fix

2024-01-26 16:44:44 +01:00
parent 4d8e42f0f6
commit 01ca8c2a13
59 changed files with 1018 additions and 1018 deletions
--- a/share/authentik-forward/index.yaml
+++ b/share/authentik-forward/index.yaml
@@ -21,7 +21,7 @@ options:
    examples:
    - your_company.com
    type: string
-  sub-domain:
+  sub_domain:
    default: null
  ingress_class:
    default: traefik
--- a/share/authentik/index.yaml
+++ b/share/authentik/index.yaml
@@ -23,81 +23,6 @@ options:
            type: boolean
        type: object
    type: object
-  postgres:
-    default:
-      replicas: 1
-    examples:
-    - replicas: 1
-    properties:
-      replicas:
-        default: 1
-        type: integer
-    type: object
-  admin:
-    default:
-      email: auth-admin
-    examples:
-    - email: auth-admin
-    properties:
-      email:
-        default: auth-admin
-        type: string
-    type: object
-  domain:
-    default: your-company
-    examples:
-    - your-company
-    type: string
-  geoip:
-    default: /geoip/GeoLite2-City.mmdb
-    examples:
-    - /geoip/GeoLite2-City.mmdb
-    type: string
-  email:
-    default:
-      port: 587
-      timeout: 30
-      use_ssl: false
-      use_tls: false
-    examples:
-    - port: 587
-      timeout: 30
-      use_ssl: false
-      use_tls: false
-    properties:
-      port:
-        default: 587
-        type: integer
-      timeout:
-        default: 30
-        type: integer
-      use_ssl:
-        default: false
-        type: boolean
-      use_tls:
-        default: false
-        type: boolean
-    type: object
-  loglevel:
-    default: info
-    examples:
-    - info
-    type: string
-  sub-domain:
-    default: auth
-    examples:
-    - auth
-    type: string
-  domain_name:
-    default: your_company.com
-    examples:
-    - your_company.com
-    type: string
-  issuer:
-    default: letsencrypt-prod
-    examples:
-    - letsencrypt-prod
-    type: string
  error_reporting:
    default:
      enabled: false
@@ -118,34 +43,29 @@ options:
        default: false
        type: boolean
    type: object
-  ingress_class:
-    default: traefik
-    examples:
-    - traefik
-    type: string
  backups:
    default:
      enable: false
      endpoint: ''
-      key-id-key: s3-id
+      key_id_key: s3-id
      retention:
        db: 30d
      schedule:
        db: 0 3 * * *
-      secret-key: s3-secret
-      secret-name: backup-settings
-      use-barman: false
+      secret_key: s3-secret
+      secret_name: backup-settings
+      use_barman: false
    examples:
    - enable: false
      endpoint: ''
-      key-id-key: s3-id
+      key_id_key: s3-id
      retention:
        db: 30d
      schedule:
        db: 0 3 * * *
-      secret-key: s3-secret
-      secret-name: backup-settings
-      use-barman: false
+      secret_key: s3-secret
+      secret_name: backup-settings
+      use_barman: false
    properties:
      enable:
        default: false
@@ -153,7 +73,7 @@ options:
      endpoint:
        default: ''
        type: string
-      key-id-key:
+      key_id_key:
        default: s3-id
        type: string
      retention:
@@ -172,45 +92,46 @@ options:
            default: 0 3 * * *
            type: string
        type: object
-      secret-key:
+      secret_key:
        default: s3-secret
        type: string
-      secret-name:
+      secret_name:
        default: backup-settings
        type: string
-      use-barman:
+      use_barman:
        default: false
        type: boolean
    type: object
-  storage:
-    default:
-      postgres:
-        size: 8Gi
-      redis:
-        size: 8Gi
+  issuer:
+    default: letsencrypt-prod
    examples:
-    - postgres:
-        size: 8Gi
-      redis:
-        size: 8Gi
+    - letsencrypt-prod
+    type: string
+  postgres:
+    default:
+      replicas: 1
+    examples:
+    - replicas: 1
    properties:
-      postgres:
-        default:
-          size: 8Gi
-        properties:
-          size:
-            default: 8Gi
-            type: string
-        type: object
