viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[ci skip] complete NFS CSI migration: complex stacks + platform modules

Browse source 
Migrate remaining multi-volume stacks and all platform modules from
inline NFS volumes to CSI-backed PV/PVC with nfs-truenas StorageClass
(soft,timeo=30,retrans=3 mount options).

Complex stacks: openclaw (4 vols), immich (8 vols), frigate (2 vols),
nextcloud (2 vols + old PV replaced), rybbit (1 vol)

Remaining stacks: affine, ebook2audiobook, f1-stream, osm_routing,
real-estate-crawler

Platform modules: monitoring (prometheus, loki, alertmanager PVs
converted from native NFS to CSI), redis, dbaas, technitium,
headscale, vaultwarden, uptime-kuma, mailserver, infra-maintenance
This commit is contained in:
Viktor Barzin 2026-03-02 01:24:07 +00:00
parent 11b3d92684
commit 0e324df545
No known key found for this signature in database
GPG key ID: 0EB088298288D958
24 changed files with 411 additions and 179 deletions
Download patch file Download diff file Expand all files Collapse all files

13
stacks/affine/main.tf
View file

@ -73,6 +73,14 @@ locals {
]
}
module "nfs_data" {
source = "../../modules/kubernetes/nfs_volume"
name = "affine-data"
namespace = kubernetes_namespace.affine.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/affine"
}
resource "kubernetes_deployment" "affine" {
metadata {
name = "affine"
@ -181,9 +189,8 @@ resource "kubernetes_deployment" "affine" {
}
volume {
name = "data"
nfs {
server = var.nfs_server
path = "/mnt/main/affine"
persistent_volume_claim {
claim_name = module.nfs_data.claim_name
}
}
}

31
stacks/ebook2audiobook/main.tf
View file

@ -19,6 +19,22 @@ resource "kubernetes_namespace" "ebook2audiobook" {
}
module "nfs_data" {
source = "../../modules/kubernetes/nfs_volume"
name = "ebook2audiobook-data"
namespace = kubernetes_namespace.ebook2audiobook.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/ebook2audiobook"
}
module "nfs_audiblez_data" {
source = "../../modules/kubernetes/nfs_volume"
name = "ebook2audiobook-audiblez-data"
namespace = kubernetes_namespace.ebook2audiobook.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/audiblez"
}
resource "kubernetes_deployment" "ebook2audiobook" {
metadata {
name = "ebook2audiobook"
@ -89,9 +105,8 @@ resource "kubernetes_deployment" "ebook2audiobook" {
volume {
name = "data"
nfs {
server = var.nfs_server
path = "/mnt/main/ebook2audiobook"
persistent_volume_claim {
claim_name = module.nfs_data.claim_name
}
}
}
@ -279,9 +294,8 @@ resource "kubernetes_deployment" "audiblez" {
}
volume {
name = "data"
nfs {
server = var.nfs_server
path = "/mnt/main/audiblez"
persistent_volume_claim {
claim_name = module.nfs_audiblez_data.claim_name
}
}
}
@ -366,9 +380,8 @@ resource "kubernetes_deployment" "audiblez-web" {
}
volume {
name = "data"
nfs {
server = var.nfs_server
path = "/mnt/main/audiblez"
persistent_volume_claim {
claim_name = module.nfs_audiblez_data.claim_name
}
}
}

13
stacks/f1-stream/main.tf
View file

@ -15,6 +15,14 @@ resource "kubernetes_namespace" "f1-stream" {
}
}
module "nfs_data" {
source = "../../modules/kubernetes/nfs_volume"
name = "f1-stream-data"
namespace = kubernetes_namespace.f1-stream.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/f1-stream"
}
resource "kubernetes_deployment" "f1-stream" {
metadata {
name = "f1-stream"
@ -70,9 +78,8 @@ resource "kubernetes_deployment" "f1-stream" {
}
volume {
name = "data"
nfs {
server = var.nfs_server
path = "/mnt/main/f1-stream"
persistent_volume_claim {
claim_name = module.nfs_data.claim_name
}
}
}

