arcodange-org/factory
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

create gitea tofu bot user

Browse Source
This commit is contained in:
Gabriel Radureau
2024-11-05 16:33:58 +01:00
parent 66e9ec5091
commit fa0df6f175
7 changed files with 145 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
iac/backend.tf
View File

@@ -1,6 +1,6 @@
terraform {
backend "gcs" {
bucket = "arcodange-tf"
prefix = "tofu/code"
prefix = "factory/main"
}
}

31
iac/main.tf Normal file
View File

@@ -0,0 +1,31 @@
resource "random_password" "tofu" {
length = 32
}
resource "gitea_user" "tofu" {
username = "tofu_module_reader"
login_name = "tofu_module_reader"
password = random_password.tofu.result
email = "tofu-module-reader@arcodange.fake"
must_change_password = false
full_name = "restricted CI user"
prohibit_login = true
restricted = true
visibility = "private"
}
resource "tls_private_key" "tofu" {
algorithm = "ED25519"
}
resource "gitea_public_key" "tofu" {
title = "tofu"
key = tls_private_key.tofu.public_key_openssh
username = gitea_user.tofu.username
}
resource "vault_kv_secret" "gitea_admin_token" {
path = "kvv1/gitea/tofu_module_reader"
data_json = jsonencode({
ssh_private_key = tls_private_key.tofu.private_key_openssh
ssh_public_key = tls_private_key.tofu.public_key_openssh
})
}

25
iac/providers.tf Normal file
View File

@@ -0,0 +1,25 @@
terraform {
required_providers {
gitea = {
source = "go-gitea/gitea"
version = "0.5.1"
}
vault = {
source = "vault"
version = "4.4.0"
}
}
}
provider "gitea" { # https://registry.terraform.io/providers/go-gitea/gitea/latest/docs
base_url = "https://gitea.arcodange.duckdns.org"
# use GITEA_TOKEN env var
}
provider vault {
address = "https://vault.arcodange.duckdns.org"
auth_login_jwt { # TERRAFORM_VAULT_AUTH_JWT environment variable
mount = "gitea_jwt"
role = "gitea_cicd"
}
}