feat: initial commit
ci/woodpecker/pr/pre-commit Pipeline failed
ci/woodpecker/pr/plan Pipeline failed

- add modules
- add config
- add environments
- add .gitignore
- add makefile
This commit is contained in:
2026-06-17 21:16:07 +10:00
parent 3a60d5ea07
commit 2b47de98c7
53 changed files with 824 additions and 0 deletions
+4
View File
@@ -0,0 +1,4 @@
.terraform
.terraform.lock.hcl
.terragrunt-cache
env
+24
View File
@@ -0,0 +1,24 @@
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.4.0
hooks:
- id: end-of-file-fixer
types: [yaml]
- id: trailing-whitespace
types: [yaml]
- repo: https://github.com/gruntwork-io/pre-commit
rev: v0.1.30
hooks:
- id: tofu-fmt
- id: tofu-validate
- id: tflint
- id: terragrunt-hcl-fmt
- repo: https://github.com/adrienverge/yamllint.git
rev: v1.37.1
hooks:
- id: yamllint
args:
[
"-d {extends: relaxed, rules: {line-length: disable}, ignore: chart}",
"-s",
]
+23
View File
@@ -0,0 +1,23 @@
when:
- event: push
branch: main
steps:
- name: apply
image: git.unkin.net/unkin/almalinux9-opentofu:20260606
environment:
VAULT_AUTH_METHOD: kubernetes
commands:
- dnf install vault -y
- make plan
- make apply
backend_options:
kubernetes:
serviceAccountName: terraform-artifactapi
resources:
requests:
memory: 512Mi
cpu: 1
limits:
memory: 2Gi
cpu: 2
+21
View File
@@ -0,0 +1,21 @@
when:
- event: pull_request
steps:
- name: plan
image: git.unkin.net/unkin/almalinux9-opentofu:20260606
environment:
VAULT_AUTH_METHOD: kubernetes
commands:
- dnf install vault -y
- make plan
backend_options:
kubernetes:
serviceAccountName: terraform-artifactapi
resources:
requests:
memory: 512Mi
cpu: 1
limits:
memory: 2Gi
cpu: 2
+18
View File
@@ -0,0 +1,18 @@
when:
- event: pull_request
steps:
- name: pre-commit
image: git.unkin.net/unkin/almalinux9-opentofu:20260606
commands:
- uvx pre-commit run --all-files
backend_options:
kubernetes:
serviceAccountName: default
resources:
requests:
memory: 512Mi
cpu: 1
limits:
memory: 2Gi
cpu: 2
+34
View File
@@ -0,0 +1,34 @@
.PHONY: init plan apply format
VAULT_AUTH_METHOD ?= approle
VAULT_K8S_ROLE ?= woodpecker_terraform_artifactapi
VAULT_K8S_MOUNT ?= auth/k8s/au/syd1
VAULT_K8S_JWT_PATH ?= /var/run/secrets/kubernetes.io/serviceaccount/token
define vault_env
@export VAULT_ADDR="https://vault.service.consul:8200" && \
if [ "$(VAULT_AUTH_METHOD)" = "kubernetes" ]; then \
export VAULT_TOKEN=$$(vault write -field=token $(VAULT_K8S_MOUNT)/login role=$(VAULT_K8S_ROLE) jwt=$$(cat $(VAULT_K8S_JWT_PATH))); \
else \
export VAULT_TOKEN=$$(vault write -field=token auth/approle/login role_id=$$VAULT_ROLEID); \
fi && \
export CONSUL_HTTP_TOKEN=$$(vault read -field=token consul_root/au/syd1/creds/terraform-artifactapi)
endef
init:
@$(call vault_env) && \
terragrunt run --all --non-interactive init -- -upgrade
plan: init
@$(call vault_env) && \
terragrunt run --all --parallelism 4 --non-interactive plan
apply: init
@$(call vault_env) && \
terragrunt run --all --parallelism 2 --non-interactive apply
format:
@echo "Formatting OpenTofu files..."
@tofu fmt -recursive .
@echo "Formatting Terragrunt files..."