26
stacks/frigate/main.tf
View file

@ -20,6 +20,22 @@ module "tls_secret" {
tls_secret_name = var.tls_secret_name
}
module "nfs_config" {
source = "../../modules/kubernetes/nfs_volume"
name = "frigate-config"
namespace = kubernetes_namespace.frigate.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/frigate/config"
}
module "nfs_media" {
source = "../../modules/kubernetes/nfs_volume"
name = "frigate-media"
namespace = kubernetes_namespace.frigate.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/frigate/media"
}
resource "kubernetes_deployment" "frigate" {
metadata {
name = "frigate"
@ -135,9 +151,8 @@ resource "kubernetes_deployment" "frigate" {
volume {
name = "config"
nfs {
path = "/mnt/main/frigate/config"
server = var.nfs_server
persistent_volume_claim {
claim_name = module.nfs_config.claim_name
}
}
volume {
@ -149,9 +164,8 @@ resource "kubernetes_deployment" "frigate" {
}
volume {
name = "media"
nfs {
path = "/mnt/main/frigate/media"
server = var.nfs_server
persistent_volume_claim {
claim_name = module.nfs_media.claim_name
}
}
volume {

113
stacks/immich/main.tf
View file

@ -19,6 +19,73 @@ module "tls_secret" {
tls_secret_name = var.tls_secret_name
}
# NFS volumes for immich-server
module "nfs_backups" {
source = "../../modules/kubernetes/nfs_volume"
name = "immich-backups"
namespace = kubernetes_namespace.immich.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/immich/immich/backups"
}
module "nfs_encoded_video" {
source = "../../modules/kubernetes/nfs_volume"
name = "immich-encoded-video"
namespace = kubernetes_namespace.immich.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/immich/immich/encoded-video"
}
module "nfs_library" {
source = "../../modules/kubernetes/nfs_volume"
name = "immich-library"
namespace = kubernetes_namespace.immich.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/immich/immich/library"
}
module "nfs_profile" {
source = "../../modules/kubernetes/nfs_volume"
name = "immich-profile"
namespace = kubernetes_namespace.immich.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/immich/immich/profile"
}
module "nfs_thumbs" {
source = "../../modules/kubernetes/nfs_volume"
name = "immich-thumbs"
namespace = kubernetes_namespace.immich.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/ssd/immich/thumbs"
}
module "nfs_upload" {
source = "../../modules/kubernetes/nfs_volume"
name = "immich-upload"
namespace = kubernetes_namespace.immich.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/immich/immich/upload"
}
# NFS volume for immich-postgresql (shared with backup cronjob)
module "nfs_postgresql" {
source = "../../modules/kubernetes/nfs_volume"
name = "immich-postgresql-data"
namespace = kubernetes_namespace.immich.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/immich/data-immich-postgresql"
}
# NFS volume for immich-machine-learning cache
module "nfs_ml_cache" {
source = "../../modules/kubernetes/nfs_volume"
name = "immich-ml-cache"
namespace = kubernetes_namespace.immich.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/ssd/immich/machine-learning"
}
resource "kubernetes_namespace" "immich" {
metadata {
name = "immich"
@ -186,44 +253,38 @@ resource "kubernetes_deployment" "immich_server" {
volume {
name = "backups"
nfs {
server = var.nfs_server
path = "/mnt/main/immich/immich/backups"
persistent_volume_claim {
claim_name = module.nfs_backups.claim_name
}
}
volume {
name = "encoded-video"
nfs {
server = var.nfs_server
path = "/mnt/main/immich/immich/encoded-video"
persistent_volume_claim {
claim_name = module.nfs_encoded_video.claim_name
}
}
volume {
name = "library"
nfs {
server = var.nfs_server
path = "/mnt/main/immich/immich/library"
persistent_volume_claim {
claim_name = module.nfs_library.claim_name
}
}
volume {
name = "profile"
nfs {
server = var.nfs_server
path = "/mnt/main/immich/immich/profile"
persistent_volume_claim {
claim_name = module.nfs_profile.claim_name
}
}
volume {
name = "thumbs"
nfs {
server = var.nfs_server
path = "/mnt/ssd/immich/thumbs"
persistent_volume_claim {
claim_name = module.nfs_thumbs.claim_name
}
}
volume {
name = "upload"
nfs {
server = var.nfs_server
path = "/mnt/main/immich/immich/upload"
persistent_volume_claim {
claim_name = module.nfs_upload.claim_name
}
}
}
@ -316,9 +377,8 @@ resource "kubernetes_deployment" "immich-postgres" {
}
volume {
name = "postgresql-persistent-storage"
nfs {
path = "/mnt/main/immich/data-immich-postgresql"
server = var.nfs_server
persistent_volume_claim {
claim_name = module.nfs_postgresql.claim_name
}
}
}
@ -458,10 +518,8 @@ resource "kubernetes_deployment" "immich-machine-learning" {
}
volume {
name = "cache"
nfs {
# path = "/mnt/main/immich/machine-learning"
path = "/mnt/ssd/immich/machine-learning" # load cache from ssd
server = var.nfs_server
persistent_volume_claim {
claim_name = module.nfs_ml_cache.claim_name
}
}
}
@ -550,9 +608,8 @@ resource "kubernetes_cron_job_v1" "postgresql-backup" {
}
volume {
name = "postgresql-backup"
nfs {
path = "/mnt/main/immich/data-immich-postgresql"
server = var.nfs_server
persistent_volume_claim {
claim_name = module.nfs_postgresql.claim_name
}
}
}

