diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..bf5f54a --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +.terraform +.terraform.lock.hcl +.terragrunt-cache +env diff --git a/.woodpecker/apply.yaml b/.woodpecker/apply.yaml new file mode 100644 index 0000000..3eddd3b --- /dev/null +++ b/.woodpecker/apply.yaml @@ -0,0 +1,23 @@ +when: + - event: push + branch: master + +steps: + - name: apply + image: git.unkin.net/unkin/almalinux9-opentofu:20260606 + environment: + VAULT_AUTH_METHOD: kubernetes + commands: + - dnf install vault -y + - make plan + - make apply + backend_options: + kubernetes: + serviceAccountName: terraform-artifactapi + resources: + requests: + memory: 512Mi + cpu: 1 + limits: + memory: 2Gi + cpu: 2 diff --git a/.woodpecker/plan.yaml b/.woodpecker/plan.yaml new file mode 100644 index 0000000..a4c016b --- /dev/null +++ b/.woodpecker/plan.yaml @@ -0,0 +1,21 @@ +when: + - event: pull_request + +steps: + - name: plan + image: git.unkin.net/unkin/almalinux9-opentofu:20260606 + environment: + VAULT_AUTH_METHOD: kubernetes + commands: + - dnf install vault -y + - make plan + backend_options: + kubernetes: + serviceAccountName: terraform-artifactapi + resources: + requests: + memory: 512Mi + cpu: 1 + limits: + memory: 2Gi + cpu: 2 diff --git a/.woodpecker/pre-commit.yaml b/.woodpecker/pre-commit.yaml new file mode 100644 index 0000000..5c5738f --- /dev/null +++ b/.woodpecker/pre-commit.yaml @@ -0,0 +1,18 @@ +when: + - event: pull_request + +steps: + - name: pre-commit + image: git.unkin.net/unkin/almalinux9-opentofu:20260606 + commands: + - uvx pre-commit run --all-files + backend_options: + kubernetes: + serviceAccountName: default + resources: + requests: + memory: 512Mi + cpu: 1 + limits: + memory: 2Gi + cpu: 2 diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..5b986d7 --- /dev/null +++ b/Makefile @@ -0,0 +1,34 @@ +.PHONY: init plan apply format + +VAULT_AUTH_METHOD ?= approle +VAULT_K8S_ROLE ?= woodpecker_terraform_artifactapi +VAULT_K8S_MOUNT ?= auth/k8s/au/syd1 +VAULT_K8S_JWT_PATH ?= /var/run/secrets/kubernetes.io/serviceaccount/token + +define vault_env + @export VAULT_ADDR="https://vault.service.consul:8200" && \ + if [ "$(VAULT_AUTH_METHOD)" = "kubernetes" ]; then \ + export VAULT_TOKEN=$$(vault write -field=token $(VAULT_K8S_MOUNT)/login role=$(VAULT_K8S_ROLE) jwt=$$(cat $(VAULT_K8S_JWT_PATH))); \ + else \ + export VAULT_TOKEN=$$(vault write -field=token auth/approle/login role_id=$$VAULT_ROLEID); \ + fi && \ + export CONSUL_HTTP_TOKEN=$$(vault read -field=token consul_root/au/syd1/creds/terraform-artifactapi) +endef + +init: + @$(call vault_env) && \ + terragrunt run --all --non-interactive init -- -upgrade + +plan: init + @$(call vault_env) && \ + terragrunt run --all --parallelism 4 --non-interactive plan + +apply: init + @$(call vault_env) && \ + terragrunt run --all --parallelism 2 --non-interactive apply + +format: + @echo "Formatting OpenTofu files..." + @tofu fmt -recursive . + @echo "Formatting Terragrunt files..." + @terragrunt hcl fmt diff --git a/config/config.hcl b/config/config.hcl new file mode 100644 index 0000000..8d42e51 --- /dev/null +++ b/config/config.hcl @@ -0,0 +1,46 @@ +locals { + config_files = fileset(".", "**/*.yaml") + + all_configs = { + for file_path in local.config_files : + file_path => yamldecode(file(file_path)) + } + + config = { + remote_alpine = { + for file_path, content in local.all_configs : + trimsuffix(basename(file_path), ".yaml") => content + if startswith(file_path, "remote_alpine/") + } + remote_docker = { + for file_path, content in local.all_configs : + trimsuffix(basename(file_path), ".yaml") => content + if startswith(file_path, "remote_docker/") + } + remote_generic = { + for file_path, content in local.all_configs : + trimsuffix(basename(file_path), ".yaml") => content + if startswith(file_path, "remote_generic/") + } + remote_goproxy = { + for file_path, content in local.all_configs : + trimsuffix(basename(file_path), ".yaml") => content + if startswith(file_path, "remote_goproxy/") + } + remote_helm = { + for file_path, content in local.all_configs : + trimsuffix(basename(file_path), ".yaml") => content + if startswith(file_path, "remote_helm/") + } + remote_rpm = { + for file_path, content in local.all_configs : + trimsuffix(basename(file_path), ".yaml") => content + if startswith(file_path, "remote_rpm/") + } + virtual = { + for file_path, content in local.all_configs : + trimsuffix(basename(file_path), ".yaml") => content + if startswith(file_path, "virtual/") + } + } +} diff --git a/config/remote_alpine/alpine.yaml b/config/remote_alpine/alpine.yaml new file mode 100644 index 0000000..febe0c9 --- /dev/null +++ b/config/remote_alpine/alpine.yaml @@ -0,0 +1,6 @@ +base_url: https://dl-cdn.alpinelinux.org +description: Alpine Linux APK package repository +immutable_ttl: 0 +mutable_ttl: 7200 +immutable_patterns: + - ".*/x86_64/.*\\.apk$" diff --git a/config/remote_docker/dockerhub.yaml b/config/remote_docker/dockerhub.yaml new file mode 100644 index 0000000..675ee38 --- /dev/null +++ b/config/remote_docker/dockerhub.yaml @@ -0,0 +1,28 @@ +base_url: https://registry-1.docker.io +description: Docker Hub registry +immutable_ttl: 0 +mutable_ttl: 300 +patterns: + - "^library/almalinux" + - "^library/busybox" + - "^library/debian" + - "^library/fedora" + - "^library/nginx" + - "^library/postgres" + - "^library/redis" + - "^beats/filebeat" + - "^bitnami/" + - "^curlimages/curl" + - "^emberstack/kubernetes-reflector" + - "^hashicorp/consul" + - "^hashicorp/vault" + - "^jfrog/" + - "^kanidm/" + - "^rancher/" + - "^rspamd/rspamd" + - "^tozd/postfix" + - "^traefik/" + - "^valkey/valkey" + - "^ubi9/ubi-minimal" + - "^victoriametrics/" + - "^woodpeckerci/" diff --git a/config/remote_docker/elastic.yaml b/config/remote_docker/elastic.yaml new file mode 100644 index 0000000..03434a4 --- /dev/null +++ b/config/remote_docker/elastic.yaml @@ -0,0 +1,6 @@ +base_url: https://docker.elastic.co +description: Elastic container registry +immutable_ttl: 0 +mutable_ttl: 300 +patterns: + - "^eck/eck-operator" diff --git a/config/remote_docker/gcr.yaml b/config/remote_docker/gcr.yaml new file mode 100644 index 0000000..55beeca --- /dev/null +++ b/config/remote_docker/gcr.yaml @@ -0,0 +1,7 @@ +base_url: https://gcr.io +description: Google Container Registry +immutable_ttl: 0 +mutable_ttl: 300 +patterns: + - "^k8s-staging-nfd/charts" + - "^k8s-staging-nfd/node-feature-discovery" diff --git a/config/remote_docker/ghcr.yaml b/config/remote_docker/ghcr.yaml new file mode 100644 index 0000000..8c0db62 --- /dev/null +++ b/config/remote_docker/ghcr.yaml @@ -0,0 +1,13 @@ +base_url: https://ghcr.io +description: GitHub Container Registry +immutable_ttl: 0 +mutable_ttl: 300 +patterns: + - "^cloudnative-pg/cloudnative-pg" + - "^emberstack/helm-charts" + - "^open-webui/open-webui" + - "^openvoxproject/" + - "^stakater/reloader" + - "^stalwartlabs/stalwart" + - "^voxpupuli/puppetboard" + - "^woodpecker-ci/helm" diff --git a/config/remote_docker/gitlab.yaml b/config/remote_docker/gitlab.yaml new file mode 100644 index 0000000..1942f18 --- /dev/null +++ b/config/remote_docker/gitlab.yaml @@ -0,0 +1,6 @@ +base_url: https://registry.gitlab.com +description: GitLab container registry +immutable_ttl: 0 +mutable_ttl: 300 +patterns: + - "^purelb/purelb" diff --git a/config/remote_docker/k8s-registry.yaml b/config/remote_docker/k8s-registry.yaml new file mode 100644 index 0000000..63b4fbd --- /dev/null +++ b/config/remote_docker/k8s-registry.yaml @@ -0,0 +1,7 @@ +base_url: https://registry.k8s.io +description: Kubernetes container registry +immutable_ttl: 0 +mutable_ttl: 300 +patterns: + - "^external-dns/external-dns" + - "^sig-storage/" diff --git a/config/remote_docker/quay.yaml b/config/remote_docker/quay.yaml new file mode 100644 index 0000000..f280b75 --- /dev/null +++ b/config/remote_docker/quay.yaml @@ -0,0 +1,8 @@ +base_url: https://quay.io +description: Quay.io container registry +immutable_ttl: 0 +mutable_ttl: 300 +patterns: + - "^brancz/kube-rbac-proxy" + - "^cephcsi/cephcsi" + - "^jetstack/cert-manager-" diff --git a/config/remote_generic/claude-ai.yaml b/config/remote_generic/claude-ai.yaml new file mode 100644 index 0000000..d36dfb3 --- /dev/null +++ b/config/remote_generic/claude-ai.yaml @@ -0,0 +1,11 @@ +base_url: https://downloads.claude.ai +description: Anthropic Claude Code binary releases +immutable_ttl: 0 +mutable_ttl: 7200 +mutable_patterns: + - "claude-code-releases/.*/manifest.json$" +patterns: + - "claude-code-releases/.*/linux-x64/claude$" + - "claude-code-releases/.*/linux-arm64/claude$" + - "claude-code-releases/.*/linux-x64-musl/claude$" + - "claude-code-releases/.*/linux-arm64-musl/claude$" diff --git a/config/remote_generic/gitea-dl.yaml b/config/remote_generic/gitea-dl.yaml new file mode 100644 index 0000000..4fcb777 --- /dev/null +++ b/config/remote_generic/gitea-dl.yaml @@ -0,0 +1,9 @@ +base_url: https://dl.gitea.com +description: Gitea download site +immutable_ttl: 0 +mutable_ttl: 7200 +patterns: + - "act_runner/.*/act_runner-.*-linux-amd64$" + - "gitea/.*/gitea-.*-linux-amd64$" + - "gitea/.*/gitea-.*-linux-amd64.xz$" + - "tea/.*/tea-.*-linux-amd64$" diff --git a/config/remote_generic/github-user.yaml b/config/remote_generic/github-user.yaml new file mode 100644 index 0000000..9cc14d2 --- /dev/null +++ b/config/remote_generic/github-user.yaml @@ -0,0 +1,8 @@ +base_url: https://raw.githubusercontent.com +description: GitHub User Content +immutable_ttl: 0 +mutable_ttl: 7200 +patterns: + - "argoproj/argo-cd/.*.yaml$" + - "yannh/kubernetes-json-schema/master/.*.json$" + - "datreeio/CRDs-catalog/main/.*.json$" diff --git a/config/remote_generic/github.yaml b/config/remote_generic/github.yaml new file mode 100644 index 0000000..f3a3d0f --- /dev/null +++ b/config/remote_generic/github.yaml @@ -0,0 +1,60 @@ +base_url: https://github.com +description: GitHub releases and files +immutable_ttl: 0 +mutable_ttl: 7200 +mutable_patterns: + - ".*/archive/refs/heads/.*.tar.gz$" + - "stalwartlabs/webadmin/releases/latest/download/webadmin.zip$" +patterns: + - ".*/archive/refs/tags/.*.tar.gz$" + - "ahmetb/kubectx/.*/kubectx_.*_linux_x86_64.tar.gz$" + - "ahmetb/kubectx/.*/kubens_.*_linux_x86_64.tar.gz$" + - "apple/foundationdb/.*/libfdb_c.x86_64.so$" + - "astral-sh/ruff/.