configmap.tf b/apps/dolibarr/configmap.tf index aef0605..e5867ed 100644 --- a/apps/dolibarr/configmap.tf +++ b/apps/dolibarr/configmap.tf @@ -167,7 +167,7 @@ resource "kubectl_manifest" "config" { DOLI_ADMIN_LOGIN: "admin_${var.instance}" DOLI_MODULES: "modSociete,modBlockedLog,modSamlConnector,modLdap" DOLI_AUTH: "dolibarr" - DOLI_URL_ROOT: "https://${var.sub-domain}.${var.domain_name}" + DOLI_URL_ROOT: "https://${var.sub_domain}.${var.domain_name}" DOLI_LDAP_PORT: "389" DOLI_LDAP_VERSION: "3" DOLI_LDAP_SERVERTYPE: "openldap" diff --git a/apps/dolibarr/index.yaml b/apps/dolibarr/index.yaml index 17b8d05..703d5b4 100644 --- a/apps/dolibarr/index.yaml +++ b/apps/dolibarr/index.yaml @@ -6,10 +6,10 @@ metadata: name: dolibarr description: null options: - issuer: - default: letsencrypt-prod + sub_domain: + default: erp examples: - - letsencrypt-prod + - erp type: string redis: default: @@ -28,307 +28,11 @@ options: type: boolean type: object type: object - log-level: - default: 5 - examples: - - 5 - type: integer - storage: - default: - postgres: - size: 5Gi - redis: - size: 2Gi - volume: - accessMode: ReadWriteOnce - size: 1Gi - type: Filesystem - description: Configure this app storage - examples: - - postgres: - size: 5Gi - redis: - size: 2Gi - volume: - accessMode: ReadWriteOnce - size: 1Gi - type: Filesystem - properties: - postgres: - default: - size: 5Gi - properties: - size: - default: 5Gi - type: string - type: object - redis: - default: - size: 2Gi - properties: - size: - default: 2Gi - type: string - type: object - volume: - default: - accessMode: ReadWriteOnce - size: 1Gi - type: Filesystem - properties: - accessMode: - default: ReadWriteOnce - enum: - - ReadWriteOnce - - ReadOnlyMany - - ReadWriteMany - type: string - size: - default: 1Gi - type: string - type: - default: Filesystem - enum: - - Filesystem - - Block - type: string - type: object - type: object - domain: - default: your-company - examples: - - your-company - type: string app_group: default: '' examples: - '' type: string - sub-domain: - default: erp - examples: - - erp - type: string - postgres: - default: - replicas: 1 - examples: - - replicas: 1 - properties: - replicas: - default: 1 - type: integer - type: object - hpa: - default: - avg-cpu: 50 - max-replicas: 5 - min-replicas: 1 - examples: - - avg-cpu: 50 - max-replicas: 5 - min-replicas: 1 - properties: - avg-cpu: - default: 50 - type: integer - max-replicas: - default: 5 - type: integer - min-replicas: - default: 1 - type: integer - type: object - resources: - default: - limits: - cpu: 200m - memory: 256Mi - requests: - cpu: 50m - memory: 100Mi - examples: - - limits: - cpu: 200m - memory: 256Mi - requests: - cpu: 50m - memory: 100Mi - properties: - limits: - default: - cpu: 200m - memory: 256Mi - properties: - cpu: - default: 200m - type: string - memory: - default: 256Mi - type: string - type: object - requests: - default: - cpu: 50m - memory: 100Mi - properties: - cpu: - default: 50m - type: string - memory: - default: 100Mi - type: string - type: object - type: object - parameters: - default: - MAIN_LANG_DEFAULT: auto - examples: - - MAIN_LANG_DEFAULT: auto - properties: - MAIN_LANG_DEFAULT: - default: auto - type: string - type: object - ingress_class: - default: traefik - examples: - - traefik - type: string - backups: - default: - enable: false - endpoint: '' - key-id-key: s3-id - restic-key: bck-password - retention: - db: 30d - keepDaily: 14 - keepMonthly: 12 - keepWeekly: 6 - keepYearly: 12 - schedule: - backup: 20 3 * * * - check: 20 5 * * 1 - db: 0 3 * * * - prune: 20 1 * * 0 - secret-key: s3-secret - secret-name: backup-settings - use-barman: false - examples: - - enable: false - endpoint: '' - key-id-key: s3-id - restic-key: bck-password - retention: - db: 30d - keepDaily: 14 - keepMonthly: 12 - keepWeekly: 6 - keepYearly: 12 - schedule: - backup: 20 3 * * * - check: 20 5 * * 1 - db: 0 3 * * * - prune: 20 1 * * 0 - secret-key: s3-secret - secret-name: backup-settings - use-barman: false - properties: - enable: - default: false - type: boolean - endpoint: - default: '' - type: string - key-id-key: - default: s3-id - type: string - restic-key: - default: bck-password - type: string - retention: - default: - db: 30d - keepDaily: 14 - keepMonthly: 12 - keepWeekly: 6 - keepYearly: 12 - properties: - db: - default: 30d - type: string - keepDaily: - default: 14 - type: integer - keepMonthly: - default: 12 - type: integer - keepWeekly: - default: 6 - type: integer - keepYearly: - default: 12 - type: integer - type: object - schedule: - default: - backup: 20 3 * * * - check: 20 5 * * 1 - db: 0 3 * * * - prune: 20 1 * * 0 - properties: - backup: - default: 20 3 * * * - type: string - check: - default: 20 5 * * 1 - type: string - db: - default: 0 3 * * * - type: string - prune: - default: 20 1 * * 0 - type: string - type: object - secret-key: - default: s3-secret - type: string - secret-name: - default: backup-settings - type: string - use-barman: - default: false - type: boolean - type: object - modules: - default: - - societe - examples: - - - societe - items: - type: string - type: array - domain_name: - default: your_company.com - examples: - - your_company.com - type: string - user-groups: - default: - - admin: true - name: dolibarr-admin - examples: - - - admin: true - name: dolibarr-admin - items: - properties: - admin: - type: boolean - name: - type: string - type: object - type: array images: default: dolibarr: @@ -478,6 +182,302 @@ options: type: string type: object type: object + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + resources: + default: + limits: + cpu: 200m + memory: 256Mi + requests: + cpu: 50m + memory: 100Mi + examples: + - limits: + cpu: 200m + memory: 256Mi + requests: + cpu: 50m + memory: 100Mi + properties: + limits: + default: + cpu: 200m + memory: 256Mi + properties: + cpu: + default: 200m + type: string + memory: + default: 256Mi + type: string + type: object + requests: + default: + cpu: 50m + memory: 100Mi + properties: + cpu: + default: 50m + type: string + memory: + default: 100Mi + type: string + type: object + type: object + ingress_class: + default: traefik + examples: + - traefik + type: string + modules: + default: + - societe + examples: + - - societe + items: + type: string + type: array + storage: + default: + postgres: + size: 5Gi + redis: + size: 2Gi + volume: + accessMode: ReadWriteOnce + size: 10Gi + type: Filesystem + description: Configure this app storage + examples: + - postgres: + size: 5Gi + redis: + size: 2Gi + volume: + accessMode: ReadWriteOnce + size: 10Gi + type: Filesystem + properties: + postgres: + default: + size: 5Gi + properties: + size: + default: 5Gi + type: string + type: object + redis: + default: + size: 2Gi + properties: + size: + default: 2Gi + type: string + type: object + volume: + default: + accessMode: ReadWriteOnce + size: 10Gi + type: Filesystem + properties: + accessMode: + default: ReadWriteOnce + enum: + - ReadWriteOnce + - ReadOnlyMany + - ReadWriteMany + type: string + size: + default: 10Gi + type: string + type: + default: Filesystem + enum: + - Filesystem + - Block + type: string + type: object + type: object + parameters: + default: + MAIN_LANG_DEFAULT: auto + examples: + - MAIN_LANG_DEFAULT: auto + properties: + MAIN_LANG_DEFAULT: + default: auto + type: string + type: object + user-groups: + default: + - admin: true + name: dolibarr-admin + examples: + - - admin: true + name: dolibarr-admin + items: + properties: + admin: + type: boolean + name: + type: string + type: object + type: array + backups: + default: + enable: false + endpoint: '' + key_id_key: s3-id + restic_key: bck-password + retention: + db: 30d + keepDaily: 14 + keepMonthly: 12 + keepWeekly: 6 + keepYearly: 12 + schedule: + backup: 20 3 * * * + check: 20 5 * * 1 + db: 0 3 * * * + prune: 20 1 * * 0 + secret_key: s3-secret + secret_name: backup-settings + use_barman: false + examples: + - enable: false + endpoint: '' + key_id_key: s3-id + restic_key: bck-password + retention: + db: 30d + keepDaily: 14 + keepMonthly: 12 + keepWeekly: 6 + keepYearly: 12 + schedule: + backup: 20 3 * * * + check: 20 5 * * 1 + db: 0 3 * * * + prune: 20 1 * * 0 + secret_key: s3-secret + secret_name: backup-settings + use_barman: false + properties: + enable: + default: false + type: boolean + endpoint: + default: '' + type: string + key_id_key: + default: s3-id + type: string + restic_key: + default: bck-password + type: string + retention: + default: + db: 30d + keepDaily: 14 + keepMonthly: 12 + keepWeekly: 6 + keepYearly: 12 + properties: + db: + default: 30d + type: string + keepDaily: + default: 14 + type: integer + keepMonthly: + default: 12 + type: integer + keepWeekly: + default: 6 + type: integer + keepYearly: + default: 12 + type: integer + type: object + schedule: + default: + backup: 20 3 * * * + check: 20 5 * * 1 + db: 0 3 * * * + prune: 20 1 * * 0 + properties: + backup: + default: 20 3 * * * + type: string + check: + default: 20 5 * * 1 + type: string + db: + default: 0 3 * * * + type: string + prune: + default: 20 1 * * 0 + type: string + type: object + secret_key: + default: s3-secret + type: string + secret_name: + default: backup-settings + type: string + use_barman: + default: false + type: boolean + type: object + hpa: + default: + avg-cpu: 50 + max-replicas: 5 + min-replicas: 1 + examples: + - avg-cpu: 50 + max-replicas: 5 + min-replicas: 1 + properties: + avg-cpu: + default: 50 + type: integer + max-replicas: + default: 5 + type: integer + min-replicas: + default: 1 + type: integer + type: object + domain: + default: your-company + examples: + - your-company + type: string + domain_name: + default: your_company.com + examples: + - your_company.com + type: string + postgres: + default: + replicas: 1 + examples: + - replicas: 1 + properties: + replicas: + default: 1 + type: integer + type: object + log-level: + default: 5 + examples: + - 5 + type: integer dependencies: - dist: null category: share diff --git a/apps/dolibarr/ingress.tf b/apps/dolibarr/ingress.tf index dc1cbbd..8dc29b4 100644 --- a/apps/dolibarr/ingress.tf +++ b/apps/dolibarr/ingress.tf @@ -1,5 +1,5 @@ locals { - dns_names = ["${var.sub-domain}.${var.domain_name}"] + dns_names = ["${var.sub_domain}.${var.domain_name}"] middlewares = ["${var.instance}-https"] service = { "name" = "${var.instance}" diff --git a/apps/dolibarr/ldap.tf b/apps/dolibarr/ldap.tf index 34324fd..a2b13fe 100644 --- a/apps/dolibarr/ldap.tf +++ b/apps/dolibarr/ldap.tf @@ -5,7 +5,7 @@ data "kubernetes_secret_v1" "authentik" { } } locals { - base-dn = format("dc=%s", join(",dc=", split(".", format("%s.%s", var.sub-domain, var.domain_name)))) + base-dn = format("dc=%s", join(",dc=", split(".", format("%s.%s", var.sub_domain, var.domain_name)))) base-group-dn = format("ou=groups,%s", local.base-dn) base-user-dn = format("ou=users,%s", local.base-dn) authentik_url = "http://authentik.${var.domain}-auth.svc" diff --git a/apps/dolibarr/postgresql.tf b/apps/dolibarr/postgresql.tf index 0ca58b2..7571b70 100644 --- a/apps/dolibarr/postgresql.tf +++ b/apps/dolibarr/postgresql.tf @@ -27,18 +27,18 @@ resource "kubectl_manifest" "prj_pg" { monitoring: enablePodMonitor: true EOF - ], var.backups.enable&&var.backups.use-barman?[<<-EOF + ], var.backups.enable&&var.backups.use_barman?[<<-EOF backup: barmanObjectStore: destinationPath: "s3://${var.instance}-${var.namespace}/" endpointURL: "${var.backups.endpoint}/barman" s3Credentials: accessKeyId: - name: "${var.backups.secret-name}" - key: "${var.backups.key-id-key}" + name: "${var.backups.secret_name}" + key: "${var.backups.key_id_key}" secretAccessKey: - name: "${var.backups.secret-name}" - key: "${var.backups.secret-key}" + name: "${var.backups.secret_name}" + key: "${var.backups.secret_key}" EOF ]:[""])) } diff --git a/apps/dolibarr/saml.tf b/apps/dolibarr/saml.tf index c9970bb..7503c26 100644 --- a/apps/dolibarr/saml.tf +++ b/apps/dolibarr/saml.tf @@ -47,7 +47,7 @@ resource "authentik_provider_saml" "dolibarr" { name = "dolibarr-${var.instance}-saml" authentication_flow = data.authentik_flow.default-authentication-flow.id authorization_flow = data.authentik_flow.default-authorization-flow.id - acs_url = "https://${var.sub-domain}.${var.domain_name}/custom/samlconnector/acs.php?entity=1&fk_idp=0" + acs_url = "https://${var.sub_domain}.${var.domain_name}/custom/samlconnector/acs.php?entity=1&fk_idp=0" property_mappings = data.authentik_property_mapping_saml.saml_maps.ids name_id_mapping = data.authentik_property_mapping_saml.saml_name.id signing_kp = data.authentik_certificate_key_pair.generated.id diff --git a/apps/gitea/backups.tf b/apps/gitea/backups.tf index da67938..5061092 100644 --- a/apps/gitea/backups.tf +++ b/apps/gitea/backups.tf @@ -10,16 +10,16 @@ resource "kubectl_manifest" "backup_schedule" { spec: backend: repoPasswordSecretRef: - key: "${var.backups.restic-key}" - name: "${var.backups.secret-name}" + key: "${var.backups.restic_key}" + name: "${var.backups.secret_name}" s3: accessKeyIDSecretRef: - key: "${var.backups.key-id-key}" - name: "${var.backups.secret-name}" + key: "${var.backups.key_id_key}" + name: "${var.backups.secret_name}" bucket: "${var.instance}-${var.namespace}" endpoint: "${var.backups.endpoint}/restic" secretAccessKeySecretRef: - key: "${var.backups.secret-key}" + key: "${var.backups.secret_key}" name: "${var.backups.secret-name}" backup: schedule: "${var.backups.schedule.backup}" diff --git a/apps/gitea/index.yaml b/apps/gitea/index.yaml index 4e34faf..effa18a 100644 --- a/apps/gitea/index.yaml +++ b/apps/gitea/index.yaml @@ -9,26 +9,6 @@ metadata: A painless self-hosted Git service. Gitea is a community managed lightweight code hosting solution written in Go. It is published under the MIT license. options: - sub-domain: - default: git - examples: - - git - type: string - domain_name: - default: your_company.com - examples: - - your_company.com - type: string - load-balancer: - default: - ip: '' - examples: - - ip: '' - properties: - ip: - default: '' - type: string - type: object disable-registration: default: true examples: @@ -51,6 +31,253 @@ options: type: boolean type: object type: object + theme: + default: gitea-modern + examples: + - gitea-modern + type: string + storage: + default: + postgres: + size: 10Gi + redis: + size: 2Gi + volume: + accessMode: ReadWriteOnce + size: 10Gi + type: Filesystem + description: Configure this app storage + examples: + - postgres: + size: 10Gi + redis: + size: 2Gi + volume: + accessMode: ReadWriteOnce + size: 10Gi + type: