fix
This commit is contained in:
@@ -60,7 +60,7 @@ options:
|
|||||||
examples:
|
examples:
|
||||||
- dev
|
- dev
|
||||||
type: string
|
type: string
|
||||||
sub-domain:
|
sub_domain:
|
||||||
default: code
|
default: code
|
||||||
examples:
|
examples:
|
||||||
- code
|
- code
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
locals {
|
locals {
|
||||||
dns_name = "${var.instance}.${var.sub-domain}.${var.domain_name}"
|
dns_name = "${var.instance}.${var.sub_domain}.${var.domain_name}"
|
||||||
dns_names = [local.dns_name]
|
dns_names = [local.dns_name]
|
||||||
app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance)
|
app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance)
|
||||||
icon = "_static/src/browser/media/favicon-dark-support.svg"
|
icon = "_static/src/browser/media/favicon-dark-support.svg"
|
||||||
|
|||||||
@@ -140,7 +140,7 @@ options:
|
|||||||
examples:
|
examples:
|
||||||
- dev
|
- dev
|
||||||
type: string
|
type: string
|
||||||
sub-domain:
|
sub_domain:
|
||||||
default: dbgate
|
default: dbgate
|
||||||
examples:
|
examples:
|
||||||
- dbgate
|
- dbgate
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
locals {
|
locals {
|
||||||
dns_name = "${var.sub-domain}.${var.domain_name}"
|
dns_name = "${var.sub_domain}.${var.domain_name}"
|
||||||
dns_names = [local.dns_name]
|
dns_names = [local.dns_name]
|
||||||
app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance)
|
app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance)
|
||||||
icon = "logo192.png"
|
icon = "logo192.png"
|
||||||
|
|||||||
@@ -63,8 +63,8 @@ resource "authentik_application" "dolibarr_application_saml" {
|
|||||||
slug = "${var.component}-${var.instance}"
|
slug = "${var.component}-${var.instance}"
|
||||||
group = var.app_group
|
group = var.app_group
|
||||||
protocol_provider = authentik_provider_saml.dolibarr.id
|
protocol_provider = authentik_provider_saml.dolibarr.id
|
||||||
meta_launch_url = format("https://%s.%s", var.sub-domain, var.domain_name)
|
meta_launch_url = format("https://%s.%s", var.sub_domain, var.domain_name)
|
||||||
meta_icon = format("https://%s.%s/%s", var.sub-domain, var.domain_name, "theme/dolibarr_256x256_color.png")
|
meta_icon = format("https://%s.%s/%s", var.sub_domain, var.domain_name, "theme/dolibarr_256x256_color.png")
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "authentik_policy_binding" "dolibarr_saml_access_users" {
|
resource "authentik_policy_binding" "dolibarr_saml_access_users" {
|
||||||
|
|||||||
@@ -10,17 +10,17 @@ resource "kubectl_manifest" "backup_schedule" {
|
|||||||
spec:
|
spec:
|
||||||
backend:
|
backend:
|
||||||
repoPasswordSecretRef:
|
repoPasswordSecretRef:
|
||||||
key: "${var.backups.restic-key}"
|
key: "${var.backups.restic_key}"
|
||||||
name: "${var.backups.secret-name}"
|
name: "${var.backups.secret_name}"
|
||||||
s3:
|
s3:
|
||||||
accessKeyIDSecretRef:
|
accessKeyIDSecretRef:
|
||||||
key: "${var.backups.key-id-key}"
|
key: "${var.backups.key_id_key}"
|
||||||
name: "${var.backups.secret-name}"
|
name: "${var.backups.secret_name}"
|
||||||
bucket: "${var.instance}-${var.namespace}"
|
bucket: "${var.instance}-${var.namespace}"
|
||||||
endpoint: "${var.backups.endpoint}/restic"
|
endpoint: "${var.backups.endpoint}/restic"
|
||||||
secretAccessKeySecretRef:
|
secretAccessKeySecretRef:
|
||||||
key: "${var.backups.secret-key}"
|
key: "${var.backups.secret_key}"
|
||||||
name: "${var.backups.secret-name}"
|
name: "${var.backups.secret_name}"
|
||||||
backup:
|
backup:
|
||||||
schedule: "${var.backups.schedule.backup}"
|
schedule: "${var.backups.schedule.backup}"
|
||||||
failedJobsHistoryLimit: 2
|
failedJobsHistoryLimit: 2
|
||||||
|
|||||||
@@ -167,7 +167,7 @@ resource "kubectl_manifest" "config" {
|
|||||||
DOLI_ADMIN_LOGIN: "admin_${var.instance}"
|
DOLI_ADMIN_LOGIN: "admin_${var.instance}"
|
||||||
DOLI_MODULES: "modSociete,modBlockedLog,modSamlConnector,modLdap"
|
DOLI_MODULES: "modSociete,modBlockedLog,modSamlConnector,modLdap"
|
||||||
DOLI_AUTH: "dolibarr"
|
DOLI_AUTH: "dolibarr"
|
||||||
DOLI_URL_ROOT: "https://${var.sub-domain}.${var.domain_name}"
|
DOLI_URL_ROOT: "https://${var.sub_domain}.${var.domain_name}"
|
||||||
DOLI_LDAP_PORT: "389"
|
DOLI_LDAP_PORT: "389"
|
||||||
DOLI_LDAP_VERSION: "3"
|
DOLI_LDAP_VERSION: "3"
|
||||||
DOLI_LDAP_SERVERTYPE: "openldap"
|
DOLI_LDAP_SERVERTYPE: "openldap"
|
||||||
|
|||||||
@@ -6,10 +6,10 @@ metadata:
|
|||||||
name: dolibarr
|
name: dolibarr
|
||||||
description: null
|
description: null
|
||||||
options:
|
options:
|
||||||
issuer:
|
sub_domain:
|
||||||
default: letsencrypt-prod
|
default: erp
|
||||||
examples:
|
examples:
|
||||||
- letsencrypt-prod
|
- erp
|
||||||
type: string
|
type: string
|
||||||
redis:
|
redis:
|
||||||
default:
|
default:
|
||||||
@@ -28,307 +28,11 @@ options:
|
|||||||
type: boolean
|
type: boolean
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
log-level:
|
|
||||||
default: 5
|
|
||||||
examples:
|
|
||||||
- 5
|
|
||||||
type: integer
|
|
||||||
storage:
|
|
||||||
default:
|
|
||||||
postgres:
|
|
||||||
size: 5Gi
|
|
||||||
redis:
|
|
||||||
size: 2Gi
|
|
||||||
volume:
|
|
||||||
accessMode: ReadWriteOnce
|
|
||||||
size: 1Gi
|
|
||||||
type: Filesystem
|
|
||||||
description: Configure this app storage
|
|
||||||
examples:
|
|
||||||
- postgres:
|
|
||||||
size: 5Gi
|
|
||||||
redis:
|
|
||||||
size: 2Gi
|
|
||||||
volume:
|
|
||||||
accessMode: ReadWriteOnce
|
|
||||||
size: 1Gi
|
|
||||||
type: Filesystem
|
|
||||||
properties:
|
|
||||||
postgres:
|
|
||||||
default:
|
|
||||||
size: 5Gi
|
|
||||||
properties:
|
|
||||||
size:
|
|
||||||
default: 5Gi
|
|
||||||
type: string
|
|
||||||
type: object
|
|
||||||
redis:
|
|
||||||
default:
|
|
||||||
size: 2Gi
|
|
||||||
properties:
|
|
||||||
size:
|
|
||||||
default: 2Gi
|
|
||||||
type: string
|
|
||||||
type: object
|
|
||||||
volume:
|
|
||||||
default:
|
|
||||||
accessMode: ReadWriteOnce
|
|
||||||
size: 1Gi
|
|
||||||
type: Filesystem
|
|
||||||
properties:
|
|
||||||
accessMode:
|
|
||||||
default: ReadWriteOnce
|
|
||||||
enum:
|
|
||||||
- ReadWriteOnce
|
|
||||||
- ReadOnlyMany
|
|
||||||
- ReadWriteMany
|
|
||||||
type: string
|
|
||||||
size:
|
|
||||||
default: 1Gi
|
|
||||||
type: string
|
|
||||||
type:
|
|
||||||
default: Filesystem
|
|
||||||
enum:
|
|
||||||
- Filesystem
|
|
||||||
- Block
|
|
||||||
type: string
|
|
||||||
type: object
|
|
||||||
type: object
|
|
||||||
domain:
|
|
||||||
default: your-company
|
|
||||||
examples:
|
|
||||||
- your-company
|
|
||||||
type: string
|
|
||||||
app_group:
|
app_group:
|
||||||
default: ''
|
default: ''
|
||||||
examples:
|
examples:
|
||||||
- ''
|
- ''
|
||||||
type: string
|
type: string
|
||||||
sub-domain:
|
|
||||||
default: erp
|
|
||||||
examples:
|
|
||||||
- erp
|
|
||||||
type: string
|
|
||||||
postgres:
|
|
||||||
default:
|
|
||||||
replicas: 1
|
|
||||||
examples:
|
|
||||||
- replicas: 1
|
|
||||||
properties:
|
|
||||||
replicas:
|
|
||||||
default: 1
|
|
||||||
type: integer
|
|
||||||
type: object
|
|
||||||
hpa:
|
|
||||||
default:
|
|
||||||
avg-cpu: 50
|
|
||||||
max-replicas: 5
|
|
||||||
min-replicas: 1
|
|
||||||
examples:
|
|
||||||
- avg-cpu: 50
|
|
||||||
max-replicas: 5
|
|
||||||
min-replicas: 1
|
|
||||||
properties:
|
|
||||||
avg-cpu:
|
|
||||||
default: 50
|
|
||||||
type: integer
|
|
||||||
max-replicas:
|
|
||||||
default: 5
|
|
||||||
type: integer
|
|
||||||
min-replicas:
|
|
||||||
default: 1
|
|
||||||
type: integer
|
|
||||||
type: object
|
|
||||||
resources:
|
|
||||||
default:
|
|
||||||
limits:
|
|
||||||
cpu: 200m
|
|
||||||
memory: 256Mi
|
|
||||||
requests:
|
|
||||||
cpu: 50m
|
|
||||||
memory: 100Mi
|
|
||||||
examples:
|
|
||||||
- limits:
|
|
||||||
cpu: 200m
|
|
||||||
memory: 256Mi
|
|
||||||
requests:
|
|
||||||
cpu: 50m
|
|
||||||
memory: 100Mi
|
|
||||||
properties:
|
|
||||||
limits:
|
|
||||||
default:
|
|
||||||
cpu: 200m
|
|
||||||
memory: 256Mi
|
|
||||||
properties:
|
|
||||||
cpu:
|
|
||||||
default: 200m
|
|
||||||
type: string
|
|
||||||
memory:
|
|
||||||
default: 256Mi
|
|
||||||
type: string
|
|
||||||
type: object
|
|
||||||
requests:
|
|
||||||
default:
|
|
||||||
cpu: 50m
|
|
||||||
memory: 100Mi
|
|
||||||
properties:
|
|
||||||
cpu:
|
|
||||||
default: 50m
|
|
||||||
type: string
|
|
||||||
memory:
|
|
||||||
default: 100Mi
|
|
||||||
type: string
|
|
||||||
type: object
|
|
||||||
type: object
|
|
||||||
parameters:
|
|
||||||
default:
|
|
||||||
MAIN_LANG_DEFAULT: auto
|
|
||||||
examples:
|
|
||||||
- MAIN_LANG_DEFAULT: auto
|
|
||||||
properties:
|
|
||||||
MAIN_LANG_DEFAULT:
|
|
||||||
default: auto
|
|
||||||
type: string
|
|
||||||
type: object
|
|
||||||
ingress_class:
|
|
||||||
default: traefik
|
|
||||||
examples:
|
|
||||||
- traefik
|
|
||||||
type: string
|
|
||||||
backups:
|
|
||||||
default:
|
|
||||||
enable: false
|
|
||||||
endpoint: ''
|
|
||||||
key-id-key: s3-id
|
|
||||||
restic-key: bck-password
|
|
||||||
retention:
|
|
||||||
db: 30d
|
|
||||||
keepDaily: 14
|
|
||||||
keepMonthly: 12
|
|
||||||
keepWeekly: 6
|
|
||||||
keepYearly: 12
|
|
||||||
schedule:
|
|
||||||
backup: 20 3 * * *
|
|
||||||
check: 20 5 * * 1
|
|
||||||
db: 0 3 * * *
|
|
||||||
prune: 20 1 * * 0
|
|
||||||
secret-key: s3-secret
|
|
||||||
secret-name: backup-settings
|
|
||||||
use-barman: false
|
|
||||||
examples:
|
|
||||||
- enable: false
|
|
||||||
endpoint: ''
|
|
||||||
key-id-key: s3-id
|
|
||||||
restic-key: bck-password
|
|
||||||
retention:
|
|
||||||
db: 30d
|
|
||||||
keepDaily: 14
|
|
||||||
keepMonthly: 12
|
|
||||||
keepWeekly: 6
|
|
||||||
keepYearly: 12
|
|
||||||
schedule:
|
|
||||||
backup: 20 3 * * *
|
|
||||||
check: 20 5 * * 1
|
|
||||||
db: 0 3 * * *
|
|
||||||
prune: 20 1 * * 0
|
|
||||||
secret-key: s3-secret
|
|
||||||
secret-name: backup-settings
|
|
||||||
use-barman: false
|
|
||||||
properties:
|
|
||||||
enable:
|
|
||||||
default: false
|
|
||||||
type: boolean
|
|
||||||
endpoint:
|
|
||||||
default: ''
|
|
||||||
type: string
|
|
||||||
key-id-key:
|
|
||||||
default: s3-id
|
|
||||||
type: string
|
|
||||||
restic-key:
|
|
||||||
default: bck-password
|
|
||||||
type: string
|
|
||||||
retention:
|
|
||||||
default:
|
|
||||||
db: 30d
|
|
||||||
keepDaily: 14
|
|
||||||
keepMonthly: 12
|
|
||||||
keepWeekly: 6
|
|
||||||
keepYearly: 12
|
|
||||||
properties:
|
|
||||||
db:
|
|
||||||
default: 30d
|
|
||||||
type: string
|
|
||||||
keepDaily:
|
|
||||||
default: 14
|
|
||||||
type: integer
|
|
||||||
keepMonthly:
|
|
||||||
default: 12
|
|
||||||
type: integer
|
|
||||||
keepWeekly:
|
|
||||||
default: 6
|
|
||||||
type: integer
|
|
||||||
keepYearly:
|
|
||||||
default: 12
|
|
||||||
type: integer
|
|
||||||
type: object
|
|
||||||
schedule:
|
|
||||||
default:
|
|
||||||
backup: 20 3 * * *
|
|
||||||
check: 20 5 * * 1
|
|
||||||
db: 0 3 * * *
|
|
||||||
prune: 20 1 * * 0
|
|
||||||
properties:
|
|
||||||
backup:
|
|
||||||
default: 20 3 * * *
|
|
||||||
type: string
|
|
||||||
check:
|
|
||||||
default: 20 5 * * 1
|
|
||||||
type: string
|
|
||||||
db:
|
|
||||||
default: 0 3 * * *
|
|
||||||
type: string
|
|
||||||
prune:
|
|
||||||
default: 20 1 * * 0
|
|
||||||
type: string
|
|
||||||
type: object
|
|
||||||
secret-key:
|
|
||||||
default: s3-secret
|
|
||||||
type: string
|
|
||||||
secret-name:
|
|
||||||
default: backup-settings
|
|
||||||
type: string
|
|
||||||
use-barman:
|
|
||||||
default: false
|
|
||||||
type: boolean
|
|
||||||
type: object
|
|
||||||
modules:
|
|
||||||
default:
|
|
||||||
- societe
|
|
||||||
examples:
|
|
||||||
- - societe
|
|
||||||
items:
|
|
||||||
type: string
|
|
||||||
type: array
|
|
||||||
domain_name:
|
|
||||||
default: your_company.com
|
|
||||||
examples:
|
|
||||||
- your_company.com
|
|
||||||
type: string
|
|
||||||
user-groups:
|
|
||||||
default:
|
|
||||||
- admin: true
|
|
||||||
name: dolibarr-admin
|
|
||||||
examples:
|
|
||||||
- - admin: true
|
|
||||||
name: dolibarr-admin
|
|
||||||
items:
|
|
||||||
properties:
|
|
