Configure Backblaze with terraform
All checks were successful
/ terraform (push) Successful in 40s
/ ansible (push) Successful in 1m40s

This commit is contained in:
Jake Howard 2023-04-28 17:57:58 +01:00
parent f6988af87c
commit 297e2e0dba
Signed by: jake
GPG key ID: 57AFB45680EDD477
5 changed files with 136 additions and 13 deletions

View file

@ -1,6 +1,18 @@
# This file is maintained automatically by "terraform init". # This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates. # Manual edits may be lost in future updates.
provider "registry.terraform.io/backblaze/b2" {
version = "0.8.4"
constraints = "0.8.4"
hashes = [
"h1:iTNGfXzJeiUYsrhnWo/hTO7zgtQiYH9U5xrlSCSb/rU=",
"zh:0181814e41ca950f0854d30efd9ac12ed46f031adab9628f768c7f1c3e851a46",
"zh:d2c76fa03670a9b4b54b768e897ba2a9b6e382eba666850228b041d744619dda",
"zh:f0d9e9d991215e69d9631b7bf75d3f6a7e8f76249c634bc704061a15b12349cd",
"zh:fb7dbb61143d0fa338a596063aa66ad3ecaa5b3537c9ab0b9f05dc30eed16cbf",
]
}
provider "registry.terraform.io/cloudflare/cloudflare" { provider "registry.terraform.io/cloudflare/cloudflare" {
version = "2.27.0" version = "2.27.0"
constraints = "2.27.0" constraints = "2.27.0"
@ -85,21 +97,21 @@ provider "registry.terraform.io/hashicorp/aws" {
} }
provider "registry.terraform.io/hashicorp/local" { provider "registry.terraform.io/hashicorp/local" {
version = "2.3.0" version = "2.4.0"
hashes = [ hashes = [
"h1:+l9ZTDGmGdwnuYI5ftUjwP8UgoLw4f4V9xoCzal4LW0=", "h1:R97FTYETo88sT2VHfMgkPU3lzCsZLunPftjSI5vfKe8=",
"zh:1f1920b3f78c31c6b69cdfe1e016a959667c0e2d01934e1a084b94d5a02cd9d2", "zh:53604cd29cb92538668fe09565c739358dc53ca56f9f11312b9d7de81e48fab9",
"zh:550a3cdae0ddb350942624e7b2e8b31d28bc15c20511553432413b1f38f4b214", "zh:66a46e9c508716a1c98efbf793092f03d50049fa4a83cd6b2251e9a06aca2acf",
"zh:68d1d9ccbfce2ce56b28a23b22833a5369d4c719d6d75d50e101a8a8dbe33b9b", "zh:70a6f6a852dd83768d0778ce9817d81d4b3f073fab8fa570bff92dcb0824f732",
"zh:6ae3ad6d865a906920c313ec2f413d080efe32c230aca711fd106b4cb9022ced",
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
"zh:a0f413d50f54124057ae3dcd9353a797b84e91dc34bcf85c34a06f8aef1f9b12", "zh:82a803f2f484c8b766e2e9c32343e9c89b91997b9f8d2697f9f3837f62926b35",
"zh:a2ac6d4088ceddcd73d88505e18b8226a6e008bff967b9e2d04254ef71b4ac6b", "zh:9708a4e40d6cc4b8afd1352e5186e6e1502f6ae599867c120967aebe9d90ed04",
"zh:a851010672e5218bdd4c4ea1822706c9025ef813a03da716d647dd6f8e2cffb0", "zh:973f65ce0d67c585f4ec250c1e634c9b22d9c4288b484ee2a871d7fa1e317406",
"zh:aa797561755041ef2fad99ee9ffc12b5e724e246bb019b21d7409afc2ece3232", "zh:c8fa0f98f9316e4cfef082aa9b785ba16e36ff754d6aba8b456dab9500e671c6",
"zh:c6afa960a20d776f54bb1fc260cd13ead17280ebd87f05b9abcaa841ed29d289", "zh:cfa5342a5f5188b20db246c73ac823918c189468e1382cb3c48a9c0c08fc5bf7",
"zh:df0975e86b30bb89717b8c8d6d4690b21db66de06e79e6d6cfda769f3304afe6", "zh:e0e2b477c7e899c63b06b38cd8684a893d834d6d0b5e9b033cedc06dd7ffe9e2",
"zh:f0d3cc3da72135efdbe8f4cfbfb0f2f7174827887990a5545e6db1981f0d3a7c", "zh:f62d7d05ea1ee566f732505200ab38d94315a4add27947a60afa29860822d3fc",
"zh:fa7ce69dde358e172bd719014ad637634bbdabc49363104f4fca759b4b73f2ce",
] ]
} }

