locals { tld = "fourlights.dev" cluster_dns = "venus.${local.tld}" bridge_dns = "bridge.${local.cluster_dns}" is_installed = true node_count = 3 } resource "kubernetes_manifest" "preserve-host-middleware" { depends_on = [local.is_installed] manifest = { apiVersion = "traefik.io/v1alpha1" kind = "Middleware" metadata = { name = "preserve-host-headers" namespace = "default" # NOTE: Hardcoded by design } spec = { headers = { customRequestHeaders = { "X-Forwarded-Proto" = "https" "X-Forwarded-Port" = "443" } } } } } resource "kubernetes_manifest" "https-redirect-middleware" { depends_on = [local.is_installed] manifest = { apiVersion = "traefik.io/v1alpha1" kind = "Middleware" metadata = { name = "redirect-to-https" namespace = "default" # NOTE: Hardcoded by design } spec = { redirectScheme = { permanent = true scheme = "https" } } } } module "homepage" { source = "../../infra/modules/homepage" wait_on = local.is_installed k8s_config_yaml = local.k8s_config_yaml server_dns = local.cluster_dns service_name = "homepage" service_uri = local.cluster_dns namespace = "homepage" } module "minio" { source = "../../infra/modules/minio" wait_on = local.is_installed k8s_config_yaml = local.k8s_config_yaml server_dns = local.cluster_dns service_name = "storage" namespace = "minio" admin_server_dns = local.cluster_dns # Restricted admin access, access via bridge tls = false admin = true ingressClass = "traefik" storageSize = "10Gi" displayOnHomepage = true } module "mongodb" { source = "../../infra/modules/mongodb" wait_on = local.is_installed k8s_config_yaml = local.k8s_config_yaml namespace = "mongodb" replicas = local.node_count } module "rabbitmq" { source = "../../infra/modules/rabbitmq" wait_on = local.is_installed k8s_config_yaml = local.k8s_config_yaml server_dns = "local" # Restricted admin access, access via bridge service_name = "rabbitmq" namespace = "rabbitmq" tls = false admin = true ingressClass = "traefik" } module "postgresql" { source = "../../infra/modules/postgresql" namespace = "postgresql" k8s_config_yaml = local.k8s_config_yaml username = "bridge" } module "zitadel-db" { source = "../../infra/modules/postgresql/tenant" wait_on = module.postgresql.installed name = "zitadel" root_password = module.postgresql.root_password k8s_config_yaml = local.k8s_config_yaml } module "zitadel" { source = "../../infra/modules/zitadel" wait_on = module.zitadel-db.installed k8s_config_yaml = local.k8s_config_yaml server_dns = local.cluster_dns service_name = "zitadel" namespace = "zitadel" database_password = module.zitadel-db.password database_root_password = module.postgresql.root_password display_on_homepage = true } module "zitadel-tenant" { source = "../../infra/modules/zitadel/tenant" wait_on = module.zitadel.installed domain = module.zitadel.server name = "fourlights" jwt_profile_file = module.zitadel.jwt_profile_file } module "zitadel-idp-google" { source = "../../infra/modules/zitadel/identity-provider/google" wait_on = module.zitadel-tenant.installed domain = module.zitadel.server jwt_profile_file = module.zitadel.jwt_profile_file org_id = module.zitadel-tenant.org_id client_id = "783390190667-0nkts50perpmhott4i7ro1ob5n7koi5i.apps.googleusercontent.com" client_secret = "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" options = { scopes = ["openid", "profile", "email"] is_auto_creation = true is_auto_update = true is_creation_allowed = true is_linking_allowed = false auto_linking = "AUTO_LINKING_OPTION_USERNAME" } } // module "zitadel-machine-user" { // source = "../../infra/modules/zitadel/tenant" // wait_on = module.zitadel.installed // k8s_config_yaml = local.k8s_config_yaml // // domain = module.zitadel.server // secret = "zitadel-admin-sa" // namespace = "zitadel" // name = "fourlights" // }