fd0f4a0365
6d224861 came from a --no-checkout worktree whose empty index made the
commit drop every file except two. This restores 05b50d2b's full tree and
correctly adds stacks/stem95su/gdrive-sync.tf + the service-catalog stem95su
entry. Forward-only (parent=6d224861, no force-push); [ci skip] since the
live infra was never applied from the broken commit.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
42 lines
2.1 KiB
HCL
42 lines
2.1 KiB
HCL
# =============================================================================
|
|
# Monitoring Stack — Prometheus / Grafana / Loki
|
|
# =============================================================================
|
|
|
|
variable "tls_secret_name" { type = string }
|
|
variable "nfs_server" { type = string }
|
|
variable "mysql_host" { type = string }
|
|
variable "monitoring_idrac_username" { type = string }
|
|
|
|
data "vault_kv_secret_v2" "secrets" {
|
|
mount = "secret"
|
|
name = "platform"
|
|
}
|
|
|
|
data "vault_kv_secret_v2" "viktor" {
|
|
mount = "secret"
|
|
name = "viktor"
|
|
}
|
|
|
|
module "monitoring" {
|
|
source = "./modules/monitoring"
|
|
tls_secret_name = var.tls_secret_name
|
|
nfs_server = var.nfs_server
|
|
mysql_host = var.mysql_host
|
|
alertmanager_account_password = data.vault_kv_secret_v2.secrets.data["alertmanager_account_password"]
|
|
idrac_username = var.monitoring_idrac_username
|
|
idrac_password = data.vault_kv_secret_v2.secrets.data["monitoring_idrac_password"]
|
|
alertmanager_slack_api_url = data.vault_kv_secret_v2.secrets.data["alertmanager_slack_api_url"]
|
|
tiny_tuya_service_secret = data.vault_kv_secret_v2.secrets.data["tiny_tuya_service_secret"]
|
|
haos_api_token = data.vault_kv_secret_v2.secrets.data["haos_api_token"]
|
|
pve_password = data.vault_kv_secret_v2.secrets.data["pve_password"]
|
|
grafana_admin_password = data.vault_kv_secret_v2.secrets.data["grafana_admin_password"]
|
|
kube_config_path = var.kube_config_path
|
|
registry_user = data.vault_kv_secret_v2.viktor.data["registry_user"]
|
|
registry_password = data.vault_kv_secret_v2.viktor.data["registry_password"]
|
|
# try() so apply succeeds before the Vault key is populated during Phase 0
|
|
# bootstrap (see docs/runbooks/forgejo-registry-setup.md). Empty token =
|
|
# probe will report an auth failure and fire RegistryCatalogInaccessible —
|
|
# that's the intended visible-broken state until the PAT is created.
|
|
forgejo_pull_token = try(data.vault_kv_secret_v2.viktor.data["forgejo_pull_token"], "")
|
|
tier = local.tiers.cluster
|
|
}
|