docs updated

.drone.yml

@@ -0,0 +1,57 @@
+---
+kind: pipeline
+type: kubernetes
+name: Check docs and format
+
+trigger:
+  event:
+  - push
+  - tag
+
+environment:
+  TF_IN_AUTOMATION: "1"
+
+steps:
+- name: get terraform 
+  image: hashicorp/terraform:1.1.8
+  commands:
+    - apk add bash wget 
+    - wget https://github.com/terraform-docs/terraform-docs/releases/download/v0.16.0/terraform-docs-v0.16.0-linux-amd64.tar.gz -O - | tar -xz terraform-docs -C /usr/local/bin
+    - scripts/format.sh
+    - scripts/generate-docs.sh
+    - git diff-index --name-status HEAD
+
+---
+kind: pipeline
+type: kubernetes
+name: Terraform validate
+
+trigger:
+  event:
+  - push
+  - tag
+  branch:
+  - main
+
+environment:
+  TF_IN_AUTOMATION: "1"
+
+steps:
+- name: validate
+  image: hashicorp/terraform:1.1.8
+  commands:
+    - apk add bash
+    - mkdir -p ~/.ssh
+    - chmod 755 ~/.ssh
+    - echo "$${CI_SSH_KEY}" | base64 -d > ~/.ssh/id_rsa
+    - chmod 600 ~/.ssh/id_rsa
+    - scripts/validate.sh
+  environment:
+    GIT_SSH_COMMAND: "ssh -o StrictHostKeyChecking=no"
+    CI_SSH_KEY:
+      from_secret: ci-ssh-key
+---
+kind: signature
+hmac: 5afd79ba867df22299821b9fd132a11df0d4d5ab053821ccecf259ad100bf325
+
+...

.gitignore

@@ -0,0 +1,35 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+

9p-persistent-volume/README.md

@@ -0,0 +1,78 @@
+## Requirements
+
+The following requirements are needed by this module:
+
+- <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) (~> 2.11)
+
+## Providers
+
+The following providers are used by this module:
+
+- <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) (~> 2.11)
+
+## Modules
+
+No modules.
+
+## Resources
+
+The following resources are used by this module:
+
+- [kubernetes_persistent_volume.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/persistent_volume) (resource)
+- [kubernetes_persistent_volume_claim.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/persistent_volume_claim) (resource)
+
+## Required Inputs
+
+The following input variables are required:
+
+### <a name="input_name"></a> [name](#input\_name)
+
+Description: The name of the volume
+
+Type: `string`
+
+### <a name="input_namespace"></a> [namespace](#input\_namespace)
+
+Description: The namespace for the persistent volume claim
+
+Type: `string`
+
+## Optional Inputs
+
+The following input variables are optional (have default values):
+
+### <a name="input_volume_storage_capacity"></a> [volume\_storage\_capacity](#input\_volume\_storage\_capacity)
+
+Description: Size of the persistent volume reported to Kubernetes
+
+Type: `string`
+
+Default: `"1Gi"`
+
+## Outputs
+
+The following outputs are exported:
+
+### <a name="output_host_path"></a> [host\_path](#output\_host\_path)
+
+Description: n/a
+
+### <a name="output_namespace"></a> [namespace](#output\_namespace)
+
+Description: n/a
+
+### <a name="output_persistent_volume"></a> [persistent\_volume](#output\_persistent\_volume)
+
+Description: n/a
+
+### <a name="output_persistent_volume_claim"></a> [persistent\_volume\_claim](#output\_persistent\_volume\_claim)
+
+Description: n/a
+
+### <a name="output_pv_name"></a> [pv\_name](#output\_pv\_name)
+
+Description: n/a
+
+### <a name="output_pvc_name"></a> [pvc\_name](#output\_pvc\_name)
+
+Description: n/a