||||||
admin:
|
|
||||||
type: boolean
|
|
||||||
name:
|
|
||||||
type: string
|
|
||||||
type: object
|
|
||||||
type: array
|
|
||||||
images:
|
images:
|
||||||
default:
|
default:
|
||||||
dolibarr:
|
dolibarr:
|
||||||
@@ -478,6 +182,302 @@ options:
|
|||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
issuer:
|
||||||
|
default: letsencrypt-prod
|
||||||
|
examples:
|
||||||
|
- letsencrypt-prod
|
||||||
|
type: string
|
||||||
|
resources:
|
||||||
|
default:
|
||||||
|
limits:
|
||||||
|
cpu: 200m
|
||||||
|
memory: 256Mi
|
||||||
|
requests:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 100Mi
|
||||||
|
examples:
|
||||||
|
- limits:
|
||||||
|
cpu: 200m
|
||||||
|
memory: 256Mi
|
||||||
|
requests:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 100Mi
|
||||||
|
properties:
|
||||||
|
limits:
|
||||||
|
default:
|
||||||
|
cpu: 200m
|
||||||
|
memory: 256Mi
|
||||||
|
properties:
|
||||||
|
cpu:
|
||||||
|
default: 200m
|
||||||
|
type: string
|
||||||
|
memory:
|
||||||
|
default: 256Mi
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
requests:
|
||||||
|
default:
|
||||||
|
cpu: 50m
|
||||||
|
memory: 100Mi
|
||||||
|
properties:
|
||||||
|
cpu:
|
||||||
|
default: 50m
|
||||||
|
type: string
|
||||||
|
memory:
|
||||||
|
default: 100Mi
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
ingress_class:
|
||||||
|
default: traefik
|
||||||
|
examples:
|
||||||
|
- traefik
|
||||||
|
type: string
|
||||||
|
modules:
|
||||||
|
default:
|
||||||
|
- societe
|
||||||
|
examples:
|
||||||
|
- - societe
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
storage:
|
||||||
|
default:
|
||||||
|
postgres:
|
||||||
|
size: 5Gi
|
||||||
|
redis:
|
||||||
|
size: 2Gi
|
||||||
|
volume:
|
||||||
|
accessMode: ReadWriteOnce
|
||||||
|
size: 10Gi
|
||||||
|
type: Filesystem
|
||||||
|
description: Configure this app storage
|
||||||
|
examples:
|
||||||
|
- postgres:
|
||||||
|
size: 5Gi
|
||||||
|
redis:
|
||||||
|
size: 2Gi
|
||||||
|
volume:
|
||||||
|
accessMode: ReadWriteOnce
|
||||||
|
size: 10Gi
|
||||||
|
type: Filesystem
|
||||||
|
properties:
|
||||||
|
postgres:
|
||||||
|
default:
|
||||||
|
size: 5Gi
|
||||||
|
properties:
|
||||||
|
size:
|
||||||
|
default: 5Gi
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
redis:
|
||||||
|
default:
|
||||||
|
size: 2Gi
|
||||||
|
properties:
|
||||||
|
size:
|
||||||
|
default: 2Gi
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
volume:
|
||||||
|
default:
|
||||||
|
accessMode: ReadWriteOnce
|
||||||
|
size: 10Gi
|
||||||
|
type: Filesystem
|
||||||
|
properties:
|
||||||
|
accessMode:
|
||||||
|
default: ReadWriteOnce
|
||||||
|
enum:
|
||||||
|
- ReadWriteOnce
|
||||||
|
- ReadOnlyMany
|
||||||
|
- ReadWriteMany
|
||||||
|
type: string
|
||||||
|
size:
|
||||||
|
default: 10Gi
|
||||||
|
type: string
|
||||||
|
type:
|
||||||
|
default: Filesystem
|
||||||
|
enum:
|
||||||
|
- Filesystem
|
||||||
|
- Block
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
parameters:
|
||||||
|
default:
|
||||||
|
MAIN_LANG_DEFAULT: auto
|
||||||
|
examples:
|
||||||
|
- MAIN_LANG_DEFAULT: auto
|
||||||
|
properties:
|
||||||
|
MAIN_LANG_DEFAULT:
|
||||||
|
default: auto
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
user-groups:
|
||||||
|
default:
|
||||||
|
- admin: true
|
||||||
|
name: dolibarr-admin
|
||||||
|
examples:
|
||||||
|
- - admin: true
|
||||||
|
name: dolibarr-admin
|
||||||
|
items:
|
||||||
|
properties:
|
||||||
|
admin:
|
||||||
|
type: boolean
|
||||||
|
name:
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
backups:
|
||||||
|
default:
|
||||||
|
enable: false
|
||||||
|
endpoint: ''
|
||||||
|
key_id_key: s3-id
|
||||||
|
restic_key: bck-password
|
||||||
|
retention:
|
||||||
|
db: 30d
|
||||||
|
keepDaily: 14
|
||||||
|
keepMonthly: 12
|
||||||
|
keepWeekly: 6
|
||||||
|
keepYearly: 12
|
||||||
|
schedule:
|
||||||
|
backup: 20 3 * * *
|
||||||
|
check: 20 5 * * 1
|
||||||
|
db: 0 3 * * *
|
||||||
|
prune: 20 1 * * 0
|
||||||
|
secret_key: s3-secret
|
||||||
|
secret_name: backup-settings
|
||||||
|
use_barman: false
|
||||||
|
examples:
|
||||||
|
- enable: false
|
||||||
|
endpoint: ''
|
||||||
|
key_id_key: s3-id
|
||||||
|
restic_key: bck-password
|
||||||
|
retention:
|
||||||
|
db: 30d
|
||||||
|
keepDaily: 14
|
||||||
|
keepMonthly: 12
|
||||||
|
keepWeekly: 6
|
||||||
|
keepYearly: 12
|
||||||
|
schedule:
|
||||||
|
backup: 20 3 * * *
|
||||||
|
check: 20 5 * * 1
|
||||||
|
db: 0 3 * * *
|
||||||
|
prune: 20 1 * * 0
|
||||||
|
secret_key: s3-secret
|
||||||
|
secret_name: backup-settings
|
||||||
|
use_barman: false
|
||||||
|
properties:
|
||||||
|
enable:
|
||||||
|
default: false
|
||||||
|
type: boolean
|
||||||
|
endpoint:
|
||||||
|
default: ''
|
||||||
|
type: string
|
||||||
|
key_id_key:
|
||||||
|
default: s3-id
|
||||||
|
type: string
|
||||||
|
restic_key:
|
||||||
|
default: bck-password
|
||||||
|
type: string
|
||||||
|
retention:
|
||||||
|
default:
|
||||||
|
db: 30d
|
||||||
|
keepDaily: 14
|
||||||
|
keepMonthly: 12
|
||||||
|
keepWeekly: 6
|
||||||
|
keepYearly: 12
|
||||||
|
properties:
|
||||||
|
db:
|
||||||
|
default: 30d
|
||||||
|
type: string
|
||||||
|
keepDaily:
|
||||||
|
default: 14
|
||||||
|
type: integer
|
||||||
|
keepMonthly:
|
||||||
|
default: 12
|
||||||
|
type: integer
|
||||||
|
keepWeekly:
|
||||||
|
default: 6
|
||||||
|
type: integer
|
||||||
|
keepYearly:
|
||||||
|
default: 12
|
||||||
|
type: integer
|
||||||
|
type: object
|
||||||
|
schedule:
|
||||||
|
default:
|
||||||
|
backup: 20 3 * * *
|
||||||
|
check: 20 5 * * 1
|
||||||
|
db: 0 3 * * *
|
||||||
|
prune: 20 1 * * 0
|
||||||
|
properties:
|
||||||
|
backup:
|
||||||
|
default: 20 3 * * *
|
||||||
|
type: string
|
||||||
|
check:
|
||||||
|
default: 20 5 * * 1
|
||||||
|
type: string
|
||||||
|
db:
|
||||||
|
default: 0 3 * * *
|
||||||
|
type: string
|
||||||
|
prune:
|
||||||
|
default: 20 1 * * 0
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
secret_key:
|
||||||
|
default: s3-secret
|
||||||
|
type: string
|
||||||
|
secret_name:
|
||||||
|
default: backup-settings
|
||||||
|
type: string
|
||||||
|
use_barman:
|
||||||
|
default: false
|
||||||
|
type: boolean
|
||||||
|
type: object
|
||||||
|
hpa:
|
||||||
|
default:
|
||||||
|
avg-cpu: 50
|
||||||
|
max-replicas: 5
|
||||||
|
min-replicas: 1
|
||||||
|
examples:
|
||||||
|
- avg-cpu: 50
|
||||||
|
max-replicas: 5
|
||||||
|
min-replicas: 1
|
||||||
|
properties:
|
||||||
|
avg-cpu:
|
||||||
|
default: 50
|
||||||
|
type: integer
|
||||||
|
max-replicas:
|
||||||
|
default: 5
|
||||||
|
type: integer
|
||||||
|
min-replicas:
|
||||||
|
default: 1
|
||||||
|
type: integer
|
||||||
|
type: object
|
||||||
|
domain:
|
||||||
|
default: your-company
|
||||||
|
examples:
|
||||||
|
- your-company
|
||||||
|
type: string
|
||||||
|
domain_name:
|
||||||
|
default: your_company.com
|
||||||
|
examples:
|
||||||
|
- your_company.com
|
||||||
|
type: string
|
||||||
|
postgres:
|
||||||
|
default:
|
||||||
|
replicas: 1
|
||||||
|
examples:
|
||||||
|
- replicas: 1
|
||||||
|
properties:
|
||||||
|
replicas:
|
||||||
|
default: 1
|
||||||
|
type: integer
|
||||||
|
type: object
|
||||||
|
log-level:
|
||||||
|
default: 5
|
||||||
|
examples:
|
||||||
|
- 5
|
||||||
|
type: integer
|
||||||
dependencies:
|
dependencies:
|
||||||
- dist: null
|
- dist: null
|
||||||
category: share
|
category: share
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
locals {
|
locals {
|
||||||
dns_names = ["${var.sub-domain}.${var.domain_name}"]
|
dns_names = ["${var.sub_domain}.${var.domain_name}"]
|
||||||
middlewares = ["${var.instance}-https"]
|
middlewares = ["${var.instance}-https"]
|
||||||
service = {
|
service = {
|
||||||
"name" = "${var.instance}"
|
"name" = "${var.instance}"
|
||||||
|
|||||||
@@ -5,7 +5,7 @@ data "kubernetes_secret_v1" "authentik" {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
locals {
|
locals {
|
||||||
base-dn = format("dc=%s", join(",dc=", split(".", format("%s.%s", var.sub-domain, var.domain_name))))
|
base-dn = format("dc=%s", join(",dc=", split(".", format("%s.%s", var.sub_domain, var.domain_name))))
|
||||||
base-group-dn = format("ou=groups,%s", local.base-dn)
|
base-group-dn = format("ou=groups,%s", local.base-dn)
|
||||||
base-user-dn = format("ou=users,%s", local.base-dn)
|
base-user-dn = format("ou=users,%s", local.base-dn)
|
||||||
authentik_url = "http://authentik.${var.domain}-auth.svc"
|
authentik_url = "http://authentik.${var.domain}-auth.svc"
|
||||||
|
|||||||
@@ -27,18 +27,18 @@ resource "kubectl_manifest" "prj_pg" {
|
|||||||
monitoring:
|
monitoring:
|
||||||
enablePodMonitor: true
|
enablePodMonitor: true
|
||||||
EOF
|
EOF
|
||||||
], var.backups.enable&&var.backups.use-barman?[<<-EOF
|
], var.backups.enable&&var.backups.use_barman?[<<-EOF
|
||||||
backup:
|
backup:
|
||||||
barmanObjectStore:
|
barmanObjectStore:
|
||||||
destinationPath: "s3://${var.instance}-${var.namespace}/"
|
destinationPath: "s3://${var.instance}-${var.namespace}/"
|
||||||
endpointURL: "${var.backups.endpoint}/barman"
|
endpointURL: "${var.backups.endpoint}/barman"
|
||||||
s3Credentials:
|
s3Credentials:
|
||||||
accessKeyId:
|
accessKeyId:
|
||||||
name: "${var.backups.secret-name}"
|
name: "${var.backups.secret_name}"
|
||||||
key: "${var.backups.key-id-key}"
|
key: "${var.backups.key_id_key}"
|
||||||
secretAccessKey:
|
secretAccessKey:
|
||||||
name: "${var.backups.secret-name}"
|
name: "${var.backups.secret_name}"
|
||||||
key: "${var.backups.secret-key}"
|
key: "${var.backups.secret_key}"
|
||||||
EOF
|
EOF
|
||||||
]:[""]))
|
]:[""]))
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -47,7 +47,7 @@ resource "authentik_provider_saml" "dolibarr" {
|
|||||||
name = "dolibarr-${var.instance}-saml"
|
name = "dolibarr-${var.instance}-saml"
|
||||||
authentication_flow = data.authentik_flow.default-authentication-flow.id
|
authentication_flow = data.authentik_flow.default-authentication-flow.id
|
||||||
authorization_flow = data.authentik_flow.default-authorization-flow.id
|
authorization_flow = data.authentik_flow.default-authorization-flow.id
|
||||||
acs_url = "https://${var.sub-domain}.${var.domain_name}/custom/samlconnector/acs.php?entity=1&fk_idp=0"
|
acs_url = "https://${var.sub_domain}.${var.domain_name}/custom/samlconnector/acs.php?entity=1&fk_idp=0"
|
||||||
property_mappings = data.authentik_property_mapping_saml.saml_maps.ids
|
property_mappings = data.authentik_property_mapping_saml.saml_maps.ids
|
||||||
name_id_mapping = data.authentik_property_mapping_saml.saml_name.id
|
name_id_mapping = data.authentik_property_mapping_saml.saml_name.id
|
||||||
signing_kp = data.authentik_certificate_key_pair.generated.id
|
signing_kp = data.authentik_certificate_key_pair.generated.id
|
||||||
|
|||||||
@@ -10,16 +10,16 @@ resource "kubectl_manifest" "backup_schedule" {
|
|||||||
spec:
|
spec:
|
||||||
backend:
|
backend:
|
||||||
repoPasswordSecretRef:
|
repoPasswordSecretRef:
|
||||||
key: "${var.backups.restic-key}"
|
key: "${var.backups.restic_key}"
|
||||||
name: "${var.backups.secret-name}"
|
name: "${var.backups.secret_name}"
|
||||||
s3:
|
s3:
|
||||||
accessKeyIDSecretRef:
|
accessKeyIDSecretRef:
|
||||||
key: "${var.backups.key-id-key}"
|
key: "${var.backups.key_id_key}"
|
||||||
name: "${var.backups.secret-name}"
|
name: "${var.backups.secret_name}"
|
||||||
bucket: "${var.instance}-${var.namespace}"
|
bucket: "${var.instance}-${var.namespace}"
|
||||||
endpoint: "${var.backups.endpoint}/restic"
|
endpoint: "${var.backups.endpoint}/restic"
|
||||||
secretAccessKeySecretRef:
|
secretAccessKeySecretRef:
|
||||||
key: "${var.backups.secret-key}"
|
key: "${var.backups.secret_key}"
|
||||||
name: "${var.backups.secret-name}"
|
name: "${var.backups.secret-name}"
|
||||||
backup:
|
backup:
|
||||||
schedule: "${var.backups.schedule.backup}"
|
schedule: "${var.backups.schedule.backup}"
|
||||||
|
|||||||
@@ -9,26 +9,6 @@ metadata:
|
|||||||
A painless self-hosted Git service.
