renamed iac/main.tf

2025-08-30 18:00:28 +02:00
parent c6807851c5
commit b9a46afb82
1 changed files with 0 additions and 0 deletions
--- a/iac/gitea_tofu_ci_user.tf
+++ b/iac/gitea_tofu_ci_user.tf
@@ -0,0 +1,31 @@
+
+resource "random_password" "tofu" {
+  length           = 32
+}
+resource "gitea_user" "tofu" {
+  username             = "tofu_module_reader"
+  login_name           = "tofu_module_reader"
+  password             = random_password.tofu.result
+  email                = "tofu-module-reader@arcodange.fake"
+  must_change_password = false
+  full_name = "restricted CI user"
+  prohibit_login = false
+  restricted = true
+  visibility = "private"
+}
+resource "tls_private_key" "tofu" {
+  algorithm =  "ED25519"
+}
+resource "gitea_public_key" "tofu" {
+  title     = "tofu"
+  key       = tls_private_key.tofu.public_key_openssh
+  username  = gitea_user.tofu.username
+}
+
+resource "vault_kv_secret" "gitea_admin_token" {
+  path = "kvv1/gitea/tofu_module_reader"
+  data_json = jsonencode({
+    ssh_private_key = tls_private_key.tofu.private_key_openssh
+    ssh_public_key = tls_private_key.tofu.public_key_openssh
+  })
+}