From cfed1eb8578d308d04316dfb3c753d2c904a17ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Huss?= Date: Thu, 21 Sep 2023 12:44:34 +0200 Subject: [PATCH] fix --- apps/code-server/forward.tf | 1 + apps/code-server/index.yaml | 101 +++++----- apps/dolibarr/application.tf | 13 +- apps/dolibarr/index.yaml | 261 +++++++++++++------------- apps/gitea/index.yaml | 121 ++++++------ apps/gitea/ldap.tf | 1 + apps/nextcloud/application.tf | 1 + apps/nextcloud/index.yaml | 341 +++++++++++++++++----------------- apps/traefik-ui/forward.tf | 1 + apps/traefik-ui/index.yaml | 15 +- meta/domain-apps/apps.tf | 18 +- meta/domain-apps/index.yaml | 105 +++++++---- meta/domain-auth/index.yaml | 155 +++++++++------- meta/domain-ci/apps.tf | 15 +- meta/domain-ci/index.yaml | 121 +++++++----- meta/domain-erp/apps.tf | 11 +- meta/domain-erp/index.yaml | 55 ++++-- meta/domain-infra/apps.tf | 3 +- meta/domain-infra/index.yaml | 160 +++++++++------- meta/domain/index.yaml | 179 +++++++++++------- meta/domain/installs.tf | 1 + share/wildduck/application.tf | 1 + share/wildduck/index.yaml | 109 +++++------ 23 files changed, 1009 insertions(+), 780 deletions(-) diff --git a/apps/code-server/forward.tf b/apps/code-server/forward.tf index 1e962d4..7d1c0e7 100644 --- a/apps/code-server/forward.tf +++ b/apps/code-server/forward.tf @@ -61,6 +61,7 @@ resource "authentik_provider_proxy" "prj_forward" { resource "authentik_application" "prj_application" { name = local.app-name slug = "${var.component}-${var.instance}" + group = var.app-group protocol_provider = authentik_provider_proxy.prj_forward.id meta_launch_url = local.external-url meta_icon = format("%s/%s", local.external-url, local.app-icon) diff --git a/apps/code-server/index.yaml b/apps/code-server/index.yaml index 14e54eb..e119b60 100644 --- a/apps/code-server/index.yaml +++ b/apps/code-server/index.yaml @@ -6,31 +6,21 @@ metadata: name: code-server description: null options: - sub-domain: - default: code + app-group: + default: dev examples: - - code - type: string - ingress-class: - default: traefik - examples: - - traefik + - dev type: string timezone: default: Europe/Paris examples: - Europe/Paris type: string - domain-name: - default: your_company.com + no-editor: + default: false examples: - - your_company.com - type: string - domain: - default: your-company - examples: - - your-company - type: string + - false + type: boolean admin: default: cluster: false @@ -46,11 +36,48 @@ options: default: false type: boolean type: object - no-editor: - default: false + domain-name: + default: your_company.com examples: - - false - type: boolean + - your_company.com + type: string + storage: + default: + accessMode: ReadWriteOnce + size: 20Gi + type: Filesystem + examples: + - accessMode: ReadWriteOnce + size: 20Gi + type: Filesystem + properties: + accessMode: + default: ReadWriteOnce + enum: + - ReadWriteOnce + - ReadOnlyMany + - ReadWriteMany + type: string + size: + default: 20Gi + type: string + type: + default: Filesystem + enum: + - Filesystem + - Block + type: string + type: object + domain: + default: your-company + examples: + - your-company + type: string + ingress-class: + default: traefik + examples: + - traefik + type: string images: default: codeserver: @@ -90,38 +117,16 @@ options: type: number type: object type: object - storage: - default: - accessMode: ReadWriteOnce - size: 20Gi - type: Filesystem - examples: - - accessMode: ReadWriteOnce - size: 20Gi - type: Filesystem - properties: - accessMode: - default: ReadWriteOnce - enum: - - ReadWriteOnce - - ReadOnlyMany - - ReadWriteMany - type: string - size: - default: 20Gi - type: string - type: - default: Filesystem - enum: - - Filesystem - - Block - type: string - type: object issuer: default: letsencrypt-prod examples: - letsencrypt-prod type: string + sub-domain: + default: code + examples: + - code + type: string dependencies: - dist: null category: share diff --git a/apps/dolibarr/application.tf b/apps/dolibarr/application.tf index a73f3b5..129b3b1 100644 --- a/apps/dolibarr/application.tf +++ b/apps/dolibarr/application.tf @@ -1,4 +1,6 @@ locals { + app-name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance) + main-group = format("app-%s", local.app-name) sorted-group-names = reverse(distinct(sort([ for grp in var.user-groups: grp.name ]))) @@ -17,6 +19,7 @@ data "authentik_group" "vynil-admin" { resource "authentik_group" "groups" { count = length(local.sorted-groups) name = local.sorted-groups[count.index].name + attributes = jsonencode({"${local.app-name}" = true}) } data "authentik_group" "readed_groups" { depends_on = [ authentik_group.groups ] @@ -32,25 +35,25 @@ resource "authentik_application" "dolibarr_application_ldap" { } resource "authentik_policy_binding" "dolibarr_ldap_access_users" { - count = length(local.sorted-groups) target = authentik_application.dolibarr_application_ldap.uuid - group = authentik_group.groups[count.index].id - order = count.index + policy = authentik_policy_expression.policy.id + order = 0 } resource "authentik_policy_binding" "dolibarr_ldap_access_ldap" { target = authentik_application.dolibarr_application_ldap.uuid group = authentik_group.dolibarr_ldapsearch.id - order = length(local.sorted-groups)+1 + order = 1 } resource "authentik_policy_binding" "dolibarr_ldap_access_vynil" { target = authentik_application.dolibarr_application_ldap.uuid group = data.authentik_group.vynil-admin.id - order = length(local.sorted-groups)+2 + order = 2 } resource "authentik_application" "dolibarr_application_saml" { name = "${var.instance}" slug = "${var.component}-${var.instance}" + group = var.app-group protocol_provider = authentik_provider_saml.dolibarr.id meta_launch_url = format("https://%s.