@terragrunt hcl fmt
+46
View File
@@ -0,0 +1,46 @@
locals {
config_files = fileset(".", "**/*.yaml")
all_configs = {
for file_path in local.config_files :
file_path => yamldecode(file(file_path))
}
config = {
remote_alpine = {
for file_path, content in local.all_configs :
trimsuffix(basename(file_path), ".yaml") => content
if startswith(file_path, "remote_alpine/")
}
remote_docker = {
for file_path, content in local.all_configs :
trimsuffix(basename(file_path), ".yaml") => content
if startswith(file_path, "remote_docker/")
}
remote_generic = {
for file_path, content in local.all_configs :
trimsuffix(basename(file_path), ".yaml") => content
if startswith(file_path, "remote_generic/")
}
remote_goproxy = {
for file_path, content in local.all_configs :
trimsuffix(basename(file_path), ".yaml") => content
if startswith(file_path, "remote_goproxy/")
}
remote_helm = {
for file_path, content in local.all_configs :
trimsuffix(basename(file_path), ".yaml") => content
if startswith(file_path, "remote_helm/")
}
remote_rpm = {
for file_path, content in local.all_configs :
trimsuffix(basename(file_path), ".yaml") => content
if startswith(file_path, "remote_rpm/")
}
virtual = {
for file_path, content in local.all_configs :
trimsuffix(basename(file_path), ".yaml") => content
if startswith(file_path, "virtual/")
}
}
}
+6
View File
@@ -0,0 +1,6 @@
base_url: https://dl-cdn.alpinelinux.org
description: Alpine Linux APK package repository
immutable_ttl: 0
mutable_ttl: 7200
immutable_patterns:
- ".*/x86_64/.*\\.apk$"
+28
View File
@@ -0,0 +1,28 @@
base_url: https://registry-1.docker.io
description: Docker Hub registry
immutable_ttl: 0
mutable_ttl: 300
patterns:
- "^library/almalinux"
- "^library/busybox"
- "^library/debian"
- "^library/fedora"
- "^library/nginx"
- "^library/postgres"
- "^library/redis"
- "^beats/filebeat"
- "^bitnami/"
- "^curlimages/curl"
- "^emberstack/kubernetes-reflector"
- "^hashicorp/consul"
- "^hashicorp/vault"
- "^jfrog/"
- "^kanidm/"
- "^rancher/"
- "^rspamd/rspamd"
- "^tozd/postfix"
- "^traefik/"
- "^valkey/valkey"
- "^ubi9/ubi-minimal"
- "^victoriametrics/"
- "^woodpeckerci/"
+6
View File
@@ -0,0 +1,6 @@
base_url: https://docker.elastic.co
description: Elastic container registry
immutable_ttl: 0
mutable_ttl: 300
patterns:
- "^eck/eck-operator"
+7
View File
@@ -0,0 +1,7 @@
base_url: https://gcr.io
description: Google Container Registry
immutable_ttl: 0
mutable_ttl: 300
patterns:
- "^k8s-staging-nfd/charts"
- "^k8s-staging-nfd/node-feature-discovery"
+13
View File
@@ -0,0 +1,13 @@
base_url: https://ghcr.io
description: GitHub Container Registry
immutable_ttl: 0
mutable_ttl: 300
patterns:
- "^cloudnative-pg/cloudnative-pg"
- "^emberstack/helm-charts"
- "^open-webui/open-webui"
- "^openvoxproject/"
- "^stakater/reloader"
- "^stalwartlabs/stalwart"
- "^voxpupuli/puppetboard"
- "^woodpecker-ci/helm"
+6
View File
@@ -0,0 +1,6 @@
base_url: https://registry.gitlab.com
description: GitLab container registry
immutable_ttl: 0
mutable_ttl: 300
patterns:
- "^purelb/purelb"
+7
View File
@@ -0,0 +1,7 @@
base_url: https://registry.k8s.io
description: Kubernetes container registry
immutable_ttl: 0
mutable_ttl: 300
patterns:
- "^external-dns/external-dns"
- "^sig-storage/"
+8
View File
@@ -0,0 +1,8 @@
base_url: https://quay.io
description: Quay.io container registry
immutable_ttl: 0
mutable_ttl: 300
patterns:
- "^brancz/kube-rbac-proxy"
- "^cephcsi/cephcsi"
- "^jetstack/cert-manager-"
+11
View File
@@ -0,0 +1,11 @@
base_url: https://downloads.claude.ai
description: Anthropic Claude Code binary releases
immutable_ttl: 0
mutable_ttl: 7200
mutable_patterns:
- "claude-code-releases/.*/manifest.json$"
patterns:
- "claude-code-releases/.*/linux-x64/claude$"
- "claude-code-releases/.*/linux-arm64/claude$"
- "claude-code-releases/.*/linux-x64-musl/claude$"
- "claude-code-releases/.*/linux-arm64-musl/claude$"
+9
View File
@@ -0,0 +1,9 @@
base_url: https://dl.gitea.com
description: Gitea download site
immutable_ttl: 0
mutable_ttl: 7200
patterns:
- "act_runner/.*/act_runner-.*-linux-amd64$"
- "gitea/.*/gitea-.*-linux-amd64$"
- "gitea/.*/gitea-.*-linux-amd64.xz$"
- "tea/.*/tea-.*-linux-amd64$"
+8
View File
@@ -0,0 +1,8 @@
base_url: https://raw.githubusercontent.com
description: GitHub User Content
immutable_ttl: 0
mutable_ttl: 7200
patterns:
- "argoproj/argo-cd/.*.yaml$"
- "yannh/kubernetes-json-schema/master/.*.json$"
- "datreeio/CRDs-catalog/main/.*.json$"
+60
View File
@@ -0,0 +1,60 @@
base_url: https://github.com
description: GitHub releases and files
immutable_ttl: 0
mutable_ttl: 7200
mutable_patterns:
- ".*/archive/refs/heads/.*.tar.gz$"
- "stalwartlabs/webadmin/releases/latest/download/webadmin.zip$"
patterns:
- ".*/archive/refs/tags/.*.tar.gz$"
- "ahmetb/kubectx/.*/kubectx_.*_linux_x86_64.tar.gz$"
- "ahmetb/kubectx/.*/kubens_.*_linux_x86_64.tar.gz$"
- "apple/foundationdb/.*/libfdb_c.x86_64.so$"
- "astral-sh/ruff/.*/ruff-x86_64-unknown-linux-gnu.tar.gz$"
- "astral-sh/uv/.*/uv-x86_64-unknown-linux-gnu.tar.gz$"
- "camptocamp/prometheus-puppetdb-exporter/.*/prometheus-puppetdb-exporter-.*.linux-amd64.tar.gz$"
- "coder/code-server/.*/code-server-.*-amd64.rpm$"
- "containernetworking/plugins/.*/cni-plugins-linux-amd64-.*.tgz"
- "dandavison/delta/.*/delta-.*-x86_64-unknown-linux-musl.tar.gz$"
- "ducaale/xh/.*/xh-.*-x86_64-unknown-linux-musl.tar.gz$"
- "etcd-io/etcd/.*/etcd-.*-linux-amd64.tar.gz$"
- "getsops/sops/.*/sops-v.*\\.linux\\.amd64$"
- "grafana/jsonnet-language-server/.*/jsonnet-language-server_.*_linux_amd64$"
- "gruntwork-io/boilerplate/.*/boilerplate_linux_amd64$"
- "gruntwork-io/terragrunt/.*terragrunt_linux_amd64.*"
- "hadolint/hadolint/.*/hadolint-linux-x86_64$"
- "helmfile/helmfile/.*/helmfile_.*_linux_amd64.tar.gz$"
- "helmfile/vals/.*/vals_.*_linux_amd64.tar.gz$"
- "jesseduffield/lazydocker/.*/lazydocker_.*_Linux_x86_64.tar.gz$"
- "kubecolor/kubecolor/.*/kubecolor_.*_linux_amd64.tar.gz$"
- "kubernetes-sigs/gateway-api/.*/standard-install.yaml$"
- "kubernetes-sigs/kustomize/.*/kustomize_.*_linux_amd64.tar.gz$"