*/ruff-x86_64-unknown-linux-gnu.tar.gz$" + - "astral-sh/uv/.*/uv-x86_64-unknown-linux-gnu.tar.gz$" + - "camptocamp/prometheus-puppetdb-exporter/.*/prometheus-puppetdb-exporter-.*.linux-amd64.tar.gz$" + - "coder/code-server/.*/code-server-.*-amd64.rpm$" + - "containernetworking/plugins/.*/cni-plugins-linux-amd64-.*.tgz" + - "dandavison/delta/.*/delta-.*-x86_64-unknown-linux-musl.tar.gz$" + - "ducaale/xh/.*/xh-.*-x86_64-unknown-linux-musl.tar.gz$" + - "etcd-io/etcd/.*/etcd-.*-linux-amd64.tar.gz$" + - "getsops/sops/.*/sops-v.*\\.linux\\.amd64$" + - "grafana/jsonnet-language-server/.*/jsonnet-language-server_.*_linux_amd64$" + - "gruntwork-io/boilerplate/.*/boilerplate_linux_amd64$" + - "gruntwork-io/terragrunt/.*terragrunt_linux_amd64.*" + - "hadolint/hadolint/.*/hadolint-linux-x86_64$" + - "helmfile/helmfile/.*/helmfile_.*_linux_amd64.tar.gz$" + - "helmfile/vals/.*/vals_.*_linux_amd64.tar.gz$" + - "jesseduffield/lazydocker/.*/lazydocker_.*_Linux_x86_64.tar.gz$" + - "kubecolor/kubecolor/.*/kubecolor_.*_linux_amd64.tar.gz$" + - "kubernetes-sigs/gateway-api/.*/standard-install.yaml$" + - "kubernetes-sigs/kustomize/.*/kustomize_.*_linux_amd64.tar.gz$" + - "lxc/incus/.*.tar.gz$" + - "mikefarah/yq/.*/yq_linux_amd64$" + - "neovim/neovim-releases/.*/nvim-linux-x86_64.tar.gz$" + - "neovim/neovim/.*/nvim-linux-x86_64.tar.gz$" + - "nzbgetcom/nzbget/.*/nzbget-.*.x86_64.rpm$" + - "onedr0p/exportarr/.*/exportarr_.*_linux_amd64.tar.gz$" + - "open-policy-agent/conftest/.*/conftest_.*_Linux_x86_64.tar.gz$" + - "openbao/openbao-plugins/.*/openbao-plugin-secrets-consul_linux_amd64_.*.tar.gz$" + - "openbao/openbao-plugins/.*/openbao-plugin-secrets-nomad_linux_amd64_.*.tar.gz$" + - "prometheus-community/bind_exporter/.*/bind_exporter-.*.linux-amd64.tar.gz$" + - "prometheus-community/pgbouncer_exporter/.*/pgbouncer_exporter-.*.linux-amd64.tar.gz$" + - "prometheus-community/postgres_exporter/.*/postgres_exporter-.*.linux-amd64.tar.gz$" + - "prometheus/node_exporter/.*/node_exporter-.*.linux-amd64.tar.gz$" + - "rancher/rke2/.*/rke2-images.linux-amd64.tar.zst$" + - "stalwartlabs/stalwart/.*/stalwart-cli-x86_64-unknown-linux-gnu.tar.gz$" + - "stalwartlabs/stalwart/.*/stalwart-foundationdb-x86_64-unknown-linux-gnu.tar.gz$" + - "stalwartlabs/stalwart/.*/stalwart-x86_64-unknown-linux-gnu.tar.gz$" + - "starship/starship/.*/starship-x86_64-unknown-linux-musl.tar.gz$" + - "stern/stern/.*/stern_.*_linux_amd64.tar.gz$" + - "terraform-linters/tflint/.*/tflint_linux_amd64.zip$" + - "tynany/frr_exporter/.*/frr_exporter-.*.linux-amd64.tar.gz$" + - "VictoriaMetrics/VictoriaLogs/.*/victoria-logs-linux-amd64-.*.tar.gz$" + - "VictoriaMetrics/VictoriaLogs/.*/vlutils-linux-amd64-.*.tar.gz$" + - "VictoriaMetrics/VictoriaMetrics/.*/victoria-logs-linux-amd64-.*.tar.gz$" + - "VictoriaMetrics/VictoriaMetrics/.*/victoria-metrics-linux-amd64-.*-cluster.tar.gz$" + - "VictoriaMetrics/VictoriaMetrics/.*/vlutils-linux-amd64-.*.tar.gz$" + - "VictoriaMetrics/VictoriaMetrics/.*/vmutils-linux-amd64-.*.tar.gz$" + - "xorpaul/g10k/.*/g10k-.*-linux-amd64.zip$" + - "yannh/kubeconform/.*/kubeconform-linux-amd64.tar.gz$" diff --git a/config/remote_generic/hashicorp-releases.yaml b/config/remote_generic/hashicorp-releases.yaml new file mode 100644 index 0000000..db742e8 --- /dev/null +++ b/config/remote_generic/hashicorp-releases.yaml @@ -0,0 +1,16 @@ +base_url: https://releases.hashicorp.com +description: HashiCorp product releases +immutable_ttl: 0 +mutable_ttl: 7200 +patterns: + - "terraform/.