README.md

@@ -0,0 +1,5 @@
+## Terraform modules
+[![Build Status](https://drone.thomasklein.me/api/badges/thomasklein/terraform-modules/status.svg)](https://drone.thomasklein.me/thomasklein/terraform-modules)
+
+Here is a collection of various terraform modules I use to keep my homelab dry and tidy.
+

kubernetes/flannel/README.md

@@ -0,0 +1,142 @@
+## Requirements
+
+The following requirements are needed by this module:
+
+- <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) (~> 2.11)
+
+## Providers
+
+The following providers are used by this module:
+
+- <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) (~> 2.11)
+
+## Modules
+
+No modules.
+
+## Resources
+
+The following resources are used by this module:
+
+- [kubernetes_cluster_role.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role) (resource)
+- [kubernetes_cluster_role_binding.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_binding) (resource)
+- [kubernetes_config_map.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/config_map) (resource)
+- [kubernetes_daemonset.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/daemonset) (resource)
+- [kubernetes_pod_security_policy.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/pod_security_policy) (resource)
+- [kubernetes_service_account.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account) (resource)
+
+## Required Inputs
+
+The following input variables are required:
+
+### <a name="input_cluster_cidr"></a> [cluster\_cidr](#input\_cluster\_cidr)
+
+Description: ClusterCIDR
+
+Type: `string`
+
+### <a name="input_vxlan_id"></a> [vxlan\_id](#input\_vxlan\_id)
+
+Description: VXLAN ID (VNI)
+
+Type: `number`
+
+### <a name="input_vxlan_port"></a> [vxlan\_port](#input\_vxlan\_port)
+
+Description: UDP port to use for sending encapsulated packets
+
+Type: `number`
+
+## Optional Inputs
+
+The following input variables are optional (have default values):
+
+### <a name="input_cluster_role_name"></a> [cluster\_role\_name](#input\_cluster\_role\_name)
+
+Description: Name of the cluster role flannel will use
+
+Type: `string`
+
+Default: `"flannel"`
+
+### <a name="input_create_cluster_role"></a> [create\_cluster\_role](#input\_create\_cluster\_role)
+
+Description: Weather or not to create a suitable cluster role or use an already exisiting specified by cluster\_role\_name variable
+
+Type: `bool`
+
+Default: `true`
+
+### <a name="input_daemonset_name"></a> [daemonset\_name](#input\_daemonset\_name)
+
+Description: Name of the daeomonset
+
+Type: `string`
+
+Default: `"flannel"`
+
+### <a name="input_flannel_cni_plugin_image"></a> [flannel\_cni\_plugin\_image](#input\_flannel\_cni\_plugin\_image)
+
+Description: n/a
+
+Type: `string`
+
+Default: `"rancher/mirrored-flannelcni-flannel-cni-plugin:v1.0.1"`
+
+### <a name="input_flannel_image"></a> [flannel\_image](#input\_flannel\_image)
+
+Description: n/a
+
+Type: `string`
+
+Default: `"rancher/mirrored-flannelcni-flannel:v0.17.0"`
+
+### <a name="input_namespace"></a> [namespace](#input\_namespace)
+
+Description: namespace for resources
+
+Type: `string`
+
+Default: `"kube-system"`
+
+### <a name="input_node_selector_os"></a> [node\_selector\_os](#input\_node\_selector\_os)
+
+Description: Which kubernetes.io/os node-label to match for execution
+
+Type: `list(string)`
+
+Default:
+
+```json
+[
+  "linux"
+]
+```
+
+## Outputs
+
+The following outputs are exported:
+
+### <a name="output_cluster_role"></a> [cluster\_role](#output\_cluster\_role)
+
+Description: n/a
+
+### <a name="output_cluster_role_binding"></a> [cluster\_role\_binding](#output\_cluster\_role\_binding)
+
+Description: n/a
+
+### <a name="output_configmap"></a> [configmap](#output\_configmap)
+
+Description: n/a
+
+### <a name="output_daemonset"></a> [daemonset](#output\_daemonset)
+
+Description: n/a
+
+### <a name="output_pod_security_policy"></a> [pod\_security\_policy](#output\_pod\_security\_policy)
+
+Description: n/a
+
+### <a name="output_service_account"></a> [service\_account](#output\_service\_account)
+
+Description: n/a

