fix

2023-08-11 12:48:32 +02:00
parent 0aca51fcfc
commit 3875aff2b2
16 changed files with 523 additions and 147 deletions
--- a/meta/domain-apps/apps.tf
+++ b/meta/domain-apps/apps.tf
@@ -1,6 +1,6 @@
 locals {
    annotations = {
-      "vynil.solidite.fr/meta" = "domain-auth"
+      "vynil.solidite.fr/meta" = var.component
      "vynil.solidite.fr/name" = "${var.namespace}-auth"
      "vynil.solidite.fr/domain" = var.domain-name
      "vynil.solidite.fr/issuer" = var.issuer
@@ -11,6 +11,7 @@ locals {
        "domain-name" = var.domain-name
        "issuer" = var.issuer
        "ingress-class" = var.ingress-class
+        "backups"        = var.backups
    }
    nextcloud = { for k, v in var.nextcloud : k => v if k!="enable" }
 }
--- a/meta/domain-apps/index.yaml
+++ b/meta/domain-apps/index.yaml
@@ -6,10 +6,25 @@ metadata:
  name: domain-apps
  description: null
 options:
-  ingress-class:
-    default: traefik
+  nextcloud:
+    default:
+      enable: false
    examples:
-    - traefik
+    - enable: false
+    properties:
+      enable:
+        default: false
+        type: boolean
+    type: object
+  domain-name:
+    default: your_company.com
+    examples:
+    - your_company.com
+    type: string
+  domain:
+    default: your-company
+    examples:
+    - your-company
    type: string
  distributions:
    default:
@@ -26,31 +41,46 @@ options:
        default: domain
        type: string
    type: object
-  nextcloud:
-    default:
-      enable: false
+  ingress-class:
+    default: traefik
    examples:
-    - enable: false
-    properties:
-      enable:
-        default: false
-        type: boolean
-    type: object
+    - traefik
+    type: string
  issuer:
    default: letsencrypt-prod
    examples:
    - letsencrypt-prod
    type: string
-  domain-name:
-    default: your_company.com
+  backups:
+    default:
+      enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      secret-key: s3-secret
+      secret-name: backup-settings
    examples:
-    - your_company.com
-    type: string
-  domain:
-    default: your-company
-    examples:
-    - your-company
-    type: string
+    - enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      secret-key: s3-secret
+      secret-name: backup-settings
+    properties:
+      enable:
+        default: false
+        type: boolean
+      endpoint:
+        default: ''
+        type: string
+      key-id-key:
+        default: s3-id
+        type: string
+      secret-key:
+        default: s3-secret
+        type: string
+      secret-name:
+        default: backup-settings
+        type: string
+    type: object
 dependencies: []
 providers:
  kubernetes: true
@@ -59,3 +89,4 @@ providers:
  postgresql: null
  restapi: null
  http: null
+tfaddtype: null
--- a/meta/domain-auth/apps.tf
+++ b/meta/domain-auth/apps.tf
@@ -1,6 +1,6 @@
 locals {
    annotations = {
-      "vynil.solidite.fr/meta" = "domain-auth"
+      "vynil.solidite.fr/meta" = var.component
      "vynil.solidite.fr/name" = "${var.namespace}-auth"
      "vynil.solidite.fr/domain" = var.domain-name
      "vynil.solidite.fr/issuer" = var.issuer
@@ -11,6 +11,7 @@ locals {
        "domain-name" = var.domain-name
        "issuer" = var.issuer
        "ingress-class" = var.ingress-class
+        "backups"        = var.backups
    }
    authentik = { for k, v in var.authentik : k => v if k!="enable" }
    authentik-ldap = { for k, v in var.authentik-ldap : k => v if k!="enable" }
--- a/meta/domain-auth/index.yaml
+++ b/meta/domain-auth/index.yaml
@@ -6,26 +6,6 @@ metadata:
  name: domain-auth
  description: null
 options:
-  issuer:
-    default: letsencrypt-prod
-    examples:
-    - letsencrypt-prod
-    type: string
-  distributions:
-    default:
-      core: core
-      domain: domain
-    examples:
-    - core: core
-      domain: domain
-    properties:
-      core:
-        default: core
-        type: string
-      domain:
-        default: domain
-        type: string
-    type: object
  authentik:
    default:
      enable: true
@@ -36,6 +16,16 @@ options:
        default: true
        type: boolean
    type: object
+  domain:
+    default: your-company
+    examples:
+    - your-company
+    type: string
+  ingress-class:
+    default: traefik
+    examples:
+    - traefik
+    type: string
  authentik-ldap:
    default:
      enable: false
@@ -51,6 +41,51 @@ options:
    examples:
    - your_company.com
    type: string
+  backups:
+    default:
+      enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      secret-key: s3-secret
