From 3875aff2b21db11bd1abe987ea4d1055cbbdb4f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Huss?= Date: Fri, 11 Aug 2023 12:48:32 +0200 Subject: [PATCH] fix --- meta/domain-apps/apps.tf | 3 +- meta/domain-apps/index.yaml | 73 +++++++++++++++++++-------- meta/domain-auth/apps.tf | 3 +- meta/domain-auth/index.yaml | 87 +++++++++++++++++++++----------- meta/domain-ci/apps.tf | 3 +- meta/domain-ci/index.yaml | 60 ++++++++++++++++------ meta/domain-erp/apps.tf | 3 +- meta/domain-erp/index.yaml | 61 +++++++++++++++++------ meta/domain-infra/apps.tf | 1 + meta/domain-infra/index.yaml | 45 ++++++++++++++--- meta/domain-mail/apps.tf | 44 ++++++++++++++++ meta/domain-mail/index.yaml | 92 ++++++++++++++++++++++++++++++++++ meta/domain/index.yaml | 97 ++++++++++++++++++++++++------------ meta/domain/installs.tf | 3 +- share/wildduck/index.yaml | 76 +++++++++++++++++++--------- share/wildduck/mongo.tf | 19 +++++++ 16 files changed, 523 insertions(+), 147 deletions(-) create mode 100644 meta/domain-mail/apps.tf create mode 100644 meta/domain-mail/index.yaml diff --git a/meta/domain-apps/apps.tf b/meta/domain-apps/apps.tf index e71420b..a011cb3 100644 --- a/meta/domain-apps/apps.tf +++ b/meta/domain-apps/apps.tf @@ -1,6 +1,6 @@ locals { annotations = { - "vynil.solidite.fr/meta" = "domain-auth" + "vynil.solidite.fr/meta" = var.component "vynil.solidite.fr/name" = "${var.namespace}-auth" "vynil.solidite.fr/domain" = var.domain-name "vynil.solidite.fr/issuer" = var.issuer @@ -11,6 +11,7 @@ locals { "domain-name" = var.domain-name "issuer" = var.issuer "ingress-class" = var.ingress-class + "backups" = var.backups } nextcloud = { for k, v in var.nextcloud : k => v if k!="enable" } } diff --git a/meta/domain-apps/index.yaml b/meta/domain-apps/index.yaml index d938583..c8057cb 100644 --- a/meta/domain-apps/index.yaml +++ b/meta/domain-apps/index.yaml @@ -6,10 +6,25 @@ metadata: name: domain-apps description: null options: - ingress-class: - default: traefik + nextcloud: + default: + enable: false examples: - - traefik + - enable: false + properties: + enable: + default: false + type: boolean + type: object + domain-name: + default: your_company.com + examples: + - your_company.com + type: string + domain: + default: your-company + examples: + - your-company type: string distributions: default: @@ -26,31 +41,46 @@ options: default: domain type: string type: object - nextcloud: - default: - enable: false + ingress-class: + default: traefik examples: - - enable: false - properties: - enable: - default: false - type: boolean - type: object + - traefik + type: string issuer: default: letsencrypt-prod examples: - letsencrypt-prod type: string - domain-name: - default: your_company.com + backups: + default: + enable: false + endpoint: '' + key-id-key: s3-id + secret-key: s3-secret + secret-name: backup-settings examples: - - your_company.com - type: string - domain: - default: your-company - examples: - - your-company - type: string + - enable: false + endpoint: '' + key-id-key: s3-id + secret-key: s3-secret + secret-name: backup-settings + properties: + enable: + default: false + type: boolean + endpoint: + default: '' + type: string + key-id-key: + default: s3-id + type: string + secret-key: + default: s3-secret + type: string + secret-name: + default: backup-settings + type: string + type: object dependencies: [] providers: kubernetes: true @@ -59,3 +89,4 @@ providers: postgresql: null restapi: null http: null +tfaddtype: null diff --git a/meta/domain-auth/apps.tf b/meta/domain-auth/apps.tf index 8c1cd5f..9c81e8b 100644 --- a/meta/domain-auth/apps.tf +++ b/meta/domain-auth/apps.tf @@ -1,6 +1,6 @@ locals { annotations = { - "vynil.solidite.fr/meta" = "domain-auth" + "vynil.solidite.fr/meta" = var.component "vynil.solidite.fr/name" = "${var.namespace}-auth" "vynil.solidite.fr/domain" = var.domain-name "vynil.solidite.fr/issuer" = var.issuer @@ -11,6 +11,7 @@ locals { "domain-name" = var.domain-name "issuer" = var.issuer "ingress-class" = var.ingress-class + "backups" = var.backups } authentik = { for k, v in var.authentik : k => v if k!="enable" } authentik-ldap = { for k, v in var.authentik-ldap : k => v if k!