kubernetes/kube-proxy/README.md

@@ -0,0 +1,103 @@
+## Requirements
+
+The following requirements are needed by this module:
+
+- <a name="requirement_kubernetes"></a> [kubernetes](#requirement\_kubernetes) (~> 2.11)
+
+## Providers
+
+The following providers are used by this module:
+
+- <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) (~> 2.11)
+
+## Modules
+
+No modules.
+
+## Resources
+
+The following resources are used by this module:
+
+- [kubernetes_cluster_role_binding.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_binding) (resource)
+- [kubernetes_config_map.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/config_map) (resource)
+- [kubernetes_daemonset.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/daemonset) (resource)
+- [kubernetes_service.prometheus](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service) (resource)
+- [kubernetes_service_account.this](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/service_account) (resource)
+
+## Required Inputs
+
+The following input variables are required:
+
+### <a name="input_cluster_cidr"></a> [cluster\_cidr](#input\_cluster\_cidr)
+
+Description: Kubernetes cluster CIDR
+
+Type: `string`
+
+### <a name="input_kubernetes_server"></a> [kubernetes\_server](#input\_kubernetes\_server)
+
+Description: Kubernetes (master) server address (eg: https://k8s.my.domain:6443/)
+
+Type: `string`
+
+### <a name="input_kubernetes_version"></a> [kubernetes\_version](#input\_kubernetes\_version)
+
+Description: Kubernetes cluster version (eg: 1.23.5)
+
+Type: `string`
+
+## Optional Inputs
+
+The following input variables are optional (have default values):
+
+### <a name="input_additional_config"></a> [additional\_config](#input\_additional\_config)
+
+Description: n/a
+
+Type: `map(any)`
+
+Default: `{}`
+
+### <a name="input_daemonset_name"></a> [daemonset\_name](#input\_daemonset\_name)
+
+Description: n/a
+
+Type: `string`
+
+Default: `"kube-proxy"`
+
+### <a name="input_mode"></a> [mode](#input\_mode)
+
+Description: n/a
+
+Type: `string`
+
+Default: `"iptables"`
+
+### <a name="input_namespace"></a> [namespace](#input\_namespace)
+
+Description: n/a
+
+Type: `string`
+
+Default: `"kube-system"`
+
+## Outputs
+
+The following outputs are exported:
+
+### <a name="output_cluster_role_binding"></a> [cluster\_role\_binding](#output\_cluster\_role\_binding)
+
+Description: n/a
+
+### <a name="output_configmap"></a> [configmap](#output\_configmap)
+
+Description: n/a
+
+### <a name="output_daemonset"></a> [daemonset](#output\_daemonset)
+
+Description: n/a
+
+### <a name="output_service_account"></a> [service\_account](#output\_service\_account)
+
+Description: n/a

lawndale-vm-ipam/README.md

@@ -0,0 +1,96 @@
+## Requirements
+
+The following requirements are needed by this module:
+
+- <a name="requirement_dns"></a> [dns](#requirement\_dns) (~> 3.2)
+
+## Providers
+
+The following providers are used by this module:
+
+- <a name="provider_dns"></a> [dns](#provider\_dns) (3.2.3)
+
+## Modules
+
+No modules.
+
+## Resources
+
+The following resources are used by this module:
+
+- [dns_a_record_set.this](https://registry.terraform.io/providers/hashicorp/dns/latest/docs/resources/a_record_set) (resource)
+- [dns_ptr_record.this](https://registry.terraform.io/providers/hashicorp/dns/latest/docs/resources/ptr_record) (resource)
+
+## Required Inputs
+
+The following input variables are required:
+
+### <a name="input_id"></a> [id](#input\_id)
+
+Description: The ID for the VM that will be transposed into an IP address
+
+Type: `number`
+
+### <a name="input_interface"></a> [interface](#input\_interface)
+
+Description: Which interface should be used. Can be either nat or internal
+
+Type: `string`
+
+### <a name="input_name"></a> [name](#input\_name)
+
+Description: The domain name for the vm
+
+Type: `string`
+
+## Optional Inputs
+
+The following input variables are optional (have default values):
+
+### <a name="input_ttl"></a> [ttl](#input\_ttl)
+
+Description: TTL value for the new records
+
+Type: `number`
+
+Default: `300`
+
+## Outputs
+
+The following outputs are exported:
+
+### <a name="output_cidr"></a> [cidr](#output\_cidr)
+
+Description: n/a
+
+### <a name="output_fqdn"></a> [fqdn](#output\_fqdn)
+
+Description: n/a
+
+### <a name="output_gateway"></a> [gateway](#output\_gateway)
+
+Description: n/a
+
+### <a name="output_interface"></a> [interface](#output\_interface)
+
+Description: n/a
+
+### <a name="output_ip_address"></a> [ip\_address](#output\_ip\_address)
+
+Description: n/a
+
+### <a name="output_lawndale_interface"></a> [lawndale\_interface](#output\_lawndale\_interface)
+
+Description: n/a
+
+### <a name="output_name"></a> [name](#output\_name)
+
+Description: n/a
+
+### <a name="output_nameserver"></a> [nameserver](#output\_nameserver)
+
+Description: n/a
+
+### <a name="output_search_domains"></a> [search\_domains](#output\_search\_domains)
+
+Description: n/a