%s", var.sub-domain, var.domain-name) meta_icon = format("https://%s.%s/%s", var.sub-domain, var.domain-name, "theme/dolibarr_256x256_color.png") diff --git a/apps/dolibarr/index.yaml b/apps/dolibarr/index.yaml index ea088bf..d7178b4 100644 --- a/apps/dolibarr/index.yaml +++ b/apps/dolibarr/index.yaml @@ -6,33 +6,6 @@ metadata: name: dolibarr description: null options: - storage: - default: - accessMode: ReadWriteOnce - size: 10Gi - type: Filesystem - examples: - - accessMode: ReadWriteOnce - size: 10Gi - type: Filesystem - properties: - accessMode: - default: ReadWriteOnce - enum: - - ReadWriteOnce - - ReadOnlyMany - - ReadWriteMany - type: string - size: - default: 10Gi - type: string - type: - default: Filesystem - enum: - - Filesystem - - block - type: string - type: object parameters: default: MAIN_LANG_DEFAULT: auto @@ -43,89 +16,10 @@ options: default: auto type: string type: object - domain-name: - default: your_company.com + app-group: + default: '' examples: - - your_company.com - type: string - user-groups: - default: - - admin: true - name: dolibarr-admin - examples: - - - admin: true - name: dolibarr-admin - items: - properties: - admin: - type: boolean - name: - type: string - type: object - type: array - modules: - default: - - societe - examples: - - - societe - items: - type: string - type: array - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string - sub-domain: - default: erp - examples: - - erp - type: string - resources: - default: - limits: - cpu: 200m - memory: 256Mi - requests: - cpu: 50m - memory: 100Mi - examples: - - limits: - cpu: 200m - memory: 256Mi - requests: - cpu: 50m - memory: 100Mi - properties: - limits: - default: - cpu: 200m - memory: 256Mi - properties: - cpu: - default: 200m - type: string - memory: - default: 256Mi - type: string - type: object - requests: - default: - cpu: 50m - memory: 100Mi - properties: - cpu: - default: 50m - type: string - memory: - default: 100Mi - type: string - type: object - type: object - ingress-class: - default: traefik - examples: - - traefik + - '' type: string backups: default: @@ -233,6 +127,36 @@ options: default: false type: boolean type: object + sub-domain: + default: erp + examples: + - erp + type: string + domain-name: + default: your_company.com + examples: + - your_company.com + type: string + hpa: + default: + avg-cpu: 50 + max-replicas: 5 + min-replicas: 1 + examples: + - avg-cpu: 50 + max-replicas: 5 + min-replicas: 1 + properties: + avg-cpu: + default: 50 + type: integer + max-replicas: + default: 5 + type: integer + min-replicas: + default: 1 + type: integer + type: object log-level: default: 5 examples: @@ -271,25 +195,46 @@ options: default: 2Gi type: string type: object - hpa: + resources: default: - avg-cpu: 50 - max-replicas: 5 - min-replicas: 1 + limits: + cpu: 200m + memory: 256Mi + requests: + cpu: 50m + memory: 100Mi examples: - - avg-cpu: 50 - max-replicas: 5 - min-replicas: 1 + - limits: + cpu: 200m + memory: 256Mi + requests: + cpu: 50m + memory: 100Mi properties: - avg-cpu: - default: 50 - type: integer - max-replicas: - default: 5 - type: integer - min-replicas: - default: 1 - type: integer + limits: + default: + cpu: 200m + memory: 256Mi + properties: + cpu: + default: 200m + type: string + memory: + default: 256Mi + type: string + type: object + requests: + default: + cpu: 50m + memory: 100Mi + properties: + cpu: + default: 50m + type: string + memory: + default: 100Mi + type: string + type: object type: object postgres: default: @@ -311,6 +256,46 @@ options: default: '14' type: string type: object + modules: + default: + - societe + examples: + - - societe + items: + type: string + type: array + storage: + default: + accessMode: ReadWriteOnce + size: 10Gi + type: Filesystem + examples: + - accessMode: ReadWriteOnce + size: 10Gi + type: Filesystem + properties: + accessMode: + default: ReadWriteOnce + enum: + - ReadWriteOnce + - ReadOnlyMany + - ReadWriteMany + type: string + size: + default: 10Gi + type: string + type: + default: Filesystem + enum: + - Filesystem + - block + type: string + type: object + domain: + default: your-company + examples: + - your-company + type: string images: default: dolibarr: @@ -376,11 +361,31 @@ options: type: string type: object type: object - domain: - default: your-company + issuer: + default: letsencrypt-prod examples: - - your-company + - letsencrypt-prod type: string + ingress-class: + default: traefik + examples: + - traefik + type: string + user-groups: + default: + - admin: true + name: dolibarr-admin + examples: + - - admin: true + name: dolibarr-admin + items: + properties: + admin: + type: boolean + name: + type: string + type: object + type: array dependencies: - dist: null category: share diff --git a/apps/gitea/index.yaml b/apps/gitea/index.yaml index e0ae672..67d67f7 100644 --- a/apps/gitea/index.yaml +++ b/apps/gitea/index.yaml @@ -9,21 +9,21 @@ metadata: A painless self-hosted Git service. Gitea is a community managed lightweight code hosting solution written in Go. It is published under the MIT license. options: - ingress-class: - default: traefik - examples: - - traefik - type: string domain-name: default: your_company.com examples: - your_company.com type: string - release: - default: 8.3.0 + ingress-class: + default: traefik examples: - - 8.3.0 + - traefik type: string + ssh-port: + default: 2222 + examples: + - 2222 + type: integer webhook: default: allowed-hosts: private @@ -59,60 +59,25 @@ options: default: '14' type: string type: object - sub-domain: - default: git + issuer: + default: letsencrypt-prod examples: - - git + - letsencrypt-prod type: string - replicas: - default: 1 - examples: - - 1 - type: integer - admin: - default: - email: git-admin@git.your_company.com - name: gitea_admin - examples: - - email: git-admin@git.your_company.com - name: gitea_admin - properties: - email: - default: git-admin@git.your_company.com - type: string - name: - default: gitea_admin - type: string - type: object timezone: default: Europe/Paris examples: - Europe/Paris type: string - ssh-port: - default: 2222 - examples: - - 2222 - type: integer domain: default: your-company examples: - your-company type: string - default-branch: - default: main + sub-domain: + default: git examples: - - main - type: string - theme: - default: gitea-modern - examples: - - gitea-modern - type: string - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod + - git type: string push-create: default: @@ -134,14 +99,19 @@ options: default: 'true' type: string type: object - volume: + admin: default: - size: 10Gi + email: git-admin@git.your_company.com + name: gitea_admin examples: - - size: 10Gi + - email: git-admin@git.your_company.com + name: gitea_admin properties: - size: - default: 10Gi + email: + default: git-admin@git.your_company.com + type: string + name: + default: gitea_admin type: string type: object images: @@ -207,11 +177,31 @@ options: type: string type: object type: object - disable-registration: - default: true + app-group: + default: dev examples: - - true - type: boolean + - dev + type: string + theme: + default: gitea-modern + examples: + - gitea-modern + type: string + volume: + default: + size: 10Gi + examples: + - size: 10Gi + properties: + size: + default: 10Gi + type: string + type: object + release: + default: 8.3.0 + examples: + - 8.3.0 + type: string load-balancer: default: ip: '' @@ -222,6 +212,16 @@ options: default: '' type: string type: object + disable-registration: + default: true + examples: + - true + type: boolean + default-branch: + default: main + examples: + - main + type: string backups: default: enable: false @@ -328,6 +328,11 @@ options: default: false type: boolean type: object + replicas: + default: 1 + examples: + - 1 + type: integer dependencies: - dist: null category: share diff --git a/apps/gitea/ldap.tf b/apps/gitea/ldap.tf index 68aaffc..e063a70 100644 --- a/apps/gitea/ldap.tf +++ b/apps/gitea/ldap.tf @@ -83,6 +83,7 @@ resource "authentik_provider_ldap" "gitea_provider_ldap" { resource "authentik_application" "gitea_application" { name = "${var.instance}" slug = "${var.component}-${var.instance}-ldap" + group = var.app-group protocol_provider = authentik_provider_ldap.gitea_provider_ldap.id meta_launch_url = format("https://%s.%s", var.sub-domain, var.domain-name) meta_icon = format("https://%s.%s/%s", var.sub-domain, var.domain-name, "assets/img/logo.svg") diff --git a/apps/nextcloud/application.tf b/apps/nextcloud/application.tf index c3ad93e..1d837dd 100644 --- a/apps/nextcloud/application.tf +++ b/apps/nextcloud/application.tf @@ -13,6 +13,7 @@ resource "authentik_group" "groups" { resource "authentik_application" "prj_app" { name = "${var.instance}" slug = "${var.component}-${var.instance}" + group = var.app-group protocol_provider = authentik_provider_oauth2.oauth2.id meta_launch_url = format("https://%s.%s", var.sub-domain, var.domain-name) meta_icon = format("https://%s.%s/%s", var.sub-domain, var.domain-name, "apps/theming/favicon") diff --git a/apps/nextcloud/index.yaml b/apps/nextcloud/index.yaml index cdde54a..a381f19 100644 --- a/apps/nextcloud/index.yaml +++ b/apps/nextcloud/index.yaml @@ -96,117 +96,21 @@ options: default: true type: boolean type: object - openid-name: - default: vynil + domain-name: + default: your_company.com examples: - - vynil + - your_company.com type: string - backups: - default: - enable: false - endpoint: '' - key-id-key: s3-id - restic-key: bck-password - retention: - db: 30d - keepDaily: 14 - keepMonthly: 12 - keepWeekly: 6 - keepYearly: 12 - schedule: - backup: 30 3 * * * - check: 30 5 * * 1 - db: 30 3 * * * - prune: 30 1 * * 0 - secret-key: s3-secret - secret-name: backup-settings - use-barman: false + domain: + default: your-company examples: - - enable: false - endpoint: '' - key-id-key: s3-id - restic-key: bck-password - retention: - db: 30d - keepDaily: 14 - keepMonthly: 12 - keepWeekly: 6 - keepYearly: 12 - schedule: - backup: 30 3 * * * - check: 30 5 * * 1 - db: 30 3 * * * - prune: 30 1 * * 0 - secret-key: s3-secret - secret-name: backup-settings - use-barman: false - properties: - enable: - default: false - type: boolean - endpoint: - default: '' - type: string - key-id-key: - default: s3-id - type: string - restic-key: - default: bck-password - type: string - retention: - default: - db: 30d - keepDaily: 14 - keepMonthly: 12 - keepWeekly: 6 - keepYearly: 12 - properties: - db: - default: 30d - type: string - keepDaily: - default: 14 - type: integer - keepMonthly: - default: 12 - type: integer - keepWeekly: - default: 6 - type: integer - keepYearly: - default: 12 - type: integer - type: object - schedule: - default: - backup: 30 3 * * * - check: 30 5 * * 1 - db: 30 3 * * * - prune: 30 1 * * 0 - properties: - backup: - default: 30 3 * * * - type: string - check: - default: 30 5 * * 1 - type: string - db: - default: 30 3 * * * - type: string - prune: - default: 30 1 * * 0 - type: string - type: object - secret-key: - default: s3-secret - type: string - secret-name: - default: backup-settings - type: string - use-barman: - default: false - type: boolean - type: object + - your-company + type: string + sub-domain: + default: files + examples: + - files + type: string images: default: collabora: @@ -370,30 +274,140 @@ options: type: string type: object type: object - hpa: + storage: default: - avg-cpu: 50 - max-replicas: 5 - min-replicas: 1 + accessMode: ReadWriteOnce + size: 10Gi examples: - - avg-cpu: 50 - max-replicas: 5 - min-replicas: 1 + - accessMode: ReadWriteOnce + size: 10Gi properties: - avg-cpu: - default: 50 - type: integer - max-replicas: - default: 5 - type: integer - min-replicas: - default: 1 - type: integer + accessMode: + default: ReadWriteOnce + enum: + - ReadWriteOnce + - ReadOnlyMany + - ReadWriteMany + type: string + size: + default: 10Gi + type: string type: object - domain-name: - default: your_company.com + app-group: + default: '' examples: - - your_company.com + - '' + type: string + backups: + default: + enable: false + endpoint: '' + key-id-key: s3-id + restic-key: bck-password + retention: + db: 30d + keepDaily: 14 + keepMonthly: 12 + keepWeekly: 6 + keepYearly: 12 + schedule: + backup: 30 3 * * * + check: 30 5 * * 1 + db: 30 3 * * * + prune: 30 1 * * 0 + secret-key: s3-secret + secret-name: backup-settings + use-barman: false + examples: + - enable: false + endpoint: '' + key-id-key: s3-id + restic-key: bck-password + retention: + db: 30d + keepDaily: 14 + keepMonthly: 12 + keepWeekly: 6 + keepYearly: 12 + schedule: + backup: 30 3 * * * + check: 30 5 * * 1 + db: 30 3 * * * + prune: 30 1 * * 0 + secret-key: s3-secret + secret-name: backup-settings + use-barman: false + properties: + enable: + default: false + type: boolean + endpoint: + default: '' + type: string + key-id-key: + default: s3-id + type: string + restic-key: + default: bck-password + type: string + retention: + default: + db: 30d + keepDaily: 14 + keepMonthly: 12 + keepWeekly: 6 + keepYearly: 12 + properties: + db: + default: 30d + type: string + keepDaily: + default: 14 + type: integer + keepMonthly: + default: 12 + type: integer + keepWeekly: + default: 6 + type: integer + keepYearly: + default: 12 + type: integer + type: object + schedule: + default: + backup: 30 3 * * * + check: 30 5 * * 1 + db: 30 3 * * * + prune: 30 1 * * 0 + properties: + backup: + default: 30 3 * * * + type: string + check: + default: 30 5 * * 1 + type: string + db: + default: 30 3 * * * + type: string + prune: + default: 30 1 * * 0 + type: string + type: object + secret-key: + default: s3-secret + type: string + secret-name: + default: backup-settings + type: string + use-barman: + default: false + type: boolean + type: object + openid-name: + default: vynil + examples: + - vynil type: string redis: default: @@ -433,21 +447,36 @@ options: examples: - traefik type: string - sub-domain: - default: files + hpa: + default: + avg-cpu: 50 + max-replicas: 5 + min-replicas: 1 examples: - - files - type: string - domain: - default: your-company + - avg-cpu: 50 + max-replicas: 5 + min-replicas: 1 + properties: + avg-cpu: + default: 50 + type: integer + max-replicas: + default: 5 + type: integer + min-replicas: + default: 1 + type: integer + type: object + admin: + default: + name: nextcloud_admin examples: - - your-company - type: string - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string + - name: nextcloud_admin + properties: + name: + default: nextcloud_admin + type: string + type: object postgres: default: replicas: 1 @@ -468,35 +497,11 @@ options: default: '14' type: string type: object - storage: - default: - accessMode: ReadWriteOnce - size: 10Gi + issuer: + default: letsencrypt-prod examples: - - accessMode: ReadWriteOnce - size: 10Gi - properties: - accessMode: - default: ReadWriteOnce - enum: - - ReadWriteOnce - - ReadOnlyMany - - ReadWriteMany - type: string - size: - default: 10Gi - type: string - type: object - admin: - default: - name: nextcloud_admin - examples: - - name: nextcloud_admin - properties: - name: - default: nextcloud_admin - type: string - type: object + - letsencrypt-prod + type: string dependencies: - dist: null category: share diff --git a/apps/traefik-ui/forward.tf b/apps/traefik-ui/forward.tf index ca6f35e..55f8ec7 100644 --- a/apps/traefik-ui/forward.tf +++ b/apps/traefik-ui/forward.tf @@ -60,6 +60,7 @@ resource "authentik_provider_proxy" "prj_forward" { resource "authentik_application" "prj_application" { name = "${var.component}" slug = "${var.component}-${var.instance}" + group = var.app-group protocol_provider = authentik_provider_proxy.prj_forward.id meta_launch_url = format("https://%s.%s", var.sub-domain, var.domain-name) meta_icon = format("https://%s.%s/%s", var.sub-domain, var.domain-name, local.app-icon) diff --git a/apps/traefik-ui/index.yaml b/apps/traefik-ui/index.yaml index 67ae382..e5630b6 100644 --- a/apps/traefik-ui/index.yaml +++ b/apps/traefik-ui/index.yaml @@ -6,11 +6,6 @@ metadata: name: traefik-ui description: Access to the Traefik UI options: - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string ingress-class: default: traefik examples: @@ -31,6 +26,16 @@ options: examples: - your-company type: string + app-group: + default: infra + examples: + - infra + type: string + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string dependencies: - dist: null category: share diff --git a/meta/domain-apps/apps.tf b/meta/domain-apps/apps.tf index a011cb3..1e22ebe 100644 --- a/meta/domain-apps/apps.tf +++ b/meta/domain-apps/apps.tf @@ -7,13 +7,19 @@ locals { "vynil.solidite.fr/ingress" = var.ingress-class } global = { - "domain" = var.namespace - "domain-name" = var.domain-name - "issuer" = var.issuer + "domain" = var.namespace + "domain-name" = var.domain-name + "issuer" = var.issuer "ingress-class" = var.ingress-class - "backups" = var.backups + "backups" = var.backups } - nextcloud = { for k, v in var.nextcloud : k => v if k!