2
stacks/nextcloud/chart_values.yaml
View file

@ -41,7 +41,7 @@ externalDatabase:
persistence:
enabled: true
existingClaim: nextcloud-data-pvc
existingClaim: nextcloud-data
accessMode: ReadWriteOnce
size: 100Gi

61
stacks/nextcloud/main.tf
View file

@ -91,6 +91,23 @@ resource "helm_release" "nextcloud" {
# }
# }
module "nfs_nextcloud_data" {
source = "../../modules/kubernetes/nfs_volume"
name = "nextcloud-data"
namespace = kubernetes_namespace.nextcloud.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/nextcloud"
storage = "100Gi"
}
module "nfs_nextcloud_backup" {
source = "../../modules/kubernetes/nfs_volume"
name = "nextcloud-backup"
namespace = kubernetes_namespace.nextcloud.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/nextcloud-backup"
}
resource "kubernetes_deployment" "whiteboard" {
metadata {
name = "whiteboard"
@ -160,40 +177,6 @@ resource "kubernetes_service" "whiteboard" {
}
}
resource "kubernetes_persistent_volume" "nextcloud-data-pv" {
metadata {
name = "nextcloud-data-pv"
}
spec {
capacity = {
"storage" = "100Gi"
}
access_modes = ["ReadWriteOnce"]
persistent_volume_source {
nfs {
path = "/mnt/main/nextcloud"
server = var.nfs_server
}
}
}
}
resource "kubernetes_persistent_volume_claim" "nextcloud-data-pvc" {
metadata {
name = "nextcloud-data-pvc"
namespace = kubernetes_namespace.nextcloud.metadata[0].name
}
spec {
access_modes = ["ReadWriteOnce"]
resources {
requests = {
"storage" = "100Gi"
}
}
volume_name = "nextcloud-data-pv"
}
}
module "ingress" {
source = "../../modules/kubernetes/ingress_factory"
namespace = kubernetes_namespace.nextcloud.metadata[0].name
@ -333,17 +316,15 @@ resource "kubernetes_cron_job_v1" "nextcloud-backup" {
volume {
name = "nextcloud-data"
nfs {
server = var.nfs_server
path = "/mnt/main/nextcloud"
persistent_volume_claim {
claim_name = module.nfs_nextcloud_data.claim_name
}
}
volume {
name = "backup"
nfs {
server = var.nfs_server
path = "/mnt/main/nextcloud-backup"
persistent_volume_claim {
claim_name = module.nfs_nextcloud_backup.claim_name
}
}

52
stacks/openclaw/main.tf
View file

@ -210,6 +210,38 @@ resource "random_password" "gateway_token" {
special = false
}
module "nfs_tools" {
source = "../../modules/kubernetes/nfs_volume"
name = "openclaw-tools"
namespace = kubernetes_namespace.openclaw.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/openclaw/tools"
}
module "nfs_openclaw_home" {
source = "../../modules/kubernetes/nfs_volume"
name = "openclaw-home"
namespace = kubernetes_namespace.openclaw.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/openclaw/home"
}
module "nfs_workspace" {
source = "../../modules/kubernetes/nfs_volume"
name = "openclaw-workspace"
namespace = kubernetes_namespace.openclaw.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/openclaw/workspace"
}
module "nfs_data" {
source = "../../modules/kubernetes/nfs_volume"
name = "openclaw-data"
namespace = kubernetes_namespace.openclaw.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/openclaw/data"
}
resource "kubernetes_deployment" "openclaw" {
metadata {
name = "openclaw"
@ -528,30 +560,26 @@ resource "kubernetes_deployment" "openclaw" {
volume {
name = "tools"
nfs {
server = var.nfs_server
path = "/mnt/main/openclaw/tools"
persistent_volume_claim {
claim_name = module.nfs_tools.claim_name
}
}
volume {
name = "openclaw-home"
nfs {
server = var.nfs_server
path = "/mnt/main/openclaw/home"
persistent_volume_claim {
claim_name = module.nfs_openclaw_home.claim_name
}
}
volume {
name = "workspace"
nfs {
server = var.nfs_server
path = "/mnt/main/openclaw/workspace"
persistent_volume_claim {
claim_name = module.nfs_workspace.claim_name
}
}
volume {
name = "data"
nfs {
server = var.nfs_server
path = "/mnt/main/openclaw/data"
persistent_volume_claim {
claim_name = module.nfs_data.claim_name
}
}
volume {

31
stacks/osm_routing/main.tf
View file

@ -12,6 +12,22 @@ resource "kubernetes_namespace" "osm-routing" {
}
}
module "nfs_osrm_data" {
source = "../../modules/kubernetes/nfs_volume"
name = "osm-routing-osrm-data"
namespace = kubernetes_namespace.osm-routing.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/osm-routing/osrm-data"
}
module "nfs_otp_data" {
source = "../../modules/kubernetes/nfs_volume"
name = "osm-routing-otp-data"
namespace = kubernetes_namespace.osm-routing.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/osm-routing/otp-data"
}
# --- OSRM Foot ---
resource "kubernetes_deployment" "osrm-foot" {
metadata {
@ -65,9 +81,8 @@ resource "kubernetes_deployment" "osrm-foot" {
}
volume {
name = "osrm-data"
nfs {
server = var.nfs_server
path = "/mnt/main/osm-routing/osrm-data"
persistent_volume_claim {
claim_name = module.nfs_osrm_data.claim_name
}
}
}
@ -147,9 +162,8 @@ resource "kubernetes_deployment" "osrm-bicycle" {
}
volume {
name = "osrm-data"
nfs {
server = var.nfs_server
path = "/mnt/main/osm-routing/osrm-data"
persistent_volume_claim {
claim_name = module.nfs_osrm_data.claim_name
}
}
}
@ -219,9 +233,8 @@ resource "kubernetes_deployment" "otp" {
}
volume {
name = "otp-data"
nfs {
server = var.nfs_server
path = "/mnt/main/osm-routing/otp-data"
persistent_volume_claim {
claim_name = module.nfs_otp_data.claim_name
}
}
}

39
stacks/platform/modules/dbaas/main.tf
View file

@ -234,6 +234,30 @@ resource "kubernetes_service" "mysql" {
depends_on = [helm_release.mysql_cluster]
}
module "nfs_mysql_backup" {
source = "../../../../modules/kubernetes/nfs_volume"
name = "dbaas-mysql-backup"
namespace = kubernetes_namespace.dbaas.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/mysql-backup"
}
module "nfs_pgadmin" {
source = "../../../../modules/kubernetes/nfs_volume"
name = "dbaas-pgadmin"
namespace = kubernetes_namespace.dbaas.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/postgresql/pgadmin"
}
module "nfs_postgresql_backup" {
source = "../../../../modules/kubernetes/nfs_volume"
name = "dbaas-postgresql-backup"
namespace = kubernetes_namespace.dbaas.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/postgresql-backup"
}
resource "kubernetes_cron_job_v1" "mysql-backup" {
metadata {
name = "mysql-backup"
@ -281,9 +305,8 @@ resource "kubernetes_cron_job_v1" "mysql-backup" {
}
volume {
name = "mysql-backup"
nfs {
path = "/mnt/main/mysql-backup"
server = var.nfs_server
persistent_volume_claim {
claim_name = module.nfs_mysql_backup.claim_name
}
}
}
@ -927,9 +950,8 @@ resource "kubernetes_deployment" "pgadmin" {
# config_map {
# name = "pgadmin-config"
# }
nfs {
path = "/mnt/main/postgresql/pgadmin"
server = var.nfs_server
persistent_volume_claim {
claim_name = module.nfs_pgadmin.claim_name
}
}
dns_config {
@ -1017,9 +1039,8 @@ resource "kubernetes_cron_job_v1" "postgresql-backup" {
}
volume {
name = "postgresql-backup"
nfs {
path = "/mnt/main/postgresql-backup"
server = var.nfs_server
persistent_volume_claim {
claim_name = module.nfs_postgresql_backup.claim_name
}
}
}