lawndale-vm/README.md

@@ -0,0 +1,233 @@
+## Requirements
+
+The following requirements are needed by this module:
+
+- <a name="requirement_libvirt"></a> [libvirt](#requirement\_libvirt) (>= 0.6.14)
+
+- <a name="requirement_macaddress"></a> [macaddress](#requirement\_macaddress) (~> 0.3.0)
+
+## Providers
+
+The following providers are used by this module:
+
+- <a name="provider_libvirt"></a> [libvirt](#provider\_libvirt) (0.7.0)
+
+- <a name="provider_macaddress"></a> [macaddress](#provider\_macaddress) (0.3.2)
+
+## Modules
+
+The following Modules are called:
+
+### <a name="module_ipam"></a> [ipam](#module\_ipam)
+
+Source: git@git.thomasklein.me:thomasklein/terraform-modules//lawndale-vm-ipam
+
+Version:
+
+## Resources
+
+The following resources are used by this module:
+
+- [libvirt_cloudinit_disk.this](https://registry.terraform.io/providers/dmacvicar/libvirt/latest/docs/resources/cloudinit_disk) (resource)
+- [libvirt_domain.this](https://registry.terraform.io/providers/dmacvicar/libvirt/latest/docs/resources/domain) (resource)
+- [libvirt_pool.this](https://registry.terraform.io/providers/dmacvicar/libvirt/latest/docs/resources/pool) (resource)
+- [libvirt_volume.this](https://registry.terraform.io/providers/dmacvicar/libvirt/latest/docs/resources/volume) (resource)
+- [macaddress_macaddress.this](https://registry.terraform.io/providers/ivoronin/macaddress/latest/docs/resources/macaddress) (resource)
+
+## Required Inputs
+
+The following input variables are required:
+
+### <a name="input_base_image_pool"></a> [base\_image\_pool](#input\_base\_image\_pool)
+
+Description: Base image storage pool
+
+Type: `string`
+
+### <a name="input_base_image_volume"></a> [base\_image\_volume](#input\_base\_image\_volume)
+
+Description: Base image storage pool
+
+Type: `string`
+
+### <a name="input_description"></a> [description](#input\_description)
+
+Description: (Short) Description for the virtual machine
+
+Type: `string`
+
+### <a name="input_id"></a> [id](#input\_id)
+
+Description: The lawndale id of the virtual machine
+
+Type: `number`
+
+### <a name="input_interface"></a> [interface](#input\_interface)
+
+Description: Network interface to attach the vm on
+
+Type: `string`
+
+### <a name="input_memory_mb"></a> [memory\_mb](#input\_memory\_mb)
+
+Description: VM memory allocation in megabytes
+
+Type: `number`
+
+### <a name="input_name"></a> [name](#input\_name)
+
+Description: The name of the virtual machine (must be a [-\_a-z0-9])
+
+Type: `string`
+
+### <a name="input_root_storage_volume_size_gb"></a> [root\_storage\_volume\_size\_gb](#input\_root\_storage\_volume\_size\_gb)
+
+Description: The size of the storage volume (in gigabytes)
+
+Type: `number`
+
+### <a name="input_user_data"></a> [user\_data](#input\_user\_data)
+
+Description: Cloud-init userdata script to run
+
+Type: `string`
+
+## Optional Inputs
+
+The following input variables are optional (have default values):
+
+### <a name="input_autostart"></a> [autostart](#input\_autostart)
+
+Description: Start the VM at host start?
+
+Type: `bool`
+
+Default: `true`
+
+### <a name="input_create_root_storage_pool"></a> [create\_root\_storage\_pool](#input\_create\_root\_storage\_pool)
+
+Description: Create the storage pool as part of the module
+
+Type: `bool`
+
+Default: `true`
+
+### <a name="input_extra_interfaces"></a> [extra\_interfaces](#input\_extra\_interfaces)
+
+Description: Extra network interfaces to attach to the VM
+
+Type:
+
+```hcl
+list(object({
+    bridge = string
+    mac    = string
+  }))
+```
+
+Default: `[]`
+
+### <a name="input_filesystems"></a> [filesystems](#input\_filesystems)
+
+Description: 9p shared filesystem devices
+
+Type:
+
+```hcl
+list(object({
+    source     = string
+    target     = string
+    accessmode = string
+    readonly   = bool
+  }))
+```
+
+Default: `[]`
+
+### <a name="input_machine"></a> [machine](#input\_machine)
+
+Description: The machine type - can be i440fx (default) or q35. PCIe support requires Q35 (or better)
+
+Type: `string`
+
+Default: `null`
+
+### <a name="input_meta_data"></a> [meta\_data](#input\_meta\_data)
+
+Description: Cloud-init meta-data
+
+Type: `string`
+
+Default: `null`
+
+### <a name="input_network_config"></a> [network\_config](#input\_network\_config)
+
+Description: Cloud-init network config
+
+Type: `string`
+
+Default: `null`
+
+### <a name="input_root_storage_pool"></a> [root\_storage\_pool](#input\_root\_storage\_pool)
+
+Description: The name of the storage pool. It will default to the VM name
+
+Type: `string`
+
+Default: `""`
+
+### <a name="input_root_storage_volume_name"></a> [root\_storage\_volume\_name](#input\_root\_storage\_volume\_name)
+
+Description: the name of the storage volume (must be unique in the pool)
+
+Type: `string`
+
+Default: `""`
+
+### <a name="input_uefi"></a> [uefi](#input\_uefi)
+
+Description: Whether or not to create an UEFI domain
+
+Type: `bool`
+
+Default: `false`
+
+### <a name="input_vcpu"></a> [vcpu](#input\_vcpu)
+
+Description: CPU count
+
+Type: `number`
+
+Default: `1`
+
+### <a name="input_xslt"></a> [xslt](#input\_xslt)
+
+Description: XSLT applied to the domain before sent to libvirt
+
+Type: `string`
+
+Default: `null`
+
+## Outputs
+
+The following outputs are exported:
+
+### <a name="output__disk"></a> [\_disk](#output\_\_disk)
+
+Description: n/a
+
+### <a name="output__domain"></a> [\_domain](#output\_\_domain)
+
+Description: n/a
+
+### <a name="output__pool"></a> [\_pool](#output\_\_pool)
+
+Description: n/a
+
+### <a name="output_ipam"></a> [ipam](#output\_ipam)
+
+Description: n/a
+
+### <a name="output_macaddress"></a> [macaddress](#output\_macaddress)
+
+Description: n/a

