Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 32515c72ca |
@@ -0,0 +1,4 @@
|
||||
.terraform
|
||||
.terraform.lock.hcl
|
||||
.terragrunt-cache
|
||||
env
|
||||
@@ -0,0 +1,24 @@
|
||||
repos:
|
||||
- repo: https://github.com/pre-commit/pre-commit-hooks
|
||||
rev: v4.4.0
|
||||
hooks:
|
||||
- id: end-of-file-fixer
|
||||
types: [yaml]
|
||||
- id: trailing-whitespace
|
||||
types: [yaml]
|
||||
- repo: https://github.com/gruntwork-io/pre-commit
|
||||
rev: v0.1.30
|
||||
hooks:
|
||||
- id: tofu-fmt
|
||||
- id: tofu-validate
|
||||
- id: tflint
|
||||
- id: terragrunt-hcl-fmt
|
||||
- repo: https://github.com/adrienverge/yamllint.git
|
||||
rev: v1.37.1
|
||||
hooks:
|
||||
- id: yamllint
|
||||
args:
|
||||
[
|
||||
"-d {extends: relaxed, rules: {line-length: disable}, ignore: chart}",
|
||||
"-s",
|
||||
]
|
||||
@@ -0,0 +1,23 @@
|
||||
when:
|
||||
- event: push
|
||||
branch: main
|
||||
|
||||
steps:
|
||||
- name: apply
|
||||
image: git.unkin.net/unkin/almalinux9-opentofu:20260606
|
||||
environment:
|
||||
VAULT_AUTH_METHOD: kubernetes
|
||||
commands:
|
||||
- dnf install vault -y
|
||||
- make plan
|
||||
- make apply
|
||||
backend_options:
|
||||
kubernetes:
|
||||
serviceAccountName: terraform-artifactapi
|
||||
resources:
|
||||
requests:
|
||||
memory: 512Mi
|
||||
cpu: 1
|
||||
limits:
|
||||
memory: 2Gi
|
||||
cpu: 2
|
||||
@@ -0,0 +1,21 @@
|
||||
when:
|
||||
- event: pull_request
|
||||
|
||||
steps:
|
||||
- name: plan
|
||||
image: git.unkin.net/unkin/almalinux9-opentofu:20260606
|
||||
environment:
|
||||
VAULT_AUTH_METHOD: kubernetes
|
||||
commands:
|
||||
- dnf install vault -y
|
||||
- make plan
|
||||
backend_options:
|
||||
kubernetes:
|
||||
serviceAccountName: terraform-artifactapi
|
||||
resources:
|
||||
requests:
|
||||
memory: 512Mi
|
||||
cpu: 1
|
||||
limits:
|
||||
memory: 2Gi
|
||||
cpu: 2
|
||||
@@ -0,0 +1,18 @@
|
||||
when:
|
||||
- event: pull_request
|
||||
|
||||
steps:
|
||||
- name: pre-commit
|
||||
image: git.unkin.net/unkin/almalinux9-opentofu:20260606
|
||||
commands:
|
||||
- uvx pre-commit run --all-files
|
||||
backend_options:
|
||||
kubernetes:
|
||||
serviceAccountName: default
|
||||
resources:
|
||||
requests:
|
||||
memory: 512Mi
|
||||
cpu: 1
|
||||
limits:
|
||||
memory: 2Gi
|
||||
cpu: 2
|
||||
@@ -0,0 +1,34 @@
|
||||
.PHONY: init plan apply format
|
||||
|
||||
VAULT_AUTH_METHOD ?= approle
|
||||
VAULT_K8S_ROLE ?= woodpecker_terraform_artifactapi
|
||||
VAULT_K8S_MOUNT ?= auth/k8s/au/syd1
|
||||
VAULT_K8S_JWT_PATH ?= /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
|
||||
define vault_env
|
||||
@export VAULT_ADDR="https://vault.service.consul:8200" && \
|
||||
if [ "$(VAULT_AUTH_METHOD)" = "kubernetes" ]; then \
|
||||
export VAULT_TOKEN=$$(vault write -field=token $(VAULT_K8S_MOUNT)/login role=$(VAULT_K8S_ROLE) jwt=$$(cat $(VAULT_K8S_JWT_PATH))); \
|
||||
else \
|
||||
export VAULT_TOKEN=$$(vault write -field=token auth/approle/login role_id=$$VAULT_ROLEID); \
|
||||
fi && \
|
||||
export CONSUL_HTTP_TOKEN=$$(vault read -field=token consul_root/au/syd1/creds/terraform-artifactapi)
|
||||
endef
|
||||
|
||||
init:
|
||||
@$(call vault_env) && \
|
||||
terragrunt run --all --non-interactive init -- -upgrade
|
||||
|
||||
plan: init
|
||||
@$(call vault_env) && \
|
||||
terragrunt run --all --parallelism 4 --non-interactive plan
|
||||
|
||||
apply: init
|
||||
@$(call vault_env) && \
|
||||
terragrunt run --all --parallelism 2 --non-interactive apply
|
||||
|
||||
format:
|
||||
@echo "Formatting OpenTofu files..."
|
||||
@tofu fmt -recursive .
|
||||
@echo "Formatting Terragrunt files..."