="enable" } diff --git a/meta/domain-auth/index.yaml b/meta/domain-auth/index.yaml index 4df3845..61f8249 100644 --- a/meta/domain-auth/index.yaml +++ b/meta/domain-auth/index.yaml @@ -6,26 +6,6 @@ metadata: name: domain-auth description: null options: - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string - distributions: - default: - core: core - domain: domain - examples: - - core: core - domain: domain - properties: - core: - default: core - type: string - domain: - default: domain - type: string - type: object authentik: default: enable: true @@ -36,6 +16,16 @@ options: default: true type: boolean type: object + domain: + default: your-company + examples: + - your-company + type: string + ingress-class: + default: traefik + examples: + - traefik + type: string authentik-ldap: default: enable: false @@ -51,6 +41,51 @@ options: examples: - your_company.com type: string + backups: + default: + enable: false + endpoint: '' + key-id-key: s3-id + secret-key: s3-secret + secret-name: backup-settings + examples: + - enable: false + endpoint: '' + key-id-key: s3-id + secret-key: s3-secret + secret-name: backup-settings + properties: + enable: + default: false + type: boolean + endpoint: + default: '' + type: string + key-id-key: + default: s3-id + type: string + secret-key: + default: s3-secret + type: string + secret-name: + default: backup-settings + type: string + type: object + distributions: + default: + core: core + domain: domain + examples: + - core: core + domain: domain + properties: + core: + default: core + type: string + domain: + default: domain + type: string + type: object authentik-forward: default: enable: false @@ -61,15 +96,10 @@ options: default: false type: boolean type: object - ingress-class: - default: traefik + issuer: + default: letsencrypt-prod examples: - - traefik - type: string - domain: - default: your-company - examples: - - your-company + - letsencrypt-prod type: string dependencies: [] providers: @@ -79,3 +109,4 @@ providers: postgresql: null restapi: null http: null +tfaddtype: null diff --git a/meta/domain-ci/apps.tf b/meta/domain-ci/apps.tf index d8e16b9..4232ccf 100644 --- a/meta/domain-ci/apps.tf +++ b/meta/domain-ci/apps.tf @@ -1,6 +1,6 @@ locals { annotations = { - "vynil.solidite.fr/meta" = "domain-ci" + "vynil.solidite.fr/meta" = var.component "vynil.solidite.fr/name" = var.namespace "vynil.solidite.fr/domain" = var.domain-name "vynil.solidite.fr/issuer" = var.issuer @@ -11,6 +11,7 @@ locals { "domain-name" = var.domain-name "issuer" = var.issuer "ingress-class" = var.ingress-class + "backups" = var.backups } gitea = { for k, v in var.gitea : k => v if k!="enable" } woodpecker = { for k, v in var.woodpecker : k => v if k!="enable" } diff --git a/meta/domain-ci/index.yaml b/meta/domain-ci/index.yaml index 0682aae..edd8886 100644 --- a/meta/domain-ci/index.yaml +++ b/meta/domain-ci/index.yaml @@ -6,6 +6,21 @@ metadata: name: domain-ci description: null options: + gitea: + default: + enable: true + examples: + - enable: true + properties: + enable: + default: true + type: boolean + type: object + ingress-class: + default: traefik + examples: + - traefik + type: string distributions: default: core: core @@ -21,16 +36,6 @@ options: default: domain type: string type: object - gitea: - default: - enable: true - examples: - - enable: true - properties: - enable: - default: true - type: boolean - type: object woodpecker: default: enable: false @@ -46,6 +51,36 @@ options: examples: - your-company type: string + backups: + default: + enable: false + endpoint: '' + key-id-key: s3-id + secret-key: s3-secret + secret-name: backup-settings + examples: + - enable: false + endpoint: '' + key-id-key: s3-id + secret-key: s3-secret + secret-name: backup-settings + properties: + enable: + default: false + type: boolean + endpoint: + default: '' + type: string + key-id-key: + default: s3-id + type: string + secret-key: + default: s3-secret + type: string + secret-name: + default: backup-settings + type: string + type: object domain-name: default: your_company.com examples: @@ -56,11 +91,6 @@ options: examples: - letsencrypt-prod type: string - ingress-class: - default: traefik - examples: - - traefik - type: string dependencies: [] providers: kubernetes: true diff --git a/meta/domain-erp/apps.tf b/meta/domain-erp/apps.tf index 476a1ab..5a1760c 100644 --- a/meta/domain-erp/apps.tf +++ b/meta/domain-erp/apps.tf @@ -1,6 +1,6 @@ locals { annotations = { - "vynil.solidite.fr/meta" = "domain-ci" + "vynil.solidite.fr/meta" = var.component "vynil.solidite.fr/name" = var.namespace "vynil.solidite.fr/domain" = var.domain-name "vynil.solidite.fr/issuer" = var.issuer @@ -11,6 +11,7 @@ locals { "domain-name" = var.domain-name "issuer" = var.issuer "ingress-class" = var.ingress-class + "backups" = var.backups } dolibarr = { for k, v in var.dolibarr : k => v if k!