Modules (#7)

* moved files * added missing modules - monitoring - nextcloud - nextcloud_staging * update * update * terraform version update
steled · Apr 20, 2024 · e7371ee · e7371ee
1 parent 7df10b0
commit e7371ee
Show file tree

Hide file tree

Showing 47 changed files with 697 additions and 139 deletions.
diff --git a/bin/create-hook-symlinks.sh b/bin/create-hook-symlinks.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+for hook in "$(dirname "$0")/../githooks/"*; do
+    ln -s -f "../../githooks/$(basename $hook)" "$(dirname "$0")/../.git/hooks/$(basename $hook)"
+    echo -e "\n# run $(basename $hook) script" >> "$(dirname "$0")/../.git/hooks/pre-commit"
+    echo "\$(dirname \"\$0\")/$(basename $hook)" >> "$(dirname "$0")/../.git/hooks/pre-commit"
+done
diff --git a/cert-manager/cert-manager.tf b/cert-manager/cert-manager.tf
@@ -1,11 +1,12 @@
 resource "kubernetes_namespace" "certmanager" {
   metadata {
-    name = var.kubernetes_namespace_name
+    name = var.namespace
   }
 }
 
 resource "helm_release" "certmanager" {
   name       = "cert-manager"
+  namespace  = kubernetes_namespace.certmanager.metadata[0].name
 
   repository = "https://charts.jetstack.io"
   chart      = "cert-manager"
@@ -15,6 +16,4 @@ resource "helm_release" "certmanager" {
     name = "installCRDs"
     value = "true"
   }
-
-  namespace = kubernetes_namespace.certmanager.metadata[0].name
 }
diff --git a/cert-manager/duckdns-webhook.tf b/cert-manager/duckdns-webhook.tf
@@ -1,11 +1,10 @@
 resource "helm_release" "duckdns_webhook" {
   name       = "duckdns-webhook"
+  namespace  = kubernetes_namespace.certmanager.metadata[0].name
 
   repository = "https://ebrianne.github.io/helm-charts"
   chart      = "cert-manager-webhook-duckdns"
   version    = var.duckdns_webhook_version # check version here: https://github.com/ebrianne/helm-charts/blob/master/charts/cert-manager-webhook-duckdns/Chart.yaml
 
-  values = [ var.values_yaml ]
-
-  namespace = kubernetes_namespace.certmanager.metadata[0].name
+  values = [ file(var.duckdns_webhook_values_yaml) ]
 }
diff --git a/cert-manager/main.tf b/cert-manager/main.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 1.2.8"
+  required_version = "~> 1.8.1"
 
   required_providers {
     helm = {

diff --git a/cert-manager/variables.tf b/cert-manager/variables.tf
@@ -1,19 +1,19 @@
-variable "cert_manager_version" {
+variable "namespace" {
   type = string
-  description = "Set the version of cert-manager"
+  description = "Name of the kubernetes namespace"
 }
 
-variable "values_yaml" {
+variable "cert_manager_version" {
   type = string
-  description = "Path to the values.yml file, relative to the root module"
+  description = "Set the version of cert-manager"
 }
 
 variable "duckdns_webhook_version" {
   type = string
   description = "Set the version of duckdns webhook"
 }
 
-variable "kubernetes_namespace_name" {
+variable "duckdns_webhook_values_yaml" {
   type = string
-  description = "Name of the kubernetes namespace"
+  description = "Path to the duckdns webhook values.yml file, relative to the root module"
 }
diff --git a/dht22/dht22/dht22.tf b/dht22/dht22/dht22.tf
@@ -1,7 +1,7 @@
 resource "kubernetes_deployment" "dht22" {
   metadata {
     name      = "dht22"
-    namespace = var.kubernetes_namespace_name
+    namespace = var.namespace
     labels = {
       app = "dht22"
     }

diff --git a/dht22/dht22/variables.tf b/dht22/dht22/variables.tf
@@ -1,4 +1,4 @@
-variable "kubernetes_namespace_name" {
+variable "namespace" {
   type = string
   description = "Name of the kubernetes namespace"
 }

diff --git a/dht22/dht22_sdm.tf b/dht22/dht22_sdm.tf
@@ -1,22 +1,22 @@
 resource "kubernetes_namespace" "sdm-dht22" {
   metadata {
-    name = var.kubernetes_namespace_name
+    name = var.namespace
   }
 }
 
 module "sdm" {
   source = "./sdm"
-  kubernetes_namespace_name = var.kubernetes_namespace_name
-  node_name                 = var.node_name
-  image                     = var.sdm_image # check version here: https://gitlab.com/arm-research/smarter/smarter-device-manager/container_registry/1080664
+  namespace = kubernetes_namespace.sdm-dht22.metadata[0].name
+  node_name = var.node_name
+  image     = var.sdm_image # check version here: https://gitlab.com/arm-research/smarter/smarter-device-manager/container_registry/1080664
 }
 
 module "dht22" {
   source = "./dht22"
 