13
stacks/platform/modules/headscale/main.tf
View file

@ -20,6 +20,14 @@ module "tls_secret" {
tls_secret_name = var.tls_secret_name
}
module "nfs_data" {
source = "../../../../modules/kubernetes/nfs_volume"
name = "headscale-data"
namespace = kubernetes_namespace.headscale.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/headscale"
}
resource "kubernetes_deployment" "headscale" {
metadata {
name = "headscale"
@ -111,9 +119,8 @@ resource "kubernetes_deployment" "headscale" {
volume {
name = "nfs-config"
nfs {
path = "/mnt/main/headscale"
server = var.nfs_server
persistent_volume_claim {
claim_name = module.nfs_data.claim_name
}
}
# container {

13
stacks/platform/modules/infra-maintenance/main.tf
View file

@ -66,6 +66,14 @@ variable "nfs_server" { type = string }
# }
# }
module "nfs_etcd_backup" {
source = "../../../../modules/kubernetes/nfs_volume"
name = "infra-etcd-backup"
namespace = "default"
nfs_server = var.nfs_server
nfs_path = "/mnt/main/etcd-backup"
}
# # backup etcd
resource "kubernetes_cron_job_v1" "backup-etcd" {
metadata {
@ -123,9 +131,8 @@ resource "kubernetes_cron_job_v1" "backup-etcd" {
volume {
name = "backup"
nfs {
path = "/mnt/main/etcd-backup"
server = var.nfs_server
persistent_volume_claim {
claim_name = module.nfs_etcd_backup.claim_name
}
}
volume {

13
stacks/platform/modules/mailserver/main.tf
View file

@ -154,6 +154,14 @@ resource "kubernetes_secret" "opendkim_key" {
}
module "nfs_data" {
source = "../../../../modules/kubernetes/nfs_volume"
name = "mailserver-data"
namespace = kubernetes_namespace.mailserver.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/mailserver"
}
resource "kubernetes_deployment" "mailserver" {
metadata {
name = "mailserver"
@ -413,9 +421,8 @@ resource "kubernetes_deployment" "mailserver" {
}
volume {
name = "data"
nfs {
path = "/mnt/main/mailserver"
server = var.nfs_server
persistent_volume_claim {
claim_name = module.nfs_data.claim_name
}
# iscsi {
# target_portal = "iscsi.viktorbarzin.lan:3260"

26
stacks/platform/modules/mailserver/roundcubemail.tf
View file

@ -1,6 +1,22 @@
variable "roundcube_db_password" { type = string }
variable "mysql_host" { type = string }
module "nfs_roundcube_html" {
source = "../../../../modules/kubernetes/nfs_volume"
name = "roundcubemail-html"
namespace = kubernetes_namespace.mailserver.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/roundcubemail/html"
}
module "nfs_roundcube_enigma" {
source = "../../../../modules/kubernetes/nfs_volume"
name = "roundcubemail-enigma"
namespace = kubernetes_namespace.mailserver.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/roundcubemail/enigma"
}
# If you want to override settings mount this in /var/roundcube/config
# more info in https://github.com/roundcube/roundcubemail-docker?tab=readme-ov-file
# resource "kubernetes_config_map" "roundcubemail_config" {
@ -147,16 +163,14 @@ resource "kubernetes_deployment" "roundcubemail" {
volume {
name = "html"
nfs {
path = "/mnt/main/roundcubemail/html"
server = var.nfs_server
persistent_volume_claim {
claim_name = module.nfs_roundcube_html.claim_name
}
}
volume {
name = "enigma"
nfs {
path = "/mnt/main/roundcubemail/enigma"
server = var.nfs_server
persistent_volume_claim {
claim_name = module.nfs_roundcube_enigma.claim_name
}
}
dns_config {

