From fdf38928edd187949c8f4fc5a60b9780500d3e2e Mon Sep 17 00:00:00 2001 From: Trygve Laugstøl Date: Fri, 23 Dec 2022 14:25:38 +0100 Subject: concourse --- ansible/knot-pg-backup.yml | 56 ------------------ ansible/knot-pg.yml | 72 ++++++++++++++++++++++++ sops.yml | 5 +- terraform/concourse/.terraform.lock.hcl | 49 +++++++++++----- terraform/concourse/concourse.tf | 14 ++++- terraform/concourse/dns.tf | 2 +- terraform/concourse/main.tf | 27 ++++++--- terraform/concourse/pdb.tf | 14 +++++ terraform/concourse/sops.tf | 0 terraform/conflatorio-docker/.terraform.lock.hcl | 53 ++++++----------- terraform/conflatorio-docker/main.tf | 14 ++++- terraform/knot-pdb/pdb.tf | 8 +-- 12 files changed, 186 insertions(+), 128 deletions(-) delete mode 100644 ansible/knot-pg-backup.yml create mode 100644 ansible/knot-pg.yml create mode 100644 terraform/concourse/pdb.tf create mode 100644 terraform/concourse/sops.tf diff --git a/ansible/knot-pg-backup.yml b/ansible/knot-pg-backup.yml deleted file mode 100644 index 4d0cac1..0000000 --- a/ansible/knot-pg-backup.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -- hosts: - - knot - vars: - wal_g: /etc/postgresql/wal-g.env - wal_g_bin: /var/lib/postgresql/wal-g - pg_v: 15 - tasks: - - name: "mkdir {{ wal_g }}" - become: yes - file: - path: "{{ wal_g }}" - state: directory - mode: ug=rx,o= - owner: root - group: postgres - - - - name: Load values from../knot-pdb.sops.yml - community.sops.load_vars: - name: env - file: ../knot-pdb.sops.yml - - - name: Configure environment - become: yes - copy: - dest: "{{ wal_g }}/{{ item.file }}" - content: | - {{ item.content }} - owner: root - group: postgres - mode: g=r,u=r,o= - loop: - - {file: "AWS_ACCESS_KEY_ID", content: "{{ env.AWS_ACCESS_KEY_ID }}"} - - {file: "AWS_ENDPOINT", content: "{{ env.AWS_ENDPOINT }}"} - - {file: "AWS_REGION", content: "{{ env.AWS_REGION }}"} - - {file: "AWS_S3_FORCE_PATH_STYLE", content: "{{ env.AWS_S3_FORCE_PATH_STYLE }}"} - - {file: "AWS_SECRET_ACCESS_KEY", content: "{{ env.AWS_SECRET_ACCESS_KEY }}"} - - {file: "WALG_S3_PREFIX", content: "{{ env.WALG_S3_PREFIX }}"} - - {file: "PGHOST", content: "/var/run/postgresql"} - - - name: /etc/postgresql/{{ pg_v }}/main/wal-g.conf - become: yes - copy: - dest: /etc/postgresql/{{ pg_v }}/main/wal-g.conf - content: | - archive_mode = yes - archive_command = '/usr/bin/envdir {{ wal_g }} {{ wal_g_bin }} wal-push %p' - archive_timeout = 60 - - - name: /etc/postgresql/{{ pg_v }}/main/postgresql.conf - become: yes - lineinfile: - path: /etc/postgresql/{{ pg_v }}/main/postgresql.conf - regexp: wal-g.conf - line: "include = 'wal-g.conf'" diff --git a/ansible/knot-pg.yml b/ansible/knot-pg.yml new file mode 100644 index 0000000..ec0b86b --- /dev/null +++ b/ansible/knot-pg.yml @@ -0,0 +1,72 @@ +--- +- hosts: + - knot + vars: + wal_g: /etc/postgresql/wal-g.env + wal_g_bin: /var/lib/postgresql/wal-g + pg_v: 15 + tasks: + - name: "mkdir {{ wal_g }}" + become: yes + file: + path: "{{ wal_g }}" + state: directory + mode: ug=rx,o= + owner: root + group: postgres + + + - name: Load values from../knot-pdb.sops.yml + community.sops.load_vars: + name: env + file: ../knot-pdb.sops.yml + + - name: Configure environment + become: yes + tags: env + copy: + dest: "{{ wal_g }}/{{ item.file }}" + content: | + {{ item.content }} + owner: root + group: postgres + mode: g=r,u=r,o= + loop: + - {file: "AWS_ACCESS_KEY_ID", content: "{{ env.AWS_ACCESS_KEY_ID }}"} + - {file: "AWS_ENDPOINT", content: "{{ env.AWS_ENDPOINT }}"} + - {file: "AWS_REGION", content: "{{ env.AWS_REGION }}"} + - {file: "AWS_S3_FORCE_PATH_STYLE", content: "{{ env.AWS_S3_FORCE_PATH_STYLE }}"} + - {file: "AWS_SECRET_ACCESS_KEY", content: "{{ env.AWS_SECRET_ACCESS_KEY }}"} + - {file: "WALG_S3_PREFIX", content: "{{ env.WALG_S3_PREFIX }}"} + - {file: "PGHOST", content: "/var/run/postgresql"} + + - name: /etc/postgresql/{{ pg_v }}/main/wal-g.conf + become: yes + copy: + dest: /etc/postgresql/{{ pg_v }}/main/wal-g.conf + content: | + archive_mode = yes + archive_command = '/usr/bin/envdir {{ wal_g }} {{ wal_g_bin }} wal-push %p' + archive_timeout = 60 + + - name: /etc/postgresql/{{ pg_v }}/main/postgresql.conf + become: yes + lineinfile: + path: /etc/postgresql/{{ pg_v }}/main/postgresql.conf + regexp: listen_addresses + line: "listen_addresses = '127.0.0.1,10.0.3.1,fdf3:aad9:a885:b3a::1'" + + - name: /etc/postgresql/{{ pg_v }}/main/postgresql.conf + become: yes + lineinfile: + path: /etc/postgresql/{{ pg_v }}/main/postgresql.conf + regexp: wal-g.conf + line: "include = 'wal-g.conf'" + + - name: /etc/postgresql/{{ pg_v }}/main/pg_hba.conf + become: yes + lineinfile: + path: /etc/postgresql/{{ pg_v }}/main/pg_hba.conf + regexp: fdf3:aad9:a885:b3a + line: "host all all fdf3:aad9:a885:b3a::/64 scram-sha-256" + diff --git a/sops.yml b/sops.yml index 5dbfeb8..4ac5b77 100644 --- a/sops.yml +++ b/sops.yml @@ -1,4 +1,5 @@ linode_token: ENC[AES256_GCM,data:OzTO+rM+z2hO3ch25HbiPvxI+bV8RoJ6BRY3yobKeXac6mv9rUbp3YjnyeeuKXrRdj6xNGYAiklrKeJlx0NxWg==,iv:uI4haka/5ZfZ3laPRfc3C6spxhSvemQuiw00oNWNGNQ=,tag:FiB8bZIQMlyOjcAaDJD5hQ==,type:str] +knot_pdb_terraform_password: ENC[AES256_GCM,data:cu5aUZAVrmtzgBB2hGfBkd+TU4vB0cWnBNluTHptyV0YvZuq,iv:HT4Cmr9huuylVt2vwFcrWUlBmDE6V3n0bXq/telJNBM=,tag:2RSvWnAAM5seHv12HyDprA==,type:str] sops: kms: [] gcp_kms: [] @@ -14,8 +15,8 @@ sops: N2hQUUZaMjdFM3lQeEluUWRrbWN5Ym8K42DZtqFpFf4ssxCaXz+cpWn4ne/90qsq qfSwf4ysKqUJdPjGrrRn+xb89rRBIrpIA/YxnfYX1ljsFaAnf+F16w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-12-23T10:32:04Z" - mac: ENC[AES256_GCM,data:wr9zHUZoB3waig1UNtRjcsEHiJKEcJmyIRlIN5U3c/GEbVqvLLcKeNLuY8l2ETsNuNB0FOhg5Q5kGWEgboxNCt61O8+3fEW3vGHBge6nyb9tFs+DrtL0XULk0uLAUTvQfWbVHbZz/2zmilXs8C8x0KACFZK1LruScFC40xby5Wc=,iv:NaBgvul/8fA6WGW4g50VX+tAB6Ch1VtkD5EEiZjEwkU=,tag:JZc2X0wLH/UNNaobN8ghew==,type:str] + lastmodified: "2022-12-23T11:55:19Z" + mac: ENC[AES256_GCM,data:3sN4NSN7QnhpdSSwzz9DqUrD9ltcSMTP2N/uO2zHdd3eZRN8tx4/H0ggiyCKWUr1DMbyI608PaQ5ASi8kqNLYUYAeXl3z0rk2qbxOu82j1pfnHkSkZFkWAj1vnQfcXomTKUCqwiG/AXKifB/g3v0/aGVwUBr1mu+k4mGbI7tU/A=,iv:3eDkx1ntGw/uZr0lfYcdXCixcMcjmViH/qaUMKZagvM=,tag:vfgVLAHinf3Gj+NFSW+y/g==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/terraform/concourse/.terraform.lock.hcl