- "lxc/incus/.*.tar.gz$"
- "mikefarah/yq/.*/yq_linux_amd64$"
- "neovim/neovim-releases/.*/nvim-linux-x86_64.tar.gz$"
- "neovim/neovim/.*/nvim-linux-x86_64.tar.gz$"
- "nzbgetcom/nzbget/.*/nzbget-.*.x86_64.rpm$"
- "onedr0p/exportarr/.*/exportarr_.*_linux_amd64.tar.gz$"
- "open-policy-agent/conftest/.*/conftest_.*_Linux_x86_64.tar.gz$"
- "openbao/openbao-plugins/.*/openbao-plugin-secrets-consul_linux_amd64_.*.tar.gz$"
- "openbao/openbao-plugins/.*/openbao-plugin-secrets-nomad_linux_amd64_.*.tar.gz$"
- "prometheus-community/bind_exporter/.*/bind_exporter-.*.linux-amd64.tar.gz$"
- "prometheus-community/pgbouncer_exporter/.*/pgbouncer_exporter-.*.linux-amd64.tar.gz$"
- "prometheus-community/postgres_exporter/.*/postgres_exporter-.*.linux-amd64.tar.gz$"
- "prometheus/node_exporter/.*/node_exporter-.*.linux-amd64.tar.gz$"
- "rancher/rke2/.*/rke2-images.linux-amd64.tar.zst$"
- "stalwartlabs/stalwart/.*/stalwart-cli-x86_64-unknown-linux-gnu.tar.gz$"
- "stalwartlabs/stalwart/.*/stalwart-foundationdb-x86_64-unknown-linux-gnu.tar.gz$"
- "stalwartlabs/stalwart/.*/stalwart-x86_64-unknown-linux-gnu.tar.gz$"
- "starship/starship/.*/starship-x86_64-unknown-linux-musl.tar.gz$"
- "stern/stern/.*/stern_.*_linux_amd64.tar.gz$"
- "terraform-linters/tflint/.*/tflint_linux_amd64.zip$"
- "tynany/frr_exporter/.*/frr_exporter-.*.linux-amd64.tar.gz$"
- "VictoriaMetrics/VictoriaLogs/.*/victoria-logs-linux-amd64-.*.tar.gz$"
- "VictoriaMetrics/VictoriaLogs/.*/vlutils-linux-amd64-.*.tar.gz$"
- "VictoriaMetrics/VictoriaMetrics/.*/victoria-logs-linux-amd64-.*.tar.gz$"
- "VictoriaMetrics/VictoriaMetrics/.*/victoria-metrics-linux-amd64-.*-cluster.tar.gz$"
- "VictoriaMetrics/VictoriaMetrics/.*/vlutils-linux-amd64-.*.tar.gz$"
- "VictoriaMetrics/VictoriaMetrics/.*/vmutils-linux-amd64-.*.tar.gz$"
- "xorpaul/g10k/.*/g10k-.*-linux-amd64.zip$"
- "yannh/kubeconform/.*/kubeconform-linux-amd64.tar.gz$"
@@ -0,0 +1,16 @@
base_url: https://releases.hashicorp.com
description: HashiCorp product releases
immutable_ttl: 0
mutable_ttl: 7200
patterns:
- "terraform/.*terraform_.*_linux_amd64\\.zip$"
- "terraform/.*terraform_.*_windows_amd64\\.zip$"
- "terraform/.*terraform_.*_darwin_amd64\\.zip$"
- "vault/.*vault_.*_linux_amd64\\.zip$"
- "vault/.*vault_.*_windows_amd64\\.zip$"
- "vault/.*vault_.*_darwin_amd64\\.zip$"
- "consul-cni/.*/consul-cni_.*_linux_amd64\\.zip$"
- "consul/.*/consul_.*_linux_amd64\\.zip$"
- "nomad-autoscaler/.*/nomad-autoscaler_.*_linux_amd64\\.zip$"
- "nomad/.*/nomad_.*_linux_amd64\\.zip$"
- "packer/.*/packer_.*_linux_amd64\\.zip$"
+6
View File
@@ -0,0 +1,6 @@
base_url: https://www.rarlab.com
description: RARLab
immutable_ttl: 0
mutable_ttl: 7200
patterns:
- "rar/rarlinux-x64-.*.tar.gz"
+4
View File
@@ -0,0 +1,4 @@
base_url: https://proxy.golang.org
description: Go module proxy
immutable_ttl: 0
mutable_ttl: 300
+7
View File
@@ -0,0 +1,7 @@
base_url: https://argoproj.github.io/argo-helm
description: Argo Project Helm charts (ArgoCD, Image Updater, Rollouts, etc.)