11
stacks/platform/modules/monitoring/grafana.tf
View file

@ -34,11 +34,16 @@ resource "kubernetes_persistent_volume" "alertmanager_pv" {
}
access_modes = ["ReadWriteOnce"]
persistent_volume_source {
nfs {
path = "/mnt/main/alertmanager"
server = var.nfs_server
csi {
driver = "nfs.csi.k8s.io"
volume_handle = "alertmanager-pv"
volume_attributes = {
server = var.nfs_server
share = "/mnt/main/alertmanager"
}
}
}
storage_class_name = "nfs-truenas"
}
}
# resource "kubernetes_persistent_volume_claim" "grafana_pvc" {

11
stacks/platform/modules/monitoring/loki.tf
View file

@ -24,11 +24,16 @@ resource "kubernetes_persistent_volume" "loki" {
}
access_modes = ["ReadWriteOnce"]
persistent_volume_source {
nfs {
path = "/mnt/main/loki/loki"
server = var.nfs_server
csi {
driver = "nfs.csi.k8s.io"
volume_handle = "loki"
volume_attributes = {
server = var.nfs_server
share = "/mnt/main/loki/loki"
}
}
}
storage_class_name = "nfs-truenas"
persistent_volume_reclaim_policy = "Retain"
volume_mode = "Filesystem"
}

21
stacks/platform/modules/monitoring/prometheus.tf
View file

@ -14,7 +14,8 @@ resource "kubernetes_persistent_volume_claim" "prometheus_server_pvc" {
}
}
# storage_class_name = "standard"
volume_name = "prometheus-iscsi-pv"
storage_class_name = "nfs-truenas"
volume_name = "prometheus-iscsi-pv"
}
}
@ -28,18 +29,16 @@ resource "kubernetes_persistent_volume" "prometheus_server_pvc" {
}
access_modes = ["ReadWriteOnce"]
persistent_volume_source {
nfs {
path = "/mnt/main/prometheus"
server = var.nfs_server
csi {
driver = "nfs.csi.k8s.io"
volume_handle = "prometheus-iscsi-pv"
volume_attributes = {
server = var.nfs_server
share = "/mnt/main/prometheus"
}
}
# iscsi {
# fs_type = "ext4"
# iqn = "iqn.2020-12.lan.viktorbarzin:storage:monitoring:prometheus"
# lun = 0
# target_portal = "iscsi.viktorbarzin.me:3260"
# }
}
storage_class_name = "nfs-truenas"
persistent_volume_reclaim_policy = "Retain"
volume_mode = "Filesystem"
}

13
stacks/platform/modules/redis/main.tf
View file

@ -139,6 +139,14 @@ resource "kubernetes_service" "redis" {
depends_on = [helm_release.redis]
}
module "nfs_backup" {
source = "../../../../modules/kubernetes/nfs_volume"
name = "redis-backup"
namespace = kubernetes_namespace.redis.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/redis-backup"
}
# Hourly backup: copy RDB snapshot from master to NFS
resource "kubernetes_cron_job_v1" "redis-backup" {
metadata {
@ -179,9 +187,8 @@ resource "kubernetes_cron_job_v1" "redis-backup" {
}
volume {
name = "backup"
nfs {
path = "/mnt/main/redis-backup"
server = var.nfs_server
persistent_volume_claim {
claim_name = module.nfs_backup.claim_name
}
}
}

13
stacks/platform/modules/technitium/ha.tf
View file

@ -6,6 +6,14 @@
# Both pods share the `dns-server=true` label so the DNS LoadBalancer
# in main.tf routes queries to whichever pod is healthy.
module "nfs_secondary_config" {
source = "../../../../modules/kubernetes/nfs_volume"
name = "technitium-secondary-config"
namespace = kubernetes_namespace.technitium.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/technitium-secondary"
}
# Primary-only service for zone transfers (AXFR) and API access
resource "kubernetes_service" "technitium_primary" {
metadata {
@ -135,9 +143,8 @@ resource "kubernetes_deployment" "technitium_secondary" {
}
volume {
name = "nfs-config"
nfs {
path = "/mnt/main/technitium-secondary"
server = var.nfs_server
persistent_volume_claim {
claim_name = module.nfs_secondary_config.claim_name
}
}
dns_config {