Filesystem + properties: + postgres: + default: + size: 10Gi + properties: + size: + default: 10Gi + type: string + type: object + redis: + default: + size: 2Gi + properties: + size: + default: 2Gi + type: string + type: object + volume: + default: + accessMode: ReadWriteOnce + size: 10Gi + type: Filesystem + properties: + accessMode: + default: ReadWriteOnce + enum: + - ReadWriteOnce + - ReadOnlyMany + - ReadWriteMany + type: string + size: + default: 10Gi + type: string + type: + default: Filesystem + enum: + - Filesystem + - Block + type: string + type: object + type: object + app_group: + default: dev + examples: + - dev + type: string + postgres: + default: + replicas: 1 + examples: + - replicas: 1 + properties: + replicas: + default: 1 + type: integer + type: object + domain: + default: your-company + examples: + - your-company + type: string + ssh-sub_domain: + default: git + examples: + - git + type: string + backups: + default: + enable: false + endpoint: '' + key_id_key: s3-id + restic_key: bck-password + retention: + db: 30d + keepDaily: 14 + keepMonthly: 12 + keepWeekly: 6 + keepYearly: 12 + schedule: + backup: 10 3 * * * + check: 10 5 * * 1 + db: 10 3 * * * + prune: 10 1 * * 0 + secret_key: s3-secret + secret_name: backup-settings + use-barman: false + examples: + - enable: false + endpoint: '' + key_id_key: s3-id + restic_key: bck-password + retention: + db: 30d + keepDaily: 14 + keepMonthly: 12 + keepWeekly: 6 + keepYearly: 12 + schedule: + backup: 10 3 * * * + check: 10 5 * * 1 + db: 10 3 * * * + prune: 10 1 * * 0 + secret_key: s3-secret + secret_name: backup-settings + use-barman: false + properties: + enable: + default: false + type: boolean + endpoint: + default: '' + type: string + key_id_key: + default: s3-id + type: string + restic_key: + default: bck-password + type: string + retention: + default: + db: 30d + keepDaily: 14 + keepMonthly: 12 + keepWeekly: 6 + keepYearly: 12 + properties: + db: + default: 30d + type: string + keepDaily: + default: 14 + type: integer + keepMonthly: + default: 12 + type: integer + keepWeekly: + default: 6 + type: integer + keepYearly: + default: 12 + type: integer + type: object + schedule: + default: + backup: 10 3 * * * + check: 10 5 * * 1 + db: 10 3 * * * + prune: 10 1 * * 0 + properties: + backup: + default: 10 3 * * * + type: string + check: + default: 10 5 * * 1 + type: string + db: + default: 10 3 * * * + type: string + prune: + default: 10 1 * * 0 + type: string + type: object + secret_key: + default: s3-secret + type: string + secret_name: + default: backup-settings + type: string + use-barman: + default: false + type: boolean + type: object + admin: + default: + email: git-admin@git.your_company.com + name: gitea_admin + examples: + - email: git-admin@git.your_company.com + name: gitea_admin + properties: + email: + default: git-admin@git.your_company.com + type: string + name: + default: gitea_admin + type: string + type: object + webhook: + default: + allowed-hosts: private + skip-tls-verify: false + examples: + - allowed-hosts: private + skip-tls-verify: false + properties: + allowed-hosts: + default: private + type: string + skip-tls-verify: + default: false + type: boolean + type: object + release: + default: 8.3.0 + examples: + - 8.3.0 + type: string + ssh-port: + default: 2222 + examples: + - 2222 + type: integer + replicas: + default: 1 + examples: + - 1 + type: integer + default-branch: + default: main + examples: + - main + type: string images: default: gitea: @@ -182,112 +409,36 @@ options: type: string type: object type: object - backups: - default: - enable: false - endpoint: '' - key-id-key: s3-id - restic-key: bck-password - retention: - db: 30d - keepDaily: 14 - keepMonthly: 12 - keepWeekly: 6 - keepYearly: 12 - schedule: - backup: 10 3 * * * - check: 10 5 * * 1 - db: 10 3 * * * - prune: 10 1 * * 0 - secret-key: s3-secret - secret-name: backup-settings - use-barman: false + domain_name: + default: your_company.com examples: - - enable: false - endpoint: '' - key-id-key: s3-id - restic-key: bck-password - retention: - db: 30d - keepDaily: 14 - keepMonthly: 12 - keepWeekly: 6 - keepYearly: 12 - schedule: - backup: 10 3 * * * - check: 10 5 * * 1 - db: 10 3 * * * - prune: 10 1 * * 0 - secret-key: s3-secret - secret-name: backup-settings - use-barman: false + - your_company.com + type: string + load-balancer: + default: + ip: '' + examples: + - ip: '' properties: - enable: - default: false - type: boolean - endpoint: + ip: default: '' type: string - key-id-key: - default: s3-id - type: string - restic-key: - default: bck-password - type: string - retention: - default: - db: 30d - keepDaily: 14 - keepMonthly: 12 - keepWeekly: 6 - keepYearly: 12 - properties: - db: - default: 30d - type: string - keepDaily: - default: 14 - type: integer - keepMonthly: - default: 12 - type: integer - keepWeekly: - default: 6 - type: integer - keepYearly: - default: 12 - type: integer - type: object - schedule: - default: - backup: 10 3 * * * - check: 10 5 * * 1 - db: 10 3 * * * - prune: 10 1 * * 0 - properties: - backup: - default: 10 3 * * * - type: string - check: - default: 10 5 * * 1 - type: string - db: - default: 10 3 * * * - type: string - prune: - default: 10 1 * * 0 - type: string - type: object - secret-key: - default: s3-secret - type: string - secret-name: - default: backup-settings - type: string - use-barman: - default: false - type: boolean type: object + sub_domain: + default: git + examples: + - git + type: string + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + ingress_class: + default: traefik + examples: + - traefik + type: string push-create: default: org: 'true' @@ -308,162 +459,11 @@ options: default: 'true' type: string type: object - admin: - default: - email: git-admin@git.your_company.com - name: gitea_admin - examples: - - email: git-admin@git.your_company.com - name: gitea_admin - properties: - email: - default: git-admin@git.your_company.com - type: string - name: - default: gitea_admin - type: string - type: object - domain: - default: your-company - examples: - - your-company - type: string timezone: default: Europe/Paris examples: - Europe/Paris type: string - theme: - default: gitea-modern - examples: - - gitea-modern - type: string - replicas: - default: 1 - examples: - - 1 - type: integer - webhook: - default: - allowed-hosts: private - skip-tls-verify: false - examples: - - allowed-hosts: private - skip-tls-verify: false - properties: - allowed-hosts: - default: private - type: string - skip-tls-verify: - default: false - type: boolean - type: object - default-branch: - default: main - examples: - - main - type: string - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string - ssh-port: - default: 2222 - examples: - - 2222 - type: integer - ingress_class: - default: traefik - examples: - - traefik - type: string - release: - default: 8.3.0 - examples: - - 8.3.0 - type: string - storage: - default: - postgres: - size: 10Gi - redis: - size: 2Gi - volume: - accessMode: ReadWriteOnce - size: 10Gi - type: Filesystem - description: Configure this app storage - examples: - - postgres: - size: 10Gi - redis: - size: 2Gi - volume: - accessMode: ReadWriteOnce - size: 10Gi - type: Filesystem - properties: - postgres: - default: - size: 10Gi - properties: - size: - default: 10Gi - type: string - type: object - redis: - default: - size: 2Gi - properties: - size: - default: 2Gi - type: string - type: object - volume: - default: - accessMode: ReadWriteOnce - size: 10Gi - type: Filesystem - properties: - accessMode: - default: ReadWriteOnce - enum: - - ReadWriteOnce - - ReadOnlyMany - - ReadWriteMany - type: string - size: - default: 10Gi - type: string - type: - default: Filesystem - enum: - - Filesystem - - Block - type: string - type: object - type: object - ssh-sub-domain: - default: git - examples: - - git - type: string - app_group: - default: dev - examples: - - dev - type: string - postgres: - default: - replicas: 1 - examples: - - replicas: 1 - properties: - replicas: - default: 1 - type: integer - type: object dependencies: - dist: null category: share diff --git a/apps/gitea/inline-config.tf b/apps/gitea/inline-config.tf index 224376f..16af33a 100644 --- a/apps/gitea/inline-config.tf +++ b/apps/gitea/inline-config.tf @@ -43,15 +43,15 @@ ROOT=/data/git/gitea-repositories EOF server = <<-EOF APP_DATA_PATH=/data -DOMAIN=${var.sub-domain}.${var.domain_name} +DOMAIN=${var.sub_domain}.${var.domain_name} ENABLE_PPROF=false HTTP_PORT=3000 PROTOCOL=http -ROOT_URL=https://${var.sub-domain}.${var.domain_name} -SSH_DOMAIN=${var.sub-domain}.${var.domain_name} +ROOT_URL=https://${var.sub_domain}.${var.domain_name} +SSH_DOMAIN=${var.sub_domain}.${var.domain_name} SSH_LISTEN_PORT=2222 SSH_PORT=${var.ssh-port} -SSH_DOMAIN=${var.ssh-sub-domain}.${var.domain_name} +SSH_DOMAIN=${var.ssh-sub_domain}.${var.domain_name} START_SSH_SERVER=true EOF ui = <<-EOF diff --git a/apps/gitea/postgresql.tf b/apps/gitea/postgresql.tf index 0ca58b2..7571b70 100644 --- a/apps/gitea/postgresql.tf +++ b/apps/gitea/postgresql.tf @@ -27,18 +27,18 @@ resource "kubectl_manifest" "prj_pg" { monitoring: enablePodMonitor: true EOF - ], var.backups.enable&&var.backups.use-barman?[<<-EOF + ], var.backups.enable&&var.backups.use_barman?[<<-EOF backup: barmanObjectStore: destinationPath: "s3://${var.instance}-${var.namespace}/" endpointURL: "${var.backups.endpoint}/barman" s3Credentials: accessKeyId: - name: "${var.backups.secret-name}" - key: "${var.backups.key-id-key}" + name: "${var.backups.secret_name}" + key: "${var.backups.key_id_key}" secretAccessKey: - name: "${var.backups.secret-name}" - key: "${var.backups.secret-key}" + name: "${var.backups.secret_name}" + key: "${var.backups.secret_key}" EOF ]:[""])) } diff --git a/apps/gitea/presentation.tf b/apps/gitea/presentation.tf index 7cee64d..099a570 100644 --- a/apps/gitea/presentation.tf +++ b/apps/gitea/presentation.tf @@ -1,5 +1,5 @@ locals { - dns_name = "${var.sub-domain}.${var.domain_name}" + dns_name = "${var.sub_domain}.${var.domain_name}" dns_names = [local.dns_name] app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) icon = "assets/img/logo.svg" diff --git a/apps/gramo/index.yaml b/apps/gramo/index.yaml index 4660628..aaf938b 100644 --- a/apps/gramo/index.yaml +++ b/apps/gramo/index.yaml @@ -65,7 +65,7 @@ options: examples: - traefik type: string - sub-domain: + sub_domain: default: gramo examples: - gramo diff --git a/apps/gramo/presentation.tf b/apps/gramo/presentation.tf index efc0374..49ce9e8 100644 --- a/apps/gramo/presentation.tf +++ b/apps/gramo/presentation.tf @@ -1,5 +1,5 @@ locals { - dns_name = "${var.sub-domain}.${var.domain_name}" + dns_name = "${var.sub_domain}.${var.domain_name}" dns_names = [local.dns_name] app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) icon = "icon.svg" diff --git a/apps/k8s-api/index.yaml b/apps/k8s-api/index.yaml index 97b1dd1..2610e94 100644 --- a/apps/k8s-api/index.yaml +++ b/apps/k8s-api/index.yaml @@ -16,7 +16,7 @@ options: examples: - your_company.com type: string - sub-domain: + sub_domain: default: api examples: - api diff --git a/apps/k8s-api/ingress.tf b/apps/k8s-api/ingress.tf index f4a5931..1dc44e5 100644 --- a/apps/k8s-api/ingress.tf +++ b/apps/k8s-api/ingress.tf @@ -1,5 +1,5 @@ locals { - dns_names = ["${var.sub-domain}.${var.domain_name}"] + dns_names = ["${var.sub_domain}.${var.domain_name}"] middlewares = [] services = [{ "kind" = "Service" diff --git a/apps/nextcloud/backups.tf b/apps/nextcloud/backups.tf index da67938..b46635b 100644 --- a/apps/nextcloud/backups.tf +++ b/apps/nextcloud/backups.tf @@ -10,17 +10,17 @@ resource "kubectl_manifest" "backup_schedule" { spec: backend: repoPasswordSecretRef: - key: "${var.backups.restic-key}" - name: "${var.backups.secret-name}" + key: "${var.backups.restic_key}" + name: "${var.backups.secret_name}" s3: accessKeyIDSecretRef: - key: "${var.backups.key-id-key}" - name: "${var.backups.secret-name}" + key: "${var.backups.key_id_key}" + name: "${var.backups.secret_name}" bucket: "${var.instance}-${var.namespace}" endpoint: "${var.backups.endpoint}/restic" secretAccessKeySecretRef: - key: "${var.backups.secret-key}" - name: "${var.backups.secret-name}" + key: "${var.backups.secret_key}" + name: "${var.backups.secret_name}" backup: schedule: "${var.backups.schedule.backup}" failedJobsHistoryLimit: 2 diff --git a/apps/nextcloud/index.yaml b/apps/nextcloud/index.yaml index f2b879c..39c4eae 100644 --- a/apps/nextcloud/index.yaml +++ b/apps/nextcloud/index.yaml @@ -6,67 +6,6 @@ metadata: name: nextcloud description: null options: - storage: - default: - postgres: - size: 5Gi - redis: - size: 2Gi - volume: - accessMode: ReadWriteOnce - size: 10Gi - type: Filesystem - description: Configure this app storage - examples: - - postgres: - size: 5Gi - redis: - size: 2Gi - volume: - accessMode: ReadWriteOnce - size: 10Gi - type: Filesystem - properties: - postgres: - default: - size: 5Gi - properties: - size: - default: 5Gi - type: string - type: object - redis: - default: - size: 2Gi - properties: - size: - default: 2Gi - type: string - type: object - volume: - default: - accessMode: ReadWriteOnce - size: 10Gi - type: Filesystem - properties: - accessMode: - default: ReadWriteOnce - enum: - - ReadWriteOnce - - ReadOnlyMany - - ReadWriteMany - type: string - size: - default: 10Gi - type: string - type: - default: Filesystem - enum: - - Filesystem - - Block - type: string - type: object - type: object images: default: collabora: @@ -322,32 +261,37 @@ options: type: string type: object type: object - hpa: - default: - avg-cpu: 50 - max-replicas: 5 - min-replicas: 1 + openid-name: + default: vynil examples: - - avg-cpu: 50 - max-replicas: 5 - min-replicas: 1 + - vynil + type: string + postgres: + default: + replicas: 1 + examples: + - replicas: 1 properties: - avg-cpu: - default: 50 - type: integer - max-replicas: - default: 5 - type: integer - min-replicas: + replicas: default: 1 type: integer type: object + sub_domain: + default: files + examples: + - files + type: string + ingress_class: + default: traefik + examples: + - traefik + type: string backups: default: enable: false endpoint: '' - key-id-key: s3-id - restic-key: bck-password + key_id_key: s3-id + restic_key: bck-password retention: db: 30d keepDaily: 14 @@ -359,14 +303,14 @@ options: check: 30 5 * * 1 db: 30 3 * * * prune: 30 1 * * 0 - secret-key: s3-secret - secret-name: backup-settings - use-barman: false + secret_key: s3-secret + secret_name: backup-settings + use_barman: false examples: - enable: false endpoint: '' - key-id-key: s3-id - restic-key: bck-password + key_id_key: s3-id + restic_key: bck-password retention: db: 30d keepDaily: 14 @@ -378,9 +322,9 @@ options: check: 30 5 * * 1 db: 30 3 * * * prune: 30 1 * * 0 - secret-key: s3-secret - secret-name: backup-settings - use-barman: false + secret_key: s3-secret + secret_name: backup-settings + use_barman: false properties: enable: default: false @@ -388,10 +332,10 @@ options: endpoint: default: '' type: string - key-id-key: + key_id_key: default: s3-id type: string - restic-key: + restic_key: default: bck-password type: string retention: @@ -438,41 +382,77 @@ options: default: 30 1 * * 0 type: string type: object - secret-key: + secret_key: default: s3-secret type: string - secret-name: + secret_name: default: backup-settings type: string - use-barman: + use_barman: default: false type: boolean type: object - admin: + storage: default: - name: nextcloud_admin + postgres: + size: 5Gi + redis: + size: 2Gi + volume: + accessMode: ReadWriteOnce + size: 10Gi + type: Filesystem + description: Configure this app storage examples: - - name: nextcloud_admin + - postgres: + size: 5Gi + redis: + size: 2Gi + volume: + accessMode: ReadWriteOnce + size: 10Gi + type: Filesystem properties: - name: - default: nextcloud_admin - type: string + postgres: + default: + size: 5Gi + properties: + size: + default: 5Gi + type: string + type: object + redis: + default: + size: 2Gi + properties: + size: + default: 2Gi + type: string + type: object + volume: + default: + accessMode: ReadWriteOnce + size: 10Gi + type: Filesystem + properties: + accessMode: + default: ReadWriteOnce + enum: + - ReadWriteOnce + - ReadOnlyMany + - ReadWriteMany + type: string + size: + default: 10Gi + type: string + type: + default: Filesystem + enum: + - Filesystem + - Block + type: string + type: object type: object - openid-name: - default: vynil - examples: - - vynil - type: string - domain_name: - default: your_company.com - examples: - - your_company.com - type: string - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string redis: default: exporter: @@ -490,36 +470,56 @@ options: type: boolean type: object type: object + admin: + default: + name: nextcloud_admin + examples: + - name: nextcloud_admin + properties: + name: + default: nextcloud_admin + type: string + type: object app_group: default: '' examples: - '' type: string + hpa: + default: + avg-cpu: 50 + max-replicas: 5 + min-replicas: 1 + examples: + - avg-cpu: 50 + max-replicas: 5 + min-replicas: 1 + properties: + avg-cpu: + default: 50 + type: integer + max-replicas: + default: 5 + type: integer + min-replicas: + default: 1 + type: integer + type: object + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + domain_name: + default: your_company.com + examples: + - your_company.com + type: string domain: default: your-company examples: - your-company type: string - ingress_class: - default: traefik - examples: - - traefik - type: string - sub-domain: - default: files - examples: - - files - type: string - postgres: - default: - replicas: 1 - examples: - - replicas: 1 - properties: - replicas: - default: 1 - type: integer - type: object apps: default: audioplayer: false diff --git a/apps/nextcloud/postgresql.tf b/apps/nextcloud/postgresql.tf index 0ca58b2..7571b70 100644 --- a/apps/nextcloud/postgresql.tf +++ b/apps/nextcloud/postgresql.tf @@ -27,18 +27,18 @@ resource "kubectl_manifest" "prj_pg" { monitoring: enablePodMonitor: true EOF - ], var.backups.enable&&var.backups.use-barman?[<<-EOF + ], var.backups.enable&&var.backups.use_barman?[<<-EOF backup: barmanObjectStore: destinationPath: "s3://${var.instance}-${var.namespace}/" endpointURL: "${var.backups.endpoint}/barman" s3Credentials: accessKeyId: - name: "${var.backups.secret-name}" - key: "${var.backups.key-id-key}" + name: "${var.backups.secret_name}" + key: "${var.backups.key_id_key}" secretAccessKey: - name: "${var.backups.secret-name}" - key: "${var.backups.secret-key}" + name: "${var.backups.secret_name}" + key: "${var.backups.secret_key}" EOF ]:[""])) } diff --git a/apps/nextcloud/presentation.tf b/apps/nextcloud/presentation.tf index 422392a..d3cd980 100644 --- a/apps/nextcloud/presentation.tf +++ b/apps/nextcloud/presentation.tf @@ -1,5 +1,5 @@ locals { - dns_name = "${var.sub-domain}.${var.domain_name}" + dns_name = "${var.sub_domain}.${var.domain_name}" dns-collabora = "collabora.${local.dns_name}" dns-onlyoffice = "onlyoffice.${local.dns_name}" dns_names = [local.dns_name] diff --git a/apps/okd/index.yaml b/apps/okd/index.yaml index 0d740c0..fffde77 100644 --- a/apps/okd/index.yaml +++ b/apps/okd/index.yaml @@ -26,7 +26,7 @@ options: examples: - infra type: string - sub-domain: + sub_domain: default: okd examples: - okd diff --git a/apps/okd/presentation.tf b/apps/okd/presentation.tf index 59ac7f9..d736826 100644 --- a/apps/okd/presentation.tf +++ b/apps/okd/presentation.tf @@ -1,5 +1,5 @@ locals { - dns_name = "${var.sub-domain}.${var.domain_name}" + dns_name = "${var.sub_domain}.${var.domain_name}" dns_names = [local.dns_name] app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) icon = "static/assets/okd-logo.svg" diff --git a/apps/sonar/index.yaml b/apps/sonar/index.yaml index e074884..b0a4ade 100644 --- a/apps/sonar/index.yaml +++ b/apps/sonar/index.yaml @@ -11,7 +11,7 @@ options: examples: - traefik type: string - sub-domain: + sub_domain: default: sonar examples: - sonar diff --git a/apps/traefik-ui/index.yaml b/apps/traefik-ui/index.yaml index 203274a..940d7fb 100644 --- a/apps/traefik-ui/index.yaml +++ b/apps/traefik-ui/index.yaml @@ -6,7 +6,7 @@ metadata: name: traefik-ui description: Access to the Traefik UI options: - sub-domain: + sub_domain: default: traefik examples: - traefik diff --git a/apps/traefik-ui/presentation.tf b/apps/traefik-ui/presentation.tf index 68eda6f..5be62dc 100644 --- a/apps/traefik-ui/presentation.tf +++ b/apps/traefik-ui/presentation.tf @@ -1,5 +1,5 @@ locals { - dns_name = "${var.sub-domain}.${var.domain_name}" + dns_name = "${var.sub_domain}.${var.domain_name}" dns_names = [local.dns_name] app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) icon = "dashboard/statics/icons/favicon-96x96.png" diff --git a/apps/woodpecker/datas.tf b/apps/woodpecker/datas.tf index f0fef87..663e3cf 100644 --- a/apps/woodpecker/datas.tf +++ b/apps/woodpecker/datas.tf @@ -150,9 +150,9 @@ data "kustomization_overlay" "data" { - name: WOODPECKER_ADMIN value: "${var.admin-users}" - name: WOODPECKER_HOST - value: "https://${var.sub-domain}.${var.domain_name}" + value: "https://${var.sub_domain}.${var.domain_name}" - name: WOODPECKER_HOST - value: "https://${var.sub-domain}.${var.domain_name}" + value: "https://${var.sub_domain}.${var.domain_name}" envFrom: - secretRef: name: woodpecker-secret diff --git a/apps/woodpecker/gitea_token.tf b/apps/woodpecker/gitea_token.tf index bc82482..03654db 100644 --- a/apps/woodpecker/gitea_token.tf +++ b/apps/woodpecker/gitea_token.tf @@ -22,7 +22,7 @@ resource "gitea_oauth2_app" "prj" { name = var.component confidential_client = true redirect_uris = [ - "https://${var.sub-domain}.${var.domain_name}/authorize" + "https://${var.sub_domain}.