|
||||
@terragrunt hcl fmt
|
||||
@@ -0,0 +1,66 @@
|
||||
locals {
|
||||
config_files = fileset(".", "**/*.yaml")
|
||||
|
||||
all_configs = {
|
||||
for file_path in local.config_files :
|
||||
file_path => yamldecode(file(file_path))
|
||||
}
|
||||
|
||||
config = {
|
||||
remote_alpine = {
|
||||
for file_path, content in local.all_configs :
|
||||
trimsuffix(basename(file_path), ".yaml") => content
|
||||
if startswith(file_path, "remote_alpine/")
|
||||
}
|
||||
remote_docker = {
|
||||
for file_path, content in local.all_configs :
|
||||
trimsuffix(basename(file_path), ".yaml") => content
|
||||
if startswith(file_path, "remote_docker/")
|
||||
}
|
||||
remote_generic = {
|
||||
for file_path, content in local.all_configs :
|
||||
trimsuffix(basename(file_path), ".yaml") => content
|
||||
if startswith(file_path, "remote_generic/")
|
||||
}
|
||||
remote_goproxy = {
|
||||
for file_path, content in local.all_configs :
|
||||
trimsuffix(basename(file_path), ".yaml") => content
|
||||
if startswith(file_path, "remote_goproxy/")
|
||||
}
|
||||
remote_helm = {
|
||||
for file_path, content in local.all_configs :
|
||||
trimsuffix(basename(file_path), ".yaml") => content
|
||||
if startswith(file_path, "remote_helm/")
|
||||
}
|
||||
remote_pypi = {
|
||||
for file_path, content in local.all_configs :
|
||||
trimsuffix(basename(file_path), ".yaml") => content
|
||||
if startswith(file_path, "remote_pypi/")
|
||||
}
|
||||
remote_rpm = {
|
||||
for file_path, content in local.all_configs :
|
||||
trimsuffix(basename(file_path), ".yaml") => content
|
||||
if startswith(file_path, "remote_rpm/")
|
||||
}
|
||||
local_terraform = {
|
||||
for file_path, content in local.all_configs :
|
||||
trimsuffix(basename(file_path), ".yaml") => content
|
||||
if startswith(file_path, "local_terraform/")
|
||||
}
|
||||
local_pypi = {
|
||||
for file_path, content in local.all_configs :
|
||||
trimsuffix(basename(file_path), ".yaml") => content
|
||||
if startswith(file_path, "local_pypi/")
|
||||
}
|
||||
local_rpm = {
|
||||
for file_path, content in local.all_configs :
|
||||
trimsuffix(basename(file_path), ".yaml") => content
|
||||
if startswith(file_path, "local_rpm/")
|
||||
}
|
||||
virtual = {
|
||||
for file_path, content in local.all_configs :
|
||||
trimsuffix(basename(file_path), ".yaml") => content
|
||||
if startswith(file_path, "virtual/")
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
description: "Internal PyPI packages"
|
||||
@@ -0,0 +1 @@
|
||||
description: "Internal RPM packages"
|
||||
@@ -0,0 +1 @@
|
||||
description: "Unkin Terraform modules"
|
||||
@@ -0,0 +1,6 @@
|
||||
base_url: https://dl-cdn.alpinelinux.org
|
||||
description: Alpine Linux APK package repository
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 7200
|
||||
immutable_patterns:
|
||||
- ".*/x86_64/.*\\.apk$"
|
||||
@@ -0,0 +1,34 @@
|
||||
base_url: https://registry-1.docker.io
|
||||
description: Docker Hub registry
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 300
|
||||
patterns:
|
||||
- "^alpine/"
|
||||
- "^library/almalinux"
|
||||
- "^library/alpine"
|
||||
- "^library/busybox"
|
||||
- "^library/debian"
|
||||
- "^library/fedora"
|
||||
- "^library/nginx"
|
||||
- "^library/postgres"
|
||||
- "^library/redis"
|
||||
- "^beats/filebeat"
|
||||
- "^bitnami/"
|
||||
- "^curlimages/curl"
|
||||
- "^emberstack/kubernetes-reflector"
|
||||
- "^hashicorp/consul"
|
||||
- "^hashicorp/vault"
|
||||
- "^intel/"
|
||||
- "^jfrog/"
|
||||
- "^jpgouin/"
|
||||
- "^kanidm/"
|
||||
- "^osixia/"
|
||||
- "^rancher/"
|
||||
- "^rspamd/rspamd"
|
||||
- "^tiredofit/"
|
||||
- "^tozd/postfix"
|
||||
- "^traefik/"
|
||||
- "^valkey/valkey"
|
||||
- "^ubi9/ubi-minimal"
|
||||
- "^victoriametrics/"
|
||||
- "^woodpeckerci/"
|
||||
@@ -0,0 +1,6 @@
|
||||
base_url: https://public.ecr.aws
|
||||
description: Amazon ECR Public registry
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 300
|
||||
patterns:
|
||||
- "^docker/library/"
|
||||
@@ -0,0 +1,6 @@
|
||||
base_url: https://docker.elastic.co
|
||||
description: Elastic container registry
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 300
|
||||
