vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2023-10-19 18:06:03 +02:00
parent 0bedf5f777
commit 63329a599f
8 changed files with 586 additions and 566 deletions
Download Patch File Download Diff File Expand all files Collapse all files

221
meta/domain/index.yaml
View File

@@ -6,6 +6,46 @@ metadata:
name: domain
description: null
options:
backups:
default:
enable: false
endpoint: ''
key-id-key: s3-id
secret-key: s3-secret
secret-name: backup-settings
examples:
- enable: false
endpoint: ''
key-id-key: s3-id
secret-key: s3-secret
secret-name: backup-settings
properties:
enable:
default: false
type: boolean
endpoint:
default: ''
type: string
key-id-key:
default: s3-id
type: string
secret-key:
default: s3-secret
type: string
secret-name:
default: backup-settings
type: string
type: object
devspaces:
default:
enable: false
examples:
- enable: false
properties:
enable:
default: false
type: boolean
type: object
apps:
default:
enable: false
@@ -28,26 +68,83 @@ options:
type: boolean
type: object
type: object
mail:
default:
enable: false
examples:
- enable: false
properties:
enable:
default: false
type: boolean
type: object
ingress-class:
default: traefik
examples:
- traefik
type: string
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
distributions:
default:
core: core
domain: domain
examples:
- core: core
domain: domain
properties:
core:
default: core
type: string
domain:
default: domain
type: string
type: object
ci:
default:
enable: false
gitea:
enable: true
examples:
- enable: false
gitea:
enable: true
properties:
enable:
default: false
type: boolean
gitea:
default:
enable: true
properties:
enable:
default: true
type: boolean
type: object
type: object
storage-classes:
default:
BlockReadWriteMany: ''
BlockReadWriteOnce: ''
FilesystemReadWriteMany: ''
FilesystemReadWriteOnce: ''
examples:
- BlockReadWriteMany: ''
BlockReadWriteOnce: ''
FilesystemReadWriteMany: ''
FilesystemReadWriteOnce: ''
properties:
BlockReadWriteMany:
default: ''
type: string
BlockReadWriteOnce:
default: ''
type: string
FilesystemReadWriteMany:
default: ''
type: string
FilesystemReadWriteOnce:
default: ''
type: string
type: object
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
ingress-class:
default: traefik
examples:
- traefik
type: string
infra:
default:
enable: false
@@ -92,41 +189,6 @@ options:
default: false
type: boolean
type: object
backups:
default:
enable: false
endpoint: ''
key-id-key: s3-id
secret-key: s3-secret
secret-name: backup-settings
examples:
- enable: false
endpoint: ''
key-id-key: s3-id
secret-key: s3-secret
secret-name: backup-settings
properties:
enable:
default: false
type: boolean
endpoint:
default: ''
type: string
key-id-key:
default: s3-id
type: string
secret-key:
default: s3-secret
type: string
secret-name:
default: backup-settings
type: string
type: object
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
auth:
default:
enable: true
@@ -137,35 +199,20 @@ options:
default: true
type: boolean
type: object
distributions:
default:
core: core
domain: domain
examples:
- core: core
domain: domain
properties:
core:
default: core
type: string
domain:
default: domain
type: string
type: object
ci:
mail:
default:
enable: false
gitea:
wildduck:
enable: true
examples:
- enable: false
gitea:
wildduck:
enable: true
properties:
enable:
default: false
type: boolean
gitea:
wildduck:
default:
enable: true
properties:
@@ -174,41 +221,6 @@ options:
type: boolean
type: object
type: object
devspaces:
default:
enable: false
examples:
- enable: false
properties:
enable:
default: false
type: boolean
type: object
storage-classes:
default:
BlockReadWriteMany: ''
BlockReadWriteOnce: ''
FilesystemReadWriteMany: ''
FilesystemReadWriteOnce: ''
examples:
- BlockReadWriteMany: ''
BlockReadWriteOnce: ''
FilesystemReadWriteMany: ''
FilesystemReadWriteOnce: ''
properties:
BlockReadWriteMany:
default: ''
type: string
BlockReadWriteOnce:
default: ''
type: string
FilesystemReadWriteMany:
default: ''
type: string
FilesystemReadWriteOnce:
default: ''
type: string
type: object
dependencies: []
providers:
kubernetes: null
@@ -217,4 +229,5 @@ providers:
postgresql: null
restapi: null
http: null
gitea: null
tfaddtype: null