immutable_ttl: 0
mutable_ttl: 3600
check_mutable: true
immutable_patterns:
- "\\.tgz$"
+7
View File
@@ -0,0 +1,7 @@
base_url: https://ceph.github.io/csi-charts
description: Ceph CSI driver Helm charts
immutable_ttl: 0
mutable_ttl: 3600
check_mutable: true
immutable_patterns:
- "\\.tgz$"
+7
View File
@@ -0,0 +1,7 @@
base_url: https://cloudnative-pg.github.io/charts
description: CloudNativePG operator Helm charts
immutable_ttl: 0
mutable_ttl: 3600
check_mutable: true
immutable_patterns:
- "\\.tgz$"
+7
View File
@@ -0,0 +1,7 @@
base_url: https://helm.elastic.co
description: Elastic stack Helm charts
immutable_ttl: 0
mutable_ttl: 3600
check_mutable: true
immutable_patterns:
- "\\.tgz$"
+7
View File
@@ -0,0 +1,7 @@
base_url: https://kubernetes-sigs.github.io/external-dns/
description: ExternalDNS Helm charts
immutable_ttl: 0
mutable_ttl: 3600
check_mutable: true
immutable_patterns:
- "\\.tgz$"
+7
View File
@@ -0,0 +1,7 @@
base_url: https://helm.releases.hashicorp.com
description: HashiCorp Helm charts (Vault Secrets Operator, etc.)
immutable_ttl: 0
mutable_ttl: 3600
check_mutable: true
immutable_patterns:
- "\\.tgz$"
+7
View File
@@ -0,0 +1,7 @@
base_url: https://intel.github.io/helm-charts/
description: Intel Helm charts (device plugins)
immutable_ttl: 0
mutable_ttl: 3600
check_mutable: true
immutable_patterns:
- "\\.tgz$"
+7
View File
@@ -0,0 +1,7 @@
base_url: https://charts.jetstack.io
description: Jetstack Helm charts (cert-manager)
immutable_ttl: 0
mutable_ttl: 3600
check_mutable: true
immutable_patterns:
- "\\.tgz$"
+7
View File
@@ -0,0 +1,7 @@
base_url: https://gitlab.com/api/v4/projects/20400619/packages/helm/stable
description: PureLB load balancer Helm charts
immutable_ttl: 0
mutable_ttl: 3600
check_mutable: true
immutable_patterns:
- "\\.tgz$"
+7
View File
@@ -0,0 +1,7 @@
base_url: https://releases.rancher.com/server-charts/stable
description: Rancher stable Helm charts
immutable_ttl: 0
mutable_ttl: 3600
check_mutable: true
immutable_patterns:
- "\\.tgz$"
+7
View File
@@ -0,0 +1,7 @@
base_url: https://stakater.github.io/stakater-charts
description: Stakater Helm charts (Reloader)
immutable_ttl: 0
mutable_ttl: 3600
check_mutable: true
immutable_patterns:
- "\\.tgz$"
+7
View File
@@ -0,0 +1,7 @@
base_url: https://traefik.github.io/charts
description: Traefik Helm charts
immutable_ttl: 0
mutable_ttl: 3600
check_mutable: true
immutable_patterns:
- "\\.tgz$"
+7
View File
@@ -0,0 +1,7 @@
base_url: https://victoriametrics.github.io/helm-charts/
description: VictoriaMetrics observability Helm charts
immutable_ttl: 0
mutable_ttl: 3600
check_mutable: true
immutable_patterns:
- "\\.tgz$"
+14
View File
@@ -0,0 +1,14 @@
base_url: https://vault.almalinux.org
description: AlmaLinux Vault RPM package repository
immutable_ttl: 0
mutable_ttl: 7200
immutable_patterns:
- ".*/x86_64/.*\\.rpm$"
- ".*/noarch/.*\\.rpm$"
- ".*/repodata/.*\\.sqlite.*$"
- ".*/repodata/.*\\.xml.*$"
- ".*/repodata/.*\\.yaml.*$"
- ".*/install.img"
- ".*/squashfs.img"
- ".*/updates.img"
- ".*/RPM-GPG-KEY-.*$"
+14
View File
@@ -0,0 +1,14 @@
base_url: https://gsl-syd.mm.fcix.net/almalinux
description: AlmaLinux RPM package repository