patterns:
|
||||
- "^eck/eck-operator"
|
||||
@@ -0,0 +1,7 @@
|
||||
base_url: https://gcr.io
|
||||
description: Google Container Registry
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 300
|
||||
patterns:
|
||||
- "^k8s-staging-nfd/charts"
|
||||
- "^k8s-staging-nfd/node-feature-discovery"
|
||||
@@ -0,0 +1,21 @@
|
||||
base_url: https://ghcr.io
|
||||
description: GitHub Container Registry
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 300
|
||||
patterns:
|
||||
- "^cloudnative-pg/"
|
||||
- "^dexidp/"
|
||||
- "^emberstack/helm-charts"
|
||||
- "^fallenbagel/"
|
||||
- "^goauthentik/"
|
||||
- "^home-operations/"
|
||||
- "^jellyfin/"
|
||||
- "^onedr0p/"
|
||||
- "^open-webui/open-webui"
|
||||
- "^openvoxproject/"
|
||||
- "^paperclipai/"
|
||||
- "^plexguide/"
|
||||
- "^stakater/reloader"
|
||||
- "^stalwartlabs/stalwart"
|
||||
- "^voxpupuli/puppetboard"
|
||||
- "^woodpecker-ci/helm"
|
||||
@@ -0,0 +1,6 @@
|
||||
base_url: https://registry.gitlab.com
|
||||
description: GitLab container registry
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 300
|
||||
patterns:
|
||||
- "^purelb/purelb"
|
||||
@@ -0,0 +1,7 @@
|
||||
base_url: https://registry.k8s.io
|
||||
description: Kubernetes container registry
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 300
|
||||
patterns:
|
||||
- "^external-dns/external-dns"
|
||||
- "^sig-storage/"
|
||||
@@ -0,0 +1,6 @@
|
||||
base_url: https://docker.litellm.ai
|
||||
description: LiteLLM container registry
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 300
|
||||
patterns:
|
||||
- "^berriai/"
|
||||
@@ -0,0 +1,9 @@
|
||||
base_url: https://quay.io
|
||||
description: Quay.io container registry
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 300
|
||||
patterns:
|
||||
- "^argoproj/"
|
||||
- "^brancz/kube-rbac-proxy"
|
||||
- "^cephcsi/cephcsi"
|
||||
- "^jetstack/cert-manager-"
|
||||
@@ -0,0 +1,11 @@
|
||||
base_url: https://downloads.claude.ai
|
||||
description: Anthropic Claude Code binary releases
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 7200
|
||||
mutable_patterns:
|
||||
- "claude-code-releases/.*/manifest.json$"
|
||||
patterns:
|
||||
- "claude-code-releases/.*/linux-x64/claude$"
|
||||
- "claude-code-releases/.*/linux-arm64/claude$"
|
||||
- "claude-code-releases/.*/linux-x64-musl/claude$"
|
||||
- "claude-code-releases/.*/linux-arm64-musl/claude$"
|
||||
@@ -0,0 +1,9 @@
|
||||
base_url: https://dl.gitea.com
|
||||
description: Gitea download site
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 7200
|
||||
patterns:
|
||||
- "act_runner/.*/act_runner-.*-linux-amd64$"
|
||||
- "gitea/.*/gitea-.*-linux-amd64$"
|
||||
- "gitea/.*/gitea-.*-linux-amd64.xz$"
|
||||
- "tea/.*/tea-.*-linux-amd64$"
|
||||
@@ -0,0 +1,60 @@
|
||||
base_url: https://github.com
|
||||
description: GitHub releases and files
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 7200
|
||||
mutable_patterns:
|
||||
- ".*/archive/refs/heads/.*.tar.gz$"
|
||||
- "stalwartlabs/webadmin/releases/latest/download/webadmin.zip$"
|
||||
patterns:
|
||||
- ".*/archive/refs/tags/.*.tar.gz$"
|
||||
- "ahmetb/kubectx/.*/kubectx_.*_linux_x86_64.tar.gz$"
|
||||
- "ahmetb/kubectx/.*/kubens_.*_linux_x86_64.tar.gz$"
|
||||
- "apple/foundationdb/.*/libfdb_c.x86_64.so$"
|
||||
- "astral-sh/ruff/.*/ruff-x86_64-unknown-linux-gnu.tar.gz$"
|
||||
- "astral-sh/uv/.*/uv-x86_64-unknown-linux-gnu.tar.gz$"
|
||||
- "camptocamp/prometheus-puppetdb-exporter/.*/prometheus-puppetdb-exporter-.*.linux-amd64.tar.gz$"
|
||||
- "coder/code-server/.*/code-server-.*-amd64.rpm$"
|
||||
- "containernetworking/plugins/.*/cni-plugins-linux-amd64-.*.tgz"
|
||||
- "dandavison/delta/.*/delta-.*-x86_64-unknown-linux-musl.tar.gz$"
|
||||
- "ducaale/xh/.*/xh-.*-x86_64-unknown-linux-musl.tar.gz$"
|
||||
- "etcd-io/etcd/.*/etcd-.*-linux-amd64.tar.gz$"
|
||||
- "getsops/sops/.*/sops-v.*\\.linux\\.amd64$"
|
||||
- "grafana/jsonnet-language-server/.*/jsonnet-language-server_.*_linux_amd64$"
|
||||
- "gruntwork-io/boilerplate/.*/boilerplate_linux_amd64$"
|
||||
- "gruntwork-io/terragrunt/.*terragrunt_linux_amd64.*"
|
||||
- "hadolint/hadolint/.*/hadolint-linux-x86_64$"