|
A painless self-hosted Git service.
|
||||||
Gitea is a community managed lightweight code hosting solution written in Go. It is published under the MIT license.
|
Gitea is a community managed lightweight code hosting solution written in Go. It is published under the MIT license.
|
||||||
options:
|
options:
|
||||||
sub-domain:
|
|
||||||
default: git
|
|
||||||
examples:
|
|
||||||
- git
|
|
||||||
type: string
|
|
||||||
domain_name:
|
|
||||||
default: your_company.com
|
|
||||||
examples:
|
|
||||||
- your_company.com
|
|
||||||
type: string
|
|
||||||
load-balancer:
|
|
||||||
default:
|
|
||||||
ip: ''
|
|
||||||
examples:
|
|
||||||
- ip: ''
|
|
||||||
properties:
|
|
||||||
ip:
|
|
||||||
default: ''
|
|
||||||
type: string
|
|
||||||
type: object
|
|
||||||
disable-registration:
|
disable-registration:
|
||||||
default: true
|
default: true
|
||||||
examples:
|
examples:
|
||||||
@@ -51,6 +31,253 @@ options:
|
|||||||
type: boolean
|
type: boolean
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
theme:
|
||||||
|
default: gitea-modern
|
||||||
|
examples:
|
||||||
|
- gitea-modern
|
||||||
|
type: string
|
||||||
|
storage:
|
||||||
|
default:
|
||||||
|
postgres:
|
||||||
|
size: 10Gi
|
||||||
|
redis:
|
||||||
|
size: 2Gi
|
||||||
|
volume:
|
||||||
|
accessMode: ReadWriteOnce
|
||||||
|
size: 10Gi
|
||||||
|
type: Filesystem
|
||||||
|
description: Configure this app storage
|
||||||
|
examples:
|
||||||
|
- postgres:
|
||||||
|
size: 10Gi
|
||||||
|
redis:
|
||||||
|
size: 2Gi
|
||||||
|
volume:
|
||||||
|
accessMode: ReadWriteOnce
|
||||||
|
size: 10Gi
|
||||||
|
type: Filesystem
|
||||||
|
properties:
|
||||||
|
postgres:
|
||||||
|
default:
|
||||||
|
size: 10Gi
|
||||||
|
properties:
|
||||||
|
size:
|
||||||
|
default: 10Gi
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
redis:
|
||||||
|
default:
|
||||||
|
size: 2Gi
|
||||||
|
properties:
|
||||||
|
size:
|
||||||
|
default: 2Gi
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
volume:
|
||||||
|
default:
|
||||||
|
accessMode: ReadWriteOnce
|
||||||
|
size: 10Gi
|
||||||
|
type: Filesystem
|
||||||
|
properties:
|
||||||
|
accessMode:
|
||||||
|
default: ReadWriteOnce
|
||||||
|
enum:
|
||||||
|
- ReadWriteOnce
|
||||||
|
- ReadOnlyMany
|
||||||
|
- ReadWriteMany
|
||||||
|
type: string
|
||||||
|
size:
|
||||||
|
default: 10Gi
|
||||||
|
type: string
|
||||||
|
type:
|
||||||
|
default: Filesystem
|
||||||
|
enum:
|
||||||
|
- Filesystem
|
||||||
|
- Block
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
app_group:
|
||||||
|
default: dev
|
||||||
|
examples:
|
||||||
|
- dev
|
||||||
|
type: string
|
||||||
|
postgres:
|
||||||
|
default:
|
||||||
|
replicas: 1
|
||||||
|
examples:
|
||||||
|
- replicas: 1
|
||||||
|
properties:
|
||||||
|
replicas:
|
||||||
|
default: 1
|
||||||
|
type: integer
|
||||||
|
type: object
|
||||||
|
domain:
|
||||||
|
default: your-company
|
||||||
|
examples:
|
||||||
|
- your-company
|
||||||
|
type: string
|
||||||
|
ssh-sub_domain:
|
||||||
|
default: git
|
||||||
|
examples:
|
||||||
|
- git
|
||||||
|
type: string
|
||||||
|
backups:
|
||||||
|
default:
|
||||||
|
enable: false
|
||||||
|
endpoint: ''
|
||||||
|
key_id_key: s3-id
|
||||||
|
restic_key: bck-password
|
||||||
|
retention:
|
||||||
|
db: 30d
|
||||||
|
keepDaily: 14
|
||||||
|
keepMonthly: 12
|
||||||
|
keepWeekly: 6
|
||||||
|
keepYearly: 12
|
||||||
|
schedule:
|
||||||
|
backup: 10 3 * * *
|
||||||
|
check: 10 5 * * 1
|
||||||
|
db: 10 3 * * *
|
||||||
|
prune: 10 1 * * 0
|
||||||
|
secret_key: s3-secret
|
||||||
|
secret_name: backup-settings
|
||||||
|
use-barman: false
|
||||||
|
examples:
|
||||||
|
- enable: false
|
||||||
|
endpoint: ''
|
||||||
|
key_id_key: s3-id
|
||||||
|
restic_key: bck-password
|
||||||
|
retention:
|
||||||
|
db: 30d
|
||||||
|
keepDaily: 14
|
||||||
|
keepMonthly: 12
|
||||||
|
keepWeekly: 6
|
||||||
|
keepYearly: 12
|
||||||
|
schedule:
|
||||||
|
backup: 10 3 * * *
|
||||||
|
check: 10 5 * * 1
|
||||||
|
db: 10 3 * * *
|
||||||
|
prune: 10 1 * * 0
|
||||||
|
secret_key: s3-secret
|
||||||
|
secret_name: backup-settings
|
||||||
|
use-barman: false
|
||||||
|
properties:
|
||||||
|
enable:
|
||||||
|
default: false
|
||||||
|
type: boolean
|
||||||
|
endpoint:
|
||||||
|
default: ''
|
||||||
|
type: string
|
||||||
|
key_id_key:
|
||||||
|
default: s3-id
|
||||||
|
type: string
|
||||||
|
restic_key:
|
||||||
|
default: bck-password
|
||||||
|
type: string
|
||||||
|
retention:
|
||||||
|
default:
|
||||||
|
db: 30d
|
||||||
|
keepDaily: 14
|
||||||
|
keepMonthly: 12
|
||||||
|
keepWeekly: 6
|
||||||
|
keepYearly: 12
|
||||||
|
properties:
|
||||||
|
db:
|
||||||
|
default: 30d
|
||||||
|
type: string
|
||||||
|
keepDaily:
|
||||||
|
default: 14
|
||||||
|
type: integer
|
||||||
|
keepMonthly:
|
||||||
|
default: 12
|
||||||
|
type: integer
|
||||||
|
keepWeekly:
|
||||||
|
default: 6
|
||||||
|
type: integer
|
||||||
|
keepYearly:
|
||||||
|
default: 12
|
||||||
|
type: integer
|
||||||
|
type: object
|
||||||
|
schedule:
|
||||||
|
default:
|
||||||
|
backup: 10 3 * * *
|
||||||
|
check: 10 5 * * 1
|
||||||
|
db: 10 3 * * *
|
||||||
|
prune: 10 1 * * 0
|
||||||
|
properties:
|
||||||
|
backup:
|
||||||
|
default: 10 3 * * *
|
||||||
|
type: string
|
||||||
|
check:
|
||||||
|
default: 10 5 * * 1
|
||||||
|
type: string
|
||||||
|
db:
|
||||||
|
default: 10 3 * * *
|
||||||
|
type: string
|
||||||
|
prune:
|
||||||
|
default: 10 1 * * 0
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
secret_key:
|
||||||
|
default: s3-secret
|
||||||
|
type: string
|
||||||
|
secret_name:
|
||||||
|
default: backup-settings
|
||||||
|
type: string
|
||||||
|
use-barman:
|
||||||
|
default: false
|
||||||
|
type: boolean
|
||||||
|
type: object
|
||||||
|
admin:
|
||||||
|
default:
|
||||||
|
email: git-admin@git.your_company.com
|
||||||
|
name: gitea_admin
|
||||||
|
examples:
|
||||||
|
- email: git-admin@git.your_company.com
|
||||||
|
name: gitea_admin
|
||||||
|
properties:
|
||||||
|
email:
|
||||||
|
default: git-admin@git.your_company.com
|
||||||
|
type: string
|
||||||
|
name:
|
||||||
|
default: gitea_admin
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
webhook:
|
||||||
|
default:
|
||||||
|
allowed-hosts: private
|
||||||
|
skip-tls-verify: false
|
||||||
|
examples:
|
||||||
|
- allowed-hosts: private
|
||||||
|
skip-tls-verify: false
|
||||||
|
properties:
|
||||||
|
allowed-hosts:
|
||||||
|
default: private
|
||||||
|
type: string
|
||||||
|
skip-tls-verify:
|
||||||
|
default: false
|
||||||
|
type: boolean
|
||||||
|
type: object
|
||||||
|
release:
|
||||||
|
default: 8.3.0
|
||||||
|
examples:
|
||||||
|
- 8.3.0
|
||||||
|
type: string
|
||||||
|
ssh-port:
|
||||||
|
default: 2222
|
||||||
|
examples:
|
||||||
|
- 2222
|
||||||
|
type: integer
|
||||||
|
replicas:
|
||||||
|
default: 1
|
||||||
|
examples:
|
||||||
|
- 1
|
||||||
|
type: integer
|
||||||
|
default-branch:
|
||||||
|
default: main
|
||||||
|
examples:
|
||||||
|
- main
|
||||||
|
type: string
|
||||||
images:
|
images:
|
||||||
default:
|
default:
|
||||||
gitea:
|
gitea:
|
||||||
@@ -182,112 +409,36 @@ options:
|
|||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
backups:
|
domain_name:
|
||||||
default:
|
default: your_company.com
|
||||||
enable: false
|
|
||||||
endpoint: ''
|
|
||||||
key-id-key: s3-id
|
|
||||||
restic-key: bck-password
|
|
||||||
retention:
|
|
||||||
db: 30d
|
|
||||||
keepDaily: 14
|
|
||||||
keepMonthly: 12
|
|
||||||
keepWeekly: 6
|
|
||||||
keepYearly: 12
|
|
||||||
schedule:
|
|
||||||
backup: 10 3 * * *
|
|
||||||
check: 10 5 * * 1
|
|
||||||
db: 10 3 * * *
|
|
||||||
prune: 10 1 * * 0
|
|
||||||
secret-key: s3-secret
|
|
||||||
secret-name: backup-settings
|
|
||||||
use-barman: false
|
|
||||||
examples:
|
examples:
|
||||||
- enable: false
|
- your_company.com
|
||||||
endpoint: ''
|
type: string
|
||||||
key-id-key: s3-id
|
load-balancer:
|
||||||
restic-key: bck-password
|
default:
|
||||||
retention:
|
ip: ''
|
||||||
db: 30d
|
examples:
|
||||||
keepDaily: 14
|
- ip: ''
|
||||||
keepMonthly: 12
|
|
||||||
keepWeekly: 6
|
|
||||||
keepYearly: 12
|
|
||||||
schedule:
|
|
||||||
backup: 10 3 * * *
|
|
||||||
check: 10 5 * * 1
|
|
||||||
db: 10 3 * * *
|
|
||||||
prune: 10 1 * * 0
|
|
||||||
secret-key: s3-secret
|
|
||||||
secret-name: backup-settings
|
|
||||||
use-barman: false
|
|
||||||
properties:
|
properties:
|
||||||
enable:
|
ip:
|
||||||
default: false
|
|
||||||
type: boolean
|
|
||||||
endpoint:
|
|
||||||
default: ''
|
default: ''
|
||||||
type: string
|
type: string
|
||||||
key-id-key:
|
|
||||||
default: s3-id
|
|
||||||
type: string
|
|
||||||
restic-key:
|
|
||||||
default: bck-password
|
|
||||||
type: string
|
|
||||||
retention:
|
|
||||||
default:
|
|
||||||
db: 30d
|
|
||||||
keepDaily: 14
|
|
||||||
keepMonthly: 12
|
|
||||||
keepWeekly: 6
|
|
||||||
keepYearly: 12
|
|
||||||
properties:
|
|
||||||
db:
|
|
||||||
default: 30d
|
|
||||||
type: string
|
|
||||||
keepDaily:
|
|
||||||
default: 14
|
|
||||||
type: integer
|
|
||||||
keepMonthly:
|
|
||||||
default: 12
|
|
||||||
type: integer
|
|
||||||
keepWeekly:
|
|
||||||
default: 6
|
|
||||||
type: integer
|
|
||||||
keepYearly:
|
|
||||||
default: 12
|
|
||||||
type: integer
|
|
||||||
type: object
|
|
||||||
schedule:
|
|
||||||
default:
|
|
||||||
backup: 10 3 * * *
|
|
||||||
check: 10 5 * * 1
|
|
||||||
db: 10 3 * * *
|
|
||||||
prune: 10 1 * * 0
|
|
||||||
properties:
|
|
||||||
backup:
|
|
||||||
default: 10 3 * * *
|
|
||||||
type: string
|
|
||||||
check:
|
|
||||||
default: 10 5 * * 1
|
|
||||||
type: string
|
|
||||||
db:
|
|
||||||
default: 10 3 * * *
|
|
||||||
type: string
|
|
||||||
prune:
|
|
||||||
default: 10 1 * * 0
|
|
||||||
type: string
|
|
||||||
type: object
|
|
||||||
secret-key:
|
|
||||||
default: s3-secret
|
|
||||||
type: string
|
|
||||||
secret-name:
|
|
||||||
default: backup-settings
|
|
||||||
type: string
|
|
||||||
use-barman:
|
|
||||||
default: false
|
|
||||||
type: boolean
|
|
||||||
type: object
|
type: object
|
||||||
|
sub_domain:
|
||||||
|
default: git
|
||||||
|
examples:
|
||||||
|
- git
|
||||||
|
type: string
|
||||||
|
issuer:
|
||||||
|
default: letsencrypt-prod
|
||||||
|
examples:
|
||||||
|
- letsencrypt-prod
|
||||||
|
type: string
|
||||||
|
ingress_class:
|
||||||
|
default: traefik
|
||||||
|
examples:
|
||||||
|
- traefik
|
||||||
|
type: string
|
||||||
push-create:
|
push-create:
|
||||||