*terraform_.*_linux_amd64\\.zip$" + - "terraform/.*terraform_.*_windows_amd64\\.zip$" + - "terraform/.*terraform_.*_darwin_amd64\\.zip$" + - "vault/.*vault_.*_linux_amd64\\.zip$" + - "vault/.*vault_.*_windows_amd64\\.zip$" + - "vault/.*vault_.*_darwin_amd64\\.zip$" + - "consul-cni/.*/consul-cni_.*_linux_amd64\\.zip$" + - "consul/.*/consul_.*_linux_amd64\\.zip$" + - "nomad-autoscaler/.*/nomad-autoscaler_.*_linux_amd64\\.zip$" + - "nomad/.*/nomad_.*_linux_amd64\\.zip$" + - "packer/.*/packer_.*_linux_amd64\\.zip$" diff --git a/config/remote_generic/rarlab.yaml b/config/remote_generic/rarlab.yaml new file mode 100644 index 0000000..ac68249 --- /dev/null +++ b/config/remote_generic/rarlab.yaml @@ -0,0 +1,6 @@ +base_url: https://www.rarlab.com +description: RARLab +immutable_ttl: 0 +mutable_ttl: 7200 +patterns: + - "rar/rarlinux-x64-.*.tar.gz" diff --git a/config/remote_goproxy/goproxy.yaml b/config/remote_goproxy/goproxy.yaml new file mode 100644 index 0000000..7a01061 --- /dev/null +++ b/config/remote_goproxy/goproxy.yaml @@ -0,0 +1,4 @@ +base_url: https://proxy.golang.org +description: Go module proxy +immutable_ttl: 0 +mutable_ttl: 300 diff --git a/config/remote_helm/argo-helm.yaml b/config/remote_helm/argo-helm.yaml new file mode 100644 index 0000000..8eb2e5d --- /dev/null +++ b/config/remote_helm/argo-helm.yaml @@ -0,0 +1,7 @@ +base_url: https://argoproj.github.io/argo-helm +description: Argo Project Helm charts (ArgoCD, Image Updater, Rollouts, etc.) +immutable_ttl: 0 +mutable_ttl: 3600 +check_mutable: true +immutable_patterns: + - "\\.tgz$" diff --git a/config/remote_helm/ceph-csi.yaml b/config/remote_helm/ceph-csi.yaml new file mode 100644 index 0000000..19db37f --- /dev/null +++ b/config/remote_helm/ceph-csi.yaml @@ -0,0 +1,7 @@ +base_url: https://ceph.github.io/csi-charts +description: Ceph CSI driver Helm charts +immutable_ttl: 0 +mutable_ttl: 3600 +check_mutable: true +immutable_patterns: + - "\\.tgz$" diff --git a/config/remote_helm/cnpg.yaml b/config/remote_helm/cnpg.yaml new file mode 100644 index 0000000..f27f721 --- /dev/null +++ b/config/remote_helm/cnpg.yaml @@ -0,0 +1,7 @@ +base_url: https://cloudnative-pg.github.io/charts +description: CloudNativePG operator Helm charts +immutable_ttl: 0 +mutable_ttl: 3600 +check_mutable: true +immutable_patterns: + - "\\.tgz$" diff --git a/config/remote_helm/elastic-helm.yaml b/config/remote_helm/elastic-helm.yaml new file mode 100644 index 0000000..7fa5bf6 --- /dev/null +++ b/config/remote_helm/elastic-helm.yaml @@ -0,0 +1,7 @@ +base_url: https://helm.elastic.co +description: Elastic stack Helm charts +immutable_ttl: 0 +mutable_ttl: 3600 +check_mutable: true +immutable_patterns: + - "\\.tgz$" diff --git a/config/remote_helm/external-dns.yaml b/config/remote_helm/external-dns.yaml new file mode 100644 index 0000000..25616c7 --- /dev/null +++ b/config/remote_helm/external-dns.yaml @@ -0,0 +1,7 @@ +base_url: https://kubernetes-sigs.github.io/external-dns/ +description: ExternalDNS Helm charts +immutable_ttl: 0 +mutable_ttl: 3600 +check_mutable: true +immutable_patterns: + - "\\.tgz$" diff --git a/config/remote_helm/hashicorp-helm.yaml b/config/remote_helm/hashicorp-helm.yaml new file mode 100644 index 0000000..f140ede --- /dev/null +++ b/config/remote_helm/hashicorp-helm.yaml @@ -0,0 +1,7 @@ +base_url: https://helm.releases.hashicorp.com +description: HashiCorp Helm charts (Vault Secrets Operator, etc.) +immutable_ttl: 0 +mutable_ttl: 3600 +check_mutable: true +immutable_patterns: + - "\\.tgz$" diff --git a/config/remote_helm/intel-helm.yaml b/config/remote_helm/intel-helm.yaml new file mode 100644 index 0000000..591566b --- /dev/null +++ b/config/remote_helm/intel-helm.yaml @@ -0,0 +1,7 @@ +base_url: https://intel.github.io/helm-charts/ +description: Intel Helm charts (device plugins) +immutable_ttl: 0 +mutable_ttl: 3600 +check_mutable: true +immutable_patterns: + - "\\.tgz$" diff --git a/config/remote_helm/jetstack.yaml b/config/remote_helm/jetstack.yaml new file mode 100644 index 0000000..52691f4 --- /dev/null +++ b/config/remote_helm/jetstack.yaml @@ -0,0 +1,7 @@ +base_url: https://charts.jetstack.io +description: Jetstack Helm charts (cert-manager) +immutable_ttl: 0 +mutable_ttl: 3600 +check_mutable: true +immutable_patterns: + - "\\.tgz$" diff --git a/config/remote_helm/purelb.yaml b/config/remote_helm/purelb.yaml new file mode 100644 index 0000000..9cbeb20 --- /dev/null +++ b/config/remote_helm/purelb.yaml @@ -0,0 +1,7 @@ +base_url: https://gitlab.com/api/v4/projects/20400619/packages/helm/stable +description: PureLB load balancer Helm charts +immutable_ttl: 0 +mutable_ttl: 3600 +check_mutable: true +immutable_patterns: + - "\\.tgz$" diff --git a/config/remote_helm/rancher-stable.yaml b/config/remote_helm/rancher-stable.yaml new file mode 100644 index 0000000..351df3e --- /dev/null +++ b/config/remote_helm/rancher-stable.yaml @@ -0,0 +1,7 @@ +base_url: https://releases.rancher.com/server-charts/stable +description: Rancher stable Helm charts +immutable_ttl: 0 +mutable_ttl: 3600 +check_mutable: true +immutable_patterns: + - "\\.tgz$" diff --git a/config/remote_helm/stakater.yaml b/config/remote_helm/stakater.yaml new file mode 100644 index 0000000..2c9d98b --- /dev/null +++ b/config/remote_helm/stakater.yaml @@ -0,0 +1,7 @@ +base_url: https://stakater.github.io/stakater-charts +description: Stakater Helm charts (Reloader) +immutable_ttl: 0 +mutable_ttl: 3600 +check_mutable: true +immutable_patterns: + - "\\.tgz$" diff --git a/config/remote_helm/traefik.yaml b/config/remote_helm/traefik.yaml new file mode 100644 index 0000000..e62fcee --- /dev/null +++ b/config/remote_helm/traefik.yaml @@ -0,0 +1,7 @@ +base_url: https://traefik.github.io/charts +description: Traefik Helm charts +immutable_ttl: 0 +mutable_ttl: 3600 +check_mutable: true +immutable_patterns: + - "\\.tgz$" diff --git a/config/remote_helm/victoriametrics.yaml b/config/remote_helm/victoriametrics.yaml new file mode 100644 index 0000000..40b7d67 --- /dev/null +++ b/config/remote_helm/victoriametrics.yaml @@ -0,0 +1,7 @@ +base_url: https://victoriametrics.github.io/helm-charts/ +description: VictoriaMetrics observability Helm charts +immutable_ttl: 0 +mutable_ttl: 3600 +check_mutable: true +immutable_patterns: + - "\\.tgz$" diff --git a/config/remote_rpm/almalinux-vault.yaml b/config/remote_rpm/almalinux-vault.yaml new file mode 100644 index 0000000..0f48899 --- /dev/null +++ b/config/remote_rpm/almalinux-vault.yaml @@ -0,0 +1,14 @@ +base_url: https://vault.almalinux.org +description: AlmaLinux Vault RPM package repository +immutable_ttl: 0 +mutable_ttl: 7200 +immutable_patterns: + - ".*/x86_64/.*\\.rpm$" + - ".*/noarch/.*\\.rpm$" + - ".*/repodata/.*\\.sqlite.*$" + - ".*/repodata/.*\\.xml.*$" + - ".*/repodata/.*\\.yaml.*$" + - ".*/install.img" + - ".