drgrove
/
distrust-stack
forked from public/stack
1
0
Fork 0
Code Pull Requests Activity

Fix make setup to work with open tofu

This commit is contained in:
Danny Grove 2024-03-28 21:28:02 -07:00
parent 6d149d96e5
commit dda0c1f77c
Signed by: drgrove
GPG Key ID: E1F4160251DB4C2E
4 changed files with 31 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
Makefile
View File

@ -7,7 +7,7 @@ ENVIRONMENT := production
REGION := sfo3 REGION := sfo3
ROOT_DIR := $(shell pwd) ROOT_DIR := $(shell pwd)
# TODO: automatically determine # TODO: automatically determine
TERRAFORM := $(ROOT_DIR)/out/terraform.linux-x86_64 TERRAFORM := $(ROOT_DIR)/out/tofu.linux-x86_64
SOPS := $(ROOT_DIR)/out/sops.linux-x86_64 SOPS := $(ROOT_DIR)/out/sops.linux-x86_64
KEYS := \ KEYS := \
6B61ECD76088748C70590D55E90A401336C8AAA9 \ 6B61ECD76088748C70590D55E90A401336C8AAA9 \
@ -15,13 +15,13 @@ KEYS := \
3D7C8D39E8C4DF771583D3F0A8A091FD346001CA \ 3D7C8D39E8C4DF771583D3F0A8A091FD346001CA \
F4BF5C81EC78A5DD341C91EEDC4B7D1F52E0BA4D F4BF5C81EC78A5DD341C91EEDC4B7D1F52E0BA4D
EXTRA_ARGS :=
.DEFAULT_GOAL := .DEFAULT_GOAL :=
.PHONY: default .PHONY: default
default: \ default: \
toolchain \ toolchain \
tools \ tools \
$(patsubst %,$(KEY_DIR)/%.asc,$(KEYS)) \
$(CACHE_DIR)/website/.well-known/openpgpkey \
apply apply
.PHONY: .PHONY:
@ -76,6 +76,13 @@ infra/backend/.terraform: \
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\ $(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
env -C infra/backend $(TERRAFORM) init -upgrade \ env -C infra/backend $(TERRAFORM) init -upgrade \
' '
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
env -C infra/backend $(TERRAFORM) refresh \
-var environment=$(ENVIRONMENT) \
-var namespace=$(ENVIRONMENT) \
-var region=$(REGION) \
-state $(ENVIRONMENT).tfstate \
'
infra/main/.terraform: | \ infra/main/.terraform: | \
$(TERRAFORM) \ $(TERRAFORM) \
@ -85,6 +92,13 @@ infra/main/.terraform: | \
env -C infra/main $(TERRAFORM) init -upgrade \ env -C infra/main $(TERRAFORM) init -upgrade \
-backend-config="../../config/$(ENVIRONMENT).tfbackend" \ -backend-config="../../config/$(ENVIRONMENT).tfbackend" \
' '
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
env -C infra/main $(TERRAFORM) refresh \
-var environment=$(ENVIRONMENT) \
-var namespace=$(ENVIRONMENT) \
-var region=$(REGION) \
-state $(ENVIRONMENT).tfstate \
'
infra/backend/$(ENVIRONMENT).tfstate: \ infra/backend/$(ENVIRONMENT).tfstate: \
$(TERRAFORM) \ $(TERRAFORM) \
@ -96,7 +110,7 @@ infra/backend/$(ENVIRONMENT).tfstate: \
-var environment=$(ENVIRONMENT) \ -var environment=$(ENVIRONMENT) \
-var namespace=$(ENVIRONMENT) \ -var namespace=$(ENVIRONMENT) \
-var region=$(REGION) \ -var region=$(REGION) \
-state ../../$@ \ -state $@ \
' '
config/$(ENVIRONMENT).tfbackend: | \ config/$(ENVIRONMENT).tfbackend: | \
@ -107,9 +121,17 @@ config/$(ENVIRONMENT).tfbackend: | \
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\ $(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
env -C infra/backend \ env -C infra/backend \
$(TERRAFORM) \ $(TERRAFORM) \
output -state ../../$< \ output -state $(ENVIRONMENT).tfstate \
> $@ \ > $@ \
' '
$(SOPS) exec-env secrets/$(ENVIRONMENT).enc.env '\
env -C infra/backend \
$(TERRAFORM) refresh \
-var environment=$(ENVIRONMENT) \
-var namespace=$(ENVIRONMENT) \
-var region=$(REGION) \
-state $(ENVIRONMENT).tfstate \
'
.PHONY: .PHONY:
apply: \ apply: \
@ -126,7 +148,7 @@ apply: \
-var environment=$(ENVIRONMENT) \ -var environment=$(ENVIRONMENT) \
-var namespace=$(ENVIRONMENT) \ -var namespace=$(ENVIRONMENT) \
-var region=$(REGION) \ -var region=$(REGION) \
' $(EXTRA_ARGS) '
$(call maybe_encrypt_secret,infra/main/talos/talosconfig,secrets/$(ENVIRONMENT).talosconfig) $(call maybe_encrypt_secret,infra/main/talos/talosconfig,secrets/$(ENVIRONMENT).talosconfig)
$(call maybe_encrypt_secret,infra/main/talos/kubeconfig,secrets/$(ENVIRONMENT).kubeconfig) $(call maybe_encrypt_secret,infra/main/talos/kubeconfig,secrets/$(ENVIRONMENT).kubeconfig)
$(call maybe_encrypt_secret,infra/main/talos/controlplane.yaml,secrets/$(ENVIRONMENT).controlplane.yaml) $(call maybe_encrypt_secret,infra/main/talos/controlplane.yaml,secrets/$(ENVIRONMENT).controlplane.yaml)