lawndale-vm/compute.tf

@@ -21,7 +21,7 @@ resource "macaddress" "this" {
 
 
 module "ipam" {
-  source = "../../modules/lawndale-vm-ipam"
+  source = "git@git.thomasklein.me:thomasklein/terraform-modules//lawndale-vm-ipam"
 
   id        = var.id
   name      = var.name
@@ -40,10 +40,20 @@ resource "libvirt_domain" "this" {
 
   cloudinit = libvirt_cloudinit_disk.this.id
 
+  firmware = var.uefi ? "/usr/share/edk2-ovmf/OVMF_CODE.fd" : null
+  machine = var.machine
+
   network_interface {
     bridge = module.ipam.lawndale_interface
     mac    = macaddress.this.address
   }
+  dynamic "network_interface" {
+    for_each = var.extra_interfaces
+    content {
+      bridge = network_interface.value.bridge
+      mac = network_interface.value.mac
+    }
+  }
 
   disk {
     volume_id = libvirt_volume.this.id
@@ -76,6 +86,10 @@ resource "libvirt_domain" "this" {
       xslt = xml.value
     }
   }
+
+  lifecycle {
+    ignore_changes = [nvram, disk[0].scsi]
+  }
 }
 
 resource "libvirt_cloudinit_disk" "this" {
@@ -95,6 +109,7 @@ locals {
         match = {
           macaddress = macaddress.this.address
         }
+        "set-name" = "eth"
         addresses = [
           "${module.ipam.ip_address}/${module.ipam.cidr}"
         ]
@@ -116,4 +131,4 @@ EOM
 
   meta_data      = var.meta_data != null ? var.meta_data : local.default_meta_data
   network_config = var.network_config != null ? var.network_config : jsonencode(local.default_network_config)
-}
+}

lawndale-vm/outputs.tf

@@ -0,0 +1,19 @@
+output "macaddress" {
+  value = macaddress.this.address
+}
+
+output "_pool" {
+  value = var.create_root_storage_pool ? libvirt_pool.this : null
+}
+
+output "_disk" {
+  value = libvirt_volume.this
+}
+
+output "_domain" {
+  value = libvirt_domain.this
+}
+
+output "ipam" {
+  value = module.ipam
+}

lawndale-vm/providers.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     libvirt = {
       source  = "dmacvicar/libvirt"
-      version = "~> 0.6.14"
+      version = ">= 0.6.14"
     }
 
     macaddress = {

lawndale-vm/variables.tf

@@ -19,6 +19,18 @@ variable "vcpu" {
   default     = 1
 }
 
+variable "uefi" {
+  type        = bool
+  description = "Whether or not to create an UEFI domain"
+  default     = false
+}
+
+variable "machine" {
+  type        = string
+  description = "The machine type - can be i440fx (default) or q35. PCIe support requires Q35 (or better)"
+  default     = null
+}
+
 variable "memory_mb" {
   type        = number
   description = "VM memory allocation in megabytes"
@@ -110,3 +122,13 @@ variable "xslt" {
   description = "XSLT applied to the domain before sent to libvirt"
   default     = null
 }
+
+variable "extra_interfaces" {
+  type = list(object({
+    bridge = string
+    mac    = string
+  }))
+
+  description = "Extra network interfaces to attach to the VM"
+  default     = []
+}

