Configure Backblaze with terraform

2023-04-28 17:57:58 +01:00 · 2023-04-28 17:57:58 +01:00 · 297e2e0dba
commit 297e2e0dba
parent f6988af87c
5 changed files with 136 additions and 13 deletions
--- a/terraform/.terraform.lock.hcl
+++ b/terraform/.terraform.lock.hcl
@ -1,6 +1,18 @@
 # This file is maintained automatically by "terraform init".
 # Manual edits may be lost in future updates.

+provider "registry.terraform.io/backblaze/b2" {
+  version     = "0.8.4"
+  constraints = "0.8.4"
+  hashes = [
+    "h1:iTNGfXzJeiUYsrhnWo/hTO7zgtQiYH9U5xrlSCSb/rU=",
+    "zh:0181814e41ca950f0854d30efd9ac12ed46f031adab9628f768c7f1c3e851a46",
+    "zh:d2c76fa03670a9b4b54b768e897ba2a9b6e382eba666850228b041d744619dda",
+    "zh:f0d9e9d991215e69d9631b7bf75d3f6a7e8f76249c634bc704061a15b12349cd",
+    "zh:fb7dbb61143d0fa338a596063aa66ad3ecaa5b3537c9ab0b9f05dc30eed16cbf",
+  ]
+}
+
 provider "registry.terraform.io/cloudflare/cloudflare" {
  version     = "2.27.0"
  constraints = "2.27.0"
@ -85,21 +97,21 @@ provider "registry.terraform.io/hashicorp/aws" {
 }

 provider "registry.terraform.io/hashicorp/local" {
-  version = "2.3.0"
+  version = "2.4.0"
  hashes = [
-    "h1:+l9ZTDGmGdwnuYI5ftUjwP8UgoLw4f4V9xoCzal4LW0=",
-    "zh:1f1920b3f78c31c6b69cdfe1e016a959667c0e2d01934e1a084b94d5a02cd9d2",
-    "zh:550a3cdae0ddb350942624e7b2e8b31d28bc15c20511553432413b1f38f4b214",
-    "zh:68d1d9ccbfce2ce56b28a23b22833a5369d4c719d6d75d50e101a8a8dbe33b9b",
-    "zh:6ae3ad6d865a906920c313ec2f413d080efe32c230aca711fd106b4cb9022ced",
+    "h1:R97FTYETo88sT2VHfMgkPU3lzCsZLunPftjSI5vfKe8=",
+    "zh:53604cd29cb92538668fe09565c739358dc53ca56f9f11312b9d7de81e48fab9",
+    "zh:66a46e9c508716a1c98efbf793092f03d50049fa4a83cd6b2251e9a06aca2acf",
+    "zh:70a6f6a852dd83768d0778ce9817d81d4b3f073fab8fa570bff92dcb0824f732",
    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
-    "zh:a0f413d50f54124057ae3dcd9353a797b84e91dc34bcf85c34a06f8aef1f9b12",
-    "zh:a2ac6d4088ceddcd73d88505e18b8226a6e008bff967b9e2d04254ef71b4ac6b",
-    "zh:a851010672e5218bdd4c4ea1822706c9025ef813a03da716d647dd6f8e2cffb0",
-    "zh:aa797561755041ef2fad99ee9ffc12b5e724e246bb019b21d7409afc2ece3232",
-    "zh:c6afa960a20d776f54bb1fc260cd13ead17280ebd87f05b9abcaa841ed29d289",
-    "zh:df0975e86b30bb89717b8c8d6d4690b21db66de06e79e6d6cfda769f3304afe6",
-    "zh:f0d3cc3da72135efdbe8f4cfbfb0f2f7174827887990a5545e6db1981f0d3a7c",
+    "zh:82a803f2f484c8b766e2e9c32343e9c89b91997b9f8d2697f9f3837f62926b35",
+    "zh:9708a4e40d6cc4b8afd1352e5186e6e1502f6ae599867c120967aebe9d90ed04",
+    "zh:973f65ce0d67c585f4ec250c1e634c9b22d9c4288b484ee2a871d7fa1e317406",
+    "zh:c8fa0f98f9316e4cfef082aa9b785ba16e36ff754d6aba8b456dab9500e671c6",
+    "zh:cfa5342a5f5188b20db246c73ac823918c189468e1382cb3c48a9c0c08fc5bf7",
+    "zh:e0e2b477c7e899c63b06b38cd8684a893d834d6d0b5e9b033cedc06dd7ffe9e2",
+    "zh:f62d7d05ea1ee566f732505200ab38d94315a4add27947a60afa29860822d3fc",
+    "zh:fa7ce69dde358e172bd719014ad637634bbdabc49363104f4fca759b4b73f2ce",
  ]
 }