2
config/make.env
View File

@ -22,7 +22,7 @@ SOPS_REF=b6d3c9700d88e0c9348f3ec7cd2f10ce4a4b3ee1
BUSYBOX_URL=https://busybox.net/downloads/busybox-1.36.1.tar.bz2 BUSYBOX_URL=https://busybox.net/downloads/busybox-1.36.1.tar.bz2
BUSYBOX_HASH=b8cc24c9574d809e7279c3be349795c5d5ceb6fdf19ca709f80cde50e47de314 BUSYBOX_HASH=b8cc24c9574d809e7279c3be349795c5d5ceb6fdf19ca709f80cde50e47de314
TOFU_REPO=https://github.com/opentofu/opentofu TOFU_REPO=https://github.com/opentofu/opentofu
TOFU_REF=f9d8b3ca2c0926f66757241baf81af523be73726 TOFU_REF=5d05dba18b6e276a6262a4722fe90c13350c5428
KSOPS_REPO=https://github.com/viaduct-ai/kustomize-sops KSOPS_REPO=https://github.com/viaduct-ai/kustomize-sops
KSOPS_REF=ac33c40e1b78d9847a8d0f58473e99419be5b170 KSOPS_REF=ac33c40e1b78d9847a8d0f58473e99419be5b170
KUSTOMIZE_REPO=https://github.com/kubernetes-sigs/kustomize KUSTOMIZE_REPO=https://github.com/kubernetes-sigs/kustomize

1
infra/main/provider.tf
View File

@ -8,6 +8,7 @@ terraform {
backend "s3" { backend "s3" {
skip_requesting_account_id = true skip_requesting_account_id = true
skip_credentials_validation = true skip_credentials_validation = true
skip_region_validation = true
skip_get_ec2_platforms = true skip_get_ec2_platforms = true
skip_metadata_api_check = true skip_metadata_api_check = true
} }

2
src/toolchain

@ -1 +1 @@
Subproject commit 23fc267a9dfdda30ba4287f8234879961722bafb Subproject commit a2315fdbc8cd0e4a654d1aa4623a53d5292b3574