remote-state-access/outputs.tf

@@ -1,9 +0,0 @@
-output "role_arn" {
-  type  = string
-  value = var.create_role ? aws_iam_role.this.arn : null
-}
-
-output "policy_arn" {
-  type  = string
-  value = var.create_policy ? aws_iam_policy.this.arn : null
-}

remote-state-access/policy.tf

@@ -1,59 +0,0 @@
-data "aws_iam_policy_document" "this" {
-  statement {
-    effect = "Allow"
-    actions = [
-      "s3:ListBucket"
-    ]
-
-    resources = [
-      "arn:aws:s3:::${var.bucket_name}",
-    ]
-  }
-  statement {
-    effect = "Allow"
-    actions = [
-      "s3:GetObject",
-      "s3:PutObject",
-      "s3:DeleteObject",
-    ]
-
-    resources = [
-      "arn:aws:s3:::${var.bucket_name}",
-    ]
-
-    condition {
-      test     = "StringLike"
-      variable = "s3:prefix"
-
-      values = var.prefixes
-    }
-  }
-  statement {
-    effect = "Allow"
-    actions = [
-      "dynamodb:GetItem",
-      "dynamodb:PutItem",
-      "dynamodb:DeleteItem",
-    ]
-    resources = [
-      "arn:aws:dynamodb:*:*:table/${var.dynamodb_table}",
-    ]
-  }
-}
-
-
-resource "aws_iam_role" "this" {
-  count = var.create_role ? 1 : 0
-  name  = var.role_name
-
-  inline_policy {
-    name   = "Allow access for remote states s3 and dynamo"
-    policy = data.aws_iam_policy_document.this.json
-  }
-}
-
-resource "aws_iam_policy" "this" {
-  count = var.create_policy ? 1 : 0
-  name  = var.policy_name
-  path  = var.policy_path
-}

remote-state-access/provider.tf

@@ -1,8 +0,0 @@
-terraform {
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = "~> 4.9"
-    }
-  }
-}

remote-state-access/variables.tf

@@ -1,35 +0,0 @@
-variable "bucket_name" {
-  type = string
-}
-
-variable "dynamo_table" {
-  type = string
-}
-
-variable "prefixes" {
-  type = list(string)
-}
-
-variable "role_name" {
-  type    = string
-  default = null
-}
-
-variable "policy_name" {
-  type    = string
-  default = null
-}
-variable "policy_path" {
-  type    = string
-  default = "/"
-}
-
-variable "create_role" {
-  type    = bool
-  default = false
-}
-
-variable "create_policy" {
-  type    = bool
-  default = false
-}