|
||||
- "helmfile/helmfile/.*/helmfile_.*_linux_amd64.tar.gz$"
|
||||
- "helmfile/vals/.*/vals_.*_linux_amd64.tar.gz$"
|
||||
- "jesseduffield/lazydocker/.*/lazydocker_.*_Linux_x86_64.tar.gz$"
|
||||
- "kubecolor/kubecolor/.*/kubecolor_.*_linux_amd64.tar.gz$"
|
||||
- "kubernetes-sigs/gateway-api/.*/standard-install.yaml$"
|
||||
- "kubernetes-sigs/kustomize/.*/kustomize_.*_linux_amd64.tar.gz$"
|
||||
- "lxc/incus/.*.tar.gz$"
|
||||
- "mikefarah/yq/.*/yq_linux_amd64$"
|
||||
- "neovim/neovim-releases/.*/nvim-linux-x86_64.tar.gz$"
|
||||
- "neovim/neovim/.*/nvim-linux-x86_64.tar.gz$"
|
||||
- "nzbgetcom/nzbget/.*/nzbget-.*.x86_64.rpm$"
|
||||
- "onedr0p/exportarr/.*/exportarr_.*_linux_amd64.tar.gz$"
|
||||
- "open-policy-agent/conftest/.*/conftest_.*_Linux_x86_64.tar.gz$"
|
||||
- "openbao/openbao-plugins/.*/openbao-plugin-secrets-consul_linux_amd64_.*.tar.gz$"
|
||||
- "openbao/openbao-plugins/.*/openbao-plugin-secrets-nomad_linux_amd64_.*.tar.gz$"
|
||||
- "prometheus-community/bind_exporter/.*/bind_exporter-.*.linux-amd64.tar.gz$"
|
||||
- "prometheus-community/pgbouncer_exporter/.*/pgbouncer_exporter-.*.linux-amd64.tar.gz$"
|
||||
- "prometheus-community/postgres_exporter/.*/postgres_exporter-.*.linux-amd64.tar.gz$"
|
||||
- "prometheus/node_exporter/.*/node_exporter-.*.linux-amd64.tar.gz$"
|
||||
- "rancher/rke2/.*/rke2-images.linux-amd64.tar.zst$"
|
||||
- "stalwartlabs/stalwart/.*/stalwart-cli-x86_64-unknown-linux-gnu.tar.gz$"
|
||||
- "stalwartlabs/stalwart/.*/stalwart-foundationdb-x86_64-unknown-linux-gnu.tar.gz$"
|
||||
- "stalwartlabs/stalwart/.*/stalwart-x86_64-unknown-linux-gnu.tar.gz$"
|
||||
- "starship/starship/.*/starship-x86_64-unknown-linux-musl.tar.gz$"
|
||||
- "stern/stern/.*/stern_.*_linux_amd64.tar.gz$"
|
||||
- "terraform-linters/tflint/.*/tflint_linux_amd64.zip$"
|
||||
- "tynany/frr_exporter/.*/frr_exporter-.*.linux-amd64.tar.gz$"
|
||||
- "VictoriaMetrics/VictoriaLogs/.*/victoria-logs-linux-amd64-.*.tar.gz$"
|
||||
- "VictoriaMetrics/VictoriaLogs/.*/vlutils-linux-amd64-.*.tar.gz$"
|
||||
- "VictoriaMetrics/VictoriaMetrics/.*/victoria-logs-linux-amd64-.*.tar.gz$"
|
||||
- "VictoriaMetrics/VictoriaMetrics/.*/victoria-metrics-linux-amd64-.*-cluster.tar.gz$"
|
||||
- "VictoriaMetrics/VictoriaMetrics/.*/vlutils-linux-amd64-.*.tar.gz$"
|
||||
- "VictoriaMetrics/VictoriaMetrics/.*/vmutils-linux-amd64-.*.tar.gz$"
|
||||
- "xorpaul/g10k/.*/g10k-.*-linux-amd64.zip$"
|
||||
- "yannh/kubeconform/.*/kubeconform-linux-amd64.tar.gz$"
|
||||
@@ -0,0 +1,9 @@
|
||||
base_url: https://raw.githubusercontent.com
|
||||
description: GitHub User Content
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 7200
|
||||
patterns:
|
||||
- "argoproj/argo-cd/.*.yaml$"
|
||||
- "datreeio/CRDs-catalog/main/.*.json$"
|
||||
- "kubernetes/kubernetes/.*.json$"
|
||||
- "yannh/kubernetes-json-schema/master/.*.json$"
|
||||
@@ -0,0 +1,16 @@
|
||||
base_url: https://releases.hashicorp.com
|
||||
description: HashiCorp product releases
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 7200
|
||||
patterns:
|
||||
- "terraform/.*terraform_.*_linux_amd64\\.zip$"
|
||||
- "terraform/.*terraform_.*_windows_amd64\\.zip$"
|
||||
- "terraform/.*terraform_.*_darwin_amd64\\.zip$"
|
||||
- "vault/.*vault_.*_linux_amd64\\.zip$"
|
||||
- "vault/.*vault_.*_windows_amd64\\.zip$"
|
||||
- "vault/.*vault_.*_darwin_amd64\\.zip$"
|
||||
- "consul-cni/.*/consul-cni_.*_linux_amd64\\.zip$"
|
||||
- "consul/.*/consul_.*_linux_amd64\\.zip$"
|
||||
- "nomad-autoscaler/.*/nomad-autoscaler_.*_linux_amd64\\.zip$"
|
||||
- "nomad/.*/nomad_.*_linux_amd64\\.zip$"
|
||||
- "packer/.*/packer_.*_linux_amd64\\.zip$"
|
||||
@@ -0,0 +1,6 @@
|
||||
base_url: https://www.rarlab.com
|
||||
description: RARLab
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 7200
|
||||
patterns:
|
||||
- "rar/rarlinux-x64-.*.tar.gz"
|
||||
@@ -0,0 +1,4 @@
|
||||
base_url: https://proxy.golang.org
|
||||
description: Go module proxy
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 300
|
||||
@@ -0,0 +1,7 @@
|
||||
base_url: https://argoproj.github.io/argo-helm
|
||||
description: Argo Project Helm charts (ArgoCD, Image Updater, Rollouts, etc.)