13
stacks/platform/modules/technitium/main.tf
View file

@ -81,6 +81,14 @@ resource "kubernetes_config_map" "coredns" {
}
}
module "nfs_config" {
source = "../../../../modules/kubernetes/nfs_volume"
name = "technitium-config"
namespace = kubernetes_namespace.technitium.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/technitium"
}
resource "kubernetes_deployment" "technitium" {
# resource "kubernetes_daemonset" "technitium" {
metadata {
@ -196,9 +204,8 @@ resource "kubernetes_deployment" "technitium" {
}
volume {
name = "nfs-config"
nfs {
path = "/mnt/main/technitium"
server = var.nfs_server
persistent_volume_claim {
claim_name = module.nfs_config.claim_name
}
}
volume {

13
stacks/platform/modules/uptime-kuma/main.tf
View file

@ -20,6 +20,14 @@ module "tls_secret" {
tls_secret_name = var.tls_secret_name
}
module "nfs_data" {
source = "../../../../modules/kubernetes/nfs_volume"
name = "uptime-kuma-data"
namespace = kubernetes_namespace.uptime-kuma.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/uptime-kuma"
}
resource "kubernetes_deployment" "uptime-kuma" {
metadata {
name = "uptime-kuma"
@ -78,9 +86,8 @@ resource "kubernetes_deployment" "uptime-kuma" {
}
volume {
name = "data"
nfs {
server = var.nfs_server
path = "/mnt/main/uptime-kuma"
persistent_volume_claim {
claim_name = module.nfs_data.claim_name
}
}
dns_config {

13
stacks/platform/modules/vaultwarden/main.tf
View file

@ -20,6 +20,14 @@ module "tls_secret" {
tls_secret_name = var.tls_secret_name
}
module "nfs_data" {
source = "../../../../modules/kubernetes/nfs_volume"
name = "vaultwarden-data"
namespace = kubernetes_namespace.vaultwarden.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/vaultwarden"
}
resource "kubernetes_deployment" "vaultwarden" {
metadata {
name = "vaultwarden"
@ -108,9 +116,8 @@ resource "kubernetes_deployment" "vaultwarden" {
}
volume {
name = "data"
nfs {
path = "/mnt/main/vaultwarden"
server = var.nfs_server
persistent_volume_claim {
claim_name = module.nfs_data.claim_name
}
}
dns_config {

23
stacks/real-estate-crawler/main.tf
View file

@ -23,6 +23,14 @@ module "tls_secret" {
tls_secret_name = var.tls_secret_name
}
module "nfs_data" {
source = "../../modules/kubernetes/nfs_volume"
name = "real-estate-crawler-data"
namespace = kubernetes_namespace.realestate-crawler.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/real-estate-crawler"
}
resource "kubernetes_deployment" "realestate-crawler-ui" {
metadata {
name = "realestate-crawler-ui"
@ -207,9 +215,8 @@ resource "kubernetes_deployment" "realestate-crawler-api" {
}
volume {
name = "data"
nfs {
path = "/mnt/main/real-estate-crawler"
server = var.nfs_server
persistent_volume_claim {
claim_name = module.nfs_data.claim_name
}
}
}
@ -341,9 +348,8 @@ resource "kubernetes_deployment" "realestate-crawler-celery" {
}
volume {
name = "data"
nfs {
path = "/mnt/main/real-estate-crawler"
server = var.nfs_server
persistent_volume_claim {
claim_name = module.nfs_data.claim_name
}
}
}
@ -439,9 +445,8 @@ resource "kubernetes_deployment" "realestate-crawler-celery-beat" {
}
volume {
name = "data"
nfs {
path = "/mnt/main/real-estate-crawler"
server = var.nfs_server
persistent_volume_claim {
claim_name = module.nfs_data.claim_name
}
}
}

13
stacks/rybbit/main.tf
View file

@ -30,6 +30,14 @@ locals {
}
module "nfs_clickhouse_data" {
source = "../../modules/kubernetes/nfs_volume"
name = "rybbit-clickhouse-data"
namespace = kubernetes_namespace.rybbit.metadata[0].name
nfs_server = var.nfs_server
nfs_path = "/mnt/main/clickhouse"
}
resource "kubernetes_deployment" "clickhouse" {
metadata {
name = "clickhouse"
@ -86,9 +94,8 @@ resource "kubernetes_deployment" "clickhouse" {
}
volume {
name = "data"
nfs {
path = "/mnt/main/clickhouse"
server = var.nfs_server
persistent_volume_claim {
claim_name = module.nfs_clickhouse_data.claim_name
}
}
}