feat(oci): add

tf/.gitignore

@@ -1 +1 @@
-tf.tfvars
+terraform.tfvars

tf/gmail.tf

@@ -7,21 +7,21 @@ locals {
 }
 
 module "inskip-gmail" {
-    source = "./gmail-dns"
+    source = "./gmail_dns"
     cloudflare_api_key = var.cloudflare_api_key
     zone_id = local.zone_ids.inskip
     zone_name = local.zones.inskip
     dkim = local.dkims.inskip
 }
 module "dork-gmail" {
-    source = "./gmail-dns"
+    source = "./gmail_dns"
     cloudflare_api_key = var.cloudflare_api_key
     zone_id = local.zone_ids.dork
     zone_name = local.zones.dork
     dkim = local.dkims.dork
 }
 module "kittywitch-gmail" {
-    source = "./gmail-dns"
+    source = "./gmail_dns"
     cloudflare_api_key = var.cloudflare_api_key
     zone_id = local.zone_ids.kittywitch
     zone_name = local.zones.kittywitch

tf/oci_common_private_network.tf

@@ -0,0 +1,15 @@
+module "oci_common_private_network" {
+  source = "./oci_common_private_network"
+
+  cidr_blocks      = [
+    "10.25.0.0/16"
+  ]
+
+  display_name     = "CoreNetwork"
+  dns_label        = "core"
+  private_key = module.oci_compartment_bootstrap.child_compartment_key_value
+  region           = var.oci_compartment_bootstrap_region
+  tenancy_ocid     = module.oci_compartment_bootstrap.child_compartment_id
+  user_ocid        = module.oci_compartment_bootstrap.child_user_id
+  fingerprint = module.oci_compartment_bootstrap.child_compartment_key_fingerprint
+}

tf/oci_common_private_network/oci_provider.tf

@@ -0,0 +1,28 @@
+variable "tenancy_ocid" {
+  type = string
+}
+
+variable "user_ocid" {
+  type = string
+}
+
+variable "private_key" {
+  type = string
+}
+
+variable "region" {
+  type = string
+}
+
+variable "fingerprint" {
+  type = string
+}
+
+# https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/terraformgettingstarted.htm
+provider "oci" {
+  tenancy_ocid = var.tenancy_ocid
+  user_ocid = var.user_ocid
+  private_key = var.private_key
+  region = var.region
+  fingerprint = var.fingerprint
+}

tf/oci_common_private_network/providers.tf

@@ -0,0 +1,14 @@
+terraform {
+  required_providers {
+    # Vendor: Hashicorp
+    tls = {
+      source = "hashicorp/tls"
+      version = "4.0.5"
+    }
+    # Vendor: Oracle
+    oci = {
+      source = "oracle/oci"
+      version = "5.45.0"
+    }
+  }
+}

tf/oci_common_private_network/vcn.tf

@@ -0,0 +1,27 @@
+variable "cidr_blocks" {
+  type = list(string)
+}
+
+variable "display_name" {
+  type = string
+}
+
+variable "dns_label" {
+  type = string
+}
+
+resource "oci_core_vcn" "this" {
+  compartment_id = var.tenancy_ocid
+
+  cidr_blocks = var.cidr_blocks
+  display_name = var.display_name
+  dns_label = var.dns_label
+}
+
+locals {
+  vcn = oci_core_vcn.this
+}
+
+output "vcn_id" {
+  value = local.vcn.id
+}

tf/oci_compartment_bootstrap.tf

@@ -0,0 +1,56 @@
+# Populate in via variables to avoid secret leakage
+
+variable "oci_compartment_bootstrap_private_key" {
+  type = string
+}
+
+variable "oci_compartment_bootstrap_region" {
+  type = string
+}
+
+variable "oci_compartment_bootstrap_tenancy_ocid" {
+  type = string
+}
+
+variable "oci_compartment_bootstrap_user_ocid" {
+  type = string
+}
+
+variable "oci_compartment_bootstrap_fingerprint" {
+  type = string
+}
+
+# OCI Compartment Bootstrap
+module "oci_compartment_bootstrap" {
+  source = "./oci_compartment_bootstrap"
+
+  private_key = var.oci_compartment_bootstrap_private_key
+  region           = var.oci_compartment_bootstrap_region
+  tenancy_ocid     = var.oci_compartment_bootstrap_tenancy_ocid
+  user_ocid        = var.oci_compartment_bootstrap_user_ocid
+  fingerprint = var.oci_compartment_bootstrap_fingerprint
+}
+
+output "oci_compartment_bootstrap_child_user_id" {
+  value = module.oci_compartment_bootstrap.child_user_id
+}
+
+output "oci_compartment_bootstrap_child_compartment_id" {
+  value = module.oci_compartment_bootstrap.child_compartment_id
+}
+
+output "oci_compartment_bootstrap_child_compartment_key_id" {
+  value = module.oci_compartment_bootstrap.child_compartment_key_id
+}
+
+output "oci_compartment_bootstrap_child_compartment_key_fingerprint" {
+  value = module.oci_compartment_bootstrap.child_compartment_key_fingerprint
+}
+
+output "oci_compartment_bootstrap_child_compartment_key_value" {
+  value = module.oci_compartment_bootstrap.child_compartment_key_value
+}
+
+output "oci_compartment_bootstrap_child_compartment_key_state" {
+  value = module.oci_compartment_bootstrap.child_compartment_key_state
+}

