diff --git a/apps/code-server/deploy.tf b/apps/code-server/deploy.tf index 2ffbe44..c95f6f9 100644 --- a/apps/code-server/deploy.tf +++ b/apps/code-server/deploy.tf @@ -9,7 +9,7 @@ resource "kubectl_manifest" "deploy" { spec: replicas: 1 hostname: "${var.component}-${var.instance}" - subdomain: "${var.domain-name}" + subdomain: "${var.domain_name}" selector: matchLabels: ${jsonencode(local.common-labels)} template: diff --git a/apps/code-server/index.yaml b/apps/code-server/index.yaml index b54c6f0..287ab98 100644 --- a/apps/code-server/index.yaml +++ b/apps/code-server/index.yaml @@ -6,17 +6,17 @@ metadata: name: code-server description: null options: - app-group: + app_group: default: dev examples: - dev type: string - sub-domain: + sub_domain: default: code examples: - code type: string - ingress-class: + ingress_class: default: traefik examples: - traefik @@ -48,7 +48,7 @@ options: - Block type: string type: object - domain-name: + domain_name: default: your_company.com examples: - your_company.com diff --git a/apps/code-server/presentation.tf b/apps/code-server/presentation.tf index a381b13..902dea2 100644 --- a/apps/code-server/presentation.tf +++ b/apps/code-server/presentation.tf @@ -1,7 +1,7 @@ locals { - dns-name = "${var.instance}.${var.sub-domain}.${var.domain-name}" - dns-names = [local.dns-name] - app-name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) + dns_name = "${var.instance}.${var.sub_domain}.${var.domain_name}" + dns_names = [local.dns_name] + app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) icon = "_static/src/browser/media/favicon-dark-support.svg" request_headers = { "Content-Type" = "application/json" @@ -34,10 +34,10 @@ module "ingress" { instance = var.instance namespace = var.namespace issuer = var.issuer - ingress-class = var.ingress-class + ingress_class = var.ingress_class labels = local.common-labels - dns-names = local.dns-names - middlewares = ["forward-${local.app-name}"] + dns_names = local.dns_names + middlewares = ["forward-${local.app_name}"] service = local.service providers = { kubectl = kubectl @@ -48,8 +48,8 @@ module "application" { source = "/dist/modules/application" component = var.component instance = var.instance - app-group = var.app-group - dns-name = local.dns-name + app_group = var.app_group + dns_name = local.dns_name icon = local.icon protocol_provider = module.forward.provider-id providers = { @@ -73,9 +73,9 @@ module "forward" { instance = var.instance domain = var.domain namespace = var.namespace - ingress-class = var.ingress-class + ingress_class = var.ingress_class labels = local.common-labels - dns-names = local.dns-names + dns_names = local.dns_names service = local.service icon = local.icon request_headers = local.request_headers diff --git a/apps/code-server/pvc.tf b/apps/code-server/pvc.tf index 1398514..64c2a17 100644 --- a/apps/code-server/pvc.tf +++ b/apps/code-server/pvc.tf @@ -8,10 +8,10 @@ resource "kubectl_manifest" "pvc" { labels: ${jsonencode(local.common-labels)} spec: accessModes: - - "${var.storage.accessMode}" + - "${var.storage.volume.accessMode}" resources: requests: - storage: "${var.storage.size}" - volumeMode: "${var.storage.type}" + storage: "${var.storage.volume.size}" + volumeMode: "${var.storage.volume.type}" EOF } diff --git a/apps/dbgate/index.yaml b/apps/dbgate/index.yaml index 7e2e0ec..c0355de 100644 --- a/apps/dbgate/index.yaml +++ b/apps/dbgate/index.yaml @@ -72,7 +72,7 @@ options: examples: - letsencrypt-prod type: string - sub-domain: + sub_domain: default: dbgate examples: - dbgate @@ -106,12 +106,12 @@ options: type: string type: object type: array - domain-name: + domain_name: default: your_company.com examples: - your_company.com type: string - app-group: + app_group: default: dev examples: - dev @@ -169,7 +169,7 @@ options: type: string type: object type: array - ingress-class: + ingress_class: default: traefik examples: - traefik diff --git a/apps/dbgate/presentation.tf b/apps/dbgate/presentation.tf index 11c0c54..55178f5 100644 --- a/apps/dbgate/presentation.tf +++ b/apps/dbgate/presentation.tf @@ -1,7 +1,7 @@ locals { - dns-name = "${var.sub-domain}.${var.domain-name}" - dns-names = [local.dns-name] - app-name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) + dns_name = "${var.sub_domain}.${var.domain_name}" + dns_names = [local.dns_name] + app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) icon = "logo192.png" request_headers = { "Content-Type" = "application/json" @@ -34,9 +34,9 @@ module "ingress" { instance = var.instance namespace = var.namespace issuer = var.issuer - ingress-class = var.ingress-class + ingress_class = var.ingress_class labels = local.common-labels - dns-names = local.dns-names + dns_names = local.dns_names middlewares = [] service = local.service providers = { @@ -48,8 +48,8 @@ module "application" { source = "/dist/modules/application" component = var.component instance = var.instance - app-group = var.app-group - dns-name = local.dns-name + app_group = var.app_group + dns_name = local.dns_name icon = local.icon protocol_provider = module.oauth2.provider-id providers = { @@ -63,7 +63,7 @@ module "oauth2" { instance = var.instance namespace = var.namespace labels = local.common-labels - dns-name = local.dns-name + dns_name = local.dns_name redirect-path = "" providers = { kubernetes = kubernetes diff --git a/apps/dbgate/pvc.tf b/apps/dbgate/pvc.tf index 1398514..64c2a17 100644 --- a/apps/dbgate/pvc.tf +++ b/apps/dbgate/pvc.tf @@ -8,10 +8,10 @@ resource "kubectl_manifest" "pvc" { labels: ${jsonencode(local.common-labels)} spec: accessModes: - - "${var.storage.accessMode}" + - "${var.storage.volume.accessMode}" resources: requests: - storage: "${var.storage.size}" - volumeMode: "${var.storage.type}" + storage: "${var.storage.volume.size}" + volumeMode: "${var.storage.volume.type}" EOF } diff --git a/apps/dolibarr/application.tf b/apps/dolibarr/application.tf index 9954b62..671911e 100644 --- a/apps/dolibarr/application.tf +++ b/apps/dolibarr/application.tf @@ -1,6 +1,6 @@ locals { - app-name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) - main-group = format("app-%s", local.app-name) + app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) + main-group = format("app-%s", local.app_name) sorted-group-names = reverse(distinct(sort([ for grp in var.user-groups: grp.name ]))) @@ -19,7 +19,7 @@ data "authentik_group" "vynil-admin" { resource "authentik_group" "groups" { count = length(local.sorted-groups) name = local.sorted-groups[count.index].name - attributes = jsonencode({"${local.app-name}" = true}) + attributes = jsonencode({"${local.app_name}" = true}) } data "authentik_group" "readed_groups" { depends_on = [ authentik_group.groups ] @@ -38,7 +38,7 @@ resource "authentik_policy_expression" "policy" { name = local.main-group expression = <<-EOF attr = request.user.group_attributes() - return attr['${local.app-name}'] if '${local.app-name}' in attr else False + return attr['${local.app_name}'] if '${local.app_name}' in attr else False EOF } @@ -61,10 +61,10 @@ resource "authentik_policy_binding" "dolibarr_ldap_access_vynil" { resource "authentik_application" "dolibarr_application_saml" { name = "${var.instance}" slug = "${var.component}-${var.instance}" - group = var.app-group + group = var.app_group protocol_provider = authentik_provider_saml.dolibarr.id - meta_launch_url = format("https://%s.%s", var.sub-domain, var.domain-name) - meta_icon = format("https://%s.%s/%s", var.sub-domain, var.domain-name, "theme/dolibarr_256x256_color.png") + meta_launch_url = format("https://%s.%s", var.sub_domain, var.domain_name) + meta_icon = format("https://%s.%s/%s", var.sub_domain, var.domain_name, "theme/dolibarr_256x256_color.png") } resource "authentik_policy_binding" "dolibarr_saml_access_users" { diff --git a/apps/dolibarr/configmap.tf b/apps/dolibarr/configmap.tf index 5ce606c..e5867ed 100644 --- a/apps/dolibarr/configmap.tf +++ b/apps/dolibarr/configmap.tf @@ -167,7 +167,7 @@ resource "kubectl_manifest" "config" { DOLI_ADMIN_LOGIN: "admin_${var.instance}" DOLI_MODULES: "modSociete,modBlockedLog,modSamlConnector,modLdap" DOLI_AUTH: "dolibarr" - DOLI_URL_ROOT: "https://${var.sub-domain}.${var.domain-name}" + DOLI_URL_ROOT: "https://${var.sub_domain}.${var.domain_name}" DOLI_LDAP_PORT: "389" DOLI_LDAP_VERSION: "3" DOLI_LDAP_SERVERTYPE: "openldap" diff --git a/apps/dolibarr/index.yaml b/apps/dolibarr/index.yaml index 6760182..887e964 100644 --- a/apps/dolibarr/index.yaml +++ b/apps/dolibarr/index.yaml @@ -89,7 +89,7 @@ options: type: string type: object type: object - sub-domain: + sub_domain: default: erp examples: - erp @@ -155,7 +155,7 @@ options: default: '14' type: string type: object - domain-name: + domain_name: default: your_company.com examples: - your_company.com @@ -198,7 +198,7 @@ options: default: 2Gi type: string type: object - app-group: + app_group: default: '' examples: - '' @@ -341,7 +341,7 @@ options: - block type: string type: object - ingress-class: + ingress_class: default: traefik examples: - traefik diff --git a/apps/dolibarr/ingress.tf b/apps/dolibarr/ingress.tf index cc84f10..8dc29b4 100644 --- a/apps/dolibarr/ingress.tf +++ b/apps/dolibarr/ingress.tf @@ -1,5 +1,5 @@ locals { - dns-names = ["${var.sub-domain}.${var.domain-name}"] + dns_names = ["${var.sub_domain}.${var.domain_name}"] middlewares = ["${var.instance}-https"] service = { "name" = "${var.instance}" @@ -7,7 +7,7 @@ locals { "number" = 80 } } - rules = [ for v in local.dns-names : { + rules = [ for v in local.dns_names : { "host" = "${v}" "http" = { "paths" = [{ @@ -31,7 +31,7 @@ resource "kubectl_manifest" "prj_certificate" { labels: ${jsonencode(local.common-labels)} spec: secretName: "${var.instance}-cert" - dnsNames: ${jsonencode(local.dns-names)} + dnsNames: ${jsonencode(local.dns_names)} issuerRef: name: "${var.issuer}" kind: "ClusterIssuer" @@ -66,10 +66,10 @@ resource "kubectl_manifest" "prj_ingress" { annotations: "traefik.ingress.kubernetes.io/router.middlewares": "${join(",", [for m in local.middlewares : format("%s-%s@kubernetescrd", var.namespace, m)])}" spec: - ingressClassName: "${var.ingress-class}" + ingressClassName: "${var.ingress_class}" rules: ${jsonencode(local.rules)} tls: - - hosts: ${jsonencode(local.dns-names)} + - hosts: ${jsonencode(local.dns_names)} secretName: "${var.instance}-cert" EOF } diff --git a/apps/dolibarr/ldap.tf b/apps/dolibarr/ldap.tf index 79bb5c0..a2b13fe 100644 --- a/apps/dolibarr/ldap.tf +++ b/apps/dolibarr/ldap.tf @@ -5,7 +5,7 @@ data "kubernetes_secret_v1" "authentik" { } } locals { - base-dn = format("dc=%s", join(",dc=", split(".", format("%s.%s", var.sub-domain, var.domain-name)))) + base-dn = format("dc=%s", join(",dc=", split(".", format("%s.%s", var.sub_domain, var.domain_name)))) base-group-dn = format("ou=groups,%s", local.base-dn) base-user-dn = format("ou=users,%s", local.base-dn) authentik_url = "http://authentik.