infra/stacks/dawarich/main.tf

variable "tls_secret_name" {
  type      = string
  sensitive = true
}

variable "image_version" {
  type    = string
  default = "0.37.1"
}
variable "nfs_server" { type = string }
variable "redis_host" { type = string }
variable "postgresql_host" { type = string }

resource "kubernetes_namespace" "dawarich" {
  metadata {
    name = "dawarich"
    labels = {
      "istio-injection" : "disabled"
      tier = local.tiers.edge
    }
  }
}

resource "kubernetes_manifest" "external_secret" {
  manifest = {
    apiVersion = "external-secrets.io/v1beta1"
    kind       = "ExternalSecret"
    metadata = {
      name      = "dawarich-secrets"
      namespace = "dawarich"
    }
    spec = {
      refreshInterval = "15m"
      secretStoreRef = {
        name = "vault-kv"
        kind = "ClusterSecretStore"
      }
      target = {
        name = "dawarich-secrets"
      }
      dataFrom = [{
        extract = {
          key = "dawarich"
        }
      }]
    }
  }
  depends_on = [kubernetes_namespace.dawarich]
}

module "tls_secret" {
  source          = "../../modules/kubernetes/setup_tls_secret"
  namespace       = kubernetes_namespace.dawarich.metadata[0].name
  tls_secret_name = var.tls_secret_name
}

resource "kubernetes_deployment" "dawarich" {
  metadata {
    name      = "dawarich"
    namespace = kubernetes_namespace.dawarich.metadata[0].name
    labels = {
      app  = "dawarich"
      tier = local.tiers.edge
    }
    annotations = {
      "reloader.stakater.com/search" = "true"
    }
  }
  spec {
    replicas = 1
    strategy {
      type = "Recreate"
    }
    selector {
      match_labels = {
        app = "dawarich"
      }
    }
    template {
      metadata {
        labels = {
          app = "dawarich"
        }
        annotations = {
          # "diun.enable"          = "true"
          # "diun.include_tags"    = "latest"
          "dependency.kyverno.io/wait-for" = "postgresql.dbaas:5432,redis.redis:6379"
        }
      }
      spec {

        container {
          image = "freikin/dawarich:${var.image_version}"
          name  = "dawarich"
          port {
            name           = "http"
            container_port = 3000
          }
          port {
            name           = "prometheus"
            container_port = 9394
          }
          command = ["web-entrypoint.sh"]
          args    = ["bin/dev"]
          env {
            name  = "REDIS_URL"
            value = "redis://${var.redis_host}:6379"
          }
          env {
            name  = "DATABASE_HOST"
            value = var.postgresql_host
          }
          env {
            name  = "DATABASE_USERNAME"
            value = "dawarich"
          }
          env {
            name = "DATABASE_PASSWORD"
            value_from {
              secret_key_ref {
                name = "dawarich-secrets"
                key  = "db_password"
              }
            }
          }
          env {
            name  = "DATABASE_NAME"
            value = "dawarich"
          }
          env {
            name  = "MIN_MINUTES_SPENT_IN_CITY"
            value = "60"
          }
          env {
            name  = "TIME_ZONE"
            value = "Europe/London"
          }
          env {
            name  = "DISTANCE_UNIT"
            value = "km"
          }
          env {
            name  = "ENABLE_TELEMETRY"
            value = "true"
          }
          env {
            name  = "APPLICATION_HOSTS"
            value = "dawarich.viktorbarzin.me"
          }
          # env {
          #   name  = "PROMETHEUS_EXPORTER_ENABLED"
          #   value = "true"
          # }
          # env {
          #   name  = "PROMETHEUS_EXPORTER_PORT"
          #   value = "9394"
          # }
          # env {
          #   name  = "PROMETHEUS_EXPORTER_HOST"
          #   value = "0.0.0.0"
          # }
          env {
            name  = "SELF_HOSTED"
            value = "true"
          }
          # env {
          #   name  = "PHOTON_API_HOST"
          #   value = "photon.dawarich"
          # }


