bunch of pre-commit linting things

This commit is contained in:
Jan Koppe 2024-01-25 19:25:52 +01:00
parent e11e4b138f
commit 33205b6fb5
Signed by: thunfisch
GPG Key ID: BE935B0735A2129B
35 changed files with 143 additions and 25 deletions

35
.pre-commit-config.yaml Normal file
View File

@ -0,0 +1,35 @@
---
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v2.3.0
hooks:
- id: end-of-file-fixer
- id: trailing-whitespace
- repo: https://github.com/adrienverge/yamllint.git
rev: v1.17.0
hooks:
- id: yamllint
args: ['--strict']
exclude: ".enc.yaml"
- repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.58.0
hooks:
- id: terraform_fmt
- id: terraform_docs
args:
- --hook-config=--path-to-file=README.md
- --hook-config=--add-to-existing-file=true
- id: terraform_tflint
args:
- '--args=--only=terraform_deprecated_interpolation'
- '--args=--only=terraform_deprecated_index'
- '--args=--only=terraform_unused_declarations'
- '--args=--only=terraform_comment_syntax'
- '--args=--only=terraform_documented_outputs'
- '--args=--only=terraform_typed_variables'
- '--args=--only=terraform_module_pinned_source'
- '--args=--only=terraform_naming_convention'
- '--args=--only=terraform_required_version'
- '--args=--only=terraform_required_providers'
- '--args=--only=terraform_standard_module_structure'
- '--args=--only=terraform_workspace_remote'

View File

@ -1 +1,4 @@
terraform 1.5.5 terraform 1.5.5
pre-commit 3.6.0
age 1.1.1
sops 3.8.1

View File

@ -31,6 +31,9 @@ The Terraform state is stored in a versioned S3 bucket. The bucket is located in
- Terraform 1.5.5 (not newer because Hashicorp changed to non-free licensing) - Terraform 1.5.5 (not newer because Hashicorp changed to non-free licensing)
- age (for encrypting & decrypting secrets) - age (for encrypting & decrypting secrets)
- sops (for encrypting & decrypting secrets) - sops (for encrypting & decrypting secrets)
- pre-commit (only required when commiting changes)
There is a [asdf](https://asdf-vm.com/) configuration in the repository, so you can run `asdf install` to install all the required tool versions. You might need to install the asdf plugins first.
### Deploying ### Deploying
@ -44,6 +47,10 @@ terraform apply
Check, double-check and triple-check the changes that Terraform wants to apply. If everything looks good, type `yes` and hit enter. Terraform will then apply the changes. Check, double-check and triple-check the changes that Terraform wants to apply. If everything looks good, type `yes` and hit enter. Terraform will then apply the changes.
### Commiting changes
This project uses [pre-commit](https://pre-commit.com/) to automatically run some checks before commiting changes. Run `pre-commit install` to install the git hook. Now, pre-commit will run automatically before every commit, hopefully preventing you from commiting stupid things.
### Secrets ### Secrets
Secrets are encrypted using [sops](https://github.com/getsops/sops) and [age](https://github.com/FiloSottile/age). The public keys for the age encryption are stored in the repository, so that anyone can encrypt secrets for the repository. Your private key is stored in your password manager and is only available to you. Secrets are encrypted using [sops](https://github.com/getsops/sops) and [age](https://github.com/FiloSottile/age). The public keys for the age encryption are stored in the repository, so that anyone can encrypt secrets for the repository. Your private key is stored in your password manager and is only available to you.

View File

View File

View File

View File

View File

View File

@ -11,4 +11,3 @@ resource "docker_network" "jitsi" {
ignore_changes = [labels] ignore_changes = [labels]
} }
} }

View File

View File

@ -5,3 +5,37 @@ This service is responsible for automatically updating the container images for
It connects to the Docker socket, and looks for services with the label `shepherd.auto-update=true`. It then checks the Docker registry for a newer version of the image, and if one is found, it updates the service. It connects to the Docker socket, and looks for services with the label `shepherd.auto-update=true`. It then checks the Docker registry for a newer version of the image, and if one is found, it updates the service.
The checks are performed once per day. The checks are performed once per day.
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Requirements
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | 1.5.5 |
| <a name="requirement_docker"></a> [docker](#requirement\_docker) | ~>3.0 |
| <a name="requirement_hetznerdns"></a> [hetznerdns](#requirement\_hetznerdns) | ~>2.2 |
## Providers
| Name | Version |
|------|---------|
| <a name="provider_docker"></a> [docker](#provider\_docker) | ~>3.0 |
## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [docker_service.shepherd](https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/service) | resource |
| [docker_registry_image.shepherd](https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/data-sources/registry_image) | data source |
## Inputs
No inputs.
## Outputs
No outputs.
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

View File

View File

View File

View File

View File

@ -1,3 +1,4 @@
---
http: http:
routers: routers:
dashboard-secure: dashboard-secure:

View File

@ -1,3 +1,4 @@
---
providers: providers:
docker: docker:
endpoint: "unix:///var/run/docker.sock" endpoint: "unix:///var/run/docker.sock"

View File

42
stacks/ax41-1/README.md Normal file
View File

@ -0,0 +1,42 @@
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Requirements
| Name | Version |
|------|---------|
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | 1.5.5 |
| <a name="requirement_docker"></a> [docker](#requirement\_docker) | ~>3.0 |
| <a name="requirement_hetznerdns"></a> [hetznerdns](#requirement\_hetznerdns) | ~>2.2 |
| <a name="requirement_sops"></a> [sops](#requirement\_sops) | ~>1.0 |
## Providers
| Name | Version |
|------|---------|
| <a name="provider_sops"></a> [sops](#provider\_sops) | 1.0.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| <a name="module_deckchores"></a> [deckchores](#module\_deckchores) | ../../modules/swarm/deckchores | n/a |
| <a name="module_grafana"></a> [grafana](#module\_grafana) | ../../modules/swarm/grafana | n/a |
| <a name="module_hedgedoc"></a> [hedgedoc](#module\_hedgedoc) | ../../modules/swarm/hedgedoc | n/a |
| <a name="module_jitsi"></a> [jitsi](#module\_jitsi) | ../../modules/swarm/jitsi | n/a |
| <a name="module_shepherd"></a> [shepherd](#module\_shepherd) | ../../modules/swarm/shepherd | n/a |
| <a name="module_shit"></a> [shit](#module\_shit) | ../../modules/swarm/shit | n/a |
| <a name="module_traefik"></a> [traefik](#module\_traefik) | ../../modules/swarm/traefik | n/a |
## Resources
| Name | Type |
|------|------|
| [sops_file.secrets](https://registry.terraform.io/providers/carlpett/sops/latest/docs/data-sources/file) | data source |
## Inputs
No inputs.
## Outputs
No outputs.
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

View File

@ -1,7 +1,3 @@
data "hetznerdns_zone" "chaoswest_tv" {
name = "chaoswest.tv"
}
module "shepherd" { module "shepherd" {
source = "../../modules/swarm/shepherd" source = "../../modules/swarm/shepherd"
} }

0
stacks/ax41-1/outputs.tf Normal file
View File

View File