about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ops/default.nix1
-rw-r--r--ops/github/.gitignore3
-rw-r--r--ops/github/README.org15
-rw-r--r--ops/github/default.nix29
-rw-r--r--ops/github/main.tf47
-rw-r--r--ops/github/repositories.tf36
-rw-r--r--ops/github/repositories.yaml296
7 files changed, 0 insertions, 427 deletions
diff --git a/ops/default.nix b/ops/default.nix
index 64a3d68..f06e40e 100644
--- a/ops/default.nix
+++ b/ops/default.nix
@@ -2,5 +2,4 @@
 
 pkgs.lib.makeScope pkgs.newScope (pkgs: {
   gcp-backups = pkgs.callPackage ./gcp-backups { };
-  github = pkgs.callPackage ./github { };
 })
diff --git a/ops/github/.gitignore b/ops/github/.gitignore
deleted file mode 100644
index 112bb96..0000000
--- a/ops/github/.gitignore
+++ /dev/null
@@ -1,3 +0,0 @@
-# ignore the various terraform files that are generate. The state is
-# stored in a GCS bucket.
-.terraform*
diff --git a/ops/github/README.org b/ops/github/README.org
deleted file mode 100644
index 5906fbd..0000000
--- a/ops/github/README.org
+++ /dev/null
@@ -1,15 +0,0 @@
-#+TITLE: Managing GitHub with terraform
-
-This terraform configuration is to manage my GitHub configuration (repositories, projects, branches, etc).
-
-There's nothing special regarding how to use this repository.
-
-#+begin_src sh
-GITHUB_TOKEN=(pass api/github/terraform) nix run .#ops.github.plan
-GITHUB_TOKEN=(pass api/github/terraform) nix run .#ops.github.init
-#+end_src
-
-* Credentials
-A token is needed to interact with the API. It's available in =pass= (under =api/github/terraform=). The token needs admin access for repositories and being able to read the user.
-* State
-The state is stored in a [[https://console.cloud.google.com/storage/browser/world-tf-state/github?project=fcuny-homelab&pageState=(%22StorageObjectListTable%22:(%22f%22:%22%255B%255D%22))&prefix=&forceOnObjectsSortingFiltering=false][GCS bucket]].
diff --git a/ops/github/default.nix b/ops/github/default.nix
deleted file mode 100644
index a36aa12..0000000
--- a/ops/github/default.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{ pkgs }:
-let
-  terraform = pkgs.terraform.withPlugins (p: [
-    p.google
-    p.github
-  ]);
-in
-pkgs.stdenv.mkDerivation rec {
-  name = "tf-github";
-  src = ./.;
-
-  init = pkgs.writeShellScriptBin "tf-github-init" ''
-    set -ueo pipefail
-    cd $(git rev-parse --show-toplevel)/ops/github
-    ${terraform}/bin/terraform init
-  '';
-
-  plan = pkgs.writeShellScriptBin "tf-github-plan" ''
-    set -ueo pipefail
-    cd $(git rev-parse --show-toplevel)/ops/github
-    ${terraform}/bin/terraform plan
-  '';
-
-  apply = pkgs.writeShellScriptBin "tf-github-apply" ''
-    set -ueo pipefail
-    cd $(git rev-parse --show-toplevel)/ops/github
-    ${terraform}/bin/terraform apply
-  '';
-}
diff --git a/ops/github/main.tf b/ops/github/main.tf
deleted file mode 100644
index 91f58cb..0000000
--- a/ops/github/main.tf
+++ /dev/null
@@ -1,47 +0,0 @@
-locals {
-  terraform_service_account = "terraform@fcuny-homelab.iam.gserviceaccount.com"
-}
-
-provider "google" {
-  alias = "impersonation"
-  scopes = [
-    "https://www.googleapis.com/auth/cloud-platform",
-    "https://www.googleapis.com/auth/userinfo.email",
-  ]
-}
-
-data "google_service_account_access_token" "default" {
-  provider               = google.impersonation
-  target_service_account = local.terraform_service_account
-  scopes                 = ["userinfo-email", "cloud-platform"]
-  lifetime               = "1200s"
-}
-
-provider "google" {
-  project         = "fcuny-homelab"
-  region          = "us-west1"
-  zone            = "us-west1-c"
-  access_token    = data.google_service_account_access_token.default.access_token
-  request_timeout = "60s"
-}
-
-terraform {
-  required_providers {
-    github = {
-      source  = "integrations/github"
-      version = "~> 4.0"
-    }
-  }
-
-  backend "gcs" {
-    bucket                      = "world-tf-state"
-    prefix                      = "github/state"
-    impersonate_service_account = "terraform@fcuny-homelab.iam.gserviceaccount.com"
-  }
-}
-
-# Configure the GitHub Provider. The environment variable
-# `GITHUB_TOKEN` needs to be set.
