vynil/domain-incoming
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
09a852240eeea90b7cfdff861985ba3c77c24ec7
domain-incoming/meta/domain/installs.tf
Sébastien Huss 2890064fd4 fix
2024-05-12 12:03:32 +02:00

300 lines
11 KiB
HCL
Raw Blame History

locals {
global = {
"sso_vynil" = var.sso_vynil
"domain_name" = var.domain_name
"timezone" = var.timezone
"language" = var.language
"domain" = var.namespace
"issuer" = var.issuer
"ingress_class" = var.ingress_class
}
global-backups = {
"enable" = var.backups.enable
"use_barman" = var.backups.use_barman
"endpoint" = var.backups.endpoint
"secret_name" = var.backups.secret_name
"key_id_key" = var.backups.key_id_key
"secret_key" = var.backups.secret_key
"restic_key" = var.backups.restic_key
}
global-volume = {
"accessMode" = var.storage.volume.accessMode
"class" = var.storage.volume.class
}
auth = merge(local.global,{ for k, v in var.auth : k => v if !contains(["enable","storage","backups"],k) },{
backups = merge(local.global-backups, lookup(var.auth, "backups", {}))
storage = merge({ for k, v in lookup(var.auth, "storage", {}) : k => v if !contains(["volume"],k) }, {
volume = merge(local.global-volume, lookup(lookup(var.auth, "storage", {}), "volume", {}))
})
})
infra = merge(local.global, { for k, v in var.infra : k => v if !contains(["enable","storage","backups"],k) },{
backups = merge(local.global-backups, lookup(var.infra, "backups", {}))
storage = merge({ for k, v in lookup(var.infra, "storage", {}) : k => v if !contains(["volume"],k) }, {
volume = merge(local.global-volume, lookup(lookup(var.infra, "storage", {}), "volume", {}))
})
})
ci = merge(local.global, { for k, v in var.ci : k => v if !contains(["enable","storage","backups"],k) },{
backups = merge(local.global-backups, lookup(var.ci, "backups", {}))
storage = merge({ for k, v in lookup(var.ci, "storage", {}) : k => v if !contains(["volume"],k) }, {
volume = merge(local.global-volume, lookup(lookup(var.ci, "storage", {}), "volume", {}))
})
})
erp = merge(local.global,{ for k, v in var.erp : k => v if !contains(["enable","storage","backups"],k) },{
backups = merge(local.global-backups, lookup(var.erp, "backups", {}))
storage = merge({ for k, v in lookup(var.erp, "storage", {}) : k => v if !contains(["volume"],k) }, {
volume = merge(local.global-volume, lookup(lookup(var.erp, "storage", {}), "volume", {}))
})
})
apps = merge(local.global,{ for k, v in var.apps : k => v if !contains(["enable","storage","backups"],k) },{
backups = merge(local.global-backups, lookup(var.apps, "backups", {}))
storage = merge({ for k, v in lookup(var.apps, "storage", {}) : k => v if !contains(["volume"],k) }, {
volume = merge(local.global-volume, lookup(lookup(var.apps, "storage", {}), "volume", {}))
})
})
mail = merge(local.global,{ for k, v in var.mail : k => v if !contains(["enable","storage","backups"],k) },{
backups = merge(local.global-backups, lookup(var.mail, "backups", {}))
storage = merge({ for k, v in lookup(var.mail, "storage", {}) : k => v if !contains(["volume"],k) }, {
volume = merge(local.global-volume, lookup(lookup(var.mail, "storage", {}), "volume", {}))
})
})
monitor = merge(local.global,{ for k, v in var.monitor : k => v if !contains(["enable","storage","backups"],k) },{
backups = merge(local.global-backups, lookup(var.monitor, "backups", {}))
storage = merge({ for k, v in lookup(var.monitor, "storage", {}) : k => v if !contains(["volume"],k) }, {
volume = merge(local.global-volume, lookup(lookup(var.monitor, "storage", {}), "volume", {}))
})
})
devspaces = merge(local.global,{ for k, v in var.devspaces : k => v if !contains(["enable","storage","backups"],k) },{
backups = merge(local.global-backups, lookup(var.devspaces, "backups", {}))
storage = merge({ for k, v in lookup(var.devspaces, "storage", {}) : k => v if !contains(["volume"],k) }, {
volume = merge(local.global-volume, lookup(lookup(var.devspaces, "storage", {}), "volume", {}))
})
})
# Force install authentik and it's modules when any are needed
use-ldap = (var.ci.enable && var.ci.gitea.enable) || (var.erp.enable && var.erp.dolibarr.enable)
use-forward = var.infra.enable && var.infra.traefik.enable
use-other-auth = false
added-auth-ldap = local.use-ldap?{
"authentik-ldap" = {"enable"= true}
}:{}
added-auth-forward = local.use-forward?{
"authentik-forward" = {"enable"= true}
}:{}
added-auth = local.use-ldap||local.use-forward||local.use-other-auth?merge({
"authentik" = {"enable" = true}
},local.added-auth-ldap,local.added-auth-forward):{}
divisions = {
"clients" = {
"enable" = false
"apps" = []
"divisions" = []
}
"employes" = {
"enable" = true
"apps" = []
"divisions" = []
}
"fournisseurs" = {
"enable" = false
"apps" = []
"divisions" = []