default:
|
default:
|
||||||
org: 'true'
|
org: 'true'
|
||||||
@@ -308,162 +459,11 @@ options:
|
|||||||
default: 'true'
|
default: 'true'
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
admin:
|
|
||||||
default:
|
|
||||||
email: git-admin@git.your_company.com
|
|
||||||
name: gitea_admin
|
|
||||||
examples:
|
|
||||||
- email: git-admin@git.your_company.com
|
|
||||||
name: gitea_admin
|
|
||||||
properties:
|
|
||||||
email:
|
|
||||||
default: git-admin@git.your_company.com
|
|
||||||
type: string
|
|
||||||
name:
|
|
||||||
default: gitea_admin
|
|
||||||
type: string
|
|
||||||
type: object
|
|
||||||
domain:
|
|
||||||
default: your-company
|
|
||||||
examples:
|
|
||||||
- your-company
|
|
||||||
type: string
|
|
||||||
timezone:
|
timezone:
|
||||||
default: Europe/Paris
|
default: Europe/Paris
|
||||||
examples:
|
examples:
|
||||||
- Europe/Paris
|
- Europe/Paris
|
||||||
type: string
|
type: string
|
||||||
theme:
|
|
||||||
default: gitea-modern
|
|
||||||
examples:
|
|
||||||
- gitea-modern
|
|
||||||
type: string
|
|
||||||
replicas:
|
|
||||||
default: 1
|
|
||||||
examples:
|
|
||||||
- 1
|
|
||||||
type: integer
|
|
||||||
webhook:
|
|
||||||
default:
|
|
||||||
allowed-hosts: private
|
|
||||||
skip-tls-verify: false
|
|
||||||
examples:
|
|
||||||
- allowed-hosts: private
|
|
||||||
skip-tls-verify: false
|
|
||||||
properties:
|
|
||||||
allowed-hosts:
|
|
||||||
default: private
|
|
||||||
type: string
|
|
||||||
skip-tls-verify:
|
|
||||||
default: false
|
|
||||||
type: boolean
|
|
||||||
type: object
|
|
||||||
default-branch:
|
|
||||||
default: main
|
|
||||||
examples:
|
|
||||||
- main
|
|
||||||
type: string
|
|
||||||
issuer:
|
|
||||||
default: letsencrypt-prod
|
|
||||||
examples:
|
|
||||||
- letsencrypt-prod
|
|
||||||
type: string
|
|
||||||
ssh-port:
|
|
||||||
default: 2222
|
|
||||||
examples:
|
|
||||||
- 2222
|
|
||||||
type: integer
|
|
||||||
ingress_class:
|
|
||||||
default: traefik
|
|
||||||
examples:
|
|
||||||
- traefik
|
|
||||||
type: string
|
|
||||||
release:
|
|
||||||
default: 8.3.0
|
|
||||||
examples:
|
|
||||||
- 8.3.0
|
|
||||||
type: string
|
|
||||||
storage:
|
|
||||||
default:
|
|
||||||
postgres:
|
|
||||||
size: 10Gi
|
|
||||||
redis:
|
|
||||||
size: 2Gi
|
|
||||||
volume:
|
|
||||||
accessMode: ReadWriteOnce
|
|
||||||
size: 10Gi
|
|
||||||
type: Filesystem
|
|
||||||
description: Configure this app storage
|
|
||||||
examples:
|
|
||||||
- postgres:
|
|
||||||
size: 10Gi
|
|
||||||
redis:
|
|
||||||
size: 2Gi
|
|
||||||
volume:
|
|
||||||
accessMode: ReadWriteOnce
|
|
||||||
size: 10Gi
|
|
||||||
type: Filesystem
|
|
||||||
properties:
|
|
||||||
postgres:
|
|
||||||
default:
|
|
||||||
size: 10Gi
|
|
||||||
properties:
|
|
||||||
size:
|
|
||||||
default: 10Gi
|
|
||||||
type: string
|
|
||||||
type: object
|
|
||||||
redis:
|
|
||||||
default:
|
|
||||||
size: 2Gi
|
|
||||||
properties:
|
|
||||||
size:
|
|
||||||
default: 2Gi
|
|
||||||
type: string
|
|
||||||
type: object
|
|
||||||
volume:
|
|
||||||
default:
|
|
||||||
accessMode: ReadWriteOnce
|
|
||||||
size: 10Gi
|
|
||||||
type: Filesystem
|
|
||||||
properties:
|
|
||||||
accessMode:
|
|
||||||
default: ReadWriteOnce
|
|
||||||
enum:
|
|
||||||
- ReadWriteOnce
|
|
||||||
- ReadOnlyMany
|
|
||||||
- ReadWriteMany
|
|
||||||
type: string
|
|
||||||
size:
|
|
||||||
default: 10Gi
|
|
||||||
type: string
|
|
||||||
type:
|
|
||||||
default: Filesystem
|
|
||||||
enum:
|
|
||||||
- Filesystem
|
|
||||||
- Block
|
|
||||||
type: string
|
|
||||||
type: object
|
|
||||||
type: object
|
|
||||||
ssh-sub-domain:
|
|
||||||
default: git
|
|
||||||
examples:
|
|
||||||
- git
|
|
||||||
type: string
|
|
||||||
app_group:
|
|
||||||
default: dev
|
|
||||||
examples:
|
|
||||||
- dev
|
|
||||||
type: string
|
|
||||||
postgres:
|
|
||||||
default:
|
|
||||||
replicas: 1
|
|
||||||
examples:
|
|
||||||
- replicas: 1
|
|
||||||
properties:
|
|
||||||
replicas:
|
|
||||||
default: 1
|
|
||||||
type: integer
|
|
||||||
type: object
|
|
||||||
dependencies:
|
dependencies:
|
||||||
- dist: null
|
- dist: null
|
||||||
category: share
|
category: share
|
||||||
|
|||||||
@@ -43,15 +43,15 @@ ROOT=/data/git/gitea-repositories
|
|||||||
EOF
|
EOF
|
||||||
server = <<-EOF
|
server = <<-EOF
|
||||||
APP_DATA_PATH=/data
|
APP_DATA_PATH=/data
|
||||||
DOMAIN=${var.sub-domain}.${var.domain_name}
|
DOMAIN=${var.sub_domain}.${var.domain_name}
|
||||||
ENABLE_PPROF=false
|
ENABLE_PPROF=false
|
||||||
HTTP_PORT=3000
|
HTTP_PORT=3000
|
||||||
PROTOCOL=http
|
PROTOCOL=http
|
||||||
ROOT_URL=https://${var.sub-domain}.${var.domain_name}
|
ROOT_URL=https://${var.sub_domain}.${var.domain_name}
|
||||||
SSH_DOMAIN=${var.sub-domain}.${var.domain_name}
|
SSH_DOMAIN=${var.sub_domain}.${var.domain_name}
|
||||||
SSH_LISTEN_PORT=2222
|
SSH_LISTEN_PORT=2222
|
||||||
SSH_PORT=${var.ssh-port}
|
SSH_PORT=${var.ssh-port}
|
||||||
SSH_DOMAIN=${var.ssh-sub-domain}.${var.domain_name}
|
SSH_DOMAIN=${var.ssh-sub_domain}.${var.domain_name}
|
||||||
START_SSH_SERVER=true
|
START_SSH_SERVER=true
|
||||||
EOF
|
EOF
|
||||||
ui = <<-EOF
|
ui = <<-EOF
|
||||||
|
|||||||
@@ -27,18 +27,18 @@ resource "kubectl_manifest" "prj_pg" {
|
|||||||
monitoring:
|
monitoring:
|
||||||
enablePodMonitor: true
|
enablePodMonitor: true
|
||||||
EOF
|
EOF
|
||||||
], var.backups.enable&&var.backups.use-barman?[<<-EOF
|
], var.backups.enable&&var.backups.use_barman?[<<-EOF
|
||||||
backup:
|
backup:
|
||||||
barmanObjectStore:
|
barmanObjectStore:
|
||||||
destinationPath: "s3://${var.instance}-${var.namespace}/"
|
destinationPath: "s3://${var.instance}-${var.namespace}/"
|
||||||
endpointURL: "${var.backups.endpoint}/barman"
|
endpointURL: "${var.backups.endpoint}/barman"
|
||||||
s3Credentials:
|
s3Credentials:
|
||||||
accessKeyId:
|
accessKeyId:
|
||||||
name: "${var.backups.secret-name}"
|
name: "${var.backups.secret_name}"
|
||||||
key: "${var.backups.key-id-key}"
|
key: "${var.backups.key_id_key}"
|
||||||
secretAccessKey:
|
secretAccessKey:
|
||||||
name: "${var.backups.secret-name}"
|
name: "${var.backups.secret_name}"
|
||||||
key: "${var.backups.secret-key}"
|
key: "${var.backups.secret_key}"
|
||||||
EOF
|
EOF
|
||||||
]:[""]))
|
]:[""]))
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
locals {
|
locals {
|
||||||
dns_name = "${var.sub-domain}.${var.domain_name}"
|
dns_name = "${var.sub_domain}.${var.domain_name}"
|
||||||
dns_names = [local.dns_name]
|
dns_names = [local.dns_name]
|
||||||
app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance)
|
app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance)
|
||||||
icon = "assets/img/logo.svg"
|
icon = "assets/img/logo.svg"
|
||||||
|
|||||||
@@ -65,7 +65,7 @@ options:
|
|||||||
examples:
|
examples:
|
||||||
- traefik
|
- traefik
|
||||||
type: string
|
type: string
|
||||||
sub-domain:
|
sub_domain:
|
||||||
default: gramo
|
default: gramo
|
||||||
examples:
|
examples:
|
||||||
- gramo
|
- gramo
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
locals {
|
locals {
|
||||||
dns_name = "${var.sub-domain}.${var.domain_name}"
|
dns_name = "${var.sub_domain}.${var.domain_name}"
|
||||||
dns_names = [local.dns_name]
|
dns_names = [local.dns_name]
|
||||||
app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance)
|
app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance)
|
||||||
icon = "icon.svg"
|
icon = "icon.svg"
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ options:
|
|||||||
examples:
|
examples:
|
||||||
- your_company.com
|
- your_company.com
|
||||||
type: string
|
type: string
|
||||||
sub-domain:
|
sub_domain:
|
||||||
default: api
|
default: api
|
||||||
examples:
|
examples:
|
||||||
- api
|
- api
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
locals {
|
locals {
|
||||||
dns_names = ["${var.sub-domain}.${var.domain_name}"]
|
dns_names = ["${var.sub_domain}.${var.domain_name}"]
|
||||||
middlewares = []
|
middlewares = []
|
||||||
services = [{
|
services = [{
|
||||||
"kind" = "Service"
|
"kind" = "Service"
|
||||||
|
|||||||
@@ -10,17 +10,17 @@ resource "kubectl_manifest" "backup_schedule" {
|
|||||||
spec:
|
spec:
|
||||||
backend:
|
backend:
|
||||||
repoPasswordSecretRef:
|
repoPasswordSecretRef:
|
||||||
key: "${var.backups.restic-key}"
|
key: "${var.backups.restic_key}"
|
||||||
name: "${var.backups.secret-name}"
|
name: "${var.backups.secret_name}"
|
||||||
s3:
|
s3:
|
||||||
accessKeyIDSecretRef:
|
accessKeyIDSecretRef:
|
||||||
key: "${var.backups.key-id-key}"
|
key: "${var.backups.key_id_key}"
|
||||||
name: "${var.backups.secret-name}"
|
name: "${var.backups.secret_name}"
|
||||||
bucket: "${var.instance}-${var.namespace}"
|
bucket: "${var.instance}-${var.namespace}"
|
||||||
endpoint: "${var.backups.endpoint}/restic"
|
endpoint: "${var.backups.endpoint}/restic"
|
||||||
secretAccessKeySecretRef:
|
secretAccessKeySecretRef:
|
||||||
key: "${var.backups.secret-key}"
|
key: "${var.backups.secret_key}"
|
||||||
name: "${var.backups.secret-name}"
|
name: "${var.backups.secret_name}"
|
||||||
backup:
|
backup:
|
||||||
schedule: "${var.backups.schedule.backup}"
|
schedule: "${var.backups.schedule.backup}"
|
||||||
failedJobsHistoryLimit: 2
|
failedJobsHistoryLimit: 2
|
||||||
|
|||||||
@@ -6,67 +6,6 @@ metadata:
|
|||||||
name: nextcloud
|
name: nextcloud
|
||||||
description: null
|
description: null
|
||||||
options:
|
options:
|
||||||
storage:
|
|
||||||
default:
|
|
||||||
postgres:
|
|
||||||
size: 5Gi
|
|
||||||
redis:
|
|
||||||
size: 2Gi
|
|
||||||
volume:
|
|
||||||
accessMode: ReadWriteOnce
|
|
||||||
size: 10Gi
|
|
||||||
type: Filesystem
|
|
||||||
description: Configure this app storage
|
|
||||||
examples:
|
|
||||||
- postgres:
|
|
||||||
size: 5Gi
|
|
||||||
redis:
|
|
||||||
size: 2Gi
|
|
||||||
volume:
|
|
||||||
accessMode: ReadWriteOnce
|
|
||||||
size: 10Gi
|
|
||||||
type: Filesystem
|
|
||||||
properties:
|
|
||||||
postgres:
|
|
||||||
default:
|
|
||||||
size: 5Gi
|
|
||||||
properties:
|
|
||||||
size:
|
|
||||||
default: 5Gi
|
|
||||||
type: string
|
|
||||||
type: object
|
|
||||||
redis:
|
|
||||||
default:
|
|
||||||
size: 2Gi
|
|
||||||
properties:
|
|
||||||
size:
|
|
||||||
default: 2Gi
|
|
||||||
type: string
|
|
||||||
type: object
|
|
||||||
volume:
|
|
||||||
default:
|
|
||||||
accessMode: ReadWriteOnce
|
|
||||||
size: 10Gi
|
|
||||||
type: Filesystem
|
|
||||||
properties:
|
|
||||||
accessMode:
|
|
||||||
default: ReadWriteOnce
|
|
||||||
enum:
|
|
||||||
