grey/Opinionated.tf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions1

Make sure debug files are 0600

Browse source
This commit is contained in:
Greyscale 2024-12-06 18:33:54 +01:00
parent 79931a1203
commit baf7470cb0
Signed by: grey
GPG key ID: DDB392AE64B32D89
6 changed files with 28 additions and 20 deletions
docker/config
debug.tf
products
docker_registry
registry.tf
nginx
default_page.tf
site-available
basic-auth.tfcert.tfconfig.tf

1
docker/config/debug.tf
View file

@ -2,4 +2,5 @@ resource "local_file" "config" {
count = var.debug ? 1 : 0
content = var.value
filename = "${path.root}/.debug/docker/${var.stack_name}/configs/${local.file_name}"
file_permission = "0600"
}

1
products/docker_registry/registry.tf
View file

@ -60,6 +60,7 @@ module "docker_registry_config" {
resource "local_file" "docker_registry_config_yml" {
content = yamlencode(local.registry_config_yaml)
filename = "${path.root}/.debug/docker-registry/config.yml"
file_permission = "0600"
}
# Registry Service

2
products/nginx/default_page.tf
View file

@ -8,6 +8,7 @@ resource "docker_config" "default_page" {
resource "local_file" "default_page" {
content = base64decode(docker_config.default_page.data)
filename = "${path.root}/.debug/nginx/index.html"
file_permission = "0600"
}
resource "docker_config" "default_conf" {
name = "${var.service_name}.default.conf-${substr(sha1(file("${path.module}/default.conf")), 0, 4)}"
@ -16,4 +17,5 @@ resource "docker_config" "default_conf" {
resource "local_file" "default_conf" {
content = base64decode(docker_config.default_conf.data)
filename = "${path.root}/.debug/nginx/default.conf"
file_permission = "0600"
}

1
products/nginx/site-available/basic-auth.tf
View file

@ -19,4 +19,5 @@ resource "local_file" "auth" {
count = var.basic_auth != null ? 1 : 0
content = local.auth
filename = "${path.root}/.debug/nginx/${local.filenames.auth}"
file_permission = "0600"
}

2
products/nginx/site-available/cert.tf
View file

@ -10,6 +10,7 @@ resource "local_file" "certificate" {
count = var.certificate != null ? 1 : 0
content = local.cert_public
filename = "${path.root}/.debug/nginx/${local.filenames.certificate}"
file_permission = "0600"
}
resource "docker_config" "certificate_key" {
count = var.certificate != null ? 1 : 0
@ -23,4 +24,5 @@ resource "local_file" "certificate_key" {
count = var.certificate != null ? 1 : 0
content = var.certificate.private_key_pem
filename = "${path.root}/.debug/nginx/${local.filenames.certificate_key}"
file_permission = "0600"
}

1
products/nginx/site-available/config.tf
View file

@ -74,4 +74,5 @@ resource "docker_config" "nginx_site_available" {
resource "local_file" "nginx_site_available" {
filename = "${path.root}/.debug/nginx/${local.filenames.nginx}"
content = local.config
file_permission = "0600"
}