add some homepage credentials to some services to block tls renew tfa[ci skip]

2024-10-18 22:37:47 +00:00 · 2024-10-18 22:37:47 +00:00 · 1b1aa215db
commit 1b1aa215db
parent 490b5ef24d
5 changed files with 42 additions and 9 deletions
--- a/main.tf
+++ b/main.tf
@ -73,6 +73,9 @@ variable "paperless_db_password" {}
 variable "diun_nfty_token" {}
 variable "docker_config" {}
 variable "nextcloud_db_password" {}
 variable "homepage_credentials" {
  type = map(any)
 }
 variable "ansible_prefix" {
  default     = "ANSIBLE_VAULT_PASSWORD_FILE=~/.ansible/vault_pass.txt ansible-playbook -i playbook/hosts.yaml playbook/linux.yml -t linux/initial_setup"
@ -361,6 +364,7 @@ module "kubernetes_cluster" {
  docker_config   = var.docker_config
  nextcloud_db_password = var.nextcloud_db_password
  homepage_credentials  = var.homepage_credentials
 }
--- a/modules/kubernetes/immich/chart_values.tpl
+++ b/modules/kubernetes/immich/chart_values.tpl
@ -29,6 +29,8 @@ env:
 image:
  tag: v1.116.2
  # tag: v1.117.0 # not working
  # tag: v1.118.1
 immich:
  persistence:
--- a/modules/kubernetes/immich/main.tf
+++ b/modules/kubernetes/immich/main.tf
@ -1,5 +1,6 @@
 variable "tls_secret_name" {}
 variable "postgresql_password" {}
 variable "homepage_token" {}
 module "tls_secret" {
  source          = "../setup_tls_secret"
@ -94,7 +95,9 @@ resource "helm_release" "immich" {
  repository = "https://immich-app.github.io/immich-charts"
  chart      = "immich"
  atomic     = true
-  version    = "0.7.0"
+  version    = "0.8.1"
  # version = "0.7.2"
  timeout = 6000
  values = [templatefile("${path.module}/chart_values.tpl", { postgresql_password = var.postgresql_password })]
 }
@ -135,6 +138,15 @@ resource "kubernetes_ingress_v1" "immich" {
      # "nginx.ingress.kubernetes.io/session-cookie-name" : "STICKY_SESSION"
      # "nginx.ingress.kubernetes.io/use-regex" : false
      "nginx.org/websocket-services" : "immich-server"
      "gethomepage.dev/enabled"      = "true"
      "gethomepage.dev/description"  = "Photos library"
      "gethomepage.dev/icon"         = "immich.png"
      "gethomepage.dev/name"         = "Immich"
      "gethomepage.dev/widget.type"  = "immich"
      "gethomepage.dev/widget.url"   = "https://immich.viktorbarzin.me"
      "gethomepage.dev/pod-selector" = ""
      "gethomepage.dev/widget.key"   = var.homepage_token
    }
  }
@ -155,6 +167,7 @@ resource "kubernetes_ingress_v1" "immich" {
              port {
                # number = 8080
                number = 3001
                # number = 2283
              }
            }
          }
--- a/modules/kubernetes/main.tf
+++ b/modules/kubernetes/main.tf
@ -60,6 +60,7 @@ variable "paperless_db_password" {}
 variable "diun_nfty_token" {}
 variable "docker_config" {}
 variable "nextcloud_db_password" {}
 variable "homepage_credentials" {}
 resource "null_resource" "core_services" {
  # List all the core modules that must be provisioned first
@ -351,6 +352,7 @@ module "immich" {
  source              = "./immich"
  tls_secret_name     = var.tls_secret_name
  postgresql_password = var.immich_postgresql_password
  homepage_token      = var.homepage_credentials["immich"]["token"]
 }
 module "nginx-ingress" {
@ -362,8 +364,10 @@ module "nginx-ingress" {
 }
 module "crowdsec" {
-  source          = "./crowdsec"
+  source            = "./crowdsec"
-  tls_secret_name = var.tls_secret_name
+  tls_secret_name   = var.tls_secret_name
  homepage_username = var.homepage_credentials["crowdsec"]["username"]
  homepage_password = var.homepage_credentials["crowdsec"]["password"]
 }
 # Seems like it needs S3 even if pg is local...
@ -380,8 +384,10 @@ module "uptime-kuma" {
 }
 module "calibre" {
-  source          = "./calibre"
+  source            = "./calibre"
-  tls_secret_name = var.tls_secret_name
+  tls_secret_name   = var.tls_secret_name
  homepage_username = var.homepage_credentials["calibre-web"]["username"]
  homepage_password = var.homepage_credentials["calibre-web"]["password"]
 }
 # Audiobooks are served using audiobookshelf; still looking for a usecawe for JF
@ -428,15 +434,18 @@ module "cloudflared" {
 #   tls_secret_name = var.tls_secret_name
 # }
-# module "metrics-server" {
+module "metrics-server" {
-#   source          = "./metrics-server"
+  source          = "./metrics-server"
-#   tls_secret_name = var.tls_secret_name
+  tls_secret_name = var.tls_secret_name
-# }
+}
 module "paperless-ngx" {
  source          = "./paperless-ngx"
  tls_secret_name = var.tls_secret_name
  db_password     = var.paperless_db_password
  # homepage_token  = var.homepage_credentials["paperless-ngx"]["token"]
  homepage_username = var.homepage_credentials["paperless-ngx"]["username"]
  homepage_password = var.homepage_credentials["paperless-ngx"]["password"]
 }
 module "jsoncrack" {
@ -490,3 +499,8 @@ module "nextcloud" {
  tls_secret_name = var.tls_secret_name
  db_password     = var.nextcloud_db_password
 }
 module "homepage" {
  source          = "./homepage"
  tls_secret_name = var.tls_secret_name
 }
--- a/terraform.tfvars
+++ b/terraform.tfvars