diff --git a/bin/create-hook-symlinks.sh b/bin/create-hook-symlinks.sh new file mode 100644 index 0000000..94c8c7d --- /dev/null +++ b/bin/create-hook-symlinks.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +for hook in "$(dirname "$0")/../githooks/"*; do + ln -s -f "../../githooks/$(basename $hook)" "$(dirname "$0")/../.git/hooks/$(basename $hook)" + echo -e "\n# run $(basename $hook) script" >> "$(dirname "$0")/../.git/hooks/pre-commit" + echo "\$(dirname \"\$0\")/$(basename $hook)" >> "$(dirname "$0")/../.git/hooks/pre-commit" +done diff --git a/cert-manager/cert-manager.tf b/cert-manager/cert-manager.tf index dac3c4f..e952d98 100644 --- a/cert-manager/cert-manager.tf +++ b/cert-manager/cert-manager.tf @@ -1,11 +1,12 @@ resource "kubernetes_namespace" "certmanager" { metadata { - name = var.kubernetes_namespace_name + name = var.namespace } } resource "helm_release" "certmanager" { name = "cert-manager" + namespace = kubernetes_namespace.certmanager.metadata[0].name repository = "https://charts.jetstack.io" chart = "cert-manager" @@ -15,6 +16,4 @@ resource "helm_release" "certmanager" { name = "installCRDs" value = "true" } - - namespace = kubernetes_namespace.certmanager.metadata[0].name } diff --git a/cert-manager/duckdns-webhook.tf b/cert-manager/duckdns-webhook.tf index 89e9535..1d942fe 100644 --- a/cert-manager/duckdns-webhook.tf +++ b/cert-manager/duckdns-webhook.tf @@ -1,11 +1,10 @@ resource "helm_release" "duckdns_webhook" { name = "duckdns-webhook" + namespace = kubernetes_namespace.certmanager.metadata[0].name repository = "https://ebrianne.github.io/helm-charts" chart = "cert-manager-webhook-duckdns" version = var.duckdns_webhook_version # check version here: https://github.com/ebrianne/helm-charts/blob/master/charts/cert-manager-webhook-duckdns/Chart.yaml - values = [ var.values_yaml ] - - namespace = kubernetes_namespace.certmanager.metadata[0].name + values = [ file(var.duckdns_webhook_values_yaml) ] } diff --git a/cert-manager/main.tf b/cert-manager/main.tf index 4d6ddfd..7d4a090 100644 --- a/cert-manager/main.tf +++ b/cert-manager/main.tf @@ -1,5 +1,5 @@ terraform { - required_version = "~> 1.2.8" + required_version = "~> 1.8.1" required_providers { helm = { diff --git a/cert-manager/variables.tf b/cert-manager/variables.tf index 0df0929..a27aed7 100644 --- a/cert-manager/variables.tf +++ b/cert-manager/variables.tf @@ -1,11 +1,11 @@ -variable "cert_manager_version" { +variable "namespace" { type = string - description = "Set the version of cert-manager" + description = "Name of the kubernetes namespace" } -variable "values_yaml" { +variable "cert_manager_version" { type = string - description = "Path to the values.yml file, relative to the root module" + description = "Set the version of cert-manager" } variable "duckdns_webhook_version" { @@ -13,7 +13,7 @@ variable "duckdns_webhook_version" { description = "Set the version of duckdns webhook" } -variable "kubernetes_namespace_name" { +variable "duckdns_webhook_values_yaml" { type = string - description = "Name of the kubernetes namespace" + description = "Path to the duckdns webhook values.yml file, relative to the root module" } diff --git a/dht22/dht22/dht22.tf b/dht22/dht22/dht22.tf index 46da0a1..7310342 100644 --- a/dht22/dht22/dht22.tf +++ b/dht22/dht22/dht22.tf @@ -1,7 +1,7 @@ resource "kubernetes_deployment" "dht22" { metadata { name = "dht22" - namespace = var.kubernetes_namespace_name + namespace = var.namespace labels = { app = "dht22" } diff --git a/dht22/dht22/variables.tf b/dht22/dht22/variables.tf index f21f9b3..b49c6c1 100644 --- a/dht22/dht22/variables.tf +++ b/dht22/dht22/variables.tf @@ -1,4 +1,4 @@ -variable "kubernetes_namespace_name" { +variable "namespace" { type = string description = "Name of the kubernetes namespace" } diff --git a/dht22/dht22_sdm.tf b/dht22/dht22_sdm.tf index 91832dd..4a1588e 100644 --- a/dht22/dht22_sdm.tf +++ b/dht22/dht22_sdm.tf @@ -1,22 +1,22 @@ resource "kubernetes_namespace" "sdm-dht22" { metadata { - name = var.kubernetes_namespace_name + name = var.namespace } } module "sdm" { source = "./sdm" - kubernetes_namespace_name = var.kubernetes_namespace_name - node_name = var.node_name - image = var.sdm_image # check version here: https://gitlab.com/arm-research/smarter/smarter-device-manager/container_registry/1080664 + namespace = kubernetes_namespace.sdm-dht22.metadata[0].name + node_name = var.node_name + image = var.sdm_image # check version here: https://gitlab.com/arm-research/smarter/smarter-device-manager/container_registry/1080664 } module "dht22" { source = "./dht22" - kubernetes_namespace_name = var.kubernetes_namespace_name - node_name = var.node_name - image = var.dht22_image + namespace = kubernetes_namespace.sdm-dht22.metadata[0].name + node_name = var.node_name + image = var.dht22_image depends_on = [ module.sdm, ] } diff --git a/dht22/main.tf b/dht22/main.tf index cc48302..b2f4822 100644 --- a/dht22/main.tf +++ b/dht22/main.tf @@ -1,5 +1,5 @@ terraform { - required_version = "~> 1.2.8" + required_version = "~> 1.8.1" required_providers { kubernetes = { diff --git a/dht22/sdm/sdm.tf b/dht22/sdm/sdm.tf index 49d8c4f..6ab14ee 100644 --- a/dht22/sdm/sdm.tf +++ b/dht22/sdm/sdm.tf @@ -1,7 +1,7 @@ resource "kubernetes_config_map" "sdm" { metadata { name = "smarter-device-manager" - namespace = var.kubernetes_namespace_name + namespace = var.namespace } data = { @@ -15,7 +15,7 @@ CONF resource "kubernetes_deployment" "sdm" { metadata { name = "smarter-device-manager" - namespace = var.kubernetes_namespace_name + namespace = var.namespace labels = { app = "sdm" } diff --git a/dht22/sdm/variables.tf b/dht22/sdm/variables.tf index f21f9b3..b49c6c1 100644 --- a/dht22/sdm/variables.tf +++ b/dht22/sdm/variables.tf @@ -1,4 +1,4 @@ -variable "kubernetes_namespace_name" { +variable "namespace" { type = string description = "Name of the kubernetes namespace" } diff --git a/dht22/variables.tf b/dht22/variables.tf index 919430c..962b05c 100644 --- a/dht22/variables.tf +++ b/dht22/variables.tf @@ -1,4 +1,4 @@ -variable "kubernetes_namespace_name" { +variable "namespace" { type = string description = "Name of the kubernetes namespace" } diff --git a/gitea/main.tf b/gitea/main.tf index 4d6ddfd..7d4a090 100644 --- a/gitea/main.tf +++ b/gitea/main.tf @@ -1,5 +1,5 @@ terraform { - required_version = "~> 1.2.8" + required_version = "~> 1.8.1" required_providers { helm = { diff --git a/githooks/pre-commit-sed.sh b/githooks/pre-commit-sed.sh new file mode 100644 index 0000000..0ea4752 --- /dev/null +++ b/githooks/pre-commit-sed.sh @@ -0,0 +1,32 @@ +#!/usr/bin/env bash +# sed pre-commit hook: duplicate decrypted sensitive file and redact sensitive informations via sed + +tmp=$(mktemp) +IFS=$'\n' +for secret_file in $(git -c core.quotePath=false ls-files | git -c core.quotePath=false check-attr --stdin filter | awk 'BEGIN { FS = ":" }; /crypt$/{ print $1 }'); do + # Skip symlinks, they contain the linked target file path not plaintext + if [[ -L $secret_file ]]; then + continue + fi + + # extract filename + filename="${secret_file##*/}" + # get file extension + file_extension="${filename##*.}" + # get filename without extension + file="${filename%.*}" + # extract directory + dir="$(dirname ${secret_file})" + + # if test -f "${dir}/${file}.sed"; then + if test -f "${dir}/${filename}.sed"; then + if [ $file_extension == $file ]; then + sed -f "${dir}/${filename}.sed" $secret_file > "${dir}/${file}_dec" + else + sed -f "${dir}/${filename}.sed" $secret_file > "${dir}/${file}.${file_extension}.dec" + fi + fi + +done +rm -f "${tmp}" +unset IFS \ No newline at end of file diff --git a/hassio/endpoints.tf b/hassio/endpoints.tf index 5d407ac..9f11ad9 100644 --- a/hassio/endpoints.tf +++ b/hassio/endpoints.tf @@ -1,6 +1,6 @@ resource "kubernetes_endpoints" "hassio" { metadata { - name = var.metadata_name + name = "hassio" namespace = kubernetes_namespace.hassio.metadata[0].name } @@ -10,9 +10,9 @@ resource "kubernetes_endpoints" "hassio" { } port { - name = var.port_name + name = "hassio" port = 8123 protocol = "TCP" } } -} \ No newline at end of file +} diff --git a/hassio/hassio.tf b/hassio/hassio.tf index 861cd60..034392d 100644 --- a/hassio/hassio.tf +++ b/hassio/hassio.tf @@ -1,5 +1,5 @@ resource "kubernetes_namespace" "hassio" { metadata { - name = var.kubernetes_namespace_name + name = var.namespace } -} \ No newline at end of file +} diff --git a/hassio/ingress.tf b/hassio/ingress.tf index a9eaa79..8169fbe 100644 --- a/hassio/ingress.tf +++ b/hassio/ingress.tf @@ -1,6 +1,6 @@ resource "kubernetes_ingress_v1" "hassio" { metadata { - name = var.metadata_name + name = "hassio" namespace = kubernetes_namespace.hassio.metadata[0].name annotations = { "kubernetes.io/ingress.class" = "nginx" @@ -24,7 +24,7 @@ resource "kubernetes_ingress_v1" "hassio" { path { backend { service { - name = var.metadata_name + name = "hassio" port { number = 443 } @@ -41,4 +41,4 @@ resource "kubernetes_ingress_v1" "hassio" { secret_name = "hassio-secret" } } -} \ No newline at end of file +} diff --git a/hassio/main.tf b/hassio/main.tf index 4d6ddfd..7d4a090 100644 --- a/hassio/main.tf +++ b/hassio/main.tf @@ -1,5 +1,5 @@ terraform { - required_version = "~> 1.2.8" + required_version = "~> 1.8.1" required_providers { helm = { diff --git a/hassio/service.tf b/hassio/service.tf index 52be04b..6304938 100644 --- a/hassio/service.tf +++ b/hassio/service.tf @@ -1,14 +1,14 @@ resource "kubernetes_service" "hassio" { metadata { - name = var.metadata_name + name = "hassio" namespace = kubernetes_namespace.hassio.metadata[0].name } spec { port { - name = var.port_name + name = "hassio" port = 443 target_port = 8123 protocol = "TCP" } } -} \ No newline at end of file +} diff --git a/hassio/variables.tf b/hassio/variables.tf index ddd4574..5c02968 100644 --- a/hassio/variables.tf +++ b/hassio/variables.tf @@ -1,20 +1,12 @@ -variable "kubernetes_namespace_name" { +variable "namespace" { type = string description = "Name of the kubernetes namespace" } -variable "metadata_name" { - type = string -} - -variable "port_name" { - type = string -} - variable "host" { type = string } variable "ip" { type = string -} \ No newline at end of file +} diff --git a/ingress/ingress.tf b/ingress/ingress.tf index 7c73345..635b94d 100644 --- a/ingress/ingress.tf +++ b/ingress/ingress.tf @@ -1,19 +1,18 @@ resource "kubernetes_namespace" "ingress" { metadata { - name = var.kubernetes_namespace_name + name = var.namespace } } resource "helm_release" "ingress" { name = "ingress" + namespace = kubernetes_namespace.ingress.metadata[0].name repository = "https://kubernetes.github.io/ingress-nginx" chart = "ingress-nginx" - version = var.ingress_version # check version here: https://github.com/kubernetes/ingress-nginx/blob/master/charts/ingress-nginx/Chart.yaml + version = var.version # check version here: https://github.com/kubernetes/ingress-nginx/blob/master/charts/ingress-nginx/Chart.yaml force_update = false recreate_pods = true - values = [ var.values_yaml ] - - namespace = kubernetes_namespace.ingress.metadata[0].name + values = [ file(var.values_yaml) ] } diff --git a/ingress/main.tf b/ingress/main.tf index 4d6ddfd..7d4a090 100644 --- a/ingress/main.tf +++ b/ingress/main.tf @@ -1,5 +1,5 @@ terraform { - required_version = "~> 1.2.8" + required_version = "~> 1.8.1" required_providers { helm = { diff --git a/ingress/variables.tf b/ingress/variables.tf index e2d8e3c..c9f4ec9 100644 --- a/ingress/variables.tf +++ b/ingress/variables.tf @@ -1,9 +1,9 @@ -variable "kubernetes_namespace_name" { +variable "namespace" { type = string description = "Name of the kubernetes namespace" } -variable "ingress_version" { +variable "version" { type = string description = "Set the version of ingress" } diff --git a/jdownloader/jd/jd.tf b/jdownloader/jd/jd.tf index 5b387a0..330c442 100644 --- a/jdownloader/jd/jd.tf +++ b/jdownloader/jd/jd.tf @@ -1,7 +1,7 @@ resource "kubernetes_deployment" "jdownloader" { metadata { name = "jd" - namespace = var.kubernetes_namespace_name + namespace = var.namespace labels = { app = "jd-sftp" @@ -74,24 +74,24 @@ resource "kubernetes_deployment" "jdownloader" { volume { name = "config" persistent_volume_claim { - claim_name = var.config_pvc_name + claim_name = "jd-sftp-config-pvc" } } volume { name = "downloads" persistent_volume_claim { - claim_name = var.downloads_pvc_name + claim_name = "jd-sftp-downloads-pvc" } } volume { name = "logs" persistent_volume_claim { - claim_name = var.logs_pvc_name + claim_name = "jd-sftp-logs-pvc" } } } } } -} \ No newline at end of file +} diff --git a/jdownloader/jd/variables.tf b/jdownloader/jd/variables.tf index 70e007e..bfa0572 100644 --- a/jdownloader/jd/variables.tf +++ b/jdownloader/jd/variables.tf @@ -1,4 +1,4 @@ -variable "kubernetes_namespace_name" { +variable "namespace" { type = string description = "Name of the kubernetes namespace" } @@ -14,15 +14,3 @@ variable "env_JD_PASSWORD" { variable "env_JD_EMAIL" { type = string } - -variable "config_pvc_name" { - type = string -} - -variable "downloads_pvc_name" { - type = string -} - -variable "logs_pvc_name" { - type = string -} \ No newline at end of file diff --git a/jdownloader/jd_sftp.tf