aboutsummaryrefslogtreecommitdiff
path: root/ops
diff options
context:
space:
mode:
Diffstat (limited to 'ops')
-rw-r--r--ops/github/.gitignore3
-rw-r--r--ops/github/README.org15
-rw-r--r--ops/github/main.tf47
-rw-r--r--ops/github/repositories_private.tf218
-rw-r--r--ops/github/repositories_public.tf71
5 files changed, 354 insertions, 0 deletions
diff --git a/ops/github/.gitignore b/ops/github/.gitignore
new file mode 100644
index 0000000..112bb96
--- /dev/null
+++ b/ops/github/.gitignore
@@ -0,0 +1,3 @@
+# ignore the various terraform files that are generate. The state is
+# stored in a GCS bucket.
+.terraform*
diff --git a/ops/github/README.org b/ops/github/README.org
new file mode 100644
index 0000000..86c664a
--- /dev/null
+++ b/ops/github/README.org
@@ -0,0 +1,15 @@
+#+TITLE: Managing GitHub with terraform
+
+This terraform configuration is to manage my GitHub configuration (repositories, projects, branches, etc).
+
+There's nothing special regarding how to use this repository.
+
+#+begin_src sh
+GITHUB_TOKEN=(pass api/github/terraform) terraform plan
+GITHUB_TOKEN=(pass api/github/terraform) terraform apply
+#+end_src
+
+* Credentials
+A token is needed to interact with the API. It's available in =pass= (under =api/github/terraform=). The token needs admin access for repositories and being able to read the user.
+* State
+The state is stored in a [[https://console.cloud.google.com/storage/browser/world-tf-state/github?project=fcuny-homelab&pageState=(%22StorageObjectListTable%22:(%22f%22:%22%255B%255D%22))&prefix=&forceOnObjectsSortingFiltering=false][GCS bucket]].
diff --git a/ops/github/main.tf b/ops/github/main.tf
new file mode 100644
index 0000000..91f58cb
--- /dev/null
+++ b/ops/github/main.tf
@@ -0,0 +1,47 @@
+locals {
+ terraform_service_account = "terraform@fcuny-homelab.iam.gserviceaccount.com"
+}
+
+provider "google" {
+ alias = "impersonation"
+ scopes = [
+ "https://www.googleapis.com/auth/cloud-platform",
+ "https://www.googleapis.com/auth/userinfo.email",
+ ]
+}
+
+data "google_service_account_access_token" "default" {
+ provider = google.impersonation
+ target_service_account = local.terraform_service_account
+ scopes = ["userinfo-email", "cloud-platform"]
+ lifetime = "1200s"
+}
+
+provider "google" {
+ project = "fcuny-homelab"
+ region = "us-west1"
+ zone = "us-west1-c"
+ access_token = data.google_service_account_access_token.default.access_token
+ request_timeout = "60s"
+}
+
+terraform {
+ required_providers {
+ github = {
+ source = "integrations/github"
+ version = "~> 4.0"
+ }
+ }
+
+ backend "gcs" {
+ bucket = "world-tf-state"
+ prefix = "github/state"
+ impersonate_service_account = "terraform@fcuny-homelab.iam.gserviceaccount.com"
+ }
+}
+
+# Configure the GitHub Provider. The environment variable
+# `GITHUB_TOKEN` needs to be set.