*/squashfs.img" + - ".*/updates.img" + - ".*/RPM-GPG-KEY-.*$" diff --git a/config/remote_rpm/almalinux.yaml b/config/remote_rpm/almalinux.yaml new file mode 100644 index 0000000..8ee8d1d --- /dev/null +++ b/config/remote_rpm/almalinux.yaml @@ -0,0 +1,14 @@ +base_url: https://gsl-syd.mm.fcix.net/almalinux +description: AlmaLinux RPM package repository +immutable_ttl: 0 +mutable_ttl: 7200 +immutable_patterns: + - ".*/x86_64/.*\\.rpm$" + - ".*/noarch/.*\\.rpm$" + - ".*/repodata/.*\\.sqlite.*$" + - ".*/repodata/.*\\.xml.*$" + - ".*/repodata/.*\\.yaml.*$" + - ".*/install.img" + - ".*/squashfs.img" + - ".*/updates.img" + - ".*/RPM-GPG-KEY-.*$" diff --git a/config/remote_rpm/ceph-reef.yaml b/config/remote_rpm/ceph-reef.yaml new file mode 100644 index 0000000..261ba94 --- /dev/null +++ b/config/remote_rpm/ceph-reef.yaml @@ -0,0 +1,8 @@ +base_url: https://download.ceph.com/rpm-reef/ +description: Ceph Reef 18 +immutable_ttl: 0 +mutable_ttl: 7200 +immutable_patterns: + - ".*/x86_64/.*\\.rpm$" + - ".*/noarch/.*\\.rpm$" + - ".*/repodata/.*\\.xml.*$" diff --git a/config/remote_rpm/ceph-squid.yaml b/config/remote_rpm/ceph-squid.yaml new file mode 100644 index 0000000..6dfad96 --- /dev/null +++ b/config/remote_rpm/ceph-squid.yaml @@ -0,0 +1,8 @@ +base_url: https://download.ceph.com/rpm-squid/ +description: Ceph Squid 19 +immutable_ttl: 0 +mutable_ttl: 7200 +immutable_patterns: + - ".*/x86_64/.*\\.rpm$" + - ".*/noarch/.*\\.rpm$" + - ".*/repodata/.*\\.xml.*$" diff --git a/config/remote_rpm/ceph-tentacle.yaml b/config/remote_rpm/ceph-tentacle.yaml new file mode 100644 index 0000000..35835a2 --- /dev/null +++ b/config/remote_rpm/ceph-tentacle.yaml @@ -0,0 +1,8 @@ +base_url: https://download.ceph.com/rpm-tentacle/ +description: Ceph Tentacle 20 +immutable_ttl: 0 +mutable_ttl: 7200 +immutable_patterns: + - ".*/x86_64/.*\\.rpm$" + - ".*/noarch/.*\\.rpm$" + - ".*/repodata/.*\\.xml.*$" diff --git a/config/remote_rpm/epel.yaml b/config/remote_rpm/epel.yaml new file mode 100644 index 0000000..56578b3 --- /dev/null +++ b/config/remote_rpm/epel.yaml @@ -0,0 +1,11 @@ +base_url: https://gsl-syd.mm.fcix.net/epel +description: EPEL (Extra Packages for Enterprise Linux) +immutable_ttl: 0 +mutable_ttl: 7200 +immutable_patterns: + - ".*/Everything/x86_64/.*\\.rpm$" + - ".*/noarch/.*\\.rpm$" + - ".*/repodata/.*\\.sqlite.*$" + - ".*/repodata/.*\\.xml.*$" + - ".*/repodata/.*\\.yaml.*$" + - "RPM-GPG-KEY-.*$" diff --git a/config/remote_rpm/fedora.yaml b/config/remote_rpm/fedora.yaml new file mode 100644 index 0000000..75d3ba9 --- /dev/null +++ b/config/remote_rpm/fedora.yaml @@ -0,0 +1,10 @@ +base_url: https://gsl-syd.mm.fcix.net/fedora/linux +description: Fedora Linux RPM package repository +immutable_ttl: 0 +mutable_ttl: 7200 +immutable_patterns: + - "releases/.*/Everything/x86_64/.*\\.rpm$" + - "updates/.*/Everything/x86_64/.*\\.rpm$" + - "development/.*/Everything/x86_64/.*\\.rpm$" + - ".*/noarch/.*\\.rpm$" + - ".*/repodata/.*\\.xml.*$" diff --git a/config/remote_rpm/frr.yaml b/config/remote_rpm/frr.yaml new file mode 100644 index 0000000..9c668ac --- /dev/null +++ b/config/remote_rpm/frr.yaml @@ -0,0 +1,7 @@ +base_url: https://rpm.frrouting.org/repo +description: FRR RPM package repository +immutable_ttl: 0 +mutable_ttl: 7200 +immutable_patterns: + - ".*\\.rpm$" + - ".*/repodata/.*\\.xml.