${var.domain_name}/authorize" ] } diff --git a/apps/woodpecker/index.yaml b/apps/woodpecker/index.yaml index 1db6fba..96319f5 100644 --- a/apps/woodpecker/index.yaml +++ b/apps/woodpecker/index.yaml @@ -16,7 +16,7 @@ options: examples: - letsencrypt-prod type: string - sub-domain: + sub_domain: default: ci examples: - ci diff --git a/apps/woodpecker/presentation.tf b/apps/woodpecker/presentation.tf index 02b1697..85ec66d 100644 --- a/apps/woodpecker/presentation.tf +++ b/apps/woodpecker/presentation.tf @@ -1,5 +1,5 @@ locals { - dns_name = "${var.sub-domain}.${var.domain_name}" + dns_name = "${var.sub_domain}.${var.domain_name}" dns_names = [local.dns_name] icon = "favicons/favicon-light-default.png" service = { diff --git a/meta/domain-devspaces/index.yaml b/meta/domain-devspaces/index.yaml index 9e7006c..45b7b67 100644 --- a/meta/domain-devspaces/index.yaml +++ b/meta/domain-devspaces/index.yaml @@ -248,7 +248,7 @@ options: examples: - dev type: string - stations-sub-domain: + stations-sub_domain: default: code examples: - code diff --git a/meta/domain-devspaces/stations.tf b/meta/domain-devspaces/stations.tf index 44af039..e7f6626 100644 --- a/meta/domain-devspaces/stations.tf +++ b/meta/domain-devspaces/stations.tf @@ -21,7 +21,7 @@ locals { "organisation" = org "usage" = "station" "station" = station - "sub-domain" = "${station.name}.stations" + "sub_domain" = "${station.name}.stations" }) if ds.name == dsname ] ]) if org.name == name diff --git a/monitor/alertmanager/index.yaml b/monitor/alertmanager/index.yaml index 2819e12..dcd8dfa 100644 --- a/monitor/alertmanager/index.yaml +++ b/monitor/alertmanager/index.yaml @@ -80,7 +80,7 @@ options: examples: - traefik type: string - sub-domain: + sub_domain: default: alertmanager examples: - alertmanager diff --git a/monitor/alertmanager/presentation.tf b/monitor/alertmanager/presentation.tf index 6d0b1b9..6e2aa81 100644 --- a/monitor/alertmanager/presentation.tf +++ b/monitor/alertmanager/presentation.tf @@ -1,5 +1,5 @@ locals { - dns_name = "${var.sub-domain}.${var.domain_name}" + dns_name = "${var.sub_domain}.${var.domain_name}" dns_names = [local.dns_name] app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) icon = "favicon.ico" diff --git a/monitor/grafana/index.yaml b/monitor/grafana/index.yaml index 9e6e310..b58e03b 100644 --- a/monitor/grafana/index.yaml +++ b/monitor/grafana/index.yaml @@ -113,7 +113,7 @@ options: examples: - letsencrypt-prod type: string - sub-domain: + sub_domain: default: grafana examples: - grafana diff --git a/monitor/grafana/presentation.tf b/monitor/grafana/presentation.tf index 426a477..b38289f 100644 --- a/monitor/grafana/presentation.tf +++ b/monitor/grafana/presentation.tf @@ -1,5 +1,5 @@ locals { - dns_name = "${var.sub-domain}.${var.domain_name}" + dns_name = "${var.sub_domain}.${var.domain_name}" dns_names = [local.dns_name] app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) icon = "public/img/grafana_icon.svg" diff --git a/monitor/loki-dashboard/index.yaml b/monitor/loki-dashboard/index.yaml index 1e32c8d..d1c0f24 100644 --- a/monitor/loki-dashboard/index.yaml +++ b/monitor/loki-dashboard/index.yaml @@ -60,7 +60,7 @@ options: type: string type: object type: object - sub-domain: + sub_domain: default: to-be-set examples: - to-be-set diff --git a/monitor/prometheus/index.yaml b/monitor/prometheus/index.yaml index e5b664f..a1b3c99 100644 --- a/monitor/prometheus/index.yaml +++ b/monitor/prometheus/index.yaml @@ -65,7 +65,7 @@ options: type: string type: object type: object - sub-domain: + sub_domain: default: prometheus examples: - prometheus diff --git a/monitor/prometheus/presentation.tf b/monitor/prometheus/presentation.tf index 54a92a1..2f42d6e 100644 --- a/monitor/prometheus/presentation.tf +++ b/monitor/prometheus/presentation.tf @@ -1,5 +1,5 @@ locals { - dns_name = "${var.sub-domain}.${var.domain_name}" + dns_name = "${var.sub_domain}.${var.domain_name}" dns_names = [local.dns_name] app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) icon = "favicon.ico" diff --git a/monitor/thanos-ruler/index.yaml b/monitor/thanos-ruler/index.yaml index e842e50..2570fad 100644 --- a/monitor/thanos-ruler/index.yaml +++ b/monitor/thanos-ruler/index.yaml @@ -60,7 +60,7 @@ options: examples: - your-company type: string - sub-domain: + sub_domain: default: to-be-set examples: - to-be-set diff --git a/share/authentik-forward/index.yaml b/share/authentik-forward/index.yaml index 9735b8a..53b8ea9 100644 --- a/share/authentik-forward/index.yaml +++ b/share/authentik-forward/index.yaml @@ -21,7 +21,7 @@ options: examples: - your_company.com type: string - sub-domain: + sub_domain: default: null ingress_class: default: traefik diff --git a/share/authentik/index.yaml b/share/authentik/index.yaml index 0faf0f3..665f938 100644 --- a/share/authentik/index.yaml +++ b/share/authentik/index.yaml @@ -23,81 +23,6 @@ options: type: boolean type: object type: object - postgres: - default: - replicas: 1 - examples: - - replicas: 1 - properties: - replicas: - default: 1 - type: integer - type: object - admin: - default: - email: auth-admin - examples: - - email: auth-admin - properties: - email: - default: auth-admin - type: string - type: object - domain: - default: your-company - examples: - - your-company - type: string - geoip: - default: /geoip/GeoLite2-City.mmdb - examples: - - /geoip/GeoLite2-City.mmdb - type: string - email: - default: - port: 587 - timeout: 30 - use_ssl: false - use_tls: false - examples: - - port: 587 - timeout: 30 - use_ssl: false - use_tls: false - properties: - port: - default: 587 - type: integer - timeout: - default: 30 - type: integer - use_ssl: - default: false - type: boolean - use_tls: - default: false - type: boolean - type: object - loglevel: - default: info - examples: - - info - type: string - sub-domain: - default: auth - examples: - - auth - type: string - domain_name: - default: your_company.com - examples: - - your_company.com - type: string - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string error_reporting: default: enabled: false @@ -118,34 +43,29 @@ options: default: false type: boolean type: object - ingress_class: - default: traefik - examples: - - traefik - type: string backups: default: enable: false endpoint: '' - key-id-key: s3-id + key_id_key: s3-id retention: db: 30d schedule: db: 0 3 * * * - secret-key: s3-secret - secret-name: backup-settings - use-barman: false + secret_key: s3-secret + secret_name: backup-settings + use_barman: false examples: - enable: false endpoint: '' - key-id-key: s3-id + key_id_key: s3-id retention: db: 30d schedule: db: 0 3 * * * - secret-key: s3-secret - secret-name: backup-settings - use-barman: false + secret_key: s3-secret + secret_name: backup-settings + use_barman: false properties: enable: default: false @@ -153,7 +73,7 @@ options: endpoint: default: '' type: string - key-id-key: + key_id_key: default: s3-id type: string retention: @@ -172,45 +92,46 @@ options: default: 0 3 * * * type: string type: object - secret-key: + secret_key: default: s3-secret type: string - secret-name: + secret_name: default: backup-settings type: string - use-barman: + use_barman: default: false type: boolean type: object - storage: - default: - postgres: - size: 8Gi - redis: - size: 8Gi + issuer: + default: letsencrypt-prod examples: - - postgres: - size: 8Gi - redis: - size: 8Gi + - letsencrypt-prod + type: string + postgres: + default: + replicas: 1 + examples: + - replicas: 1 properties: - postgres: - default: - size: 8Gi - properties: - size: - default: 8Gi - type: string - type: object - redis: - default: - size: 8Gi - properties: - size: - default: 8Gi - type: string - type: object + replicas: + default: 1 + type: integer type: object + sub_domain: + default: auth + examples: + - auth + type: string + ingress_class: + default: traefik + examples: + - traefik + type: string + domain_name: + default: your_company.com + examples: + - your_company.com + type: string images: default: app: @@ -348,6 +269,85 @@ options: type: string type: object type: object + domain: + default: your-company + examples: + - your-company + type: string + loglevel: + default: info + examples: + - info + type: string + admin: + default: + email: auth-admin + examples: + - email: auth-admin + properties: + email: + default: auth-admin + type: string + type: object + storage: + default: + postgres: + size: 8Gi + redis: + size: 8Gi + examples: + - postgres: + size: 8Gi + redis: + size: 8Gi + properties: + postgres: + default: + size: 8Gi + properties: + size: + default: 8Gi + type: string + type: object + redis: + default: + size: 8Gi + properties: + size: + default: 8Gi + type: string + type: object + type: object + geoip: + default: /geoip/GeoLite2-City.mmdb + examples: + - /geoip/GeoLite2-City.mmdb + type: string + email: + default: + port: 587 + timeout: 30 + use_ssl: false + use_tls: false + examples: + - port: 587 + timeout: 30 + use_ssl: false + use_tls: false + properties: + port: + default: 587 + type: integer + timeout: + default: 30 + type: integer + use_ssl: + default: false + type: boolean + use_tls: + default: false + type: boolean + type: object dependencies: - dist: null category: core diff --git a/share/authentik/ingress.tf b/share/authentik/ingress.tf index dc1cbbd..8dc29b4 100644 --- a/share/authentik/ingress.tf +++ b/share/authentik/ingress.tf @@ -1,5 +1,5 @@ locals { - dns_names = ["${var.sub-domain}.${var.domain_name}"] + dns_names = ["${var.sub_domain}.${var.domain_name}"] middlewares = ["${var.instance}-https"] service = { "name" = "${var.instance}" diff --git a/share/authentik/postgresql.tf b/share/authentik/postgresql.tf index 153c1ec..e951e56 100644 --- a/share/authentik/postgresql.tf +++ b/share/authentik/postgresql.tf @@ -30,18 +30,18 @@ resource "kubectl_manifest" "prj_pg" { monitoring: enablePodMonitor: true EOF - ], var.backups.enable&&var.backups.use-barman?[<<-EOF + ], var.backups.enable&&var.backups.use_barman?[<<-EOF backup: barmanObjectStore: destinationPath: "s3://${var.instance}-${var.namespace}/" endpointURL: "${var.backups.endpoint}/barman" s3Credentials: accessKeyId: - name: "${var.backups.secret-name}" - key: "${var.backups.key-id-key}" + name: "${var.backups.secret_name}" + key: "${var.backups.key_id_key}" secretAccessKey: - name: "${var.backups.secret-name}" - key: "${var.backups.secret-key}" + name: "${var.backups.secret_name}" + key: "${var.backups.secret_key}" EOF ]:[""])) } diff --git a/share/dataset-pg/directus.tf b/share/dataset-pg/directus.tf index 6975dfc..5b9cd94 100644 --- a/share/dataset-pg/directus.tf +++ b/share/dataset-pg/directus.tf @@ -51,7 +51,7 @@ resource "kubectl_manifest" "directus_config" { AUTH_PROVIDERS: "VYNIL" AUTH_VYNIL_DRIVER: "openid" AUTH_VYNIL_ALLOW_PUBLIC_REGISTRATION: "true" - AUTH_VYNIL_ISSUER_URL: "https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}/application/o/directus-${replace(var.sub-domain, ".", "-")}-${var.instance}/.well-known/openid-configuration" + AUTH_VYNIL_ISSUER_URL: "https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}/application/o/directus-${replace(var.sub_domain, ".", "-")}-${var.instance}/.well-known/openid-configuration" AUTH_VYNIL_IDENTIFIER_KEY: "email" PUBLIC_URL: "https://${local.directus-dns_name}" EOF @@ -133,12 +133,12 @@ resource "kubectl_manifest" "directus_deploy" { valueFrom: secretKeyRef: key: "client-id" - name: "directus-${replace(var.sub-domain, ".", "-")}-${var.instance}-id" + name: "directus-${replace(var.sub_domain, ".", "-")}-${var.instance}-id" - name: AUTH_VYNIL_CLIENT_SECRET valueFrom: secretKeyRef: key: "client-secret" - name: "directus-${replace(var.sub-domain, ".", "-")}-${var.instance}-secret" + name: "directus-${replace(var.sub_domain, ".", "-")}-${var.instance}-secret" - name: DB_USER valueFrom: secretKeyRef: @@ -230,7 +230,7 @@ module "directus-ingress" { module "directus-application" { count = var.extentions.directus.enable ? 1 : 0 source = "git::https://git.solidite.fr/vynil/kydah-modules.git//application" - component = "directus-${replace(var.sub-domain, ".", "-")}" + component = "directus-${replace(var.sub_domain, ".", "-")}" instance = var.instance app_group = var.app_group dns_name = local.directus-dns_name @@ -244,7 +244,7 @@ module "directus-application" { module "directus-oauth2" { count = var.extentions.directus.enable ? 1 : 0 source = "git::https://git.solidite.fr/vynil/kydah-modules.git//oauth2" - component = "directus-${replace(var.sub-domain, ".", "-")}" + component = "directus-${replace(var.sub_domain, ".", "-")}" domain = var.domain instance = var.instance namespace = var.namespace diff --git a/share/dataset-pg/index.yaml b/share/dataset-pg/index.yaml index 8636139..50e0a1e 100644 --- a/share/dataset-pg/index.yaml +++ b/share/dataset-pg/index.yaml @@ -6,6 +6,69 @@ metadata: name: dataset-pg description: null options: + backups: + default: + enable: false + endpoint: '' + key_id_key: s3-id + retention: + db: 30d + schedule: + db: 0 3 * * * + secret_key: s3-secret + secret_name: backup-settings + examples: + - enable: false + endpoint: '' + key_id_key: s3-id + retention: + db: 30d + schedule: + db: 0 3 * * * + secret_key: s3-secret + secret_name: backup-settings + properties: + enable: + default: false + type: boolean + endpoint: + default: '' + type: string + key_id_key: + default: s3-id + type: string + retention: + default: + db: 30d + properties: + db: + default: 30d + type: string + type: object + schedule: + default: + db: 0 3 * * * + properties: + db: + default: 0 3 * * * + type: string + type: object + secret_key: + default: s3-secret + type: string + secret_name: + default: backup-settings + type: string + type: object + databases: + default: [] + items: + properties: + name: + default: db + type: string + type: object + type: array issuer: default: letsencrypt-prod examples: @@ -28,6 +91,31 @@ options: type: string type: object type: object + app_group: + default: api + examples: + - api + type: string + domain_name: + default: your_company.com + examples: + - your_company.com + type: string + postgres: + default: + replicas: 1 + examples: + - replicas: 1 + properties: + replicas: + default: 1 + type: integer + type: object + ingress_class: + default: traefik + examples: + - traefik + type: string roles: default: [] items: @@ -42,6 +130,11 @@ options: examples: - your-company type: string + sub_domain: + default: dataset-pg + examples: + - dataset-pg + type: string extentions: default: directus: @@ -223,99 +316,6 @@ options: type: object type: object type: object - app_group: - default: api - examples: - - api - type: string - postgres: - default: - replicas: 