locals { global = { "sso_vynil" = var.sso_vynil "domain_name" = var.domain_name "timezone" = var.timezone "language" = var.language "domain" = var.namespace "issuer" = var.issuer "ingress_class" = var.ingress_class } global-backups = { "enable" = var.backups.enable "use_barman" = var.backups.use_barman "endpoint" = var.backups.endpoint "secret_name" = var.backups.secret_name "key_id_key" = var.backups.key_id_key "secret_key" = var.backups.secret_key "restic_key" = var.backups.restic_key } global-volume = { "accessMode" = var.storage.volume.accessMode "class" = var.storage.volume.class } auth = merge(local.global,{ for k, v in var.auth : k => v if !contains(["enable","storage","backups"],k) },{ backups = merge(local.global-backups, lookup(var.auth, "backups", {})) storage = merge({ for k, v in lookup(var.auth, "storage", {}) : k => v if !contains(["volume"],k) }, { volume = merge(local.global-volume, lookup(lookup(var.auth, "storage", {}), "volume", {})) }) }) infra = merge(local.global, { for k, v in var.infra : k => v if !contains(["enable","storage","backups"],k) },{ backups = merge(local.global-backups, lookup(var.infra, "backups", {})) storage = merge({ for k, v in lookup(var.infra, "storage", {}) : k => v if !contains(["volume"],k) }, { volume = merge(local.global-volume, lookup(lookup(var.infra, "storage", {}), "volume", {})) }) }) ci = merge(local.global, { for k, v in var.ci : k => v if !contains(["enable","storage","backups"],k) },{ backups = merge(local.global-backups, lookup(var.ci, "backups", {})) storage = merge({ for k, v in lookup(var.ci, "storage", {}) : k => v if !contains(["volume"],k) }, { volume = merge(local.global-volume, lookup(lookup(var.ci, "storage", {}), "volume", {})) }) }) erp = merge(local.global,{ for k, v in var.erp : k => v if !contains(["enable","storage","backups"],k) },{ backups = merge(local.global-backups, lookup(var.erp, "backups", {})) storage = merge({ for k, v in lookup(var.erp, "storage", {}) : k => v if !contains(["volume"],k) }, { volume = merge(local.global-volume, lookup(lookup(var.erp, "storage", {}), "volume", {})) }) }) apps = merge(local.global,{ for k, v in var.apps : k => v if !contains(["enable","storage","backups"],k) },{ backups = merge(local.global-backups, lookup(var.apps, "backups", {})) storage = merge({ for k, v in lookup(var.apps, "storage", {}) : k => v if !contains(["volume"],k) }, { volume = merge(local.global-volume, lookup(lookup(var.apps, "storage", {}), "volume", {})) }) }) mail = merge(local.global,{ for k, v in var.mail : k => v if !contains(["enable","storage","backups"],k) },{ backups = merge(local.global-backups, lookup(var.mail, "backups", {})) storage = merge({ for k, v in lookup(var.mail, "storage", {}) : k => v if !contains(["volume"],k) }, { volume = merge(local.global-volume, lookup(lookup(var.mail, "storage", {}), "volume", {})) }) }) monitor = merge(local.global,{ for k, v in var.monitor : k => v if !contains(["enable","storage","backups"],k) },{ backups = merge(local.global-backups, lookup(var.monitor, "backups", {})) storage = merge({ for k, v in lookup(var.monitor, "storage", {}) : k => v if !contains(["volume"],k) }, { volume = merge(local.global-volume, lookup(lookup(var.monitor, "storage", {}), "volume", {})) }) }) devspaces = merge(local.global,{ for k, v in var.devspaces : k => v if !contains(["enable","storage","backups"],k) },{ backups = merge(local.global-backups, lookup(var.devspaces, "backups", {})) storage = merge({ for k, v in lookup(var.devspaces, "storage", {}) : k => v if !contains(["volume"],k) }, { volume = merge(local.global-volume, lookup(lookup(var.devspaces, "storage", {}), "volume", {})) }) }) # Force install authentik and it's modules when any are needed use-ldap = (var.ci.enable && var.ci.gitea.enable) || (var.erp.enable && var.erp.dolibarr.enable) use-forward = var.infra.enable && var.infra.traefik.enable use-other-auth = false added-auth-ldap = local.use-ldap?{ "authentik-ldap" = {"enable"= true} }:{} added-auth-forward = local.use-forward?{ "authentik-forward" = {"enable"= true} }:{} added-auth = local.use-ldap||local.use-forward||local.use-other-auth?merge({ "authentik" = {"enable" = true} },local.added-auth-ldap,local.added-auth-forward):{} divisions = { "clients" = { "enable" = false "apps" = [] "divisions" = [] } "employes" = { "enable" = true "apps" = [] "divisions" = [] } "fournisseurs" = { "enable" = false "apps" = [] "divisions" = [] } } devspaces-custom = { external-pgs = concat(var.erp.enable&&var.erp.dolibarr.enable?[{ "name" = "dolibarr-dolibarr-pg" "dbname" = "dolibarr" "username" = "dolibarr" "namespace" = "${var.namespace}-erp" "secret" = { "name" = "dolibarr-dolibarr-pg-app" "key" = "password" } }]:[], var.apps.enable&&var.apps.nextcloud.enable?