tjo-cloud/ingress
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: service account

Browse source
This commit is contained in:
Tine 2024-09-20 21:32:17 +02:00
parent 331af88869
commit a9639a9340
Signed by: mentos1386
SSH key fingerprint: SHA256:MNtTsLbihYaWF8j1fkOHfkKNlnN1JQfxEU/rBU8nCGw
4 changed files with 43 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
terraform/.terraform.lock.hcl
View file

@ -48,6 +48,28 @@ provider "registry.opentofu.org/digitalocean/digitalocean" {
] ]
} }
provider "registry.opentofu.org/goauthentik/authentik" {
version = "2024.8.3"
constraints = "2024.8.3"
hashes = [
"h1:NiXi1gn1BH2tk1MIqgl6hQotwVe8FN8RJqvE7ix+EWs=",
"zh:1d2d165662d36dae0aacb478a6bae055546979dea58ee3762dd7d398b7f60e8c",
"zh:3a118d3c123eab3e26c33821607d2f70f9e317d3d33289f9d615e4b6d353b877",
"zh:3fa67bd9c64c1277a107205becdbd2d35649aeb97b591bc8a5bdd8444164f754",
"zh:40bbc8a31e7568ad68100620aa229fbb1837846b79ad8a468bf486b519d19c8c",
"zh:4ffb5344ae5ec44edf0f5c92f600455a731683b13b7a322760153eb53ff544af",
"zh:5b52f1268ca28b7c6869e69363ffff139d965fab0ae7d2e1158688cb076a7298",
"zh:7c598a517e358eb4a83d0805845e6e8b1aa9320143d225fc14d6987e8dd12506",
"zh:843627dd43a5df89f907ccd499b7264e00df0e1269dccec0738f1d5efb5db969",
"zh:8604f50738667066406c31775a32497eca69f52a085bcd14862736b1d0183de1",
"zh:9de948d1df56fe6a6eb4279c704554ea70f8791b6dbd301a3432ab7859718360",
"zh:9f95520468bf49ae11e9d2493cafdb99910faeac34bb25586105e5326461949b",
"zh:d25048f3cbe96981dc72894c7ceae839846c240e2c270909aaf93cdf8af75a14",
"zh:e2e72159b9a1d91c7bd4eb62e09eaf7440478a493d853cb3aa3076b9acd8793b",
"zh:f6af0fd2e89ea7b7e692ef893cf5fdcc6f53c37fc0c6e066a28d9c834226c539",
]
}
provider "registry.opentofu.org/hashicorp/dns" { provider "registry.opentofu.org/hashicorp/dns" {
version = "3.4.1" version = "3.4.1"
constraints = "~> 3.4.1" constraints = "~> 3.4.1"

8
terraform/node.tf
View file

@ -8,11 +8,11 @@ locals {
mac_address = "AA:BB:07:00:${format("%v:%v", substr(sha1(v.name), 0, 2), substr(sha1(v.name), 2, 2))}" mac_address = "AA:BB:07:00:${format("%v:%v", substr(sha1(v.name), 0, 2), substr(sha1(v.name), 2, 2))}"
domain = local.domain domain = local.domain
meta = { meta = {
name = each.value.name name = v.name
domain = each.value.domain domain = local.domain
service_account = { service_account = {
username = authentik_user.service_account[each.value.name].username username = authentik_user.service_account[k].username
password = authentik_token.service_account[each.value.name].token password = authentik_token.service_account[k].key
} }
} }
}) })

11
terraform/serviceaccount.tf
View file

@ -21,9 +21,10 @@ resource "authentik_user" "service_account" {
resource "authentik_token" "service_account" { resource "authentik_token" "service_account" {
for_each = var.nodes for_each = var.nodes
identifier = "svc.tjo.cloud-service-account-${each.value.name}" identifier = "svc-tjo-cloud-service-account-${each.value.name}"
user = authentik_user.service_account[each.value.name].id user = authentik_user.service_account[each.key].id
description = "Service account for ${each.value.name} node" description = "Service account for ${each.value.name} node"
expiring = false expiring = false
intent = "app_password" intent = "app_password"
retrieve_key = true
} }

14
terraform/variables.tf
View file

@ -33,13 +33,21 @@ variable "common_storage" {
} }
variable "digitalocean_token" { variable "digitalocean_token" {
type = string type = string
sensitive = true
} }
variable "proxmox_token" { variable "proxmox_token" {
type = string type = string
sensitive = true
} }
variable "tailscale_apikey" { variable "tailscale_apikey" {
type = string type = string
sensitive = true
}
variable "authentik_token" {
type = string
sensitive = true
} }