grey/Opinionated.tf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions1

Formatting

Browse source
This commit is contained in:
Greyscale 2025-01-29 18:55:28 +01:00
parent 8e4b8a9d71
commit 5f50071fa2
Signed by: grey
GPG key ID: DDB392AE64B32D89
7 changed files with 29 additions and 17 deletions
cloud/aws/efs_file_system
security-groups.tf
products
openhaystack
inputs.tf
quassel
inputs.tfquassel.tf
traefik
outputs.tf
unifi/magic-forward
magic_forward.tf
utils/identity
locals.tf

6
cloud/aws/efs_file_system/security-groups.tf
View file

@ -13,7 +13,7 @@ resource "aws_security_group" "efs" {
}) })
} }
resource "aws_vpc_security_group_ingress_rule" "nfs" { resource "aws_vpc_security_group_ingress_rule" "nfs" {
description = "Allow NFS traffic from EFS" description = "Allow NFS traffic from EFS"
ip_protocol = "tcp" ip_protocol = "tcp"
from_port = 2049 from_port = 2049
to_port = 2049 to_port = 2049
@ -24,7 +24,7 @@ resource "aws_vpc_security_group_ingress_rule" "nfs" {
}) })
} }
resource "aws_vpc_security_group_egress_rule" "nfs" { resource "aws_vpc_security_group_egress_rule" "nfs" {
description = "Allow NFS traffic to EFS" description = "Allow NFS traffic to EFS"
ip_protocol = "tcp" ip_protocol = "tcp"
from_port = 2049 from_port = 2049
to_port = 2049 to_port = 2049
@ -38,7 +38,7 @@ resource "aws_vpc_security_group_egress_rule" "nfs" {
# checkov:skip=CKV_AWS_25: checkov is mis-detecting this as exposing port 3389 to 0.0.0.0 # checkov:skip=CKV_AWS_25: checkov is mis-detecting this as exposing port 3389 to 0.0.0.0
# checkov:skip=CKV_AWS_260: checkov is mis-detecting this as exposing port 80 to 0.0.0.0 # checkov:skip=CKV_AWS_260: checkov is mis-detecting this as exposing port 80 to 0.0.0.0
resource "aws_vpc_security_group_ingress_rule" "ping" { resource "aws_vpc_security_group_ingress_rule" "ping" {
description = "Allow ping" description = "Allow ping"
ip_protocol = "icmp" ip_protocol = "icmp"
from_port = 0 from_port = 0
to_port = 0 to_port = 0

2
products/openhaystack/inputs.tf
View file

@ -9,7 +9,7 @@ variable "networks" {
})) }))
default = [] default = []
description = "A list of network names to attach the service to." description = "A list of network names to attach the service to."
}/* } /*
variable "ports" { variable "ports" {
type = list(object({ type = list(object({
host = optional(number) host = optional(number)

14
products/quassel/inputs.tf
View file

@ -1,7 +1,7 @@
variable "enable" { variable "enable" {
type = bool type = bool
description = "Whether to enable the service." description = "Whether to enable the service."
default = true default = true
} }
variable "quassel_image" { variable "quassel_image" {
default = "lscr.io/linuxserver/quassel-core" default = "lscr.io/linuxserver/quassel-core"
@ -22,4 +22,12 @@ variable "placement_constraints" {
default = [] default = []
type = list(string) type = list(string)
description = "Docker Swarm placement constraints" description = "Docker Swarm placement constraints"
}
variable "ports" {
default = [{host=4242, container=4242}]
type = list(object({
host = number
container = number
}))
description = "Ports to expose on the service. Default is port 4242."
} }

7
products/quassel/quassel.tf
View file

@ -4,17 +4,18 @@ module "network" {
} }
module "postgres" { module "postgres" {
source = "../postgres" source = "../postgres"
enable = var.enable enable = var.enable
postgres_version = "16" postgres_version = "16"
stack_name = var.stack_name stack_name = var.stack_name
networks = [module.network] networks = [module.network]
username = "postgres" username = "postgres"
database = "postgres" database = "postgres"
placement_constraints = var.placement_constraints placement_constraints = var.placement_constraints
ports = [{ container = 5432 }]
} }
module "service" { module "service" {
source = "../../docker/service" source = "../../docker/service"
enable = var.enable enable = var.enable
image = "${var.quassel_image}:${var.quassel_version}" image = "${var.quassel_image}:${var.quassel_version}"
stack_name = var.stack_name stack_name = var.stack_name
service_name = "quassel" service_name = "quassel"
@ -32,6 +33,6 @@ module "service" {
AUTH_AUTHENTICATOR = "Database" AUTH_AUTHENTICATOR = "Database"
} }
placement_constraints = var.placement_constraints placement_constraints = var.placement_constraints
ports = [{ container = 4242, host = 4242 }] ports = var.ports
converge_enable = false # @todo MB: add healthcheck and fix this. converge_enable = false # @todo MB: add healthcheck and fix this.
} }

3
products/traefik/outputs.tf
View file

@ -6,4 +6,7 @@ output "docker_network" {
} }
output "endpoint" { output "endpoint" {
value = module.traefik.endpoint value = module.traefik.endpoint
}
output "hello_endpoint" {
value = try(module.traefik_hello[0].endpoint, null)
} }

10
products/unifi/magic-forward/magic_forward.tf
View file

@ -1,8 +1,8 @@
module "port_forward" { module "port_forward" {
source = "../port-forward" source = "../port-forward"
enabled = var.enabled enabled = var.enabled
label = var.label label = var.label
port = var.port != null ? var.port : var.docker_service.endpoint_spec[0].ports[0].published_port port = var.port != null ? var.port : var.docker_service.endpoint_spec[0].ports[0].published_port
ip = var.target.fixed_ip ip = var.target.fixed_ip
protocol = var.protocol protocol = var.protocol
} }

4
utils/identity/locals.tf
View file

@ -1,4 +1,4 @@
locals { locals {
username = var.username != null ? var.username : random_pet.username[0].id username = var.username != null ? var.username : random_pet.username[0].id
password = var.password != null ? nonsensitive(var.password) : nonsensitive(random_password.password[0].result) password = var.password != null ? nonsensitive(var.password) : nonsensitive(random_password.password[0].result)
} }