diff --git a/stacks/kms/.terraform.lock.hcl b/stacks/kms/.terraform.lock.hcl index a1ca7484..fabbc047 100644 --- a/stacks/kms/.terraform.lock.hcl +++ b/stacks/kms/.terraform.lock.hcl @@ -24,6 +24,14 @@ provider "registry.terraform.io/cloudflare/cloudflare" { ] } +provider "registry.terraform.io/goauthentik/authentik" { + version = "2024.12.1" + constraints = "~> 2024.10" + hashes = [ + "h1:roBMd+gi+TGgikH/bMzEI8JfvJiMAQWt+8FmokCrQIs=", + ] +} + provider "registry.terraform.io/hashicorp/helm" { version = "3.1.1" hashes = [ diff --git a/stacks/kms/main.tf b/stacks/kms/main.tf index 3b758159..e628ecfc 100644 --- a/stacks/kms/main.tf +++ b/stacks/kms/main.tf @@ -24,16 +24,6 @@ module "tls_secret" { tls_secret_name = var.tls_secret_name } -resource "kubernetes_config_map" "kms-web-page" { - metadata { - name = "kms-web-page-config" - namespace = kubernetes_namespace.kms.metadata[0].name - } - data = { - "index.html" = var.index_html - } -} - resource "kubernetes_deployment" "kms-web-page" { metadata { name = "kms-web-page" @@ -59,8 +49,11 @@ resource "kubernetes_deployment" "kms-web-page" { } } spec { + image_pull_secrets { + name = "registry-credentials" + } container { - image = "nginx" + image = "forgejo.viktorbarzin.me/viktor/kms-website:${var.image_tag}" name = "kms-web-page" image_pull_policy = "IfNotPresent" resources { @@ -76,29 +69,17 @@ resource "kubernetes_deployment" "kms-web-page" { container_port = 80 protocol = "TCP" } - volume_mount { - name = "config" - mount_path = "/usr/share/nginx/html/" - } - } - - volume { - name = "config" - config_map { - name = "kms-web-page-config" - items { - key = "index.html" - path = "index.html" - } - } } } } } - depends_on = [kubernetes_config_map.kms-web-page] lifecycle { - # KYVERNO_LIFECYCLE_V1: Kyverno admission webhook mutates dns_config with ndots=2 - ignore_changes = [spec[0].template[0].spec[0].dns_config] + ignore_changes = [ + # KYVERNO_LIFECYCLE_V1: Kyverno admission webhook mutates dns_config with ndots=2 + spec[0].template[0].spec[0].dns_config, + # CI (Woodpecker) manages the live image tag via `kubectl set image` + spec[0].template[0].spec[0].container[0].image, + ] } } diff --git a/stacks/kms/variables.tf b/stacks/kms/variables.tf index 6baa99a9..d36ff6c7 100644 --- a/stacks/kms/variables.tf +++ b/stacks/kms/variables.tf @@ -1,68 +1,5 @@ -variable "index_html" { - - default = <How to activate windows -Open the following link and find a key for you version of windows:
-https://goo.gl/BcrPjW -
-
-Open cmd as Administrator and run the following:
-
-slmgr.vbs /ipk key_for_your_windows -
-slmgr.vbs /skms kms.viktorbarzin.me -
- - slmgr /ato - -
-

-

If you have an evaluation windows, you need to change it to retail one. This is how:

-
-From an elevated command prompt, determine the current edition name with the command
-DISM /online /Get-CurrentEdition. -
Make note of the edition ID, an abbreviated form of the edition name. Then run -
-DISM /online /Set-Edition: /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX /AcceptEula -
providing the edition ID and a retail product key. The server will restart -

-
- - -

How to activate Microsoft Office

-
- - CD \Program Files\Microsoft Office\Office16 OR CD \Program Files (x86)\Microsoft Office\Office16 - -
- - cscript ospp.vbs /sethst:kms.viktorbarzin.me - -
- - cscript ospp.vbs /inpkey:xxxxx-xxxxx-xxxxx-xxxxx-xxxxx - -
-where 'xxxx' is a key for your office. Some examples for office 2016 - https://www.techdee.com/microsoft-office-2016-product-key/ -
- - cscript ospp.vbs /act - - -
-
-If you messed up activation settings reset them using -
-slmgr /upk - -
-slmgr /cpky -
-and -
-slmgr /rearm - -

Buy me a beer :P

-EOT +variable "image_tag" { + type = string + default = "latest" + description = "kms-website image tag pushed to forgejo.viktorbarzin.me/viktor/kms-website. Use 8-char git SHA in CI." }