immutable_ttl: 0
mutable_ttl: 7200
immutable_patterns:
- ".*/x86_64/.*\\.rpm$"
- ".*/noarch/.*\\.rpm$"
- ".*/repodata/.*\\.sqlite.*$"
- ".*/repodata/.*\\.xml.*$"
- ".*/repodata/.*\\.yaml.*$"
- ".*/install.img"
- ".*/squashfs.img"
- ".*/updates.img"
- ".*/RPM-GPG-KEY-.*$"
+8
View File
@@ -0,0 +1,8 @@
base_url: https://download.ceph.com/rpm-reef/
description: Ceph Reef 18
immutable_ttl: 0
mutable_ttl: 7200
immutable_patterns:
- ".*/x86_64/.*\\.rpm$"
- ".*/noarch/.*\\.rpm$"
- ".*/repodata/.*\\.xml.*$"
+8
View File
@@ -0,0 +1,8 @@
base_url: https://download.ceph.com/rpm-squid/
description: Ceph Squid 19
immutable_ttl: 0
mutable_ttl: 7200
immutable_patterns:
- ".*/x86_64/.*\\.rpm$"
- ".*/noarch/.*\\.rpm$"
- ".*/repodata/.*\\.xml.*$"
+8
View File
@@ -0,0 +1,8 @@
base_url: https://download.ceph.com/rpm-tentacle/
description: Ceph Tentacle 20
immutable_ttl: 0
mutable_ttl: 7200
immutable_patterns:
- ".*/x86_64/.*\\.rpm$"
- ".*/noarch/.*\\.rpm$"
- ".*/repodata/.*\\.xml.*$"
+11
View File
@@ -0,0 +1,11 @@
base_url: https://gsl-syd.mm.fcix.net/epel
description: EPEL (Extra Packages for Enterprise Linux)
immutable_ttl: 0
mutable_ttl: 7200
immutable_patterns:
- ".*/Everything/x86_64/.*\\.rpm$"
- ".*/noarch/.*\\.rpm$"
- ".*/repodata/.*\\.sqlite.*$"
- ".*/repodata/.*\\.xml.*$"
- ".*/repodata/.*\\.yaml.*$"
- "RPM-GPG-KEY-.*$"
+10
View File
@@ -0,0 +1,10 @@
base_url: https://gsl-syd.mm.fcix.net/fedora/linux
description: Fedora Linux RPM package repository
immutable_ttl: 0
mutable_ttl: 7200
immutable_patterns:
- "releases/.*/Everything/x86_64/.*\\.rpm$"
- "updates/.*/Everything/x86_64/.*\\.rpm$"
- "development/.*/Everything/x86_64/.*\\.rpm$"
- ".*/noarch/.*\\.rpm$"
- ".*/repodata/.*\\.xml.*$"
+7
View File
@@ -0,0 +1,7 @@
base_url: https://rpm.frrouting.org/repo
description: FRR RPM package repository
immutable_ttl: 0
mutable_ttl: 7200
immutable_patterns:
- ".*\\.rpm$"
- ".*/repodata/.*\\.xml.*$"
+8
View File
@@ -0,0 +1,8 @@
base_url: http://mariadb.mirror.digitalpacific.com.au/yum
description: MariaDB RPM package repository
immutable_ttl: 0
mutable_ttl: 7200
immutable_patterns:
- ".*\\.rpm$"
- ".*/repodata/.*\\.xml.*$"
- ".*/RPM-GPG-KEY-.*$"
+8
View File
@@ -0,0 +1,8 @@
base_url: https://yum.voxpupuli.org
description: OpenVox RPM package repository
immutable_ttl: 0
mutable_ttl: 7200
immutable_patterns:
- ".*\\.rpm$"
- ".*/repodata/.*\\.xml.*$"
- "GPG-KEY-.*$"
+9
View File
@@ -0,0 +1,9 @@
base_url: https://download.postgresql.org/pub/repos/yum
description: PostgreSQL RPM package repository
immutable_ttl: 0
mutable_ttl: 7200
immutable_patterns:
- ".*\\.rpm$"
- ".*/repodata/.*\\.xml.*$"
- ".*/RPM-GPG-KEY-.*$"
- ".*/PGDG-RPM-GPG-KEY-.*$"
+8
View File
@@ -0,0 +1,8 @@
base_url: https://rpm.rancher.io
description: RKE2 RPM package repository
immutable_ttl: 0
mutable_ttl: 7200
immutable_patterns:
- ".*\\.rpm$"
- ".*/repodata/.*\\.xml.*$"
- "public.key$"
+7
View File
@@ -0,0 +1,7 @@
base_url: http://download.zfsonlinux.org
description: ZFS RPM package repository
immutable_ttl: 0
mutable_ttl: 7200
immutable_patterns:
- ".*\\.rpm$"
- ".*/repodata/.*\\.xml.*$"
+16
View File
@@ -0,0 +1,16 @@
package_type: helm