94
terraform/backblaze.tf Normal file
View file

@ -0,0 +1,94 @@
resource "b2_bucket" "gitea" {
bucket_name = "0rng-gitea"
bucket_type = "allPrivate"
default_server_side_encryption {
algorithm = "AES256"
mode = "SSE-B2"
}
lifecycle_rules {
file_name_prefix = ""
days_from_hiding_to_deleting = 1
days_from_uploading_to_hiding = 0
}
}
resource "b2_application_key" "gitea" {
key_name = "gitea"
bucket_id = b2_bucket.gitea.id
capabilities = [
"readFiles",
"deleteFiles",
"listBuckets",
"listFiles",
"readBucketEncryption",
"readBucketReplications",
"readBuckets",
"shareFiles",
"writeBucketEncryption",
"writeBucketReplications",
"writeFiles",
]
}
resource "b2_bucket" "restic" {
bucket_name = "0rng-restic"
bucket_type = "allPrivate"
default_server_side_encryption {
algorithm = "AES256"
mode = "SSE-B2"
}
lifecycle_rules {
file_name_prefix = ""
days_from_hiding_to_deleting = 1
days_from_uploading_to_hiding = 0
}
}
resource "b2_application_key" "restic" {
key_name = "restic"
bucket_id = b2_bucket.restic.id
capabilities = [
"readFiles",
"deleteFiles",
"listBuckets",
"listFiles",
"readBucketEncryption",
"readBuckets",
"shareFiles",
"writeBucketEncryption",
"writeFiles",
]
}
resource "b2_application_key" "infrastructure" {
key_name = "infrastructure"
capabilities = [
"bypassGovernance",
"deleteBuckets",
"deleteFiles",
"deleteKeys",
"listBuckets",
"listFiles",
"listKeys",
"readBucketEncryption",
"readBucketReplications",
"readBucketRetentions",
"readBuckets",
"readFileLegalHolds",
"readFileRetentions",
"readFiles",
"shareFiles",
"writeBucketEncryption",
"writeBucketReplications",
"writeBucketRetentions",
"writeBuckets",
"writeFileLegalHolds",
"writeFileRetentions",
"writeFiles",
"writeKeys",
]
}

View file

@ -27,3 +27,8 @@ provider "grafana" {
sm_access_token = var.grafana_cloud_synthetic_monitoring_token sm_access_token = var.grafana_cloud_synthetic_monitoring_token
sm_url = "https://synthetic-monitoring-api-gb-south.grafana.net" sm_url = "https://synthetic-monitoring-api-gb-south.grafana.net"
} }
provider "b2" {
application_key = var.backblaze_application_key
application_key_id = var.backblaze_application_key_id
}

View file

@ -24,5 +24,9 @@ terraform {
source = "grafana/grafana" source = "grafana/grafana"
version = "1.36.1" version = "1.36.1"
} }
b2 = {
source = "Backblaze/b2"
version = "0.8.4"
}
} }
} }

View file

@ -25,3 +25,11 @@ variable "grafana_cloud_api_key" {
variable "grafana_cloud_synthetic_monitoring_token" { variable "grafana_cloud_synthetic_monitoring_token" {
sensitive = true sensitive = true
} }
variable "backblaze_application_key" {
sensitive = true
}
variable "backblaze_application_key_id" {
sensitive = true
}