Configure Backblaze with terraform

2023-04-28 17:57:58 +01:00
parent f6988af87c
commit 297e2e0dba
5 changed files with 136 additions and 13 deletions
--- a/terraform/backblaze.tf
+++ b/terraform/backblaze.tf
@ -0,0 +1,94 @@
+resource "b2_bucket" "gitea" {
+  bucket_name = "0rng-gitea"
+  bucket_type = "allPrivate"
+
+  default_server_side_encryption {
+    algorithm = "AES256"
+    mode      = "SSE-B2"
+  }
+
+  lifecycle_rules {
+    file_name_prefix              = ""
+    days_from_hiding_to_deleting  = 1
+    days_from_uploading_to_hiding = 0
+  }
+}
+
+resource "b2_application_key" "gitea" {
+  key_name  = "gitea"
+  bucket_id = b2_bucket.gitea.id
+  capabilities = [
+    "readFiles",
+    "deleteFiles",
+    "listBuckets",
+    "listFiles",
+    "readBucketEncryption",
+    "readBucketReplications",
+    "readBuckets",
+    "shareFiles",
+    "writeBucketEncryption",
+    "writeBucketReplications",
+    "writeFiles",
+  ]
+}
+
+resource "b2_bucket" "restic" {
+  bucket_name = "0rng-restic"
+  bucket_type = "allPrivate"
+
+  default_server_side_encryption {
+    algorithm = "AES256"
+    mode      = "SSE-B2"
+  }
+
+  lifecycle_rules {
+    file_name_prefix              = ""
+    days_from_hiding_to_deleting  = 1
+    days_from_uploading_to_hiding = 0
+  }
+}
+
+resource "b2_application_key" "restic" {
+  key_name  = "restic"
+  bucket_id = b2_bucket.restic.id
+  capabilities = [
+    "readFiles",
+    "deleteFiles",
+    "listBuckets",
+    "listFiles",
+    "readBucketEncryption",
+    "readBuckets",
+    "shareFiles",
+    "writeBucketEncryption",
+    "writeFiles",
+  ]
+}
+
+resource "b2_application_key" "infrastructure" {
+  key_name = "infrastructure"
+  capabilities = [
+    "bypassGovernance",
+    "deleteBuckets",
+    "deleteFiles",
+    "deleteKeys",
+    "listBuckets",
+    "listFiles",
+    "listKeys",
+    "readBucketEncryption",
+    "readBucketReplications",
+    "readBucketRetentions",
+    "readBuckets",
+    "readFileLegalHolds",
+    "readFileRetentions",
+    "readFiles",
+    "shareFiles",
+    "writeBucketEncryption",
+    "writeBucketReplications",
+    "writeBucketRetentions",
+    "writeBuckets",
+    "writeFileLegalHolds",
+    "writeFileRetentions",
+    "writeFiles",
+    "writeKeys",
+  ]
+}