- ReadWriteOnce
|
|
||||||
- ReadOnlyMany
|
|
||||||
- ReadWriteMany
|
|
||||||
type: string
|
|
||||||
size:
|
|
||||||
default: 10Gi
|
|
||||||
type: string
|
|
||||||
type:
|
|
||||||
default: Filesystem
|
|
||||||
enum:
|
|
||||||
- Filesystem
|
|
||||||
- Block
|
|
||||||
type: string
|
|
||||||
type: object
|
|
||||||
type: object
|
|
||||||
images:
|
images:
|
||||||
default:
|
default:
|
||||||
collabora:
|
collabora:
|
||||||
@@ -322,32 +261,37 @@ options:
|
|||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
hpa:
|
openid-name:
|
||||||
default:
|
default: vynil
|
||||||
avg-cpu: 50
|
|
||||||
max-replicas: 5
|
|
||||||
min-replicas: 1
|
|
||||||
examples:
|
examples:
|
||||||
- avg-cpu: 50
|
- vynil
|
||||||
max-replicas: 5
|
type: string
|
||||||
min-replicas: 1
|
postgres:
|
||||||
|
default:
|
||||||
|
replicas: 1
|
||||||
|
examples:
|
||||||
|
- replicas: 1
|
||||||
properties:
|
properties:
|
||||||
avg-cpu:
|
replicas:
|
||||||
default: 50
|
|
||||||
type: integer
|
|
||||||
max-replicas:
|
|
||||||
default: 5
|
|
||||||
type: integer
|
|
||||||
min-replicas:
|
|
||||||
default: 1
|
default: 1
|
||||||
type: integer
|
type: integer
|
||||||
type: object
|
type: object
|
||||||
|
sub_domain:
|
||||||
|
default: files
|
||||||
|
examples:
|
||||||
|
- files
|
||||||
|
type: string
|
||||||
|
ingress_class:
|
||||||
|
default: traefik
|
||||||
|
examples:
|
||||||
|
- traefik
|
||||||
|
type: string
|
||||||
backups:
|
backups:
|
||||||
default:
|
default:
|
||||||
enable: false
|
enable: false
|
||||||
endpoint: ''
|
endpoint: ''
|
||||||
key-id-key: s3-id
|
key_id_key: s3-id
|
||||||
restic-key: bck-password
|
restic_key: bck-password
|
||||||
retention:
|
retention:
|
||||||
db: 30d
|
db: 30d
|
||||||
keepDaily: 14
|
keepDaily: 14
|
||||||
@@ -359,14 +303,14 @@ options:
|
|||||||
check: 30 5 * * 1
|
check: 30 5 * * 1
|
||||||
db: 30 3 * * *
|
db: 30 3 * * *
|
||||||
prune: 30 1 * * 0
|
prune: 30 1 * * 0
|
||||||
secret-key: s3-secret
|
secret_key: s3-secret
|
||||||
secret-name: backup-settings
|
secret_name: backup-settings
|
||||||
use-barman: false
|
use_barman: false
|
||||||
examples:
|
examples:
|
||||||
- enable: false
|
- enable: false
|
||||||
endpoint: ''
|
endpoint: ''
|
||||||
key-id-key: s3-id
|
key_id_key: s3-id
|
||||||
restic-key: bck-password
|
restic_key: bck-password
|
||||||
retention:
|
retention:
|
||||||
db: 30d
|
db: 30d
|
||||||
keepDaily: 14
|
keepDaily: 14
|
||||||
@@ -378,9 +322,9 @@ options:
|
|||||||
check: 30 5 * * 1
|
check: 30 5 * * 1
|
||||||
db: 30 3 * * *
|
db: 30 3 * * *
|
||||||
prune: 30 1 * * 0
|
prune: 30 1 * * 0
|
||||||
secret-key: s3-secret
|
secret_key: s3-secret
|
||||||
secret-name: backup-settings
|
secret_name: backup-settings
|
||||||
use-barman: false
|
use_barman: false
|
||||||
properties:
|
properties:
|
||||||
enable:
|
enable:
|
||||||
default: false
|
default: false
|
||||||
@@ -388,10 +332,10 @@ options:
|
|||||||
endpoint:
|
endpoint:
|
||||||
default: ''
|
default: ''
|
||||||
type: string
|
type: string
|
||||||
key-id-key:
|
key_id_key:
|
||||||
default: s3-id
|
default: s3-id
|
||||||
type: string
|
type: string
|
||||||
restic-key:
|
restic_key:
|
||||||
default: bck-password
|
default: bck-password
|
||||||
type: string
|
type: string
|
||||||
retention:
|
retention:
|
||||||
@@ -438,41 +382,77 @@ options:
|
|||||||
default: 30 1 * * 0
|
default: 30 1 * * 0
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
secret-key:
|
secret_key:
|
||||||
default: s3-secret
|
default: s3-secret
|
||||||
type: string
|
type: string
|
||||||
secret-name:
|
secret_name:
|
||||||
default: backup-settings
|
default: backup-settings
|
||||||
type: string
|
type: string
|
||||||
use-barman:
|
use_barman:
|
||||||
default: false
|
default: false
|
||||||
type: boolean
|
type: boolean
|
||||||
type: object
|
type: object
|
||||||
admin:
|
storage:
|
||||||
default:
|
default:
|
||||||
name: nextcloud_admin
|
postgres:
|
||||||
|
size: 5Gi
|
||||||
|
redis:
|
||||||
|
size: 2Gi
|
||||||
|
volume:
|
||||||
|
accessMode: ReadWriteOnce
|
||||||
|
size: 10Gi
|
||||||
|
type: Filesystem
|
||||||
|
description: Configure this app storage
|
||||||
examples:
|
examples:
|
||||||
- name: nextcloud_admin
|
- postgres:
|
||||||
|
size: 5Gi
|
||||||
|
redis:
|
||||||
|
size: 2Gi
|
||||||
|
volume:
|
||||||
|
accessMode: ReadWriteOnce
|
||||||
|
size: 10Gi
|
||||||
|
type: Filesystem
|
||||||
properties:
|
properties:
|
||||||
name:
|
postgres:
|
||||||
default: nextcloud_admin
|
default:
|
||||||
type: string
|
size: 5Gi
|
||||||
|
properties:
|
||||||
|
size:
|
||||||
|
default: 5Gi
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
redis:
|
||||||
|
default:
|
||||||
|
size: 2Gi
|
||||||
|
properties:
|
||||||
|
size:
|
||||||
|
default: 2Gi
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
volume:
|
||||||
|
default:
|
||||||
|
accessMode: ReadWriteOnce
|
||||||
|
size: 10Gi
|
||||||
|
type: Filesystem
|
||||||
|
properties:
|
||||||
|
accessMode:
|
||||||
|
default: ReadWriteOnce
|
||||||
|
enum:
|
||||||
|
- ReadWriteOnce
|
||||||
|
- ReadOnlyMany
|
||||||
|
- ReadWriteMany
|
||||||
|
type: string
|
||||||
|
size:
|
||||||
|
default: 10Gi
|
||||||
|
type: string
|
||||||
|
type:
|
||||||
|
default: Filesystem
|
||||||
|
enum:
|
||||||
|
- Filesystem
|
||||||
|
- Block
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
type: object
|
type: object
|
||||||
openid-name:
|
|
||||||
default: vynil
|
|
||||||
examples:
|
|
||||||
- vynil
|
|
||||||
type: string
|
|
||||||
domain_name:
|
|
||||||
default: your_company.com
|
|
||||||
examples:
|
|
||||||
- your_company.com
|
|
||||||
type: string
|
|
||||||
issuer:
|
|
||||||
default: letsencrypt-prod
|
|
||||||
examples:
|
|
||||||
- letsencrypt-prod
|
|
||||||
type: string
|
|
||||||
redis:
|
redis:
|
||||||
default:
|
default:
|
||||||
exporter:
|
exporter:
|
||||||
@@ -490,36 +470,56 @@ options:
|
|||||||
type: boolean
|
type: boolean
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
admin:
|
||||||
|
default:
|
||||||
|
name: nextcloud_admin
|
||||||
|
examples:
|
||||||
|
- name: nextcloud_admin
|
||||||
|
properties:
|
||||||
|
name:
|
||||||
|
default: nextcloud_admin
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
app_group:
|
app_group:
|
||||||
default: ''
|
default: ''
|
||||||
examples:
|
examples:
|
||||||
- ''
|
- ''
|
||||||
type: string
|
type: string
|
||||||
|
hpa:
|
||||||
|
default:
|
||||||
|
avg-cpu: 50
|
||||||
|
max-replicas: 5
|
||||||
|
min-replicas: 1
|
||||||
|
examples:
|
||||||
|
- avg-cpu: 50
|
||||||
|
max-replicas: 5
|
||||||
|
min-replicas: 1
|
||||||
|
properties:
|
||||||
|
avg-cpu:
|
||||||
|
default: 50
|
||||||
|
type: integer
|
||||||
|
max-replicas:
|
||||||
|
default: 5
|
||||||
|
type: integer
|
||||||
|
min-replicas:
|
||||||
|
default: 1
|
||||||
|
type: integer
|
||||||
|
type: object
|
||||||
|
issuer:
|
||||||
|
default: letsencrypt-prod
|
||||||
|
examples:
|
||||||
|
- letsencrypt-prod
|
||||||
|
type: string
|
||||||
|
domain_name:
|
||||||
|
default: your_company.com
|
||||||
|
examples:
|
||||||
|
- your_company.com
|
||||||
|
type: string
|
||||||
domain:
|
domain:
|
||||||
default: your-company
|
default: your-company
|
||||||
examples:
|
examples:
|
||||||
- your-company
|
- your-company
|
||||||
type: string
|
type: string
|
||||||
ingress_class:
|
|
||||||
default: traefik
|
|
||||||
examples:
|
|
||||||
- traefik
|
|
||||||
type: string
|
|
||||||
sub-domain:
|
|
||||||
default: files
|
|
||||||
examples:
|
|
||||||
- files
|
|
||||||
type: string
|
|
||||||
postgres:
|
|
||||||
default:
|
|
||||||
replicas: 1
|
|
||||||
examples:
|
|
||||||
- replicas: 1
|
|
||||||
properties:
|
|
||||||
replicas:
|
|
||||||
default: 1
|
|
||||||
type: integer
|
|
||||||
type: object
|
|
||||||
apps:
|
apps:
|
||||||
default:
|
default:
|
||||||
audioplayer: false
|
audioplayer: false
|
||||||
|
|||||||
@@ -27,18 +27,18 @@ resource "kubectl_manifest" "prj_pg" {
|
|||||||
monitoring:
|
monitoring:
|
||||||
enablePodMonitor: true
|
enablePodMonitor: true
|
||||||
EOF
|
EOF
|
||||||
], var.backups.enable&&var.backups.use-barman?[<<-EOF
|
], var.backups.enable&&var.backups.use_barman?[<<-EOF
|
||||||
backup:
|
backup:
|
||||||
barmanObjectStore:
|
barmanObjectStore:
|
||||||
destinationPath: "s3://${var.instance}-${var.namespace}/"
|
destinationPath: "s3://${var.instance}-${var.namespace}/"
|
||||||
endpointURL: "${var.backups.endpoint}/barman"
|
endpointURL: "${var.backups.endpoint}/barman"
|
||||||
s3Credentials:
|
s3Credentials:
|
||||||
accessKeyId:
|
accessKeyId:
|
||||||
name: "${var.backups.secret-name}"
|
name: "${var.backups.secret_name}"
|
||||||
key: "${var.backups.key-id-key}"
|
key: "${var.backups.key_id_key}"
|
||||||
secretAccessKey:
|
secretAccessKey:
|
||||||
name: "${var.backups.secret-name}"
|
name: "${var.backups.secret_name}"
|
||||||
key: "${var.backups.secret-key}"
|
key: "${var.backups.secret_key}"
|
||||||
EOF
|
EOF
|
||||||
]:[""]))
|
]:[""]))
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
locals {
|
locals {
|
||||||
dns_name = "${var.sub-domain}.${var.domain_name}"
|
dns_name = "${var.sub_domain}.${var.domain_name}"
|
||||||
dns-collabora = "collabora.${local.dns_name}"
|
dns-collabora = "collabora.${local.dns_name}"
|
||||||
dns-onlyoffice = "onlyoffice.${local.dns_name}"
|
dns-onlyoffice = "onlyoffice.${local.dns_name}"
|
||||||
dns_names = [local.dns_name]
|
dns_names = [local.dns_name]
|
||||||
|
|||||||
@@ -26,7 +26,7 @@ options:
|
|||||||
examples:
|
examples:
|
||||||
- infra
|
- infra
|
||||||
type: string
|
type: string
|
||||||
sub-domain:
|
sub_domain:
|
||||||
default: okd
|
default: okd
|
||||||
examples:
|
examples:
|
||||||
- okd
|
- okd
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
locals {
|
locals {
|
||||||
dns_name = "${var.sub-domain}.${var.domain_name}"
|
dns_name = "${var.sub_domain}.${var.domain_name}"
|
||||||
dns_names = [local.dns_name]
|
dns_names = [local.dns_name]
|
||||||
app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance)
|
app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance)
|
||||||
icon = "static/assets/okd-logo.svg"
|
icon = "static/assets/okd-logo.svg"
|
||||||
|
|||||||
@@ -11,7 +11,7 @@ options:
|
|||||||
examples:
|
examples:
|
||||||
- traefik
|
- traefik
|
||||||
type: string
|
type: string
|
||||||
sub-domain:
|
sub_domain:
|
||||||
default: sonar
|
default: sonar
|
||||||
examples:
|
examples:
|
||||||
- sonar
|
