kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-10 04:49:19 -08:00
Code Issues Projects Releases Packages Wiki Activity

Syncing goliath configs

Browse source
This commit is contained in:
Kat Inskip 2023-06-16 10:04:24 -07:00
parent f1eb1f6620
commit ba6ca38613
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
19 changed files with 225 additions and 94 deletions
Download patch file Download diff file Expand all files Collapse all files

2
cluster/.envrc Normal file
View file

@ -0,0 +1,2 @@
sops -d ./cluster.tfvars.sops > cluster.tfvars
export TF_CLI_ARGS="--var-file=cluster.tfvars"

1
cluster/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
cluster.tfvars

75
cluster/authentik.tf Normal file
View file

@ -0,0 +1,75 @@
variable "authentik_postgresql_password" {
type = string
}
variable "authentik_secret_key" {
type = string
}
resource "helm_release" "authentik" {
depends_on = [
helm_release.local_path_provisioner
]
name = "authentik"
repository = "https://charts.goauthentik.io"
chart = "authentik"
create_namespace = true
namespace = "authentik"
timeout = var.helm_timeout
cleanup_on_fail = true
force_update = true
values = [
yamlencode({
authentik = {
secret_key = var.authentik_secret_key
error_reporting = {
enabled = true
}
postgresql = {
password = var.authentik_postgresql_password
}
}
redis = {
enabled = true
master = {
persistence = {
enabled = true
storageClass = "local-path"
accessModes = [
"ReadWriteOnce"
]
}
}
}
postgresql = {
enabled = true
password = var.authentik_postgresql_password
postgresqlPassword = var.authentik_postgresql_password
persistence = {
enabled = true
storageClass = "local-path"
accessModes = [
"ReadWriteOnce"
]
}
}
ingress = {
enabled = true
hosts = [
{
host = "auth.inskip.me"
paths = [
{
path = "/"
pathType = "Prefix"
}
]
}
]
}
})
]
}

10
cluster/backend.tf Normal file
View file

@ -0,0 +1,10 @@
terraform {
backend "remote" {
hostname = "app.terraform.io"
organization = "kittywitch"
workspaces {
name = "infrastructure-cluster"
}
}
}

22
cluster/cluster.tfvars.sops Normal file
View file

File diff suppressed because one or more lines are too long

8
cluster/local-path-provisioner.tf
View file

@ -1,5 +1,5 @@
resource "helm_release" "local_path_provisioner" {
name = "local-path-provisioner"
name = "local-path-storage"
repository = "${path.module}/lpp/deploy/chart"
chart = "local-path-provisioner"
create_namespace = true
@ -8,4 +8,10 @@ resource "helm_release" "local_path_provisioner" {
timeout = var.helm_timeout
cleanup_on_fail = true
force_update = true
values = [yamlencode({
storageClass = {
defaultClass = true
}
})]
}

2
cluster/pihole-deployment.tf
View file

@ -131,8 +131,8 @@ resource "kubernetes_deployment" "pihole" {
initial_delay_seconds = 60
period_seconds = 15
}
}
*/
}
container {
image = "ghcr.io/tailscale/tailscale:latest"

49
cluster/postgres.tf
View file

@ -1,49 +0,0 @@
variable "postgres_password" {
type = string
}
resource "kubernetes_namespace" "postgres_namespace" {
metadata {
name = "postgresql"
}
}
resource "kubernetes_secret" "postgres_auth_secret" {
depends_on = [
kubernetes_namespace.postgres_namespace
]
metadata {
name = "postgres-auth-secret"
namespace = "postgresql"
}
data = {
postgres-password = var.postgres_password
}
type = "Opaque"
}
resource "helm_release" "postgresql" {
depends_on = [
kubernetes_namespace.postgres_namespace,
kubernetes_secret.postgres_auth_secret
]
name = "postgresql"
repository = "https://charts.bitnami.com/bitnami"
chart = "postgresql"
namespace = "postgresql"
timeout = var.helm_timeout
cleanup_on_fail = true
force_update = true
set {
name = "global.storageClass"
value = "local-path"
}
set {
name = "global.postgresql.existingSecret"
value = "postgres-auth-secret"
}
}

0
cluster/prometheus.tf Normal file
View file

8
cluster/tailscale.tf
View file

@ -1,11 +1,15 @@
variable "tailscale_api_key" {
type = string
}
variable "tailnet" {
type = string
}
provider "tailscale" {
api_key = var.tailscale_api_key
tailnet = "inskip.me"
tailnet = var.tailnet
}
resource "tailscale_tailnet_key" "cluster_reusable" {