+provider "github" {
+ owner = "fcuny"
+}
diff --git a/ops/github/repositories_private.tf b/ops/github/repositories_private.tf
new file mode 100644
index 0000000..5e45e3f
--- /dev/null
+++ b/ops/github/repositories_private.tf
@@ -0,0 +1,218 @@
+resource "github_repository" "ballet" {
+ name = "ballet"
+ visibility = "private"
+ archived = true
+ has_downloads = false
+ has_issues = true
+ has_projects = false
+ has_wiki = false
+ allow_merge_commit = false
+ allow_squash_merge = true
+ allow_rebase_merge = true
+}
+
+resource "github_repository" "cpan-graph" {
+ name = "cpan-graph"
+ visibility = "private"
+ archived = true
+ has_downloads = false
+ has_issues = true
+ has_projects = false
+ has_wiki = false
+ allow_merge_commit = false
+ allow_squash_merge = true
+ allow_rebase_merge = true
+}
+
+resource "github_repository" "demorest" {
+ name = "demorest"
+ visibility = "private"
+ archived = true
+ has_downloads = false
+ has_issues = true
+ has_projects = false
+ has_wiki = false
+ allow_merge_commit = false
+ allow_squash_merge = true
+ allow_rebase_merge = true
+}
+
+resource "github_repository" "devbox" {
+ name = "devbox"
+ visibility = "private"
+ archived = true
+ has_downloads = false
+ has_issues = true
+ has_projects = false
+ has_wiki = false
+ allow_merge_commit = false
+ allow_squash_merge = true
+ allow_rebase_merge = true
+}
+
+resource "github_repository" "emacsd" {
+ name = "emacs.d"
+ visibility = "private"
+ has_downloads = false
+ has_issues = true
+ has_projects = false
+ has_wiki = false
+ allow_merge_commit = false
+ allow_squash_merge = true
+ allow_rebase_merge = true
+ vulnerability_alerts = true
+}
+
+resource "github_repository" "feeddiscovery" {
+ name = "feeddiscovery"
+ visibility = "private"
+ archived = true
+ has_downloads = false
+ has_issues = true
+ has_projects = false
+ has_wiki = false
+ allow_merge_commit = false
+ allow_squash_merge = true
+ allow_rebase_merge = true
+}
+
+resource "github_repository" "graph-gexf" {
+ name = "graph-gexf"
+ visibility = "private"
+ archived = true
+ has_downloads = false
+ has_issues = true
+ has_projects = false
+ has_wiki = false
+ allow_merge_commit = false
+ allow_squash_merge = true
+ allow_rebase_merge = true
+}
+
+resource "github_repository" "kiokudb-backend-memcachedb" {
+ name = "kiokudb-backend-memcachedb"
+ visibility = "private"
+ archived = true
+ has_downloads = false
+ has_issues = true
+ has_projects = false
+ has_wiki = false
+ allow_merge_commit = false
+ allow_squash_merge = true
+ allow_rebase_merge = true
+}
+
+resource "github_repository" "kiokudb-backend-riak" {
+ name = "kiokudb-backend-riak"
+ visibility = "private"
+ archived = true
+ has_downloads = false
+ has_issues = true
+ has_projects = false
+ has_wiki = false
+ allow_merge_commit = false
+ allow_squash_merge = true
+ allow_rebase_merge = true
+}
+
+resource "github_repository" "lwpx-paranoidagent" {
+ name = "lwpx-paranoidagent"
+ visibility = "private"
+ archived = true
+ has_downloads = false
+ has_issues = true
+ has_projects = false
+ has_wiki = false
+ allow_merge_commit = false
+ allow_squash_merge = true
+ allow_rebase_merge = true
+}
+
+resource "github_repository" "moosex-abstractfactory" {
+ name = "moosex-abstractfactory"
+ visibility = "private"
+ archived = true
+ has_downloads = false
+ has_issues = true
+ has_projects = false
+ has_wiki = false
+ allow_merge_commit = false
+ allow_squash_merge = true
+ allow_rebase_merge = true
+}
+
+resource "github_repository" "moosex-methodprivate" {
+ name = "moosex-methodprivate"
+ visibility = "private"
+ archived = true
+ has_downloads = false
+ has_issues = true
+ has_projects = false
+ has_wiki = false