${var.domain}-auth.svc" diff --git a/apps/dolibarr/pvc.tf b/apps/dolibarr/pvc.tf index 377f31b..afe1a53 100644 --- a/apps/dolibarr/pvc.tf +++ b/apps/dolibarr/pvc.tf @@ -10,10 +10,10 @@ resource "kubectl_manifest" "pvc" { labels: ${jsonencode(local.common-labels)} spec: accessModes: - - "${var.storage.accessMode}" + - "${var.storage.volume.accessMode}" resources: requests: - storage: "${var.storage.size}" - volumeMode: "${var.storage.type}" + storage: "${var.storage.volume.size}" + volumeMode: "${var.storage.volume.type}" EOF } diff --git a/apps/dolibarr/redis.tf b/apps/dolibarr/redis.tf index 648115f..aed4e8f 100644 --- a/apps/dolibarr/redis.tf +++ b/apps/dolibarr/redis.tf @@ -13,7 +13,7 @@ resource "kubectl_manifest" "dolibarr_redis" { labels: ${jsonencode(local.redis-labels)} spec: kubernetesConfig: - image: "${var.redis.image}" + image: "${var.images.redis.registry}/${var.images.redis.repository}:${var.images.redis.tag}" imagePullPolicy: "IfNotPresent" storage: volumeClaimTemplate: @@ -21,10 +21,10 @@ resource "kubectl_manifest" "dolibarr_redis" { accessModes: ["ReadWriteOnce"] resources: requests: - storage: "${var.redis.storage}" + storage: "${var.storage.redis}" redisExporter: enabled: ${var.redis.exporter.enabled} - image: "${var.redis.exporter.image}" + image: "${var.images.redis_exporter.registry}/${var.images.redis_exporter.repository}:${var.images.redis_exporter.tag}" securityContext: runAsUser: 1000 fsGroup: 1000 diff --git a/apps/dolibarr/saml.tf b/apps/dolibarr/saml.tf index 908e338..7503c26 100644 --- a/apps/dolibarr/saml.tf +++ b/apps/dolibarr/saml.tf @@ -35,7 +35,7 @@ resource "kubectl_manifest" "saml_certificate" { labels: ${jsonencode(local.common-labels)} spec: secretName: "${var.instance}-${var.component}-saml" - dnsNames: ${jsonencode(local.dns-names)} + dnsNames: ${jsonencode(local.dns_names)} issuerRef: name: "self-sign" kind: "ClusterIssuer" @@ -47,7 +47,7 @@ resource "authentik_provider_saml" "dolibarr" { name = "dolibarr-${var.instance}-saml" authentication_flow = data.authentik_flow.default-authentication-flow.id authorization_flow = data.authentik_flow.default-authorization-flow.id - acs_url = "https://${var.sub-domain}.${var.domain-name}/custom/samlconnector/acs.php?entity=1&fk_idp=0" + acs_url = "https://${var.sub_domain}.${var.domain_name}/custom/samlconnector/acs.php?entity=1&fk_idp=0" property_mappings = data.authentik_property_mapping_saml.saml_maps.ids name_id_mapping = data.authentik_property_mapping_saml.saml_name.id signing_kp = data.authentik_certificate_key_pair.generated.id diff --git a/apps/gitea/index.yaml b/apps/gitea/index.yaml index a7a7727..cd26ee7 100644 --- a/apps/gitea/index.yaml +++ b/apps/gitea/index.yaml @@ -156,7 +156,7 @@ options: default: 2Gi type: string type: object - ssh-sub-domain: + ssh-sub_domain: default: git examples: - git @@ -185,12 +185,12 @@ options: default: 10Gi type: string type: object - app-group: + app_group: default: dev examples: - dev type: string - ingress-class: + ingress_class: default: traefik examples: - traefik @@ -301,7 +301,7 @@ options: default: false type: boolean type: object - sub-domain: + sub_domain: default: git examples: - git @@ -351,7 +351,7 @@ options: default: false type: boolean type: object - domain-name: + domain_name: default: your_company.com examples: - your_company.com diff --git a/apps/gitea/inline-config.tf b/apps/gitea/inline-config.tf index 67a5922..16af33a 100644 --- a/apps/gitea/inline-config.tf +++ b/apps/gitea/inline-config.tf @@ -43,15 +43,15 @@ ROOT=/data/git/gitea-repositories EOF server = <<-EOF APP_DATA_PATH=/data -DOMAIN=${var.sub-domain}.${var.domain-name} +DOMAIN=${var.sub_domain}.${var.domain_name} ENABLE_PPROF=false HTTP_PORT=3000 PROTOCOL=http -ROOT_URL=https://${var.sub-domain}.${var.domain-name} -SSH_DOMAIN=${var.sub-domain}.${var.domain-name} +ROOT_URL=https://${var.sub_domain}.${var.domain_name} +SSH_DOMAIN=${var.sub_domain}.${var.domain_name} SSH_LISTEN_PORT=2222 SSH_PORT=${var.ssh-port} -SSH_DOMAIN=${var.ssh-sub-domain}.${var.domain-name} +SSH_DOMAIN=${var.ssh-sub_domain}.${var.domain_name} START_SSH_SERVER=true EOF ui = <<-EOF diff --git a/apps/gitea/presentation.tf b/apps/gitea/presentation.tf index f78aec6..8238ca5 100644 --- a/apps/gitea/presentation.tf +++ b/apps/gitea/presentation.tf @@ -1,7 +1,7 @@ locals { - dns-name = "${var.sub-domain}.${var.domain-name}" - dns-names = [local.dns-name] - app-name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) + dns_name = "${var.sub_domain}.${var.domain_name}" + dns_names = [local.dns_name] + app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) icon = "assets/img/logo.svg" request_headers = { "Content-Type" = "application/json" @@ -34,9 +34,9 @@ module "ingress" { instance = var.instance namespace = var.namespace issuer = var.issuer - ingress-class = var.ingress-class + ingress_class = var.ingress_class labels = local.common-labels - dns-names = local.dns-names + dns_names = local.dns_names middlewares = [] service = local.service providers = { @@ -48,8 +48,8 @@ module "application" { source = "/dist/modules/application" component = var.component instance = var.instance - app-group = var.app-group - dns-name = local.dns-name + app_group = var.app_group + dns_name = local.dns_name icon = local.icon protocol_provider = module.oauth2.provider-id providers = { @@ -63,7 +63,7 @@ module "oauth2" { instance = var.instance namespace = var.namespace labels = local.common-labels - dns-name = local.dns-name + dns_name = local.dns_name redirect-path = "user/oauth2/vynil/callback" providers = { kubernetes = kubernetes diff --git a/apps/gitea/redis.tf b/apps/gitea/redis.tf index 0ac78d6..df28165 100644 --- a/apps/gitea/redis.tf +++ b/apps/gitea/redis.tf @@ -13,7 +13,7 @@ resource "kubectl_manifest" "prj_redis" { labels: ${jsonencode(local.redis-labels)} spec: kubernetesConfig: - image: "${var.redis.image}" + image: "${var.images.redis.registry}/${var.images.redis.repository}:${var.images.redis.tag}" imagePullPolicy: "IfNotPresent" storage: volumeClaimTemplate: @@ -21,10 +21,10 @@ resource "kubectl_manifest" "prj_redis" { accessModes: ["ReadWriteOnce"] resources: requests: - storage: "${var.redis.storage}" + storage: "${var.storage.redis}" redisExporter: enabled: ${var.redis.exporter.enabled} - image: "${var.redis.exporter.image}" + image: "${var.images.redis_exporter.registry}/${var.images.redis_exporter.repository}:${var.images.redis_exporter.tag}" securityContext: runAsUser: 1000 fsGroup: 1000 diff --git a/apps/gramo/index.yaml b/apps/gramo/index.yaml index 0ca7aa4..c3c9c33 100644 --- a/apps/gramo/index.yaml +++ b/apps/gramo/index.yaml @@ -11,12 +11,12 @@ options: examples: - your-company type: string - ingress-class: + ingress_class: default: traefik examples: - traefik type: string - sub-domain: + sub_domain: default: gramo examples: - gramo @@ -70,7 +70,7 @@ options: examples: - false type: boolean - domain-name: + domain_name: default: your_company.com examples: - your_company.com @@ -85,7 +85,7 @@ options: examples: - letsencrypt-prod type: string - app-group: + app_group: default: infra examples: - infra diff --git a/apps/gramo/presentation.tf b/apps/gramo/presentation.tf index 00ad9c1..5478068 100644 --- a/apps/gramo/presentation.tf +++ b/apps/gramo/presentation.tf @@ -1,7 +1,7 @@ locals { - dns-name = "${var.sub-domain}.${var.domain-name}" - dns-names = [local.dns-name] - app-name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) + dns_name = "${var.sub_domain}.${var.domain_name}" + dns_names = [local.dns_name] + app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) icon = "icon.svg" request_headers = { "Content-Type" = "application/json" @@ -34,10 +34,10 @@ module "ingress" { instance = var.instance namespace = var.namespace issuer = var.issuer - ingress_class = var.ingress-class + ingress_class = var.ingress_class labels = local.common-labels - dns_names = local.dns-names - middlewares = ["forward-${local.app-name}"] + dns_names = local.dns_names + middlewares = ["forward-${local.app_name}"] services = [local.service] providers = { kubectl = kubectl @@ -48,8 +48,8 @@ module "application" { source = "git::https://git.solidite.fr/vynil/kydah-modules.git//application" component = var.component instance = var.instance - app_group = var.app-group - dns_name = local.dns-name + app_group = var.app_group + dns_name = local.dns_name icon = local.icon protocol_provider = module.forward.provider-id providers = { @@ -73,9 +73,9 @@ module "forward" { instance = var.instance domain = var.domain namespace = var.namespace - ingress_class = var.ingress-class + ingress_class = var.ingress_class labels = local.common-labels - dns_names = local.dns-names + dns_names = local.dns_names service = local.service icon = local.icon request_headers = local.request_headers diff --git a/apps/k8s-api/index.yaml b/apps/k8s-api/index.yaml index 3511acf..f1b4712 100644 --- a/apps/k8s-api/index.yaml +++ b/apps/k8s-api/index.yaml @@ -6,7 +6,7 @@ metadata: name: k8s-api description: Access to the kubernetes api options: - ingress-class: + ingress_class: default: traefik examples: - traefik @@ -21,12 +21,12 @@ options: examples: - letsencrypt-prod type: string - domain-name: + domain_name: default: your_company.com examples: - your_company.com type: string - sub-domain: + sub_domain: default: api examples: - api diff --git a/apps/k8s-api/ingress.tf b/apps/k8s-api/ingress.tf index 87bde10..1dc44e5 100644 --- a/apps/k8s-api/ingress.tf +++ b/apps/k8s-api/ingress.tf @@ -1,5 +1,5 @@ locals { - dns-names = ["${var.sub-domain}.${var.domain-name}"] + dns_names = ["${var.sub_domain}.${var.domain_name}"] middlewares = [] services = [{ "kind" = "Service" @@ -7,7 +7,7 @@ locals { "namespace" = "default" "port" = 443 }] - routes = [ for v in local.dns-names : { + routes = [ for v in local.dns_names : { "kind" = "Rule" "match" = "Host(`${v}`)" "middlewares" = local.middlewares @@ -25,7 +25,7 @@ resource "kubectl_manifest" "prj_certificate" { labels: ${jsonencode(local.common-labels)} spec: secretName: "${var.instance}-cert" - dnsNames: ${jsonencode(local.dns-names)} + dnsNames: ${jsonencode(local.dns_names)} issuerRef: name: "${var.issuer}" kind: "ClusterIssuer" diff --git a/apps/nextcloud/collabora.tf b/apps/nextcloud/collabora.tf index 7142fd1..0e15b4a 100644 --- a/apps/nextcloud/collabora.tf +++ b/apps/nextcloud/collabora.tf @@ -36,7 +36,7 @@ resource "kubectl_manifest" "collabora_deploy" { imagePullPolicy: "${var.images.collabora.pullPolicy}" env: - name: aliasgroup1 - value: "https://${local.dns-name}" + value: "https://${local.dns_name}" - name: DONT_GEN_SSL_CERT value: "true" - name: extra_params diff --git a/apps/nextcloud/configs.tf b/apps/nextcloud/configs.tf index 9aebfc7..f433f2a 100644 --- a/apps/nextcloud/configs.tf +++ b/apps/nextcloud/configs.tf @@ -17,7 +17,7 @@ locals { fi } run_as ./occ --no-warnings config:system:set trusted_domains 0 --value=nextcloud - run_as ./occ --no-warnings config:system:set trusted_domains 1 --value="${local.dns-name}" + run_as ./occ --no-warnings config:system:set trusted_domains 1 --value="${local.dns_name}" run_as ./occ app:install user_oidc ||: run_as ./occ user_oidc:provider "$${OAUTH2_CONNECTOR_NAME}" --clientid="$${OAUTH2_CLIENT_ID}" \ --clientsecret="$${OAUTH2_CLIENT_SECRET}" \ @@ -41,14 +41,14 @@ locals { var.apps.collabora?