feat: initial terraform-git project

Manage Gitea resources via Terraform/Terragrunt with YAML-driven config.

Resources managed:
- Organisation (unkin)
- 28 repositories with settings
- 6 teams with members
- 13 branch protection rules
- 9 Woodpecker CI repo activations
- Deploy key module (ready, no keys yet)

Config structure: config/<service>/<org>/<type>/<object>.yaml
Consul backend for state, Vault for auth tokens.
This commit is contained in:
2026-06-10 23:31:19 +10:00
parent a0c1f3e630
commit c87b3ac471
66 changed files with 1413 additions and 0 deletions
+25
View File
@@ -0,0 +1,25 @@
include "root" {
path = find_in_parent_folders("root.hcl")
expose = true
}
include "config" {
path = "${get_repo_root()}/config/config.hcl"
expose = true
}
locals {
config = include.config.locals.config
}
terraform {
source = "../../../modules/gitea_instance"
}
inputs = {
organisation = local.config.organisation
repository = local.config.repository
branch_protection = local.config.branch_protection
deploy_key = local.config.deploy_key
team = local.config.team
}
+39
View File
@@ -0,0 +1,39 @@
generate "backend" {
path = "backend.tf"
if_exists = "overwrite"
contents = <<EOF
provider "gitea" {
base_url = "https://git.unkin.net"
cacert_file = "/etc/pki/tls/certs/ca-bundle.crt"
}
provider "woodpecker" {
server = "https://ci.k8s.syd1.au.unkin.net"
}
terraform {
backend "consul" {
address = "https://consul.service.consul"
path = "infra/terraform/git/${path_relative_to_include()}/state"
scheme = "https"
lock = true
ca_file = "/etc/pki/tls/certs/ca-bundle.crt"
}
required_version = ">= 1.10"
required_providers {
gitea = {
source = "go-gitea/gitea"
version = "0.7.0"
}
woodpecker = {
source = "Kichiyaki/woodpecker"
version = "0.5.0"
}
consul = {
source = "hashicorp/consul"
version = "2.23.0"
}
}
}
EOF
}