infra/stacks/rbac/main.tf

variable "tls_secret_name" { type = string }
variable "ssh_private_key" {
  type      = string
  default   = ""
  sensitive = true
}

data "vault_kv_secret_v2" "secrets" {
  mount = "secret"
  name  = "platform"
}

locals {
  k8s_users = jsondecode(data.vault_kv_secret_v2.secrets.data["k8s_users"])
}

module "rbac" {
  source          = "./modules/rbac"
  tier            = local.tiers.cluster
  tls_secret_name = var.tls_secret_name
  k8s_users       = local.k8s_users
  ssh_private_key = var.ssh_private_key
}
extract remaining 19 modules from platform, complete stack split [ci skip] Phase 3: all 27 platform modules now run as independent stacks. Platform reduced to empty shell (outputs only) for backward compat with 72 app stacks that declare dependency "platform". Fixed technitium cross-module dashboard reference by copying file. Woodpecker pipeline applies all 27+1 stacks in parallel via loop. All applied with zero destroys. 2026-03-17 21:42:16 +00:00			`variable "tls_secret_name" { type = string }`
			`variable "ssh_private_key" {`
			`type = string`
			`default = ""`
			`sensitive = true`
			`}`

			`data "vault_kv_secret_v2" "secrets" {`
			`mount = "secret"`
			`name = "platform"`
			`}`

			`locals {`
			`k8s_users = jsondecode(data.vault_kv_secret_v2.secrets.data["k8s_users"])`
			`}`

			`module "rbac" {`
			`source = "./modules/rbac"`
			`tier = local.tiers.cluster`
			`tls_secret_name = var.tls_secret_name`
			`k8s_users = local.k8s_users`
			`ssh_private_key = var.ssh_private_key`
			`}`