-provider "github" {
-  owner = "fcuny"
-}
diff --git a/ops/github/repositories.tf b/ops/github/repositories.tf
deleted file mode 100644
index 38e5de2..0000000
--- a/ops/github/repositories.tf
+++ /dev/null
@@ -1,36 +0,0 @@
-locals {
-  repositories = yamldecode(file("repositories.yaml"))
-}
-
-resource "github_repository" "repos" {
-  for_each = local.repositories
-
-  name                   = try(each.value.name, each.key)
-  visibility             = each.value.visibility
-  archived               = try(each.value.archived, false)
-  description            = try(each.value.description, null)
-  has_downloads          = false
-  has_issues             = try(each.value.has_issues, true)
-  has_projects           = false
-  has_wiki               = false
-  allow_merge_commit     = true
-  allow_squash_merge     = false
-  allow_rebase_merge     = false
-  vulnerability_alerts   = try(each.value.vulnerability_alerts, false)
-  delete_branch_on_merge = try(!each.value.archived, true)
-  auto_init              = true
-}
-
-resource "github_branch_default" "main" {
-  depends_on = [github_repository.repos]
-  # no need to set the default branch if the repository is already
-  # archived.
-  # use the name for the repository if set
-  for_each = {
-    for k, v in local.repositories : try(v.name, k) => v
-    if try(v.archived, false) == false
-  }
-
-  repository = each.key
-  branch     = try(each.value.default_branch, "main")
-}
diff --git a/ops/github/repositories.yaml b/ops/github/repositories.yaml
deleted file mode 100644
index d255e30..0000000
--- a/ops/github/repositories.yaml
+++ /dev/null
@@ -1,296 +0,0 @@
-ballet:
-  visibility: private
-  archived: true
-cpan-graph:
-  visibility: private
-  archived: true
-demorest:
-  visibility: private
-  archived: true
-devbox:
-  visibility: private
-  archived: true
-emacsd:
-  name: emacs.d
-  visibility: private
-  archived: false
-  vulnerability_alerts: true
-  description: my configuration for Emacs
-feeddiscovery:
-  visibility: private
-  archived: true
-graph-gexf:
-  visibility: private
-  archived: true
-kiokudb-backend-memcachedb:
-  visibility: private
-  archived: true
-kiokudb-backend-riak:
-  visibility: private
-  archived: true
-lwpx-paranoidagent:
-  visibility: private
-  archived: true
-moosex-abstractfactory:
-  visibility: private
-  archived: true
-moosex-methodprivate:
-  visibility: private
-  archived: true
-moosex-privacy:
-  visibility: private
-  archived: true
-moosex-useragent:
-  visibility: private
-  archived: true
-notebooks:
-  visibility: private
-  archived: true
-password-store:
-  visibility: private
-  archived: false
-  has_issues: false
-  description: 🔒 my passwords, managed by pass
-world:
-  visibility: private
-  archived: false
-  description: nix configurations for my machines
-  vulnerability_alerts: true
-  delete_branch_on_merge: true
-gh-ssh-keys:
-  visibility: private
-  archived: false
-  vulnerability_alerts: true
-  delete_branch_on_merge: true
-  description: manage ssh public keys for GitHub
-fcuny-net:
-  name: fcuny.net
-  visibility: private
-  archived: false
-  vulnerability_alerts: true
-  delete_branch_on_merge: true
-notes-fcuny-net:
-  name: notes.fcuny.net
-  visibility: private
-  archived: true
-govanity:
-  visibility: private
-  archived: true
-twitter-backup:
-  visibility: private
-  archived: false
-  vulnerability_alerts: true
-  delete_branch_on_merge: true
-  description: An automatic backup of my twitter data
-jitterbug:
-  archived: true
-  visibility: public
-  description: "Cross Language Continuous Integration for Git"
-presque:
-  archived: true
-  visibility: public
-  description: "a simple redis/tatsumaki message queue"
-webservice-google-suggest:
-  archived: true
-  visibility: public
-  description: "WebService::Google::Suggest allows you to use Google Suggest as a Web Service API to retrieve completions to your search query or partial query"
-anyevent-riak:
-  archived: true
-  visibility: private
-containerd-to-vm:
-  archived: false
-  visibility: public
-  vulnerability_alerts: true
-  delete_branch_on_merge: true
-  description: an experiment to create firecracker VMs from a docker image
-x509-info:
-  visibility: public
-  description: CLI to get information about a x509 certificate
-  archived: false
-mpd-stats:
-  visibility: private
-  archived: true
-pants-el:
-  visibility: public
-  archived: true
-  name: pants.el
-homelab:
-  visibility: private
-  archived: true
-ansible-foreman-inventory:
-  archived: true
-  visibility: private
-c-statsd-proxy:
-  archived: true
-  visibility: private
-catalystx-dispatcher-asgraph:
-  archived: true
-  visibility: private
-cpan-explorer:
-  archived: true
-  visibility: private
-dancer-chat:
-  archived: true
-  visibility: private
-dancer-debug:
-  archived: true
-  visibility: private
-dancer-logger-psgi:
-  archived: true
-  visibility: private
-dancer-plugin-i18n:
-  archived: true
-  visibility: private
-dancer-rest:
-  archived: true
-  visibility: private
-dancer-session-psgi:
-  archived: true
-  visibility: private
-dancer-template-declare:
-  archived: true
-  visibility: private
-dancer-template-xslate:
-  archived: true
-  visibility: private
-dancerdemo:
-  archived: true
-  visibility: private
-dandelion:
-  archived: true
-  visibility: private
-docker-distributedlog:
-  archived: true
-  visibility: private
-github-explorer:
-  archived: true
-  visibility: private
-http:
-  archived: true
-  visibility: private
-httpclient:
-  archived: true
-  visibility: private
-infrastructure:
-  archived: true
-  visibility: private
-intention-cloud:
-  archived: true
-  visibility: private
-ironman-myaggregator:
-  archived: true
-  visibility: private
-ironman-myfeedreader:
-  archived: true
-  visibility: private
-ironman-mymodel:
-  archived: true
-  visibility: private
-iterm2-lumberjaph:
-  archived: true
-  visibility: private
-lifestream:
-  archived: true
-  visibility: private
-linux-desktop:
-  archived: true
-  visibility: private
-linux-utils:
-  archived: true
-  visibility: private
-lumberjaph.net:
-  archived: true
-  visibility: private
-moonflower:
-  archived: true
-  visibility: private
-moosex-net-api:
-  archived: true
-  visibility: private
-net-backtype:
-  archived: true
-  visibility: private
-net-http-api:
-  archived: true
-  visibility: private
-net-http-api-spec:
-  archived: true
-  visibility: private
-net-http-console:
-  archived: true
-  visibility: private
-net-http-spore:
-  archived: true
-  visibility: private
-net-http-spore-middleware-opencalais:
-  archived: true
-  visibility: private
-net-neo4j:
-  archived: true
-  visibility: private
-net-presque:
-  archived: true
-  visibility: private
-net-riak:
-  archived: true
-  visibility: private
-old-tools:
-  archived: true
-  visibility: private
-path-router:
-  archived: true
-  visibility: private
-plack-middleware-apiratelimit:
-  archived: true
-  visibility: private
-plack-middleware-errornot:
-  archived: true
-  visibility: private
-plack-middleware-etag:
-  archived: true
-  visibility: private
-plack-middleware-file-less:
-  archived: true
-  visibility: private
-plack-middleware-i18n:
-  archived: true
-  visibility: private
-plack-middleware-throttle:
-  archived: true
-  visibility: private
-plack-middleware-transaction:
-  archived: true
-  visibility: private
-playground:
-  archived: true
-  visibility: private
-presque-worker:
-  archived: true
-  visibility: private
-pythonbrew-mini:
-  archived: true
-  visibility: private
-resume:
-  archived: true
-  visibility: private
-simple-to-bq:
-  archived: true
-  visibility: private
-spark:
-  archived: true
-  visibility: private
-spore:
-  archived: true
-  visibility: private
-stargit:
-  archived: true
-  visibility: private
-statsd-proxy:
-  archived: true
-  visibility: private
-tools:
-  archived: true
-  visibility: private
-web-request:
-  archived: true
-  visibility: private
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-12-26 09:02:58 +0000