description: "Virtual repository merging all helm remotes — member order is priority order for duplicate chart+version"
members:
- ceph-csi
- cnpg
- elastic-helm
- external-dns
- hashicorp-helm
- intel-helm
- jetstack
- purelb
- rancher-stable
- stakater
- traefik
- victoriametrics
- argo-helm
+27
View File
@@ -0,0 +1,27 @@
include "root" {
path = find_in_parent_folders("root.hcl")
expose = true
}
include "config" {
path = "${get_repo_root()}/config/config.hcl"
expose = true
}
locals {
config = include.config.locals.config
}
terraform {
source = "../../../modules/artifactapi"
}
inputs = {
remote_alpine = local.config.remote_alpine
remote_docker = local.config.remote_docker
remote_generic = local.config.remote_generic
remote_goproxy = local.config.remote_goproxy
remote_helm = local.config.remote_helm
remote_rpm = local.config.remote_rpm
virtual = local.config.virtual
}
+26
View File
@@ -0,0 +1,26 @@
generate "backend" {
path = "backend.tf"
if_exists = "overwrite"
contents = <<EOF
provider "artifactapi" {
endpoint = "https://artifactapi.k8s.syd1.au.unkin.net"
}
terraform {
backend "consul" {
address = "https://consul.service.consul"
path = "infra/terraform/artifactapi/${path_relative_to_include()}/state"
scheme = "https"
lock = true
ca_file = "/etc/pki/tls/certs/ca-bundle.crt"
}
required_version = ">= 1.10"
required_providers {
artifactapi = {
source = "git.unkin.net/unkin/artifactapi"
version = "0.0.1"
}
}
}
EOF
}
+86
View File
@@ -0,0 +1,86 @@
resource "artifactapi_remote_alpine" "this" {
for_each = var.remote_alpine
name = each.key
base_url = each.value.base_url
description = each.value.description
immutable_ttl = each.value.immutable_ttl
mutable_ttl = each.value.mutable_ttl
immutable_patterns = each.value.immutable_patterns
mutable_patterns = each.value.mutable_patterns
stale_on_error = each.value.stale_on_error
}
resource "artifactapi_remote_docker" "this" {
for_each = var.remote_docker
name = each.key
base_url = each.value.base_url
description = each.value.description
immutable_ttl = each.value.immutable_ttl
mutable_ttl = each.value.mutable_ttl
patterns = each.value.patterns
mutable_patterns = each.value.mutable_patterns
stale_on_error = each.value.stale_on_error
ban_tags_enabled = each.value.ban_tags_enabled
ban_tags = each.value.ban_tags
}
resource "artifactapi_remote_generic" "this" {
for_each = var.remote_generic
name = each.key
base_url = each.value.base_url
description = each.value.description
immutable_ttl = each.value.immutable_ttl
mutable_ttl = each.value.mutable_ttl
patterns = each.value.patterns
mutable_patterns = each.value.mutable_patterns
stale_on_error = each.value.stale_on_error
}
resource "artifactapi_remote_goproxy" "this" {
for_each = var.remote_goproxy
name = each.key
base_url = each.value.base_url
description = each.value.description
immutable_ttl = each.value.immutable_ttl
mutable_ttl = each.value.mutable_ttl
stale_on_error = each.value.stale_on_error
}
resource "artifactapi_remote_helm" "this" {
for_each = var.remote_helm
name = each.key
base_url = each.value.base_url
description = each.value.description
immutable_ttl = each.value.immutable_ttl