[ "run_as ./occ app:install richdocuments ||:", "run_as ./occ app:enable richdocuments ||:", - "run_as ./occ config:app:set richdocuments wopi_url --value=\"https://collabora.${local.dns-name}/\"", + "run_as ./occ config:app:set richdocuments wopi_url --value=\"https://collabora.${local.dns_name}/\"", "run_as ./occ config:app:set richdocuments federation_use_trusted_domains --value=yes", "run_as ./occ richdocuments:activate-config ||:", ]:["run_as ./occ app:disable richdocuments ||:"], var.apps.onlyoffice?[ "run_as ./occ app:install onlyoffice ||:", "run_as ./occ app:enable onlyoffice ||:", - "run_as ./occ --no-warnings config:app:set onlyoffice DocumentServerUrl --value=\"https://onlyoffice.${local.dns-name}/\"", + "run_as ./occ --no-warnings config:app:set onlyoffice DocumentServerUrl --value=\"https://onlyoffice.${local.dns_name}/\"", "run_as ./occ --no-warnings config:app:set onlyoffice DocumentServerInternalUrl --value=\"http://${var.instance}-onlyoffice/\"", "run_as ./occ --no-warnings config:app:set onlyoffice StorageUrl --value=\"http://nextcloud/\"", "run_as ./occ --no-warnings config:app:set onlyoffice jwt_secret --value=\"$${ONLYOFFICE_JWT_SECRET}\"", diff --git a/apps/nextcloud/datas.tf b/apps/nextcloud/datas.tf index 458be6c..2ba27ae 100644 --- a/apps/nextcloud/datas.tf +++ b/apps/nextcloud/datas.tf @@ -81,7 +81,7 @@ data "kustomization_overlay" "data" { secretKeyRef: name: "${var.instance}-${var.component}-pg-app" - name: NEXTCLOUD_TRUSTED_DOMAINS - value: "${local.dns-name}" + value: "${local.dns_name}" - name: REDIS_HOST value: "${var.instance}-${var.component}-redis.${var.namespace}.svc" - name: REDIS_HOST_PORT @@ -134,12 +134,12 @@ data "kustomization_overlay" "data" { httpGet: httpHeaders: - name: Host - value: "${local.dns-name}" + value: "${local.dns_name}" livenessProbe: httpGet: httpHeaders: - name: Host - value: "${local.dns-name}" + value: "${local.dns_name}" EOF } patches { @@ -163,7 +163,7 @@ data "kustomization_overlay" "data" { imagePullPolicy: "${var.images.exporter.pullPolicy}" env: - name: NEXTCLOUD_SERVER - value: "https://${local.dns-name}" + value: "https://${local.dns_name}" - name: NEXTCLOUD_TLS_SKIP_VERIFY value: "${var.issuer=="letsencrypt-prod"?"false":"true"}" EOF @@ -182,10 +182,10 @@ data "kustomization_overlay" "data" { k8up.io/backup: "true" spec: accessModes: - - "${var.storage.accessMode}" + - "${var.storage.volume.accessMode}" resources: requests: - storage: "${var.storage.size}" + storage: "${var.storage.volume.size}" EOF } patches { diff --git a/apps/nextcloud/index.yaml b/apps/nextcloud/index.yaml index 6866190..911be3b 100644 --- a/apps/nextcloud/index.yaml +++ b/apps/nextcloud/index.yaml @@ -21,7 +21,7 @@ options: examples: - your-company type: string - app-group: + app_group: default: '' examples: - '' @@ -36,12 +36,12 @@ options: examples: - letsencrypt-prod type: string - domain-name: + domain_name: default: your_company.com examples: - your_company.com type: string - ingress-class: + ingress_class: default: traefik examples: - traefik @@ -497,7 +497,7 @@ options: default: '14' type: string type: object - sub-domain: + sub_domain: default: files examples: - files diff --git a/apps/nextcloud/presentation.tf b/apps/nextcloud/presentation.tf index 4d39395..83b45e0 100644 --- a/apps/nextcloud/presentation.tf +++ b/apps/nextcloud/presentation.tf @@ -1,9 +1,9 @@ locals { - dns-name = "${var.sub-domain}.${var.domain-name}" - dns-collabora = "collabora.${local.dns-name}" - dns-onlyoffice = "onlyoffice.${local.dns-name}" - dns-names = [local.dns-name] - app-name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) + dns_name = "${var.sub_domain}.${var.domain_name}" + dns-collabora = "collabora.${local.dns_name}" + dns-onlyoffice = "onlyoffice.${local.dns_name}" + dns_names = [local.dns_name] + app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) icon = "apps/theming/favicon" service = { "name" = "${var.component}" @@ -31,9 +31,9 @@ module "ingress" { instance = var.instance namespace = var.namespace issuer = var.issuer - ingress-class = var.ingress-class + ingress_class = var.ingress_class labels = local.common-labels - dns-names = local.dns-names + dns_names = local.dns_names middlewares = ["${var.instance}-sslenforce", "${var.instance}-redirectdav", "${var.instance}-redirectindex"] service = local.service providers = { @@ -45,8 +45,8 @@ module "application" { source = "/dist/modules/application" component = var.component instance = var.instance - app-group = var.app-group - dns-name = local.dns-name + app_group = var.app_group + dns_name = local.dns_name icon = local.icon protocol_provider = module.oauth2.provider-id providers = { @@ -60,7 +60,7 @@ module "oauth2" { instance = var.instance namespace = var.namespace labels = local.common-labels - dns-name = local.dns-name + dns_name = local.dns_name redirect-path = "apps/user_oidc/code" providers = { kubernetes = kubernetes @@ -90,9 +90,9 @@ module "collabora-ingress" { instance = var.instance namespace = var.namespace issuer = var.issuer - ingress-class = var.ingress-class + ingress_class = var.ingress_class labels = local.collabora-labels - dns-names = [local.dns-collabora] + dns_names = [local.dns-collabora] middlewares = [] service = local.collabora-service providers = { @@ -121,9 +121,9 @@ module "onlyoffice-ingress" { instance = var.instance namespace = var.namespace issuer = var.issuer - ingress-class = var.ingress-class + ingress_class = var.ingress_class labels = local.onlyoffice-labels - dns-names = [local.dns-onlyoffice] + dns_names = [local.dns-onlyoffice] middlewares = [] service = local.onlyoffice-service providers = { diff --git a/apps/nextcloud/redis.tf b/apps/nextcloud/redis.tf index 0ac78d6..df28165 100644 --- a/apps/nextcloud/redis.tf +++ b/apps/nextcloud/redis.tf @@ -13,7 +13,7 @@ resource "kubectl_manifest" "prj_redis" { labels: ${jsonencode(local.redis-labels)} spec: kubernetesConfig: - image: "${var.redis.image}" + image: "${var.images.redis.registry}/${var.images.redis.repository}:${var.images.redis.tag}" imagePullPolicy: "IfNotPresent" storage: volumeClaimTemplate: @@ -21,10 +21,10 @@ resource "kubectl_manifest" "prj_redis" { accessModes: ["ReadWriteOnce"] resources: requests: - storage: "${var.redis.storage}" + storage: "${var.storage.redis}" redisExporter: enabled: ${var.redis.exporter.enabled} - image: "${var.redis.exporter.image}" + image: "${var.images.redis_exporter.registry}/${var.images.redis_exporter.repository}:${var.images.redis_exporter.tag}" securityContext: runAsUser: 1000 fsGroup: 1000 diff --git a/apps/okd/index.yaml b/apps/okd/index.yaml index dd8e50f..c078a63 100644 --- a/apps/okd/index.yaml +++ b/apps/okd/index.yaml @@ -6,12 +6,12 @@ metadata: name: okd description: null options: - domain-name: + domain_name: default: your_company.com examples: - your_company.com type: string - sub-domain: + sub_domain: default: okd examples: - okd @@ -65,7 +65,7 @@ options: examples: - letsencrypt-prod type: string - app-group: + app_group: default: infra examples: - infra @@ -75,7 +75,7 @@ options: examples: - false type: boolean - ingress-class: + ingress_class: default: traefik examples: - traefik diff --git a/apps/okd/presentation.tf b/apps/okd/presentation.tf index 62f7174..0938ed4 100644 --- a/apps/okd/presentation.tf +++ b/apps/okd/presentation.tf @@ -1,7 +1,7 @@ locals { - dns-name = "${var.sub-domain}.${var.domain-name}" - dns-names = [local.dns-name] - app-name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) + dns_name = "${var.sub_domain}.${var.domain_name}" + dns_names = [local.dns_name] + app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) icon = "static/assets/okd-logo.svg" request_headers = { "Content-Type" = "application/json" @@ -34,10 +34,10 @@ module "ingress" { instance = var.instance namespace = var.namespace issuer = var.issuer - ingress-class = var.ingress-class + ingress_class = var.ingress_class labels = local.common-labels - dns-names = local.dns-names - middlewares = ["forward-${local.app-name}"] + dns_names = local.dns_names + middlewares = ["forward-${local.app_name}"] service = local.service providers = { kubectl = kubectl @@ -48,8 +48,8 @@ module "application" { source = "/dist/modules/application" component = var.component instance = var.instance - app-group = var.app-group - dns-name = local.dns-name + app_group = var.app_group + dns_name = local.dns_name icon = local.icon protocol_provider = module.forward.provider-id providers = { @@ -73,9 +73,9 @@ module "forward" { instance = var.instance domain = var.domain namespace = var.namespace - ingress-class = var.ingress-class + ingress_class = var.ingress_class labels = local.common-labels - dns-names = local.dns-names + dns_names = local.dns_names service = local.service icon = local.icon request_headers = local.request_headers diff --git a/apps/sonar/index.yaml b/apps/sonar/index.yaml index 3509f62..b0a4ade 100644 --- a/apps/sonar/index.yaml +++ b/apps/sonar/index.yaml @@ -6,12 +6,12 @@ metadata: name: sonar description: null options: - ingress-class: + ingress_class: default: traefik examples: - traefik type: string - sub-domain: + sub_domain: default: sonar examples: - sonar @@ -78,7 +78,7 @@ options: examples: - your-company type: string - domain-name: + domain_name: default: your_company.com examples: - your_company.com diff --git a/apps/traefik-ui/index.yaml b/apps/traefik-ui/index.yaml index 3042bd2..0c6fb9c 100644 --- a/apps/traefik-ui/index.yaml +++ b/apps/traefik-ui/index.yaml @@ -11,7 +11,7 @@ options: examples: - letsencrypt-prod type: string - app-group: + app_group: default: infra examples: - infra @@ -21,17 +21,17 @@ options: examples: - your-company type: string - ingress-class: + ingress_class: default: traefik examples: - traefik type: string - sub-domain: + sub_domain: default: traefik examples: - traefik type: string - domain-name: + domain_name: default: your_company.com examples: - your_company.com diff --git a/apps/traefik-ui/presentation.tf b/apps/traefik-ui/presentation.tf index 307668f..263d114 100644 --- a/apps/traefik-ui/presentation.tf +++ b/apps/traefik-ui/presentation.tf @@ -1,7 +1,7 @@ locals { - dns-name = "${var.sub-domain}.${var.domain-name}" - dns-names = [local.dns-name] - app-name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) + dns_name = "${var.sub_domain}.