-      redis:
-        default:
-          size: 8Gi
-        properties:
-          size:
-            default: 8Gi
-            type: string
-        type: object
+      replicas:
+        default: 1
+        type: integer
    type: object
+  sub_domain:
+    default: auth
+    examples:
+    - auth
+    type: string
+  ingress_class:
+    default: traefik
+    examples:
+    - traefik
+    type: string
+  domain_name:
+    default: your_company.com
+    examples:
+    - your_company.com
+    type: string
  images:
    default:
      app:
@@ -348,6 +269,85 @@ options:
            type: string
        type: object
    type: object
+  domain:
+    default: your-company
+    examples:
+    - your-company
+    type: string
+  loglevel:
+    default: info
+    examples:
+    - info
+    type: string
+  admin:
+    default:
+      email: auth-admin
+    examples:
+    - email: auth-admin
+    properties:
+      email:
+        default: auth-admin
+        type: string
+    type: object
+  storage:
+    default:
+      postgres:
+        size: 8Gi
+      redis:
+        size: 8Gi
+    examples:
+    - postgres:
+        size: 8Gi
+      redis:
+        size: 8Gi
+    properties:
+      postgres:
+        default:
+          size: 8Gi
+        properties:
+          size:
+            default: 8Gi
+            type: string
+        type: object
+      redis:
+        default:
+          size: 8Gi
+        properties:
+          size:
+            default: 8Gi
+            type: string
+        type: object
+    type: object
+  geoip:
+    default: /geoip/GeoLite2-City.mmdb
+    examples:
+    - /geoip/GeoLite2-City.mmdb
+    type: string
+  email:
+    default:
+      port: 587
+      timeout: 30
+      use_ssl: false
+      use_tls: false
+    examples:
+    - port: 587
+      timeout: 30
+      use_ssl: false
+      use_tls: false
+    properties:
+      port:
+        default: 587
+        type: integer
+      timeout:
+        default: 30
+        type: integer
+      use_ssl:
+        default: false
+        type: boolean
+      use_tls:
+        default: false
+        type: boolean
+    type: object
 dependencies:
 - dist: null
  category: core
--- a/share/authentik/ingress.tf
+++ b/share/authentik/ingress.tf
@@ -1,5 +1,5 @@
 locals {
-    dns_names = ["${var.sub-domain}.${var.domain_name}"]
+    dns_names = ["${var.sub_domain}.${var.domain_name}"]
    middlewares = ["${var.instance}-https"]
    service = {
      "name"  = "${var.instance}"
--- a/share/authentik/postgresql.tf
+++ b/share/authentik/postgresql.tf
@@ -30,18 +30,18 @@ resource "kubectl_manifest" "prj_pg" {
      monitoring:
        enablePodMonitor: true
  EOF
-  ], var.backups.enable&&var.backups.use-barman?[<<-EOF
+  ], var.backups.enable&&var.backups.use_barman?[<<-EOF
      backup:
        barmanObjectStore:
          destinationPath: "s3://${var.instance}-${var.namespace}/"
          endpointURL: "${var.backups.endpoint}/barman"
          s3Credentials:
            accessKeyId:
-              name: "${var.backups.secret-name}"
-              key: "${var.backups.key-id-key}"
+              name: "${var.backups.secret_name}"
+              key: "${var.backups.key_id_key}"
            secretAccessKey:
-              name: "${var.backups.secret-name}"
-              key: "${var.backups.secret-key}"
+              name: "${var.backups.secret_name}"
+              key: "${var.backups.secret_key}"
  EOF
  ]:[""]))
 }
--- a/share/dataset-pg/directus.tf
+++ b/share/dataset-pg/directus.tf
@@ -51,7 +51,7 @@ resource "kubectl_manifest" "directus_config" {
      AUTH_PROVIDERS: "VYNIL"
      AUTH_VYNIL_DRIVER: "openid"
      AUTH_VYNIL_ALLOW_PUBLIC_REGISTRATION: "true"
-      AUTH_VYNIL_ISSUER_URL: "https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}/application/o/directus-${replace(var.sub-domain, ".", "-")}-${var.instance}/.well-known/openid-configuration"
+      AUTH_VYNIL_ISSUER_URL: "https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}/application/o/directus-${replace(var.sub_domain, ".", "-")}-${var.instance}/.well-known/openid-configuration"
      AUTH_VYNIL_IDENTIFIER_KEY: "email"
      PUBLIC_URL: "https://${local.directus-dns_name}"
  EOF
@@ -133,12 +133,12 @@ resource "kubectl_manifest" "directus_deploy" {
              valueFrom:
                secretKeyRef:
                  key: "client-id"
-                  name: "directus-${replace(var.sub-domain, ".", "-")}-${var.instance}-id"
+                  name: "directus-${replace(var.sub_domain, ".", "-")}-${var.instance}-id"
            - name: AUTH_VYNIL_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  key: "client-secret"
-                  name: "directus-${replace(var.sub-domain, ".", "-")}-${var.instance}-secret"
+                  name: "directus-${replace(var.sub_domain, ".", "-")}-${var.instance}-secret"
            - name: DB_USER
              valueFrom:
                secretKeyRef:
@@ -230,7 +230,7 @@ module "directus-ingress" {
 module "directus-application" {
  count = var.extentions.directus.enable ? 1 : 0
  source = "git::https://git.solidite.fr/vynil/kydah-modules.git//application"
-  component         = "directus-${replace(var.sub-domain, ".", "-")}"
+  component         = "directus-${replace(var.sub_domain, ".", "-")}"
  instance          = var.instance
  app_group         = var.app_group
  dns_name          = local.directus-dns_name
@@ -244,7 +244,7 @@ module "directus-application" {
 module "directus-oauth2" {
  count = var.extentions.directus.enable ? 1 : 0
  source = "git::https://git.solidite.fr/vynil/kydah-modules.git//oauth2"
-  component         = "directus-${replace(var.sub-domain, ".", "-")}"
+  component         = "directus-${replace(var.sub_domain, ".", "-")}"
  domain            = var.domain
  instance          = var.instance
  namespace         = var.namespace
--- a/share/dataset-pg/index.yaml
+++ b/share/dataset-pg/index.yaml
@@ -6,6 +6,69 @@ metadata:
  name: dataset-pg
  description: null
 options:
+  backups:
+    default:
+      enable: false
+      endpoint: ''
+      key_id_key: s3-id
+      retention:
+        db: 30d
+      schedule:
+        db: 0 3 * * *
+      secret_key: s3-secret
+      secret_name: backup-settings
+    examples:
+    - enable: false
+      endpoint: ''
+      key_id_key: s3-id
+      retention:
+        db: 30d
+      schedule:
+        db: 0 3 * * *
+      secret_key: s3-secret
+      secret_name: backup-settings
+    properties:
+      enable:
+        default: false
+        type: boolean
+      endpoint:
+        default: ''
+        type: string
+      key_id_key:
+        default: s3-id
+        type: string
+      retention:
+        default:
+          db: 30d
+        properties:
+          db:
+            default: 30d
+            type: string
+        type: object
+      schedule:
+        default:
+          db: 0 3 * * *
+        properties:
+          db:
+            default: 0 3 * * *
+            type: string
+        type: object
+      secret_key:
+        default: s3-secret
+        type: string
+      secret_name:
+        default: backup-settings
+        type: string
+    type: object
+  databases:
+    default: []
+    items:
+      properties:
+        name:
+          default: db
+          type: string
+      type: object
+    type: array
  issuer:
    default: letsencrypt-prod
    examples:
@@ -28,6 +91,31 @@ options:
            type: string
        type: object
    type: object
+  app_group:
+    default: api
+    examples:
+    - api
+    type: string
+  domain_name:
+    default: your_company.com
+    examples:
+    - your_company.com
+    type: string
+  postgres:
+    default:
+      replicas: 1
+    examples:
+    - replicas: 1
+    properties:
+      replicas:
+        default: 1
+        type: integer
+    type: object
+  ingress_class:
+    default: traefik
+    examples:
+    - traefik
+    type: string
  roles:
    default: []
    items:
@@ -42,6 +130,11 @@ options:
    examples:
    - your-company
    type: string
+  sub_domain:
+    default: dataset-pg
+    examples:
+    - dataset-pg
+    type: string
  extentions:
    default:
      directus:
@@ -223,99 +316,6 @@ options:
            type: object
        type: object
    type: object
-  app_group:
-    default: api
-    examples:
-    - api
-    type: string
-  postgres:
-    default:
-      replicas: 1
-    examples:
-    - replicas: 1
-    properties:
-      replicas:
-        default: 1
-        type: integer
-    type: object
-  ingress_class:
-    default: traefik
-    examples:
-    - traefik
-    type: string
-  backups:
-    default:
-      enable: false
-      endpoint: ''
-      key-id-key: s3-id
-      retention:
-        db: 30d
-      schedule:
-        db: 0 3 * * *
-      secret-key: s3-secret
-      secret-name: backup-settings
-    examples:
-    - enable: false
-      endpoint: ''
-      key-id-key: s3-id
-      retention:
-        db: 30d
-      schedule:
-        db: 0 3 * * *
-      secret-key: s3-secret
-      secret-name: backup-settings
-    properties:
-      enable:
-        default: false
-        type: boolean
-      endpoint:
-        default: ''
-        type: string
-      key-id-key:
-        default: s3-id
-        type: string
-      retention:
-        default:
-          db: 30d
-        properties:
-          db:
-            default: 30d
-            type: string
-        type: object
-      schedule:
-        default:
-          db: 0 3 * * *
-        properties:
-          db:
-            default: 0 3 * * *
-            type: string
-        type: object
-      secret-key:
-        default: s3-secret
-        type: string
-      secret-name:
-        default: backup-settings
-        type: string
-    type: object
-  sub-domain:
-    default: dataset-pg
-    examples:
-    - dataset-pg
-    type: string
-  domain_name:
-    default: your_company.com
-    examples:
-    - your_company.com
-    type: string
-  databases:
-    default: []
-    items:
-      properties:
-        name:
-          default: db
-          type: string
-      type: object
-    type: array
  images:
    default:
      postgresql:
--- a/share/dataset-pg/postgresql.tf
+++ b/share/dataset-pg/postgresql.tf
@@ -1,5 +1,5 @@
 locals {
-  dns_name  = "${var.instance}.${var.sub-domain}.${var.domain_name}"
+  dns_name  = "${var.instance}.${var.sub_domain}.${var.domain_name}"
  pg-labels = merge(local.common-labels, {
    "app.kubernetes.io/component" = "postgresql"
  })
@@ -35,11 +35,11 @@ resource "kubectl_manifest" "prj_pg" {
          endpointURL: "${var.backups.endpoint}/barman"
          s3Credentials:
            accessKeyId:
-              name: "${var.backups.secret-name}"
-              key: "${var.backups.key-id-key}"
+              name: "${var.backups.secret_name}"
+              key: "${var.backups.key_id_key}"
            secretAccessKey:
-              name: "${var.backups.secret-name}"
-              key: "${var.backups.secret-key}"
+              name: "${var.backups.secret_name}"
+              key: "${var.backups.secret_key}"
  EOF
  ]:[""]))
 }
--- a/share/organisation/stages.tf
+++ b/share/organisation/stages.tf
@@ -26,7 +26,7 @@ locals {
      for name in local.sorted-dataset-name: [
        for ds in var.datasets:
          merge(ds,{
-            "sub-domain" = "${stage}.${var.instance}"
+            "sub_domain" = "${stage}.${var.instance}"
            "namespace" = "${var.domain}-${var.instance}-${stage}"
          }) if ds.name == name
      ]
--- a/share/wildduck/application.tf
+++ b/share/wildduck/application.tf
@@ -16,8 +16,8 @@ resource "authentik_application" "prj_app" {
  #protocol_provider = authentik_provider_oauth2.oauth2.id
  group             = var.app_group
  backchannel_providers = [authentik_provider_scim.scim.id]
-  meta_launch_url   = format("https://%s.%s", var.sub-domain, var.domain_name)
-  meta_icon         = format("https://%s.%s/%s", var.sub-domain, var.domain_name, "favicon-32x32.png")
+  meta_launch_url   = format("https://%s.%s", var.sub_domain, var.domain_name)
+  meta_icon         = format("https://%s.%s/%s", var.sub_domain, var.domain_name, "favicon-32x32.png")
