commit 19da0edb178bd7e0c0eea657105eafa237fa694f Author: Nyaaan Date: Thu Dec 21 22:20:47 2023 +1100 first commit diff --git a/.env.sample b/.env.sample new file mode 100644 index 0000000..411a2fd --- /dev/null +++ b/.env.sample @@ -0,0 +1,8 @@ +TF_BKEND_bucket=tofu +TF_BKEND_key=states/gitea +TF_BKEND_region=us-east-1 +TF_BKEND_access_key=AccessKeyHere +TF_BKEND_secret_key=SecreteKeyHere +TF_BKEND_endpoint=http://minio:9000 +TF_BKEND_skip_credentials_validation=true +TF_BKEND_force_path_style=true \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..8b1ee36 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +.terraform/ +*.tfstate* +.env +/*.tfvars.json \ No newline at end of file diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..b9f9dda --- /dev/null +++ b/Makefile @@ -0,0 +1,35 @@ +#!make +include .env +export + +init: + tofu init \ + -backend-config="bucket=${TF_BKEND_bucket}" \ + -backend-config="key=${TF_BKEND_key}" \ + -backend-config="region=${TF_BKEND_region}" \ + -backend-config="access_key=${TF_BKEND_access_key}" \ + -backend-config="secret_key=${TF_BKEND_secret_key}" \ + -backend-config="endpoint=${TF_BKEND_endpoint}" \ + -backend-config="skip_credentials_validation=${TF_BKEND_skip_credentials_validation}" \ + -backend-config="force_path_style=${TF_BKEND_force_path_style}" +init_reconfig: + printenv + tofu init -reconfigure \ + -backend-config="bucket=${TF_BKEND_bucket}" \ + -backend-config="key=${TF_BKEND_key}" \ + -backend-config="region=${TF_BKEND_region}" \ + -backend-config="access_key=${TF_BKEND_access_key}" \ + -backend-config="secret_key=${TF_BKEND_secret_key}" \ + -backend-config="endpoint=${TF_BKEND_endpoint}" \ + -backend-config="skip_credentials_validation=${TF_BKEND_skip_credentials_validation}" \ + -backend-config="force_path_style=${TF_BKEND_force_path_style}" + +gitea_vultr_json: + bash merge_vars.sh vultr gitea_vultr.tfvars.json + +gitea_vultr: gitea_vultr_json + tofu workspace select gitea_vultr + tofu apply -var-file=gitea_vultr.tfvars.json +gitea_vultr_plan: gitea_vultr_json + tofu workspace select gitea_vultr + tofu plan -var-file=gitea_vultr.tfvars.json \ No newline at end of file diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..35a5c32 --- /dev/null +++ b/main.tf @@ -0,0 +1,90 @@ +terraform { + required_providers { + gitea = { + source = "go-gitea/gitea" + version = "0.3.0" + } + } + backend "s3" { + } +} + +provider "gitea" { + base_url = var.gitea_url # optionally use GITEA_BASE_URL env var + token = var.gitea_token # optionally use GITEA_TOKEN env var + + # Username/Password authentication is mutally exclusive with token authentication + # username = var.username # optionally use GITEA_USERNAME env var + # password = var.password # optionally use GITEA_PASSWORD env var + + # If you are running a gitea instance with self signed TLS certificates + # and you want to disable certificate validation you can deactivate it with this flag + insecure = false +} + +locals { + orgs = [ + for org in var.orgs : [ + { + name = org.name + full_name = org.full_name + description = org.description + visibility = org.visibility + website = org.website + } + ] + ] + + repos = [ + for repo in var.repos : [ + { + username = repo.username + name = repo.name + description = repo.description + mirror = try(repo.mirror, false) + migration_clone_addresse = try(repo.mirror, false) ? repo.migration_clone_addresse : "" + migration_service = try(repo.mirror, false) ? repo.migration_service : "" + migration_service_auth_token = try(repo.mirror, false) ? repo.migration_service_auth_token : "" + private = repo.private + website = repo.website + migration_mirror_interval = try(repo.migration_mirror_interval,"1h0m0s") + + # If it's a mirror we set to false as it's not actually needed + auto_init = try(repo.mirror, false) ? false : try(repo.auto_init, false) + } + ] + ] + + users = [ + for user in var.users : [ + { + username = user.username + login_name = user.login_name + password = user.password + email = user.email + must_change_password = user.must_change_password + active = user.active + admin = user.admin + allow_create_organization = user.allow_create_organization + allow_git_hook = user.allow_git_hook + allow_import_local = user.allow_import_local + description = user.description + force_password_change = user.force_password_change + full_name = user.full_name + location = user.location + max_repo_creation = user.max_repo_creation + prohibit_login = user.prohibit_login + restricted = user.restricted + send_notification = user.send_notification + visibility = user.visibility + } + ] + ] +} +// We need to Flatten it before using it +locals { + orgs_instances = flatten(local.orgs) + repos_instances = flatten(local.repos) + users_instances = flatten(local.users) +} + diff --git a/merge_vars.sh b/merge_vars.sh new file mode 100644 index 0000000..2f4f349 --- /dev/null +++ b/merge_vars.sh @@ -0,0 +1,22 @@ +#!