mutable_ttl = each.value.mutable_ttl
check_mutable = each.value.check_mutable
immutable_patterns = each.value.immutable_patterns
stale_on_error = each.value.stale_on_error
}
resource "artifactapi_remote_rpm" "this" {
for_each = var.remote_rpm
name = each.key
base_url = each.value.base_url
description = each.value.description
immutable_ttl = each.value.immutable_ttl
mutable_ttl = each.value.mutable_ttl
immutable_patterns = each.value.immutable_patterns
mutable_patterns = each.value.mutable_patterns
stale_on_error = each.value.stale_on_error
}
resource "artifactapi_virtual" "this" {
for_each = var.virtual
name = each.key
package_type = each.value.package_type
description = each.value.description
members = each.value.members
}
+93
View File
@@ -0,0 +1,93 @@
variable "remote_alpine" {
description = "Map of Alpine remote repositories"
type = map(object({
base_url = string
description = optional(string, "")
immutable_ttl = optional(number, 0)
mutable_ttl = optional(number, 7200)
immutable_patterns = optional(list(string), [])
mutable_patterns = optional(list(string), [])
stale_on_error = optional(bool, true)
}))
default = {}
}
variable "remote_docker" {
description = "Map of Docker remote repositories"
type = map(object({
base_url = string
description = optional(string, "")
immutable_ttl = optional(number, 0)
mutable_ttl = optional(number, 300)
patterns = optional(list(string), [])
mutable_patterns = optional(list(string), [])
stale_on_error = optional(bool, true)
ban_tags_enabled = optional(bool, false)
ban_tags = optional(list(string), [])
}))
default = {}
}
variable "remote_generic" {
description = "Map of generic remote repositories"
type = map(object({
base_url = string
description = optional(string, "")
immutable_ttl = optional(number, 0)
mutable_ttl = optional(number, 7200)
patterns = optional(list(string), [])
mutable_patterns = optional(list(string), [])
stale_on_error = optional(bool, true)
}))
default = {}
}
variable "remote_goproxy" {
description = "Map of Go module proxy remote repositories"
type = map(object({
base_url = string
description = optional(string, "")
immutable_ttl = optional(number, 0)
mutable_ttl = optional(number, 300)
stale_on_error = optional(bool, true)
}))
default = {}
}
variable "remote_helm" {
description = "Map of Helm chart remote repositories"
type = map(object({
base_url = string
description = optional(string, "")
immutable_ttl = optional(number, 0)
mutable_ttl = optional(number, 3600)
check_mutable = optional(bool, true)
immutable_patterns = optional(list(string), [])
stale_on_error = optional(bool, true)
}))
default = {}
}
variable "remote_rpm" {
description = "Map of RPM remote repositories"
type = map(object({
base_url = string
description = optional(string, "")
immutable_ttl = optional(number, 0)
mutable_ttl = optional(number, 7200)
immutable_patterns = optional(list(string), [])
mutable_patterns = optional(list(string), [])
stale_on_error = optional(bool, true)
}))
default = {}
}
variable "virtual" {
description = "Map of virtual repositories"
type = map(object({
package_type = string
description = optional(string, "")
members = list(string)
}))
default = {}
}