+      secret-name: backup-settings
+    examples:
+    - enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      secret-key: s3-secret
+      secret-name: backup-settings
+    properties:
+      enable:
+        default: false
+        type: boolean
+      endpoint:
+        default: ''
+        type: string
+      key-id-key:
+        default: s3-id
+        type: string
+      secret-key:
+        default: s3-secret
+        type: string
+      secret-name:
+        default: backup-settings
+        type: string
+    type: object
+  distributions:
+    default:
+      core: core
+      domain: domain
+    examples:
+    - core: core
+      domain: domain
+    properties:
+      core:
+        default: core
+        type: string
+      domain:
+        default: domain
+        type: string
+    type: object
  authentik-forward:
    default:
      enable: false
@@ -61,15 +96,10 @@ options:
        default: false
        type: boolean
    type: object
-  ingress-class:
-    default: traefik
+  issuer:
+    default: letsencrypt-prod
    examples:
-    - traefik
-    type: string
-  domain:
-    default: your-company
-    examples:
-    - your-company
+    - letsencrypt-prod
    type: string
 dependencies: []
 providers:
@@ -79,3 +109,4 @@ providers:
  postgresql: null
  restapi: null
  http: null
+tfaddtype: null
--- a/meta/domain-ci/apps.tf
+++ b/meta/domain-ci/apps.tf
@@ -1,6 +1,6 @@
 locals {
    annotations = {
-      "vynil.solidite.fr/meta"    = "domain-ci"
+      "vynil.solidite.fr/meta"    = var.component
      "vynil.solidite.fr/name"    = var.namespace
      "vynil.solidite.fr/domain"  = var.domain-name
      "vynil.solidite.fr/issuer"  = var.issuer
@@ -11,6 +11,7 @@ locals {
        "domain-name"    = var.domain-name
        "issuer"         = var.issuer
        "ingress-class"  = var.ingress-class
+        "backups"        = var.backups
    }
    gitea = { for k, v in var.gitea : k => v if k!="enable" }
    woodpecker = { for k, v in var.woodpecker : k => v if k!="enable" }
--- a/meta/domain-ci/index.yaml
+++ b/meta/domain-ci/index.yaml
@@ -6,6 +6,21 @@ metadata:
  name: domain-ci
  description: null
 options:
+  gitea:
+    default:
+      enable: true
+    examples:
+    - enable: true
+    properties:
+      enable:
+        default: true
+        type: boolean
+    type: object
+  ingress-class:
+    default: traefik
+    examples:
+    - traefik
+    type: string
  distributions:
    default:
      core: core
@@ -21,16 +36,6 @@ options:
        default: domain
        type: string
    type: object
-  gitea:
-    default:
-      enable: true
-    examples:
-    - enable: true
-    properties:
-      enable:
-        default: true
-        type: boolean
-    type: object
  woodpecker:
    default:
      enable: false
@@ -46,6 +51,36 @@ options:
    examples:
    - your-company
    type: string
+  backups:
+    default:
+      enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      secret-key: s3-secret
+      secret-name: backup-settings
+    examples:
+    - enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      secret-key: s3-secret
+      secret-name: backup-settings
+    properties:
+      enable:
+        default: false
+        type: boolean
+      endpoint:
+        default: ''
+        type: string
+      key-id-key:
+        default: s3-id
+        type: string
+      secret-key:
+        default: s3-secret
+        type: string
+      secret-name:
+        default: backup-settings
+        type: string
+    type: object
  domain-name:
    default: your_company.com
    examples:
@@ -56,11 +91,6 @@ options:
    examples:
    - letsencrypt-prod
    type: string
-  ingress-class:
-    default: traefik
-    examples:
-    - traefik
-    type: string
 dependencies: []
 providers:
  kubernetes: true
--- a/meta/domain-erp/apps.tf
+++ b/meta/domain-erp/apps.tf
@@ -1,6 +1,6 @@
 locals {
    annotations = {
-      "vynil.solidite.fr/meta"   = "domain-ci"
+      "vynil.solidite.fr/meta"   = var.component
      "vynil.solidite.fr/name"   = var.namespace
      "vynil.solidite.fr/domain" = var.domain-name
      "vynil.solidite.fr/issuer" = var.issuer
@@ -11,6 +11,7 @@ locals {
        "domain-name"   = var.domain-name
        "issuer"        = var.issuer
        "ingress-class" = var.ingress-class
+        "backups"       = var.backups
    }
    dolibarr = { for k, v in var.dolibarr : k => v if k!="enable" }
 }
--- a/meta/domain-erp/index.yaml
+++ b/meta/domain-erp/index.yaml
@@ -6,16 +6,26 @@ metadata:
  name: domain-erp
  description: null
 options:
-  ingress-class:
-    default: traefik
-    examples:
-    - traefik
-    type: string
  domain:
    default: your-company
    examples:
    - your-company
    type: string
+  domain-name:
+    default: your_company.com
+    examples:
+    - your_company.com
+    type: string
+  issuer:
+    default: letsencrypt-prod
+    examples:
+    - letsencrypt-prod
+    type: string
+  ingress-class:
+    default: traefik
+    examples:
+    - traefik
+    type: string
  distributions:
    default:
      core: core
@@ -31,6 +41,36 @@ options:
        default: domain
        type: string
    type: object
+  backups:
+    default:
+      enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      secret-key: s3-secret
+      secret-name: backup-settings
+    examples:
+    - enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      secret-key: s3-secret
+      secret-name: backup-settings
+    properties:
+      enable:
+        default: false
+        type: boolean
+      endpoint:
+        default: ''
+        type: string
+      key-id-key:
+        default: s3-id
+        type: string
+      secret-key:
+        default: s3-secret
+        type: string
+      secret-name:
+        default: backup-settings
+        type: string
+    type: object
  dolibarr:
    default:
      enable: true
@@ -41,16 +81,6 @@ options:
        default: true
        type: boolean
    type: object
-  issuer:
-    default: letsencrypt-prod
-    examples:
-    - letsencrypt-prod
-    type: string
-  domain-name:
-    default: your_company.com
-    examples:
-    - your_company.com
-    type: string
 dependencies: []
 providers:
  kubernetes: true
@@ -59,3 +89,4 @@ providers:
  postgresql: null
  restapi: null
  http: null
+tfaddtype: null
--- a/meta/domain-infra/apps.tf
+++ b/meta/domain-infra/apps.tf
@@ -11,6 +11,7 @@ locals {
        "domain-name"   = var.domain-name
        "issuer"        = var.issuer
        "ingress-class" = var.ingress-class
+        "backups"       = var.backups
    }
    traefik = { for k, v in var.traefik : k => v if k!="enable" }
    dns = { for k, v in var.dns : k => v if k!="enable" }
--- a/meta/domain-infra/index.yaml
+++ b/meta/domain-infra/index.yaml
@@ -6,6 +6,16 @@ metadata:
  name: domain-infra
  description: null
 options:
+  dns:
+    default:
+      enable: false
+    examples:
+    - enable: false
+    properties:
+      enable:
+        default: false
+        type: boolean
+    type: object
  traefik:
    default:
      enable: false
@@ -21,12 +31,17 @@ options:
        default: traefik
        type: string
    type: object
+  ingress-class:
+    default: traefik
+    examples:
+    - traefik
+    type: string
  issuer:
    default: letsencrypt-prod
    examples:
    - letsencrypt-prod
    type: string
-  dns:
+  api:
    default:
      enable: false
    examples:
@@ -36,11 +51,6 @@ options:
        default: false
        type: boolean
    type: object
-  ingress-class:
-    default: traefik
-    examples:
-    - traefik
-    type: string
  distributions:
    default:
      core: core
@@ -61,15 +71,35 @@ options:
    examples:
    - your-company
    type: string
-  api:
+  backups:
    default:
      enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      secret-key: s3-secret
+      secret-name: backup-settings
    examples:
    - enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      secret-key: s3-secret
+      secret-name: backup-settings
    properties:
      enable:
        default: false
        type: boolean
+      endpoint:
+        default: ''
+        type: string
+      key-id-key:
+        default: s3-id
+        type: string
+      secret-key:
+        default: s3-secret
+        type: string
+      secret-name:
+        default: backup-settings
+        type: string
    type: object
  domain-name:
    default: your_company.com
@@ -84,3 +114,4 @@ providers:
  postgresql: null
  restapi: null
  http: null
+tfaddtype: null
--- a/meta/domain-mail/apps.tf
+++ b/meta/domain-mail/apps.tf
@@ -0,0 +1,44 @@
+locals {
+    annotations = {
+      "vynil.solidite.fr/meta"   = var.component
+      "vynil.solidite.fr/name"   = var.namespace
+      "vynil.solidite.fr/domain" = var.domain-name
+      "vynil.solidite.fr/issuer" = var.issuer
+      "vynil.solidite.fr/ingress" = var.ingress-class
+    }
+    global = {
+        "domain"        = var.namespace
+        "domain-name"   = var.domain-name
+        "issuer"        = var.issuer
+        "ingress-class" = var.ingress-class
+        "backups"       = var.backups
+    }
+    wildduck = { for k, v in var.wildduck : k => v if k!="enable" }
