bunch of pre-commit linting things

2024-01-25 19:25:52 +01:00 · 2024-01-25 19:25:52 +01:00 · 33205b6fb5
parent e11e4b138f
commit 33205b6fb5
35 changed files with 143 additions and 25 deletions
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -0,0 +1,35 @@
+---
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v2.3.0
+    hooks:
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+  - repo: https://github.com/adrienverge/yamllint.git
+    rev: v1.17.0
+    hooks:
+      - id: yamllint
+        args: ['--strict']
+        exclude: ".enc.yaml"
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.58.0
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_docs
+        args:
+          - --hook-config=--path-to-file=README.md
+          - --hook-config=--add-to-existing-file=true
+      - id: terraform_tflint
+        args:
+          - '--args=--only=terraform_deprecated_interpolation'
+          - '--args=--only=terraform_deprecated_index'
+          - '--args=--only=terraform_unused_declarations'
+          - '--args=--only=terraform_comment_syntax'
+          - '--args=--only=terraform_documented_outputs'
+          - '--args=--only=terraform_typed_variables'
+          - '--args=--only=terraform_module_pinned_source'
+          - '--args=--only=terraform_naming_convention'
+          - '--args=--only=terraform_required_version'
+          - '--args=--only=terraform_required_providers'
+          - '--args=--only=terraform_standard_module_structure'
+          - '--args=--only=terraform_workspace_remote'
--- a/.tool-versions
+++ b/.tool-versions
@ -1 +1,4 @@
 terraform 1.5.5
+pre-commit 3.6.0
+age 1.1.1
+sops 3.8.1
--- a/README.md
+++ b/README.md
@ -31,6 +31,9 @@ The Terraform state is stored in a versioned S3 bucket. The bucket is located in
 - Terraform 1.5.5 (not newer because Hashicorp changed to non-free licensing)
 - age (for encrypting & decrypting secrets)
 - sops (for encrypting & decrypting secrets)
+- pre-commit (only required when commiting changes)
+
+There is a [asdf](https://asdf-vm.com/) configuration in the repository, so you can run `asdf install` to install all the required tool versions. You might need to install the asdf plugins first.

 ### Deploying

@ -44,6 +47,10 @@ terraform apply

 Check, double-check and triple-check the changes that Terraform wants to apply. If everything looks good, type `yes` and hit enter. Terraform will then apply the changes.

+### Commiting changes
+
+This project uses [pre-commit](https://pre-commit.com/) to automatically run some checks before commiting changes. Run `pre-commit install` to install the git hook. Now, pre-commit will run automatically before every commit, hopefully preventing you from commiting stupid things.
+
 ### Secrets

 Secrets are encrypted using [sops](https://github.com/getsops/sops) and [age](https://github.com/FiloSottile/age). The public keys for the age encryption are stored in the repository, so that anyone can encrypt secrets for the repository. Your private key is stored in your password manager and is only available to you.
--- a/modules/swarm/deckchores/outputs.tf
+++ b/modules/swarm/deckchores/outputs.tf
--- a/modules/swarm/deckchores/variables.tf
+++ b/modules/swarm/deckchores/variables.tf
--- a/modules/swarm/grafana/outputs.tf
+++ b/modules/swarm/grafana/outputs.tf
--- a/modules/swarm/hedgedoc/outputs.tf
+++ b/modules/swarm/hedgedoc/outputs.tf
--- a/modules/swarm/jitsi/main.tf
+++ b/modules/swarm/jitsi/main.tf
--- a/modules/swarm/jitsi/network.tf
+++ b/modules/swarm/jitsi/network.tf
@ -11,4 +11,3 @@ resource "docker_network" "jitsi" {
    ignore_changes = [labels]
  }
 }
-
--- a/modules/swarm/jitsi/outputs.tf
+++ b/modules/swarm/jitsi/outputs.tf
--- a/modules/swarm/shepherd/README.md
+++ b/modules/swarm/shepherd/README.md
@ -5,3 +5,37 @@ This service is responsible for automatically updating the container images for
 It connects to the Docker socket, and looks for services with the label `shepherd.auto-update=true`. It then checks the Docker registry for a newer version of the image, and if one is found, it updates the service.