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 3600
|
||||
check_mutable: true
|
||||
immutable_patterns:
|
||||
- "\\.tgz$"
|
||||
@@ -0,0 +1,7 @@
|
||||
base_url: https://charts.goauthentik.io
|
||||
description: Authentik Charts
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 3600
|
||||
check_mutable: true
|
||||
immutable_patterns:
|
||||
- "\\.tgz$"
|
||||
@@ -0,0 +1,7 @@
|
||||
base_url: https://ceph.github.io/csi-charts
|
||||
description: Ceph CSI driver Helm charts
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 3600
|
||||
check_mutable: true
|
||||
immutable_patterns:
|
||||
- "\\.tgz$"
|
||||
@@ -0,0 +1,7 @@
|
||||
base_url: https://cloudnative-pg.github.io/charts
|
||||
description: CloudNativePG operator Helm charts
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 3600
|
||||
check_mutable: true
|
||||
immutable_patterns:
|
||||
- "\\.tgz$"
|
||||
@@ -0,0 +1,7 @@
|
||||
base_url: https://helm.elastic.co
|
||||
description: Elastic stack Helm charts
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 3600
|
||||
check_mutable: true
|
||||
immutable_patterns:
|
||||
- "\\.tgz$"
|
||||
@@ -0,0 +1,7 @@
|
||||
base_url: https://kubernetes-sigs.github.io/external-dns/
|
||||
description: ExternalDNS Helm charts
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 3600
|
||||
check_mutable: true
|
||||
immutable_patterns:
|
||||
- "\\.tgz$"
|
||||
@@ -0,0 +1,7 @@
|
||||
base_url: https://grafana.github.io/helm-charts
|
||||
description: Grafana Helm charts
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 3600
|
||||
check_mutable: true
|
||||
immutable_patterns:
|
||||
- "\\.tgz$"
|
||||
@@ -0,0 +1,7 @@
|
||||
base_url: https://helm.releases.hashicorp.com
|
||||
description: HashiCorp Helm charts (Vault Secrets Operator, etc.)
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 3600
|
||||
check_mutable: true
|
||||
immutable_patterns:
|
||||
- "\\.tgz$"
|
||||
@@ -0,0 +1,7 @@
|
||||
base_url: https://intel.github.io/helm-charts/
|
||||
description: Intel Helm charts (device plugins)
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 3600
|
||||
check_mutable: true
|
||||
immutable_patterns:
|
||||
- "\\.tgz$"
|
||||
@@ -0,0 +1,7 @@
|
||||
base_url: https://charts.jetstack.io
|
||||
description: Jetstack Helm charts (cert-manager)
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 3600
|
||||
check_mutable: true
|
||||
immutable_patterns:
|
||||
- "\\.tgz$"
|
||||
@@ -0,0 +1,7 @@
|
||||
base_url: https://gitlab.com/api/v4/projects/20400619/packages/helm/stable
|
||||
description: PureLB load balancer Helm charts
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 3600
|
||||
check_mutable: true
|
||||
immutable_patterns:
|
||||
- "\\.tgz$"
|
||||
@@ -0,0 +1,7 @@
|
||||
base_url: https://releases.rancher.com/server-charts/stable
|
||||
description: Rancher stable Helm charts
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 3600
|
||||
check_mutable: true
|
||||
immutable_patterns:
|
||||
- "\\.tgz$"
|
||||
@@ -0,0 +1,7 @@
|
||||
base_url: https://stakater.github.io/stakater-charts
|
||||
description: Stakater Helm charts (Reloader)
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 3600
|
||||
check_mutable: true
|
||||
immutable_patterns:
|
||||
- "\\.tgz$"
|
||||
@@ -0,0 +1,7 @@
|
||||
base_url: https://traefik.github.io/charts
|
||||
description: Traefik Helm charts
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 3600
|
||||
check_mutable: true
|
||||
immutable_patterns:
|
||||
- "\\.tgz$"
|
||||
@@ -0,0 +1,7 @@
|
||||
base_url: https://victoriametrics.github.io/helm-charts/
|
||||
description: VictoriaMetrics observability Helm charts
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 3600
|
||||
check_mutable: true
|
||||
immutable_patterns:
|
||||
- "\\.tgz$"
|
||||
@@ -0,0 +1,5 @@
|
||||
base_url: https://pypi.org
|
||||
description: "PyPI — Python Package Index"
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 3600
|
||||
stale_on_error: true
|
||||
@@ -0,0 +1,14 @@
|
||||
base_url: https://vault.almalinux.org
|
||||
description: AlmaLinux Vault RPM package repository
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 7200
|
||||
immutable_patterns:
|
||||
- ".*/x86_64/.*\\.rpm$"
|
||||
- ".*/noarch/.*\\.rpm$"
|
||||
- ".*/repodata/.*\\.sqlite.*$"
|
||||
- ".*/repodata/.*\\.xml.*$"
|
||||
- ".*/repodata/.*\\.yaml.*$"
|
||||
- ".*/install.img"
|
||||
- ".*/squashfs.img"
|
||||
- ".*/updates.img"
|
||||
- ".*/RPM-GPG-KEY-.*$"
|
||||
@@ -0,0 +1,14 @@
|
||||
base_url: https://gsl-syd.mm.fcix.net/almalinux
|
||||
description: AlmaLinux RPM package repository
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 7200
|
||||
immutable_patterns:
|
||||
- ".*/x86_64/.*\\.rpm$"
|
||||
- ".*/noarch/.*\\.rpm$"
|
||||
- ".*/repodata/.*\\.sqlite.*$"
