feat(infra): showcase the declarative bucket feature

Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
feat(infra): add S3 declarative buckets
2024-10-10 17:59:00 +02:00 · 2024-10-10 17:59:00 +02:00
2 changed files with 55 additions and 0 deletions
--- a/terranix/default.nix
+++ b/terranix/default.nix
@ -2,5 +2,6 @@
  imports = [
    ./common.nix
    ./state.nix
    ./s3.nix
  ];
 }
--- a/terranix/s3.nix
+++ b/terranix/s3.nix
@ -0,0 +1,54 @@
 { lib, ... }:
 let
  inherit (lib) tf;
 in
 {
  # FIXME: add a NixOS module to abstract bucket creation, etc.
  config = {
    terraform.required_providers.garage = {
      version = "~> 1.0.3";
      source = "registry.opentofu.org/RaitoBezarius/garage";
    };
    resource = {
      secret_resource.admin-s3-token.lifecycle.prevent_destroy = true;
      garage_bucket = {
        monorepo-terraform-state = { };
        impress-raito-demo = { };
      };
      garage_bucket_global_alias = {
        monorepo-terraform-state = {
          bucket_id = tf.ref "resource.garage_bucket.monorepo-terraform-state.id";
          alias = "monorepo-terraform-state";
        };
        impress-raito-demo = {
          bucket_id = tf.ref "resource.garage_bucket.impress-raito-demo.id";
          alias = "impress-raito-demo";
        };
      };
      garage_key = {
        raito-dinum-test = {
          name = "raito-dinum-test";
          permissions.create_bucket = false;
        };
      };
      garage_bucket_key = {
        raito-dinum-test = {
          bucket_id = tf.ref "resource.garage_bucket.impress-raito-demo.id";
          access_key_id = tf.ref "resource.garage_key.raito-dinum-test.access_key_id";
          read = true;
          write = true;
          owner = true;
        };
      };
    };
    provider.garage = {
      host = "s3-admin.dgnum.eu";
      scheme = "https";
      token = tf.ref "resource.secret_resource.admin-s3-token.value";
    };
  };
 }
Author	SHA1	Message	Date
Ryan Lahfa	2ce8c125d4	feat(infra): showcase the declarative bucket feature All checks were successful Check meta / check_dns (pull_request) Successful in 20s Details Check meta / check_meta (pull_request) Successful in 20s Details lint / check (push) Successful in 28s Details lint / check (pull_request) Successful in 24s Details build configuration / build_and_cache_compute01 (pull_request) Successful in 1m30s Details build configuration / build_and_cache_geo01 (pull_request) Successful in 1m9s Details build configuration / build_and_cache_storage01 (pull_request) Successful in 1m17s Details build configuration / build_and_cache_rescue01 (pull_request) Successful in 1m15s Details build configuration / build_and_cache_krz01 (pull_request) Successful in 2m7s Details build configuration / build_and_cache_geo02 (pull_request) Successful in 1m8s Details build configuration / build_and_cache_vault01 (pull_request) Successful in 1m22s Details build configuration / build_and_cache_bridge01 (pull_request) Successful in 1m5s Details build configuration / build_and_cache_web02 (pull_request) Successful in 1m15s Details build configuration / build_and_cache_web01 (pull_request) Successful in 1m45s Details Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>	2024-10-10 17:59:00 +02:00
Ryan Lahfa	3e6a3afd95	feat(infra): add S3 declarative buckets A very simple basic support for it, which requires a S3 admin token. Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>	2024-10-10 17:59:00 +02:00