tf/oci_compartment_bootstrap/api_key.tf

@@ -0,0 +1,24 @@
+resource "oci_identity_api_key" "this" {
+  key_value = local.child_compartment_public_key
+  user_id = local.child_compartment_user
+}
+
+locals {
+  child_compartment_api_key = oci_identity_api_key.this
+}
+
+output "child_compartment_key_fingerprint" {
+  value = local.child_compartment_api_key.fingerprint
+}
+
+output "child_compartment_key_id" {
+  value = local.child_compartment_api_key.id
+}
+
+output "child_compartment_key_value" {
+  value = local.child_compartment_api_key.key_value
+}
+
+output "child_compartment_key_state" {
+  value = local.child_compartment_api_key.state
+}

tf/oci_compartment_bootstrap/compartment.tf

@@ -0,0 +1,15 @@
+resource "oci_identity_compartment" "this" {
+  # Compartment ID is Tenancy ID for this case
+  compartment_id = var.tenancy_ocid
+  description = "Compartment for Terraform usage"
+  name = "kittywitch-tf"
+
+}
+
+locals {
+  child_compartment_id = oci_identity_compartment.this.compartment_id
+}
+
+output "child_compartment_id" {
+  value = local.child_compartment_id
+}

tf/oci_compartment_bootstrap/oci_provider.tf

@@ -0,0 +1,28 @@
+variable "tenancy_ocid" {
+  type = string
+}
+
+variable "user_ocid" {
+  type = string
+}
+
+variable "private_key" {
+  type = string
+}
+
+variable "region" {
+  type = string
+}
+
+variable "fingerprint" {
+  type = string
+}
+
+# https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/terraformgettingstarted.htm
+provider "oci" {
+  tenancy_ocid = var.tenancy_ocid
+  user_ocid = var.user_ocid
+  private_key = var.private_key
+  region = var.region
+  fingerprint = var.fingerprint
+}

tf/oci_compartment_bootstrap/providers.tf

@@ -0,0 +1,14 @@
+terraform {
+  required_providers {
+    # Vendor: Hashicorp
+    tls = {
+      source = "hashicorp/tls"
+      version = "4.0.5"
+    }
+    # Vendor: Oracle
+    oci = {
+      source = "oracle/oci"
+      version = "5.45.0"
+    }
+  }
+}

tf/oci_compartment_bootstrap/tls.tf

@@ -0,0 +1,11 @@
+resource "tls_private_key" "this" {
+  # https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/identity_api_key#key_value
+  # "The public key. Must be an RSA key in PEM format."
+  algorithm = "RSA"
+  rsa_bits = 4096
+}
+
+locals {
+  child_compartment_private_key = tls_private_key.this.private_key_pem
+  child_compartment_public_key = tls_private_key.this.public_key_pem
+}

tf/oci_compartment_bootstrap/user.tf

@@ -0,0 +1,13 @@
+resource "oci_identity_user" "this" {
+  compartment_id = local.child_compartment_id
+  description = "The user for Terraform to use"
+  name = "terraform"
+}
+
+locals {
+  child_compartment_user = oci_identity_user.this.id
+}
+
+output "child_user_id" {
+  value = local.child_compartment_user
+}

tf/oci_servers.tf

@@ -0,0 +1,3 @@
+variable "kat_pgp_ssh_public_key" {
+  type = string
+}

tf/terraform.tf

@@ -14,13 +14,27 @@ terraform {
     }
   }
 
+  #/*
+  # Settings for local applies
+  backend "remote" {
+    hostname = "app.terraform.io"
+    organization = "kittywitch"
+    workspaces {
+      name = "nixfiles-tf"
+    }
+  }
+  #*/
+
+  /*
+  # Settings for remote applies
   cloud {
     organization = "kittywitch"
     ## Required for Terraform Enterprise; Defaults to app.terraform.io for Terraform Cloud
     hostname = "app.terraform.io"
 
     workspaces {
-      name = "kittywitch"
+      name = "nixfiles-tf"
     }
   }
+  */
 }

