Move some static config to variables

main.tf

@@ -36,90 +36,6 @@ provider "keycloak" {
   url = "https://keycloak.${var.domain_suffix}"
 }
 
-resource "helm_release" "gitea" {
-  name       = "gitea"
-
-  repository = "https://dl.gitea.com/charts/"
-  chart      = "gitea"
-  namespace  = var.gitea_namespace
-  create_namespace = true
-
-  set {
-    name  = "ingress.enabled"
-    value = "true"
-  }
-
-  set {
-    name = "ingress.annotations.\"cert-manager\\.io\\/cluster-issuer\""
-    value = "letsencrypt-prod"
-  }
-
-  set {
-    name = "ingress.hosts[0].host"
-    value = "git.${var.domain_suffix}"
-  }
-
-  set {
-    name = "ingress.hosts[0].paths[0].path"
-    value = "/"
-  }
-
-  set {
-    name = "ingress.hosts[0].paths[0].pathType"
-    value = "Prefix"
-  }
-
-  set {
-    name = "ingress.tls[0].secretName"
-    value = "tls-gitea"
-  }
-
-  set {
-    name = "ingress.tls[0].hosts[0]"
-    value = "git.${var.domain_suffix}"
-  }
-
-  set {
-    name = "persistence.enabled"
-    value = "true"
-  }
-
-  set {
-    name = "persistence.storageClass"
-    value = var.storageclass
-  }
-
-  set {
-    name = "global.storageClass"
-    value = var.storageclass
-  }
-
-  set {
-    name = "gitea.oauth[0].name"
-    value = "md1clv.im"
-  }
-
-  set {
-    name = "gitea.oauth[0].provider"
-    value = "openidConnect"
-  }
-
-  set {
-    name = "gitea.oauth[0].key"
-    value = "gitea"
-  }
-
-  set {
-    name = "gitea.oauth[0].secret"
-    value = var.keycloak_gitea_secret
-  }
-
-  set {
-    name = "gitea.oauth[0].autoDiscoverUrl"
-    value = "https://keycloak.${var.domain_suffix}/realms/${var.keycloak_realm}/.well-known/openid-configuration"
-  }
-}
-
 resource "helm_release" "keycloak" {
   name                       = "keycloak"
   namespace                  = var.keycloak_namespace
@@ -194,6 +110,90 @@ resource "keycloak_openid_client" "gitea_client" {
   ]
 }
 
+resource "helm_release" "gitea" {
+  name       = "gitea"
+
+  repository = "https://dl.gitea.com/charts/"
+  chart      = "gitea"
+  namespace  = var.gitea_namespace
+  create_namespace = true
+
+  set {
+    name  = "ingress.enabled"
+    value = "true"
+  }
+
+  set {
+    name = "ingress.annotations.\"cert-manager\\.io\\/cluster-issuer\""
+    value = "letsencrypt-prod"
+  }
+
+  set {
+    name = "ingress.hosts[0].host"
+    value = "git.${var.domain_suffix}"
+  }
+
+  set {
+    name = "ingress.hosts[0].paths[0].path"
+    value = "/"
+  }
+
+  set {
+    name = "ingress.hosts[0].paths[0].pathType"
+    value = "Prefix"
+  }
+
+  set {
+    name = "ingress.tls[0].secretName"
+    value = "tls-gitea"
+  }
+
+  set {
+    name = "ingress.tls[0].hosts[0]"
+    value = "git.${var.domain_suffix}"
+  }
+
+  set {
+    name = "persistence.enabled"
+    value = "true"
+  }
+
+  set {
+    name = "persistence.storageClass"
+    value = var.storageclass
+  }
+
+  set {
+    name = "global.storageClass"
+    value = var.storageclass
+  }
+
+  set {
+    name = "gitea.oauth[0].name"
+    value = "md1clv.im"
+  }
+
+  set {
+    name = "gitea.oauth[0].provider"
+    value = "openidConnect"
+  }
+
+  set {
+    name = "gitea.oauth[0].key"
+    value = keycloak_openid_client.gitea_client.client_id
+  }
+
+  set {
+    name = "gitea.oauth[0].secret"
+    value = var.keycloak_gitea_secret
+  }
+
+  set {
+    name = "gitea.oauth[0].autoDiscoverUrl"
+    value = "https://keycloak.${var.domain_suffix}/realms/${var.keycloak_realm}/.well-known/openid-configuration"
+  }
+}
+
 resource "keycloak_openid_client" "nautobot_client" {
   realm_id = keycloak_realm.realm.id
   client_id = "nautobot"
@@ -204,8 +204,8 @@ resource "keycloak_openid_client" "nautobot_client" {
   client_secret = var.keycloak_nautobot_secret
   valid_redirect_uris = [
     "/*",
-    "https://nautobot.k8s.md1clv.im",
+    "https://nautobot.${var.domain_suffix}",
-    "https://nautobot.k8s.md1clv.im/*"
+    "https://nautobot.${var.domain_suffix}/*"
   ]
 }
 
@@ -236,7 +236,7 @@ nautobot:
         DATABASES["default"]["OPTIONS"] = {"charset": "utf8mb4"}
     SECRET_KEY = os.getenv("NAUTOBOT_SECRET_KEY", "#fdj#r@=om#sjb-odxae1w#!vy5&(6@tsog*&x31(1725#nwg)")
     AUTHENTICATION_BACKENDS = [ "social_core.backends.keycloak.KeycloakOAuth2", "nautobot.core.authentication.ObjectPermissionBackend", "django.contrib.auth.backends.ModelBackend" ]
-    SOCIAL_AUTH_KEYCLOAK_KEY = 'nautobot'
+    SOCIAL_AUTH_KEYCLOAK_KEY = '${keycloak_openid_client.nautobot_client.client_id}'
     SOCIAL_AUTH_KEYCLOAK_SECRET = '${var.keycloak_nautobot_secret}'
     SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY = 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0w+FSHl757PbboHKFNwK8xEKyHwYTzDN3OCy+E0uXFBfXYf+mVqABWQaz/OwVL1H9XJzBlPZmARCIqnxB14J9QXn9ZJ42RTgXIMzJaJBUv5iKHhy4kFLAY26luzvWHZx4JYTAZ4gGOG0StapvAb5ejABcCmImP3P+PF3gZco1glZg1/wj+mMPnfD6If/uxwOb6YLHvBy6xqkfon9yyDNGGlm/6EjYJgjuoKLfw501/triw3RA4YFfZpn4z2uMqNR4tSdm5MpP84z0lDXl9KwplqI7SYvc+J9aZgBIRy+EZGplIazp3tfvKsR9910yxLxPYNzSPvOr8fJib4kqKaMQIDAQAB'
     SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL = 'https://keycloak.${var.domain_suffix}/realms/${var.keycloak_realm}/protocol/openid-connect/auth'
@@ -291,7 +291,7 @@ global:
 server:
   ingress:
     enabled: true
-    hostname: prometheus.k8s.md1clv.im
+    hostname: prometheus.${var.domain_suffix}
   service:
     type: ClusterIP
 alertmanager: