vynil/domain-incoming
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2024-01-26 20:49:13 +01:00
parent d318d017f2
commit 738339e6f7
11 changed files with 1028 additions and 963 deletions
Download Patch File Download Diff File Expand all files Collapse all files

365
meta/domain/index.yaml
View File

@@ -6,57 +6,6 @@ metadata:
name: domain
description: null
options:
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
ingress_class:
default: traefik
examples:
- traefik
type: string
apps:
default:
enable: false
nextcloud:
enable: true
examples:
- enable: false
nextcloud:
enable: true
properties:
enable:
default: false
type: boolean
nextcloud:
default:
enable: true
properties:
enable:
default: true
type: boolean
type: object
type: object
x-vynil-category: meta
x-vynil-package: domain-apps
domain_name:
default: your_company.com
examples:
- your_company.com
type: string
monitor:
default:
enable: false
examples:
- enable: false
properties:
enable:
default: false
type: boolean
type: object
x-vynil-category: meta
x-vynil-package: domain-monitor
distributions:
default:
core: core
@@ -72,6 +21,120 @@ options:
default: domain
type: string
type: object
backups:
default:
enable: false
endpoint: ''
key_id_key: s3-id
restic_key: bck-password
secret_key: s3-secret
secret_name: backup-settings
use_barman: false
examples:
- enable: false
endpoint: ''
key_id_key: s3-id
restic_key: bck-password
secret_key: s3-secret
secret_name: backup-settings
use_barman: false
properties:
enable:
default: false
type: boolean
endpoint:
default: ''
type: string
key_id_key:
default: s3-id
type: string
restic_key:
default: bck-password
type: string
secret_key:
default: s3-secret
type: string
secret_name:
default: backup-settings
type: string
use_barman:
default: false
type: boolean
type: object
erp:
default:
dolibarr:
enable: true
enable: false
examples:
- dolibarr:
enable: true
enable: false
properties:
dolibarr:
default:
enable: true
properties:
enable:
default: true
type: boolean
type: object
enable:
default: false
type: boolean
type: object
x-vynil-category: meta
x-vynil-package: domain-erp
ingress_class:
default: traefik
examples:
- traefik
type: string
storage:
default:
volume:
accessMode: ReadWriteOnce
class: ''
examples:
- volume:
accessMode: ReadWriteOnce
class: ''
properties:
volume:
default:
accessMode: ReadWriteOnce
class: ''
properties:
accessMode:
default: ReadWriteOnce
type: string
class:
default: ''
type: string
type: object
type: object
mail:
default:
enable: false
wildduck:
enable: true
examples:
- enable: false
wildduck:
enable: true
properties:
enable:
default: false
type: boolean
wildduck:
default:
enable: true
properties:
enable:
default: true
type: boolean
type: object
type: object
ci:
default:
enable: false
@@ -108,106 +171,11 @@ options:
type: object
x-vynil-category: meta
x-vynil-package: domain-devspaces
mail:
default:
enable: false
wildduck:
enable: true
issuer:
default: letsencrypt-prod
examples:
- enable: false
wildduck:
enable: true
properties:
enable:
default: false
type: boolean
wildduck:
default:
enable: true
properties:
enable:
default: true
type: boolean
type: object
type: object
backups:
default:
enable: false
endpoint: ''
key-id-key: s3-id
secret-key: s3-secret
secret-name: backup-settings
examples:
- enable: false
endpoint: ''
key-id-key: s3-id
secret-key: s3-secret
secret-name: backup-settings
properties:
enable:
default: false
type: boolean
endpoint:
default: ''
type: string
key-id-key:
default: s3-id
type: string
secret-key:
default: s3-secret
type: string
secret-name:
default: backup-settings
type: string
type: object
erp:
default:
dolibarr:
enable: true
enable: false
examples:
- dolibarr:
enable: true
enable: false
properties:
dolibarr:
default:
enable: true
properties:
enable:
default: true
type: boolean
type: object
enable:
default: false
type: boolean
type: object
x-vynil-category: meta
x-vynil-package: domain-erp
infra:
default:
enable: false
traefik:
enable: false
examples:
- enable: false
traefik:
enable: false
properties:
enable:
default: false
type: boolean
traefik:
default:
enable: false
properties:
enable:
default: false
type: boolean
type: object
type: object
x-vynil-category: meta
x-vynil-package: domain-infra
- letsencrypt-prod
type: string
auth:
default:
authentik:
@@ -232,31 +200,86 @@ options:
type: object
x-vynil-category: meta
x-vynil-package: domain-auth
storage-classes:
apps:
default:
BlockReadWriteMany: ''
BlockReadWriteOnce: ''
FilesystemReadWriteMany: ''
FilesystemReadWriteOnce: ''
enable: false
nextcloud:
enable: true
examples:
- BlockReadWriteMany: ''
BlockReadWriteOnce: ''
FilesystemReadWriteMany: ''
FilesystemReadWriteOnce: ''
- enable: false
nextcloud:
enable: true
properties:
BlockReadWriteMany:
default: ''
type: string
BlockReadWriteOnce:
default: ''
type: string
FilesystemReadWriteMany:
default: ''
type: string
FilesystemReadWriteOnce:
default: ''
type: string
enable:
default: false
type: boolean
nextcloud:
default:
enable: true
properties:
enable:
default: true
type: boolean
type: object
type: object
x-vynil-category: meta
x-vynil-package: domain-apps
sso_vynil:
default: true
examples:
- true
type: boolean
language:
default: fr_FR
examples:
- fr_FR
type: string
domain_name:
default: your-company.com
examples:
- your-company.com
type: string
infra:
default:
enable: false
traefik:
enable: false
examples:
- enable: false
traefik:
enable: false
properties:
enable:
default: false
type: boolean
traefik:
default:
enable: false
properties:
enable:
default: false
type: boolean
type: object
type: object
x-vynil-category: meta
x-vynil-package: domain-infra
monitor:
default:
enable: false
examples:
- enable: false
properties:
enable:
default: false
type: boolean
type: object
x-vynil-category: meta
x-vynil-package: domain-monitor
timezone:
default: Europe/Paris
examples:
- Europe/Paris
type: string
dependencies: []
providers:
kubernetes: null

104
meta/domain/installs.tf
View File

@@ -1,28 +1,74 @@
locals {
global = {
"domain" = var.namespace
"domain_name" = var.domain_name
"issuer" = var.issuer
"ingress_class" = var.ingress_class
"distributions" = var.distributions
"backups" = var.backups
"storage-classes"= var.storage-classes
"sso_vynil" = var.sso_vynil
"domain_name" = var.domain_name
"timezone" = var.timezone
"language" = var.language
"domain" = var.namespace
"issuer" = var.issuer
"ingress_class" = var.ingress_class
}
annotations = {
"vynil.solidite.fr/meta" = var.component
"vynil.solidite.fr/name" = var.namespace
"vynil.solidite.fr/domain" = var.domain_name
"vynil.solidite.fr/issuer" = var.issuer
"vynil.solidite.fr/ingress" = var.ingress_class
global-backups = {
"enable" = var.backups.enable
"use_barman" = var.backups.use_barman
"endpoint" = var.backups.endpoint
"secret_name" = var.backups.secret_name
"key_id_key" = var.backups.key_id_key
"secret_key" = var.backups.secret_key
"restic_key" = var.backups.restic_key
}
auth = { for k, v in var.auth : k => v if k!="enable" }
infra = { for k, v in var.infra : k => v if k!="enable" }
ci = { for k, v in var.ci : k => v if k!="enable" }
erp = { for k, v in var.erp : k => v if k!="enable" }
apps = { for k, v in var.apps : k => v if k!="enable" }
mail = { for k, v in var.mail : k => v if k!="enable" }
monitor = { for k, v in var.monitor : k => v if k!="enable" }
devspaces = { for k, v in var.devspaces : k => v if k!="enable" }
global-volume = {
"accessMode" = var.storage.volume.accessMode
"class" = var.storage.volume.class
}
auth = merge(local.global,{ for k, v in var.auth : k => v if !contains(["enable","storage","backups"],k) },{
backups = merge(lookup(var.auth, "backups", {}), local.global-backups)
storage = merge({ for k, v in lookup(var.auth, "storage", {}) : k => v if !contains(["volume"],k) }, {
volume = merge(lookup(lookup(var.auth, "storage", {}), "volume", {}), local.global-volume)
})
})
infra = merge(local.global,{ for k, v in var.infra : k => v if !contains(["enable","storage","backups"],k) },{
backups = merge(lookup(var.infra, "backups", {}), local.global-backups)
storage = merge({ for k, v in lookup(var.infra, "storage", {}) : k => v if !contains(["volume"],k) }, {
volume = merge(lookup(lookup(var.infra, "storage", {}), "volume", {}), local.global-volume)
})
})
ci = merge(local.global,{ for k, v in var.ci : k => v if !contains(["enable","storage","backups"],k) },{
backups = merge(lookup(var.ci, "backups", {}), local.global-backups)
storage = merge({ for k, v in lookup(var.ci, "storage", {}) : k => v if !contains(["volume"],k) }, {
volume = merge(lookup(lookup(var.ci, "storage", {}), "volume", {}), local.global-volume)
})
})
erp = merge(local.global,{ for k, v in var.erp : k => v if !contains(["enable","storage","backups"],k) },{
