refactor: replace template-eks-cluster remote sync with local templat…

…es/eks-modules

Remove the data.github_repository_file / data.github_tree approach that read
cluster-level terragrunt files from the template-eks-cluster repo at runtime.
All HCL templates are now managed locally in templates/eks-modules/ inside this
module repo, consistent with the ADR merged in #18.

Changes:
- Remove effective_template_enabled_modules and template_cluster_sync_files locals
- Remove data.github_repository_file.template_cluster_files data source
- Remove template_repo_name, template_repo_ref, template_cluster_file_paths variables
- Move effective_template_enabled_modules into the eks_module_files locals block
  and apply enablement filter directly to the fileset loop
- Update desired_managed_files_by_path to use local.eks_module_files
- Update template_enabled_modules variable description to reflect local template usage

main.tf

@@ -2,22 +2,6 @@ locals {
   create_repository      = lower(trimspace(var.repository_mode)) == "create"
   effective_files_branch = local.create_repository ? "new/${var.name}" : "update/${var.name}"
   update_source_branch   = var.files_branch_source_branch != null ? var.files_branch_source_branch : (local.create_repository ? null : data.github_repository.existing_repo[0].default_branch)
-  effective_template_enabled_modules = merge(var.template_enabled_modules, {
-    eks           = true
-    eks-config    = true
-    eks-karpenter = true
-    eks-istio     = true
-    eks-dns       = true
-  })
-
-  template_cluster_sync_files = [
-    for rel_path in var.template_cluster_file_paths : {
-      path    = "${var.environment}/${var.region}/vpc/cluster/${rel_path}"
-      content = data.github_repository_file.template_cluster_files[rel_path].content
-    }
-    if lookup(local.effective_template_enabled_modules, split("/", rel_path)[0], false)
-  ]
-
   managed_extra_files = concat([
     {
       path    = "_envcommon/default-versions.hcl"
@@ -110,13 +94,9 @@ locals {
   }
 
   desired_managed_files_by_path = {
-    for file in concat([
-      for path, content in local.rendered_files : {
-        path    = path
-        content = content
-      }
-      ],
-      local.template_cluster_sync_files,
+    for file in concat(
+      [for path, content in local.rendered_files : { path = path, content = content }],
+      [for path, content in local.eks_module_files : { path = path, content = content }],
       local.managed_extra_files
     ) : file.path => file.content
   }
@@ -168,14 +148,6 @@ resource "terraform_data" "create_mode_guard" {
   }
 }
 
-data "github_repository_file" "template_cluster_files" {
-  for_each = toset(var.template_cluster_file_paths)
-
-  repository = var.template_repo_name
-  branch     = var.template_repo_ref
-  file       = "environment/region/vpc/cluster/${each.value}"
-}
-
 data "github_tree" "update_source_branch_tree" {
   count = ! local.create_repository && local.update_source_branch != null ? 1 : 0
 
@@ -203,14 +175,24 @@ locals {
   # Base path prefix for all eks-module files in the generated repo
   eks_module_cluster_prefix = "${var.environment}/${var.region}/${var.cluster_config.vpc_name}/${var.name}"
 
+  effective_template_enabled_modules = merge(var.template_enabled_modules, {
+    eks           = true
+    eks-config    = true
+    eks-karpenter = true
+    eks-istio     = true
+    eks-dns       = true
+  })
+
   # Auto-discover all files in templates/eks-modules/ and map them to their
   # target paths in the generated repo. The naming convention converts
   # "eks-karpenter.terragrunt.hcl" → "eks-karpenter/terragrunt.hcl" by
-  # splitting on the first dot.
+  # splitting on the first dot. Files whose module segment is set to false in
+  # effective_template_enabled_modules are excluded.
   eks_module_files = {
     for fname in fileset("${path.module}/templates/eks-modules", "*") :
     "${local.eks_module_cluster_prefix}/${join("/", regex("^([^.]+)\\.(.+)$", fname))}" =>
     file("${path.module}/templates/eks-modules/${fname}")
+    if lookup(local.effective_template_enabled_modules, regex("^([^.]+)", fname)[0], true)
   }
 }
 

variables.tf

@@ -274,41 +274,8 @@ variable "files_branch_source_branch" {
   default     = null
 }
 
-variable "template_repo_name" {
-  description = "Name of the template repository used as authoritative source for cluster-level terragrunt files."
-  type        = string
-  default     = "template-eks-cluster"
-}
-
-variable "template_repo_ref" {
-  description = "Branch, tag, or SHA to read from template_repo_name when syncing cluster-level terragrunt files."
-  type        = string
-  default     = "main"
-}
-
-variable "template_cluster_file_paths" {
-  description = "List of file paths under <environment>/<region>/vpc/cluster in template_repo_name to sync into environment/region-resolved cluster path."
-  type        = list(string)
-  default = [
-    "eks/terragrunt.hcl",
-    "eks-config/terragrunt.hcl",
-    "eks-cribl/terragrunt.hcl",
-    "eks-dns/terragrunt.hcl",
-    "eks-gatekeeper/terragrunt.hcl",
-    "eks-grafana/terragrunt.hcl",
-    "eks-istio/terragrunt.hcl",
-    "eks-karpenter/terragrunt.hcl",
-    "eks-keycloak/terragrunt.hcl",
-    "eks-kiali/terragrunt.hcl",
-    "eks-loki/terragrunt.hcl",
-    "eks-otel/terragrunt.hcl",
-    "eks-prometheus/terragrunt.hcl",
-    "eks-tempo/terragrunt.hcl",
-  ]
-}
-
 variable "template_enabled_modules" {
-  description = "Enablement map used to decide which template_cluster_file_paths are synced. Key must match the first path segment, for example eks-grafana in eks-grafana/terragrunt.hcl. Core modules eks, eks-config, eks-karpenter, eks-istio, and eks-dns are always enabled."
+  description = "Controls which modules from templates/eks-modules/ are written into the generated repo. Key is the module directory name (e.g. eks-grafana). Core modules eks, eks-config, eks-karpenter, eks-istio, and eks-dns are always enabled regardless of this map."
   type        = map(bool)
   default = {
     eks            = true