 The checks are performed once per day.
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | 1.5.5 |
+| <a name="requirement_docker"></a> [docker](#requirement\_docker) | ~>3.0 |
+| <a name="requirement_hetznerdns"></a> [hetznerdns](#requirement\_hetznerdns) | ~>2.2 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_docker"></a> [docker](#provider\_docker) | ~>3.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [docker_service.shepherd](https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/resources/service) | resource |
+| [docker_registry_image.shepherd](https://registry.terraform.io/providers/kreuzwerker/docker/latest/docs/data-sources/registry_image) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
--- a/modules/swarm/shepherd/outputs.tf
+++ b/modules/swarm/shepherd/outputs.tf
--- a/modules/swarm/shepherd/variables.tf
+++ b/modules/swarm/shepherd/variables.tf
--- a/modules/swarm/shit/outputs.tf
+++ b/modules/swarm/shit/outputs.tf
--- a/modules/swarm/shit/variables.tf
+++ b/modules/swarm/shit/variables.tf
--- a/modules/swarm/traefik/cfg/dynamic/dynamic.yaml
+++ b/modules/swarm/traefik/cfg/dynamic/dynamic.yaml
@ -1,3 +1,4 @@
+---
 http:
  routers:
    dashboard-secure:
--- a/modules/swarm/traefik/cfg/traefik.yaml
+++ b/modules/swarm/traefik/cfg/traefik.yaml
@ -1,3 +1,4 @@
+---
 providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
--- a/modules/swarm/traefik/outputs.tf
+++ b/modules/swarm/traefik/outputs.tf
--- a/stacks/ax41-1/README.md
+++ b/stacks/ax41-1/README.md
@ -0,0 +1,42 @@
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | 1.5.5 |
+| <a name="requirement_docker"></a> [docker](#requirement\_docker) | ~>3.0 |
+| <a name="requirement_hetznerdns"></a> [hetznerdns](#requirement\_hetznerdns) | ~>2.2 |
+| <a name="requirement_sops"></a> [sops](#requirement\_sops) | ~>1.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_sops"></a> [sops](#provider\_sops) | 1.0.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_deckchores"></a> [deckchores](#module\_deckchores) | ../../modules/swarm/deckchores | n/a |
+| <a name="module_grafana"></a> [grafana](#module\_grafana) | ../../modules/swarm/grafana | n/a |
+| <a name="module_hedgedoc"></a> [hedgedoc](#module\_hedgedoc) | ../../modules/swarm/hedgedoc | n/a |
+| <a name="module_jitsi"></a> [jitsi](#module\_jitsi) | ../../modules/swarm/jitsi | n/a |
+| <a name="module_shepherd"></a> [shepherd](#module\_shepherd) | ../../modules/swarm/shepherd | n/a |
+| <a name="module_shit"></a> [shit](#module\_shit) | ../../modules/swarm/shit | n/a |
+| <a name="module_traefik"></a> [traefik](#module\_traefik) | ../../modules/swarm/traefik | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [sops_file.secrets](https://registry.terraform.io/providers/carlpett/sops/latest/docs/data-sources/file) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
--- a/stacks/ax41-1/main.tf
+++ b/stacks/ax41-1/main.tf
@ -1,7 +1,3 @@
-data "hetznerdns_zone" "chaoswest_tv" {
-  name = "chaoswest.tv"
-}
-
 module "shepherd" {
  source = "../../modules/swarm/shepherd"
 }
--- a/stacks/ax41-1/outputs.tf
+++ b/stacks/ax41-1/outputs.tf
--- a/stacks/ax41-1/variables.tf
+++ b/stacks/ax41-1/variables.tf