+}
+
+resource "kubernetes_namespace_v1" "mail-ns" {
+  count = ( var.wildduck.enable )? 1 : 0
+  metadata {
+    annotations = local.annotations
+    labels = merge(local.common-labels, local.annotations)
+    name = "${var.namespace}-mail"
+  }
+}
+
+resource "kubectl_manifest" "wildduck" {
+  count = var.wildduck.enable ? 1 : 0
+  depends_on = [kubernetes_namespace_v1.mail-ns]
+  yaml_body  = <<-EOF
+    apiVersion: "vynil.solidite.fr/v1"
+    kind: "Install"
+    metadata:
+      name: "wildduck"
+      namespace: "${kubernetes_namespace_v1.mail-ns[0].metadata[0].name}"
+      labels: ${jsonencode(local.common-labels)}
+    spec:
+      distrib: "${var.distributions.domain}"
+      category: "share"
+      component: "wildduck"
+      options: ${jsonencode(merge(local.global, local.wildduck))}
+  EOF
+}
--- a/meta/domain-mail/index.yaml
+++ b/meta/domain-mail/index.yaml
@@ -0,0 +1,92 @@
+---
+apiVersion: vinyl.solidite.fr/v1beta1
+kind: Component
+category: meta
+metadata:
+  name: domain-mail
+  description: null
+options:
+  ingress-class:
+    default: traefik
+    examples:
+    - traefik
+    type: string
+  backups:
+    default:
+      enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      secret-key: s3-secret
+      secret-name: backup-settings
+    examples:
+    - enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      secret-key: s3-secret
+      secret-name: backup-settings
+    properties:
+      enable:
+        default: false
+        type: boolean
+      endpoint:
+        default: ''
+        type: string
+      key-id-key:
+        default: s3-id
+        type: string
+      secret-key:
+        default: s3-secret
+        type: string
+      secret-name:
+        default: backup-settings
+        type: string
+    type: object
+  wildduck:
+    default:
+      enable: true
+    examples:
+    - enable: true
+    properties:
+      enable:
+        default: true
+        type: boolean
+    type: object
+  domain:
+    default: your-company
+    examples:
+    - your-company
+    type: string
+  distributions:
+    default:
+      core: core
+      domain: domain
+    examples:
+    - core: core
+      domain: domain
+    properties:
+      core:
+        default: core
+        type: string
+      domain:
+        default: domain
+        type: string
+    type: object
+  domain-name:
+    default: your_company.com
+    examples:
+    - your_company.com
+    type: string
+  issuer:
+    default: letsencrypt-prod
+    examples:
+    - letsencrypt-prod
+    type: string
+dependencies: []
+providers:
+  kubernetes: true
+  authentik: null
+  kubectl: true
+  postgresql: null
+  restapi: null
+  http: null
+tfaddtype: null
--- a/meta/domain/index.yaml
+++ b/meta/domain/index.yaml
@@ -6,6 +6,26 @@ metadata:
  name: domain
  description: null
 options:
+  issuer:
+    default: letsencrypt-prod
+    examples:
+    - letsencrypt-prod
+    type: string
+  domain-name:
+    default: your_company.com
+    examples:
+    - your_company.com
+    type: string
+  auth:
+    default:
+      enable: true
+    examples:
+    - enable: true
+    properties:
+      enable:
+        default: true
+        type: boolean
+    type: object
  ci:
    default:
      enable: false
@@ -28,15 +48,35 @@ options:
            type: boolean
        type: object
    type: object
-  auth:
+  backups:
    default:
-      enable: true
+      enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      secret-key: s3-secret
+      secret-name: backup-settings
    examples:
-    - enable: true
+    - enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      secret-key: s3-secret
+      secret-name: backup-settings
    properties:
      enable:
-        default: true
+        default: false
        type: boolean
+      endpoint:
+        default: ''
+        type: string
+      key-id-key:
+        default: s3-id
+        type: string
+      secret-key:
+        default: s3-secret
+        type: string
+      secret-name:
+        default: backup-settings
+        type: string
    type: object
  infra:
    default:
@@ -60,21 +100,6 @@ options:
            type: boolean
        type: object
    type: object
-  issuer:
-    default: letsencrypt-prod
-    examples:
-    - letsencrypt-prod
-    type: string
-  ingress-class:
-    default: traefik
-    examples:
-    - traefik
-    type: string
-  domain-name:
-    default: your_company.com
-    examples:
-    - your_company.com
-    type: string
  erp:
    default:
      dolibarr:
@@ -97,21 +122,11 @@ options:
        default: false
        type: boolean
    type: object
-  distributions:
-    default:
-      core: core
-      domain: domain
+  ingress-class:
+    default: traefik
    examples:
-    - core: core
-      domain: domain
-    properties:
-      core:
-        default: core
-        type: string
-      domain:
-        default: domain
-        type: string
-    type: object
+    - traefik
+    type: string
  apps:
    default:
      enable: false
@@ -134,6 +149,21 @@ options:
            type: boolean
        type: object
    type: object
+  distributions:
+    default:
+      core: core
+      domain: domain
+    examples:
+    - core: core
+      domain: domain
+    properties:
+      core:
+        default: core
+        type: string
+      domain:
+        default: domain
+        type: string
+    type: object
 dependencies: []
 providers:
  kubernetes: null
@@ -142,3 +172,4 @@ providers:
  postgresql: null
  restapi: null
  http: null
+tfaddtype: null
--- a/meta/domain/installs.tf
+++ b/meta/domain/installs.tf
@@ -5,9 +5,10 @@ locals {
        "issuer"         = var.issuer
        "ingress-class"  = var.ingress-class
        "distributions"  = var.distributions
+        "backups"        = var.backups
    }
    annotations = {
-      "vynil.solidite.fr/meta" = "domain"
+      "vynil.solidite.fr/meta" = var.component
      "vynil.solidite.fr/name" = var.namespace
      "vynil.solidite.fr/domain" = var.domain-name
      "vynil.solidite.fr/issuer" = var.issuer
--- a/share/wildduck/index.yaml
+++ b/share/wildduck/index.yaml
@@ -6,36 +6,16 @@ metadata:
  name: wildduck
  description: null
 options:
-  sub-domain:
-    default: mail
+  domain-name:
+    default: your_company.com
    examples:
-    - mail
-    type: string
-  ingress-class:
-    default: traefik
-    examples:
-    - traefik
+    - your_company.com
    type: string
  domain:
    default: your-company
    examples:
    - your-company
    type: string
-  issuer:
-    default: letsencrypt-prod
-    examples:
-    - letsencrypt-prod
-    type: string
-  additional-domains:
-    default: []
-    items:
-      type: string
-    type: array
-  domain-name:
-    default: your_company.com
-    examples:
-    - your_company.com
-    type: string
  images:
    default:
      haraka:
@@ -199,6 +179,51 @@ options:
            type: string
        type: object
    type: object
+  sub-domain:
+    default: mail
+    examples:
+    - mail
+    type: string
+  ingress-class:
+    default: traefik
+    examples:
+    - traefik
+    type: string
+  issuer:
+    default: letsencrypt-prod
+    examples:
+    - letsencrypt-prod
+    type: string
+  backups:
+    default:
+      enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      secret-key: s3-secret
+      secret-name: backup-settings
+    examples:
+    - enable: false
+      endpoint: ''
+      key-id-key: s3-id
+      secret-key: s3-secret
+      secret-name: backup-settings
+    properties:
+      enable:
+        default: false
+        type: boolean
+      endpoint:
+        default: ''
+        type: string
+      key-id-key:
+        default: s3-id
+        type: string
+      secret-key:
+        default: s3-secret
+        type: string
+      secret-name:
+        default: backup-settings
+        type: string
+    type: object
  redis:
    default:
      exporter:
@@ -232,6 +257,11 @@ options:
        default: 2Gi
        type: string
    type: object
+  additional-domains:
+    default: []
+    items:
+      type: string
+    type: array
 dependencies:
 - dist: null
  category: dbo
--- a/share/wildduck/mongo.tf
+++ b/share/wildduck/mongo.tf
@@ -41,6 +41,25 @@ resource "kubectl_manifest" "prj_mongo" {
      members: 1
      type: ReplicaSet
      version: "4.4.0"
+      podSpec:
+        podTemplate:
+          spec:
+            containers:
+            - name: mongod
+              env:
+              - name: MONGODB_NAME
+                value: ${var.component}
+              - name: MONGODB_USER
+                value: ${var.component}
+              - name: MONGODB_PASSWORD
+                valueFrom:
+                  secretKeyRef:
+                    name: "${var.instance}-${var.component}-mongo"
+                    key: password
+          metadata:
+            annotations:
+              "k8up.io/backupcommand": "sh -c 'mongodump --username=$MONGODB_USER --password=$MONGODB_PASSWORD mongodb://localhost/$MONGODB_NAME --archive'"
+              "k8up.io/file-extension": ".archive"
      security:
        authentication:
          modes: ["SCRAM"]