|
||||
- ".*/repodata/.*\\.xml.*$"
|
||||
- ".*/repodata/.*\\.yaml.*$"
|
||||
- ".*/install.img"
|
||||
- ".*/squashfs.img"
|
||||
- ".*/updates.img"
|
||||
- ".*/RPM-GPG-KEY-.*$"
|
||||
@@ -0,0 +1,8 @@
|
||||
base_url: https://download.ceph.com/rpm-reef/
|
||||
description: Ceph Reef 18
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 7200
|
||||
immutable_patterns:
|
||||
- ".*/x86_64/.*\\.rpm$"
|
||||
- ".*/noarch/.*\\.rpm$"
|
||||
- ".*/repodata/.*\\.xml.*$"
|
||||
@@ -0,0 +1,8 @@
|
||||
base_url: https://download.ceph.com/rpm-squid/
|
||||
description: Ceph Squid 19
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 7200
|
||||
immutable_patterns:
|
||||
- ".*/x86_64/.*\\.rpm$"
|
||||
- ".*/noarch/.*\\.rpm$"
|
||||
- ".*/repodata/.*\\.xml.*$"
|
||||
@@ -0,0 +1,8 @@
|
||||
base_url: https://download.ceph.com/rpm-tentacle/
|
||||
description: Ceph Tentacle 20
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 7200
|
||||
immutable_patterns:
|
||||
- ".*/x86_64/.*\\.rpm$"
|
||||
- ".*/noarch/.*\\.rpm$"
|
||||
- ".*/repodata/.*\\.xml.*$"
|
||||
@@ -0,0 +1,6 @@
|
||||
base_url: "https://downloads.claude.ai/claude-code/rpm/stable"
|
||||
description: "Claude Code RPM repository"
|
||||
immutable_patterns:
|
||||
- ".*/x86_64/.*\\.rpm$"
|
||||
- ".*/noarch/.*\\.rpm$"
|
||||
- ".*/repodata/.*\\.xml.*$"
|
||||
@@ -0,0 +1,11 @@
|
||||
base_url: https://gsl-syd.mm.fcix.net/epel
|
||||
description: EPEL (Extra Packages for Enterprise Linux)
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 7200
|
||||
immutable_patterns:
|
||||
- ".*/Everything/x86_64/.*\\.rpm$"
|
||||
- ".*/noarch/.*\\.rpm$"
|
||||
- ".*/repodata/.*\\.sqlite.*$"
|
||||
- ".*/repodata/.*\\.xml.*$"
|
||||
- ".*/repodata/.*\\.yaml.*$"
|
||||
- "RPM-GPG-KEY-.*$"
|
||||
@@ -0,0 +1,10 @@
|
||||
base_url: https://gsl-syd.mm.fcix.net/fedora/linux
|
||||
description: Fedora Linux RPM package repository
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 7200
|
||||
immutable_patterns:
|
||||
- "releases/.*/Everything/x86_64/.*\\.rpm$"
|
||||
- "updates/.*/Everything/x86_64/.*\\.rpm$"
|
||||
- "development/.*/Everything/x86_64/.*\\.rpm$"
|
||||
- ".*/noarch/.*\\.rpm$"
|
||||
- ".*/repodata/.*\\.xml.*$"
|
||||
@@ -0,0 +1,7 @@
|
||||
base_url: https://rpm.frrouting.org/repo
|
||||
description: FRR RPM package repository
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 7200
|
||||
immutable_patterns:
|
||||
- ".*\\.rpm$"
|
||||
- ".*/repodata/.*\\.xml.*$"
|
||||
@@ -0,0 +1,8 @@
|
||||
base_url: http://mariadb.mirror.digitalpacific.com.au/yum
|
||||
description: MariaDB RPM package repository
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 7200
|
||||
immutable_patterns:
|
||||
- ".*\\.rpm$"
|
||||
- ".*/repodata/.*\\.xml.*$"
|
||||
- ".*/RPM-GPG-KEY-.*$"
|
||||
@@ -0,0 +1,8 @@
|
||||
base_url: https://yum.voxpupuli.org
|
||||
description: OpenVox RPM package repository
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 7200
|
||||
immutable_patterns:
|
||||
- ".*\\.rpm$"
|
||||
- ".*/repodata/.*\\.xml.*$"
|
||||
- "GPG-KEY-.*$"
|
||||
@@ -0,0 +1,9 @@
|
||||
base_url: https://download.postgresql.org/pub/repos/yum
|
||||
description: PostgreSQL RPM package repository
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 7200
|
||||
immutable_patterns:
|
||||
- ".*\\.rpm$"
|
||||
- ".*/repodata/.*\\.xml.*$"
|
||||
- ".*/RPM-GPG-KEY-.*$"
|
||||
- ".*/PGDG-RPM-GPG-KEY-.*$"
|
||||
@@ -0,0 +1,8 @@
|
||||
base_url: https://rpm.rancher.io
|
||||
description: RKE2 RPM package repository
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 7200
|
||||
immutable_patterns:
|
||||
- ".*\\.rpm$"
|
||||
- ".*/repodata/.*\\.xml.*$"
|
||||
- "public.key$"
|
||||
@@ -0,0 +1,7 @@
|
||||
base_url: http://download.zfsonlinux.org
|
||||
description: ZFS RPM package repository
|
||||
immutable_ttl: 0
|
||||
mutable_ttl: 7200
|
||||
immutable_patterns:
|
||||
- ".*\\.rpm$"
|
||||
- ".*/repodata/.*\\.xml.*$"
|
||||
@@ -0,0 +1,18 @@
|
||||
package_type: helm
|
||||
description: "Virtual repository merging all helm remotes — member order is priority order for duplicate chart+version"
|
||||
members:
|
||||
- authentik
|
||||
- ceph-csi
|
||||
- cnpg
|
||||
- elastic-helm
|
||||
- external-dns
|
||||
- grafana
|
||||
- hashicorp-helm
|
||||
- intel-helm
|
||||
- jetstack
|
||||
- purelb
|
||||
- rancher-stable
|
||||
- stakater
|
||||
- traefik
|
||||
- victoriametrics
|
||||
- argo-helm
|
||||
@@ -0,0 +1,5 @@
|
||||
package_type: pypi
|
||||
description: "Virtual PyPI repository merging internal packages and upstream PyPI"
|
||||
members:
|
||||
- pypi-internal
|
||||
- pypi
|
||||
@@ -0,0 +1,31 @@
|
||||
include "root" {
|
||||
path = find_in_parent_folders("root.hcl")
|
||||
expose = true
|
||||
}
|
||||
|
||||
include "config" {
|
||||