- sonar
|
||||||
|
|||||||
@@ -6,7 +6,7 @@ metadata:
|
|||||||
name: traefik-ui
|
name: traefik-ui
|
||||||
description: Access to the Traefik UI
|
description: Access to the Traefik UI
|
||||||
options:
|
options:
|
||||||
sub-domain:
|
sub_domain:
|
||||||
default: traefik
|
default: traefik
|
||||||
examples:
|
examples:
|
||||||
- traefik
|
- traefik
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
locals {
|
locals {
|
||||||
dns_name = "${var.sub-domain}.${var.domain_name}"
|
dns_name = "${var.sub_domain}.${var.domain_name}"
|
||||||
dns_names = [local.dns_name]
|
dns_names = [local.dns_name]
|
||||||
app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance)
|
app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance)
|
||||||
icon = "dashboard/statics/icons/favicon-96x96.png"
|
icon = "dashboard/statics/icons/favicon-96x96.png"
|
||||||
|
|||||||
@@ -150,9 +150,9 @@ data "kustomization_overlay" "data" {
|
|||||||
- name: WOODPECKER_ADMIN
|
- name: WOODPECKER_ADMIN
|
||||||
value: "${var.admin-users}"
|
value: "${var.admin-users}"
|
||||||
- name: WOODPECKER_HOST
|
- name: WOODPECKER_HOST
|
||||||
value: "https://${var.sub-domain}.${var.domain_name}"
|
value: "https://${var.sub_domain}.${var.domain_name}"
|
||||||
- name: WOODPECKER_HOST
|
- name: WOODPECKER_HOST
|
||||||
value: "https://${var.sub-domain}.${var.domain_name}"
|
value: "https://${var.sub_domain}.${var.domain_name}"
|
||||||
envFrom:
|
envFrom:
|
||||||
- secretRef:
|
- secretRef:
|
||||||
name: woodpecker-secret
|
name: woodpecker-secret
|
||||||
|
|||||||
@@ -22,7 +22,7 @@ resource "gitea_oauth2_app" "prj" {
|
|||||||
name = var.component
|
name = var.component
|
||||||
confidential_client = true
|
confidential_client = true
|
||||||
redirect_uris = [
|
redirect_uris = [
|
||||||
"https://${var.sub-domain}.${var.domain_name}/authorize"
|
"https://${var.sub_domain}.${var.domain_name}/authorize"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ options:
|
|||||||
examples:
|
examples:
|
||||||
- letsencrypt-prod
|
- letsencrypt-prod
|
||||||
type: string
|
type: string
|
||||||
sub-domain:
|
sub_domain:
|
||||||
default: ci
|
default: ci
|
||||||
examples:
|
examples:
|
||||||
- ci
|
- ci
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
locals {
|
locals {
|
||||||
dns_name = "${var.sub-domain}.${var.domain_name}"
|
dns_name = "${var.sub_domain}.${var.domain_name}"
|
||||||
dns_names = [local.dns_name]
|
dns_names = [local.dns_name]
|
||||||
icon = "favicons/favicon-light-default.png"
|
icon = "favicons/favicon-light-default.png"
|
||||||
service = {
|
service = {
|
||||||
|
|||||||
@@ -248,7 +248,7 @@ options:
|
|||||||
examples:
|
examples:
|
||||||
- dev
|
- dev
|
||||||
type: string
|
type: string
|
||||||
stations-sub-domain:
|
stations-sub_domain:
|
||||||
default: code
|
default: code
|
||||||
examples:
|
examples:
|
||||||
- code
|
- code
|
||||||
|
|||||||
@@ -21,7 +21,7 @@ locals {
|
|||||||
"organisation" = org
|
"organisation" = org
|
||||||
"usage" = "station"
|
"usage" = "station"
|
||||||
"station" = station
|
"station" = station
|
||||||
"sub-domain" = "${station.name}.stations"
|
"sub_domain" = "${station.name}.stations"
|
||||||
}) if ds.name == dsname
|
}) if ds.name == dsname
|
||||||
]
|
]
|
||||||
]) if org.name == name
|
]) if org.name == name
|
||||||
|
|||||||
@@ -80,7 +80,7 @@ options:
|
|||||||
examples:
|
examples:
|
||||||
- traefik
|
- traefik
|
||||||
type: string
|
type: string
|
||||||
sub-domain:
|
sub_domain:
|
||||||
default: alertmanager
|
default: alertmanager
|
||||||
examples:
|
examples:
|
||||||
- alertmanager
|
- alertmanager
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
locals {
|
locals {
|
||||||
dns_name = "${var.sub-domain}.${var.domain_name}"
|
dns_name = "${var.sub_domain}.${var.domain_name}"
|
||||||
dns_names = [local.dns_name]
|
dns_names = [local.dns_name]
|
||||||
app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance)
|
app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance)
|
||||||
icon = "favicon.ico"
|
icon = "favicon.ico"
|
||||||
|
|||||||
@@ -113,7 +113,7 @@ options:
|
|||||||
examples:
|
examples:
|
||||||
- letsencrypt-prod
|
- letsencrypt-prod
|
||||||
type: string
|
type: string
|
||||||
sub-domain:
|
sub_domain:
|
||||||
default: grafana
|
default: grafana
|
||||||
examples:
|
examples:
|
||||||
- grafana
|
- grafana
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
locals {
|
locals {
|
||||||
dns_name = "${var.sub-domain}.${var.domain_name}"
|
dns_name = "${var.sub_domain}.${var.domain_name}"
|
||||||
dns_names = [local.dns_name]
|
dns_names = [local.dns_name]
|
||||||
app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance)
|
app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance)
|
||||||
icon = "public/img/grafana_icon.svg"
|
icon = "public/img/grafana_icon.svg"
|
||||||
|
|||||||
@@ -60,7 +60,7 @@ options:
|
|||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
sub-domain:
|
sub_domain:
|
||||||
default: to-be-set
|
default: to-be-set
|
||||||
examples:
|
examples:
|
||||||
- to-be-set
|
- to-be-set
|
||||||
|
|||||||
@@ -65,7 +65,7 @@ options:
|
|||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
sub-domain:
|
sub_domain:
|
||||||
default: prometheus
|
default: prometheus
|
||||||
examples:
|
examples:
|
||||||
- prometheus
|
- prometheus
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
locals {
|
locals {
|
||||||
dns_name = "${var.sub-domain}.${var.domain_name}"
|
dns_name = "${var.sub_domain}.${var.domain_name}"
|
||||||
dns_names = [local.dns_name]
|
dns_names = [local.dns_name]
|
||||||
app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance)
|
app_name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance)
|
||||||
icon = "favicon.ico"
|
icon = "favicon.ico"
|
||||||
|
|||||||
@@ -60,7 +60,7 @@ options:
|
|||||||
examples:
|
examples:
|
||||||
- your-company
|
- your-company
|
||||||
type: string
|
type: string
|
||||||
sub-domain:
|
sub_domain:
|
||||||
default: to-be-set
|
default: to-be-set
|
||||||
examples:
|
examples:
|
||||||
- to-be-set
|
- to-be-set
|
||||||
|
|||||||
@@ -21,7 +21,7 @@ options:
|
|||||||
examples:
|
examples:
|
||||||
- your_company.com
|
- your_company.com
|
||||||
type: string
|
type: string
|
||||||
sub-domain:
|
sub_domain:
|
||||||
default: null
|
default: null
|
||||||
ingress_class:
|
ingress_class:
|
||||||
default: traefik
|
default: traefik
|
||||||
|
|||||||
@@ -23,81 +23,6 @@ options:
|
|||||||
type: boolean
|
type: boolean
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
postgres:
|
|
||||||
default:
|
|
||||||
replicas: 1
|
|
||||||
examples:
|
|
||||||
- replicas: 1
|
|
||||||
properties:
|
|
||||||
replicas:
|
|
||||||
default: 1
|
|
||||||
type: integer
|
|
||||||
type: object
|
|
||||||
admin:
|
|
||||||
default:
|
|
||||||
email: auth-admin
|
|
||||||
examples:
|
|
||||||
- email: auth-admin
|
|
||||||
properties:
|
|
||||||
email:
|
|
||||||
default: auth-admin
|
|
||||||
type: string
|
|
||||||
type: object
|
|
||||||
domain:
|
|
||||||
default: your-company
|
|
||||||
examples:
|
|
||||||
- your-company
|
|
||||||
type: string
|
|
||||||
geoip:
|
|
||||||
default: /geoip/GeoLite2-City.mmdb
|
|
||||||
examples:
|
|
||||||
- /geoip/GeoLite2-City.mmdb
|
|
||||||
type: string
|
|
||||||
email:
|
|
||||||
default:
|
|
||||||
port: 587
|
|
||||||
timeout: 30
|
|
||||||
use_ssl: false
|
|
||||||
use_tls: false
|
|
||||||
examples:
|
|
||||||
- port: 587
|
|
||||||
timeout: 30
|
|
||||||
use_ssl: false
|
|
||||||
use_tls: false
|
|
||||||
properties:
|
|
||||||
port:
|
|
||||||
default: 587
|
|
||||||
type: integer
|
|
||||||
timeout:
|
|
||||||
default: 30
|
|
||||||
type: integer
|
|
||||||
use_ssl:
|
|
||||||
default: false
|
|
||||||
type: boolean
|
|
||||||
use_tls:
|
|
||||||
default: false
|
|
||||||
type: boolean
|
|
||||||
type: object
|
|
||||||
loglevel:
|
|
||||||
default: info
|
|
||||||
examples:
|
|
||||||
- info
|
|
||||||
type: string
|
|
||||||
sub-domain:
|
|
||||||
default: auth
|
|
||||||
examples:
|
|
||||||
- auth
|
|
||||||
type: string
|
|
||||||
domain_name:
|
|
||||||
default: your_company.com
|
|
||||||
examples:
|
|
||||||
- your_company.com
|
|
||||||
type: string
|
|
||||||
issuer:
|
|
||||||
default: letsencrypt-prod
|
|
||||||
examples:
|
|
||||||
- letsencrypt-prod
|
|
||||||
type: string
|
|
||||||
error_reporting:
|
error_reporting:
|
||||||
default:
|
default:
|
||||||
enabled: false
|
enabled: false
|
||||||
@@ -118,34 +43,29 @@ options:
|
|||||||
default: false
|
default: false
|
||||||
type: boolean
|
type: boolean
|
||||||
type: object
|
type: object
|
||||||
ingress_class:
|
|
||||||
default: traefik
|
|
||||||
examples:
|
|
||||||
- traefik
|
|
||||||
type: string
|
|
||||||
backups:
|
backups:
|
||||||
default:
|
default:
|
||||||
enable: false
|
enable: false
|
||||||
endpoint: ''
|
endpoint: ''
|
||||||
key-id-key: s3-id
|
key_id_key: s3-id
|
||||||
retention:
|
retention:
|
||||||
db: 30d
|
db: 30d
|
||||||
schedule:
|
schedule:
|
||||||
db: 0 3 * * *
|
db: 0 3 * * *
|
||||||
secret-key: s3-secret
|
secret_key: s3-secret
|
||||||
secret-name: backup-settings
|
secret_name: backup-settings
|
||||||
use-barman: false
|
use_barman: false
|
||||||
examples:
|
examples:
|
||||||
- enable: false
|
- enable: false
|
||||||
endpoint: ''
|
endpoint: ''
|
||||||
key-id-key: s3-id
|
key_id_key: s3-id
|
||||||
retention:
|
retention:
|
||||||
db: 30d
|
db: 30d
|
||||||
schedule:
|
schedule:
|
||||||
db: 0 3 * * *
|
db: 0 3 * * *
|
||||||
secret-key: s3-secret
|
secret_key: s3-secret
|
||||||
secret-name: backup-settings
|
secret_name: backup-settings
|
||||||
use-barman: false
|
use_barman: false
|
||||||
properties:
|
properties:
|
||||||
enable:
|
enable:
|
||||||
default: false
|
default: false
|
||||||
@@ -153,7 +73,7 @@ options:
|
|||||||
endpoint:
|
endpoint:
|
||||||
default: ''
|
default: ''
|
||||||
type: string
|
type: string
|
||||||
key-id-key:
|
key_id_key:
|
||||||
default: s3-id
|
default: s3-id
|
||||||
type: string
|
type: string
|
||||||
retention:
|
retention:
|
||||||
@@ -172,45 +92,46 @@ options:
|
|||||||
default: 0 3 * * *
|
default: 0 3 * * *
|
||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
secret-key:
|
secret_key:
|
||||||
default: s3-secret
|
default: s3-secret
|
||||||
type: string
|
type: string
|
||||||
secret-name:
|
secret_name:
|
||||||
default: backup-settings
|
default: backup-settings
|
||||||
type: string
|
type: string
|
||||||