-  kubernetes_namespace_name = var.kubernetes_namespace_name
-  node_name                 = var.node_name
-  image                     = var.dht22_image
+  namespace = kubernetes_namespace.sdm-dht22.metadata[0].name
+  node_name = var.node_name
+  image     = var.dht22_image
 
   depends_on = [ module.sdm, ]
 }
diff --git a/dht22/main.tf b/dht22/main.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 1.2.8"
+  required_version = "~> 1.8.1"
 
   required_providers {
     kubernetes = {

diff --git a/dht22/sdm/sdm.tf b/dht22/sdm/sdm.tf
@@ -1,7 +1,7 @@
 resource "kubernetes_config_map" "sdm" {
   metadata {
     name = "smarter-device-manager"
-    namespace = var.kubernetes_namespace_name
+    namespace = var.namespace
   }
 
   data = {
@@ -15,7 +15,7 @@ CONF
 resource "kubernetes_deployment" "sdm" {
   metadata {
     name      = "smarter-device-manager"
-    namespace = var.kubernetes_namespace_name
+    namespace = var.namespace
     labels = {
       app = "sdm"
     }

diff --git a/dht22/sdm/variables.tf b/dht22/sdm/variables.tf
@@ -1,4 +1,4 @@
-variable "kubernetes_namespace_name" {
+variable "namespace" {
   type = string
   description = "Name of the kubernetes namespace"
 }

diff --git a/dht22/variables.tf b/dht22/variables.tf
@@ -1,4 +1,4 @@
-variable "kubernetes_namespace_name" {
+variable "namespace" {
   type = string
   description = "Name of the kubernetes namespace"
 }

diff --git a/gitea/main.tf b/gitea/main.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 1.2.8"
+  required_version = "~> 1.8.1"
 
   required_providers {
     helm = {

diff --git a/githooks/pre-commit-sed.sh b/githooks/pre-commit-sed.sh
@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+# sed pre-commit hook: duplicate decrypted sensitive file and redact sensitive informations via sed
+
+tmp=$(mktemp)
+IFS=$'\n'
+for secret_file in $(git -c core.quotePath=false ls-files | git -c core.quotePath=false check-attr --stdin filter | awk 'BEGIN { FS = ":" }; /crypt$/{ print $1 }'); do
+    # Skip symlinks, they contain the linked target file path not plaintext
+    if [[ -L $secret_file ]]; then
+        continue
+    fi
+
+    # extract filename
+    filename="${secret_file##*/}"
+    # get file extension
+    file_extension="${filename##*.}"
+    # get filename without extension
+    file="${filename%.*}"
+    # extract directory
+    dir="$(dirname ${secret_file})"
+
+    # if test -f "${dir}/${file}.sed"; then
+    if test -f "${dir}/${filename}.sed"; then
+        if [ $file_extension == $file ]; then
+            sed -f "${dir}/${filename}.sed" $secret_file > "${dir}/${file}_dec"
+        else
+            sed -f "${dir}/${filename}.sed" $secret_file > "${dir}/${file}.${file_extension}.dec"
+        fi
+    fi
+
+done
+rm -f "${tmp}"
+unset IFS
diff --git a/hassio/endpoints.tf b/hassio/endpoints.tf
@@ -1,6 +1,6 @@
 resource "kubernetes_endpoints" "hassio" {
   metadata {
-    name = var.metadata_name
+    name = "hassio"
     namespace = kubernetes_namespace.hassio.metadata[0].name
   }
 
