first commit

.env.sample

@@ -0,0 +1,8 @@
+TF_BKEND_bucket=tofu
+TF_BKEND_key=states/gitea
+TF_BKEND_region=us-east-1
+TF_BKEND_access_key=AccessKeyHere
+TF_BKEND_secret_key=SecreteKeyHere
+TF_BKEND_endpoint=http://minio:9000
+TF_BKEND_skip_credentials_validation=true
+TF_BKEND_force_path_style=true

.gitignore

@@ -0,0 +1,4 @@
+.terraform/
+*.tfstate*
+.env
+/*.tfvars.json

Makefile

@@ -0,0 +1,35 @@
+#!make
+include .env
+export
+
+init:
+	tofu init \
+		-backend-config="bucket=${TF_BKEND_bucket}" \
+		-backend-config="key=${TF_BKEND_key}" \
+		-backend-config="region=${TF_BKEND_region}" \
+		-backend-config="access_key=${TF_BKEND_access_key}" \
+		-backend-config="secret_key=${TF_BKEND_secret_key}" \
+		-backend-config="endpoint=${TF_BKEND_endpoint}" \
+		-backend-config="skip_credentials_validation=${TF_BKEND_skip_credentials_validation}" \
+		-backend-config="force_path_style=${TF_BKEND_force_path_style}"
+init_reconfig:
+	printenv
+	tofu init -reconfigure \
+		-backend-config="bucket=${TF_BKEND_bucket}" \
+		-backend-config="key=${TF_BKEND_key}" \
+		-backend-config="region=${TF_BKEND_region}" \
+		-backend-config="access_key=${TF_BKEND_access_key}" \
+		-backend-config="secret_key=${TF_BKEND_secret_key}" \
+		-backend-config="endpoint=${TF_BKEND_endpoint}" \
+		-backend-config="skip_credentials_validation=${TF_BKEND_skip_credentials_validation}" \
+		-backend-config="force_path_style=${TF_BKEND_force_path_style}"
+
+gitea_vultr_json:
+	bash merge_vars.sh vultr gitea_vultr.tfvars.json 
+
+gitea_vultr: gitea_vultr_json
+	tofu workspace select gitea_vultr
+	tofu apply -var-file=gitea_vultr.tfvars.json 
+gitea_vultr_plan: gitea_vultr_json
+	tofu workspace select gitea_vultr
+	tofu plan -var-file=gitea_vultr.tfvars.json 

main.tf

@@ -0,0 +1,90 @@
+terraform {
+  required_providers {
+    gitea = {
+      source = "go-gitea/gitea"
+      version = "0.3.0"
+    }
+  }
+  backend "s3" {
+  }
+}
+
+provider "gitea" {
+  base_url = var.gitea_url # optionally use GITEA_BASE_URL env var
+  token    = var.gitea_token # optionally use GITEA_TOKEN env var
+
+  # Username/Password authentication is mutally exclusive with token authentication
+  # username = var.username # optionally use GITEA_USERNAME env var
+  # password = var.password # optionally use GITEA_PASSWORD env var
+
+  # If you are running a gitea instance with self signed TLS certificates
+  # and you want to disable certificate validation you can deactivate it with this flag
+  insecure = false 
+}
+
+locals {
+  orgs = [
+    for org in var.orgs : [
+      {
+        name = org.name
+        full_name = org.full_name
+        description = org.description
+        visibility = org.visibility
+        website = org.website
+      }
+    ]
+  ]
+
+  repos = [
+    for repo in var.repos : [
+      {
+        username = repo.username
+        name = repo.name
+        description = repo.description
+        mirror = try(repo.mirror, false)
+        migration_clone_addresse = try(repo.mirror, false) ? repo.migration_clone_addresse : ""
+        migration_service = try(repo.mirror, false) ? repo.migration_service : ""
+        migration_service_auth_token = try(repo.mirror, false) ? repo.migration_service_auth_token : ""
+        private = repo.private
+        website = repo.website
+        migration_mirror_interval = try(repo.migration_mirror_interval,"1h0m0s")
+        
+        # If it's a mirror we set to false as it's not actually needed
+        auto_init = try(repo.mirror, false) ? false : try(repo.auto_init, false)
+      }
+    ]
+  ]
+
+  users = [
+    for user in var.users : [
+      {
+        username = user.username
+        login_name = user.login_name
+        password = user.password
+        email = user.email
+        must_change_password = user.must_change_password
+        active = user.active
+        admin = user.admin
+        allow_create_organization = user.allow_create_organization
+        allow_git_hook = user.allow_git_hook
+        allow_import_local = user.allow_import_local
+        description = user.description
+        force_password_change = user.force_password_change
+        full_name = user.full_name
+        location = user.location
+        max_repo_creation = user.max_repo_creation
+        prohibit_login = user.prohibit_login
+        restricted = user.restricted
+        send_notification = user.send_notification
+        visibility = user.visibility
+      }
+    ]
+  ]
+}
+// We need to Flatten it before using it
+locals {
+  orgs_instances = flatten(local.orgs)
+  repos_instances = flatten(local.repos)
+  users_instances = flatten(local.users)
+}
+

