Compare commits
No commits in common. "ryansquared/use-stagex-bins" and "main" have entirely different histories.
ryansquare
...
main
|
|
@ -1 +0,0 @@
|
|||
*
|
||||
|
|
@ -1,44 +0,0 @@
|
|||
# Tools used for managing the stagex stack
|
||||
|
||||
FROM quay.io/stagex/core-busybox AS busybox
|
||||
FROM quay.io/stagex/core-musl AS musl
|
||||
FROM quay.io/stagex/core-ca-certificates AS ca-certificates
|
||||
FROM quay.io/stagex/core-zlib AS zlib
|
||||
FROM quay.io/stagex/user-gpg AS gpg
|
||||
FROM quay.io/stagex/user-npth AS npth
|
||||
FROM quay.io/stagex/user-libksba AS libksba
|
||||
FROM quay.io/stagex/user-libgpg-error AS libgpg-error
|
||||
FROM quay.io/stagex/user-libassuan AS libassuan
|
||||
FROM quay.io/stagex/user-libgcrypt AS libgcrypt
|
||||
FROM quay.io/stagex/user-tofu AS tofu
|
||||
FROM quay.io/stagex/user-sops AS sops
|
||||
FROM quay.io/stagex/user-talosctl AS talosctl
|
||||
FROM quay.io/stagex/user-kubectl AS kubectl
|
||||
FROM quay.io/stagex/user-kustomize AS kustomize
|
||||
FROM quay.io/stagex/user-kustomize-sops AS kustomize-sops
|
||||
FROM quay.io/stagex/user-helm AS helm
|
||||
|
||||
FROM scratch
|
||||
COPY --from=busybox . /
|
||||
COPY --from=musl . /
|
||||
COPY --from=ca-certificates . /
|
||||
COPY --from=zlib . /
|
||||
COPY --from=npth . /
|
||||
COPY --from=libksba . /
|
||||
COPY --from=libgpg-error . /
|
||||
COPY --from=libassuan . /
|
||||
COPY --from=libgcrypt . /
|
||||
COPY --from=gpg . /
|
||||
COPY --from=tofu . /
|
||||
COPY --from=sops . /
|
||||
COPY --from=talosctl . /
|
||||
COPY --from=kubectl . /
|
||||
COPY --from=kustomize . /
|
||||
COPY --from=kustomize-sops . /
|
||||
COPY --from=sops . /
|
||||
COPY --from=helm . /
|
||||
|
||||
RUN mkdir -p /root/.gnupg
|
||||
RUN chmod 0700 /root/.gnupg
|
||||
|
||||
ENTRYPOINT ["/bin/sh"]
|
||||
26
Makefile
26
Makefile
|
|
@ -1,3 +1,6 @@
|
|||
include $(PWD)/src/toolchain/Makefile
|
||||
include $(PWD)/src/make/tools.mk
|
||||
|
||||
BACKEND_TF := $(wildcard infra/backend/*.tf)
|
||||
MAIN_TF := $(wildcard infra/main/*.tf)
|
||||
ENVIRONMENT := production
|
||||
|
|
@ -130,29 +133,6 @@ config/$(ENVIRONMENT).tfbackend: | \
|
|||
-state $(ENVIRONMENT).tfstate \
|
||||
'
|
||||
|
||||
.PHONY: build-container
|
||||
build-container:
|
||||
docker build -t git.distrust.co/public/stack-tools -f Containerfile.tools .
|
||||
|
||||
GPG_TTY ?= $(shell tty)
|
||||
|
||||
define run-container
|
||||
docker run -it \
|
||||
-e GPG_TTY=$(GPG_TTY) \
|
||||
-e GPG_AGENT_INFO=/S.gpg-agent:0:1 \
|
||||
-v $(shell gpgconf --list-dirs agent-socket):/root/.gnupg-w/S.gpg-agent \
|
||||
-v $(shell gpgconf --list-dirs homedir):/root/.gnupg:ro \
|
||||
git.distrust.co/public/stack-tools
|
||||
endef
|
||||
|
||||
.PHONY: new-apply
|
||||
new-apply: build-container
|
||||
$(call run-container,'\
|
||||
echo $$GPG_AGENT_INFO; \
|
||||
ls -l /S.gpg-agent; \
|
||||
gpg --verbose --list-keys \
|
||||
')
|
||||
|
||||
.PHONY:
|
||||
apply: \
|
||||
$(TERRAFORM) \
|
||||
|
|
|
|||
|
|
@ -125,10 +125,7 @@ locals {
|
|||
# `jq .database_users.value.forgejo | sops --encrypt`
|
||||
output "database_users" {
|
||||
value = {
|
||||
for db_user in concat(
|
||||
values(module.digitalocean_database_cluster.database_users),
|
||||
values(module.digitalocean_mysql_database_cluster.database_users),
|
||||
):
|
||||
for db_user in concat(module.digitalocean_database_cluster.database_users, module.digitalocean_mysql_database_cluster.database_users):
|
||||
db_user.name => {
|
||||
apiVersion = "v1",
|
||||
kind = "Secret",
|
||||
|
|
|
|||
Loading…
Reference in New Issue