path = "${get_repo_root()}/config/config.hcl"
|
||||
expose = true
|
||||
}
|
||||
|
||||
locals {
|
||||
config = include.config.locals.config
|
||||
}
|
||||
|
||||
terraform {
|
||||
source = "../../modules/artifactapi"
|
||||
}
|
||||
|
||||
inputs = {
|
||||
remote_alpine = local.config.remote_alpine
|
||||
remote_docker = local.config.remote_docker
|
||||
remote_generic = local.config.remote_generic
|
||||
remote_goproxy = local.config.remote_goproxy
|
||||
remote_helm = local.config.remote_helm
|
||||
remote_pypi = local.config.remote_pypi
|
||||
remote_rpm = local.config.remote_rpm
|
||||
local_terraform = local.config.local_terraform
|
||||
local_pypi = local.config.local_pypi
|
||||
local_rpm = local.config.local_rpm
|
||||
virtual = local.config.virtual
|
||||
}
|
||||
@@ -0,0 +1,26 @@
|
||||
generate "backend" {
|
||||
path = "backend.tf"
|
||||
if_exists = "overwrite"
|
||||
contents = <<EOF
|
||||
provider "artifactapi" {
|
||||
endpoint = "https://${path_relative_to_include()}"
|
||||
}
|
||||
|
||||
terraform {
|
||||
backend "consul" {
|
||||
address = "https://consul.service.consul"
|
||||
path = "infra/terraform/artifactapi/${path_relative_to_include()}/state"
|
||||
scheme = "https"
|
||||
lock = true
|
||||
ca_file = "/etc/pki/tls/certs/ca-bundle.crt"
|
||||
}
|
||||
required_version = ">= 1.10"
|
||||
required_providers {
|
||||
artifactapi = {
|
||||
source = "git.unkin.net/unkin/artifactapi"
|
||||
version = "0.1.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
EOF
|
||||
}
|
||||
@@ -0,0 +1,120 @@
|
||||
resource "artifactapi_remote_alpine" "this" {
|
||||
for_each = var.remote_alpine
|
||||
|
||||
name = each.key
|
||||
base_url = each.value.base_url
|
||||
description = each.value.description
|
||||
immutable_ttl = each.value.immutable_ttl
|
||||
mutable_ttl = each.value.mutable_ttl
|
||||
immutable_patterns = each.value.immutable_patterns
|
||||
mutable_patterns = each.value.mutable_patterns
|
||||
stale_on_error = each.value.stale_on_error
|
||||
}
|
||||
|
||||
resource "artifactapi_remote_docker" "this" {
|
||||
for_each = var.remote_docker
|
||||
|
||||
name = each.key
|
||||
base_url = each.value.base_url
|
||||
description = each.value.description
|
||||
immutable_ttl = each.value.immutable_ttl
|
||||
mutable_ttl = each.value.mutable_ttl
|
||||
patterns = each.value.patterns
|
||||
mutable_patterns = each.value.mutable_patterns
|
||||
stale_on_error = each.value.stale_on_error
|
||||
ban_tags_enabled = each.value.ban_tags_enabled
|
||||
ban_tags = each.value.ban_tags
|
||||
}
|
||||
|
||||
resource "artifactapi_remote_generic" "this" {
|
||||
for_each = var.remote_generic
|
||||
|
||||
name = each.key
|
||||
base_url = each.value.base_url
|
||||
description = each.value.description
|
||||
immutable_ttl = each.value.immutable_ttl
|
||||
mutable_ttl = each.value.mutable_ttl
|
||||
patterns = each.value.patterns
|
||||
mutable_patterns = each.value.mutable_patterns
|
||||
stale_on_error = each.value.stale_on_error
|
||||
}
|
||||
|
||||
resource "artifactapi_remote_goproxy" "this" {
|
||||
for_each = var.remote_goproxy
|
||||
|
||||
name = each.key
|
||||
base_url = each.value.base_url
|
||||
description = each.value.description
|
||||
immutable_ttl = each.value.immutable_ttl
|
||||
mutable_ttl = each.value.mutable_ttl
|
||||
stale_on_error = each.value.stale_on_error
|
||||
}
|
||||
|
||||
resource "artifactapi_remote_helm" "this" {
|
||||
for_each = var.remote_helm
|
||||
|
||||
name = each.key
|
||||
base_url = each.value.base_url
|
||||
description = each.value.description
|
||||
immutable_ttl = each.value.immutable_ttl
|
||||
mutable_ttl = each.value.mutable_ttl
|
||||
check_mutable = each.value.check_mutable
|
||||
immutable_patterns = each.value.immutable_patterns
|
||||
stale_on_error = each.value.stale_on_error
|
||||
}
|
||||
|
||||
resource "artifactapi_remote_rpm" "this" {
|
||||
for_each = var.remote_rpm
|
||||
|
||||
name = each.key
|
||||
base_url = each.value.base_url
|
||||
description = each.value.description
|
||||
immutable_ttl = each.value.immutable_ttl
|
||||
mutable_ttl = each.value.mutable_ttl
|
||||
immutable_patterns = each.value.immutable_patterns
|
||||
mutable_patterns = each.value.mutable_patterns
|
||||
stale_on_error = each.value.stale_on_error
|
||||
}
|
||||
|
||||
resource "artifactapi_remote_pypi" "this" {
|
||||
for_each = var.remote_pypi
|
||||
|
||||
name = each.key
|
||||
base_url = each.value.base_url
|
||||
description = each.value.description
|
||||
immutable_ttl = each.value.immutable_ttl
|
||||
mutable_ttl = each.value.mutable_ttl
|
||||
patterns = each.value.patterns
|
||||
mutable_patterns = each.value.mutable_patterns
|
||||
stale_on_error = each.value.stale_on_error
|
||||
}
|
||||
|
||||
resource "artifactapi_local_terraform" "this" {
