locals { global = { "sso_vynil" = var.sso_vynil "domain_name" = var.domain_name "timezone" = var.timezone "language" = var.language "domain" = var.namespace "issuer" = var.issuer "ingress_class" = var.ingress_class } global-backups = { "enable" = var.backups.enable "use_barman" = var.backups.use_barman "endpoint" = var.backups.endpoint "secret_name" = var.backups.secret_name "key_id_key" = var.backups.key_id_key "secret_key" = var.backups.secret_key "restic_key" = var.backups.restic_key } global-volume = { "accessMode" = var.storage.volume.accessMode "class" = var.storage.volume.class } auth = merge(local.global,{ for k, v in var.auth : k => v if !contains(["enable","storage","backups"],k) },{ backups = merge(local.global-backups, lookup(var.auth, "backups", {})) storage = merge({ for k, v in lookup(var.auth, "storage", {}) : k => v if !contains(["volume"],k) }, { volume = merge(local.global-volume, lookup(lookup(var.auth, "storage", {}), "volume", {})) }) }) infra = merge(local.global, { for k, v in var.infra : k => v if !contains(["enable","storage","backups"],k) },{ backups = merge(local.global-backups, lookup(var.infra, "backups", {})) storage = merge({ for k, v in lookup(var.infra, "storage", {}) : k => v if !contains(["volume"],k) }, { volume = merge(local.global-volume, lookup(lookup(var.infra, "storage", {}), "volume", {})) }) }) ci = merge(local.global, { for k, v in var.ci : k => v if !contains(["enable","storage","backups"],k) },{ backups = merge(local.global-backups, lookup(var.ci, "backups", {})) storage = merge({ for k, v in lookup(var.ci, "storage", {}) : k => v if !contains(["volume"],k) }, { volume = merge(local.global-volume, lookup(lookup(var.ci, "storage", {}), "volume", {})) }) }) erp = merge(local.global,{ for k, v in var.erp : k => v if !contains(["enable","storage","backups"],k) },{ backups = merge(local.global-backups, lookup(var.erp, "backups", {})) storage = merge({ for k, v in lookup(var.erp, "storage", {}) : k => v if !contains(["volume"],k) }, { volume = merge(local.global-volume, lookup(lookup(var.erp, "storage", {}), "volume", {})) }) }) apps = merge(local.global,{ for k, v in var.apps : k => v if !contains(["enable","storage","backups"],k) },{ backups = merge(local.global-backups, lookup(var.apps, "backups", {})) storage = merge({ for k, v in lookup(var.apps, "storage", {}) : k => v if !contains(["volume"],k) }, { volume = merge(local.global-volume, lookup(lookup(var.apps, "storage", {}), "volume", {})) }) }) mail = merge(local.global,{ for k, v in var.mail : k => v if !contains(["enable","storage","backups"],k) },{ backups = merge(local.global-backups, lookup(var.mail, "backups", {})) storage = merge({ for k, v in lookup(var.mail, "storage", {}) : k => v if !contains(["volume"],k) }, { volume = merge(local.global-volume, lookup(lookup(var.mail, "storage", {}), "volume", {})) }) }) monitor = merge(local.global,{ for k, v in var.monitor : k => v if !contains(["enable","storage","backups"],k) },{ backups = merge(local.global-backups, lookup(var.monitor, "backups", {})) storage = merge({ for k, v in lookup(var.monitor, "storage", {}) : k => v if !contains(["volume"],k) }, { volume = merge(local.global-volume, lookup(lookup(var.monitor, "storage", {}), "volume", {})) }) }) devspaces = merge(local.global,{ for k, v in var.devspaces : k => v if !contains(["enable","storage","backups"],k) },{ backups = merge(local.global-backups, lookup(var.devspaces, "backups", {})) storage = merge({ for k, v in lookup(var.devspaces, "storage", {}) : k => v if !contains(["volume"],k) }, { volume = merge(local.global-volume, lookup(lookup(var.devspaces, "storage", {}), "volume", {})) }) }) # Force install authentik and it's modules when any are needed use-ldap = var.erp.enable && var.erp.dolibarr.enable use-forward = var.infra.enable && var.infra.traefik.enable use-other-auth = false added-auth-ldap = local.use-ldap?{ "authentik-ldap" = {"enable"= true} }:{} added-auth-forward = local.use-forward?{ "authentik-forward" = {"enable"= true} }:{} added-auth = local.use-ldap||local.use-forward||local.use-other-auth?merge({ "authentik" = {"enable" = true} },local.added-auth-ldap,local.added-auth-forward):{} divisions = { "clients" = { "enable" = false "apps" = [] "divisions" = [] } "employes" = { "enable" = true "apps" = [] "divisions" = [] } "fournisseurs" = { "enable" = false "apps" = [] "divisions" = [] } } } resource "kubectl_manifest" "auth" { count = var.auth.enable ? 1 : 0 yaml_body = <<-EOF apiVersion: "vynil.solidite.fr/v1" kind: "Install" metadata: name: "auth" namespace: "${var.namespace}" labels: ${jsonencode(local.common_labels)} spec: distrib: "${var.distributions.domain}" category: "meta" component: "domain-auth" options: ${jsonencode(merge(local.added-auth, local.divisions, local.auth))} EOF } resource "kubectl_manifest" "infra" { count = var.infra.enable ? 1 : 0 yaml_body = <<-EOF apiVersion: "vynil.solidite.fr/v1" kind: "Install" metadata: name: "infra" namespace: "${var.namespace}" labels: ${jsonencode(local.common_labels)} spec: distrib: "${var.distributions.domain}" category: "meta" component: "domain-infra" options: ${jsonencode(local.infra)} EOF } resource "kubectl_manifest" "ci" { count = var.ci.enable ? 1 : 0 yaml_body = <<-EOF apiVersion: "vynil.solidite.fr/v1" kind: "Install" metadata: name: "ci" namespace: "${var.namespace}" labels: ${jsonencode(local.common_labels)} spec: distrib: "${var.distributions.domain}" category: "meta" component: "domain-ci" options: ${jsonencode(local.ci)} EOF } resource "kubectl_manifest" "erp" { count = var.erp.enable ? 1 : 0 yaml_body = <<-EOF apiVersion: "vynil.solidite.fr/v1" kind: "Install" metadata: name: "erp" namespace: "${var.namespace}" labels: ${jsonencode(local.common_labels)} spec: distrib: "${var.distributions.domain}" category: "meta" component: "domain-erp" options: ${jsonencode(local.erp)} EOF } resource "kubectl_manifest" "apps" { count = var.apps.enable ? 1 : 0 yaml_body = <<-EOF apiVersion: "vynil.solidite.fr/v1" kind: "Install" metadata: name: "apps" namespace: "${var.namespace}" labels: ${jsonencode(local.common_labels)} spec: distrib: "${var.distributions.domain}" category: "meta" component: "domain-apps" options: ${jsonencode(local.apps)} EOF } resource "kubectl_manifest" "mail" { count = var.mail.enable ? 1 : 0 yaml_body = <<-EOF apiVersion: "vynil.solidite.fr/v1" kind: "Install" metadata: name: "mail" namespace: "${var.namespace}" labels: ${jsonencode(local.common_labels)} spec: distrib: "${var.distributions.domain}" category: "meta" component: "domain-mail" options: ${jsonencode(local.mail)} EOF } resource "kubectl_manifest" "monitor" { count = var.monitor.enable ? 1 : 0 yaml_body = <<-EOF apiVersion: "vynil.solidite.fr/v1" kind: "Install" metadata: name: "monitor" namespace: "${var.namespace}" labels: ${jsonencode(local.common_labels)} spec: distrib: "${var.distributions.domain}" category: "meta" component: "domain-monitor" options: ${jsonencode(local.monitor)} EOF } resource "kubectl_manifest" "devspaces" { count = var.devspaces.enable ? 1 : 0 yaml_body = <<-EOF apiVersion: "vynil.solidite.fr/v1" kind: "Install" metadata: name: "devspaces" namespace: "${var.namespace}" labels: ${jsonencode(local.common_labels)} spec: distrib: "${var.distributions.domain}" category: "meta" component: "domain-devspaces" options: ${jsonencode(local.devspaces)} EOF }