*$" diff --git a/config/remote_rpm/mariadb.yaml b/config/remote_rpm/mariadb.yaml new file mode 100644 index 0000000..8a6eb7b --- /dev/null +++ b/config/remote_rpm/mariadb.yaml @@ -0,0 +1,8 @@ +base_url: http://mariadb.mirror.digitalpacific.com.au/yum +description: MariaDB RPM package repository +immutable_ttl: 0 +mutable_ttl: 7200 +immutable_patterns: + - ".*\\.rpm$" + - ".*/repodata/.*\\.xml.*$" + - ".*/RPM-GPG-KEY-.*$" diff --git a/config/remote_rpm/openvox.yaml b/config/remote_rpm/openvox.yaml new file mode 100644 index 0000000..e19aef3 --- /dev/null +++ b/config/remote_rpm/openvox.yaml @@ -0,0 +1,8 @@ +base_url: https://yum.voxpupuli.org +description: OpenVox RPM package repository +immutable_ttl: 0 +mutable_ttl: 7200 +immutable_patterns: + - ".*\\.rpm$" + - ".*/repodata/.*\\.xml.*$" + - "GPG-KEY-.*$" diff --git a/config/remote_rpm/postgresql.yaml b/config/remote_rpm/postgresql.yaml new file mode 100644 index 0000000..f3c4eac --- /dev/null +++ b/config/remote_rpm/postgresql.yaml @@ -0,0 +1,9 @@ +base_url: https://download.postgresql.org/pub/repos/yum +description: PostgreSQL RPM package repository +immutable_ttl: 0 +mutable_ttl: 7200 +immutable_patterns: + - ".*\\.rpm$" + - ".*/repodata/.*\\.xml.*$" + - ".*/RPM-GPG-KEY-.*$" + - ".*/PGDG-RPM-GPG-KEY-.*$" diff --git a/config/remote_rpm/rke2.yaml b/config/remote_rpm/rke2.yaml new file mode 100644 index 0000000..830f24c --- /dev/null +++ b/config/remote_rpm/rke2.yaml @@ -0,0 +1,8 @@ +base_url: https://rpm.rancher.io +description: RKE2 RPM package repository +immutable_ttl: 0 +mutable_ttl: 7200 +immutable_patterns: + - ".*\\.rpm$" + - ".*/repodata/.*\\.xml.*$" + - "public.key$" diff --git a/config/remote_rpm/zfs.yaml b/config/remote_rpm/zfs.yaml new file mode 100644 index 0000000..f7652bc --- /dev/null +++ b/config/remote_rpm/zfs.yaml @@ -0,0 +1,7 @@ +base_url: http://download.zfsonlinux.org +description: ZFS RPM package repository +immutable_ttl: 0 +mutable_ttl: 7200 +immutable_patterns: + - ".*\\.rpm$" + - ".*/repodata/.*\\.xml.*$" diff --git a/config/virtual/helm.yaml b/config/virtual/helm.yaml new file mode 100644 index 0000000..9801d45 --- /dev/null +++ b/config/virtual/helm.yaml @@ -0,0 +1,16 @@ +package_type: helm +description: "Virtual repository merging all helm remotes — member order is priority order for duplicate chart+version" +members: + - ceph-csi + - cnpg + - elastic-helm + - external-dns + - hashicorp-helm + - intel-helm + - jetstack + - purelb + - rancher-stable + - stakater + - traefik + - victoriametrics + - argo-helm diff --git a/environments/au/syd1/terragrunt.hcl b/environments/au/syd1/terragrunt.hcl new file mode 100644 index 0000000..983252f --- /dev/null +++ b/environments/au/syd1/terragrunt.hcl @@ -0,0 +1,27 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + expose = true +} + +include "config" { + path = "${get_repo_root()}/config/config.hcl" + expose = true +} + +locals { + config = include.config.locals.config +} + +terraform { + source = "../../../modules/artifactapi" +} + +inputs = { + remote_alpine = local.config.remote_alpine + remote_docker = local.config.remote_docker + remote_generic = local.config.remote_generic + remote_goproxy = local.config.remote_goproxy + remote_helm = local.config.remote_helm + remote_rpm = local.config.remote_rpm + virtual = local.config.virtual +} diff --git a/environments/root.hcl b/environments/root.hcl new file mode 100644 index 0000000..948f440 --- /dev/null +++ b/environments/root.hcl @@ -0,0 +1,26 @@ +generate "backend" { + path = "backend.tf" + if_exists = "overwrite" + contents = <