="enable" } + nextcloud = { for k, v in var.nextcloud : k => v if contains(["enable","storage"],k) } + nextcloud-storage = merge({ + "storage" = { + "size" = "10Gi" + "accessMode" = var.storage-classes.FilesystemReadWriteMany!=""?"ReadWriteMany":"ReadWriteOnce" + } + }, { for k, v in var.nextcloud : k => v if k=="storage" }) } resource "kubernetes_namespace_v1" "files-ns" { @@ -39,6 +45,6 @@ resource "kubectl_manifest" "nextcloud" { distrib: "${var.distributions.domain}" category: "apps" component: "nextcloud" - options: ${jsonencode(merge(local.global, local.nextcloud))} + options: ${jsonencode(merge(local.global, local.nextcloud-storage, local.nextcloud))} EOF } diff --git a/meta/domain-apps/index.yaml b/meta/domain-apps/index.yaml index c8057cb..86815f9 100644 --- a/meta/domain-apps/index.yaml +++ b/meta/domain-apps/index.yaml @@ -6,51 +6,11 @@ metadata: name: domain-apps description: null options: - nextcloud: - default: - enable: false - examples: - - enable: false - properties: - enable: - default: false - type: boolean - type: object - domain-name: - default: your_company.com - examples: - - your_company.com - type: string domain: default: your-company examples: - your-company type: string - distributions: - default: - core: core - domain: domain - examples: - - core: core - domain: domain - properties: - core: - default: core - type: string - domain: - default: domain - type: string - type: object - ingress-class: - default: traefik - examples: - - traefik - type: string - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string backups: default: enable: false @@ -81,6 +41,71 @@ options: default: backup-settings type: string type: object + distributions: + default: + core: core + domain: domain + examples: + - core: core + domain: domain + properties: + core: + default: core + type: string + domain: + default: domain + type: string + type: object + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + nextcloud: + default: + enable: false + examples: + - enable: false + properties: + enable: + default: false + type: boolean + type: object + ingress-class: + default: traefik + examples: + - traefik + type: string + domain-name: + default: your_company.com + examples: + - your_company.com + type: string + storage-classes: + default: + BlockReadWriteMany: '' + BlockReadWriteOnce: '' + FilesystemReadWriteMany: '' + FilesystemReadWriteOnce: '' + examples: + - BlockReadWriteMany: '' + BlockReadWriteOnce: '' + FilesystemReadWriteMany: '' + FilesystemReadWriteOnce: '' + properties: + BlockReadWriteMany: + default: '' + type: string + BlockReadWriteOnce: + default: '' + type: string + FilesystemReadWriteMany: + default: '' + type: string + FilesystemReadWriteOnce: + default: '' + type: string + type: object dependencies: [] providers: kubernetes: true diff --git a/meta/domain-auth/index.yaml b/meta/domain-auth/index.yaml index 61f8249..653b24d 100644 --- a/meta/domain-auth/index.yaml +++ b/meta/domain-auth/index.yaml @@ -6,71 +6,6 @@ metadata: name: domain-auth description: null options: - authentik: - default: - enable: true - examples: - - enable: true - properties: - enable: - default: true - type: boolean - type: object - domain: - default: your-company - examples: - - your-company - type: string - ingress-class: - default: traefik - examples: - - traefik - type: string - authentik-ldap: - default: - enable: false - examples: - - enable: false - properties: - enable: - default: false - type: boolean - type: object - domain-name: - default: your_company.com - examples: - - your_company.com - type: string - backups: - default: - enable: false - endpoint: '' - key-id-key: s3-id - secret-key: s3-secret - secret-name: backup-settings - examples: - - enable: false - endpoint: '' - key-id-key: s3-id - secret-key: s3-secret - secret-name: backup-settings - properties: - enable: - default: false - type: boolean - endpoint: - default: '' - type: string - key-id-key: - default: s3-id - type: string - secret-key: - default: s3-secret - type: string - secret-name: - default: backup-settings - type: string - type: object distributions: default: core: core @@ -101,6 +36,96 @@ options: examples: - letsencrypt-prod type: string + authentik: + default: + enable: true + examples: + - enable: true + properties: + enable: + default: true + type: boolean + type: object + domain-name: + default: your_company.com + examples: + - your_company.com + type: string + authentik-ldap: + default: + enable: false + examples: + - enable: false + properties: + enable: + default: false + type: boolean + type: object + backups: + default: + enable: false + endpoint: '' + key-id-key: s3-id + secret-key: s3-secret + secret-name: backup-settings + examples: + - enable: false + endpoint: '' + key-id-key: s3-id + secret-key: s3-secret + secret-name: backup-settings + properties: + enable: + default: false + type: boolean + endpoint: + default: '' + type: string + key-id-key: + default: s3-id + type: string + secret-key: + default: s3-secret + type: string + secret-name: + default: backup-settings + type: string + type: object + ingress-class: + default: traefik + examples: + - traefik + type: string + storage-classes: + default: + BlockReadWriteMany: '' + BlockReadWriteOnce: '' + FilesystemReadWriteMany: '' + FilesystemReadWriteOnce: '' + examples: + - BlockReadWriteMany: '' + BlockReadWriteOnce: '' + FilesystemReadWriteMany: '' + FilesystemReadWriteOnce: '' + properties: + BlockReadWriteMany: + default: '' + type: string + BlockReadWriteOnce: + default: '' + type: string + FilesystemReadWriteMany: + default: '' + type: string + FilesystemReadWriteOnce: + default: '' + type: string + type: object + domain: + default: your-company + examples: + - your-company + type: string dependencies: [] providers: kubernetes: true diff --git a/meta/domain-ci/apps.tf b/meta/domain-ci/apps.tf index 4232ccf..8b09a00 100644 --- a/meta/domain-ci/apps.tf +++ b/meta/domain-ci/apps.tf @@ -13,8 +13,19 @@ locals { "ingress-class" = var.ingress-class "backups" = var.backups } - gitea = { for k, v in var.gitea : k => v if k!