/bin/env bash +# Params: +# 1 Vars Folder +# 2 Destination File + +folder=$1 +destination=$2 +# Get "Root Params" like gitea instance +gitea=$(cat vars/${folder}/gitea.tfvars.json) + +# parse all json files for org/repo/users +orgs=$(jq -n '{ orgs: [ inputs.orgs ] | add }' vars/${folder}/*) +repos=$(jq -n '{ repos: [ inputs.repos ] | add }' vars/${folder}/*) +users=$(jq -n '{ users: [ inputs.users ] | add }' vars/${folder}/*) + +# merge everything into 1 json file +array1=$(echo $gitea $orgs | jq -s '.[0] * .[1]') +array1=$(echo $array1 $repos | jq -s '.[0] * .[1]') +array1=$(echo $array1 $users | jq -s '.[0] * .[1]') + +# output +echo $array1 > $destination \ No newline at end of file diff --git a/orgs.tf b/orgs.tf new file mode 100644 index 0000000..26132f5 --- /dev/null +++ b/orgs.tf @@ -0,0 +1,11 @@ +resource "gitea_org" "org" { + for_each = { + for org in local.orgs_instances: + org.name => org + } + name = each.value.name + full_name = each.value.full_name + description = each.value.description + visibility = each.value.visibility + website = each.value.website +} \ No newline at end of file diff --git a/repo.tf b/repo.tf new file mode 100644 index 0000000..b9ce13b --- /dev/null +++ b/repo.tf @@ -0,0 +1,16 @@ +resource "gitea_repository" "repo" { + for_each = { + for repo in local.repos_instances: + format("%v/%v",repo.username, repo.name) => repo + } + + username= each.value.username + name = each.value.name + description = each.value.description + mirror = each.value.mirror + migration_clone_addresse = each.value.migration_clone_addresse + migration_service = each.value.migration_service + migration_service_auth_token = each.value.migration_service_auth_token + private = each.value.private + auto_init = each.value.auto_init +} \ No newline at end of file diff --git a/users.tf b/users.tf new file mode 100644 index 0000000..cc11980 --- /dev/null +++ b/users.tf @@ -0,0 +1,26 @@ +resource "gitea_user" "user" { + for_each = { + for user in local.users_instances: + user.username => user + } + + username = each.value.username + login_name = each.value.login_name + password = each.value.password + email = each.value.email + must_change_password = each.value.must_change_password + active = each.value.active + admin = each.value.admin + allow_create_organization = each.value.allow_create_organization + allow_git_hook = each.value.allow_git_hook + allow_import_local = each.value.allow_import_local + description = each.value.description + force_password_change = each.value.force_password_change + full_name = each.value.full_name + location = each.value.location + max_repo_creation = each.value.max_repo_creation + prohibit_login = each.value.prohibit_login + restricted = each.value.restricted + send_notification = each.value.send_notification + visibility = each.value.visibility +} \ No newline at end of file diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..fd25c0e --- /dev/null +++ b/variables.tf @@ -0,0 +1,18 @@ +variable "gitea_url" { + description = "The URL of Gitea." +} + +variable "gitea_token" { + description = "The API Token for Gitea." +} + +variable "orgs" { + description = "The Keyfile to login to the libvirt host." +} + +variable "repos" { + description = "The Keyfile to login to the libvirt host." +} +variable "users" { + description = "The Keyfile to login to the libvirt host." +} \ No newline at end of file diff --git a/vars/_template/StackTonic.tfvars.json b/vars/_template/StackTonic.tfvars.json new file mode 100644 index 0000000..e1d8e52 --- /dev/null +++ b/vars/_template/StackTonic.tfvars.json @@ -0,0 +1,26 @@ +{ + "orgs": [ + { + "name": "StackTonic", + "full_name": "StackTonic", + "description": "Home", + "visibility": "private", + "website":"https://stacktonic.au" + } + ], + "repos": [ + { + "username":"StackTonic", + "name":"ToFu_Gitea", + "description":"Provision Gitea via OpenToFu", + "private":true, + "has_issues":true, + "has_projects": false, + "has_pull_requests": true, + "has_wiki":true, + "website": "https://stacktonic.au" + } + ], + "users": [ + ] +} \ No newline at end of file diff --git a/vars/_template/gitea.tfvars.json b/vars/_template/gitea.tfvars.json new file mode 100644 index 0000000..7b11db4 --- /dev/null +++ b/vars/_template/gitea.tfvars.json @@ -0,0 +1,4 @@ +{ + "gitea_url": "https://git.vultr.stacktonic.au", + "gitea_token": "I'mATokenHere!!" +} \ No newline at end of file diff --git a/vars/_template/renovatebot.tfvars.json b/vars/_template/renovatebot.tfvars.json new file mode 100644 index 0000000..1e2cd0f --- /dev/null +++ b/vars/_template/renovatebot.tfvars.json @@ -0,0 +1,26 @@ +{ + "users": [ + { + "username": "renovatebot", + "login_name": "renovatebot", + "password": "IamaPasswordOwO", + "email": "bot@stacktonic.au", + "must_change_password": false, + "active": true, + "admin": false, + "allow_create_organization":true, + "allow_git_hook":false, + "allow_import_local":false, + "description": "Automated dependency updates. Multi-platform and multi-language.", + "force_password_change":true, + "full_name": "renovatebot", + "location": "In the Matrix", + "max_repo_creation": -1, + "prohibit_login": false, + "restricted": false, + "send_notification": false, + "visibility": "public", + "token":true + } + ] +} \ No newline at end of file