b/jdownloader/jd_sftp.tf index df1f23b..23f571a 100644 --- a/jdownloader/jd_sftp.tf +++ b/jdownloader/jd_sftp.tf @@ -1,22 +1,18 @@ resource "kubernetes_namespace" "jd-sftp" { metadata { - name = var.kubernetes_namespace_name + name = var.namespace } } module "jd" { source = "./jd" - kubernetes_namespace_name = var.kubernetes_namespace_name + namespace = kubernetes_namespace.jd-sftp.metadata[0].name env_JD_DEVICENAME = var.env_JD_DEVICENAME env_JD_PASSWORD = var.env_JD_PASSWORD env_JD_EMAIL = var.env_JD_EMAIL - config_pvc_name = var.config_pvc_name - downloads_pvc_name = var.downloads_pvc_name - logs_pvc_name = var.logs_pvc_name - # depends_on = [ # kubernetes_persistent_volume.jd-sftp-test-config-pvc, # kubernetes_persistent_volume.jd-sftp-test-downloads-pvc, @@ -27,8 +23,8 @@ module "jd" { module "sftp" { source = "./sftp" - kubernetes_namespace_name = var.kubernetes_namespace_name + namespace = kubernetes_namespace.jd-sftp.metadata[0].name values_yaml = var.sftp_values_yaml depends_on = [ module.jd, ] -} \ No newline at end of file +} diff --git a/jdownloader/main.tf b/jdownloader/main.tf index 4d6ddfd..7d4a090 100644 --- a/jdownloader/main.tf +++ b/jdownloader/main.tf @@ -1,5 +1,5 @@ terraform { - required_version = "~> 1.2.8" + required_version = "~> 1.8.1" required_providers { helm = { diff --git a/jdownloader/persistent.tf b/jdownloader/persistent.tf index 44048b9..2a5a06b 100644 --- a/jdownloader/persistent.tf +++ b/jdownloader/persistent.tf @@ -1,6 +1,6 @@ resource "kubernetes_persistent_volume" "jd-sftp-config-pv" { metadata { - name = var.config_pv_name + name = "jd-sftp-config-pv" # annotations = { # "pv.beta.kubernetes.io/gid" = "3000" # } @@ -27,8 +27,8 @@ resource "kubernetes_persistent_volume" "jd-sftp-config-pv" { resource "kubernetes_persistent_volume_claim" "jd-sftp-config-pvc" { metadata { - name = var.config_pvc_name - namespace = var.kubernetes_namespace_name + name = "jd-sftp-config-pvc" + namespace = kubernetes_namespace.jd-sftp.metadata[0].name } spec { storage_class_name = "manual" @@ -46,7 +46,7 @@ resource "kubernetes_persistent_volume_claim" "jd-sftp-config-pvc" { resource "kubernetes_persistent_volume" "jd-sftp-downloads-pv" { metadata { - name = var.downloads_pv_name + name = "jd-sftp-downloads-pv" # annotations = { # "pv.beta.kubernetes.io/gid" = "3000" # } @@ -73,8 +73,8 @@ resource "kubernetes_persistent_volume" "jd-sftp-downloads-pv" { resource "kubernetes_persistent_volume_claim" "jd-sftp-downloads-pvc" { metadata { - name = var.downloads_pvc_name - namespace = var.kubernetes_namespace_name + name = "jd-sftp-downloads-pvc" + namespace = kubernetes_namespace.jd-sftp.metadata[0].name } spec { storage_class_name = "manual" @@ -92,7 +92,7 @@ resource "kubernetes_persistent_volume_claim" "jd-sftp-downloads-pvc" { resource "kubernetes_persistent_volume" "jd-sftp-logs-pv" { metadata { - name = var.logs_pv_name + name = "jd-sftp-logs-pv" # annotations = { # "pv.beta.kubernetes.io/gid" = "3000" # } @@ -119,8 +119,8 @@ resource "kubernetes_persistent_volume" "jd-sftp-logs-pv" { resource "kubernetes_persistent_volume_claim" "jd-sftp-logs-pvc" { metadata { - name = var.logs_pvc_name - namespace = var.kubernetes_namespace_name + name = "jd-sftp-logs-pvc" + namespace = kubernetes_namespace.jd-sftp.metadata[0].name } spec { storage_class_name = "manual" @@ -134,4 +134,4 @@ resource "kubernetes_persistent_volume_claim" "jd-sftp-logs-pvc" { } depends_on = [ kubernetes_persistent_volume.jd-sftp-logs-pv, ] -} \ No newline at end of file +} diff --git a/jdownloader/sftp/sftp.tf b/jdownloader/sftp/sftp.tf index ddb8c0b..855778f 100644 --- a/jdownloader/sftp/sftp.tf +++ b/jdownloader/sftp/sftp.tf @@ -1,9 +1,8 @@ resource "helm_release" "sftp" { - name = "sftp" + name = "sftp" + namespace = var.namespace - chart = "https://github.com/steled/sftp-server/archive/refs/tags/v0.3.5.tar.gz" + chart = "https://github.com/steled/sftp-server/archive/refs/tags/v0.3.5.tar.gz" - values = [ var.values_yaml ] - - namespace = var.kubernetes_namespace_name -} \ No newline at end of file + values = [ file(var.values_yaml) ] +} diff --git a/jdownloader/sftp/variables.tf b/jdownloader/sftp/variables.tf index afe67ff..7eb9f7a 100644 --- a/jdownloader/sftp/variables.tf +++ b/jdownloader/sftp/variables.tf @@ -1,4 +1,4 @@ -variable "kubernetes_namespace_name" { +variable "namespace" { type = string description = "Name of the kubernetes namespace" } diff --git a/jdownloader/variables.tf b/jdownloader/variables.tf index 3d1655d..4f3eb30 100644 --- a/jdownloader/variables.tf +++ b/jdownloader/variables.tf @@ -1,4 +1,4 @@ -variable "kubernetes_namespace_name" { +variable "namespace" { type = string description = "Name of the kubernetes namespace" } @@ -15,31 +15,7 @@ variable "env_JD_EMAIL" { type = string } -variable "config_pv_name" { - type = string -} - -variable "downloads_pv_name" { - type = string -} - -variable "logs_pv_name" { - type = string -} - -variable "config_pvc_name" { - type = string -} - -variable "downloads_pvc_name" { - type = string -} - -variable "logs_pvc_name" { - type = string -} - variable "sftp_values_yaml" { type = string description = "Path to the values.yml file, relative to the root module" -} \ No newline at end of file +} diff --git a/metallb/config.tf b/metallb/config.tf index 9d2f9b2..a38cab1 100644 --- a/metallb/config.tf +++ b/metallb/config.tf @@ -21,4 +21,4 @@ resource "kubernetes_manifest" "metallb_l2advertisement" { namespace = kubernetes_namespace.metallb.metadata[0].name } } -} \ No newline at end of file +} diff --git a/metallb/main.tf b/metallb/main.tf index 4d6ddfd..7d4a090 100644 --- a/metallb/main.tf +++ b/metallb/main.tf @@ -1,5 +1,5 @@ terraform { - required_version = "~> 1.2.8" + required_version = "~> 1.8.1" required_providers { helm = { diff --git a/metallb/metallb.tf b/metallb/metallb.tf index e1fbea9..a33cd9c 100644 --- a/metallb/metallb.tf +++ b/metallb/metallb.tf @@ -1,20 +1,19 @@ resource "kubernetes_namespace" "metallb" { metadata { - name = var.kubernetes_namespace_name + name = var.namespace } } resource "helm_release" "metallb" { name = "metallb" + namespace = kubernetes_namespace.metallb.metadata[0].name repository = "https://charts.bitnami.com/bitnami" chart = "metallb" - version = var.metallb_version # check version here: https://github.com/bitnami/charts/blob/master/bitnami/metallb/Chart.yaml + version = var.version # check version here: https://github.com/bitnami/charts/blob/master/bitnami/metallb/Chart.yaml recreate_pods = true - values = [ var.values_yaml ] - - namespace = kubernetes_namespace.metallb.metadata[0].name + values = [ file(var.values_yaml) ] - depends_on = [ kubernetes_namespace.metallb, ] + # depends_on = [ kubernetes_namespace.metallb, ] } diff --git a/metallb/variables.tf b/metallb/variables.tf index bddcef7..b4f1e62 100644 --- a/metallb/variables.tf +++ b/metallb/variables.tf @@ -1,8 +1,8 @@ -variable "kubernetes_namespace_name" { +variable "namespace" { type = string } -variable "metallb_version" { +variable "version" { type = string description = "Set the version of metallb" } @@ -14,4 +14,4 @@ variable "helm_values_addresses" { variable "values_yaml" { type = string description = "Path to the values.yml file, relative to the root module" -} \ No newline at end of file +} diff --git a/monitoring/monitoring.tf b/monitoring/monitoring.tf new file mode 100644 index 0000000..c7910e3 --- /dev/null +++ b/monitoring/monitoring.tf @@ -0,0 +1,24 @@ +resource "kubernetes_namespace" "monitoring" { + metadata { + name = var.kubernetes_namespace_name + } +} + +resource "helm_release" "monitoring" { + name = "prometheus-community" + + repository = "https://prometheus-community.github.io/helm-charts" + chart = "kube-prometheus-stack" + version = var.monitoring_version # check version here: https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/Chart.yaml +# force_update = true +# recreate_pods = true + +# values = [ file("values.yaml") ] + values = [ templatefile("values.yaml", { + grafana_admin_password = var.grafana_admin_password, + grafana_environment = var.grafana_environment, + grafana_domain = var.grafana_domain + }) ] + + namespace = kubernetes_namespace.monitoring.metadata[0].name +} diff --git a/monitoring/variables.tf b/monitoring/variables.tf new file mode 100644 index 0000000..e892da6 --- /dev/null +++ b/monitoring/variables.tf @@ -0,0 +1,24 @@ +variable "kubernetes_namespace_name" { + type = string +} + +variable "monitoring_version" { + type = string + description = "Set the version of monitoring stack" +} + +variable "helm_release_name" { + type = string +} + +variable "grafana_admin_password" { + type = string +} + +variable "grafana_environment" { + type = string +} + +variable "grafana_domain" { + type = string +} diff --git