[{ "name" = "nextcloud-nextcloud-pg" "dbname" = "nextcloud" "username" = "nextcloud" "namespace" = "${var.namespace}-files" "secret" = { "name" = "nextcloud-nextcloud-pg-app" "key" = "password" } }]:[], var.auth.enable&&lookup(lookup(merge(var.auth,local.added-auth), "authentik",{}),"enable",false)?[{ "name" = "authentik-authentik-pg" "dbname" = "authentik" "username" = "authentik" "namespace" = "${var.namespace}-auth" "secret" = { "name" = "authentik-authentik-pg-app" "key" = "password" } }]:[], var.ci.enable&&var.ci.gitea.enable?[{ "name" = "gitea-gitea-pg" "dbname" = "gitea" "username" = "gitea" "namespace" = "${var.namespace}-ci" "secret" = { "name" = "gitea-gitea-pg-app" "key" = "password" } }]:[], lookup(var.devspaces, "external-pgs", [])) external-mongos = concat(var.mail.enable&&var.mail.wildduck.enable?[{ "name" = "wildduck-wildduck-mongo" "dbname" = "wildduck" "username" = "wildduck" "namespace" = "${var.namespace}-mail" "secret" = { "name" = "wildduck-wildduck-mongo" "key" = "password" } }]:[], lookup(var.devspaces, "external-mongos", [])) external-redis = concat(var.mail.enable&&var.mail.wildduck.enable?[{ "name" = "wildduck-wildduck-redis" "namespace" = "${var.namespace}-mail" }]:[], var.auth.enable&&lookup(lookup(merge(var.auth,local.added-auth), "authentik",{}),"enable",false)?[{ "name" = "authentik-authentik-redis" "namespace" = "${var.namespace}-auth" "secret" = { "name" = "authentik" "key" = "AUTHENTIK_REDIS__PASSWORD" } }]:[], var.erp.enable&&var.erp.dolibarr.enable?[{ "name" = "dolibarr-dolibarr-redis" "namespace" = "${var.namespace}-erp" }]:[], var.apps.enable&&var.apps.nextcloud.enable?[{ "name" = "nextcloud-nextcloud-redis" "namespace" = "${var.namespace}-files" }]:[], lookup(var.devspaces, "external-redis", [])) "haveGitea" = var.ci.enable && var.ci.gitea.enable } } resource "kubectl_manifest" "auth" { count = var.auth.enable ? 1 : 0 yaml_body = <<-EOF apiVersion: "vynil.solidite.fr/v1" kind: "Install" metadata: name: "auth" namespace: "${var.namespace}" labels: ${jsonencode(local.common_labels)} spec: distrib: "${var.distributions.domain}" category: "meta" component: "domain-auth" options: ${jsonencode(merge(local.added-auth, local.divisions, local.auth))} EOF } resource "kubectl_manifest" "infra" { count = var.infra.enable ? 1 : 0 yaml_body = <<-EOF apiVersion: "vynil.solidite.fr/v1" kind: "Install" metadata: name: "infra" namespace: "${var.namespace}" labels: ${jsonencode(local.common_labels)} spec: distrib: "${var.distributions.domain}" category: "meta" component: "domain-infra" options: ${jsonencode(local.infra)} EOF } resource "kubectl_manifest" "ci" { count = var.ci.enable ? 1 : 0 yaml_body = <<-EOF apiVersion: "vynil.solidite.fr/v1" kind: "Install" metadata: name: "ci" namespace: "${var.namespace}" labels: ${jsonencode(local.common_labels)} spec: distrib: "${var.distributions.domain}" category: "meta" component: "domain-ci" options: ${jsonencode(local.ci)} EOF } resource "kubectl_manifest" "erp" { count = var.erp.enable ? 1 : 0 yaml_body = <<-EOF apiVersion: "vynil.solidite.fr/v1" kind: "Install" metadata: name: "erp" namespace: "${var.namespace}" labels: ${jsonencode(local.common_labels)} spec: distrib: "${var.distributions.domain}" category: "meta" component: "domain-erp" options: ${jsonencode(local.erp)} EOF } resource "kubectl_manifest" "apps" { count = var.apps.enable ? 1 : 0 yaml_body = <<-EOF apiVersion: "vynil.solidite.fr/v1" kind: "Install" metadata: name: "apps" namespace: "${var.namespace}" labels: ${jsonencode(local.common_labels)} spec: distrib: "${var.distributions.domain}" category: "meta" component: "domain-apps" options: ${jsonencode(local.apps)} EOF } resource "kubectl_manifest" "mail" { count = var.mail.enable ? 1 : 0 yaml_body = <<-EOF apiVersion: "vynil.solidite.fr/v1" kind: "Install" metadata: name: "mail" namespace: "${var.namespace}" labels: ${jsonencode(local.common_labels)} spec: distrib: "${var.distributions.domain}" category: "meta" component: "domain-mail" options: ${jsonencode(local.mail)} EOF } resource "kubectl_manifest" "monitor" { count = var.monitor.enable ? 1 : 0 yaml_body = <<-EOF apiVersion: "vynil.solidite.fr/v1" kind: "Install" metadata: name: "monitor" namespace: "${var.namespace}" labels: ${jsonencode(local.common_labels)} spec: distrib: "${var.distributions.domain}" category: "meta" component: "domain-monitor" options: ${jsonencode(local.monitor)} EOF } resource "kubectl_manifest" "devspaces" { count = var.devspaces.enable ? 1 : 0 yaml_body = <<-EOF apiVersion: "vynil.solidite.fr/v1" kind: "Install" metadata: name: "devspaces" namespace: "${var.namespace}" labels: ${jsonencode(local.common_labels)} spec: distrib: "${var.distributions.domain}" category: "meta" component: "domain-devspaces" options: ${jsonencode(merge(local.devspaces, local.devspaces-custom))} EOF }