use-barman:
|
use_barman:
|
||||||
default: false
|
default: false
|
||||||
type: boolean
|
type: boolean
|
||||||
type: object
|
type: object
|
||||||
storage:
|
issuer:
|
||||||
default:
|
default: letsencrypt-prod
|
||||||
postgres:
|
|
||||||
size: 8Gi
|
|
||||||
redis:
|
|
||||||
size: 8Gi
|
|
||||||
examples:
|
examples:
|
||||||
- postgres:
|
- letsencrypt-prod
|
||||||
size: 8Gi
|
type: string
|
||||||
redis:
|
postgres:
|
||||||
size: 8Gi
|
default:
|
||||||
|
replicas: 1
|
||||||
|
examples:
|
||||||
|
- replicas: 1
|
||||||
properties:
|
properties:
|
||||||
postgres:
|
replicas:
|
||||||
default:
|
default: 1
|
||||||
size: 8Gi
|
type: integer
|
||||||
properties:
|
|
||||||
size:
|
|
||||||
default: 8Gi
|
|
||||||
type: string
|
|
||||||
type: object
|
|
||||||
redis:
|
|
||||||
default:
|
|
||||||
size: 8Gi
|
|
||||||
properties:
|
|
||||||
size:
|
|
||||||
default: 8Gi
|
|
||||||
type: string
|
|
||||||
type: object
|
|
||||||
type: object
|
type: object
|
||||||
|
sub_domain:
|
||||||
|
default: auth
|
||||||
|
examples:
|
||||||
|
- auth
|
||||||
|
type: string
|
||||||
|
ingress_class:
|
||||||
|
default: traefik
|
||||||
|
examples:
|
||||||
|
- traefik
|
||||||
|
type: string
|
||||||
|
domain_name:
|
||||||
|
default: your_company.com
|
||||||
|
examples:
|
||||||
|
- your_company.com
|
||||||
|
type: string
|
||||||
images:
|
images:
|
||||||
default:
|
default:
|
||||||
app:
|
app:
|
||||||
@@ -348,6 +269,85 @@ options:
|
|||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
domain:
|
||||||
|
default: your-company
|
||||||
|
examples:
|
||||||
|
- your-company
|
||||||
|
type: string
|
||||||
|
loglevel:
|
||||||
|
default: info
|
||||||
|
examples:
|
||||||
|
- info
|
||||||
|
type: string
|
||||||
|
admin:
|
||||||
|
default:
|
||||||
|
email: auth-admin
|
||||||
|
examples:
|
||||||
|
- email: auth-admin
|
||||||
|
properties:
|
||||||
|
email:
|
||||||
|
default: auth-admin
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
storage:
|
||||||
|
default:
|
||||||
|
postgres:
|
||||||
|
size: 8Gi
|
||||||
|
redis:
|
||||||
|
size: 8Gi
|
||||||
|
examples:
|
||||||
|
- postgres:
|
||||||
|
size: 8Gi
|
||||||
|
redis:
|
||||||
|
size: 8Gi
|
||||||
|
properties:
|
||||||
|
postgres:
|
||||||
|
default:
|
||||||
|
size: 8Gi
|
||||||
|
properties:
|
||||||
|
size:
|
||||||
|
default: 8Gi
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
redis:
|
||||||
|
default:
|
||||||
|
size: 8Gi
|
||||||
|
properties:
|
||||||
|
size:
|
||||||
|
default: 8Gi
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
geoip:
|
||||||
|
default: /geoip/GeoLite2-City.mmdb
|
||||||
|
examples:
|
||||||
|
- /geoip/GeoLite2-City.mmdb
|
||||||
|
type: string
|
||||||
|
email:
|
||||||
|
default:
|
||||||
|
port: 587
|
||||||
|
timeout: 30
|
||||||
|
use_ssl: false
|
||||||
|
use_tls: false
|
||||||
|
examples:
|
||||||
|
- port: 587
|
||||||
|
timeout: 30
|
||||||
|
use_ssl: false
|
||||||
|
use_tls: false
|
||||||
|
properties:
|
||||||
|
port:
|
||||||
|
default: 587
|
||||||
|
type: integer
|
||||||
|
timeout:
|
||||||
|
default: 30
|
||||||
|
type: integer
|
||||||
|
use_ssl:
|
||||||
|
default: false
|
||||||
|
type: boolean
|
||||||
|
use_tls:
|
||||||
|
default: false
|
||||||
|
type: boolean
|
||||||
|
type: object
|
||||||
dependencies:
|
dependencies:
|
||||||
- dist: null
|
- dist: null
|
||||||
category: core
|
category: core
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
locals {
|
locals {
|
||||||
dns_names = ["${var.sub-domain}.${var.domain_name}"]
|
dns_names = ["${var.sub_domain}.${var.domain_name}"]
|
||||||
middlewares = ["${var.instance}-https"]
|
middlewares = ["${var.instance}-https"]
|
||||||
service = {
|
service = {
|
||||||
"name" = "${var.instance}"
|
"name" = "${var.instance}"
|
||||||
|
|||||||
@@ -30,18 +30,18 @@ resource "kubectl_manifest" "prj_pg" {
|
|||||||
monitoring:
|
monitoring:
|
||||||
enablePodMonitor: true
|
enablePodMonitor: true
|
||||||
EOF
|
EOF
|
||||||
], var.backups.enable&&var.backups.use-barman?[<<-EOF
|
], var.backups.enable&&var.backups.use_barman?[<<-EOF
|
||||||
backup:
|
backup:
|
||||||
barmanObjectStore:
|
barmanObjectStore:
|
||||||
destinationPath: "s3://${var.instance}-${var.namespace}/"
|
destinationPath: "s3://${var.instance}-${var.namespace}/"
|
||||||
endpointURL: "${var.backups.endpoint}/barman"
|
endpointURL: "${var.backups.endpoint}/barman"
|
||||||
s3Credentials:
|
s3Credentials:
|
||||||
accessKeyId:
|
accessKeyId:
|
||||||
name: "${var.backups.secret-name}"
|
name: "${var.backups.secret_name}"
|
||||||
key: "${var.backups.key-id-key}"
|
key: "${var.backups.key_id_key}"
|
||||||
secretAccessKey:
|
secretAccessKey:
|
||||||
name: "${var.backups.secret-name}"
|
name: "${var.backups.secret_name}"
|
||||||
key: "${var.backups.secret-key}"
|
key: "${var.backups.secret_key}"
|
||||||
EOF
|
EOF
|
||||||
]:[""]))
|
]:[""]))
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -51,7 +51,7 @@ resource "kubectl_manifest" "directus_config" {
|
|||||||
AUTH_PROVIDERS: "VYNIL"
|
AUTH_PROVIDERS: "VYNIL"
|
||||||
AUTH_VYNIL_DRIVER: "openid"
|
AUTH_VYNIL_DRIVER: "openid"
|
||||||
AUTH_VYNIL_ALLOW_PUBLIC_REGISTRATION: "true"
|
AUTH_VYNIL_ALLOW_PUBLIC_REGISTRATION: "true"
|
||||||
AUTH_VYNIL_ISSUER_URL: "https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}/application/o/directus-${replace(var.sub-domain, ".", "-")}-${var.instance}/.well-known/openid-configuration"
|
AUTH_VYNIL_ISSUER_URL: "https://${data.kubernetes_ingress_v1.authentik.spec[0].rule[0].host}/application/o/directus-${replace(var.sub_domain, ".", "-")}-${var.instance}/.well-known/openid-configuration"
|
||||||
AUTH_VYNIL_IDENTIFIER_KEY: "email"
|
AUTH_VYNIL_IDENTIFIER_KEY: "email"
|
||||||
PUBLIC_URL: "https://${local.directus-dns_name}"
|
PUBLIC_URL: "https://${local.directus-dns_name}"
|
||||||
EOF
|
EOF
|
||||||
@@ -133,12 +133,12 @@ resource "kubectl_manifest" "directus_deploy" {
|
|||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
key: "client-id"
|
key: "client-id"
|
||||||
name: "directus-${replace(var.sub-domain, ".", "-")}-${var.instance}-id"
|
name: "directus-${replace(var.sub_domain, ".", "-")}-${var.instance}-id"
|
||||||
- name: AUTH_VYNIL_CLIENT_SECRET
|
- name: AUTH_VYNIL_CLIENT_SECRET
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
key: "client-secret"
|
key: "client-secret"
|
||||||
name: "directus-${replace(var.sub-domain, ".", "-")}-${var.instance}-secret"
|
name: "directus-${replace(var.sub_domain, ".", "-")}-${var.instance}-secret"
|
||||||
- name: DB_USER
|
- name: DB_USER
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
@@ -230,7 +230,7 @@ module "directus-ingress" {
|
|||||||
module "directus-application" {
|
module "directus-application" {
|
||||||
count = var.extentions.directus.enable ? 1 : 0
|
count = var.extentions.directus.enable ? 1 : 0
|
||||||
source = "git::https://git.solidite.fr/vynil/kydah-modules.git//application"
|
source = "git::https://git.solidite.fr/vynil/kydah-modules.git//application"
|
||||||
component = "directus-${replace(var.sub-domain, ".", "-")}"
|
component = "directus-${replace(var.sub_domain, ".", "-")}"
|
||||||
instance = var.instance
|
instance = var.instance
|
||||||
app_group = var.app_group
|
app_group = var.app_group
|
||||||
dns_name = local.directus-dns_name
|
dns_name = local.directus-dns_name
|
||||||
@@ -244,7 +244,7 @@ module "directus-application" {
|
|||||||
module "directus-oauth2" {
|
module "directus-oauth2" {
|
||||||
count = var.extentions.directus.enable ? 1 : 0
|
count = var.extentions.directus.enable ? 1 : 0
|
||||||
source = "git::https://git.solidite.fr/vynil/kydah-modules.git//oauth2"
|
source = "git::https://git.solidite.fr/vynil/kydah-modules.git//oauth2"
|
||||||
component = "directus-${replace(var.sub-domain, ".", "-")}"
|
component = "directus-${replace(var.sub_domain, ".", "-")}"
|
||||||
domain = var.domain
|
domain = var.domain
|
||||||
instance = var.instance
|
instance = var.instance
|
||||||
namespace = var.namespace
|
namespace = var.namespace
|
||||||
|
|||||||
@@ -6,6 +6,69 @@ metadata:
|
|||||||
name: dataset-pg
|
name: dataset-pg
|
||||||
description: null
|
description: null
|
||||||
options:
|
options:
|
||||||
|
backups:
|
||||||
|
default:
|
||||||
|
enable: false
|
||||||
|
endpoint: ''
|
||||||
|
key_id_key: s3-id
|
||||||
|
retention:
|
||||||
|
db: 30d
|
||||||
|
schedule:
|
||||||
|
db: 0 3 * * *
|
||||||
|
secret_key: s3-secret
|
||||||
|
secret_name: backup-settings
|
||||||
|
examples:
|
||||||
|
- enable: false
|
||||||
|
endpoint: ''
|
||||||
|
key_id_key: s3-id
|
||||||
|
retention:
|
||||||
|
db: 30d
|
||||||
|
schedule:
|
||||||
|
db: 0 3 * * *
|
||||||
|
secret_key: s3-secret
|
||||||
|
secret_name: backup-settings
|
||||||
|
properties:
|
||||||
|
enable:
|
||||||
|
default: false
|
||||||
|
type: boolean
|
||||||
|
endpoint:
|
||||||
|
default: ''
|
||||||
|
type: string
|
||||||
|
key_id_key:
|
||||||
|
default: s3-id
|
||||||
|
type: string
|
||||||
|
retention:
|
||||||
|
default:
|
||||||
|
db: 30d
|
||||||
|
properties:
|
||||||
|
db:
|
||||||
|
default: 30d
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
schedule:
|
||||||
|
default:
|
||||||
|
db: 0 3 * * *
|
||||||
|
properties:
|
||||||
|
db:
|
||||||
|
default: 0 3 * * *
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
secret_key:
|
||||||
|
default: s3-secret
|
||||||
|
type: string
|
||||||
|
secret_name:
|
||||||
|
default: backup-settings
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
databases:
|
||||||
|
default: []
|
||||||
|
items:
|
||||||
|
properties:
|
||||||
|
name:
|
||||||
|
default: db
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
issuer:
|
issuer:
|
||||||
default: letsencrypt-prod
|
default: letsencrypt-prod
|
||||||
examples:
|
examples:
|
||||||
@@ -28,6 +91,31 @@ options:
|
|||||||
type: string
|
type: string
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
|
app_group:
|
||||||
|
default: api
|
||||||
|
examples:
|
||||||
|
- api
|
||||||
|
type: string
|
||||||
|
domain_name:
|
||||||
|
default: your_company.com
|
||||||
|
examples:
|
||||||
|
- your_company.com
|
||||||
|
type: string
|
||||||
|
postgres:
|
||||||
|
default:
|
||||||
|
replicas: 1
|
||||||
|
examples:
|
||||||
|
- replicas: 1
|
||||||
|
properties:
|
||||||
|
replicas:
|
||||||
|
default: 1
|
||||||
|
type: integer
|
||||||
|
type: object
|
||||||
|
ingress_class:
|
||||||
|
default: traefik
|
||||||
|
examples:
|
||||||
|
- traefik