|
||||
for_each = var.local_terraform
|
||||
|
||||
name = each.key
|
||||
description = each.value.description
|
||||
}
|
||||
|
||||
resource "artifactapi_local_pypi" "this" {
|
||||
for_each = var.local_pypi
|
||||
|
||||
name = each.key
|
||||
description = each.value.description
|
||||
}
|
||||
|
||||
resource "artifactapi_local_rpm" "this" {
|
||||
for_each = var.local_rpm
|
||||
|
||||
name = each.key
|
||||
description = each.value.description
|
||||
}
|
||||
|
||||
resource "artifactapi_virtual" "this" {
|
||||
for_each = var.virtual
|
||||
|
||||
name = each.key
|
||||
package_type = each.value.package_type
|
||||
description = each.value.description
|
||||
members = each.value.members
|
||||
}
|
||||
@@ -0,0 +1,131 @@
|
||||
variable "remote_alpine" {
|
||||
description = "Map of Alpine remote repositories"
|
||||
type = map(object({
|
||||
base_url = string
|
||||
description = optional(string, "")
|
||||
immutable_ttl = optional(number, 0)
|
||||
mutable_ttl = optional(number, 7200)
|
||||
immutable_patterns = optional(list(string), [])
|
||||
mutable_patterns = optional(list(string), [])
|
||||
stale_on_error = optional(bool, true)
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "remote_docker" {
|
||||
description = "Map of Docker remote repositories"
|
||||
type = map(object({
|
||||
base_url = string
|
||||
description = optional(string, "")
|
||||
immutable_ttl = optional(number, 0)
|
||||
mutable_ttl = optional(number, 300)
|
||||
patterns = optional(list(string), [])
|
||||
mutable_patterns = optional(list(string), [])
|
||||
stale_on_error = optional(bool, true)
|
||||
ban_tags_enabled = optional(bool, false)
|
||||
ban_tags = optional(list(string), [])
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "remote_generic" {
|
||||
description = "Map of generic remote repositories"
|
||||
type = map(object({
|
||||
base_url = string
|
||||
description = optional(string, "")
|
||||
immutable_ttl = optional(number, 0)
|
||||
mutable_ttl = optional(number, 7200)
|
||||
patterns = optional(list(string), [])
|
||||
mutable_patterns = optional(list(string), [])
|
||||
stale_on_error = optional(bool, true)
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "remote_goproxy" {
|
||||
description = "Map of Go module proxy remote repositories"
|
||||
type = map(object({
|
||||
base_url = string
|
||||
description = optional(string, "")
|
||||
immutable_ttl = optional(number, 0)
|
||||
mutable_ttl = optional(number, 300)
|
||||
stale_on_error = optional(bool, true)
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "remote_helm" {
|
||||
description = "Map of Helm chart remote repositories"
|
||||
type = map(object({
|
||||
base_url = string
|
||||
description = optional(string, "")
|
||||
immutable_ttl = optional(number, 0)
|
||||
mutable_ttl = optional(number, 3600)
|
||||
check_mutable = optional(bool, true)
|
||||
immutable_patterns = optional(list(string), [])
|
||||
stale_on_error = optional(bool, true)
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "remote_rpm" {
|
||||
description = "Map of RPM remote repositories"
|
||||
type = map(object({
|
||||
base_url = string
|
||||
description = optional(string, "")
|
||||
immutable_ttl = optional(number, 0)
|
||||
mutable_ttl = optional(number, 7200)
|
||||
immutable_patterns = optional(list(string), [])
|
||||
mutable_patterns = optional(list(string), [])
|
||||
stale_on_error = optional(bool, true)
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "remote_pypi" {
|
||||
description = "Map of PyPI remote repositories"
|
||||
type = map(object({
|
||||
base_url = string
|
||||
description = optional(string, "")
|
||||
immutable_ttl = optional(number, 0)
|
||||
mutable_ttl = optional(number, 3600)
|
||||
patterns = optional(list(string), [])
|
||||
mutable_patterns = optional(list(string), [])
|
||||
stale_on_error = optional(bool, true)
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "local_pypi" {
|
||||
description = "Map of local PyPI repositories"
|
||||
type = map(object({
|
||||
description = optional(string, "")
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "local_rpm" {
|
||||
description = "Map of local RPM repositories"
|
||||
type = map(object({
|
||||
description = optional(string, "")
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "local_terraform" {
|
||||
description = "Map of local Terraform repositories"
|
||||
type = map(object({
|
||||
description = optional(string, "")
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "virtual" {
|
||||
description = "Map of virtual repositories"
|
||||
type = map(object({
|
||||
package_type = string
|
||||
description = optional(string, "")
|
||||
members = list(string)
|
||||
}))
|
||||
default = {}
|
||||
}
|
||||
Reference in New Issue
Block a user