arcodange-org/tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
56 Commits 2 Branches 0 Tags
5de9793bdfff6581628dc5650afdfa5218a37fee
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Gabriel Radureau 5de9793bdf
All checks were successful
Helm Charts / Detect changed charts (push) Successful in 1m18s
Details
Helm Charts / Detect changed charts (pull_request) Successful in 38s
Details
Helm Charts / Library charts tool (push) Has been skipped
Details
Helm Charts / Library charts tool (pull_request) Has been skipped
Details
Helm Charts / Application charts pgcat (push) Has been skipped
Details
Helm Charts / Application charts pgcat (pull_request) Has been skipped
Details
modules: add env/envs parameter to app_roles + app_policy (multi-env) 
Phase A of the multi-environment evolution agreed in the erp repo design
thread. Both modules gain an optional env coordinate that defaults to
"prod"; by the elision rule, env=prod produces the existing single-env
derived names character-for-character, so every existing app's tofu plan
should be a no-op.

app_roles (per-instance module — caller iterates over envs):
- variables.tf: add optional env = "prod"
- main.tf: compute local.instance via elision rule + local.owner_role
  (snake-case <name>_<env>_role for the Postgres owner)
- main.tf: substitute local.name -> local.instance in all derived names
  (dynamic role name, k8s role name, SA bindings, token_policies)
- outputs.tf: add env + instance outputs; kvv2_path_prefix now derives
  from local.instance (== local.name when env=prod -> backwards-compat)

app_policy (per-repo module — accepts list of envs):
- variables.tf: add optional envs = ["prod"]
- main.tf: compute local.instances + local.non_prod_instances
- main.tf: refactor kvv2 ops rules to dynamic blocks iterating local.instances
  preserving the original rule order (data, delete, undelete, destroy,
  metadata) so prod-only apps render a byte-identical policy document
- main.tf: allowed_parameter blocks for k8s role's bound_service_account_*
  and token_policies use comprehensions over local.instances
- main.tf: keep vault_policy.app (the env=prod runtime policy) at its
  original address; add vault_policy.app_non_prod via for_each over
  non_prod_instances for the other envs

Top-level wiring:
- iac/variables.tf: add envs = optional(list(string), ["prod"]) to the
  applications set(object) type
- iac/main.tf: pass envs = each.value.envs through to app_policies

`tofu validate` passes. Every existing app's tofu plan should report no
changes because: (1) env="prod" defaults are used everywhere, (2) the
elision rule makes local.instance == local.name for prod, (3) dynamic
rule blocks preserve declaration order, (4) the new app_non_prod resource
is created via for_each over an empty set when no non-prod envs are
declared.

Phase B (factory postgres iac + argocd + runbook docs) and Phase D
(erp iac/main.tf for_each + activate sandbox) follow in their own PRs.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-06-15 13:35:04 +02:00
.gitea/workflows
use self signed cert
2026-01-02 19:07:46 +01:00
chart
deploy prometheus
2026-03-18 16:21:31 +01:00
clickhouse
no clickhouse pod on pi2
2026-01-03 19:17:04 +01:00
crowdsec
fix(crowdsec): use Recreate strategy for lapi to avoid RWO volume multi-attach
2026-04-16 10:25:10 +02:00
grafana
configure grafana with prometheus
2026-03-18 17:07:35 +01:00
hashicorp-vault
modules: add env/envs parameter to app_roles + app_policy (multi-env)
2026-06-15 13:35:04 +02:00
pgbouncer
use internal .lab instead of failing duckdns.org
2025-12-31 17:54:36 +01:00
pgcat
use internal .lab instead of failing duckdns.org
2025-12-31 17:54:36 +01:00
plausible
use internal .lab instead of failing duckdns.org
2025-12-31 17:54:36 +01:00
prometheus
deploy prometheus
2026-03-18 16:21:31 +01:00
redis
use internal .lab instead of failing duckdns.org
2025-12-31 17:54:36 +01:00
tool
add tool/NOTES.txt
2025-08-27 18:54:16 +02:00
.gitignore
fixes
2025-12-09 12:14:57 +01:00
README.md
declare tools (#1)
2024-09-04 11:00:44 +02:00

README.md

Tools

CICD:
pousser la library helm dans le registre helm de gitea

pour chaque dossier de premier niveau contenant un fichier Chart.yaml (sauf les dossier library et chart)
le pousser dans le registre helm de gitea

pgbouncer

prometheus

hashicorp vault

experiment with sops

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 709 KiB
Languages
HCL 100%