+ allow_merge_commit = false
+ allow_squash_merge = true
+ allow_rebase_merge = true
+}
+
+resource "github_repository" "moosex-privacy" {
+ name = "moosex-privacy"
+ visibility = "private"
+ archived = true
+ has_downloads = false
+ has_issues = true
+ has_projects = false
+ has_wiki = false
+ allow_merge_commit = false
+ allow_squash_merge = true
+ allow_rebase_merge = true
+}
+
+resource "github_repository" "moosex-useragent" {
+ name = "moosex-useragent"
+ visibility = "private"
+ archived = true
+ has_downloads = false
+ has_issues = true
+ has_projects = false
+ has_wiki = false
+ allow_merge_commit = false
+ allow_squash_merge = true
+ allow_rebase_merge = true
+}
+
+resource "github_repository" "notebooks" {
+ name = "notebooks"
+ visibility = "private"
+ has_downloads = false
+ has_issues = false
+ has_projects = false
+ has_wiki = false
+ allow_merge_commit = false
+ allow_squash_merge = true
+ allow_rebase_merge = true
+}
+
+resource "github_repository" "password-store" {
+ name = "password-store"
+ visibility = "private"
+ has_downloads = false
+ has_issues = false
+ has_projects = false
+ has_wiki = false
+ allow_merge_commit = false
+ allow_squash_merge = true
+ allow_rebase_merge = true
+}
+
+resource "github_repository" "world" {
+ name = "world"
+ visibility = "private"
+ has_downloads = false
+ has_issues = true
+ has_projects = false
+ has_wiki = false
+ allow_merge_commit = false
+ allow_squash_merge = true
+ allow_rebase_merge = true
+ vulnerability_alerts = true
+}
diff --git a/ops/github/repositories_public.tf b/ops/github/repositories_public.tf
new file mode 100644
index 0000000..8f70342
--- /dev/null
+++ b/ops/github/repositories_public.tf
@@ -0,0 +1,71 @@
+# github_repository.jitterbug:
+resource "github_repository" "jitterbug" {
+ name = "jitterbug"
+ archived = true
+ allow_auto_merge = false
+ allow_merge_commit = false
+ allow_rebase_merge = false
+ allow_squash_merge = false
+ delete_branch_on_merge = true
+ description = "Cross Language Continuous Integration for Git"
+ has_downloads = true
+ has_issues = true
+ has_projects = true
+ has_wiki = true
+ homepage_url = "http://lumberjaph.net/jitterbug/"
+ vulnerability_alerts = true
+ pages {
+ cname = "jitterbug.pl"
+ source {
+ branch = "gh-pages"
+ path = "/"
+ }
+ }
+}
+
+# github_repository.presque:
+resource "github_repository" "presque" {
+ name = "presque"
+ archived = true
+ allow_auto_merge = false
+ allow_merge_commit = false
+ allow_rebase_merge = false
+ allow_squash_merge = false
+ delete_branch_on_merge = true
+ description = "a simple redis/tatsumaki message queue"
+ has_downloads = true
+ has_issues = true
+ has_projects = true
+ has_wiki = true
+ vulnerability_alerts = true
+}
+
+# github_repository.webservice-google-suggest:
+resource "github_repository" "webservice-google-suggest" {
+ name = "webservice-google-suggest"
+ archived = true
+ allow_auto_merge = false
+ allow_merge_commit = false
+ allow_rebase_merge = false
+ allow_squash_merge = false
+ delete_branch_on_merge = true
+ description = "WebService::Google::Suggest allows you to use Google Suggest as a Web Service API to retrieve completions to your search query or partial query"
+ has_downloads = true
+ has_issues = true
+ has_projects = true
+ has_wiki = true
+ vulnerability_alerts = true
+}
+
+resource "github_repository" "anyevent-riak" {
+ name = "anyevent-riak"
+ archived = true
+ has_downloads = false
+ has_issues = true
+ has_projects = false
+ has_wiki = false
+ allow_merge_commit = false
+ allow_squash_merge = true
+ allow_rebase_merge = true
+ vulnerability_alerts = true
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 12:02:05 +0000