tf/tf.tfvars.sops

@@ -1,22 +0,0 @@
-{
-	"data": "ENC[AES256_GCM,data:ghuU/jYCme3LoCisKUQYWKfLrljg74xggAuZSp5DR67dw4Qj6OxNRNBg7cd+rTDr7zfU/CMI1HUayiN1eUKDow9V5Ozjah/mfYKDZpCbPGTfHIBtLVI0sMAUroK6d7Vq+qUJGfvQX8vlh6Zg6NzloOq/+2LUI7WAm6NW0FisVbDen7EDgU2hPsGOUgNkaK4HsVdHeecho+p8IRz4y46PPlju2ndVM/VE2rDr1SpB8a7DGprOG7IeNJlq6QwGBjaaoH00WY1u6YlhDbmNTnI4Rw/i6LQVZo/E2unaOoj4p5mTLsAcndBCSQVAhBomvzW0IZJi7rnDGhJadkSHZr+OYz4HfC34SV1HMslIqoecsxpkRWvtEsamlrhOaPjQ1tHT62xSj50BSPNOCP/O6N2jr2GdEosCp31tV49gPn6ZHoUC0hk8RjtYDexPjD3O/f7evqDF8r1fRO3dWgJDtOij+SXiqccXriqj5jL71cdUQSNQPbcK60dK8ob3XcNm86TGnYFHcRtKw9mqQ3fDXvewQYjXS+fTpp2hSqLsfUy03urpVwegVJHXaND0ETp7VVPbmhglvGsBQMmxyCY/s0tY5UetNLeXgUDHpvm6x2kuATRH2+uB+gnCvsludpGBi/5gwJXyH/S0AX0vSqTdByJwifqnLz6Vl/RNUiKI1du88xEuXNbh5rQB/4XsE3w5foCU0qzPpxbbCt1mFT/J+NF6AsG2BYi6W5n0uvkfab1VbN6aHB9/4kZ1F5molsvk1jA/kvyU1q5WiRUMuXbaM1uWH00h8Il8jx2kSWHscRWwDYcJGuUxMdF4C5EdKLygg96nFLUqNw/z,iv:S4THG9ETRR9UGBiuqSmNy/1qWdPZMBhA3TSWJPVWPI0=,tag:8PCy6/jmyhAYLbmJRY+urw==,type:str]",
-	"sops": {
-		"shamir_threshold": 1,
-		"kms": null,
-		"gcp_kms": null,
-		"azure_kv": null,
-		"hc_vault": null,
-		"age": null,
-		"lastmodified": "2024-01-12T00:13:51Z",
-		"mac": "ENC[AES256_GCM,data:1bwWzZ2sm8Qm88ovvyVRyBXSfdPuHKlQMmkIt5WdGegXOxybukMwtLOhKMYQBaWMG0IlXUtYdHAvy9yEAd6Dt5iEExmCvpgHTqqc1gjCt/y0K1iJnc1tBxbf0lIKBwfdRPWyWbf9zrXGEIC9+eeLMN0ZfHoDYX1fYTcl0WWILUE=,iv:xpZcfy6fZMRRsK1Ca4T5bH+VxKh0wg6xI8jlT6DEsPY=,tag:8ztk2Z6TI4qQ2fG0jjqcRg==,type:str]",
-		"pgp": [
-			{
-				"created_at": "2023-05-10T15:43:03Z",
-				"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA82M54yws73UARAApQ2ZwB0usOsmNHzhVKbp0usviukLvU8FXl3HjaH49d0o\nzlY/h/A5isen9oVmTe8fr2h/Et/k7QtOyEQg3a+BDxbSmeHWPENdxxmJzgFdAMx0\n91b/puuIL3RpDRzZD0MxbqGk5A3pZZuoHm1PMYgRW7M+xfHzMlOAREqxC3J+2NGX\nBk9Q6iYGem/h4l660ObWdFkkkdyfGba7vz5hUl1het/DlOA73Hdy/VN5mrc+H+KN\nOtOzBYcBsNkhjWHfoK7G666yLNsADcViKZiLHvmAvAlgQly+dUq9kO4kiQwyFI+V\nLfR+/TY73yOjk+St3MS78K4rm2ywsAPNOKUnQGcSM+Vw7/n+0z22dKmZqJmu749K\noHvhE2pIlCC/6Xt3Ft8bjlKlo+4tQo1Jtb89YQ6G8nnoFr/HvAwk01qziIvD3TTJ\nM4nhQt5pArW5i/V/7oJ7iUqKPgda2O0tl0Tmen6u/sPWU3F9CuN0I+bZae8d53Zs\nPIfSGFTsfP1ChX2mxeGJ3BR6fVskvWr88lJmILtgFEo+BjvfWT6D25rIuId5ZqKQ\ngU4MnC7JK+PH/jykT+6s21v5JXnQ4M6WvSZK1J4bs0wR0yN3JbB7pki0zlh/2a8J\nFnWBB/gCaBgyGK7CHwncM/cn6NyFUAn3r2SFjElpInGHd7dqvl9dXHJ5YzyHWEbS\nXgHDOWzI8EpfVrhIKak6ZrKEJIvhodyP7qIgBexAU4zA4CdvmuuyiqIzlRawN4J8\nRwwFHRibkIe5q3xFa/QrOuBj5pfUqdBLDkJhLHkYH756m/25Fg9kqB2tou14qDU=\n=Mfyl\n-----END PGP MESSAGE-----\n",
-				"fp": "CD8CE78CB0B3BDD4"
-			}
-		],
-		"unencrypted_suffix": "_unencrypted",
-		"version": "3.8.1"
-	}
-}