create gitea tofu bot user

2024-11-05 16:33:58 +01:00
parent 66e9ec5091
commit fa0df6f175
7 changed files with 145 additions and 1 deletions
--- a/iac/main.tf
+++ b/iac/main.tf
@@ -0,0 +1,31 @@
+
+resource "random_password" "tofu" {
+  length           = 32
+}
+resource "gitea_user" "tofu" {
+  username             = "tofu_module_reader"
+  login_name           = "tofu_module_reader"
+  password             = random_password.tofu.result
+  email                = "tofu-module-reader@arcodange.fake"
+  must_change_password = false
+  full_name = "restricted CI user"
+  prohibit_login = true
+  restricted = true
+  visibility = "private"
+}
+resource "tls_private_key" "tofu" {
+  algorithm =  "ED25519"
+}
+resource "gitea_public_key" "tofu" {
+  title     = "tofu"
+  key       = tls_private_key.tofu.public_key_openssh
+  username  = gitea_user.tofu.username
+}
+
+resource "vault_kv_secret" "gitea_admin_token" {
+  path = "kvv1/gitea/tofu_module_reader"
+  data_json = jsonencode({
+    ssh_private_key = tls_private_key.tofu.private_key_openssh
+    ssh_public_key = tls_private_key.tofu.public_key_openssh
+  })
+}