backups = merge(lookup(var.erp, "backups", {}), local.global-backups)
storage = merge({ for k, v in lookup(var.erp, "storage", {}) : k => v if !contains(["volume"],k) }, {
volume = merge(lookup(lookup(var.erp, "storage", {}), "volume", {}), local.global-volume)
})
})
apps = merge(local.global,{ for k, v in var.apps : k => v if !contains(["enable","storage","backups"],k) },{
backups = merge(lookup(var.apps, "backups", {}), local.global-backups)
storage = merge({ for k, v in lookup(var.apps, "storage", {}) : k => v if !contains(["volume"],k) }, {
volume = merge(lookup(lookup(var.apps, "storage", {}), "volume", {}), local.global-volume)
})
})
mail = merge(local.global,{ for k, v in var.mail : k => v if !contains(["enable","storage","backups"],k) },{
backups = merge(lookup(var.mail, "backups", {}), local.global-backups)
storage = merge({ for k, v in lookup(var.mail, "storage", {}) : k => v if !contains(["volume"],k) }, {
volume = merge(lookup(lookup(var.mail, "storage", {}), "volume", {}), local.global-volume)
})
})
monitor = merge(local.global,{ for k, v in var.monitor : k => v if !contains(["enable","storage","backups"],k) },{
backups = merge(lookup(var.monitor, "backups", {}), local.global-backups)
storage = merge({ for k, v in lookup(var.monitor, "storage", {}) : k => v if !contains(["volume"],k) }, {
volume = merge(lookup(lookup(var.monitor, "storage", {}), "volume", {}), local.global-volume)
})
})
devspaces = merge(local.global,{ for k, v in var.devspaces : k => v if !contains(["enable","storage","backups"],k) },{
backups = merge(lookup(var.devspaces, "backups", {}), local.global-backups)
storage = merge({ for k, v in lookup(var.devspaces, "storage", {}) : k => v if !contains(["volume"],k) }, {
volume = merge(lookup(lookup(var.devspaces, "storage", {}), "volume", {}), local.global-volume)
})
})
# Force install authentik and it's modules when any are needed
use-ldap = (var.ci.enable && var.ci.gitea.enable) || (var.erp.enable && var.erp.dolibarr.enable)
@@ -136,7 +182,7 @@ resource "kubectl_manifest" "auth" {
distrib: "${var.distributions.domain}"
category: "meta"
component: "domain-auth"
options: ${jsonencode(merge(local.global, local.added-auth, local.divisions, local.auth))}
options: ${jsonencode(merge(local.added-auth, local.divisions, local.auth))}
EOF
}
resource "kubectl_manifest" "infra" {
@@ -152,7 +198,7 @@ resource "kubectl_manifest" "infra" {
distrib: "${var.distributions.domain}"
category: "meta"
component: "domain-infra"
options: ${jsonencode(merge(local.global, local.infra))}
options: ${jsonencode(local.infra)}
EOF
}
resource "kubectl_manifest" "ci" {
@@ -168,7 +214,7 @@ resource "kubectl_manifest" "ci" {
distrib: "${var.distributions.domain}"
category: "meta"
component: "domain-ci"
options: ${jsonencode(merge(local.global, local.ci))}
options: ${jsonencode(local.ci)}
EOF
}
resource "kubectl_manifest" "erp" {
@@ -184,7 +230,7 @@ resource "kubectl_manifest" "erp" {
distrib: "${var.distributions.domain}"
category: "meta"
component: "domain-erp"
options: ${jsonencode(merge(local.global, local.erp))}
options: ${jsonencode(local.erp)}
EOF
}
resource "kubectl_manifest" "apps" {
@@ -200,7 +246,7 @@ resource "kubectl_manifest" "apps" {
distrib: "${var.distributions.domain}"
category: "meta"
component: "domain-apps"
options: ${jsonencode(merge(local.global, local.apps))}
options: ${jsonencode(local.apps)}
EOF
}
resource "kubectl_manifest" "mail" {
@@ -216,7 +262,7 @@ resource "kubectl_manifest" "mail" {
distrib: "${var.distributions.domain}"
category: "meta"
component: "domain-mail"
options: ${jsonencode(merge(local.global, local.mail))}
options: ${jsonencode(local.mail)}
EOF
}
resource "kubectl_manifest" "monitor" {
@@ -232,7 +278,7 @@ resource "kubectl_manifest" "monitor" {
distrib: "${var.distributions.domain}"
category: "meta"
component: "domain-monitor"
options: ${jsonencode(merge(local.global, local.monitor))}
options: ${jsonencode(local.monitor)}
EOF
}
resource "kubectl_manifest" "devspaces" {
@@ -248,6 +294,6 @@ resource "kubectl_manifest" "devspaces" {
distrib: "${var.distributions.domain}"
category: "meta"
component: "domain-devspaces"
options: ${jsonencode(merge(local.global, local.devspaces, local.devspaces-custom))}
options: ${jsonencode(merge(local.devspaces, local.devspaces-custom))}
EOF
}