${var.domain_name}" + dns_names = [local.dns_name] + app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) icon = "dashboard/statics/icons/favicon-96x96.png" request_headers = { "Content-Type" = "application/json" @@ -21,10 +21,10 @@ module "ingress" { instance = var.instance namespace = var.namespace issuer = var.issuer - ingress-class = var.ingress-class + ingress_class = var.ingress_class labels = local.common-labels - dns-names = local.dns-names - middlewares = ["forward-${local.app-name}"] + dns_names = local.dns_names + middlewares = ["forward-${local.app_name}"] service = local.service providers = { kubectl = kubectl @@ -35,8 +35,8 @@ module "application" { source = "/dist/modules/application" component = var.component instance = var.instance - app-group = var.app-group - dns-name = local.dns-name + app_group = var.app_group + dns_name = local.dns_name icon = local.icon protocol_provider = module.forward.provider-id providers = { @@ -60,9 +60,9 @@ module "forward" { instance = var.instance domain = var.domain namespace = var.namespace - ingress-class = var.ingress-class + ingress_class = var.ingress_class labels = local.common-labels - dns-names = local.dns-names + dns_names = local.dns_names service = local.service icon = local.icon request_headers = local.request_headers diff --git a/apps/woodpecker/datas.tf b/apps/woodpecker/datas.tf index acf3c3f..663e3cf 100644 --- a/apps/woodpecker/datas.tf +++ b/apps/woodpecker/datas.tf @@ -150,9 +150,9 @@ data "kustomization_overlay" "data" { - name: WOODPECKER_ADMIN value: "${var.admin-users}" - name: WOODPECKER_HOST - value: "https://${var.sub-domain}.${var.domain-name}" + value: "https://${var.sub_domain}.${var.domain_name}" - name: WOODPECKER_HOST - value: "https://${var.sub-domain}.${var.domain-name}" + value: "https://${var.sub_domain}.${var.domain_name}" envFrom: - secretRef: name: woodpecker-secret diff --git a/apps/woodpecker/gitea_token.tf b/apps/woodpecker/gitea_token.tf index 9fddbe3..03654db 100644 --- a/apps/woodpecker/gitea_token.tf +++ b/apps/woodpecker/gitea_token.tf @@ -22,7 +22,7 @@ resource "gitea_oauth2_app" "prj" { name = var.component confidential_client = true redirect_uris = [ - "https://${var.sub-domain}.${var.domain-name}/authorize" + "https://${var.sub_domain}.${var.domain_name}/authorize" ] } diff --git a/apps/woodpecker/index.yaml b/apps/woodpecker/index.yaml index 9ff19eb..8170acb 100644 --- a/apps/woodpecker/index.yaml +++ b/apps/woodpecker/index.yaml @@ -36,12 +36,12 @@ options: examples: - your-company type: string - domain-name: + domain_name: default: your_company.com examples: - your_company.com type: string - app-group: + app_group: default: dev examples: - dev @@ -162,7 +162,7 @@ options: default: 10Gi type: string type: object - ingress-class: + ingress_class: default: traefik examples: - traefik @@ -187,7 +187,7 @@ options: default: '120' type: string type: object - sub-domain: + sub_domain: default: ci examples: - ci diff --git a/apps/woodpecker/presentation.tf b/apps/woodpecker/presentation.tf index 9972486..d097e38 100644 --- a/apps/woodpecker/presentation.tf +++ b/apps/woodpecker/presentation.tf @@ -1,6 +1,6 @@ locals { - dns-name = "${var.sub-domain}.${var.domain-name}" - dns-names = [local.dns-name] + dns_name = "${var.sub_domain}.${var.domain_name}" + dns_names = [local.dns_name] icon = "favicons/favicon-light-default.png" service = { "name" = "${var.component}-server" @@ -16,9 +16,9 @@ module "ingress" { instance = var.instance namespace = var.namespace issuer = var.issuer - ingress-class = var.ingress-class + ingress_class = var.ingress_class labels = local.common-labels - dns-names = local.dns-names + dns_names = local.dns_names middlewares = [] service = local.service providers = { @@ -30,8 +30,8 @@ module "application" { source = "/dist/modules/application" component = var.component instance = var.instance - app-group = var.app-group - dns-name = local.dns-name + app_group = var.app_group + dns_name = local.dns_name icon = local.icon providers = { authentik = authentik diff --git a/meta/domain-apps/apps.tf b/meta/domain-apps/apps.tf index 3422c0a..f7f35ce 100644 --- a/meta/domain-apps/apps.tf +++ b/meta/domain-apps/apps.tf @@ -2,15 +2,15 @@ locals { annotations = { "vynil.solidite.fr/meta" = var.component "vynil.solidite.fr/name" = "${var.namespace}-auth" - "vynil.solidite.fr/domain" = var.domain-name + "vynil.solidite.fr/domain" = var.domain_name "vynil.solidite.fr/issuer" = var.issuer - "vynil.solidite.fr/ingress" = var.ingress-class + "vynil.solidite.fr/ingress" = var.ingress_class } global = { "domain" = var.namespace - "domain-name" = var.domain-name + "domain_name" = var.domain_name "issuer" = var.issuer - "ingress-class" = var.ingress-class + "ingress_class" = var.ingress_class "backups" = var.backups } default-mode = var.storage-classes.FilesystemReadWriteMany!=""?"ReadWriteMany":"ReadWriteOnce" diff --git a/meta/domain-apps/index.yaml b/meta/domain-apps/index.yaml index 2dbf0e4..54fcccc 100644 --- a/meta/domain-apps/index.yaml +++ b/meta/domain-apps/index.yaml @@ -73,7 +73,7 @@ options: examples: - letsencrypt-prod type: string - domain-name: + domain_name: default: your_company.com examples: - your_company.com @@ -103,7 +103,7 @@ options: default: '' type: string type: object - ingress-class: + ingress_class: default: traefik examples: - traefik diff --git a/meta/domain-auth/apps.tf b/meta/domain-auth/apps.tf index a6dc7e7..945291d 100644 --- a/meta/domain-auth/apps.tf +++ b/meta/domain-auth/apps.tf @@ -2,15 +2,15 @@ locals { annotations = { "vynil.solidite.fr/meta" = var.component "vynil.solidite.fr/name" = "${var.namespace}-auth" - "vynil.solidite.fr/domain" = var.domain-name + "vynil.solidite.fr/domain" = var.domain_name "vynil.solidite.fr/issuer" = var.issuer - "vynil.solidite.fr/ingress" = var.ingress-class + "vynil.solidite.fr/ingress" = var.ingress_class } global = { "domain" = var.namespace - "domain-name" = var.domain-name + "domain_name" = var.domain_name "issuer" = var.issuer - "ingress-class" = var.ingress-class + "ingress_class" = var.ingress_class "backups" = var.backups } authentik = { for k, v in var.authentik : k => v if k!="enable" } diff --git a/meta/domain-auth/index.yaml b/meta/domain-auth/index.yaml index ce91516..9fca3e5 100644 --- a/meta/domain-auth/index.yaml +++ b/meta/domain-auth/index.yaml @@ -41,7 +41,7 @@ options: default: true type: boolean type: object - domain-name: + domain_name: default: your_company.com examples: - your_company.com @@ -81,7 +81,7 @@ options: default: backup-settings type: string type: object - ingress-class: + ingress_class: default: traefik examples: - traefik diff --git a/meta/domain-ci/apps.tf b/meta/domain-ci/apps.tf index 0cac560..a5b61b5 100644 --- a/meta/domain-ci/apps.tf +++ b/meta/domain-ci/apps.tf @@ -2,15 +2,15 @@ locals { annotations = { "vynil.solidite.fr/meta" = var.component "vynil.solidite.fr/name" = var.namespace - "vynil.solidite.fr/domain" = var.domain-name + "vynil.solidite.fr/domain" = var.domain_name "vynil.solidite.fr/issuer" = var.issuer - "vynil.solidite.fr/ingress" = var.ingress-class + "vynil.solidite.fr/ingress" = var.ingress_class } global = { "domain" = var.namespace - "domain-name" = var.domain-name + "domain_name" = var.domain_name "issuer" = var.issuer - "ingress-class" = var.ingress-class + "ingress_class" = var.ingress_class "backups" = var.backups } default-mode = var.storage-classes.FilesystemReadWriteMany!=""?"ReadWriteMany":"ReadWriteOnce" diff --git a/meta/domain-ci/index.yaml b/meta/domain-ci/index.yaml index e63b7ad..e9ee3be 100644 --- a/meta/domain-ci/index.yaml +++ b/meta/domain-ci/index.yaml @@ -41,12 +41,12 @@ options: examples: - your-company type: string - ingress-class: + ingress_class: default: traefik examples: - traefik type: string - domain-name: + domain_name: default: your_company.com examples: - your_company.com diff --git a/meta/domain-devspaces/apps.tf b/meta/domain-devspaces/apps.tf index a5226ad..e12c350 100644 --- a/meta/domain-devspaces/apps.tf +++ b/meta/domain-devspaces/apps.tf @@ -2,21 +2,21 @@ locals { annotations = { "vynil.solidite.fr/meta" = var.component "vynil.solidite.fr/name" = "${var.domain}-devspaces" - "vynil.solidite.fr/domain" = var.domain-name + "vynil.solidite.fr/domain" = var.domain_name "vynil.solidite.fr/issuer" = var.issuer - "vynil.solidite.fr/ingress" = var.ingress-class + "vynil.solidite.fr/ingress" = var.ingress_class } global = { "domain" = var.domain - "domain-name" = var.domain-name + "domain_name" = var.domain_name "issuer" = var.issuer - "ingress-class" = var.ingress-class + "ingress_class" = var.ingress_class "backups" = var.backups - "app-group" = var.app-group + "app_group" = var.app_group } global-apps = merge(local.global, { - "domain-name" = "devtools.${var.domain-name}" - "app-group" = "dev" + "domain_name" = "devtools.${var.domain_name}" + "app_group" = "dev" }) okd = merge({ "namespaces" = concat([ diff --git a/meta/domain-devspaces/index.yaml b/meta/domain-devspaces/index.yaml index 572bd52..a941f65 100644 --- a/meta/domain-devspaces/index.yaml +++ b/meta/domain-devspaces/index.yaml @@ -110,7 +110,7 @@ options: type: string type: object type: array - app-group: + app_group: default: dev examples: - dev @@ -220,7 +220,7 @@ options: type: string type: object type: array - stations-sub-domain: + stations-sub_domain: default: code examples: - code @@ -230,12 +230,12 @@ options: examples: - letsencrypt-prod type: string - domain-name: + domain_name: default: your_company.com examples: - your_company.com type: string - ingress-class: + ingress_class: default: traefik examples: - traefik diff --git a/meta/domain-devspaces/stations.tf b/meta/domain-devspaces/stations.tf index 44af039..e7f6626 100644 --- a/meta/domain-devspaces/stations.tf +++ b/meta/domain-devspaces/stations.tf @@ -21,7 +21,7 @@ locals { "organisation" = org "usage" = "station" "station" = station - "sub-domain" = "${station.name}.stations" + "sub_domain" = "${station.name}.stations" }) if ds.name == dsname ] ]) if org.name == name diff --git a/meta/domain-erp/apps.tf b/meta/domain-erp/apps.tf index 88454e7..3c97ee9 100644 --- a/meta/domain-erp/apps.tf +++ b/meta/domain-erp/apps.tf @@ -2,19 +2,19 @@ locals { annotations = { "vynil.solidite.fr/meta" = var.component "vynil.solidite.fr/name" = var.namespace - "vynil.solidite.fr/domain" = var.domain-name + "vynil.solidite.fr/domain" = var.domain_name "vynil.solidite.fr/issuer" = var.issuer - "vynil.solidite.fr/ingress" = var.ingress-class + "vynil.solidite.fr/ingress" = var.ingress_class } annotations_default = { - "vynil.solidite.fr/default/domain_name" = var.domain-name - "vynil.solidite.fr/default/*" = var.domain-name + "vynil.solidite.fr/default/domain_name" = var.domain_name + "vynil.solidite.fr/default/*" = var.domain_name } global = { "domain" = var.namespace - "domain-name" = var.domain-name + "domain_name" = var.domain_name "issuer" = var.issuer - "ingress-class" = var.ingress-class + "ingress_class" = var.ingress_class "backups" = var.backups } default-mode = var.storage-classes.FilesystemReadWriteMany!=""?"ReadWriteMany":"ReadWriteOnce" diff --git a/meta/domain-erp/index.yaml b/meta/domain-erp/index.yaml index 400b630..fb4e8b1 100644 --- a/meta/domain-erp/index.yaml +++ b/meta/domain-erp/index.yaml @@ -36,7 +36,7 @@ options: default: backup-settings type: string type: object - ingress-class: + ingress_class: default: traefik examples: - traefik @@ -46,7 +46,7 @@ options: examples: - letsencrypt-prod type: string - domain-name: + domain_name: default: your_company.com examples: - your_company.com diff --git a/meta/domain-infra/apps.tf b/meta/domain-infra/apps.tf index 72ef934..19ba4fd 100644 --- a/meta/domain-infra/apps.tf +++ b/meta/domain-infra/apps.tf @@ -2,17 +2,17 @@ locals { annotations = { "vynil.solidite.fr/meta" = "domain-ci" "vynil.solidite.fr/name" = var.namespace - "vynil.solidite.fr/domain" = var.domain-name + "vynil.solidite.fr/domain" = var.domain_name "vynil.solidite.fr/issuer" = var.issuer - "vynil.solidite.fr/ingress" = var.ingress-class + "vynil.solidite.fr/ingress" = var.ingress_class } global = { "domain" = var.namespace - "domain-name" = "admin.${var.domain-name}" + "domain_name" = "admin.${var.domain_name}" "issuer" = var.issuer - "ingress-class" = var.ingress-class + "ingress_class" = var.ingress_class "backups" = var.backups - "app-group" = var.app-group + "app_group" = var.app_group } traefik = { for k, v in var.traefik : k => v if k!="enable" } dns = { for k, v in var.dns : k => v if k!="enable" } diff --git a/meta/domain-infra/index.yaml b/meta/domain-infra/index.yaml index 7231057..d8d86c7 100644 --- a/meta/domain-infra/index.yaml +++ b/meta/domain-infra/index.yaml @@ -46,7 +46,7 @@ options: default: false type: boolean type: object - app-group: + app_group: default: infra examples: - infra @@ -63,7 +63,7 @@ options: type: object x-vynil-category: apps x-vynil-package: gramo - domain-name: + domain_name: default: your_company.com examples: - your_company.com @@ -105,7 +105,7 @@ options: default: domain type: string type: object - ingress-class: + ingress_class: default: traefik examples: - traefik diff --git a/meta/domain-mail/apps.tf b/meta/domain-mail/apps.tf index f47104c..dcaa429 100644 --- a/meta/domain-mail/apps.tf +++ b/meta/domain-mail/apps.tf @@ -2,15 +2,15 @@ locals { annotations = { "vynil.solidite.fr/meta" = var.component "vynil.solidite.fr/name" = var.namespace - "vynil.solidite.fr/domain" = var.domain-name + "vynil.solidite.fr/domain" = var.domain_name "vynil.solidite.fr/issuer" = var.issuer - "vynil.solidite.fr/ingress" = var.ingress-class + "vynil.solidite.fr/ingress" = var.ingress_class } global = { "domain" = var.namespace - "domain-name" = var.domain-name + "domain_name" = var.domain_name "issuer" = var.issuer - "ingress-class" = var.ingress-class + "ingress_class" = var.ingress_class "backups" = var.backups } wildduck = { for k, v in var.wildduck : k => v if k!="enable" } diff --git a/meta/domain-mail/index.yaml b/meta/domain-mail/index.yaml index 5f4425f..eb4dbbe 100644 --- a/meta/domain-mail/index.yaml +++ b/meta/domain-mail/index.yaml @@ -6,7 +6,7 @@ metadata: name: domain-mail description: null options: - ingress-class: + ingress_class: default: traefik examples: - traefik @@ -71,7 +71,7 @@ options: default: domain type: string type: object - domain-name: + domain_name: default: your_company.com examples: - your_company.com diff --git a/meta/domain-monitor/apps.tf b/meta/domain-monitor/apps.tf index 9f54eee..1ba6c7e 100644 --- a/meta/domain-monitor/apps.tf +++ b/meta/domain-monitor/apps.tf @@ -2,17 +2,17 @@ locals { annotations = { "vynil.solidite.fr/meta" = "domain-monitor" "vynil.solidite.fr/name" = var.namespace - "vynil.solidite.fr/domain" = var.domain-name + "vynil.solidite.fr/domain" = var.domain_name "vynil.solidite.fr/issuer" = var.issuer - "vynil.solidite.fr/ingress" = var.ingress-class + "vynil.solidite.fr/ingress" = var.ingress_class } global = { "domain" = var.namespace - "domain-name" = "monitor.${var.domain-name}" + "domain_name" = "monitor.${var.domain_name}" "issuer" = var.issuer - "ingress-class" = var.ingress-class + "ingress_class" = var.ingress_class "backups" = var.backups - "app-group" = var.app-group + "app_group" = var.app_group } grafana = { for k, v in var.grafana : k => v if k!="enable" } prometheus = { for k, v in var.prometheus : k => v if k!="enable" } diff --git a/meta/domain-monitor/index.yaml b/meta/domain-monitor/index.yaml index 4ec1a03..c0cd100 100644 --- a/meta/domain-monitor/index.yaml +++ b/meta/domain-monitor/index.yaml @@ -71,12 +71,12 @@ options: type: object x-vynil-category: monitor x-vynil-package: dashboards-cluster - ingress-class: + ingress_class: default: traefik examples: - traefik type: string - app-group: + app_group: default: monitor examples: - monitor @@ -176,7 +176,7 @@ options: type: object x-vynil-category: monitor x-vynil-package: dashboards-namespace - domain-name: + domain_name: default: your_company.com examples: - your_company.com diff --git a/meta/domain/index.yaml b/meta/domain/index.yaml index 880f0d3..b813ed7 100644 --- a/meta/domain/index.yaml +++ b/meta/domain/index.yaml @@ -111,7 +111,7 @@ options: examples: - letsencrypt-prod type: string - ingress-class: + ingress_class: default: traefik examples: - traefik @@ -228,7 +228,7 @@ options: default: backup-settings type: string type: object - domain-name: + domain_name: default: your_company.com examples: - your_company.com diff --git a/meta/domain/installs.tf b/meta/domain/installs.tf index 7861d15..2c4aa1e 100644 --- a/meta/domain/installs.tf +++ b/meta/domain/installs.tf @@ -1,9 +1,9 @@ locals { global = { "domain" = var.namespace - "domain-name" = var.domain-name + "domain_name" = var.domain_name "issuer" = var.issuer - "ingress-class" = var.ingress-class + "ingress_class" = var.ingress_class "distributions" = var.distributions "backups" = var.backups "storage-classes"= var.storage-classes @@ -11,9 +11,9 @@ locals { annotations = { "vynil.solidite.fr/meta" = var.component "vynil.solidite.fr/name" = var.namespace - "vynil.solidite.fr/domain" = var.domain-name + "vynil.solidite.fr/domain" = var.domain_name "vynil.solidite.fr/issuer" = var.issuer - "vynil.solidite.fr/ingress" = var.ingress-class + "vynil.solidite.fr/ingress" = var.ingress_class } auth = { for k, v in var.auth : k => v if k!="enable" } infra = { for k, v in var.infra : k => v if k!="enable" } diff --git a/modules/application/application.tf b/modules/application/application.tf index 3b5ce43..6b9d03d 100644 --- a/modules/application/application.tf +++ b/modules/application/application.tf @@ -1,36 +1,36 @@ locals { - app-name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) - main-group = format("app-%s", local.app-name) + app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) + main-group = format("app-%s", local.app_name) } data "authentik_group" "akadmin" { name = "authentik Admins" } resource "authentik_group" "groups" { name = local.main-group - attributes = jsonencode({"${local.app-name}" = true}) + attributes = jsonencode({"${local.app_name}" = true}) } resource "authentik_group" "subgroup" { count = length(var.sub-groups) - name = format("%s-%s", local.app-name, var.sub-groups[count.index]) + name = format("%s-%s", local.app_name, var.sub-groups[count.index]) parent = authentik_group.groups.id } resource "authentik_application" "prj_app" { name = "${var.instance}" slug = "${var.component}-${var.instance}" - group = var.app-group + group = var.app_group protocol_provider = var.protocol_provider backchannel_providers = var.backchannel_providers - meta_launch_url = format("https://%s", var.dns-name) - meta_icon = format("https://%s/%s", var.dns-name, var.icon) + meta_launch_url = format("https://%s", var.dns_name) + meta_icon = format("https://%s/%s", var.dns_name, var.icon) } resource "authentik_policy_expression" "policy" { name = local.main-group expression = <<-EOF attr = request.user.group_attributes() - return attr['${local.app-name}'] if '${local.app-name}' in attr else False + return attr['${local.app_name}'] if '${local.app_name}' in attr else False EOF } diff --git a/modules/application/variables.tf b/modules/application/variables.tf index af23281..b2398ee 100644 --- a/modules/application/variables.tf +++ b/modules/application/variables.tf @@ -7,14 +7,14 @@ variable "instance" { variable "icon" { type = string } -variable "app-group" { +variable "app_group" { type = string } variable "protocol_provider" { type = number default = null } -variable "dns-name" { +variable "dns_name" { type = string } variable "sub-groups" { diff --git a/modules/forward/forward.tf b/modules/forward/forward.tf index 0e95254..c854473 100644 --- a/modules/forward/forward.tf +++ b/modules/forward/forward.tf @@ -1,10 +1,10 @@ locals { forward-outpost-providers = jsondecode(data.http.get_forward_outpost.response_body).results[0].providers forward-outpost-pk = jsondecode(data.http.get_forward_outpost.response_body).results[0].pk - app-name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) - main-group = format("app-%s", local.app-name) - external-url = format("https://%s", var.dns-names[0]) - rules-icons = [ for v in var.dns-names : { + app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) + main-group = format("app-%s", local.app_name) + external-url = format("https://%s", var.dns_names[0]) + rules-icons = [ for v in var.dns_names : { "host" = "${v}" "http" = { "paths" = [{ @@ -28,10 +28,10 @@ resource "kubectl_manifest" "prj_ingress_icon" { namespace: "${var.namespace}" labels: ${jsonencode(var.labels)} spec: - ingressClassName: "${var.ingress-class}" + ingressClassName: "${var.ingress_class}" rules: ${jsonencode(local.rules-icons)} tls: - - hosts: ${jsonencode(var.dns-names)} + - hosts: ${jsonencode(var.dns_names)} secretName: "${var.instance}-cert" EOF } @@ -41,7 +41,7 @@ data "authentik_flow" "default-authorization-flow" { } resource "authentik_provider_proxy" "prj_forward" { - name = local.app-name + name = local.app_name external_host = local.external-url authorization_flow = data.authentik_flow.default-authorization-flow.id mode = "forward_single" @@ -74,7 +74,7 @@ resource "kubectl_manifest" "prj_middleware" { apiVersion: traefik.containo.us/v1alpha1 kind: Middleware metadata: - name: "forward-${local.app-name}" + name: "forward-${local.app_name}" namespace: "${var.namespace}" labels: ${jsonencode(var.labels)} spec: diff --git a/modules/forward/variables.tf b/modules/forward/variables.tf index d18098d..b612b8a 100644 --- a/modules/forward/variables.tf +++ b/modules/forward/variables.tf @@ -13,13 +13,13 @@ variable "domain" { variable "namespace" { type = string } -variable "ingress-class" { +variable "ingress_class" { type = string } variable "labels" { type = map(string) } -variable "dns-names" { +variable "dns_names" { type = list(string) } variable "access-token-validity" { diff --git a/modules/ingress/ingress.tf b/modules/ingress/ingress.tf index 6e38939..76d5ae4 100644 --- a/modules/ingress/ingress.tf +++ b/modules/ingress/ingress.tf @@ -1,6 +1,6 @@ locals { - rules = [ for v in var.dns-names : { + rules = [ for v in var.dns_names : { "host" = "${v}" "http" = { "paths" = [{ @@ -25,7 +25,7 @@ resource "kubectl_manifest" "prj_certificate" { labels: ${jsonencode(var.labels)} spec: secretName: "${var.instance}${var.component==""?"":"-"}${var.component}-cert" - dnsNames: ${jsonencode(var.dns-names)} + dnsNames: ${jsonencode(var.dns_names)} issuerRef: name: "${var.issuer}" kind: "ClusterIssuer" @@ -61,10 +61,10 @@ resource "kubectl_manifest" "prj_ingress" { annotations: "traefik.ingress.kubernetes.io/router.middlewares": "${join(",", [for m in concat(["${var.instance}-https"],var.middlewares) : format("%s-%s@kubernetescrd", var.namespace, m)])}" spec: - ingressClassName: "${var.ingress-class}" + ingressClassName: "${var.ingress_class}" rules: ${jsonencode(local.rules)} tls: - - hosts: ${jsonencode(var.dns-names)} + - hosts: ${jsonencode(var.dns_names)} secretName: "${var.instance}${var.secret-component!