          #   volume_mount {
          #     name       = "watched"
          #     mount_path = "/var/app/tmp/imports/watched"
          #   }
          resources {
            requests = {
              cpu    = "15m"
              memory = "768Mi"
            }
            limits = {
              memory = "768Mi"
            }
          }
        }
        # container {
        #   image   = "freikin/dawarich:${var.image_version}"
        #   name    = "dawarich-sidekiq"
        #   command = ["sidekiq-entrypoint.sh"]
        #   args    = ["bundle exec sidekiq"]
        #   env {
        #     name  = "REDIS_URL"
        #     value = "redis://redis.redis.svc.cluster.local:6379"
        #   }
        #   env {
        #     name  = "DATABASE_HOST"
        #     value = "postgresql.dbaas"
        #   }
        #   env {
        #     name  = "DATABASE_USERNAME"
        #     value = "dawarich"
        #   }
        #   env {
        #     name  = "DATABASE_PASSWORD"
        #     value = data.vault_kv_secret_v2.secrets.data["db_password"]
        #   }
        #   env {
        #     name  = "DATABASE_NAME"
        #     value = "dawarich"
        #   }
        #   env {
        #     name  = "MIN_MINUTES_SPENT_IN_CITY"
        #     value = "60"
        #   }
        #   env {
        #     name  = "BACKGROUND_PROCESSING_CONCURRENCY"
        #     value = "10"
        #   }
        #   env {
        #     name  = "ENABLE_TELEMETRY"
        #     value = "true"
        #   }
        #   env {
        #     name  = "APPLICATION_HOST"
        #     value = "dawarich.viktorbarzin.me"
        #   }
        #   # env {
        #   #   name  = "PROMETHEUS_EXPORTER_ENABLED"
        #   #   value = "false"
        #   # }
        #   # env {
        #   #   name  = "PROMETHEUS_EXPORTER_HOST"
        #   #   value = "dawarich.dawarich"
        #   # }
        #   # env {
        #   #   name  = "PHOTON_API_HOST"
        #   #   value = "photon.dawarich:2322"
        #   #   # value = "photon.komoot.io"
        #   # }
        #   # env {
        #   #   name  = "PHOTON_API_USE_HTTPS"
        #   #   value = "false"
        #   # }
        #   env {
        #     name  = "GEOAPIFY_API_KEY"
        #     value = data.vault_kv_secret_v2.secrets.data["geoapify_api_key"]
        #   }
        #   env {
        #     name  = "SELF_HOSTED"
        #     value = "true"
        #   }

        #   #   volume_mount {
        #   #     name       = "watched"
        #   #     mount_path = "/var/app/tmp/imports/watched"
        #   #   }
        # }
      }
    }
  }
}


# resource "kubernetes_deployment" "photon" {
#   metadata {
#     name      = "photon"
#    namespace = kubernetes_namespace.dawarich.metadata[0].name
#     labels = {
#       app = "photon"
#     }
#   }
#   spec {
#     replicas = 1
#     strategy {
#       type = "Recreate"
#     }
#     selector {
#       match_labels = {
#         app = "photon"
#       }
#     }
#     template {
#       metadata {
#         labels = {
#           app = "photon"
#         }
#       }
#       spec {

#         container {
#           image = "rtuszik/photon-docker:latest"
#           name  = "photon"
#           port {
#             name           = "tcp"
#             container_port = 2322
#           }
#           env {
#             name  = "COUNTRY_CODE"
#             value = "bg"
#           }

#           volume_mount {
#             name       = "data"
#             mount_path = "/photon/photon_data"
#           }
#         }
#         volume {
#           name = "data"
#           nfs {
#             path   = "/mnt/main/photon"
#             server = var.nfs_server
#           }
#         }
#       }

#     }
#   }
# }



resource "kubernetes_service" "dawarich" {
  metadata {
    name      = "dawarich"
    namespace = kubernetes_namespace.dawarich.metadata[0].name
    labels = {
      "app" = "dawarich"
    }
  }

  spec {
    selector = {
      app = "dawarich"
    }
    port {
      name        = "http"
      port        = 80
      target_port = 3000
      protocol    = "TCP"
    }
  }
}

# resource "kubernetes_service" "photon" {
#   metadata {
#     name      = "photon"
#    namespace = kubernetes_namespace.dawarich.metadata[0].name
#     labels = {
#       "app" = "photon"
#     }
#   }

#   spec {
#     selector = {
#       app = "photon"
#     }
#     port {
#       name        = "http"
#       port        = 2322
#       target_port = 2322
#       protocol    = "TCP"
#     }
#   }
# }
module "ingress" {
  source          = "../../modules/kubernetes/ingress_factory"
  namespace       = kubernetes_namespace.dawarich.metadata[0].name
  name            = "dawarich"
  tls_secret_name = var.tls_secret_name
  rybbit_site_id  = "0abfd409f2fb"
  extra_annotations = {
    "gethomepage.dev/enabled"      = "true"
    "gethomepage.dev/name"         = "Dawarich"
    "gethomepage.dev/description"  = "Location history"
    "gethomepage.dev/icon"         = "dawarich.png"
    "gethomepage.dev/group"        = "Smart Home"
    "gethomepage.dev/pod-selector" = ""
  }
}