remote-state/README.md

@@ -0,0 +1,120 @@
+## Requirements
+
+The following requirements are needed by this module:
+
+- <a name="requirement_aws"></a> [aws](#requirement\_aws) (~> 4.9)
+
+## Providers
+
+The following providers are used by this module:
+
+- <a name="provider_aws"></a> [aws](#provider\_aws) (~> 4.9)
+
+## Modules
+
+The following Modules are called:
+
+### <a name="module_states_bucket"></a> [states\_bucket](#module\_states\_bucket)
+
+Source: terraform-aws-modules/s3-bucket/aws
+
+Version:
+
+## Resources
+
+The following resources are used by this module:
+
+- [aws_dynamodb_table.lock](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table) (resource)
+- [aws_iam_policy.terraform](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) (resource)
+- [aws_kms_key.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) (resource)
+- [aws_iam_policy_document.access_state](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) (data source)
+- [aws_iam_policy_document.force_secure_transport](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) (data source)
+- [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) (data source)
+
+## Required Inputs
+
+No required inputs.
+
+## Optional Inputs
+
+The following input variables are optional (have default values):
+
+### <a name="input_bucket_name_override"></a> [bucket\_name\_override](#input\_bucket\_name\_override)
+
+Description: Explicit name for the remote state bucket. If not specified, the bucket will be named as {name\_prefix}-{region\_name}-states
+
+Type: `string`
+
+Default: `null`
+
+### <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix)
+
+Description: Resource names prefixed by this string.
+
+Type: `string`
+
+Default: `null`
+
+### <a name="input_table_billing_mode"></a> [table\_billing\_mode](#input\_table\_billing\_mode)
+
+Description: Table billing mode. Can be PAY\_PER\_REQUEST or PROVISIONED
+
+Type: `string`
+
+Default: `"PAY_PER_REQUEST"`
+
+### <a name="input_table_encryption_at_rest"></a> [table\_encryption\_at\_rest](#input\_table\_encryption\_at\_rest)
+
+Description: Wheather or not apply encryption at rest for the DynamoDB.
+
+Type: `bool`
+
+Default: `false`
+
+### <a name="input_table_name_override"></a> [table\_name\_override](#input\_table\_name\_override)
+
+Description: Explicit name for the remote state lock DynamoDB table. If not specified, the table will be named as {name\_prefix}-{region\_name}-tf-state-locks
+
+Type: `string`
+
+Default: `null`
+
+### <a name="input_table_read_capacity"></a> [table\_read\_capacity](#input\_table\_read\_capacity)
+
+Description: (Optional) The number of read units for this table. If the billing\_mode is PROVISIONED, this field is required
+
+Type: `number`
+
+Default: `0`
+
+### <a name="input_table_write_capacity"></a> [table\_write\_capacity](#input\_table\_write\_capacity)
+
+Description: (Optional) The number of write units for the lock table. If the billing\_mode is PROVISIONED, this field is required
+
+Type: `number`
+
+Default: `0`
+
+## Outputs
+
+The following outputs are exported:
+
+### <a name="output_bucket_name"></a> [bucket\_name](#output\_bucket\_name)
+
+Description: n/a
+
+### <a name="output_kms_key"></a> [kms\_key](#output\_kms\_key)
+
+Description: n/a
+
+### <a name="output_lock_table"></a> [lock\_table](#output\_lock\_table)
+
+Description: n/a
+
+### <a name="output_lock_table_name"></a> [lock\_table\_name](#output\_lock\_table\_name)
+
+Description: n/a
+
+### <a name="output_terraform_policy"></a> [terraform\_policy](#output\_terraform\_policy)
+
+Description: n/a

scripts/format.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+set -euo pipefail
+
+for DIR in $(find . -type d); do
+
+    if [[ "${DIR}" = "." ]] || [[ $(echo ${DIR} | cut -c1-5) = ".git/" ]]; then
+        continue; 
+    fi
+
+    pushd $DIR
+    terraform_files=$(find . -maxdepth 1 -type f -iname '*.tf')
+    if [[ ${#terraform_files} -eq 0 ]]; then
+        popd
+        continue
+    fi
+
+    terraform fmt
+    
+    popd
+done

scripts/generate-docs.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+for DIR in $(find . -type d); do
+
+    if [[ "${DIR}" = "." ]] || [[ $(echo ${DIR} | cut -c1-5) = ".git/" ]]; then
+        continue; 
+    fi
+
+    pushd $DIR
+    terraform_files=$(find . -maxdepth 1 -type f -iname '*.tf')
+    if [[ ${#terraform_files} -eq 0 ]]; then
+        popd
+        continue
+    fi
+    terraform-docs markdown document . > README.md
+    
+    popd
+done

scripts/validate.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+set -euo pipefail
+
+for DIR in $(find . -type d); do
+
+    if [[ "${DIR}" = "." ]] || [[ $(echo ${DIR} | cut -c1-5) = ".git/" ]]; then
+        continue; 
+    fi
+
+    pushd $DIR
+    terraform_files=$(find . -maxdepth 1 -type f -iname '*.tf')
+    if [[ ${#terraform_files} -eq 0 ]]; then
+        popd
+        continue
+    fi
+
+    terraform init
+    terraform validate
+    
+    popd
+done