ii · BobyMCbobs · Mar 12, 2024 · Mar 12, 2024 · Mar 12, 2024 · Mar 12, 2024
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,12 @@
+.DS_Store
+.idea
+*.log
+tmp/
+.envrc
+.terraform
+.terraform.lock.hcl
+values.tfvars
+config.org
+secrets.org
+config.tfvars
+secrets.tfvars
diff --git a/README.org b/README.org
@@ -6,7 +6,7 @@ a Flux + Terraform infrastructure repo
 
 * Todo
 
-- [x] add Flux for sharing-io repo
+- [x] add Flux for cluster repo
 - [x] get talosconfig
 - [ ] access Kubernetes APIServer
 - [ ] verify Ceph disk allocation
@@ -15,74 +15,63 @@ a Flux + Terraform infrastructure repo
 
 Install OpenTofu
 
-#+begin_src shell
+#+begin_src tmux :session ":tofu "
 brew install opentofu
 #+end_src
 
-* Usage
-
-vars:
-
-- rfc2136_server
-- rfc2136_tsig_keyname
-- rfc2136_tsig_key
-- equinix_metal_project_id
-- equinix_metal_auth_token (DO NOT WRITE THIS DISK)
+#+RESULTS:
 
-keep in values.tfvars (as HCL); example:
-
-#+begin_src hcl :tangle ./values-example.tfvars
-rfc2136_server       = "123.253.176.253"
-rfc2136_tsig_keyname = "sharing.io."
-rfc2136_tsig_key     = "[VALUE HERE]"
-equinix_metal_project_id = "82b5c425-8dd4-429e-ae0d-d32f265c63e4"
-#+end_src
+* Usage
 
-init
+You'll need .tfvar files, currently we create those via org files.
 
-#+begin_src tmux
-tofu init -var-file=./values.tfvars -var equinix_metal_auth_token=$METAL_AUTH_TOKEN -var github_token="$(gh auth token)" --upgrade
+#+begin_src tmux :session ":tofu"
+cd ~/infra
+mkdir -p ./tmp/
+touch ./tmp/cluster-kubeconfig
+tofu init -var-file=./config.tfvars -var-file=./secrets.tfvars -var github_token="$(gh auth token)" --upgrade
 #+end_src
 
 plan
 
-#+begin_src tmux
-tofu plan -var-file=./values.tfvars -var equinix_metal_auth_token=$METAL_AUTH_TOKEN -var github_token="$(gh auth token)"
+#+begin_src tmux :session ":tofu"
+tofu plan -var-file=./config.tfvars -var-file=./secrets.tfvars -var github_token="$(gh auth token)"
 #+end_src
 
 apply
 
-#+begin_src tmux
-tofu apply -var-file=./values.tfvars -var equinix_metal_auth_token=$METAL_AUTH_TOKEN -var github_token="$(gh auth token)"
+#+begin_src tmux :session ":tofu"
+tofu apply -var-file=./config.tfvars -var-file=./secrets.tfvars -var github_token="$(gh auth token)"
 #+end_src
 
 get talosconfig
 
-#+begin_src tmux
-CLUSTER_NAME=sharing-io
-tofu output -raw "$CLUSTER_NAME"-talosconfig > ~/.talos/config-"$CLUSTER_NAME"
+#+begin_src tmux :session ":talos"
+mkdir -p ~/.talos
+tofu output -raw talosconfig > ~/.talos/config
 #+end_src
 
 get kubeconfig
 
 #+begin_src tmux
-CLUSTER_NAME=sharing-io
-tofu output -raw "$CLUSTER_NAME"-kubeconfig > ~/.kube/config-"$CLUSTER_NAME"
+mkdir -p ~/.kube
+tofu output -raw kubeconfig > ~/.kube/config
 #+end_src
 
 * Flux usage
 
 force a reconciliation
 
-#+begin_src shell :results silent
-flux --kubeconfig ~/.kube/config-sharing-io reconcile source git flux-system
+#+begin_src tmux
+CLUSTER_NAME=cloudnative-coop
+flux --kubeconfig ~/.kube/config-"$CLUSTER_NAME" reconcile source git flux-system
 #+end_src
 
 * Force tear down
 
-#+begin_src tmux
-tofu state list | grep -E 'talos|flux' | xargs -I{} tofu state rm {}
-tofu destroy -var-file=./values.tfvars -var equinix_metal_auth_token=$METAL_AUTH_TOKEN -var github_token="$(gh auth token)"
+#+begin_src tmux :session ":tofu"
+tofu state list | grep -E 'talos|flux|manifests|kubernetes_manifest' | xargs -I{} tofu state rm {}
+tofu destroy -var-file=./config.tfvars -var-file=./secrets.tfvars -var github_token="$(gh auth token)"
 #+end_src
 
 * Notes

diff --git a/authentik.tf b/authentik.tf
@@ -0,0 +1,21 @@
+module "cluster-authentik-config" {
+  source                             = "./terraform/authentik-config"
+  github_oauth_app_id                = var.authentik_github_oauth_app_id
+  github_oauth_app_secret            = var.authentik_github_oauth_app_secret
+  authentik_coder_oidc_client_id     = module.cluster-manifests.authentik_coder_oidc_client_id
+  authentik_coder_oidc_client_secret = module.cluster-manifests.authentik_coder_oidc_client_secret
+  authentik_bootstrap_token          = module.cluster-manifests.authentik_bootstrap_token
+  domain                             = var.domain
+  # repo = var.github_repository
+  # # repo   = "${var.github_org}/${var.github_repository}"
+  # domain = "${var.domain}"
+  # secret = module.cluster-manifests.flux_receiver_token
+
+  providers = {
+    authentik  = authentik
+    flux       = flux
+    kubernetes = kubernetes.cluster
+  }
+
+  depends_on = [module.cluster-manifests]
+}
diff --git a/clusters/sharing.io/app.yaml → clusters/cluster/app.yaml b/clusters/sharing.io/app.yaml → clusters/cluster/app.yaml
diff --git a/clusters/sharing.io/configs.yaml → clusters/cluster/configs.yaml b/clusters/sharing.io/configs.yaml → clusters/cluster/configs.yaml
@@ -7,8 +7,8 @@ metadata:
 spec:
   interval: 10m0s
   path: ./infrastructure/configs
-  # dependsOn:
-  #   - name: infrastructure
+  dependsOn:
+    - name: infrastructure
   prune: true
   wait: true
   sourceRef:
@@ -18,3 +18,5 @@ spec:
     substituteFrom:
       - kind: Secret
         name: rfc2136dnsserver
+      - kind: ConfigMap
+        name: coder-kustomize
diff --git a/clusters/cluster/flux-system/gotk-sync.yaml b/clusters/cluster/flux-system/gotk-sync.yaml
@@ -11,7 +11,7 @@ spec:
     branch: main
   secretRef:
     name: flux-system
-  url: ssh://git@github.com/ii/infra.git
+  url: ssh://git@github.com/sharingio/infra.git
 ---
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization

diff --git a/clusters/sharing.io/infrastructure.yaml → clusters/cluster/infrastructure.yaml b/clusters/sharing.io/infrastructure.yaml → clusters/cluster/infrastructure.yaml