a/nextcloud/main.tf b/nextcloud/main.tf new file mode 100644 index 0000000..b064f5e --- /dev/null +++ b/nextcloud/main.tf @@ -0,0 +1,8 @@ +terraform { + required_providers { + helm = { + source = "hashicorp/helm" + version = "2.6.0" + } + } +} diff --git a/nextcloud/nextcloud.tf b/nextcloud/nextcloud.tf new file mode 100644 index 0000000..0c77cf9 --- /dev/null +++ b/nextcloud/nextcloud.tf @@ -0,0 +1,39 @@ +resource "kubernetes_namespace" "nextcloud" { + metadata { + name = var.kubernetes_namespace_name + } +} + +resource "helm_release" "nextcloud" { + name = "nextcloud" + + repository = "https://nextcloud.github.io/helm/" + chart = "nextcloud" + version = var.nextcloud_version # take care of update path; check version here: https://github.com/nextcloud/helm/blob/master/charts/nextcloud/Chart.yaml + recreate_pods = true + + values = [ templatefile("values.yaml", { + nextcloud_domain = var.nextcloud_domain, + environment = var.environment, + ip_address = var.ip_address, + nextcloud_proxies = var.nextcloud_proxies + mail_fromaddress = var.mail_fromaddress + mail_domain = var.mail_domain + smtp_host = var.smtp_host + smtp_port = var.smtp_port + smtp_username = var.smtp_username + smtp_password = var.smtp_password + postgresql_postgresqlusername = var. postgresql_postgresqlusername, + postgresql_postgresqlpassword = var.postgresql_postgresqlpassword, + postgresql_postgresqldatabase = var.postgresql_postgresqldatabase + }) ] + + namespace = kubernetes_namespace.nextcloud.metadata[0].name + + depends_on = [ + kubernetes_persistent_volume_claim.nextcloud-server-pvc, + kubernetes_persistent_volume_claim.nextcloud-postgresql-pvc, + kubernetes_persistent_volume_claim.nextcloud-backup-pvc, + kubernetes_secret.nextcloud-secret + ] +} \ No newline at end of file diff --git a/nextcloud/persistent.tf b/nextcloud/persistent.tf new file mode 100644 index 0000000..f9a95a2 --- /dev/null +++ b/nextcloud/persistent.tf @@ -0,0 +1,134 @@ +resource "kubernetes_persistent_volume" "nextcloud-server-pv" { + metadata { + name = "nextcloud-server-pv" +# annotations = { +# "pv.beta.kubernetes.io/gid" = "3000" +# } + labels = { + type = "local" + } + } + spec { + storage_class_name = "manual" + capacity = { + storage = "8Gi" + } + access_modes = ["ReadWriteOnce"] + persistent_volume_source { + host_path { + path = "/ext/persistent/nextcloud/server" + } + } + } + + depends_on = [ kubernetes_namespace.nextcloud, ] +} + +resource "kubernetes_persistent_volume_claim" "nextcloud-server-pvc" { + metadata { + name = "nextcloud-server-pvc" + namespace = var.kubernetes_namespace_name + } + spec { + storage_class_name = "manual" + access_modes = ["ReadWriteOnce"] + resources { + requests = { + storage = "8Gi" + } + } + volume_name = kubernetes_persistent_volume.nextcloud-server-pv.metadata.0.name + } + + depends_on = [ kubernetes_persistent_volume.nextcloud-server-pv, ] +} + +resource "kubernetes_persistent_volume" "nextcloud-postgresql-pv" { + metadata { + name = "nextcloud-postgresql-pv" +# annotations = { +# "pv.beta.kubernetes.io/gid" = "3000" +# } + labels = { + type = "local" + } + } + spec { + storage_class_name = "manual" + capacity = { + storage = "8Gi" + } + access_modes = ["ReadWriteOnce"] + persistent_volume_source { + host_path { + path = "/ext/persistent/nextcloud/postgresql" + } + } + } + + depends_on = [ kubernetes_namespace.nextcloud, ] +} + +resource "kubernetes_persistent_volume_claim" "nextcloud-postgresql-pvc" { + metadata { + name = "nextcloud-postgresql-pvc" + namespace = var.kubernetes_namespace_name + } + spec { + storage_class_name = "manual" + access_modes = ["ReadWriteOnce"] + resources { + requests = { + storage = "8Gi" + } + } + volume_name = kubernetes_persistent_volume.nextcloud-postgresql-pv.metadata.0.name + } + + depends_on = [ kubernetes_persistent_volume.nextcloud-postgresql-pv, ] +} + +resource "kubernetes_persistent_volume" "nextcloud-backup-pv" { + metadata { + name = "nextcloud-backup-pv" +# annotations = { +# "pv.beta.kubernetes.io/gid" = "3000" +# } + labels = { + type = "local" + } + } + spec { + storage_class_name = "manual" + capacity = { + storage = "1Gi" + } + access_modes = ["ReadWriteOnce"] + persistent_volume_source { + host_path { + path = "/ext/persistent/nextcloud/backup" + } + } + } + + depends_on = [ kubernetes_namespace.nextcloud, ] +} + +resource "kubernetes_persistent_volume_claim" "nextcloud-backup-pvc" { + metadata { + name = "nextcloud-backup-pvc" + namespace = var.kubernetes_namespace_name + } + spec { + storage_class_name = "manual" + access_modes = ["ReadWriteOnce"] + resources { + requests = { + storage = "1Gi" + } + } + volume_name = kubernetes_persistent_volume.nextcloud-backup-pv.metadata.0.name + } + + depends_on = [ kubernetes_persistent_volume.nextcloud-backup-pv, ] +} \ No newline at end of file diff --git a/nextcloud/secret.tf b/nextcloud/secret.tf new file mode 100644 index 0000000..3e33c1d --- /dev/null +++ b/nextcloud/secret.tf @@ -0,0 +1,13 @@ +resource "kubernetes_secret" "nextcloud-secret" { + metadata { + name = "nextcloud-secret" + namespace = var.kubernetes_namespace_name + } + + data = { + nextcloud-username = var.nextcloud_admin_username + nextcloud-password = var.nextcloud_admin_password + } + + type = "Opaque" +} diff --git a/nextcloud/variables.tf b/nextcloud/variables.tf new file mode 100644 index 0000000..7a10435 --- /dev/null +++ b/nextcloud/variables.tf @@ -0,0 +1,68 @@ +variable "kubernetes_namespace_name" { + type = string +} + +variable "nextcloud_version" { + type = string + description = "Set the version of nextcloud" +} + +variable "nextcloud_domain" { + type = string +} + +variable "environment" { + type = string +} + +variable "ip_address" { + type = string +} + +variable "nextcloud_admin_username" { + type = string +} + +variable "nextcloud_admin_password" { + type = string +} + +variable "nextcloud_proxies" { + type = string +} + +variable "mail_fromaddress" { + type = string +} + +variable "mail_domain" { + type = string +} + +variable "smtp_host" { + type = string +} + +variable "smtp_port" { + type = string +} + +variable "smtp_username" { + type = string +} + +variable "smtp_password" { + type = string +} + +variable "postgresql_postgresqlusername" { + type = string +} + +variable "postgresql_postgresqlpassword" { + type = string +} + +variable "postgresql_postgresqldatabase" { + type = string +} diff --git a/nextcloud_staging/main.tf b/nextcloud_staging/main.tf new file mode 100644 index 0000000..b064f5e --- /dev/null +++ b/nextcloud_staging/main.tf @@ -0,0 +1,8 @@ +terraform { + required_providers { + helm = { + source = "hashicorp/helm" + version = "2.6.0" + } + } +} diff --git a/nextcloud_staging/nextcloud.tf b/nextcloud_staging/nextcloud.tf new file mode 100644 index 0000000..3176052 --- /dev/null +++ b/nextcloud_staging/nextcloud.tf @@ -0,0 +1,39 @@ +resource "kubernetes_namespace" "nextcloud_staging" { + metadata { + name = var.kubernetes_namespace_name + } +} + +resource "helm_release" "nextcloud_staging" { + name = "nextcloud-staging" + + repository = "https://nextcloud.github.io/helm/" + chart = "nextcloud" + version = var.nextcloud_staging_version # take care of update path; check version here: https://github.com/nextcloud/helm/blob/master/charts/nextcloud/Chart.yaml + recreate_pods = true + + values = [ templatefile("values.yaml", { + nextcloud_domain = var.nextcloud_staging_domain, + environment = var.environment, + ip_address = var.ip_address, + nextcloud_proxies = var.nextcloud_staging_proxies + mail_fromaddress = var.mail_fromaddress + mail_domain = var.mail_domain + smtp_host = var.smtp_host + smtp_port = var.smtp_port + smtp_username = var.smtp_username + smtp_password = var.smtp_password + postgresql_postgresqlusername = var. postgresql_postgresqlusername, + postgresql_postgresqlpassword = var.postgresql_postgresqlpassword, + postgresql_postgresqldatabase = var.postgresql_postgresqldatabase + }) ] + + namespace = kubernetes_namespace.nextcloud_staging.metadata[0].name + + depends_on = [ + kubernetes_persistent_volume_claim.nextcloud_staging_server_pv, + kubernetes_persistent_volume_claim.nextcloud_staging_postgresql_pvc, + kubernetes_persistent_volume_claim.nextcloud_staging_backup_pvc, + kubernetes_secret.nextcloud-secret + ] +} \ No newline at end of file diff --git a/nextcloud_staging/persistent.tf b/nextcloud_staging/persistent.tf new file mode 100644 index 0000000..0966a13 --- /dev/null +++ b/nextcloud_staging/persistent.tf @@ -0,0 +1,134 @@ +resource "kubernetes_persistent_volume" "nextcloud_staging_server_pv" { + metadata { + name = "nextcloud-staging-server-pv" +# annotations = { +# "pv.beta.kubernetes.io/gid" = "3000" +# } + labels = { + type = "local" + } + } + spec { + storage_class_name = "manual" + capacity = { + storage = "8Gi" + } + access_modes = ["ReadWriteOnce"] + persistent_volume_source { + host_path { + path = "/ext/persistent/nextcloud-staging/server" + } + } + } + + depends_on = [ kubernetes_namespace.nextcloud_staging, ] +} + +resource "kubernetes_persistent_volume_claim" "nextcloud_staging_server_pvc" { + metadata { + name = "nextcloud-staging-server-pvc" + namespace = var.kubernetes_namespace_name + } + spec { + storage_class_name = "manual" + access_modes = ["ReadWriteOnce"] + resources { + requests = { + storage = "8Gi" + } + } + volume_name = kubernetes_persistent_volume.nextcloud_staging_server_pv.metadata.0.name + } + + depends_on = [ kubernetes_persistent_volume.nextcloud_staging_server_pv, ] +} + +resource "kubernetes_persistent_volume" "nextcloud_staging_postgresql_pv" { + metadata { + name = "nextcloud-staging-postgresql-pv" +# annotations = { +# "pv.beta.kubernetes.io/gid" = "3000" +# } + labels = { + type = "local" + } + } + spec { + storage_class_name = "manual" + capacity = { + storage = "8Gi" + } + access_modes = ["ReadWriteOnce"] + persistent_volume_source { + host_path { + path = "/ext/persistent/nextcloud-staging/postgresql" + } + } + } + + depends_on = [ kubernetes_namespace.nextcloud_staging, ] +} + +resource "kubernetes_persistent_volume_claim" "nextcloud_staging_postgresql_pvc" { + metadata { + name = "nextcloud-staging-postgresql-pvc" + namespace = var.kubernetes_namespace_name + } + spec { + storage_class_name = "manual" + access_modes = ["ReadWriteOnce"] + resources { + requests = { + storage = "8Gi" + } + } + volume_name = kubernetes_persistent_volume.nextcloud_staging_postgresql_pv.metadata.0.name + } + + depends_on = [ kubernetes_persistent_volume.nextcloud_staging_postgresql_pv, ] +} + +resource "kubernetes_persistent_volume" "nextcloud_staging_backup_pv" { + metadata { + name = "nextcloud-staging-backup-pv" +# annotations = { +# "pv.beta.kubernetes.io/gid" = "3000" +# } + labels = { + type = "local" + } + } + spec { + storage_class_name = "manual" + capacity = { + storage = "1Gi" + } + access_modes = ["ReadWriteOnce"] + persistent_volume_source { + host_path { + path = "/ext/persistent/nextcloud-staging/backup" + } + } + } + + depends_on = [ kubernetes_namespace.nextcloud_staging, ] +} + +resource "kubernetes_persistent_volume_claim" "nextcloud_staging_backup_pvc" { + metadata { + name = "nextcloud-staging-backup-pvc" + namespace = var.kubernetes_namespace_name + } + spec { + storage_class_name = "manual" + access_modes = ["ReadWriteOnce"] + resources { + requests = { + storage = "1Gi" + } + } + volume_name = kubernetes_persistent_volume.nextcloud_staging_backup_pv.metadata.0.name + } + + depends_on = [ kubernetes_persistent_volume.nextcloud_staging_backup_pv, ] +} diff --git a/nextcloud_staging/secret.tf b/nextcloud_staging/secret.tf new file mode 100644 index 0000000..4a463a1 --- /dev/null +++ b/nextcloud_staging/secret.tf @@ -0,0 +1,13 @@ +resource "kubernetes_secret" "nextcloud_staging_secret" { + metadata { + name = "nextcloud-secret" + namespace = var.kubernetes_namespace_name + } + + data = { + nextcloud-username = var.nextcloud_staging_admin_username + nextcloud-password = var.nextcloud_staging_admin_password + } + + type = "Opaque" +} diff --git a/nextcloud_staging/variables.tf b/nextcloud_staging/variables.tf new file mode 100644 index 0000000..56a7afd --- /dev/null +++ b/nextcloud_staging/variables.tf @@ -0,0 +1,68 @@ +variable "kubernetes_namespace_name" { + type = string +} + +variable "nextcloud_staging_version" { + type = string + description = "Set the version of nextcloud" +} + +variable "nextcloud_staging_domain" { + type = string +} + +variable "environment" { + type = string +} + +variable "ip_address" { + type = string +} + +variable "nextcloud_staging_admin_username" { + type = string +} + +variable "nextcloud_staging_admin_password" { + type = string +} + +variable "nextcloud_staging_proxies" { + type = string +} + +variable "mail_fromaddress" { + type = string +} + +variable "mail_domain" { + type = string +} + +variable "smtp_host" { + type = string +} + +variable "smtp_port" { + type = string +} + +variable "smtp_username" { + type = string +} + +variable "smtp_password" { + type = string +} + +variable "postgresql_postgresqlusername" { + type = string +} + +variable "postgresql_postgresqlpassword" { + type = string +} + +variable "postgresql_postgresqldatabase" { + type = string +}