arcodange-org/factory
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixes

Browse Source
This commit is contained in:
Gabriel Radureau
2025-08-09 17:01:18 +02:00
parent 561331b825
commit b4bde14809
7 changed files with 30 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
ansible/arcodange/factory/inventory/group_vars/hard_disk/gitea_vault.yml
View File

@@ -1,13 +1,14 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
66376231363631663639623736353861383337333863623761303438643831653061373338306366 36376264363339363633323934646662623836323237373638326331643333383664393363653133
3762316261326433316166393132663034373636313935660a353962653931643131306134663264 6136336438613839376466613530303630613035383935660a383934386234633163343735633435
64636264393338366363333932366163393036326362353630656132326534663239306639336531 65623262633238356338343038333765333064323337653638636138626530643661313832643634
3239373433386332640a653262633333653037646236366362333838356534623935613534376465 3365363638616231350a303461336564636633333664643566346432653032336233326338376134
66633335636235323035656332356566343738363661363066653239653037643539323533643534 36386235366564306533643635653232373634346333373236313462393533396334623365326638
38376465663637646637326436306631663135333361666635303936643562356365616164636565 33363934663763326534363562643338333361616633323336313862353838666235393063306535
39313231623630386332363262376364383935353534663465333362356631383334396366643463 33303465356166323630306265303930363066386533653966633162633161623266356664636537
65616130613936343035643736623137313665373462353531326365396638633165326139343233 32653964326466336136376365386439313962316666333935663037326434306430343734646664
31313933313161343265373865643638616134303834396563623366633136616333613433323035 62376137306434313235363334373737636564316465323965613030643135336161316331663332
32643336343438646361616364336466366165363464323466363034373531323839363863396236 34646437336262306533303462623936336561633032643437396335356435333861353934643234
34343731386364613739666461633564646135306231366135396562383565383562396639316164 63376362366563316437383062653930373536666330313261396338656532333034373232386331
33626266643765653765 37363463633863333433613463336564636336366633353663336162303563646331373635663437
30393962613939323161306131313630333438653539363439643131373736313132

4
ansible/arcodange/factory/playbooks/01_system.yml
View File

@@ -72,8 +72,8 @@
- name: k3s - name: k3s
tags: never tags: never
# ansible.builtin.import_playbook: k3s.orchestration.site ansible.builtin.import_playbook: k3s.orchestration.site
ansible.builtin.import_playbook: k3s.orchestration.upgrade # ansible.builtin.import_playbook: k3s.orchestration.upgrade
# ansible.builtin.import_playbook: k3s.orchestration.reset # ansible.builtin.import_playbook: k3s.orchestration.reset
vars: vars:
k3s_version: v1.32.2+k3s1 k3s_version: v1.32.2+k3s1

2
ansible/arcodange/factory/playbooks/setup/postgres.yml
View File

@@ -62,4 +62,4 @@
loop_control: loop_control:
loop_var: database__pg_instruction loop_var: database__pg_instruction
loop: loop:
"{{ applications_databases.values() | map(attribute='db_name') | product(pg_instructions) }}" "{{ ( ['postgres'] + ( applications_databases.values() | map(attribute='db_name') ) ) | product(pg_instructions) }}"

7
ansible/arcodange/factory/playbooks/tools/roles/hashicorp_vault/tasks/gitea_oidc_auth.yml
View File

@@ -37,6 +37,13 @@
register: last_tofu_command register: last_tofu_command
loop: loop:
- tofu init -no-color - tofu init -no-color
# - >-
# tofu destroy -auto-approve -no-color
# -var='gitea_app={{ gitea_app | to_json }}'
# -var='vault_address={{ vault_address }}'
# -var='vault_token={{ vault_root_token }}'
# -var='postgres_admin_credentials={{ postgres_admin_credentials | to_json }}'
# -var='gitea_admin_token={{ gitea_admin_token }}'
- >- - >-
tofu apply -auto-approve -no-color tofu apply -auto-approve -no-color
-var='gitea_app={{ gitea_app | to_json }}' -var='gitea_app={{ gitea_app | to_json }}'

5
iac/README.md Normal file
View File

@@ -0,0 +1,5 @@
#
Provisionne un utilisateur gitea "tofu_module_reader",
autorisé à lire certains projets il est utilisé par la CI pour récupérer des blueprints terraform
via sa clé ssh répertoriée dans vault.

2
iac/main.tf
View File

@@ -9,7 +9,7 @@ resource "gitea_user" "tofu" {
email = "tofu-module-reader@arcodange.fake" email = "tofu-module-reader@arcodange.fake"
must_change_password = false must_change_password = false
full_name = "restricted CI user" full_name = "restricted CI user"
prohibit_login = true prohibit_login = false
restricted = true restricted = true
visibility = "private" visibility = "private"
} }

2
postgres/iac/main.tf
View File

@@ -1,6 +1,6 @@
resource "random_password" "credentials_editor" { resource "random_password" "credentials_editor" {
length = 24 length = 24
override_special = "-:!+<>$" override_special = "-:!+<>"
} }
resource "postgresql_role" "credentials_editor" { resource "postgresql_role" "credentials_editor" {