=""?"-${var.secret-component}":var.component==""?"":"-${var.component}"}-cert" EOF } diff --git a/modules/ingress/variables.tf b/modules/ingress/variables.tf index 365bb76..ee55242 100644 --- a/modules/ingress/variables.tf +++ b/modules/ingress/variables.tf @@ -10,14 +10,14 @@ variable "namespace" { variable "issuer" { type = string } -variable "ingress-class" { +variable "ingress_class" { type = string } variable "labels" { type = map(string) } -variable "dns-names" { +variable "dns_names" { type = list(string) } variable "middlewares" { diff --git a/modules/oauth2/oauth2.tf b/modules/oauth2/oauth2.tf index bb63495..dea2789 100644 --- a/modules/oauth2/oauth2.tf +++ b/modules/oauth2/oauth2.tf @@ -50,7 +50,7 @@ resource "authentik_provider_oauth2" "oauth2" { signing_key = data.authentik_certificate_key_pair.ca.id property_mappings = data.authentik_scope_mapping.oauth2.ids redirect_uris = [ - "https://${var.dns-name}/${var.redirect-path}" + "https://${var.dns_name}/${var.redirect-path}" ] } diff --git a/modules/oauth2/variables.tf b/modules/oauth2/variables.tf index 4b3b303..b06404a 100644 --- a/modules/oauth2/variables.tf +++ b/modules/oauth2/variables.tf @@ -10,7 +10,7 @@ variable "namespace" { variable "labels" { type = map(string) } -variable "dns-name" { +variable "dns_name" { type = string } variable "redirect-path" { diff --git a/modules/saml/saml.tf b/modules/saml/saml.tf index 7c87579..5521801 100644 --- a/modules/saml/saml.tf +++ b/modules/saml/saml.tf @@ -35,7 +35,7 @@ resource "kubectl_manifest" "saml_certificate" { labels: ${jsonencode(var.labels)} spec: secretName: "${var.instance}-${var.component}-saml" - dnsNames: ${jsonencode(var.dns-names)} + dnsNames: ${jsonencode(var.dns_names)} issuerRef: name: "self-sign" kind: "ClusterIssuer" @@ -47,7 +47,7 @@ resource "authentik_provider_saml" "prj" { name = "${var.component}-${var.instance}-saml" authentication_flow = data.authentik_flow.default-authentication-flow.id authorization_flow = data.authentik_flow.default-authorization-flow.id - acs_url = "https://${var.dns-names[0]}/${var.acs-path}" + acs_url = "https://${var.dns_names[0]}/${var.acs-path}" property_mappings = data.authentik_property_mapping_saml.saml_maps.ids name_id_mapping = data.authentik_property_mapping_saml.saml_name.id signing_kp = data.authentik_certificate_key_pair.generated.id diff --git a/modules/saml/variables.tf b/modules/saml/variables.tf index fce1570..ea10bb0 100644 --- a/modules/saml/variables.tf +++ b/modules/saml/variables.tf @@ -4,7 +4,7 @@ variable "component" { variable "instance" { type = string } -variable "dns-names" { +variable "dns_names" { type = list(string) } variable "acs-path" { diff --git a/monitor/alertmanager/index.yaml b/monitor/alertmanager/index.yaml index a242c27..5a4e333 100644 --- a/monitor/alertmanager/index.yaml +++ b/monitor/alertmanager/index.yaml @@ -6,7 +6,7 @@ metadata: name: alertmanager description: null options: - sub-domain: + sub_domain: default: alertmanager examples: - alertmanager @@ -16,7 +16,7 @@ options: examples: - letsencrypt-prod type: string - app-group: + app_group: default: monitor examples: - monitor @@ -65,7 +65,7 @@ options: examples: - info type: string - domain-name: + domain_name: default: your_company.com examples: - your_company.com @@ -75,7 +75,7 @@ options: examples: - 120h type: string - ingress-class: + ingress_class: default: traefik examples: - traefik diff --git a/monitor/alertmanager/presentation.tf b/monitor/alertmanager/presentation.tf index 1b6e11b..c7751af 100644 --- a/monitor/alertmanager/presentation.tf +++ b/monitor/alertmanager/presentation.tf @@ -1,7 +1,7 @@ locals { - dns-name = "${var.sub-domain}.${var.domain-name}" - dns-names = [local.dns-name] - app-name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) + dns_name = "${var.sub_domain}.${var.domain_name}" + dns_names = [local.dns_name] + app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) icon = "favicon.ico" request_headers = { "Content-Type" = "application/json" @@ -21,10 +21,10 @@ module "ingress" { instance = var.instance namespace = var.namespace issuer = var.issuer - ingress_class = var.ingress-class + ingress_class = var.ingress_class labels = local.common-labels - dns_names = local.dns-names - middlewares = ["forward-${local.app-name}"] + dns_names = local.dns_names + middlewares = ["forward-${local.app_name}"] services = [local.service] providers = { kubectl = kubectl @@ -35,8 +35,8 @@ module "application" { source = "git::https://git.solidite.fr/vynil/kydah-modules.git//application" component = var.component instance = var.instance - app_group = var.app-group - dns_name = local.dns-name + app_group = var.app_group + dns_name = local.dns_name icon = local.icon protocol_provider = module.forward.provider-id providers = { @@ -60,9 +60,9 @@ module "forward" { instance = var.instance domain = var.domain namespace = var.namespace - ingress_class = var.ingress-class + ingress_class = var.ingress_class labels = local.common-labels - dns_names = local.dns-names + dns_names = local.dns_names service = local.service icon = local.icon request_headers = local.request_headers diff --git a/monitor/grafana/config.tf b/monitor/grafana/config.tf index 9ec3b83..d10de92 100644 --- a/monitor/grafana/config.tf +++ b/monitor/grafana/config.tf @@ -19,7 +19,7 @@ plugins = /var/lib/grafana/plugins provisioning = /etc/grafana/provisioning [server] domain = '' -root_url = 'https://${local.dns-name}/' +root_url = 'https://${local.dns_name}/' [users] auto_assign_org = true auto_assign_org_id = 1 diff --git a/monitor/grafana/index.yaml b/monitor/grafana/index.yaml index 6f02b4e..d2a24ac 100644 --- a/monitor/grafana/index.yaml +++ b/monitor/grafana/index.yaml @@ -25,7 +25,7 @@ options: default: 10Gi type: string type: object - sub-domain: + sub_domain: default: grafana examples: - grafana @@ -132,7 +132,7 @@ options: type: string type: object type: object - ingress-class: + ingress_class: default: traefik examples: - traefik @@ -147,12 +147,12 @@ options: examples: - grafana_admin type: string - app-group: + app_group: default: monitor examples: - monitor type: string - domain-name: + domain_name: default: your_company.com examples: - your_company.com diff --git a/monitor/grafana/presentation.tf b/monitor/grafana/presentation.tf index d78c302..b38289f 100644 --- a/monitor/grafana/presentation.tf +++ b/monitor/grafana/presentation.tf @@ -1,7 +1,7 @@ locals { - dns-name = "${var.sub-domain}.${var.domain-name}" - dns-names = [local.dns-name] - app-name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) + dns_name = "${var.sub_domain}.${var.domain_name}" + dns_names = [local.dns_name] + app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) icon = "public/img/grafana_icon.svg" request_headers = { "Content-Type" = "application/json" @@ -21,9 +21,9 @@ module "ingress" { instance = var.instance namespace = var.namespace issuer = var.issuer - ingress_class = var.ingress-class + ingress_class = var.ingress_class labels = local.common-labels - dns_names = local.dns-names + dns_names = local.dns_names middlewares = [] services = [local.service] providers = { @@ -35,8 +35,8 @@ module "ingress" { source = "git::https://git.solidite.fr/vynil/kydah-modules.git//application" component = var.component instance = var.instance - app_group = var.app-group - dns_name = local.dns-name + app_group = var.app_group + dns_name = local.dns_name icon = local.icon sub_groups = ["admin"] protocol_provider = module.oauth2.provider-id @@ -52,7 +52,7 @@ module "oauth2" { namespace = var.namespace domain = var.domain labels = local.common-labels - dns_name = local.dns-name + dns_name = local.dns_name redirect_path = "login/generic_oauth" providers = { kubernetes = kubernetes diff --git a/monitor/prometheus/index.yaml b/monitor/prometheus/index.yaml index 5c04bca..e7da145 100644 --- a/monitor/prometheus/index.yaml +++ b/monitor/prometheus/index.yaml @@ -16,12 +16,12 @@ options: examples: - 10d type: string - sub-domain: + sub_domain: default: prometheus examples: - prometheus type: string - ingress-class: + ingress_class: default: traefik examples: - traefik @@ -80,12 +80,12 @@ options: examples: - 1 type: integer - domain-name: + domain_name: default: your_company.com examples: - your_company.com type: string - app-group: + app_group: default: monitor examples: - monitor diff --git a/monitor/prometheus/presentation.tf b/monitor/prometheus/presentation.tf index 705e53c..d476560 100644 --- a/monitor/prometheus/presentation.tf +++ b/monitor/prometheus/presentation.tf @@ -1,7 +1,7 @@ locals { - dns-name = "${var.sub-domain}.${var.domain-name}" - dns-names = [local.dns-name] - app-name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) + dns_name = "${var.sub_domain}.${var.domain_name}" + dns_names = [local.dns_name] + app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) icon = "favicon.ico" request_headers = { "Content-Type" = "application/json" @@ -21,10 +21,10 @@ module "ingress" { instance = var.instance namespace = var.namespace issuer = var.issuer - ingress_class = var.ingress-class + ingress_class = var.ingress_class labels = local.common-labels - dns_names = local.dns-names - middlewares = ["forward-${local.app-name}"] + dns_names = local.dns_names + middlewares = ["forward-${local.app_name}"] services = [local.service] providers = { kubectl = kubectl @@ -35,8 +35,8 @@ module "application" { source = "git::https://git.solidite.fr/vynil/kydah-modules.git//application" component = var.component instance = var.instance - app_group = var.app-group - dns_name = local.dns-name + app_group = var.app_group + dns_name = local.dns_name icon = local.icon protocol_provider = module.forward.provider-id providers = { @@ -60,9 +60,9 @@ module "forward" { instance = var.instance domain = var.domain namespace = var.namespace - ingress_class = var.ingress-class + ingress_class = var.ingress_class labels = local.common-labels - dns_names = local.dns-names + dns_names = local.dns_names service = local.service icon = local.icon request_headers = local.request_headers diff --git a/share/authentik-forward/index.yaml b/share/authentik-forward/index.yaml index 75a42c5..07d646c 100644 --- a/share/authentik-forward/index.yaml +++ b/share/authentik-forward/index.yaml @@ -11,7 +11,7 @@ options: examples: - letsencrypt-prod type: string - ingress-class: + ingress_class: default: traefik examples: - traefik @@ -21,12 +21,12 @@ options: examples: - your-company type: string - domain-name: + domain_name: default: your_company.com examples: - your_company.com type: string - sub-domain: + sub_domain: default: null dependencies: - dist: null diff --git a/share/authentik/datas.tf b/share/authentik/datas.tf index 42b778e..3a16555 100644 --- a/share/authentik/datas.tf +++ b/share/authentik/datas.tf @@ -46,7 +46,7 @@ data "kustomization_overlay" "data" { "AUTHENTIK_POSTGRESQL__PORT=5432", "AUTHENTIK_POSTGRESQL__USER=${var.component}", "AUTHENTIK_REDIS__HOST=${var.name}-${var.component}-redis", - "AUTHENTIK_BOOTSTRAP_EMAIL=${var.admin.email}@${var.domain-name}", + "AUTHENTIK_BOOTSTRAP_EMAIL=${var.admin.email}@${var.domain_name}", ] } patches { diff --git a/share/authentik/index.yaml b/share/authentik/index.yaml index af46326..dd5b825 100644 --- a/share/authentik/index.yaml +++ b/share/authentik/index.yaml @@ -115,7 +115,7 @@ options: examples: - letsencrypt-prod type: string - ingress-class: + ingress_class: default: traefik examples: - traefik @@ -183,7 +183,7 @@ options: default: 2023.8.3 type: string type: object - domain-name: + domain_name: default: your_company.com examples: - your_company.com @@ -198,7 +198,7 @@ options: default: auth-admin type: string type: object - sub-domain: + sub_domain: default: auth examples: - auth diff --git a/share/authentik/ingress.tf b/share/authentik/ingress.tf index cc84f10..8dc29b4 100644 --- a/share/authentik/ingress.tf +++ b/share/authentik/ingress.tf @@ -1,5 +1,5 @@ locals { - dns-names = ["${var.sub-domain}.