justfile

@@ -1,3 +1,4 @@
+# export TF_VAR_hetzner_token := `pass hetzner.com/tokens/suricata`
 export TF_VAR_pg_passwd := `pass pg.monotremata.xyz/terraform`
 export TF_VAR_minio_root_user := "rilla"
 export TF_VAR_minio_root_password := `pass minio.monotremata.xyz/rilla`
@@ -6,14 +7,13 @@ export LINODE_TOKEN := `pass linode.com/token`
 export VULTR_API_KEY := `pass vultr.com/api_key`
 export HETZNER_DNS_API_TOKEN := `pass hetzner.com/tokens/terraform`
 
-export MINIO_ENDPOINT := "minio.monotremata.xyz:443"
+minio_access_key := `pass minio.monotremata.xyz/terraform/access_key`
-export MINIO_USER := `pass minio.monotremata.xyz/terraform/access_key`
+minio_secret_key := `pass minio.monotremata.xyz/terraform/secret_key`
-export MINIO_PASSWORD := `pass minio.monotremata.xyz/terraform/secret_key`
 
 init:
     terraform init \
-        -backend-config="access_key=$(pass minio.monotremata.xyz/terraform/access_key)" \
+        -backend-config="access_key={{minio_access_key}}" \
-        -backend-config="secret_key=$(pass minio.monotremata.xyz/terraform/secret_key)"
+        -backend-config="secret_key={{minio_secret_key}}"
 
 plan *ARGS:
     terraform plan {{ARGS}}

main.tf

@@ -9,51 +9,23 @@ terraform {
     skip_metadata_api_check     = true
     skip_region_validation      = true
   }
-  required_providers {
-    kubernetes = {
-      source  = "hashicorp/kubernetes"
-      version = ">= 2.20.0"
-    }
-    helm = {
-      source  = "hashicorp/helm"
-      version = ">= 2.9.0"
-    }
-    minio = {
-      source  = "aminueza/minio"
-      version = ">= 1.15.2"
-    }
-    linode = {
-      source  = "linode/linode"
-      version = ">= 1.29.0"
-    }
-    hetznerdns = {
-      source  = "timohirt/hetznerdns"
-      version = ">=2.2.0"
-    }
-    postgresql = {
-      source  = "cyrilgdn/postgresql"
-      version = ">= 1.19.0"
-    }
-  }
 }
 
-provider "kubernetes" {
+#module "cert-manager" {
-  config_path = "~/.kube/config"
+#  source          = "./modules/cert-manager"
-}
+#  hetzner_token   = var.hetzner_token
+#  email           = var.email
+#  zone_name       = var.zone_name
+#  dns_common_name = var.dns_common_name
+#  dns_names       = var.dns_names
+#}
 
-provider "helm" {
+module "postgresql" {
-  kubernetes {
+  source   = "./modules/postgresql"
-    config_path = "~/.kube/config"
+  host     = "pg.monotremata.xyz"
-  }
-}
-
-provider "minio" {
-  minio_ssl = true
-}
-
-provider "postgresql" {
-  username = "terraform"
   password = var.pg_passwd
+  username = "terraform"
+  db_owner = "rilla"
 }
 
 module "dns" {
@@ -107,11 +79,3 @@ module "minio" {
   minio_console_url   = "minio-console.monotremata.xyz"
   minio_host_path     = "/mnt/k3s_volumes/minio"
 }
-
-module "minio_buckets" {
-  source = "./modules/minio_buckets"
-  providers = {
-    minio = minio
-  }
-  depends_on = [module.minio]
-}

modules/cert-manager/main.tf

@@ -11,6 +11,16 @@ terraform {
   }
 }
 
+provider "kubernetes" {
+  config_path = "~/.kube/config"
+}
+
+provider "helm" {
+  kubernetes {
+    config_path = "~/.kube/config"
+  }
+}
+
 resource "helm_release" "cert-manager" {
   name             = "cert-manager"
   chart            = "cert-manager"
@@ -46,6 +56,40 @@ resource "kubernetes_secret" "hetzner-token" {
   }
 }
 
+#resource "kubernetes_manifest" "clusterissuer_letsencrypt_staging" {
+#  manifest = {
+#    apiVersion = "cert-manager.io/v1"
+#    kind       = "ClusterIssuer"
+#    metadata = {
+#      name = "letsencrypt-staging"
+#    }
+#    spec = {
+#      acme = {
+#        email = var.email
+#        privateKeySecretRef = {
+#          name = "letsencrypt-staging-account-key"
+#        }
+#        server = var.letsencrypt_servers.staging
+#        solvers = [
+#          {
+#            dns01 = {
+#              webhook = {
+#                config = {
+#                  apiUrl     = var.hetzner_dns_api
+#                  secretName = kubernetes_secret.hetzner-token.metadata[0].name
+#                  zoneName   = var.zone_name
+#                }
+#                groupName  = var.group_name
+#                solverName = "hetzner"
+#              }
+#            }
+#          }
+#        ]
+#      }
+#    }
+#  }
+#}
+
 resource "kubernetes_manifest" "clusterissuer_letsencrypt" {
   manifest = {
     apiVersion = "cert-manager.io/v1"

modules/minio/main.tf

@@ -7,6 +7,10 @@ terraform {
   }
 }
 
+provider "kubernetes" {
+  config_path = "~/.kube/config"
+}
+
 # terraform import module.minio.kubernetes_namespace.minio_namespace minio
 resource "kubernetes_namespace" "minio_namespace" {
   metadata {

modules/minio_buckets/main.tf

@@ -1,13 +0,0 @@
-terraform {
-  required_providers {
-    minio = {
-      source  = "aminueza/minio"
-      version = ">= 1.15.2"
-    }
-  }
-}
-
-resource "minio_s3_bucket" "state_terraform_s3" {
-  bucket = "terraform"
-  acl    = "private"
-}

modules/postgresql/main.tf

@@ -7,6 +7,13 @@ terraform {
   }
 }
 
+provider "postgresql" {
+  host     = var.host
+  port     = var.port
+  username = var.username
+  password = var.password
+}
+
 resource "postgresql_database" "terraform_backend_db" {
   name            = "terraform_backend"
   owner           = var.db_owner

modules/postgresql/variables.tf

@@ -1,3 +1,14 @@
+variable "host" {
+  type        = string
+  description = "postgresql host"
+}
+
+variable "port" {
+  type        = number
+  description = "postgresql post"
+  default     = 5432
+}
+
 variable "password" {
   type        = string
   description = "postgresql password"

variables.tf

@@ -1,3 +1,9 @@
+#variable "hetzner_token" {
+#  type        = string
+#  description = "hetzner dns token"
+#  sensitive   = true
+#}
+
 variable "email" {
   type        = string
   description = "email for letsencrypt registration"