|
||||||
|
type: string
|
||||||
roles:
|
roles:
|
||||||
default: []
|
default: []
|
||||||
items:
|
items:
|
||||||
@@ -42,6 +130,11 @@ options:
|
|||||||
examples:
|
examples:
|
||||||
- your-company
|
- your-company
|
||||||
type: string
|
type: string
|
||||||
|
sub_domain:
|
||||||
|
default: dataset-pg
|
||||||
|
examples:
|
||||||
|
- dataset-pg
|
||||||
|
type: string
|
||||||
extentions:
|
extentions:
|
||||||
default:
|
default:
|
||||||
directus:
|
directus:
|
||||||
@@ -223,99 +316,6 @@ options:
|
|||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
app_group:
|
|
||||||
default: api
|
|
||||||
examples:
|
|
||||||
- api
|
|
||||||
type: string
|
|
||||||
postgres:
|
|
||||||
default:
|
|
||||||
replicas: 1
|
|
||||||
examples:
|
|
||||||
- replicas: 1
|
|
||||||
properties:
|
|
||||||
replicas:
|
|
||||||
default: 1
|
|
||||||
type: integer
|
|
||||||
type: object
|
|
||||||
ingress_class:
|
|
||||||
default: traefik
|
|
||||||
examples:
|
|
||||||
- traefik
|
|
||||||
type: string
|
|
||||||
backups:
|
|
||||||
default:
|
|
||||||
enable: false
|
|
||||||
endpoint: ''
|
|
||||||
key-id-key: s3-id
|
|
||||||
retention:
|
|
||||||
db: 30d
|
|
||||||
schedule:
|
|
||||||
db: 0 3 * * *
|
|
||||||
secret-key: s3-secret
|
|
||||||
secret-name: backup-settings
|
|
||||||
examples:
|
|
||||||
- enable: false
|
|
||||||
endpoint: ''
|
|
||||||
key-id-key: s3-id
|
|
||||||
retention:
|
|
||||||
db: 30d
|
|
||||||
schedule:
|
|
||||||
db: 0 3 * * *
|
|
||||||
secret-key: s3-secret
|
|
||||||
secret-name: backup-settings
|
|
||||||
properties:
|
|
||||||
enable:
|
|
||||||
default: false
|
|
||||||
type: boolean
|
|
||||||
endpoint:
|
|
||||||
default: ''
|
|
||||||
type: string
|
|
||||||
key-id-key:
|
|
||||||
default: s3-id
|
|
||||||
type: string
|
|
||||||
retention:
|
|
||||||
default:
|
|
||||||
db: 30d
|
|
||||||
properties:
|
|
||||||
db:
|
|
||||||
default: 30d
|
|
||||||
type: string
|
|
||||||
type: object
|
|
||||||
schedule:
|
|
||||||
default:
|
|
||||||
db: 0 3 * * *
|
|
||||||
properties:
|
|
||||||
db:
|
|
||||||
default: 0 3 * * *
|
|
||||||
type: string
|
|
||||||
type: object
|
|
||||||
secret-key:
|
|
||||||
default: s3-secret
|
|
||||||
type: string
|
|
||||||
secret-name:
|
|
||||||
default: backup-settings
|
|
||||||
type: string
|
|
||||||
type: object
|
|
||||||
sub-domain:
|
|
||||||
default: dataset-pg
|
|
||||||
examples:
|
|
||||||
- dataset-pg
|
|
||||||
type: string
|
|
||||||
domain_name:
|
|
||||||
default: your_company.com
|
|
||||||
examples:
|
|
||||||
- your_company.com
|
|
||||||
type: string
|
|
||||||
databases:
|
|
||||||
default: []
|
|
||||||
items:
|
|
||||||
properties:
|
|
||||||
name:
|
|
||||||
default: db
|
|
||||||
type: string
|
|
||||||
type: object
|
|
||||||
type: array
|
|
||||||
images:
|
images:
|
||||||
default:
|
default:
|
||||||
postgresql:
|
postgresql:
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
locals {
|
locals {
|
||||||
dns_name = "${var.instance}.${var.sub-domain}.${var.domain_name}"
|
dns_name = "${var.instance}.${var.sub_domain}.${var.domain_name}"
|
||||||
pg-labels = merge(local.common-labels, {
|
pg-labels = merge(local.common-labels, {
|
||||||
"app.kubernetes.io/component" = "postgresql"
|
"app.kubernetes.io/component" = "postgresql"
|
||||||
})
|
})
|
||||||
@@ -35,11 +35,11 @@ resource "kubectl_manifest" "prj_pg" {
|
|||||||
endpointURL: "${var.backups.endpoint}/barman"
|
endpointURL: "${var.backups.endpoint}/barman"
|
||||||
s3Credentials:
|
s3Credentials:
|
||||||
accessKeyId:
|
accessKeyId:
|
||||||
name: "${var.backups.secret-name}"
|
name: "${var.backups.secret_name}"
|
||||||
key: "${var.backups.key-id-key}"
|
key: "${var.backups.key_id_key}"
|
||||||
secretAccessKey:
|
secretAccessKey:
|
||||||
name: "${var.backups.secret-name}"
|
name: "${var.backups.secret_name}"
|
||||||
key: "${var.backups.secret-key}"
|
key: "${var.backups.secret_key}"
|
||||||
EOF
|
EOF
|
||||||
]:[""]))
|
]:[""]))
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -26,7 +26,7 @@ locals {
|
|||||||
for name in local.sorted-dataset-name: [
|
for name in local.sorted-dataset-name: [
|
||||||
for ds in var.datasets:
|
for ds in var.datasets:
|
||||||
merge(ds,{
|
merge(ds,{
|
||||||
"sub-domain" = "${stage}.${var.instance}"
|
"sub_domain" = "${stage}.${var.instance}"
|
||||||
"namespace" = "${var.domain}-${var.instance}-${stage}"
|
"namespace" = "${var.domain}-${var.instance}-${stage}"
|
||||||
}) if ds.name == name
|
}) if ds.name == name
|
||||||
]
|
]
|
||||||
|
|||||||
@@ -16,8 +16,8 @@ resource "authentik_application" "prj_app" {
|
|||||||
#protocol_provider = authentik_provider_oauth2.oauth2.id
|
#protocol_provider = authentik_provider_oauth2.oauth2.id
|
||||||
group = var.app_group
|
group = var.app_group
|
||||||
backchannel_providers = [authentik_provider_scim.scim.id]
|
backchannel_providers = [authentik_provider_scim.scim.id]
|
||||||
meta_launch_url = format("https://%s.%s", var.sub-domain, var.domain_name)
|
meta_launch_url = format("https://%s.%s", var.sub_domain, var.domain_name)
|
||||||
meta_icon = format("https://%s.%s/%s", var.sub-domain, var.domain_name, "favicon-32x32.png")
|
meta_icon = format("https://%s.%s/%s", var.sub_domain, var.domain_name, "favicon-32x32.png")
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "authentik_policy_expression" "policy" {
|
resource "authentik_policy_expression" "policy" {
|
||||||
|
|||||||
@@ -96,10 +96,10 @@ resource "kubernetes_config_map_v1" "haraka_config" {
|
|||||||
}
|
}
|
||||||
data = yamldecode(<<-EOF
|
data = yamldecode(<<-EOF
|
||||||
me: |-
|
me: |-
|
||||||
${var.sub-domain}.${var.domain_name}
|
${var.sub_domain}.${var.domain_name}
|
||||||
host_list: |-
|
host_list: |-
|
||||||
# add hosts in here we want to accept mail for
|
# add hosts in here we want to accept mail for
|
||||||
${var.sub-domain}.${var.domain_name}
|
${var.sub_domain}.${var.domain_name}
|
||||||
${var.domain_name}
|
${var.domain_name}
|
||||||
${join("\n ",var.additional-domains)}
|
${join("\n ",var.additional-domains)}
|
||||||
rspamd.ini: |-
|
rspamd.ini: |-
|
||||||
|
|||||||
@@ -43,7 +43,7 @@ options:
|
|||||||
examples:
|
examples:
|
||||||
- letsencrypt-prod
|
- letsencrypt-prod
|
||||||
type: string
|
type: string
|
||||||
sub-domain:
|
sub_domain:
|
||||||
default: mail
|
default: mail
|
||||||
examples:
|
examples:
|
||||||
- mail
|
- mail
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
locals {
|
locals {
|
||||||
dns_names = ["${var.sub-domain}.${var.domain_name}"]
|
dns_names = ["${var.sub_domain}.${var.domain_name}"]
|
||||||
cert-names = concat(local.dns_names, ["${var.domain_name}"])
|
cert-names = concat(local.dns_names, ["${var.domain_name}"])
|
||||||
middlewares = ["${var.instance}-https"]
|
middlewares = ["${var.instance}-https"]
|
||||||
service = {
|
service = {
|
||||||
|
|||||||
@@ -154,15 +154,15 @@ resource "kubernetes_config_map_v1" "webmail_config" {
|
|||||||
[setup]
|
[setup]
|
||||||
# these values are shown in the configuration help page
|
# these values are shown in the configuration help page
|
||||||
[setup.imap]
|
[setup.imap]
|
||||||
hostname="${var.sub-domain}.${var.domain_name}"
|
hostname="${var.sub_domain}.${var.domain_name}"
|
||||||
secure=true
|
secure=true
|
||||||
port=143
|
port=143
|
||||||
[setup.pop3]
|
[setup.pop3]
|
||||||
hostname="${var.sub-domain}.${var.domain_name}"
|
hostname="${var.sub_domain}.${var.domain_name}"
|
||||||
secure=true
|
secure=true
|
||||||
port=110
|
port=110
|
||||||
[setup.smtp]
|
[setup.smtp]
|
||||||
hostname="${var.sub-domain}.${var.domain_name}"
|
hostname="${var.sub_domain}.${var.domain_name}"
|
||||||
secure=true
|
secure=true
|
||||||
port=25
|
port=25
|
||||||
EOF
|
EOF
|
||||||
|
|||||||
@@ -173,7 +173,7 @@ resource "kubernetes_config_map_v1" "wildduck_config" {
|
|||||||
enabled=true
|
enabled=true
|
||||||
[smtp.setup]
|
[smtp.setup]
|
||||||
# Public configuration for SMTP MDA, needed for mobileconfig files
|
# Public configuration for SMTP MDA, needed for mobileconfig files
|
||||||
hostname="${var.sub-domain}.${var.domain_name}"
|
hostname="${var.sub_domain}.${var.domain_name}"
|
||||||
secure=true
|
secure=true
|
||||||
port=465
|
port=465
|
||||||
[webhooks]
|
[webhooks]
|
||||||
@@ -312,7 +312,7 @@ resource "kubernetes_config_map_v1" "wildduck_config" {
|
|||||||
autoExpunge=true
|
autoExpunge=true
|
||||||
[setup]
|
[setup]
|
||||||
# Public configuration for IMAP
|
# Public configuration for IMAP
|
||||||
hostname="${var.sub-domain}.${var.domain_name}"
|
hostname="${var.sub_domain}.${var.domain_name}"
|
||||||
secure=true
|
secure=true
|
||||||
# port defaults to imap.port
|
# port defaults to imap.port
|
||||||
port=9930
|
port=9930
|
||||||
@@ -360,7 +360,7 @@ resource "kubernetes_config_map_v1" "wildduck_config" {
|
|||||||
cert="/var/opt/certs/tls.crt"
|
cert="/var/opt/certs/tls.crt"
|
||||||
[setup]
|
[setup]
|
||||||
# Public configuration for POP3
|
# Public configuration for POP3
|
||||||
hostname="${var.sub-domain}.${var.domain_name}"
|
hostname="${var.sub_domain}.${var.domain_name}"
|
||||||
secure=true
|
secure=true
|
||||||
# port defaults to pop3.port
|
# port defaults to pop3.port
|
||||||
port=995
|
port=995
|
||||||
|
|||||||
@@ -128,7 +128,7 @@ resource "kubernetes_config_map_v1" "zonemta_config" {
|
|||||||
# Server process must be able to locally bind to these addresses
|
# Server process must be able to locally bind to these addresses
|
||||||
[[default]]
|
[[default]]
|
||||||
address="0.0.0.0"
|
address="0.0.0.0"
|
||||||
name="${var.sub-domain}.${var.domain_name}"
|
name="${var.sub_domain}.${var.domain_name}"
|
||||||
#
|
#
|
||||||
#[[default]]
|
#[[default]]
|
||||||
#address="1.2.3.5"
|
#address="1.2.3.5"
|
||||||
@@ -145,7 +145,7 @@ resource "kubernetes_config_map_v1" "zonemta_config" {
|
|||||||
interfaces=["feeder"]
|
interfaces=["feeder"]
|
||||||
# optional hostname to be used in headers
|
# optional hostname to be used in headers
|
||||||
# defaults to os.hostname()
|
# defaults to os.hostname()
|
||||||
hostname="${var.sub-domain}.${var.domain_name}"
|
hostname="${var.sub_domain}.${var.domain_name}"
|
||||||
# How long to keep auth records in log
|
# How long to keep auth records in log
|
||||||
authlogExpireDays=30
|
authlogExpireDays=30
|
||||||
# default smtp recipients for 24h (can be overriden per user)
|
# default smtp recipients for 24h (can be overriden per user)
|
||||||
|
|||||||
Reference in New Issue
Block a user