add linkwarden[ci skip]

main.tf

@@ -83,6 +83,9 @@ variable "ansible_prefix" {
   default     = "ANSIBLE_VAULT_PASSWORD_FILE=~/.ansible/vault_pass.txt ansible-playbook -i playbook/hosts.yaml playbook/linux.yml -t linux/initial_setup"
   description = "Provisioner command"
 }
+variable "linkwarden_postgresql_password" {}
+variable "linkwarden_authentik_client_id" {}
+variable "linkwarden_authentik_client_secret" {}
 
 # data "terraform_remote_state" "foo" {
 #   backend = "kubernetes"
@@ -370,6 +373,10 @@ module "kubernetes_cluster" {
 
   authentik_secret_key        = var.authentik_secret_key
   authentik_postgres_password = var.authentik_postgres_password
+
+  linkwarden_postgresql_password     = var.linkwarden_postgresql_password
+  linkwarden_authentik_client_id     = var.linkwarden_authentik_client_id
+  linkwarden_authentik_client_secret = var.linkwarden_authentik_client_secret
 }
 
 

modules/kubernetes/linkwarden/main.tf

@@ -0,0 +1,148 @@
+variable "tls_secret_name" {}
+variable "postgresql_password" {}
+variable "authentik_client_id" {}
+variable "authentik_client_secret" {}
+
+resource "kubernetes_namespace" "linkwarden" {
+  metadata {
+    name = "linkwarden"
+  }
+}
+
+module "tls_secret" {
+  source          = "../setup_tls_secret"
+  namespace       = "linkwarden"
+  tls_secret_name = var.tls_secret_name
+}
+
+resource "random_string" "secret" {
+  length           = 32
+  special          = true
+  override_special = "/@£$"
+}
+
+resource "kubernetes_deployment" "linkwarden" {
+  metadata {
+    name      = "linkwarden"
+    namespace = "linkwarden"
+    labels = {
+      app = "linkwarden"
+    }
+    annotations = {
+      "reloader.stakater.com/search" = "true"
+    }
+  }
+  spec {
+    replicas = 1
+    selector {
+      match_labels = {
+        app = "linkwarden"
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          app = "linkwarden"
+        }
+      }
+      spec {
+        container {
+          image = "ghcr.io/linkwarden/linkwarden:latest"
+          name  = "linkwarden"
+
+          port {
+            container_port = 3000
+          }
+          env {
+            name  = "DATABASE_URL"
+            value = "postgresql://linkwarden:${var.postgresql_password}@postgresql.dbaas.svc.cluster.local:5432/linkwarden"
+          }
+          env {
+            name  = "NEXT_PUBLIC_AUTHENTIK_ENABLED"
+            value = "true"
+          }
+          env {
+            name  = "NEXTAUTH_SECRET"
+            value = random_string.secret.result
+          }
+          env {
+            name  = "NEXTAUTH_URL"
+            value = "https://linkwarden.viktorbarzin.me/api/v1/auth"
+          }
+          env {
+            name  = "AUTHENTIK_ISSUER"
+            value = "https://authentik.viktorbarzin.me/application/o/linkwarden"
+          }
+          env {
+            name  = "AUTHENTIK_CLIENT_ID"
+            value = var.authentik_client_id
+          }
+          env {
+            name  = "AUTHENTIK_CLIENT_SECRET"
+            value = var.authentik_client_secret
+          }
+        }
+      }
+    }
+  }
+}
+resource "kubernetes_service" "linkwarden" {
+  metadata {
+    name      = "linkwarden"
+    namespace = "linkwarden"
+    labels = {
+      app = "linkwarden"
+    }
+  }
+
+  spec {
+    selector = {
+      app = "linkwarden"
+    }
+    port {
+      name        = "linkwarden"
+      port        = 80
+      target_port = 3000
+    }
+  }
+}
+resource "kubernetes_ingress_v1" "linkwarden" {
+  metadata {
+    name      = "linkwarden"
+    namespace = "linkwarden"
+    annotations = {
+      "kubernetes.io/ingress.class" = "nginx"
+      # "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth"
+      # "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
+      #   "nginx.ingress.kubernetes.io/auth-url" : "http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx"
+      #   "nginx.ingress.kubernetes.io/auth-signin" : "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme%3A%2F%2F$host$escaped_request_uri"
+
+      #   "nginx.ingress.kubernetes.io/auth-response-headers" : "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid"
+      #   "nginx.ingress.kubernetes.io/auth-snippet" : "proxy_set_header X-Forwarded-Host $http_host;"
+      "nginx.ingress.kubernetes.io/ssl-passthrough" : true
+    }
+  }
+
+  spec {
+    tls {
+      hosts       = ["linkwarden.viktorbarzin.me"]
+      secret_name = var.tls_secret_name
+    }
+    rule {
+      host = "linkwarden.viktorbarzin.me"
+      http {
+        path {
+          path = "/"
+          backend {
+            service {
+              name = "linkwarden"
+              port {
+                number = 80
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}

modules/kubernetes/main.tf

@@ -63,6 +63,9 @@ variable "nextcloud_db_password" {}
 variable "homepage_credentials" {}
 variable "authentik_secret_key" {}
 variable "authentik_postgres_password" {}
+variable "linkwarden_postgresql_password" {}
+variable "linkwarden_authentik_client_id" {}
+variable "linkwarden_authentik_client_secret" {}
 
 resource "null_resource" "core_services" {
   # List all the core modules that must be provisioned first
@@ -522,3 +525,10 @@ module "authentik" {
   postgres_password = var.authentik_postgres_password
 }
 
+module "linkwarden" {
+  source                  = "./linkwarden"
+  tls_secret_name         = var.tls_secret_name
+  postgresql_password     = var.linkwarden_postgresql_password
+  authentik_client_id     = var.linkwarden_authentik_client_id
+  authentik_client_secret = var.linkwarden_authentik_client_secret
+}