="enable" } } diff --git a/meta/domain-erp/index.yaml b/meta/domain-erp/index.yaml index ddcaa39..6ff8e3c 100644 --- a/meta/domain-erp/index.yaml +++ b/meta/domain-erp/index.yaml @@ -6,16 +6,26 @@ metadata: name: domain-erp description: null options: - ingress-class: - default: traefik - examples: - - traefik - type: string domain: default: your-company examples: - your-company type: string + domain-name: + default: your_company.com + examples: + - your_company.com + type: string + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + ingress-class: + default: traefik + examples: + - traefik + type: string distributions: default: core: core @@ -31,6 +41,36 @@ options: default: domain type: string type: object + backups: + default: + enable: false + endpoint: '' + key-id-key: s3-id + secret-key: s3-secret + secret-name: backup-settings + examples: + - enable: false + endpoint: '' + key-id-key: s3-id + secret-key: s3-secret + secret-name: backup-settings + properties: + enable: + default: false + type: boolean + endpoint: + default: '' + type: string + key-id-key: + default: s3-id + type: string + secret-key: + default: s3-secret + type: string + secret-name: + default: backup-settings + type: string + type: object dolibarr: default: enable: true @@ -41,16 +81,6 @@ options: default: true type: boolean type: object - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string - domain-name: - default: your_company.com - examples: - - your_company.com - type: string dependencies: [] providers: kubernetes: true @@ -59,3 +89,4 @@ providers: postgresql: null restapi: null http: null +tfaddtype: null diff --git a/meta/domain-infra/apps.tf b/meta/domain-infra/apps.tf index b9a084f..99ca661 100644 --- a/meta/domain-infra/apps.tf +++ b/meta/domain-infra/apps.tf @@ -11,6 +11,7 @@ locals { "domain-name" = var.domain-name "issuer" = var.issuer "ingress-class" = var.ingress-class + "backups" = var.backups } traefik = { for k, v in var.traefik : k => v if k!="enable" } dns = { for k, v in var.dns : k => v if k!="enable" } diff --git a/meta/domain-infra/index.yaml b/meta/domain-infra/index.yaml index 37b0425..d484860 100644 --- a/meta/domain-infra/index.yaml +++ b/meta/domain-infra/index.yaml @@ -6,6 +6,16 @@ metadata: name: domain-infra description: null options: + dns: + default: + enable: false + examples: + - enable: false + properties: + enable: + default: false + type: boolean + type: object traefik: default: enable: false @@ -21,12 +31,17 @@ options: default: traefik type: string type: object + ingress-class: + default: traefik + examples: + - traefik + type: string issuer: default: letsencrypt-prod examples: - letsencrypt-prod type: string - dns: + api: default: enable: false examples: @@ -36,11 +51,6 @@ options: default: false type: boolean type: object - ingress-class: - default: traefik - examples: - - traefik - type: string distributions: default: core: core @@ -61,15 +71,35 @@ options: examples: - your-company type: string - api: + backups: default: enable: false + endpoint: '' + key-id-key: s3-id + secret-key: s3-secret + secret-name: backup-settings examples: - enable: false + endpoint: '' + key-id-key: s3-id + secret-key: s3-secret + secret-name: backup-settings properties: enable: default: false type: boolean + endpoint: + default: '' + type: string + key-id-key: + default: s3-id + type: string + secret-key: + default: s3-secret + type: string + secret-name: + default: backup-settings + type: string type: object domain-name: default: your_company.com @@ -84,3 +114,4 @@ providers: postgresql: null restapi: null http: null +tfaddtype: null diff --git a/meta/domain-mail/apps.tf b/meta/domain-mail/apps.tf new file mode 100644 index 0000000..f47104c --- /dev/null +++ b/meta/domain-mail/apps.tf @@ -0,0 +1,44 @@ +locals { + annotations = { + "vynil.solidite.fr/meta" = var.component + "vynil.solidite.fr/name" = var.namespace + "vynil.solidite.fr/domain" = var.domain-name + "vynil.solidite.fr/issuer" = var.issuer + "vynil.solidite.fr/ingress" = var.ingress-class + } + global = { + "domain" = var.namespace + "domain-name" = var.domain-name + "issuer" = var.issuer + "ingress-class" = var.ingress-class + "backups" = var.backups + } + wildduck = { for k, v in var.wildduck : k => v if k!="enable" } +} + +resource "kubernetes_namespace_v1" "mail-ns" { + count = ( var.wildduck.enable )? 1 : 0 + metadata { + annotations = local.annotations + labels = merge(local.common-labels, local.annotations) + name = "${var.namespace}-mail" + } +} + +resource "kubectl_manifest" "wildduck" { + count = var.wildduck.enable ? 1 : 0 + depends_on = [kubernetes_namespace_v1.mail-ns] + yaml_body = <<-EOF + apiVersion: "vynil.solidite.fr/v1" + kind: "Install" + metadata: + name: "wildduck" + namespace: "${kubernetes_namespace_v1.mail-ns[0].metadata[0].name}" + labels: ${jsonencode(local.common-labels)} + spec: + distrib: "${var.distributions.domain}" + category: "share" + component: "wildduck" + options: ${jsonencode(merge(local.global, local.wildduck))} + EOF +} diff --git a/meta/domain-mail/index.yaml b/meta/domain-mail/index.yaml new file mode 100644 index 0000000..5f4425f --- /dev/null +++ b/meta/domain-mail/index.yaml @@ -0,0 +1,92 @@ +--- +apiVersion: vinyl.solidite.fr/v1beta1 +kind: Component +category: meta +metadata: + name: domain-mail + description: null +options: + ingress-class: + default: traefik + examples: + - traefik + type: string + backups: + default: + enable: false + endpoint: '' + key-id-key: s3-id + secret-key: s3-secret + secret-name: backup-settings + examples: + - enable: false + endpoint: '' + key-id-key: s3-id + secret-key: s3-secret + secret-name: backup-settings + properties: + enable: + default: false + type: boolean + endpoint: + default: '' + type: string + key-id-key: + default: s3-id + type: string + secret-key: + default: s3-secret + type: string + secret-name: + default: backup-settings + type: string + type: object + wildduck: + default: + enable: true + examples: + - enable: true + properties: + enable: + default: true + type: boolean + type: object + domain: + default: your-company + examples: + - your-company + type: string + distributions: + default: + core: core + domain: domain + examples: + - core: core + domain: domain + properties: + core: + default: core + type: string + domain: + default: domain + type: string + type: object + domain-name: + default: your_company.com + examples: + - your_company.com + type: string + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string +dependencies: [] +providers: + kubernetes: true + authentik: null + kubectl: true + postgresql: null + restapi: null + http: null +tfaddtype: null diff --git a/meta/domain/index.yaml b/meta/domain/index.yaml index 6eeeb0a..8430fa7 100644 --- a/meta/domain/index.yaml +++ b/meta/domain/index.yaml @@ -6,6 +6,26 @@ metadata: name: domain description: null options: + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + domain-name: + default: your_company.com + examples: + - your_company.com + type: string + auth: + default: + enable: true + examples: + - enable: true + properties: + enable: + default: true + type: boolean + type: object ci: default: enable: false @@ -28,15 +48,35 @@ options: type: boolean type: object type: object - auth: + backups: default: - enable: true + enable: false + endpoint: '' + key-id-key: s3-id + secret-key: s3-secret + secret-name: backup-settings examples: - - enable: true + - enable: false + endpoint: '' + key-id-key: s3-id + secret-key: s3-secret + secret-name: backup-settings properties: enable: - default: true + default: false type: boolean + endpoint: + default: '' + type: string + key-id-key: + default: s3-id + type: string + secret-key: + default: s3-secret + type: string + secret-name: + default: backup-settings + type: string type: object infra: default: @@ -60,21 +100,6 @@ options: type: boolean type: object type: object - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string - ingress-class: - default: traefik - examples: - - traefik - type: string - domain-name: - default: your_company.com - examples: - - your_company.com - type: string erp: default: dolibarr: @@ -97,21 +122,11 @@ options: default: false type: boolean type: object - distributions: - default: - core: core - domain: domain + ingress-class: + default: traefik examples: - - core: core - domain: domain - properties: - core: - default: core - type: string - domain: - default: domain - type: string - type: object + - traefik + type: string apps: default: enable: false @@ -134,6 +149,21 @@ options: type: boolean type: object type: object + distributions: + default: + core: core + domain: domain + examples: + - core: core + domain: domain + properties: + core: + default: core + type: string + domain: + default: domain + type: string + type: object dependencies: [] providers: kubernetes: null @@ -142,3 +172,4 @@ providers: postgresql: null restapi: null http: null +tfaddtype: null diff --git a/meta/domain/installs.tf b/meta/domain/installs.tf index 22cc725..933989d 100644 --- a/meta/domain/installs.tf +++ b/meta/domain/installs.tf @@ -5,9 +5,10 @@ locals { "issuer" = var.issuer "ingress-class" = var.ingress-class "distributions" = var.distributions + "backups" = var.backups } annotations = { - "vynil.solidite.fr/meta" = "domain" + "vynil.solidite.fr/meta" = var.component "vynil.solidite.fr/name" = var.namespace "vynil.solidite.fr/domain" = var.domain-name "vynil.solidite.fr/issuer" = var.issuer diff --git a/share/wildduck/index.yaml b/share/wildduck/index.yaml index bd240cc..d4e497a 100644 --- a/share/wildduck/index.yaml +++ b/share/wildduck/index.yaml @@ -6,36 +6,16 @@ metadata: name: wildduck description: null options: - sub-domain: - default: mail + domain-name: + default: your_company.com examples: - - mail - type: string - ingress-class: - default: traefik - examples: - - traefik + - your_company.com type: string domain: default: your-company examples: - your-company type: string - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string - additional-domains: - default: [] - items: - type: string - type: array - domain-name: - default: your_company.com - examples: - - your_company.com - type: string images: default: haraka: @@ -199,6 +179,51 @@ options: type: string type: object type: object + sub-domain: + default: mail + examples: + - mail + type: string + ingress-class: + default: traefik + examples: + - traefik + type: string + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + backups: + default: + enable: false + endpoint: '' + key-id-key: s3-id + secret-key: s3-secret + secret-name: backup-settings + examples: + - enable: false + endpoint: '' + key-id-key: s3-id + secret-key: s3-secret + secret-name: backup-settings + properties: + enable: + default: false + type: boolean + endpoint: + default: '' + type: string + key-id-key: + default: s3-id + type: string + secret-key: + default: s3-secret + type: string + secret-name: + default: backup-settings + type: string + type: object redis: default: exporter: @@ -232,6 +257,11 @@ options: default: 2Gi type: string type: object + additional-domains: + default: [] + items: + type: string + type: array dependencies: - dist: null category: dbo diff --git a/share/wildduck/mongo.tf b/share/wildduck/mongo.tf index 47b279f..d296b68 100644 --- a/share/wildduck/mongo.tf +++ b/share/wildduck/mongo.tf @@ -41,6 +41,25 @@ resource "kubectl_manifest" "prj_mongo" { members: 1 type: ReplicaSet version: "4.4.0" + podSpec: + podTemplate: + spec: + containers: + - name: mongod + env: + - name: MONGODB_NAME + value: ${var.component} + - name: MONGODB_USER + value: ${var.component} + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: "${var.instance}-${var.component}-mongo" + key: password + metadata: + annotations: + "k8up.io/backupcommand": "sh -c 'mongodump --username=$MONGODB_USER --password=$MONGODB_PASSWORD mongodb://localhost/$MONGODB_NAME --archive'" + "k8up.io/file-extension": ".archive" security: authentication: modes: ["SCRAM"]