diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl index 58f7856..fda759b 100644 --- a/terraform/.terraform.lock.hcl +++ b/terraform/.terraform.lock.hcl @@ -1,6 +1,18 @@ # This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. +provider "registry.terraform.io/backblaze/b2" { + version = "0.8.4" + constraints = "0.8.4" + hashes = [ + "h1:iTNGfXzJeiUYsrhnWo/hTO7zgtQiYH9U5xrlSCSb/rU=", + "zh:0181814e41ca950f0854d30efd9ac12ed46f031adab9628f768c7f1c3e851a46", + "zh:d2c76fa03670a9b4b54b768e897ba2a9b6e382eba666850228b041d744619dda", + "zh:f0d9e9d991215e69d9631b7bf75d3f6a7e8f76249c634bc704061a15b12349cd", + "zh:fb7dbb61143d0fa338a596063aa66ad3ecaa5b3537c9ab0b9f05dc30eed16cbf", + ] +} + provider "registry.terraform.io/cloudflare/cloudflare" { version = "2.27.0" constraints = "2.27.0" @@ -85,21 +97,21 @@ provider "registry.terraform.io/hashicorp/aws" { } provider "registry.terraform.io/hashicorp/local" { - version = "2.3.0" + version = "2.4.0" hashes = [ - "h1:+l9ZTDGmGdwnuYI5ftUjwP8UgoLw4f4V9xoCzal4LW0=", - "zh:1f1920b3f78c31c6b69cdfe1e016a959667c0e2d01934e1a084b94d5a02cd9d2", - "zh:550a3cdae0ddb350942624e7b2e8b31d28bc15c20511553432413b1f38f4b214", - "zh:68d1d9ccbfce2ce56b28a23b22833a5369d4c719d6d75d50e101a8a8dbe33b9b", - "zh:6ae3ad6d865a906920c313ec2f413d080efe32c230aca711fd106b4cb9022ced", + "h1:R97FTYETo88sT2VHfMgkPU3lzCsZLunPftjSI5vfKe8=", + "zh:53604cd29cb92538668fe09565c739358dc53ca56f9f11312b9d7de81e48fab9", + "zh:66a46e9c508716a1c98efbf793092f03d50049fa4a83cd6b2251e9a06aca2acf", + "zh:70a6f6a852dd83768d0778ce9817d81d4b3f073fab8fa570bff92dcb0824f732", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:a0f413d50f54124057ae3dcd9353a797b84e91dc34bcf85c34a06f8aef1f9b12", - "zh:a2ac6d4088ceddcd73d88505e18b8226a6e008bff967b9e2d04254ef71b4ac6b", - "zh:a851010672e5218bdd4c4ea1822706c9025ef813a03da716d647dd6f8e2cffb0", - "zh:aa797561755041ef2fad99ee9ffc12b5e724e246bb019b21d7409afc2ece3232", - "zh:c6afa960a20d776f54bb1fc260cd13ead17280ebd87f05b9abcaa841ed29d289", - "zh:df0975e86b30bb89717b8c8d6d4690b21db66de06e79e6d6cfda769f3304afe6", - "zh:f0d3cc3da72135efdbe8f4cfbfb0f2f7174827887990a5545e6db1981f0d3a7c", + "zh:82a803f2f484c8b766e2e9c32343e9c89b91997b9f8d2697f9f3837f62926b35", + "zh:9708a4e40d6cc4b8afd1352e5186e6e1502f6ae599867c120967aebe9d90ed04", + "zh:973f65ce0d67c585f4ec250c1e634c9b22d9c4288b484ee2a871d7fa1e317406", + "zh:c8fa0f98f9316e4cfef082aa9b785ba16e36ff754d6aba8b456dab9500e671c6", + "zh:cfa5342a5f5188b20db246c73ac823918c189468e1382cb3c48a9c0c08fc5bf7", + "zh:e0e2b477c7e899c63b06b38cd8684a893d834d6d0b5e9b033cedc06dd7ffe9e2", + "zh:f62d7d05ea1ee566f732505200ab38d94315a4add27947a60afa29860822d3fc", + "zh:fa7ce69dde358e172bd719014ad637634bbdabc49363104f4fca759b4b73f2ce", ] } diff --git a/terraform/backblaze.tf b/terraform/backblaze.tf new file mode 100644 index 0000000..f3210b5 --- /dev/null +++ b/terraform/backblaze.tf @@ -0,0 +1,94 @@ +resource "b2_bucket" "gitea" { + bucket_name = "0rng-gitea" + bucket_type = "allPrivate" + + default_server_side_encryption { + algorithm = "AES256" + mode = "SSE-B2" + } + + lifecycle_rules { + file_name_prefix = "" + days_from_hiding_to_deleting = 1 + days_from_uploading_to_hiding = 0 + } +} + +resource "b2_application_key" "gitea" { + key_name = "gitea" + bucket_id = b2_bucket.gitea.id + capabilities = [ + "readFiles", + "deleteFiles", + "listBuckets", + "listFiles", + "readBucketEncryption", + "readBucketReplications", + "readBuckets", + "shareFiles", + "writeBucketEncryption", + "writeBucketReplications", + "writeFiles", + ] +} + +resource "b2_bucket" "restic" { + bucket_name = "0rng-restic" + bucket_type = "allPrivate" + + default_server_side_encryption { + algorithm = "AES256" + mode = "SSE-B2" + } + + lifecycle_rules { + file_name_prefix = "" + days_from_hiding_to_deleting = 1 + days_from_uploading_to_hiding = 0 + } +} + +resource "b2_application_key" "restic" { + key_name = "restic" + bucket_id = b2_bucket.restic.id + capabilities = [ + "readFiles", + "deleteFiles", + "listBuckets", + "listFiles", + "readBucketEncryption", + "readBuckets", + "shareFiles", + "writeBucketEncryption", + "writeFiles", + ] +} + +resource "b2_application_key" "infrastructure" { + key_name = "infrastructure" + capabilities = [ + "bypassGovernance", + "deleteBuckets", + "deleteFiles", + "deleteKeys", + "listBuckets", + "listFiles", + "listKeys", + "readBucketEncryption", + "readBucketReplications", + "readBucketRetentions", + "readBuckets", + "readFileLegalHolds", + "readFileRetentions", + "readFiles", + "shareFiles", + "writeBucketEncryption", + "writeBucketReplications", + "writeBucketRetentions", + "writeBuckets", + "writeFileLegalHolds", + "writeFileRetentions", + "writeFiles", + "writeKeys", + ] +} diff --git a/terraform/providers.tf b/terraform/providers.tf index cb00005..74ebc6d 100644 --- a/terraform/providers.tf +++ b/terraform/providers.tf @@ -27,3 +27,8 @@ provider "grafana" { sm_access_token = var.grafana_cloud_synthetic_monitoring_token sm_url = "https://synthetic-monitoring-api-gb-south.grafana.net" } + +provider "b2" { + application_key = var.backblaze_application_key + application_key_id = var.backblaze_application_key_id +} diff --git a/terraform/terraform.tf b/terraform/terraform.tf index 2bf5b22..9476bb9 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -24,5 +24,9 @@ terraform { source = "grafana/grafana" version = "1.36.1" } + b2 = { + source = "Backblaze/b2" + version = "0.8.4" + } } } diff --git a/terraform/variables.tf b/terraform/variables.tf index 7223c3d..ac7c365 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -25,3 +25,11 @@ variable "grafana_cloud_api_key" { variable "grafana_cloud_synthetic_monitoring_token" { sensitive = true } + +variable "backblaze_application_key" { + sensitive = true +} + +variable "backblaze_application_key_id" { + sensitive = true +}