diff --git a/modules/kubernetes/immich/main.tf b/modules/kubernetes/immich/main.tf index 34d97e89..f737c120 100644 --- a/modules/kubernetes/immich/main.tf +++ b/modules/kubernetes/immich/main.tf @@ -109,10 +109,23 @@ resource "kubernetes_ingress_v1" "immich" { # "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" # WARNING: When changing any of the below settings, ensure that large file uploads continue working - "nginx.ingress.kubernetes.io/proxy-read-timeout" : "600", - "nginx.ingress.kubernetes.io/proxy-send-timeout" : "600", - "nginx.ingress.kubernetes.io/proxy-connect-timeout" : "600" - "nginx.ingress.kubernetes.io/proxy-body-size" : "5000m", + "nginx.ingress.kubernetes.io/proxy-read-timeout" : "600s", + "nginx.ingress.kubernetes.io/proxy-send-timeout" : "600s", + "nginx.ingress.kubernetes.io/proxy-connect-timeout" : "600s" + "nginx.ingress.kubernetes.io/client-max-body-size" : "2G" + "nginx.ingress.kubernetes.io/proxy-body-size" : "2G", + "nginx.ingress.kubernetes.io/proxy-buffering" : "on" + "nginx.ingress.kubernetes.io/proxy-max-temp-file-size" : "4096m" + "nginx.ingress.kubernetes.io/proxy-request-buffering" : "off" + "nginx.ingress.kubernetes.io/client-body-buffer-size" : "2G" + "nginx.ingress.kubernetes.io/proxy-buffer-size" : "16k" + "nginx.ingress.kubernetes.io/proxy-buffers-number" : "8" + + + # "nginx.ingress.kubernetes.io/client-body-buffer-size" : "5000m" + # "nginx.ingress.kubernetes.io/proxy-buffers-number" : "8" + # "nginx.ingress.kubernetes.io/proxy-buffer-size" : "16k" + # "nginx.ingress.kubernetes.io/proxy-body-size" : "0", # "nginx.ingress.kubernetes.io/affinity" : "cookie" # "nginx.ingress.kubernetes.io/affinity-mode" : "persistent" # "nginx.ingress.kubernetes.io/session-cookie-change-on-failure" : true @@ -120,7 +133,7 @@ resource "kubernetes_ingress_v1" "immich" { # "nginx.ingress.kubernetes.io/session-cookie-max-age" : 172800 # "nginx.ingress.kubernetes.io/session-cookie-name" : "STICKY_SESSION" # "nginx.ingress.kubernetes.io/use-regex" : false - "nginx.org/websocket-services" : "immich-server" + # "nginx.org/websocket-services" : "immich-server" } } diff --git a/modules/kubernetes/main.tf b/modules/kubernetes/main.tf index 3f0dcb22..ecc9fa33 100644 --- a/modules/kubernetes/main.tf +++ b/modules/kubernetes/main.tf @@ -460,3 +460,8 @@ module "ollama" { source = "./ollama" tls_secret_name = var.tls_secret_name } + +module "ntfy" { + source = "./ntfy" + tls_secret_name = var.tls_secret_name +} diff --git a/modules/kubernetes/ntfy/main.tf b/modules/kubernetes/ntfy/main.tf new file mode 100644 index 00000000..d05a622e --- /dev/null +++ b/modules/kubernetes/ntfy/main.tf @@ -0,0 +1,156 @@ +variable "tls_secret_name" {} +resource "kubernetes_namespace" "ntfy" { + metadata { + name = "ntfy" + } +} + +module "tls_secret" { + source = "../setup_tls_secret" + namespace = "ntfy" + tls_secret_name = var.tls_secret_name +} + +resource "kubernetes_deployment" "ntfy" { + metadata { + name = "ntfy" + namespace = "ntfy" + labels = { + app = "ntfy" + } + annotations = { + "reloader.stakater.com/search" = "true" + } + } + spec { + replicas = 1 + strategy { + type = "RollingUpdate" + } + selector { + match_labels = { + app = "ntfy" + } + } + template { + metadata { + labels = { + app = "ntfy" + } + } + spec { + container { + image = "binwiederhier/ntfy" + name = "ntfy" + args = ["serve"] + + port { + container_port = 80 + } + env { + name = "NTFY_BASE_URL" + value = "https://ntfy.viktorbarzin.me" + } + env { + name = "NTFY_UPSTREAM_BASE_URL" + # value = "https://ntfy.viktorbarzin.me" + value = "https://ntfy.sh" + } + env { + name = "NTFY_BEHIND_PROXY" + value = true + } + env { + name = "NTFY_ENABLE_LOGIN" + value = true + } + env { + name = "NTFY_AUTH_FILE" + value = "/var/lib/ntfy/user.db" + } + env { + name = "NTFY_AUTH_DEFAULT_ACCESS" + value = "deny-all" + } + env { + name = "NTFY_ENABLE_METRICS" + value = true + } + volume_mount { + name = "data" + mount_path = "/var/lib/ntfy/" + } + } + volume { + name = "data" + nfs { + server = "10.0.10.15" + path = "/mnt/main/ntfy" + } + } + } + } + } +} + +resource "kubernetes_service" "ntfy" { + metadata { + name = "ntfy" + namespace = "ntfy" + labels = { + "app" = "ntfy" + } + annotations = { + "prometheus.io/scrape" = "true" + "prometheus.io/path" = "/metrics" + "prometheus.io/port" = "80" + } + } + + spec { + selector = { + app = "ntfy" + } + port { + name = "http" + target_port = 80 + port = 80 + } + } +} + +resource "kubernetes_ingress_v1" "ntfy" { + metadata { + name = "ntfy" + namespace = "ntfy" + annotations = { + "kubernetes.io/ingress.class" = "nginx" + # "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" + # "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" + } + } + + spec { + tls { + hosts = ["ntfy.viktorbarzin.me"] + secret_name = var.tls_secret_name + } + rule { + host = "ntfy.viktorbarzin.me" + http { + path { + path = "/" + backend { + service { + name = "ntfy" + port { + number = 80 + } + } + } + } + } + } + } +} +