@@ -10,9 +10,9 @@ resource "kubernetes_endpoints" "hassio" {
     }
 
     port {
-      name     = var.port_name
+      name     = "hassio"
       port     = 8123
       protocol = "TCP"
     }
   }
-}
+}
diff --git a/hassio/hassio.tf b/hassio/hassio.tf
@@ -1,5 +1,5 @@
 resource "kubernetes_namespace" "hassio" {
   metadata {
-    name = var.kubernetes_namespace_name
+    name = var.namespace
   }
-}
+}
diff --git a/hassio/ingress.tf b/hassio/ingress.tf
@@ -1,6 +1,6 @@
 resource "kubernetes_ingress_v1" "hassio" {
   metadata {
-    name        = var.metadata_name
+    name        = "hassio"
     namespace   = kubernetes_namespace.hassio.metadata[0].name
     annotations = {
       "kubernetes.io/ingress.class" = "nginx"
@@ -24,7 +24,7 @@ resource "kubernetes_ingress_v1" "hassio" {
         path {
           backend {
             service {
-              name = var.metadata_name
+              name = "hassio"
               port {
                 number = 443
               }
@@ -41,4 +41,4 @@ resource "kubernetes_ingress_v1" "hassio" {
       secret_name = "hassio-secret"
     }
   }
-}
+}
diff --git a/hassio/main.tf b/hassio/main.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 1.2.8"
+  required_version = "~> 1.8.1"
 
   required_providers {
     helm = {

diff --git a/hassio/service.tf b/hassio/service.tf
@@ -1,14 +1,14 @@
 resource "kubernetes_service" "hassio" {
   metadata {
-    name      = var.metadata_name
+    name      = "hassio"
     namespace = kubernetes_namespace.hassio.metadata[0].name
   }
   spec {
     port {
-      name        = var.port_name
+      name        = "hassio"
       port        = 443
       target_port = 8123
       protocol    = "TCP"
     }
   }
-}
+}
diff --git a/hassio/variables.tf b/hassio/variables.tf
@@ -1,20 +1,12 @@
-variable "kubernetes_namespace_name" {
+variable "namespace" {
   type = string
   description = "Name of the kubernetes namespace"
 }
 
-variable "metadata_name" {
-  type = string
-}
-
-variable "port_name" {
-  type = string
-}
-
 variable "host" {
   type = string
 }
 
 variable "ip" {
   type = string
-}
+}
diff --git a/ingress/ingress.tf b/ingress/ingress.tf
@@ -1,19 +1,18 @@
 resource "kubernetes_namespace" "ingress" {
   metadata {
-    name = var.kubernetes_namespace_name
+    name = var.namespace
   }
 }
 
 resource "helm_release" "ingress" {
   name          = "ingress"
+  namespace     = kubernetes_namespace.ingress.metadata[0].name
 
   repository    = "https://kubernetes.github.io/ingress-nginx"
   chart         = "ingress-nginx"
-  version       = var.ingress_version # check version here: https://github.com/kubernetes/ingress-nginx/blob/master/charts/ingress-nginx/Chart.yaml
+  version       = var.version # check version here: https://github.com/kubernetes/ingress-nginx/blob/master/charts/ingress-nginx/Chart.yaml
   force_update  = false
   recreate_pods = true
 
-  values        = [ var.values_yaml ]
-
-  namespace     = kubernetes_namespace.ingress.metadata[0].name
+  values        = [ file(var.values_yaml) ]
 }
diff --git a/ingress/main.tf b/ingress/main.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = "~> 1.2.8"
+  required_version = "~> 1.8.1"
 
   required_providers {
     helm = {

diff --git a/ingress/variables.tf b/ingress/variables.tf
@@ -1,9 +1,9 @@
-variable "kubernetes_namespace_name" {
+variable "namespace" {
   type = string
   description = "Name of the kubernetes namespace"
 }
 
-variable "ingress_version" {
+variable "version" {
   type = string
   description = "Set the version of ingress"
 }

diff --git a/jdownloader/jd/jd.tf b/jdownloader/jd/jd.tf
@@ -1,7 +1,7 @@
 resource "kubernetes_deployment" "jdownloader" {
   metadata {
     name = "jd"
-    namespace = var.kubernetes_namespace_name
+    namespace = var.namespace
 
     labels = {
       app = "jd-sftp"
@@ -74,24 +74,24 @@ resource "kubernetes_deployment" "jdownloader" {
         volume {
           name = "config"
           persistent_volume_claim {
-            claim_name = var.config_pvc_name
+            claim_name = "jd-sftp-config-pvc"
           }
         }
 
         volume {
           name = "downloads"
           persistent_volume_claim {
-            claim_name = var.downloads_pvc_name
+            claim_name = "jd-sftp-downloads-pvc"
           }
         }
 
         volume {
           name = "logs"
           persistent_volume_claim {
-            claim_name = var.logs_pvc_name
+            claim_name = "jd-sftp-logs-pvc"
           }
         }
       }
     }
   }
-}
+}