b/terraform/concourse/.terraform.lock.hcl index 2095e00..d008733 100644 --- a/terraform/concourse/.terraform.lock.hcl +++ b/terraform/concourse/.terraform.lock.hcl @@ -23,6 +23,25 @@ provider "registry.terraform.io/cyrilgdn/postgresql" { ] } +provider "registry.terraform.io/hashicorp/random" { + version = "3.4.3" + hashes = [ + "h1:xZGZf18JjMS06pFa4NErzANI98qi59SEcBsOcS2P2yQ=", + "zh:41c53ba47085d8261590990f8633c8906696fa0a3c4b384ff6a7ecbf84339752", + "zh:59d98081c4475f2ad77d881c4412c5129c56214892f490adf11c7e7a5a47de9b", + "zh:686ad1ee40b812b9e016317e7f34c0d63ef837e084dea4a1f578f64a6314ad53", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:84103eae7251384c0d995f5a257c72b0096605048f757b749b7b62107a5dccb3", + "zh:8ee974b110adb78c7cd18aae82b2729e5124d8f115d484215fd5199451053de5", + "zh:9dd4561e3c847e45de603f17fa0c01ae14cae8c4b7b4e6423c9ef3904b308dda", + "zh:bb07bb3c2c0296beba0beec629ebc6474c70732387477a65966483b5efabdbc6", + "zh:e891339e96c9e5a888727b45b2e1bb3fcbdfe0fd7c5b4396e4695459b38c8cb1", + "zh:ea4739860c24dfeaac6c100b2a2e357106a89d18751f7693f3c31ecf6a996f8d", + "zh:f0c76ac303fd0ab59146c39bc121c5d7d86f878e9a69294e29444d4c653786f8", + "zh:f143a9a5af42b38fed328a161279906759ff39ac428ebcfe55606e05e1518b93", + ] +} + provider "registry.terraform.io/kreuzwerker/docker" { version = "2.23.1" constraints = "2.23.1" @@ -67,21 +86,21 @@ provider "registry.terraform.io/linode/linode" { ] } -provider "registry.terraform.io/meilleursagents/ansiblevault" { - version = "2.2.0" - constraints = "2.2.0" +provider "registry.terraform.io/lokkersp/sops" { + version = "0.6.10" + constraints = "0.6.10" hashes = [ - "h1:BdAWPYZ+cwkGuc9Hy0zZfyvbRL9f3naXpcUaOnoZee8=", - "zh:06faf88f2a6f2e9aabadb0d50565f4804636039042d37984463f0ca647f52189", - "zh:15053cceec8b24d9b62598e9e6860607603c2ecc7871705720a0753ef297d79f", - "zh:525f261f35d58151b4c51301cc1ae98a592c9b3400449361a91f2d84c467e2ac", - "zh:8bfe3b2c2b975792987d0642e8525efbf436ae08b1cebb1fa266b8954cb1915e", - "zh:93a943b494b0f70ef644334bf7646bf203ca087873385ab8ff89d406b9448771", - "zh:c651248189d297321a48feb775907de0ba2b9a100cb35f7364357b0af0e55931", - "zh:ccbee95f3c264c663fcddac8c8c921ec9f4fde95f15196838a73a9bf215a4020", - "zh:d3226f7b3a3013fceeef3392f54708b976daa0f43767bc24ff8c420c8a48a1a9", - "zh:f236d34596a51f64163eb5d13c3bcea4e10023f7e65f777b7267c463c427aad2", - "zh:f79f848b9c4b67879c2c25f2ef5b654eaafcfd7568f442eea2566bb580519c4f", - "zh:fbe2363c1c6a32df6443e650b53b5004a4d6f9431d23935ed98c500bed1552bd", + "h1:atU8NIBxpNTWY+qBubvEOfjOn4K1aCDoq1iUFocgIHQ=", + "zh:0f053a26392a581b1f1ce6316cb7ed8ec4cc75e7f5f1cf7cfd45050b6b3c87ea", + "zh:207bb96c4471fce9aeb1b3c217d772692c3d865d294cf4d2501dad41de36a15e", + "zh:28506e8f1f3b9eaa95d99043440328044ee6340143535e5751538328a529d001", + "zh:3cae3bcea9e35fdc5b3f2af1b4580cd625c996448ad0c676c772260e46b25289", + "zh:3e44daaf82986c2b0028aeb17b867f3c68ed5dd8ac8625ba0406cf2a5fd3d92e", + "zh:457fb8ca2e677af24f9a4bdd8b613b1d7b604ad7133541657e5757c19268da71", + "zh:473d727c228f021a3df8cc8dcc6231ad7f90ed63f9e47c36b597d591e76228da", + "zh:48c4c1df39fd76ec8bd5fe9ac70cdc0927ac8be95582dbe46458b3442ce0fcd9", + "zh:728b19cb5c07e5e9d8b78fd94cc57d4c13582ecd24b7eb7c4cc2bf73b12fe4d1", + "zh:c51ed9af591779bb0910b82addeebb10f53428b994f8db653dd1dedcec60916c", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } diff --git a/terraform/concourse/concourse.tf b/terraform/concourse/concourse.tf index 9bbb3b4..c386e91 100644 --- a/terraform/concourse/concourse.tf +++ b/terraform/concourse/concourse.tf @@ -1,3 +1,7 @@ +data "docker_network" "traefik" { + name = "traefik" +} + resource "docker_image" "concourse" { name = "concourse/concourse:7.8.3" } @@ -14,6 +18,10 @@ resource "docker_container" "concourse" { name = data.docker_network.traefik.name } + networks_advanced { + name = "bridge" + } + ports { internal = 8080 external = 8080 @@ -44,10 +52,10 @@ resource "docker_container" "concourse" { env = [ "CONCOURSE_POSTGRES_HOST=knot.vpn.trygvis.io", - "CONCOURSE_POSTGRES_USER=concourse", - "CONCOURSE_POSTGRES_PASSWORD=concourse", - "CONCOURSE_POSTGRES_DATABASE=concourse", "CONCOURSE_POSTGRES_PORT=5432", + "CONCOURSE_POSTGRES_USER=${postgresql_role.concourse.name}", + "CONCOURSE_POSTGRES_PASSWORD=${postgresql_role.concourse.password}", + "CONCOURSE_POSTGRES_DATABASE=${postgresql_database.concourse.name}", "CONCOURSE_POSTGRES_SSLMODE=require", "CONCOURSE_EXTERNAL_URL=https://${local.domain_name}", "CONCOURSE_WORKER_BAGGAGECLAIM_DRIVER=overlay", diff --git a/terraform/concourse/dns.tf b/terraform/concourse/dns.tf index 68e1764..a465bf8 100644 --- a/terraform/concourse/dns.tf +++ b/terraform/concourse/dns.tf @@ -6,5 +6,5 @@ resource "linode_domain_record" "concourse-vpn" { domain_id = data.linode_domain.root.id name = "concourse.vpn" record_type = "CNAME" - target = local.domain_name + target = "conflatorio.vpn.trygvis.io" } diff --git a/terraform/concourse/main.tf b/terraform/concourse/main.tf index 49bad5e..49702b9 100644 --- a/terraform/concourse/main.tf +++ b/terraform/concourse/main.tf @@ -12,10 +12,6 @@ terraform { } required_providers { - ansiblevault = { - source = "MeilleursAgents/ansiblevault" - version = "2.2.0" - } docker = { source = "kreuzwerker/docker" version = "2.23.1" @@ -28,6 +24,10 @@ terraform { source = "cyrilgdn/postgresql" version = "1.18.0" } + sops = { + source = "lokkersp/sops" + version = "0.6.10" + } } } @@ -35,14 +35,25 @@ provider "docker" { host = "ssh://conflatorio.vpn.trygvis.io" } -provider "ansiblevault" { - root_folder = ".." +provider "postgresql" { + host = "knot.vpn.trygvis.io" + database = "postgres" + username = "terraform" + password = data.sops_file_entry.knot_pdb_terraform_password.data + sslmode = "require" } -data "docker_network" "traefik" { - name = "traefik" +provider "sops" { + age = { + key = "age13wv3rp0varlg4nvt3tca48fq8u9q3mc6yfdekjeapcmc7kaq4dysrzcmv3" + } } locals { domain_name = "concourse.vpn.trygvis.io" } + +data "sops_file_entry" "knot_pdb_terraform_password" { + source_file = "../../sops.yml" + data_key = "knot_pdb_terraform_password" +} diff --git a/terraform/concourse/pdb.tf b/terraform/concourse/pdb.tf new file mode 100644 index 0000000..3eb9dfe --- /dev/null +++ b/terraform/concourse/pdb.tf @@ -0,0 +1,14 @@ +resource "random_uuid" "concourse_password" { +} + +resource "postgresql_role" "concourse" { + name = "concourse" + login = true + password = random_uuid.concourse_password.result +} + +resource "postgresql_database" "concourse" { + name = "concourse" + owner = "concourse" +} + diff --git a/terraform/concourse/sops.tf b/terraform/concourse/sops.tf new file mode 100644 index 0000000..e69de29 diff --git a/terraform/conflatorio-docker/.terraform.lock.hcl b/terraform/conflatorio-docker/.terraform.lock.hcl index 6b5beb1..aa0f1fb 100644 --- a/terraform/conflatorio-docker/.terraform.lock.hcl +++ b/terraform/conflatorio-docker/.terraform.lock.hcl @@ -21,24 +21,24 @@ provider "registry.terraform.io/hashicorp/null" { } provider "registry.terraform.io/kreuzwerker/docker" { - version = "2.23.1" - constraints = "2.23.1" + version = "2.24.0" + constraints = "2.24.0" hashes = [ - "h1:0B1y4P21+k4/3KkVkDRjkmaQ2HYWnCD8EUMBCaoaudA=", - "zh:075f591d3ef708cbdb94f31685c332b15622dd0d6a4eff7c36a49c43fe138523", - "zh:1952a1d90541ba27e72441d876d7b8c8bdbbaf14cc80685db9940112f2075eb5", - "zh:1d050255ac61132e24d7b653bed14b152ad99f4a6ad3bd346694baded4f3eee8", - "zh:2fc77142ea2bcabc7dba00bd6e13a88f18987b56e030f1527ed9d3b8f8228179", - "zh:3acaa72c112a3fdbeb1463a39049d9ac543db38f1be0ac58b00ef3625e3fdd3a", - "zh:46f462e35cd7cc33df9c256a3b47101dd64435c49127f0b9c0731315c19f3a88", - "zh:4c647a12a68b6b3ebef2a0d3a36aad2abdab8662ab3fa1ed4965ef7440c529eb", - "zh:6440a7989917d538478875e80c682a973b7addf2b7931b4dfd0b15490b05e714", - "zh:84c587d6a935fb1b25044e920101b2bee76caa892259076d9eceb241b94271f4", - "zh:8960ae0fde31e4c0db97bb60424de79acf6863d49853e8e1426c6bae7fc7d5b6", - "zh:9e053699151cbff9e12df11f10d272b24d19eba52760f16ecbc9ba8f36ef086b", - "zh:b5261fd530cc531d69a54427a5563834e54f146f93876e9d19d4e8f0681f724e", - "zh:edbbf0931b4c82b8cd52cc99f717d5b745ed29fd563f96d9c526c66547ce2af2", - "zh:f6238eee53124aae4896a57e92c6ad7ce35adb946662e864abf3c8cc154e3498", + "h1:1z0/qA77T3PS/1m4vRO8UgWjHjk5/v+f3JfGbMyzX18=", + "zh:181fefd55c8eb75efe9815c43fdd76422b57951ef53b5d5f19273a00fdf0e2e2", + "zh:2ec84e029d169f188be2addf7f45c2555f226f67d4b6fb66c1749ed5b2c4a76a", + "zh:6f5cf945148485f57b919d31a30f1a5a93d45f4e8edfdb0b80b22258d51795d8", + "zh:8d00c2c459a48453f52a00a8d1ffdb7bcf72fe4b3b09ffcfd52218c4646fa7fa", + "zh:9bd6e06601e0a972b9ce01150e32e76b76b4caf1d9798daf4cf16d06e2a8d4a3", + "zh:af72591132dc8cd338f293e458403851e6b8a6ac4c4d25a3268940f9763df7aa", + "zh:c4a47c5c7ad2ff1fc5212e69c5ef837a127346264e46ce7b5d13362545e4aa70", + "zh:c6d68f33efcd3372331ed0d58ec49e8b01ddc132934b14d2d45977076950e4b3", + "zh:db228855ae7235095d367f3597719747e5be0dd9ce2206ea02062560b518c08a", + "zh:e8d6ce89642925f2e813d0b829bd5562582de37eaa39351e231ab474383e703a", + "zh:ec83d8c86a918d25eb824cc99f98924ef8949eb69aa40cb5ff2db24369e52d9c", + "zh:ee0032d3d86adeeca7fdd4922bb8db87dbb5cd0093c054ff8efe2260de0b624c", + "zh:f033b70f342f32eeb98c213e6fc7098d7afd22b3146a5cb6173c128b0e86d732", + "zh:f1bc3a2c4f152f8adc9a1f9c852496232ef31073b149945756c13bc9688cf08b", ] } @@ -60,22 +60,3 @@ provider "registry.terraform.io/lokkersp/sops" { "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } - -provider "registry.terraform.io/meilleursagents/ansiblevault" { - version = "2.2.0" - constraints = "2.2.0" - hashes = [ - "h1:BdAWPYZ+cwkGuc9Hy0zZfyvbRL9f3naXpcUaOnoZee8=", - "zh:06faf88f2a6f2e9aabadb0d50565f4804636039042d37984463f0ca647f52189", - "zh:15053cceec8b24d9b62598e9e6860607603c2ecc7871705720a0753ef297d79f", - "zh:525f261f35d58151b4c51301cc1ae98a592c9b3400449361a91f2d84c467e2ac", - "zh:8bfe3b2c2b975792987d0642e8525efbf436ae08b1cebb1fa266b8954cb1915e", - "zh:93a943b494b0f70ef644334bf7646bf203ca087873385ab8ff89d406b9448771", - "zh:c651248189d297321a48feb775907de0ba2b9a100cb35f7364357b0af0e55931", - "zh:ccbee95f3c264c663fcddac8c8c921ec9f4fde95f15196838a73a9bf215a4020", - "zh:d3226f7b3a3013fceeef3392f54708b976daa0f43767bc24ff8c420c8a48a1a9", - "zh:f236d34596a51f64163eb5d13c3bcea4e10023f7e65f777b7267c463c427aad2", - "zh:f79f848b9c4b67879c2c25f2ef5b654eaafcfd7568f442eea2566bb580519c4f", - "zh:fbe2363c1c6a32df6443e650b53b5004a4d6f9431d23935ed98c500bed1552bd", - ] -} diff --git a/terraform/conflatorio-docker/main.tf b/terraform/conflatorio-docker/main.tf index cfc3cf0..f4cbb61 100644 --- a/terraform/conflatorio-docker/main.tf +++ b/terraform/conflatorio-docker/main.tf @@ -14,7 +14,7 @@ terraform { required_providers { docker = { source = "kreuzwerker/docker" - version = "2.23.1" + version = "2.24.0" } sops = { source = "lokkersp/sops" @@ -31,3 +31,15 @@ data "sops_file_entry" "linode_token" { source_file = "../../sops.yml" data_key = "linode_token" } + +# docker run -d --name ipv6nat --privileged --network host --restart unless-stopped -v /var/run/docker.sock:/var/run/docker.sock:ro robbertkl/ipv6nat + +# resource "docker_network" "bridge6" { +# name = "bridge6" +# ipv6 = true +# +# ipam_options = { +# "com.docker.network.enable_ipv6" = true +# } +# } + diff --git a/terraform/knot-pdb/pdb.tf b/terraform/knot-pdb/pdb.tf index 2a63601..7b2e6fc 100644 --- a/terraform/knot-pdb/pdb.tf +++ b/terraform/knot-pdb/pdb.tf @@ -24,11 +24,7 @@ resource "linode_object_storage_key" "wal" { resource "sops_file" "secret_data" { encryption_type = "age" filename = "../../knot-pdb.sops.yml" - content = yamlencode(local.env) -} - -locals { - env = { + content = yamlencode({ AWS_ACCESS_KEY_ID = linode_object_storage_key.wal.access_key AWS_SECRET_ACCESS_KEY = linode_object_storage_key.wal.secret_key WALG_S3_PREFIX = "s3://${linode_object_storage_bucket.wal.label}" @@ -36,5 +32,5 @@ locals { AWS_REGION = data.linode_object_storage_cluster.cluster.id AWS_ENDPOINT = "https://${data.linode_object_storage_cluster.cluster.id}.linodeobjects.com" PGHOST = "" - } + }) } -- cgit v1.2.3