${var.domain-name}"] + dns_names = ["${var.sub_domain}.${var.domain_name}"] middlewares = ["${var.instance}-https"] service = { "name" = "${var.instance}" @@ -7,7 +7,7 @@ locals { "number" = 80 } } - rules = [ for v in local.dns-names : { + rules = [ for v in local.dns_names : { "host" = "${v}" "http" = { "paths" = [{ @@ -31,7 +31,7 @@ resource "kubectl_manifest" "prj_certificate" { labels: ${jsonencode(local.common-labels)} spec: secretName: "${var.instance}-cert" - dnsNames: ${jsonencode(local.dns-names)} + dnsNames: ${jsonencode(local.dns_names)} issuerRef: name: "${var.issuer}" kind: "ClusterIssuer" @@ -66,10 +66,10 @@ resource "kubectl_manifest" "prj_ingress" { annotations: "traefik.ingress.kubernetes.io/router.middlewares": "${join(",", [for m in local.middlewares : format("%s-%s@kubernetescrd", var.namespace, m)])}" spec: - ingressClassName: "${var.ingress-class}" + ingressClassName: "${var.ingress_class}" rules: ${jsonencode(local.rules)} tls: - - hosts: ${jsonencode(local.dns-names)} + - hosts: ${jsonencode(local.dns_names)} secretName: "${var.instance}-cert" EOF } diff --git a/share/authentik/redis.tf b/share/authentik/redis.tf index dba040b..50b6cf6 100644 --- a/share/authentik/redis.tf +++ b/share/authentik/redis.tf @@ -8,7 +8,7 @@ resource "kubectl_manifest" "authentik_redis" { labels: ${jsonencode(local.common-labels)} spec: kubernetesConfig: - image: "${var.redis.image}" + image: "${var.images.redis.registry}/${var.images.redis.repository}:${var.images.redis.tag}" imagePullPolicy: "IfNotPresent" redisSecret: name: "${var.component}" @@ -19,10 +19,10 @@ resource "kubectl_manifest" "authentik_redis" { accessModes: ["ReadWriteOnce"] resources: requests: - storage: "${var.redis.storage}" + storage: "${var.storage.redis}" redisExporter: enabled: ${var.redis.exporter.enabled} - image: "${var.redis.exporter.image}" + image: "${var.images.redis_exporter.registry}/${var.images.redis_exporter.repository}:${var.images.redis_exporter.tag}" securityContext: runAsUser: 1000 fsGroup: 1000 diff --git a/share/dataset-pg/directus.tf b/share/dataset-pg/directus.tf index d98012d..f46f1f3 100644 --- a/share/dataset-pg/directus.tf +++ b/share/dataset-pg/directus.tf @@ -5,7 +5,7 @@ locals { "app.kubernetes.io/component" = "directus" }) directus-icon = "admin/img/directus-white.png" - directus-dns-name = "directus.${local.dns-name}" + directus-dns_name = "directus.${local.dns_name}" directus-service = { "name" = "directus-${var.instance}" "port" = { @@ -45,15 +45,15 @@ resource "kubectl_manifest" "directus_config" { DB_PORT: "5432" STORAGE_LOCATIONS: "local" STORAGE_LOCAL_ROOT: "/var/store" - ADMIN_EMAIL: "admin@${var.domain-name}" + ADMIN_EMAIL: "admin@${var.domain_name}" NODE_EXTRA_CA_CERTS: "/etc/local-ca/ca.crt" TELEMETRY: "false" AUTH_PROVIDERS: "VYNIL" AUTH_VYNIL_DRIVER: "openid" AUTH_VYNIL_ALLOW_PUBLIC_REGISTRATION: "true" - AUTH_VYNIL_ISSUER_URL: "https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}/application/o/directus-${replace(var.sub-domain, ".", "-")}-${var.instance}/.well-known/openid-configuration" + AUTH_VYNIL_ISSUER_URL: "https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}/application/o/directus-${replace(var.sub_domain, ".", "-")}-${var.instance}/.well-known/openid-configuration" AUTH_VYNIL_IDENTIFIER_KEY: "email" - PUBLIC_URL: "https://${local.directus-dns-name}" + PUBLIC_URL: "https://${local.directus-dns_name}" EOF } @@ -133,12 +133,12 @@ resource "kubectl_manifest" "directus_deploy" { valueFrom: secretKeyRef: key: "client-id" - name: "directus-${replace(var.sub-domain, ".", "-")}-${var.instance}-id" + name: "directus-${replace(var.sub_domain, ".", "-")}-${var.instance}-id" - name: AUTH_VYNIL_CLIENT_SECRET valueFrom: secretKeyRef: key: "client-secret" - name: "directus-${replace(var.sub-domain, ".", "-")}-${var.instance}-secret" + name: "directus-${replace(var.sub_domain, ".", "-")}-${var.instance}-secret" - name: DB_USER valueFrom: secretKeyRef: @@ -216,9 +216,9 @@ module "directus-ingress" { instance = var.instance namespace = var.namespace issuer = var.issuer - ingress-class = var.ingress-class + ingress_class = var.ingress_class labels = local.directus-labels - dns-names = [local.directus-dns-name] + dns_names = [local.directus-dns_name] create-redirect = true middlewares = [] service = local.directus-service @@ -230,10 +230,10 @@ module "directus-ingress" { module "directus-application" { count = var.extentions.directus.enable ? 1 : 0 source = "/dist/modules/application" - component = "directus-${replace(var.sub-domain, ".", "-")}" + component = "directus-${replace(var.sub_domain, ".", "-")}" instance = var.instance - app-group = var.app-group - dns-name = local.directus-dns-name + app_group = var.app_group + dns_name = local.directus-dns_name icon = local.directus-icon protocol_provider = module.directus-oauth2[0].provider-id providers = { @@ -244,11 +244,11 @@ module "directus-application" { module "directus-oauth2" { count = var.extentions.directus.enable ? 1 : 0 source = "/dist/modules/oauth2" - component = "directus-${replace(var.sub-domain, ".", "-")}" + component = "directus-${replace(var.sub_domain, ".", "-")}" instance = var.instance namespace = var.namespace labels = local.directus-labels - dns-name = local.directus-dns-name + dns_name = local.directus-dns_name redirect-path = "auth/login/VYNIL/callback" providers = { kubernetes = kubernetes diff --git a/share/dataset-pg/index.yaml b/share/dataset-pg/index.yaml index ebb5bee..10f98d8 100644 --- a/share/dataset-pg/index.yaml +++ b/share/dataset-pg/index.yaml @@ -65,17 +65,17 @@ options: examples: - your-company type: string - sub-domain: + sub_domain: default: dataset-pg examples: - dataset-pg type: string - app-group: + app_group: default: api examples: - api type: string - domain-name: + domain_name: default: your_company.com examples: - your_company.com @@ -85,7 +85,7 @@ options: examples: - 8Gi type: string - ingress-class: + ingress_class: default: traefik examples: - traefik diff --git a/share/dataset-pg/postgresql.tf b/share/dataset-pg/postgresql.tf index f7f89ae..a379ee7 100644 --- a/share/dataset-pg/postgresql.tf +++ b/share/dataset-pg/postgresql.tf @@ -1,5 +1,5 @@ locals { - dns-name = "${var.instance}.${var.sub-domain}.${var.domain-name}" + dns_name = "${var.instance}.${var.sub_domain}.${var.domain_name}" pg-labels = merge(local.common-labels, { "app.kubernetes.io/component" = "postgresql" }) diff --git a/share/dataset-pg/postgrest.tf b/share/dataset-pg/postgrest.tf index a3c2552..b877998 100644 --- a/share/dataset-pg/postgrest.tf +++ b/share/dataset-pg/postgrest.tf @@ -2,7 +2,7 @@ locals { prest-labels = merge(local.common-labels, { "app.kubernetes.io/component" = "postgrest" }) - prest-dns-name = "api.${local.dns-name}" + prest-dns_name = "api.${local.dns_name}" prest-service = { "name" = "postgrest-${var.instance}" "port" = { @@ -32,9 +32,9 @@ resource "kubectl_manifest" "postgrest_config" { PGPORT: "5432" PGRST_DB_SCHEMA: public PGRST_DB_ANON_ROLE: anonymous - PGRST_OPENAPI_SERVER_PROXY_URI: "https://${local.prest-dns-name}" + PGRST_OPENAPI_SERVER_PROXY_URI: "https://${local.prest-dns_name}" PGRST_ADMIN_SERVER_PORT: "9000" - API_URL: "https://${local.prest-dns-name}" + API_URL: "https://${local.prest-dns_name}" BASE_URL: "/ui" EOF } @@ -152,9 +152,9 @@ module "postgrest-ingress" { instance = var.instance namespace = var.namespace issuer = var.issuer - ingress-class = var.ingress-class + ingress_class = var.ingress_class labels = local.prest-labels - dns-names = [local.prest-dns-name] + dns_names = [local.prest-dns_name] create-redirect = true middlewares = [] service = local.prest-service @@ -184,9 +184,9 @@ module "swagger-ingress" { instance = var.instance namespace = var.namespace issuer = var.issuer - ingress-class = var.ingress-class + ingress_class = var.ingress_class labels = local.prest-labels - dns-names = [local.prest-dns-name] + dns_names = [local.prest-dns_name] middlewares = [] create-cert = false sub-path = "ui" diff --git a/share/dns/config.tf b/share/dns/config.tf index 010c71c..24c626f 100644 --- a/share/dns/config.tf +++ b/share/dns/config.tf @@ -23,13 +23,13 @@ locals { } EOF soa-ns = <<-EOF - @ IN SOA ${var.sub-domain}.${var.domain-name}. ${var.domain-name}. ( + @ IN SOA ${var.sub_domain}.${var.domain_name}. ${var.domain_name}. ( ${formatdate("YYYYMMDDhh",timestamp())} ; Serial 4H ; Refresh 1H ; Retry 7D ; Expire 4H ) ; Negative Cache TTL - @ IN NS ${var.sub-domain}.${var.domain-name}. + @ IN NS ${var.sub_domain}.