--- a/terraform/backblaze.tf
+++ b/terraform/backblaze.tf
@ -0,0 +1,94 @@
+resource "b2_bucket" "gitea" {
+  bucket_name = "0rng-gitea"
+  bucket_type = "allPrivate"
+
+  default_server_side_encryption {
+    algorithm = "AES256"
+    mode      = "SSE-B2"
+  }
+
+  lifecycle_rules {
+    file_name_prefix              = ""
+    days_from_hiding_to_deleting  = 1
+    days_from_uploading_to_hiding = 0
+  }
+}
+
+resource "b2_application_key" "gitea" {
+  key_name  = "gitea"
+  bucket_id = b2_bucket.gitea.id
+  capabilities = [
+    "readFiles",
+    "deleteFiles",
+    "listBuckets",
+    "listFiles",
+    "readBucketEncryption",
+    "readBucketReplications",
+    "readBuckets",
+    "shareFiles",
+    "writeBucketEncryption",
+    "writeBucketReplications",
+    "writeFiles",
+  ]
+}
+
+resource "b2_bucket" "restic" {
+  bucket_name = "0rng-restic"
+  bucket_type = "allPrivate"
+
+  default_server_side_encryption {
+    algorithm = "AES256"
+    mode      = "SSE-B2"
+  }
+
+  lifecycle_rules {
+    file_name_prefix              = ""
+    days_from_hiding_to_deleting  = 1
+    days_from_uploading_to_hiding = 0
+  }
+}
+
+resource "b2_application_key" "restic" {
+  key_name  = "restic"
+  bucket_id = b2_bucket.restic.id
+  capabilities = [
+    "readFiles",
+    "deleteFiles",
+    "listBuckets",
+    "listFiles",
+    "readBucketEncryption",
+    "readBuckets",
+    "shareFiles",
+    "writeBucketEncryption",
+    "writeFiles",
+  ]
+}
+
+resource "b2_application_key" "infrastructure" {
+  key_name = "infrastructure"
+  capabilities = [
+    "bypassGovernance",
+    "deleteBuckets",
+    "deleteFiles",
+    "deleteKeys",
+    "listBuckets",
+    "listFiles",
+    "listKeys",
+    "readBucketEncryption",
+    "readBucketReplications",
+    "readBucketRetentions",
+    "readBuckets",
+    "readFileLegalHolds",
+    "readFileRetentions",
+    "readFiles",
+    "shareFiles",
+    "writeBucketEncryption",
+    "writeBucketReplications",
+    "writeBucketRetentions",
+    "writeBuckets",
+    "writeFileLegalHolds",
+    "writeFileRetentions",
+    "writeFiles",
+    "writeKeys",
+  ]
+}
--- a/terraform/providers.tf
+++ b/terraform/providers.tf
@ -27,3 +27,8 @@ provider "grafana" {
  sm_access_token = var.grafana_cloud_synthetic_monitoring_token
  sm_url          = "https://synthetic-monitoring-api-gb-south.grafana.net"
 }
+
+provider "b2" {
+  application_key    = var.backblaze_application_key
+  application_key_id = var.backblaze_application_key_id
+}
--- a/terraform/terraform.tf
+++ b/terraform/terraform.tf
@ -24,5 +24,9 @@ terraform {
      source  = "grafana/grafana"
      version = "1.36.1"
    }
+    b2 = {
+      source  = "Backblaze/b2"
+      version = "0.8.4"
+    }
  }
 }
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@ -25,3 +25,11 @@ variable "grafana_cloud_api_key" {
 variable "grafana_cloud_synthetic_monitoring_token" {
  sensitive = true
 }
+
+variable "backblaze_application_key" {
+  sensitive = true
+}
+
+variable "backblaze_application_key_id" {
+  sensitive = true
+}