136
meta/domain/installs.tf
View File

@@ -1,58 +1,88 @@
locals {
global = {
"domain" = var.namespace
"domain-name" = var.domain-name
"issuer" = var.issuer
"ingress-class" = var.ingress-class
"distributions" = var.distributions
"backups" = var.backups
"storage-classes"= var.storage-classes
}
annotations = {
"vynil.solidite.fr/meta" = var.component
"vynil.solidite.fr/name" = var.namespace
"vynil.solidite.fr/domain" = var.domain-name
"vynil.solidite.fr/issuer" = var.issuer
"vynil.solidite.fr/ingress" = var.ingress-class
}
auth = { for k, v in var.auth : k => v if k!="enable" }
infra = { for k, v in var.infra : k => v if k!="enable" }
ci = { for k, v in var.ci : k => v if k!="enable" }
erp = { for k, v in var.erp : k => v if k!="enable" }
apps = { for k, v in var.apps : k => v if k!="enable" }
mail = { for k, v in var.mail : k => v if k!="enable" }
devspaces = { for k, v in var.devspaces : k => v if k!="enable" }
global = {
"domain" = var.namespace
"domain-name" = var.domain-name
"issuer" = var.issuer
"ingress-class" = var.ingress-class
"distributions" = var.distributions
"backups" = var.backups
"storage-classes"= var.storage-classes
}
annotations = {
"vynil.solidite.fr/meta" = var.component
"vynil.solidite.fr/name" = var.namespace
"vynil.solidite.fr/domain" = var.domain-name
"vynil.solidite.fr/issuer" = var.issuer
"vynil.solidite.fr/ingress" = var.ingress-class
}
auth = { for k, v in var.auth : k => v if k!="enable" }
infra = { for k, v in var.infra : k => v if k!="enable" }
ci = { for k, v in var.ci : k => v if k!="enable" }
erp = { for k, v in var.erp : k => v if k!="enable" }
apps = { for k, v in var.apps : k => v if k!="enable" }
mail = { for k, v in var.mail : k => v if k!="enable" }
devspaces = { for k, v in var.devspaces : k => v if k!="enable" }
# Force install authentik and it's modules when any are needed
use-ldap = (var.ci.enable && var.ci.gitea.enable) || (var.erp.enable && var.erp.dolibarr.enable)
use-forward = var.infra.enable && var.infra.traefik.enable
use-other-auth = false
added-auth-ldap = local.use-ldap?{
"authentik-ldap" = {"enable"= true}
}:{}
added-auth-forward = local.use-forward?{
"authentik-forward" = {"enable"= true}
}:{}
added-auth = local.use-ldap||local.use-forward||local.use-other-auth?merge({
"authentik" = {"enable" = true}
},local.added-auth-ldap,local.added-auth-forward):{}
divisions = {
"clients" = {
"enable" = false
"apps" = []
"divisions" = []
}
"employes" = {
"enable" = true
"apps" = []
"divisions" = []
}
"fournisseurs" = {
"enable" = false
"apps" = []
"divisions" = []
}
# Force install authentik and it's modules when any are needed
use-ldap = (var.ci.enable && var.ci.gitea.enable) || (var.erp.enable && var.erp.dolibarr.enable)
use-forward = var.infra.enable && var.infra.traefik.enable
use-other-auth = false
added-auth-ldap = local.use-ldap?{
"authentik-ldap" = {"enable"= true}
}:{}
added-auth-forward = local.use-forward?{
"authentik-forward" = {"enable"= true}
}:{}
added-auth = local.use-ldap||local.use-forward||local.use-other-auth?merge({
"authentik" = {"enable" = true}
},local.added-auth-ldap,local.added-auth-forward):{}
divisions = {
"clients" = {
"enable" = false
"apps" = []
"divisions" = []
}
"employes" = {
"enable" = true
"apps" = []
"divisions" = []
}
"fournisseurs" = {
"enable" = false
"apps" = []
"divisions" = []
}
}
devspaces-custom = {
external-pgs = concat(var.erp.enable&&var.erp.dolibarr.enable?[{
"name" = "dolibarr-dolibarr-pg"
"dbname" = "dolibarr"
"username" = "dolibarr"
"namespace" = "${var.domain}-erp"
"secret" = {
"name" = "dolibarr-dolibarr-pg-app"
"key" = "password"
}
}]:[], var.apps.enable&&var.apps.nextcloud.enable?[{
"name" = "nextcloud-nextcloud-pg"
"dbname" = "nextcloud"
"username" = "nextcloud"
"namespace" = "${var.domain}-files"
"secret" = {
"name" = "nextcloud-nextcloud-pg-app"
"key" = "password"
}
}]:[], var.ci.enable&&var.ci.gitea.enable?[{
"name" = "gitea-gitea-pg"
"dbname" = "gitea"
"username" = "gitea"
"namespace" = "${var.domain}-ci"
"secret" = {
"name" = "gitea-gitea-pg-app"
"key" = "password"
}
}]:[])
}
}
resource "kubectl_manifest" "auth" {
@@ -164,6 +194,6 @@ resource "kubectl_manifest" "devspaces" {
distrib: "${var.distributions.domain}"
category: "meta"
component: "domain-devspaces"
options: ${jsonencode(merge(local.global, local.devspaces))}
options: ${jsonencode(merge(local.global, local.devspaces-custom, local.devspaces))}
EOF
}