${var.domain_name}. EOF files = merge({ "Corefile" = join("\n", concat([local.begin-core],[for z in var.zones: format("file /etc/coredns/%s.db %s", z.name,z.name)],[local.end-core])) diff --git a/share/dns/index.yaml b/share/dns/index.yaml index bb598ec..fab55a4 100644 --- a/share/dns/index.yaml +++ b/share/dns/index.yaml @@ -6,12 +6,12 @@ metadata: name: dns description: null options: - domain-name: + domain_name: default: your_company.com examples: - your_company.com type: string - sub-domain: + sub_domain: default: dns examples: - dns diff --git a/share/organisation/gitea-user.tf b/share/organisation/gitea-user.tf index 02fc2f1..ece8f87 100644 --- a/share/organisation/gitea-user.tf +++ b/share/organisation/gitea-user.tf @@ -83,7 +83,7 @@ resource "gitea_user" "user-ci" { username = "${var.instance}-ci" login_name = "${var.instance}-ci" password = random_password.password.result - email = "${var.instance}-ci@${var.domain-name}" + email = "${var.instance}-ci@${var.domain_name}" must_change_password = true } diff --git a/share/organisation/index.yaml b/share/organisation/index.yaml index 1e186cf..149b46c 100644 --- a/share/organisation/index.yaml +++ b/share/organisation/index.yaml @@ -27,7 +27,7 @@ options: type: string type: object type: array - ingress-class: + ingress_class: default: traefik examples: - traefik @@ -87,12 +87,12 @@ options: default: backup-settings type: string type: object - app-group: + app_group: default: dev examples: - dev type: string - domain-name: + domain_name: default: your_company.com examples: - your_company.com diff --git a/share/organisation/stages.tf b/share/organisation/stages.tf index 99f4885..0352b34 100644 --- a/share/organisation/stages.tf +++ b/share/organisation/stages.tf @@ -1,17 +1,17 @@ locals { annotations = { "vynil.solidite.fr/name" = "${var.component}" - "vynil.solidite.fr/domain" = var.domain-name + "vynil.solidite.fr/domain" = var.domain_name "vynil.solidite.fr/issuer" = var.issuer - "vynil.solidite.fr/ingress" = var.ingress-class + "vynil.solidite.fr/ingress" = var.ingress_class } global = { "domain" = var.namespace - "domain-name" = var.domain-name + "domain_name" = var.domain_name "issuer" = var.issuer - "ingress-class" = var.ingress-class + "ingress_class" = var.ingress_class "backups" = var.backups - "app-group" = var.app-group + "app_group" = var.app_group } sorted-stage-name = reverse(distinct(sort([for s in var.stages: s.name]))) sorted-dataset-name = reverse(distinct(sort([for d in var.datasets: d.name]))) @@ -26,7 +26,7 @@ locals { for name in local.sorted-dataset-name: [ for ds in var.datasets: merge(ds,{ - "sub-domain" = "${stage}.${var.instance}" + "sub_domain" = "${stage}.${var.instance}" "namespace" = "${var.domain}-${var.instance}-${stage}" }) if ds.name == name ] diff --git a/share/wildduck/application.tf b/share/wildduck/application.tf index 670bbd1..e7f5ca8 100644 --- a/share/wildduck/application.tf +++ b/share/wildduck/application.tf @@ -1,30 +1,30 @@ locals { - app-name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) - main-group = format("app-%s", local.app-name) + app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) + main-group = format("app-%s", local.app_name) } data "authentik_group" "akadmin" { name = "authentik Admins" } resource "authentik_group" "groups" { name = local.main-group - attributes = jsonencode({"${local.app-name}" = true}) + attributes = jsonencode({"${local.app_name}" = true}) } resource "authentik_application" "prj_app" { name = "${var.instance}" slug = "${var.component}-${var.instance}" #protocol_provider = authentik_provider_oauth2.oauth2.id - group = var.app-group + group = var.app_group backchannel_providers = [authentik_provider_scim.scim.id] - meta_launch_url = format("https://%s.%s", var.sub-domain, var.domain-name) - meta_icon = format("https://%s.%s/%s", var.sub-domain, var.domain-name, "favicon-32x32.png") + meta_launch_url = format("https://%s.%s", var.sub_domain, var.domain_name) + meta_icon = format("https://%s.%s/%s", var.sub_domain, var.domain_name, "favicon-32x32.png") } resource "authentik_policy_expression" "policy" { name = local.main-group expression = <<-EOF attr = request.user.group_attributes() - return attr['${local.app-name}'] if '${local.app-name}' in attr else False + return attr['${local.app_name}'] if '${local.app_name}' in attr else False EOF } diff --git a/share/wildduck/haraka.tf b/share/wildduck/haraka.tf index 37d1962..6748e2e 100644 --- a/share/wildduck/haraka.tf +++ b/share/wildduck/haraka.tf @@ -96,11 +96,11 @@ resource "kubernetes_config_map_v1" "haraka_config" { } data = yamldecode(<<-EOF me: |- - ${var.sub-domain}.${var.domain-name} + ${var.sub_domain}.${var.domain_name} host_list: |- # add hosts in here we want to accept mail for - ${var.sub-domain}.${var.domain-name} - ${var.domain-name} + ${var.sub_domain}.${var.domain_name} + ${var.domain_name} ${join("\n ",var.additional-domains)} rspamd.ini: |- host = ${var.instance}-rspamd.${var.namespace}.svc.cluster.local @@ -188,7 +188,7 @@ resource "kubernetes_config_map_v1" "haraka_config" { dkim_sign.ini: |- disabled = true selector = mail - domain = ${var.domain-name} + domain = ${var.domain_name} headers_to_sign = From, Sender, Reply-To, Subject, Date, Message-ID, To, Cc, MIME-Version wildduck.yaml: |- redis: diff --git a/share/wildduck/index.yaml b/share/wildduck/index.yaml index a2ccc41..0ec7d10 100644 --- a/share/wildduck/index.yaml +++ b/share/wildduck/index.yaml @@ -6,7 +6,7 @@ metadata: name: wildduck description: null options: - ingress-class: + ingress_class: default: traefik examples: - traefik @@ -255,7 +255,7 @@ options: examples: - your-company type: string - app-group: + app_group: default: '' examples: - '' @@ -298,7 +298,7 @@ options: default: 2Gi type: string type: object - domain-name: + domain_name: default: your_company.com examples: - your_company.com @@ -308,7 +308,7 @@ options: examples: - letsencrypt-prod type: string - sub-domain: + sub_domain: default: mail examples: - mail diff --git a/share/wildduck/ingress.tf b/share/wildduck/ingress.tf index c34b146..16cc818 100644 --- a/share/wildduck/ingress.tf +++ b/share/wildduck/ingress.tf @@ -1,6 +1,6 @@ locals { - dns-names = ["${var.sub-domain}.${var.domain-name}"] - cert-names = concat(local.dns-names, ["${var.domain-name}"]) + dns_names = ["${var.sub_domain}.${var.domain_name}"] + cert-names = concat(local.dns_names, ["${var.domain_name}"]) middlewares = ["${var.instance}-https"] service = { "name" = "${var.instance}-webmail" @@ -8,7 +8,7 @@ locals { "number" = 80 } } - rules = [ for v in local.dns-names : { + rules = [ for v in local.dns_names : { "host" = "${v}" "http" = { "paths" = [{ @@ -67,10 +67,10 @@ resource "kubectl_manifest" "prj_ingress" { annotations: "traefik.ingress.kubernetes.io/router.middlewares": "${join(",", [for m in local.middlewares : format("%s-%s@kubernetescrd", var.namespace, m)])}" spec: - ingressClassName: "${var.ingress-class}" + ingressClassName: "${var.ingress_class}" rules: ${jsonencode(local.rules)} tls: - - hosts: ${jsonencode(local.dns-names)} + - hosts: ${jsonencode(local.dns_names)} secretName: "${var.instance}-cert" EOF } diff --git a/share/wildduck/redis.tf b/share/wildduck/redis.tf index 0ac78d6..df28165 100644 --- a/share/wildduck/redis.tf +++ b/share/wildduck/redis.tf @@ -13,7 +13,7 @@ resource "kubectl_manifest" "prj_redis" { labels: ${jsonencode(local.redis-labels)} spec: kubernetesConfig: - image: "${var.redis.image}" + image: "${var.images.redis.registry}/${var.images.redis.repository}:${var.images.redis.tag}" imagePullPolicy: "IfNotPresent" storage: volumeClaimTemplate: @@ -21,10 +21,10 @@ resource "kubectl_manifest" "prj_redis" { accessModes: ["ReadWriteOnce"] resources: requests: - storage: "${var.redis.storage}" + storage: "${var.storage.redis}" redisExporter: enabled: ${var.redis.exporter.enabled} - image: "${var.redis.exporter.image}" + image: "${var.images.redis_exporter.registry}/${var.images.redis_exporter.repository}:${var.images.redis_exporter.tag}" securityContext: runAsUser: 1000 fsGroup: 1000 diff --git a/share/wildduck/scimgateway.tf b/share/wildduck/scimgateway.tf index 4374d18..b061409 100644 --- a/share/wildduck/scimgateway.tf +++ b/share/wildduck/scimgateway.tf @@ -55,7 +55,7 @@ resource "kubectl_manifest" "scimgateway_deploy" { - name: "PORT" value: "8880" - name: "WILDDUCK_DOMAIN" - value: "${var.domain-name}" + value: "${var.domain_name}" - name: "WILDDUCK_API" value: "http://${var.instance}-wildduck-api.${var.namespace}.svc" - name: SEED diff --git a/share/wildduck/webmail.tf b/share/wildduck/webmail.tf index 1670af7..82d52d2 100644 --- a/share/wildduck/webmail.tf +++ b/share/wildduck/webmail.tf @@ -92,7 +92,7 @@ resource "kubernetes_config_map_v1" "webmail_config" { [service] # email domain for new users - domain="${var.domain-name}" + domain="${var.domain_name}" # default quotas for new users quota=1024 recipients=2000 @@ -102,7 +102,7 @@ resource "kubernetes_config_map_v1" "webmail_config" { allowJoin=false enableSpecial=false # if true the allow creating addresses with special usernames # allowed domains for new addresses - domains=["${var.domain-name}"] + domains=["${var.domain_name}"] generalNotification="" # static notification to show on top of the page @@ -145,7 +145,7 @@ resource "kubernetes_config_map_v1" "webmail_config" { # set to false if not using HTTPS enabled=true # must be https url or use default - appId="https://${var.domain-name}" + appId="https://${var.domain_name}" [log] level="silly" @@ -154,15 +154,15 @@ resource "kubernetes_config_map_v1" "webmail_config" { [setup] # these values are shown in the configuration help page [setup.imap] - hostname="${var.sub-domain}.${var.domain-name}" + hostname="${var.sub_domain}.${var.domain_name}" secure=true port=143 [setup.pop3] - hostname="${var.sub-domain}.${var.domain-name}" + hostname="${var.sub_domain}.${var.domain_name}" secure=true port=110 [setup.smtp] - hostname="${var.sub-domain}.${var.domain-name}" + hostname="${var.sub_domain}.${var.domain_name}" secure=true port=25 EOF diff --git a/share/wildduck/wildduck.tf b/share/wildduck/wildduck.tf index 084ebb1..3d1b612 100644 --- a/share/wildduck/wildduck.tf +++ b/share/wildduck/wildduck.tf @@ -173,7 +173,7 @@ resource "kubernetes_config_map_v1" "wildduck_config" { enabled=true [smtp.setup] # Public configuration for SMTP MDA, needed for mobileconfig files - hostname="${var.sub-domain}.${var.domain-name}" + hostname="${var.sub_domain}.${var.domain_name}" secure=true port=465 [webhooks] @@ -312,7 +312,7 @@ resource "kubernetes_config_map_v1" "wildduck_config" { autoExpunge=true [setup] # Public configuration for IMAP - hostname="${var.sub-domain}.${var.domain-name}" + hostname="${var.sub_domain}.${var.domain_name}" secure=true # port defaults to imap.port port=9930 @@ -360,7 +360,7 @@ resource "kubernetes_config_map_v1" "wildduck_config" { cert="/var/opt/certs/tls.crt" [setup] # Public configuration for POP3 - hostname="${var.sub-domain}.${var.domain-name}" + hostname="${var.sub_domain}.${var.domain_name}" secure=true # port defaults to pop3.port port=995 diff --git a/share/wildduck/zonemta.tf b/share/wildduck/zonemta.tf index c003312..2acf8ea 100644 --- a/share/wildduck/zonemta.tf +++ b/share/wildduck/zonemta.tf @@ -128,7 +128,7 @@ resource "kubernetes_config_map_v1" "zonemta_config" { # Server process must be able to locally bind to these addresses [[default]] address="0.0.0.0" - name="${var.sub-domain}.${var.domain-name}" + name="${var.sub_domain}.${var.domain_name}" # #[[default]] #address="1.2.3.5" @@ -145,7 +145,7 @@ resource "kubernetes_config_map_v1" "zonemta_config" { interfaces=["feeder"] # optional hostname to be used in headers # defaults to os.hostname() - hostname="${var.sub-domain}.${var.domain-name}" + hostname="${var.sub_domain}.${var.domain_name}" # How long to keep auth records in log authlogExpireDays=30 # default smtp recipients for 24h (can be overriden per user) @@ -161,7 +161,7 @@ resource "kubernetes_config_map_v1" "zonemta_config" { # SRS secret value. Must be the same as in the MX side secret="${local.secrets.srs}" # SRS domain, must resolve back to MX - rewriteDomain="${var.domain-name}" + rewriteDomain="${var.domain_name}" # DKIM Settings # ------------- ["modules/zonemta-wildduck".dkim]