OpenTofuPlayground/scripts/setup-backend.sh

#!/usr/bin/env bash
# ─────────────────────────────────────────────────────────────────────────────
# setup-backend.sh — One-time SeaweedFS state backend initialisation
#
# Run this once per machine (or CI runner) before using the pipelines.
# It uncommets the backend block in both stack backend.tf files and runs
# tofu init with the correct -backend-config flags.
#
# Usage:
#   chmod +x scripts/setup-backend.sh
#   ./scripts/setup-backend.sh
# ─────────────────────────────────────────────────────────────────────────────
set -euo pipefail

REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"

# ── Collect config ─────────────────────────────────────────────────────────
echo ""
echo "SeaweedFS S3 State Backend Setup"
echo "═════════════════════════════════"
echo ""

read -rp "SeaweedFS S3 endpoint (e.g. http://seaweedfs.example.com:8333): " ENDPOINT
read -rp "Access key: " ACCESS_KEY
read -rsp "Secret key: " SECRET_KEY
echo ""
read -rp "State bucket name [tofu-state]: " BUCKET
BUCKET="${BUCKET:-tofu-state}"

export AWS_ACCESS_KEY_ID="$ACCESS_KEY"
export AWS_SECRET_ACCESS_KEY="$SECRET_KEY"

BACKEND_ARGS=(
  "-backend-config=bucket=${BUCKET}"
  "-backend-config=endpoint=${ENDPOINT}"
  "-backend-config=region=us-east-1"
  "-backend-config=force_path_style=true"
)

# ── Helper: enable backend block in a backend.tf ──────────────────────────
enable_backend() {
  local file="$1"
  if grep -q '# terraform {' "$file"; then
    sed -i \
      -e 's|^# terraform {|terraform {|' \
      -e 's|^#   backend "s3" {}|  backend "s3" {}|' \
      -e 's|^# }$|}|' \
      "$file"
    echo "  Enabled S3 backend block in $file"
  else
    echo "  Backend block already enabled in $file"
  fi
}

# ── Docker stack ──────────────────────────────────────────────────────────
echo ""
echo "── Docker stack ──────────────────────────────────────────────────"
enable_backend "$REPO_ROOT/backend.tf"

cd "$REPO_ROOT"
echo "  Running: tofu init (Docker stack)"
tofu init "${BACKEND_ARGS[@]}" "-backend-config=key=apps/PLACEHOLDER.tfstate" -reconfigure
echo "  Docker stack backend initialised."

# ── Kubernetes stack ──────────────────────────────────────────────────────
echo ""
echo "── Kubernetes stack ──────────────────────────────────────────────"
enable_backend "$REPO_ROOT/k8s/backend.tf"

cd "$REPO_ROOT/k8s"
echo "  Running: tofu init (K8s stack)"
tofu init "${BACKEND_ARGS[@]}" "-backend-config=key=apps-k8s/PLACEHOLDER.tfstate" -reconfigure
echo "  Kubernetes stack backend initialised."

# ── Done ──────────────────────────────────────────────────────────────────
echo ""
echo "Done. Both stacks are now configured to use SeaweedFS for state storage."
echo ""
echo "Next: commit the updated backend.tf files, then add these as Gitea secrets:"
echo "  SEAWEED_S3_ENDPOINT = ${ENDPOINT}"
echo "  SEAWEED_ACCESS_KEY  = ${ACCESS_KEY}"
echo "  SEAWEED_SECRET_KEY  = (not shown)"
echo "  SEAWEED_BUCKET      = ${BUCKET}"
echo ""
echo "Do NOT commit the access/secret keys. They go in Gitea secrets only."