Add Nextcloud deployment and configuration
- Introduced Nextcloud module with Kubernetes resources including deployment, service, ingress, and cron job. - Configured Apache settings for Nextcloud with SSL support and compression. - Created secrets for mail and admin credentials. - Added necessary environment variables for Nextcloud configuration. - Removed unused Scaleway access and secret keys from secrets and variables. - Updated CoreDNS module to support custom host overrides. - Implemented backup bucket policies and lifecycle rules for Scaleway object storage. - Enhanced IAM policies and applications for backup and email services. - Added outputs for backup bucket and API keys.
This commit is contained in:
@@ -43,3 +43,125 @@ resource "scaleway_object_bucket_policy" "policy" {
|
||||
]
|
||||
})
|
||||
}
|
||||
|
||||
resource "random_string" "bucket_suffix" {
|
||||
length = 8
|
||||
lower = true
|
||||
upper = false
|
||||
special = false
|
||||
}
|
||||
|
||||
resource "scaleway_object_bucket" "backup" {
|
||||
name = "a13labs-backup-${random_string.bucket_suffix.result}"
|
||||
project_id = var.scaleway_project_id
|
||||
region = "fr-par"
|
||||
|
||||
lifecycle_rule {
|
||||
id = "gitea-clean"
|
||||
prefix = "gitea-backup/"
|
||||
enabled = true
|
||||
|
||||
expiration {
|
||||
days = local.cloud_backup_retention_days
|
||||
}
|
||||
}
|
||||
|
||||
lifecycle_rule {
|
||||
id = "mail-clean"
|
||||
prefix = "mail-backup/"
|
||||
enabled = true
|
||||
|
||||
expiration {
|
||||
days = local.cloud_backup_retention_days
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource "scaleway_object_bucket_policy" "backup" {
|
||||
bucket = scaleway_object_bucket.backup.name
|
||||
policy = jsonencode({
|
||||
Version = "2023-04-17",
|
||||
Id = "AllowAccess",
|
||||
Statement = [
|
||||
{
|
||||
Effect = "Allow"
|
||||
Action = [
|
||||
"s3:*",
|
||||
]
|
||||
Principal = {
|
||||
SCW = "user_id:${var.scaleway_user_id}"
|
||||
}
|
||||
Resource = [
|
||||
scaleway_object_bucket.backup.name,
|
||||
"${scaleway_object_bucket.backup.name}/*",
|
||||
]
|
||||
},
|
||||
{
|
||||
Effect = "Allow"
|
||||
Action = [
|
||||
"s3:*",
|
||||
]
|
||||
Principal = {
|
||||
SCW = "application_id:${scaleway_iam_application.backup_app.id}"
|
||||
}
|
||||
Resource = [
|
||||
scaleway_object_bucket.backup.name,
|
||||
"${scaleway_object_bucket.backup.name}/*",
|
||||
],
|
||||
Condition = {
|
||||
IpAddress = {
|
||||
"aws:SourceIp" = local.instance_ips
|
||||
}
|
||||
},
|
||||
},
|
||||
]
|
||||
})
|
||||
}
|
||||
|
||||
resource "scaleway_object_bucket" "sftpgo" {
|
||||
name = "a13labs-sftpgo-${random_string.bucket_suffix.result}"
|
||||
project_id = var.scaleway_project_id
|
||||
region = "fr-par"
|
||||
}
|
||||
|
||||
resource "scaleway_object_bucket_policy" "sftpgo" {
|
||||
bucket = scaleway_object_bucket.sftpgo.name
|
||||
policy = jsonencode({
|
||||
Version = "2023-04-17",
|
||||
Id = "AllowAccess",
|
||||
Statement = [
|
||||
{
|
||||
Effect = "Allow"
|
||||
Action = [
|
||||
"s3:*",
|
||||
]
|
||||
Principal = {
|
||||
SCW = "user_id:${var.scaleway_user_id}"
|
||||
}
|
||||
Resource = [
|
||||
scaleway_object_bucket.sftpgo.name,
|
||||
"${scaleway_object_bucket.sftpgo.name}/*",
|
||||
]
|
||||
},
|
||||
{
|
||||
Effect = "Allow"
|
||||
Action = [
|
||||
"s3:*",
|
||||
]
|
||||
Principal = {
|
||||
SCW = "application_id:${scaleway_iam_application.sftpgo_app.id}"
|
||||
}
|
||||
Resource = [
|
||||
scaleway_object_bucket.sftpgo.name,
|
||||
"${scaleway_object_bucket.sftpgo.name}/*",
|
||||
],
|
||||
Condition = {
|
||||
IpAddress = {
|
||||
"aws:SourceIp" = local.instance_ips
|
||||
}
|
||||
},
|
||||
},
|
||||
]
|
||||
})
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user