}
}
devspaces-custom = {
external-pgs = concat(var.erp.enable&&var.erp.dolibarr.enable?[{
"name" = "dolibarr-dolibarr-pg"
"dbname" = "dolibarr"
"username" = "dolibarr"
"namespace" = "${var.namespace}-erp"
"secret" = {
"name" = "dolibarr-dolibarr-pg-app"
"key" = "password"
}
}]:[], var.apps.enable&&var.apps.nextcloud.enable?[{
"name" = "nextcloud-nextcloud-pg"
"dbname" = "nextcloud"
"username" = "nextcloud"
"namespace" = "${var.namespace}-files"
"secret" = {
"name" = "nextcloud-nextcloud-pg-app"
"key" = "password"
}
}]:[], var.auth.enable&&lookup(lookup(merge(var.auth,local.added-auth), "authentik",{}),"enable",false)?[{
"name" = "authentik-authentik-pg"
"dbname" = "authentik"
"username" = "authentik"
"namespace" = "${var.namespace}-auth"
"secret" = {
"name" = "authentik-authentik-pg-app"
"key" = "password"
}
}]:[], var.ci.enable&&var.ci.gitea.enable?[{
"name" = "gitea-gitea-pg"
"dbname" = "gitea"
"username" = "gitea"
"namespace" = "${var.namespace}-ci"
"secret" = {
"name" = "gitea-gitea-pg-app"
"key" = "password"
}
}]:[], lookup(var.devspaces, "external-pgs", []))
external-mongos = concat(var.mail.enable&&var.mail.wildduck.enable?[{
"name" = "wildduck-wildduck-mongo"
"dbname" = "wildduck"
"username" = "wildduck"
"namespace" = "${var.namespace}-mail"
"secret" = {
"name" = "wildduck-wildduck-mongo"
"key" = "password"
}
}]:[], lookup(var.devspaces, "external-mongos", []))
external-redis = concat(var.mail.enable&&var.mail.wildduck.enable?[{
"name" = "wildduck-wildduck-redis"
"namespace" = "${var.namespace}-mail"
}]:[], var.auth.enable&&lookup(lookup(merge(var.auth,local.added-auth), "authentik",{}),"enable",false)?[{
"name" = "authentik-authentik-redis"
"namespace" = "${var.namespace}-auth"
"secret" = {
"name" = "authentik"
"key" = "AUTHENTIK_REDIS__PASSWORD"
}
}]:[], var.erp.enable&&var.erp.dolibarr.enable?[{
"name" = "dolibarr-dolibarr-redis"
"namespace" = "${var.namespace}-erp"
}]:[], var.apps.enable&&var.apps.nextcloud.enable?[{
"name" = "nextcloud-nextcloud-redis"
"namespace" = "${var.namespace}-files"
}]:[], lookup(var.devspaces, "external-redis", []))
"haveGitea" = var.ci.enable && var.ci.gitea.enable
}
}
resource "kubectl_manifest" "auth" {
count = var.auth.enable ? 1 : 0
yaml_body = <<-EOF
apiVersion: "vynil.solidite.fr/v1"
kind: "Install"
metadata:
name: "auth"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "meta"
component: "domain-auth"
options: ${jsonencode(merge(local.added-auth, local.divisions, local.auth))}
EOF
}
resource "kubectl_manifest" "infra" {
count = var.infra.enable ? 1 : 0
yaml_body = <<-EOF
apiVersion: "vynil.solidite.fr/v1"
kind: "Install"
metadata:
name: "infra"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "meta"
component: "domain-infra"
options: ${jsonencode(local.infra)}
EOF
}
resource "kubectl_manifest" "ci" {
count = var.ci.enable ? 1 : 0
yaml_body = <<-EOF
apiVersion: "vynil.solidite.fr/v1"
kind: "Install"
metadata:
name: "ci"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "meta"
component: "domain-ci"
options: ${jsonencode(local.ci)}
EOF
}
resource "kubectl_manifest" "erp" {
count = var.erp.enable ? 1 : 0
yaml_body = <<-EOF
apiVersion: "vynil.solidite.fr/v1"
kind: "Install"
metadata:
name: "erp"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "meta"
component: "domain-erp"
options: ${jsonencode(local.erp)}
EOF
}
resource "kubectl_manifest" "apps" {
count = var.apps.enable ? 1 : 0
yaml_body = <<-EOF
apiVersion: "vynil.solidite.fr/v1"
kind: "Install"
metadata:
name: "apps"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "meta"
component: "domain-apps"
options: ${jsonencode(local.apps)}
EOF
}
resource "kubectl_manifest" "mail" {
count = var.mail.enable ? 1 : 0
yaml_body = <<-EOF
apiVersion: "vynil.solidite.fr/v1"
kind: "Install"
metadata:
name: "mail"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "meta"
component: "domain-mail"
options: ${jsonencode(local.mail)}
EOF
}
resource "kubectl_manifest" "monitor" {
count = var.monitor.enable ? 1 : 0
yaml_body = <<-EOF
apiVersion: "vynil.solidite.fr/v1"
kind: "Install"
metadata:
name: "monitor"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "meta"
component: "domain-monitor"
options: ${jsonencode(local.monitor)}
EOF
}
resource "kubectl_manifest" "devspaces" {
count = var.devspaces.enable ? 1 : 0
yaml_body = <<-EOF
apiVersion: "vynil.solidite.fr/v1"
kind: "Install"
metadata:
name: "devspaces"
namespace: "${var.namespace}"
labels: ${jsonencode(local.common_labels)}
spec:
distrib: "${var.distributions.domain}"
category: "meta"
component: "domain-devspaces"
options: ${jsonencode(merge(local.devspaces, local.devspaces-custom))}
EOF
}
Reference in New Issue View Git Blame Copy Permalink