 }

 resource "authentik_policy_expression" "policy" {
--- a/share/wildduck/haraka.tf
+++ b/share/wildduck/haraka.tf
@@ -96,10 +96,10 @@ resource "kubernetes_config_map_v1" "haraka_config" {
  }
  data = yamldecode(<<-EOF
      me: |-
-        ${var.sub-domain}.${var.domain_name}
+        ${var.sub_domain}.${var.domain_name}
      host_list: |-
        # add hosts in here we want to accept mail for
-        ${var.sub-domain}.${var.domain_name}
+        ${var.sub_domain}.${var.domain_name}
        ${var.domain_name}
        ${join("\n        ",var.additional-domains)}
      rspamd.ini: |-
--- a/share/wildduck/index.yaml
+++ b/share/wildduck/index.yaml
@@ -43,7 +43,7 @@ options:
    examples:
    - letsencrypt-prod
    type: string
-  sub-domain:
+  sub_domain:
    default: mail
    examples:
    - mail
--- a/share/wildduck/ingress.tf
+++ b/share/wildduck/ingress.tf
@@ -1,5 +1,5 @@
 locals {
-    dns_names = ["${var.sub-domain}.${var.domain_name}"]
+    dns_names = ["${var.sub_domain}.${var.domain_name}"]
    cert-names = concat(local.dns_names, ["${var.domain_name}"])
    middlewares = ["${var.instance}-https"]
    service = {
--- a/share/wildduck/webmail.tf
+++ b/share/wildduck/webmail.tf
@@ -154,15 +154,15 @@ resource "kubernetes_config_map_v1" "webmail_config" {
        [setup]
            # these values are shown in the configuration help page
            [setup.imap]
-                hostname="${var.sub-domain}.${var.domain_name}"
+                hostname="${var.sub_domain}.${var.domain_name}"
                secure=true
                port=143
            [setup.pop3]
-                hostname="${var.sub-domain}.${var.domain_name}"
+                hostname="${var.sub_domain}.${var.domain_name}"
                secure=true
                port=110
            [setup.smtp]
-                hostname="${var.sub-domain}.${var.domain_name}"
+                hostname="${var.sub_domain}.${var.domain_name}"
                secure=true
                port=25
  EOF
--- a/share/wildduck/wildduck.tf
+++ b/share/wildduck/wildduck.tf
@@ -173,7 +173,7 @@ resource "kubernetes_config_map_v1" "wildduck_config" {
        enabled=true
        [smtp.setup]
        # Public configuration for SMTP MDA, needed for mobileconfig files
-        hostname="${var.sub-domain}.${var.domain_name}"
+        hostname="${var.sub_domain}.${var.domain_name}"
        secure=true
        port=465
        [webhooks]
@@ -312,7 +312,7 @@ resource "kubernetes_config_map_v1" "wildduck_config" {
        autoExpunge=true
        [setup]
        # Public configuration for IMAP
-        hostname="${var.sub-domain}.${var.domain_name}"
+        hostname="${var.sub_domain}.${var.domain_name}"
        secure=true
        # port defaults to imap.port
        port=9930
@@ -360,7 +360,7 @@ resource "kubernetes_config_map_v1" "wildduck_config" {
        cert="/var/opt/certs/tls.crt"
        [setup]
        # Public configuration for POP3
-        hostname="${var.sub-domain}.${var.domain_name}"
+        hostname="${var.sub_domain}.${var.domain_name}"
        secure=true
        # port defaults to pop3.port
        port=995
--- a/share/wildduck/zonemta.tf
+++ b/share/wildduck/zonemta.tf
@@ -128,7 +128,7 @@ resource "kubernetes_config_map_v1" "zonemta_config" {
        # Server process must be able to locally bind to these addresses
        [[default]]
        address="0.0.0.0"
-        name="${var.sub-domain}.${var.domain_name}"
+        name="${var.sub_domain}.${var.domain_name}"
        #
        #[[default]]
        #address="1.2.3.5"
@@ -145,7 +145,7 @@ resource "kubernetes_config_map_v1" "zonemta_config" {
        interfaces=["feeder"]
        # optional hostname to be used in headers
        # defaults to os.hostname()
-        hostname="${var.sub-domain}.${var.domain_name}"
+        hostname="${var.sub_domain}.${var.domain_name}"
        # How long to keep auth records in log
        authlogExpireDays=30
        # default smtp recipients for 24h (can be overriden per user)