1 - examples: - - replicas: 1 - properties: - replicas: - default: 1 - type: integer - type: object - ingress_class: - default: traefik - examples: - - traefik - type: string - backups: - default: - enable: false - endpoint: '' - key-id-key: s3-id - retention: - db: 30d - schedule: - db: 0 3 * * * - secret-key: s3-secret - secret-name: backup-settings - examples: - - enable: false - endpoint: '' - key-id-key: s3-id - retention: - db: 30d - schedule: - db: 0 3 * * * - secret-key: s3-secret - secret-name: backup-settings - properties: - enable: - default: false - type: boolean - endpoint: - default: '' - type: string - key-id-key: - default: s3-id - type: string - retention: - default: - db: 30d - properties: - db: - default: 30d - type: string - type: object - schedule: - default: - db: 0 3 * * * - properties: - db: - default: 0 3 * * * - type: string - type: object - secret-key: - default: s3-secret - type: string - secret-name: - default: backup-settings - type: string - type: object - sub-domain: - default: dataset-pg - examples: - - dataset-pg - type: string - domain_name: - default: your_company.com - examples: - - your_company.com - type: string - databases: - default: [] - items: - properties: - name: - default: db - type: string - type: object - type: array images: default: postgresql: diff --git a/share/dataset-pg/postgresql.tf b/share/dataset-pg/postgresql.tf index df6e929..6b66636 100644 --- a/share/dataset-pg/postgresql.tf +++ b/share/dataset-pg/postgresql.tf @@ -1,5 +1,5 @@ locals { - dns_name = "${var.instance}.${var.sub-domain}.${var.domain_name}" + dns_name = "${var.instance}.${var.sub_domain}.${var.domain_name}" pg-labels = merge(local.common-labels, { "app.kubernetes.io/component" = "postgresql" }) @@ -35,11 +35,11 @@ resource "kubectl_manifest" "prj_pg" { endpointURL: "${var.backups.endpoint}/barman" s3Credentials: accessKeyId: - name: "${var.backups.secret-name}" - key: "${var.backups.key-id-key}" + name: "${var.backups.secret_name}" + key: "${var.backups.key_id_key}" secretAccessKey: - name: "${var.backups.secret-name}" - key: "${var.backups.secret-key}" + name: "${var.backups.secret_name}" + key: "${var.backups.secret_key}" EOF ]:[""])) } diff --git a/share/organisation/stages.tf b/share/organisation/stages.tf index 57e1b49..0352b34 100644 --- a/share/organisation/stages.tf +++ b/share/organisation/stages.tf @@ -26,7 +26,7 @@ locals { for name in local.sorted-dataset-name: [ for ds in var.datasets: merge(ds,{ - "sub-domain" = "${stage}.${var.instance}" + "sub_domain" = "${stage}.${var.instance}" "namespace" = "${var.domain}-${var.instance}-${stage}" }) if ds.name == name ] diff --git a/share/wildduck/application.tf b/share/wildduck/application.tf index 1a69f2a..e7f5ca8 100644 --- a/share/wildduck/application.tf +++ b/share/wildduck/application.tf @@ -16,8 +16,8 @@ resource "authentik_application" "prj_app" { #protocol_provider = authentik_provider_oauth2.oauth2.id group = var.app_group backchannel_providers = [authentik_provider_scim.scim.id] - meta_launch_url = format("https://%s.%s", var.sub-domain, var.domain_name) - meta_icon = format("https://%s.%s/%s", var.sub-domain, var.domain_name, "favicon-32x32.png") + meta_launch_url = format("https://%s.%s", var.sub_domain, var.domain_name) + meta_icon = format("https://%s.%s/%s", var.sub_domain, var.domain_name, "favicon-32x32.png") } resource "authentik_policy_expression" "policy" { diff --git a/share/wildduck/haraka.tf b/share/wildduck/haraka.tf index 6e06abb..6748e2e 100644 --- a/share/wildduck/haraka.tf +++ b/share/wildduck/haraka.tf @@ -96,10 +96,10 @@ resource "kubernetes_config_map_v1" "haraka_config" { } data = yamldecode(<<-EOF me: |- - ${var.sub-domain}.${var.domain_name} + ${var.sub_domain}.${var.domain_name} host_list: |- # add hosts in here we want to accept mail for - ${var.sub-domain}.${var.domain_name} + ${var.sub_domain}.${var.domain_name} ${var.domain_name} ${join("\n ",var.additional-domains)} rspamd.ini: |- diff --git a/share/wildduck/index.yaml b/share/wildduck/index.yaml index a373310..36ed8df 100644 --- a/share/wildduck/index.yaml +++ b/share/wildduck/index.yaml @@ -43,7 +43,7 @@ options: examples: - letsencrypt-prod type: string - sub-domain: + sub_domain: default: mail examples: - mail diff --git a/share/wildduck/ingress.tf b/share/wildduck/ingress.tf index 22b0858..16cc818 100644 --- a/share/wildduck/ingress.tf +++ b/share/wildduck/ingress.tf @@ -1,5 +1,5 @@ locals { - dns_names = ["${var.sub-domain}.${var.domain_name}"] + dns_names = ["${var.sub_domain}.${var.domain_name}"] cert-names = concat(local.dns_names, ["${var.domain_name}"]) middlewares = ["${var.instance}-https"] service = { diff --git a/share/wildduck/webmail.tf b/share/wildduck/webmail.tf index 347148c..82d52d2 100644 --- a/share/wildduck/webmail.tf +++ b/share/wildduck/webmail.tf @@ -154,15 +154,15 @@ resource "kubernetes_config_map_v1" "webmail_config" { [setup] # these values are shown in the configuration help page [setup.imap] - hostname="${var.sub-domain}.${var.domain_name}" + hostname="${var.sub_domain}.${var.domain_name}" secure=true port=143 [setup.pop3] - hostname="${var.sub-domain}.${var.domain_name}" + hostname="${var.sub_domain}.${var.domain_name}" secure=true port=110 [setup.smtp] - hostname="${var.sub-domain}.${var.domain_name}" + hostname="${var.sub_domain}.${var.domain_name}" secure=true port=25 EOF diff --git a/share/wildduck/wildduck.tf b/share/wildduck/wildduck.tf index 6fb4f2c..3d1b612 100644 --- a/share/wildduck/wildduck.tf +++ b/share/wildduck/wildduck.tf @@ -173,7 +173,7 @@ resource "kubernetes_config_map_v1" "wildduck_config" { enabled=true [smtp.setup] # Public configuration for SMTP MDA, needed for mobileconfig files - hostname="${var.sub-domain}.${var.domain_name}" + hostname="${var.sub_domain}.${var.domain_name}" secure=true port=465 [webhooks] @@ -312,7 +312,7 @@ resource "kubernetes_config_map_v1" "wildduck_config" { autoExpunge=true [setup] # Public configuration for IMAP - hostname="${var.sub-domain}.${var.domain_name}" + hostname="${var.sub_domain}.${var.domain_name}" secure=true # port defaults to imap.port port=9930 @@ -360,7 +360,7 @@ resource "kubernetes_config_map_v1" "wildduck_config" { cert="/var/opt/certs/tls.crt" [setup] # Public configuration for POP3 - hostname="${var.sub-domain}.${var.domain_name}" + hostname="${var.sub_domain}.${var.domain_name}" secure=true # port defaults to pop3.port port=995 diff --git a/share/wildduck/zonemta.tf b/share/wildduck/zonemta.tf index 53487cb..2acf8ea 100644 --- a/share/wildduck/zonemta.tf +++ b/share/wildduck/zonemta.tf @@ -128,7 +128,7 @@ resource "kubernetes_config_map_v1" "zonemta_config" { # Server process must be able to locally bind to these addresses [[default]] address="0.0.0.0" - name="${var.sub-domain}.${var.domain_name}" + name="${var.sub_domain}.${var.domain_name}" # #[[default]] #address="1.2.3.5" @@ -145,7 +145,7 @@ resource "kubernetes_config_map_v1" "zonemta_config" { interfaces=["feeder"] # optional hostname to be used in headers # defaults to os.hostname() - hostname="${var.sub-domain}.${var.domain_name}" + hostname="${var.sub_domain}.${var.domain_name}" # How long to keep auth records in log authlogExpireDays=30 # default smtp recipients for 24h (can be overriden per user)