merge_vars.sh

@@ -0,0 +1,22 @@
+#!/bin/env bash
+# Params:
+# 1 Vars Folder
+# 2 Destination File
+
+folder=$1
+destination=$2
+# Get "Root Params" like gitea instance
+gitea=$(cat vars/${folder}/gitea.tfvars.json)
+
+# parse all json files for org/repo/users 
+orgs=$(jq -n '{ orgs: [ inputs.orgs ] | add }' vars/${folder}/*)
+repos=$(jq -n '{ repos: [ inputs.repos ] | add }' vars/${folder}/*)
+users=$(jq -n '{ users: [ inputs.users ] | add }' vars/${folder}/*)
+
+# merge everything into 1 json file
+array1=$(echo $gitea $orgs | jq -s '.[0] * .[1]')
+array1=$(echo $array1 $repos | jq -s '.[0] * .[1]')
+array1=$(echo $array1 $users | jq -s '.[0] * .[1]')
+
+# output
+echo $array1 > $destination

orgs.tf

@@ -0,0 +1,11 @@
+resource "gitea_org" "org" {
+  for_each = { 
+    for org in local.orgs_instances: 
+    org.name => org
+  }
+  name = each.value.name
+  full_name = each.value.full_name
+  description = each.value.description
+  visibility = each.value.visibility
+  website = each.value.website
+}

repo.tf

@@ -0,0 +1,16 @@
+resource "gitea_repository" "repo" {
+  for_each = { 
+    for repo in local.repos_instances: 
+    format("%v/%v",repo.username, repo.name)  => repo
+  }
+
+  username= each.value.username
+  name = each.value.name
+  description = each.value.description
+  mirror = each.value.mirror
+  migration_clone_addresse = each.value.migration_clone_addresse
+  migration_service = each.value.migration_service
+  migration_service_auth_token = each.value.migration_service_auth_token
+  private = each.value.private
+  auto_init = each.value.auto_init 
+}

users.tf

@@ -0,0 +1,26 @@
+resource "gitea_user" "user" {
+  for_each = { 
+    for user in local.users_instances: 
+    user.username  => user
+  }
+
+  username = each.value.username
+  login_name = each.value.login_name
+  password = each.value.password
+  email = each.value.email
+  must_change_password = each.value.must_change_password
+  active = each.value.active
+  admin = each.value.admin
+  allow_create_organization = each.value.allow_create_organization
+  allow_git_hook = each.value.allow_git_hook
+  allow_import_local = each.value.allow_import_local
+  description = each.value.description
+  force_password_change = each.value.force_password_change
+  full_name = each.value.full_name
+  location = each.value.location
+  max_repo_creation = each.value.max_repo_creation
+  prohibit_login = each.value.prohibit_login
+  restricted = each.value.restricted
+  send_notification = each.value.send_notification
+  visibility = each.value.visibility
+}

variables.tf

@@ -0,0 +1,18 @@
+variable "gitea_url" {
+  description = "The URL of Gitea."
+}
+
+variable "gitea_token" {
+  description = "The API Token for Gitea."
+}
+
+variable "orgs" {
+  description = "The Keyfile to login to the libvirt host."
+}
+
+variable "repos" {
+  description = "The Keyfile to login to the libvirt host."
+}
+variable "users" {
+  description = "The Keyfile to login to the libvirt host."
+}

vars/_template/StackTonic.tfvars.json

@@ -0,0 +1,26 @@
+{
+    "orgs": [
+        {
+            "name": "StackTonic",
+            "full_name": "StackTonic",
+            "description": "Home",
+            "visibility": "private",
+            "website":"https://stacktonic.au"
+        }
+    ],
+    "repos": [
+        {
+            "username":"StackTonic",
+            "name":"ToFu_Gitea",
+            "description":"Provision Gitea via OpenToFu",
+            "private":true,
+            "has_issues":true,
+            "has_projects": false,
+            "has_pull_requests": true,
+            "has_wiki":true,
+            "website": "https://stacktonic.au"
+        }
+    ],
+    "users": [
+    ]
+}

vars/_template/gitea.tfvars.json

@@ -0,0 +1,4 @@
+{
+    "gitea_url": "https://git.vultr.stacktonic.au",
+    "gitea_token": "I'mATokenHere!!"
+}

vars/_template/renovatebot.tfvars.json

@@ -0,0 +1,26 @@
+{
+    "users": [
+        {
+            "username": "renovatebot",
+            "login_name": "renovatebot",
+            "password": "IamaPasswordOwO",
+            "email": "bot@stacktonic.au",
+            "must_change_password": false,
+            "active": true,
+            "admin": false,
+            "allow_create_organization":true,
+            "allow_git_hook":false,
+            "allow_import_local":false,
+            "description": "Automated dependency updates. Multi-platform and multi-language.",
+            "force_password_change":true,
+            "full_name": "renovatebot",
+            "location": "In the Matrix",
+            "max_repo_creation": -1,
+            "prohibit_login": false,
+            "restricted": false,
+            "send_notification": false,
+            "visibility": "public",
+            "token":true
+        }
+    ]
+}