5 Commits

Author SHA1 Message Date
unkinben c42826c6de feat: manage local docker registries
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/plan Pipeline was successful
ArtifactAPI now serves local docker repos as real container registries and the
provider exposes an artifactapi_local_docker resource, but this config had no
way to declare one.

- Add a local_docker variable, module resource, config loader wiring, and
  terragrunt input, mirroring the other local_* kinds.
- Declare a docker-internal registry.
- Expand the README to cover the local_* and virtual kinds.

Depends on a terraform-provider-artifactapi release exposing
artifactapi_local_docker (and a matching .terraform.lock.hcl bump) before apply.
2026-07-05 17:16:17 +10:00
benvin 38ab457ac1 Merge pull request 'feat: initial commit' (#3) from benvin/add-missing-registries into main
ci/woodpecker/push/apply Pipeline was successful
Reviewed-on: #3
2026-07-03 23:35:30 +10:00
unkinben 9351ea30a9 fix: declare provider requirement in the artifactapi module
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/plan Pipeline was successful
pre-commit runs `tofu validate`/tflint on modules/artifactapi standalone, where
no required_providers was declared, so OpenTofu inferred hashicorp/artifactapi
and failed (and tflint flagged missing required_version/version constraint).

- add modules/artifactapi/versions.tf declaring required_version and the
  artifactapi provider (source = the registry, version >= 0.1.2)
- drop the now-duplicate required_providers from root.hcl's generated backend.tf;
  keep the provider config block + backend. Declaring it in both the module and
  the generated root would be a "Duplicate required providers" error at runtime.

Also revert the earlier init lock-cleanup: the CI failure was stale provider
references in state (fixed with `tofu state replace-provider`), not the lock.
2026-07-03 23:34:19 +10:00
unkinben 292392a024 fix(ci): clear stale provider locks before init
ci/woodpecker/pr/pre-commit Pipeline failed
ci/woodpecker/pr/plan Pipeline failed
The provider source moved from git.unkin.net/unkin/artifactapi to
artifactapi.k8s.syd1.au.unkin.net/terraform-unkin/artifactapi. .terraform.lock.hcl
is gitignored, so a CI runner reusing a workspace/cache keeps a lock pinning the
old source; some OpenTofu versions then try to re-resolve git.unkin.net (which
isn't a registry) instead of dropping it, failing init.

Delete any .terraform.lock.hcl before `terragrunt run --all init -- -upgrade` so
providers resolve purely from config.
2026-07-03 21:48:57 +10:00
unkinben 9058eb3f59 feat: initial commit
ci/woodpecker/pr/pre-commit Pipeline failed
ci/woodpecker/pr/plan Pipeline was successful
- add modules
- add config
- add environments
- add .gitignore
- add makefile

Wire up config.hcl, variables, and terragrunt inputs for all new types.
2026-07-03 21:29:02 +10:00
20 changed files with 76 additions and 9 deletions
+9 -1
View File
@@ -1,3 +1,11 @@
# terraform-artifactapi
Terraform configuration for managing ArtifactAPI remote and virtual repositories
Terraform configuration for managing ArtifactAPI remote, local, and virtual repositories.
Repositories are declared as YAML files under `config/<kind>/<name>.yaml`, where the
filename is the repository name. `make plan` / `make apply` (via Terragrunt) reconcile
them against the ArtifactAPI instance.
Kinds: `remote_*` (caching proxies of an upstream), `local_*` (real registries hosted
directly — `local_docker`, `local_pypi`, `local_rpm`, `local_terraform`), and `virtual`
(merged views over members of one package type).
+5
View File
@@ -57,6 +57,11 @@ locals {
trimsuffix(basename(file_path), ".yaml") => content
if startswith(file_path, "local_rpm/")
}
local_docker = {
for file_path, content in local.all_configs :
trimsuffix(basename(file_path), ".yaml") => content
if startswith(file_path, "local_docker/")
}
virtual = {
for file_path, content in local.all_configs :
trimsuffix(basename(file_path), ".yaml") => content
+1
View File
@@ -0,0 +1 @@
description: "Internal container image registry"
+1
View File
@@ -0,0 +1 @@
description: "Internal RPM packages for Enterprise Linux 10 (RHEL/AlmaLinux/Rocky 10)"
+1
View File
@@ -0,0 +1 @@
description: "Internal RPM packages for Enterprise Linux 8 (RHEL/AlmaLinux/Rocky 8)"
+1
View File
@@ -0,0 +1 @@
description: "Internal RPM packages for Enterprise Linux 9 (RHEL/AlmaLinux/Rocky 9)"
+1
View File
@@ -0,0 +1 @@
description: "Internal RPM packages for Fedora 42"
+1
View File
@@ -0,0 +1 @@
description: "Internal RPM packages for Fedora 43"
+1
View File
@@ -0,0 +1 @@
description: "Internal RPM packages for Fedora 44"
+1 -1
View File
@@ -1 +1 @@
description: "Internal RPM packages"
description: "Internal RPM packages (distribution-agnostic)"
+7
View File
@@ -3,7 +3,9 @@ description: Docker Hub registry
immutable_ttl: 0
mutable_ttl: 300
patterns:
- "^alpine/"
- "^library/almalinux"
- "^library/alpine"
- "^library/busybox"
- "^library/debian"
- "^library/fedora"
@@ -16,10 +18,15 @@ patterns:
- "^emberstack/kubernetes-reflector"
- "^hashicorp/consul"
- "^hashicorp/vault"
- "^intel/"
- "^internetsystemsconsortium/bind9"
- "^jfrog/"
- "^jpgouin/"
- "^kanidm/"
- "^osixia/"
- "^rancher/"
- "^rspamd/rspamd"
- "^tiredofit/"
- "^tozd/postfix"
- "^traefik/"
- "^valkey/valkey"
+6
View File
@@ -0,0 +1,6 @@
base_url: https://public.ecr.aws
description: Amazon ECR Public registry
immutable_ttl: 0
mutable_ttl: 300
patterns:
- "^docker/library/"
+9 -1
View File
@@ -3,10 +3,18 @@ description: GitHub Container Registry
immutable_ttl: 0
mutable_ttl: 300
patterns:
- "^cloudnative-pg/cloudnative-pg"
- "^cloudnative-pg/"
- "^dexidp/"
- "^emberstack/helm-charts"
- "^fallenbagel/"
- "^goauthentik/"
- "^home-operations/"
- "^jellyfin/"
- "^onedr0p/"
- "^open-webui/open-webui"
- "^openvoxproject/"
- "^paperclipai/"
- "^plexguide/"
- "^stakater/reloader"
- "^stalwartlabs/stalwart"
- "^voxpupuli/puppetboard"
+6
View File
@@ -0,0 +1,6 @@
base_url: https://docker.litellm.ai
description: LiteLLM container registry
immutable_ttl: 0
mutable_ttl: 300
patterns:
- "^berriai/"
+1
View File
@@ -3,6 +3,7 @@ description: Quay.io container registry
immutable_ttl: 0
mutable_ttl: 300
patterns:
- "^argoproj/"
- "^brancz/kube-rbac-proxy"
- "^cephcsi/cephcsi"
- "^jetstack/cert-manager-"
@@ -27,5 +27,6 @@ inputs = {
local_terraform = local.config.local_terraform
local_pypi = local.config.local_pypi
local_rpm = local.config.local_rpm
local_docker = local.config.local_docker
virtual = local.config.virtual
}
-6
View File
@@ -15,12 +15,6 @@ terraform {
ca_file = "/etc/pki/tls/certs/ca-bundle.crt"
}
required_version = ">= 1.10"
required_providers {
artifactapi = {
source = "git.unkin.net/unkin/artifactapi"
version = "0.1.0"
}
}
}
EOF
}
+7
View File
@@ -110,6 +110,13 @@ resource "artifactapi_local_rpm" "this" {
description = each.value.description
}
resource "artifactapi_local_docker" "this" {
for_each = var.local_docker
name = each.key
description = each.value.description
}
resource "artifactapi_virtual" "this" {
for_each = var.virtual
+8
View File
@@ -120,6 +120,14 @@ variable "local_terraform" {
default = {}
}
variable "local_docker" {
description = "Map of local Docker repositories (real container registries)"
type = map(object({
description = optional(string, "")
}))
default = {}
}
variable "virtual" {
description = "Map of virtual repositories"
type = map(object({
+9
View File
@@ -0,0 +1,9 @@
terraform {
required_version = ">= 1.10"
required_providers {
artifactapi = {
source = "artifactapi.k8s.syd1.au.unkin.net/terraform-unkin/artifactapi"
version = "0.1.3"
}
}
}