add some homepage credentials to some services to block tls renew tfa[ci skip]

main.tf

@@ -73,6 +73,9 @@ variable "paperless_db_password" {}
 variable "diun_nfty_token" {}
 variable "docker_config" {}
 variable "nextcloud_db_password" {}
+variable "homepage_credentials" {
+  type = map(any)
+}
 
 variable "ansible_prefix" {
   default     = "ANSIBLE_VAULT_PASSWORD_FILE=~/.ansible/vault_pass.txt ansible-playbook -i playbook/hosts.yaml playbook/linux.yml -t linux/initial_setup"
@@ -361,6 +364,7 @@ module "kubernetes_cluster" {
   docker_config   = var.docker_config
 
   nextcloud_db_password = var.nextcloud_db_password
+  homepage_credentials  = var.homepage_credentials
 }
 
 

modules/kubernetes/immich/chart_values.tpl

@@ -29,6 +29,8 @@ env:
 
 image:
   tag: v1.116.2
+  # tag: v1.117.0 # not working
+  # tag: v1.118.1
 
 immich:
   persistence:

modules/kubernetes/immich/main.tf

@@ -1,5 +1,6 @@
 variable "tls_secret_name" {}
 variable "postgresql_password" {}
+variable "homepage_token" {}
 
 module "tls_secret" {
   source          = "../setup_tls_secret"
@@ -94,7 +95,9 @@ resource "helm_release" "immich" {
   repository = "https://immich-app.github.io/immich-charts"
   chart      = "immich"
   atomic     = true
-  version    = "0.7.0"
+  version    = "0.8.1"
+  # version = "0.7.2"
+  timeout = 6000
 
   values = [templatefile("${path.module}/chart_values.tpl", { postgresql_password = var.postgresql_password })]
 }
@@ -135,6 +138,15 @@ resource "kubernetes_ingress_v1" "immich" {
       # "nginx.ingress.kubernetes.io/session-cookie-name" : "STICKY_SESSION"
       # "nginx.ingress.kubernetes.io/use-regex" : false
       "nginx.org/websocket-services" : "immich-server"
+
+      "gethomepage.dev/enabled"      = "true"
+      "gethomepage.dev/description"  = "Photos library"
+      "gethomepage.dev/icon"         = "immich.png"
+      "gethomepage.dev/name"         = "Immich"
+      "gethomepage.dev/widget.type"  = "immich"
+      "gethomepage.dev/widget.url"   = "https://immich.viktorbarzin.me"
+      "gethomepage.dev/pod-selector" = ""
+      "gethomepage.dev/widget.key"   = var.homepage_token
     }
   }
 
@@ -155,6 +167,7 @@ resource "kubernetes_ingress_v1" "immich" {
               port {
                 # number = 8080
                 number = 3001
+                # number = 2283
               }
             }
           }

modules/kubernetes/main.tf

@@ -60,6 +60,7 @@ variable "paperless_db_password" {}
 variable "diun_nfty_token" {}
 variable "docker_config" {}
 variable "nextcloud_db_password" {}
+variable "homepage_credentials" {}
 
 resource "null_resource" "core_services" {
   # List all the core modules that must be provisioned first
@@ -351,6 +352,7 @@ module "immich" {
   source              = "./immich"
   tls_secret_name     = var.tls_secret_name
   postgresql_password = var.immich_postgresql_password
+  homepage_token      = var.homepage_credentials["immich"]["token"]
 }
 
 module "nginx-ingress" {
@@ -362,8 +364,10 @@ module "nginx-ingress" {
 }
 
 module "crowdsec" {
-  source          = "./crowdsec"
-  tls_secret_name = var.tls_secret_name
+  source            = "./crowdsec"
+  tls_secret_name   = var.tls_secret_name
+  homepage_username = var.homepage_credentials["crowdsec"]["username"]
+  homepage_password = var.homepage_credentials["crowdsec"]["password"]
 }
 
 # Seems like it needs S3 even if pg is local...
@@ -380,8 +384,10 @@ module "uptime-kuma" {
 }
 
 module "calibre" {
-  source          = "./calibre"
-  tls_secret_name = var.tls_secret_name
+  source            = "./calibre"
+  tls_secret_name   = var.tls_secret_name
+  homepage_username = var.homepage_credentials["calibre-web"]["username"]
+  homepage_password = var.homepage_credentials["calibre-web"]["password"]
 }
 
 # Audiobooks are served using audiobookshelf; still looking for a usecawe for JF
@@ -428,15 +434,18 @@ module "cloudflared" {
 #   tls_secret_name = var.tls_secret_name
 # }
 
-# module "metrics-server" {
-#   source          = "./metrics-server"
-#   tls_secret_name = var.tls_secret_name
-# }
+module "metrics-server" {
+  source          = "./metrics-server"
+  tls_secret_name = var.tls_secret_name
+}
 
 module "paperless-ngx" {
   source          = "./paperless-ngx"
   tls_secret_name = var.tls_secret_name
   db_password     = var.paperless_db_password
+  # homepage_token  = var.homepage_credentials["paperless-ngx"]["token"]
+  homepage_username = var.homepage_credentials["paperless-ngx"]["username"]
+  homepage_password = var.homepage_credentials["paperless-ngx"]["password"]
 }
 
 module "jsoncrack" {
@@ -490,3 +499,8 @@ module "nextcloud" {
   tls_secret_name = var.tls_secret_name
   db_password     = var.nextcloud_db_password
 }
+
+module "homepage" {
+  source          = "./homepage"
+  tls_secret_name = var.tls_secret_name
+}