="enable" } + gitea = { for k, v in var.gitea : k => v if contains(["enable","storage-server","storage-agent"],k) } woodpecker = { for k, v in var.woodpecker : k => v if k!="enable" } + woodpecker-storage = merge({ + "storage-server" = { + "size" = "10Gi" + "accessMode" = var.storage-classes.FilesystemReadWriteMany!=""?"ReadWriteMany":"ReadWriteOnce" + } + "storage-agent" = { + "size" = "10Gi" + "writeMany" = var.storage-classes.FilesystemReadWriteMany!=""?"true":"false" + "storageClass" = var.storage-classes.FilesystemReadWriteMany!=""?var.storage-classes.FilesystemReadWriteMany:var.storage-classes.FilesystemReadWriteOnce + } + }, { for k, v in var.dolibarr : k => v if contains(["storage-server","storage-agent"],k) }) } resource "kubernetes_namespace_v1" "ci-ns" { @@ -58,6 +69,6 @@ resource "kubectl_manifest" "woodpecker" { distrib: "${var.distributions.domain}" category: "apps" component: "woodpecker" - options: ${jsonencode(merge(local.global, local.woodpecker))} + options: ${jsonencode(merge(local.global, local.woodpecker-storage, local.woodpecker))} EOF } diff --git a/meta/domain-ci/index.yaml b/meta/domain-ci/index.yaml index edd8886..3f44182 100644 --- a/meta/domain-ci/index.yaml +++ b/meta/domain-ci/index.yaml @@ -6,51 +6,6 @@ metadata: name: domain-ci description: null options: - gitea: - default: - enable: true - examples: - - enable: true - properties: - enable: - default: true - type: boolean - type: object - ingress-class: - default: traefik - examples: - - traefik - type: string - distributions: - default: - core: core - domain: domain - examples: - - core: core - domain: domain - properties: - core: - default: core - type: string - domain: - default: domain - type: string - type: object - woodpecker: - default: - enable: false - examples: - - enable: false - properties: - enable: - default: false - type: boolean - type: object - domain: - default: your-company - examples: - - your-company - type: string backups: default: enable: false @@ -81,15 +36,85 @@ options: default: backup-settings type: string type: object + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + distributions: + default: + core: core + domain: domain + examples: + - core: core + domain: domain + properties: + core: + default: core + type: string + domain: + default: domain + type: string + type: object domain-name: default: your_company.com examples: - your_company.com type: string - issuer: - default: letsencrypt-prod + woodpecker: + default: + enable: false examples: - - letsencrypt-prod + - enable: false + properties: + enable: + default: false + type: boolean + type: object + storage-classes: + default: + BlockReadWriteMany: '' + BlockReadWriteOnce: '' + FilesystemReadWriteMany: '' + FilesystemReadWriteOnce: '' + examples: + - BlockReadWriteMany: '' + BlockReadWriteOnce: '' + FilesystemReadWriteMany: '' + FilesystemReadWriteOnce: '' + properties: + BlockReadWriteMany: + default: '' + type: string + BlockReadWriteOnce: + default: '' + type: string + FilesystemReadWriteMany: + default: '' + type: string + FilesystemReadWriteOnce: + default: '' + type: string + type: object + gitea: + default: + enable: true + examples: + - enable: true + properties: + enable: + default: true + type: boolean + type: object + domain: + default: your-company + examples: + - your-company + type: string + ingress-class: + default: traefik + examples: + - traefik type: string dependencies: [] providers: diff --git a/meta/domain-erp/apps.tf b/meta/domain-erp/apps.tf index 5a1760c..274305f 100644 --- a/meta/domain-erp/apps.tf +++ b/meta/domain-erp/apps.tf @@ -13,7 +13,14 @@ locals { "ingress-class" = var.ingress-class "backups" = var.backups } - dolibarr = { for k, v in var.dolibarr : k => v if k!="enable" } + dolibarr = { for k, v in var.dolibarr : k => v if contains(["enable","storage"],k) } + doli-storage = merge({ + "storage" = { + "size" = "10Gi" + "accessMode" = var.storage-classes.FilesystemReadWriteMany!=""?"ReadWriteMany":"ReadWriteOnce" + "type" = "Filesystem" + } + }, { for k, v in var.dolibarr : k => v if k=="storage" }) } resource "kubernetes_namespace_v1" "erp-ns" { @@ -39,6 +46,6 @@ resource "kubectl_manifest" "dolibarr" { distrib: "${var.distributions.domain}" category: "apps" component: "dolibarr" - options: ${jsonencode(merge(local.global, local.dolibarr))} + options: ${jsonencode(merge(local.global, local.doli-storage, local.dolibarr))} EOF } diff --git a/meta/domain-erp/index.yaml b/meta/domain-erp/index.yaml index 6ff8e3c..9c3ce0c 100644 --- a/meta/domain-erp/index.yaml +++ b/meta/domain-erp/index.yaml @@ -11,21 +11,6 @@ options: examples: - your-company type: string - domain-name: - default: your_company.com - examples: - - your_company.com - type: string - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string - ingress-class: - default: traefik - examples: - - traefik - type: string distributions: default: core: core @@ -71,6 +56,36 @@ options: default: backup-settings type: string type: object + ingress-class: + default: traefik + examples: + - traefik + type: string + storage-classes: + default: + BlockReadWriteMany: '' + BlockReadWriteOnce: '' + FilesystemReadWriteMany: '' + FilesystemReadWriteOnce: '' + examples: + - BlockReadWriteMany: '' + BlockReadWriteOnce: '' + FilesystemReadWriteMany: '' + FilesystemReadWriteOnce: '' + properties: + BlockReadWriteMany: + default: '' + type: string + BlockReadWriteOnce: + default: '' + type: string + FilesystemReadWriteMany: + default: '' + type: string + FilesystemReadWriteOnce: + default: '' + type: string + type: object dolibarr: default: enable: true @@ -81,6 +96,16 @@ options: default: true type: boolean type: object + domain-name: + default: your_company.com + examples: + - your_company.com + type: string + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string dependencies: [] providers: kubernetes: true diff --git a/meta/domain-infra/apps.tf b/meta/domain-infra/apps.tf index 99ca661..efca1b5 100644 --- a/meta/domain-infra/apps.tf +++ b/meta/domain-infra/apps.tf @@ -12,6 +12,7 @@ locals { "issuer" = var.issuer "ingress-class" = var.ingress-class "backups" = var.backups + "app-group" = var.app-group } traefik = { for k, v in var.traefik : k => v if k!="enable" } dns = { for k, v in var.dns : k => v if k!="enable" } @@ -52,7 +53,7 @@ resource "kubectl_manifest" "traefik" { apiVersion: "vynil.solidite.fr/v1" kind: "Install" metadata: - name: "traefik-ui-${var.namespace}" + name: "${var.namespace}" namespace: "${var.traefik.namespace}" labels: ${jsonencode(local.common-labels)} spec: diff --git a/meta/domain-infra/index.yaml b/meta/domain-infra/index.yaml index d484860..795824d 100644 --- a/meta/domain-infra/index.yaml +++ b/meta/domain-infra/index.yaml @@ -6,71 +6,6 @@ metadata: name: domain-infra description: null options: - dns: - default: - enable: false - examples: - - enable: false - properties: - enable: - default: false - type: boolean - type: object - traefik: - default: - enable: false - namespace: traefik - examples: - - enable: false - namespace: traefik - properties: - enable: - default: false - type: boolean - namespace: - default: traefik - type: string - type: object - ingress-class: - default: traefik - examples: - - traefik - type: string - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string - api: - default: - enable: false - examples: - - enable: false - properties: - enable: - default: false - type: boolean - type: object - distributions: - default: - core: core - domain: domain - examples: - - core: core - domain: domain - properties: - core: - default: core - type: string - domain: - default: domain - type: string - type: object - domain: - default: your-company - examples: - - your-company - type: string backups: default: enable: false @@ -101,11 +36,106 @@ options: default: backup-settings type: string type: object + app-group: + default: infra + examples: + - infra + type: string + traefik: + default: + enable: false + namespace: traefik + examples: + - enable: false + namespace: traefik + properties: + enable: + default: false + type: boolean + namespace: + default: traefik + type: string + type: object + dns: + default: + enable: false + examples: + - enable: false + properties: + enable: + default: false + type: boolean + type: object + api: + default: + enable: false + examples: + - enable: false + properties: + enable: + default: false + type: boolean + type: object + distributions: + default: + core: core + domain: domain + examples: + - core: core + domain: domain + properties: + core: + default: core + type: string + domain: + default: domain + type: string + type: object domain-name: default: your_company.com examples: - your_company.com type: string + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + domain: + default: your-company + examples: + - your-company + type: string + ingress-class: + default: traefik + examples: + - traefik + type: string + storage-classes: + default: + BlockReadWriteMany: '' + BlockReadWriteOnce: '' + FilesystemReadWriteMany: '' + FilesystemReadWriteOnce: '' + examples: + - BlockReadWriteMany: '' + BlockReadWriteOnce: '' + FilesystemReadWriteMany: '' + FilesystemReadWriteOnce: '' + properties: + BlockReadWriteMany: + default: '' + type: string + BlockReadWriteOnce: + default: '' + type: string + FilesystemReadWriteMany: + default: '' + type: string + FilesystemReadWriteOnce: + default: '' + type: string + type: object dependencies: [] providers: kubernetes: true diff --git a/meta/domain/index.yaml b/meta/domain/index.yaml index ce03e49..e72a39e 100644 --- a/meta/domain/index.yaml +++ b/meta/domain/index.yaml @@ -6,11 +6,78 @@ metadata: name: domain description: null options: - ingress-class: - default: traefik + distributions: + default: + core: core + domain: domain examples: - - traefik - type: string + - core: core + domain: domain + properties: + core: + default: core + type: string + domain: + default: domain + type: string + type: object + erp: + default: + dolibarr: + enable: true + enable: false + examples: + - dolibarr: + enable: true + enable: false + properties: + dolibarr: + default: + enable: true + properties: + enable: + default: true + type: boolean + type: object + enable: + default: false + type: boolean + type: object + storage-classes: + default: + BlockReadWriteMany: '' + BlockReadWriteOnce: '' + FilesystemReadWriteMany: '' + FilesystemReadWriteOnce: '' + examples: + - BlockReadWriteMany: '' + BlockReadWriteOnce: '' + FilesystemReadWriteMany: '' + FilesystemReadWriteOnce: '' + properties: + BlockReadWriteMany: + default: '' + type: string + BlockReadWriteOnce: + default: '' + type: string + FilesystemReadWriteMany: + default: '' + type: string + FilesystemReadWriteOnce: + default: '' + type: string + type: object + auth: + default: + enable: true + examples: + - enable: true + properties: + enable: + default: true + type: boolean + type: object backups: default: enable: false @@ -41,85 +108,38 @@ options: default: backup-settings type: string type: object - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string domain-name: default: your_company.com examples: - your_company.com type: string - distributions: - default: - core: core - domain: domain + issuer: + default: letsencrypt-prod examples: - - core: core - domain: domain - properties: - core: - default: core - type: string - domain: - default: domain - type: string - type: object - auth: - default: - enable: true - examples: - - enable: true - properties: - enable: - default: true - type: boolean - type: object - ci: + - letsencrypt-prod + type: string + infra: default: enable: false - gitea: - enable: true + traefik: + enable: false examples: - enable: false - gitea: - enable: true + traefik: + enable: false properties: enable: default: false type: boolean - gitea: + traefik: default: - enable: true + enable: false properties: enable: - default: true + default: false type: boolean type: object type: object - erp: - default: - dolibarr: - enable: true - enable: false - examples: - - dolibarr: - enable: true - enable: false - properties: - dolibarr: - default: - enable: true - properties: - enable: - default: true - type: boolean - type: object - enable: - default: false - type: boolean - type: object apps: default: enable: false @@ -142,29 +162,44 @@ options: type: boolean type: object type: object - infra: + mail: default: enable: false - traefik: - enable: false examples: - enable: false - traefik: - enable: false properties: enable: default: false type: boolean - traefik: + type: object + ingress-class: + default: traefik + examples: + - traefik + type: string + ci: + default: + enable: false + gitea: + enable: true + examples: + - enable: false + gitea: + enable: true + properties: + enable: + default: false + type: boolean + gitea: default: - enable: false + enable: true properties: enable: - default: false + default: true type: boolean type: object type: object - mail: + devspaces: default: enable: false examples: diff --git a/meta/domain/installs.tf b/meta/domain/installs.tf index baf1e38..dcb2162 100644 --- a/meta/domain/installs.tf +++ b/meta/domain/installs.tf @@ -6,6 +6,7 @@ locals { "ingress-class" = var.ingress-class "distributions" = var.distributions "backups" = var.backups + "storage-classes"= var.storage-classes } annotations = { "vynil.solidite.fr/meta" = var.component diff --git a/share/wildduck/application.tf b/share/wildduck/application.tf index 6fd11d6..670bbd1 100644 --- a/share/wildduck/application.tf +++ b/share/wildduck/application.tf @@ -14,6 +14,7 @@ resource "authentik_application" "prj_app" { name = "${var.instance}" slug = "${var.component}-${var.instance}" #protocol_provider = authentik_provider_oauth2.oauth2.id + group = var.app-group backchannel_providers = [authentik_provider_scim.scim.id] meta_launch_url = format("https://%s.%s", var.sub-domain, var.domain-name) meta_icon = format("https://%s.%s/%s", var.sub-domain, var.domain-name, "favicon-32x32.png") diff --git a/share/wildduck/index.yaml b/share/wildduck/index.yaml index 7fac2f9..a2ccc41 100644 --- a/share/wildduck/index.yaml +++ b/share/wildduck/index.yaml @@ -6,54 +6,11 @@ metadata: name: wildduck description: null options: - domain-name: - default: your_company.com + ingress-class: + default: traefik examples: - - your_company.com + - traefik type: string - domain: - default: your-company - examples: - - your-company - type: string - redis: - default: - exporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 - image: quay.io/opstree/redis:v7.0.5 - storage: 2Gi - examples: - - exporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 - image: quay.io/opstree/redis:v7.0.5 - storage: 2Gi - properties: - exporter: - default: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 - properties: - enabled: - default: true - type: boolean - image: - default: quay.io/opstree/redis-exporter:v1.44.0 - type: string - type: object - image: - default: quay.io/opstree/redis:v7.0.5 - type: string - storage: - default: 2Gi - type: string - type: object - additional-domains: - default: [] - items: - type: string - type: array backups: default: enable: false @@ -293,21 +250,69 @@ options: type: string type: object type: object - sub-domain: - default: mail + domain: + default: your-company examples: - - mail + - your-company type: string - ingress-class: - default: traefik + app-group: + default: '' examples: - - traefik + - '' + type: string + additional-domains: + default: [] + items: + type: string + type: array + redis: + default: + exporter: + enabled: true + image: quay.io/opstree/redis-exporter:v1.44.0 + image: quay.io/opstree/redis:v7.0.5 + storage: 2Gi + examples: + - exporter: + enabled: true + image: quay.io/opstree/redis-exporter:v1.44.0 + image: quay.io/opstree/redis:v7.0.5 + storage: 2Gi + properties: + exporter: + default: + enabled: true + image: quay.io/opstree/redis-exporter:v1.44.0 + properties: + enabled: + default: true + type: boolean + image: + default: quay.io/opstree/redis-exporter:v1.44.0 + type: string + type: object + image: + default: quay.io/opstree/redis:v7.0.5 + type: string + storage: + default: 2Gi + type: string + type: object + domain-name: + default: your_company.com + examples: + - your_company.com type: string issuer: default: letsencrypt-prod examples: - letsencrypt-prod type: string + sub-domain: + default: mail + examples: + - mail + type: string dependencies: - dist: null category: dbo