add freedify [ci skip]

main.tf

@@ -134,7 +134,7 @@ variable "wealthfolio_password_hash" { type = string }
 variable "aiostreams_database_connection_string" { type = string }
 variable "actualbudget_credentials" { type = map(any) }
 variable "speedtest_db_password" { type = string }
-
+variable "freedify_credentials" { type = map(any) }
 
 provider "kubernetes" {
   config_path = var.prod ? "" : "~/.kube/config"
@@ -560,6 +560,7 @@ module "kubernetes_cluster" {
   actualbudget_credentials = var.actualbudget_credentials
 
   speedtest_db_password = var.speedtest_db_password
+  freedify_credentials  = var.freedify_credentials
 }
 
 

modules/kubernetes/freedify/factory/main.tf

@@ -0,0 +1,149 @@
+variable "tls_secret_name" {}
+variable "name" {}
+variable "tag" {
+  default = "latest"
+}
+variable "tier" { type = string }
+variable "protected" {
+  type    = bool
+  default = false
+}
+variable "listenbrainz_token" {
+  type    = string
+  default = null
+}
+variable "genius_token" {
+  type    = string
+  default = null
+}
+variable "dab_visitor_id" {
+  type    = string
+  default = null
+}
+variable "dab_session" {
+  type    = string
+  default = null
+}
+variable "gemini_api_key" {
+  type    = string
+  default = null
+}
+variable "cpu_limit" {
+  type    = string
+  default = "500m"
+}
+variable "memory_limit" {
+  type    = string
+  default = "512Mi"
+}
+variable "cpu_request" {
+  type    = string
+  default = "100m"
+}
+variable "memory_request" {
+  type    = string
+  default = "256Mi"
+}
+
+
+resource "kubernetes_deployment" "freedify" {
+  metadata {
+    name      = "music-${var.name}"
+    namespace = "freedify"
+    labels = {
+      app  = "music-${var.name}"
+      tier = var.tier
+    }
+  }
+  spec {
+    replicas = 1
+    strategy {
+      type = "RollingUpdate"
+    }
+    selector {
+      match_labels = {
+        app = "music-${var.name}"
+      }
+    }
+    template {
+      metadata {
+        annotations = {
+          "diun.enable"       = "true"
+          "diun.include_tags" = "^${var.tag}$"
+        }
+        labels = {
+          app = "music-${var.name}"
+        }
+      }
+      spec {
+        container {
+          image = "viktorbarzin/freedify:${var.tag}"
+          name  = "freedify"
+
+          port {
+            container_port = 8000
+          }
+          env {
+            name  = "LISTENBRAINZ_TOKEN"
+            value = var.listenbrainz_token
+          }
+          env {
+            name  = "GENIUS_ACCESS_TOKEN"
+            value = var.genius_token
+          }
+          env {
+            name  = "DAB_SESSION"
+            value = var.dab_session
+          }
+          env {
+            name  = "DAB_VISITOR_ID"
+            value = var.dab_visitor_id
+          }
+          env {
+            name  = "GEMINI_API_KEY"
+            value = var.gemini_api_key
+          }
+          resources {
+            limits = {
+              cpu    = var.cpu_limit
+              memory = var.memory_limit
+            }
+            requests = {
+              cpu    = var.cpu_request
+              memory = var.memory_request
+            }
+          }
+        }
+      }
+    }
+  }
+}
+
+resource "kubernetes_service" "freedify" {
+  metadata {
+    name      = "music-${var.name}"
+    namespace = "freedify"
+    labels = {
+      app = "music-${var.name}"
+    }
+  }
+
+  spec {
+    selector = {
+      app = "music-${var.name}"
+    }
+    port {
+      name        = "http"
+      port        = 80
+      target_port = 8000
+    }
+  }
+}
+
+module "ingress" {
+  source          = "../../ingress_factory"
+  namespace       = "freedify"
+  name            = "music-${var.name}"
+  tls_secret_name = var.tls_secret_name
+  protected       = var.protected
+}

modules/kubernetes/freedify/main.tf

@@ -0,0 +1,54 @@
+variable "tls_secret_name" {}
+variable "tier" { type = string }
+variable "additional_credentials" { type = map(any) }
+
+# To create a new deployment:
+/**
+  1. Export a new nfs share with {name} in truenas at /mnt/main/freedify/{name}
+  2. Add {name} as proxied cloudflare route (tfvars)
+  3. Add module here
+*/
+
+resource "kubernetes_namespace" "freedify" {
+  metadata {
+    name = "freedify"
+    labels = {
+      "istio-injection" : "disabled"
+    }
+  }
+}
+
+module "tls_secret" {
+  source          = "../setup_tls_secret"
+  namespace       = kubernetes_namespace.freedify.metadata[0].name
+  tls_secret_name = var.tls_secret_name
+}
+
+# https://music-viktor.viktorbarzin.me/
+module "viktor" {
+  source             = "./factory"
+  name               = "viktor"
+  tag                = "latest"
+  tls_secret_name    = var.tls_secret_name
+  depends_on         = [kubernetes_namespace.freedify]
+  tier               = var.tier
+  protected          = true
+  listenbrainz_token = lookup(var.additional_credentials["viktor"], "listenbrainz_token", null)
+  genius_token       = lookup(var.additional_credentials["viktor"], "genius_token", null)
+  dab_session        = lookup(var.additional_credentials["viktor"], "dab_session", null)
+  dab_visitor_id     = lookup(var.additional_credentials["viktor"], "dab_visitor_id", null)
+  gemini_api_key     = lookup(var.additional_credentials["viktor"], "gemini_api_key", null)
+}
+
+# https://music-emo.viktorbarzin.me/
+module "emo" {
+  source          = "./factory"
+  name            = "emo"
+  tag             = "latest"
+  tls_secret_name = var.tls_secret_name
+  depends_on      = [kubernetes_namespace.freedify]
+  tier            = var.tier
+  protected       = true
+  genius_token    = lookup(var.additional_credentials["emo"], "genius_token", null)
+  gemini_api_key  = lookup(var.additional_credentials["emo"], "gemini_api_key", null)
+}

modules/kubernetes/main.tf

@@ -113,6 +113,7 @@ variable "wealthfolio_password_hash" { type = string }
 variable "aiostreams_database_connection_string" { type = string }
 variable "actualbudget_credentials" { type = map(any) }
 variable "speedtest_db_password" { type = string }
+variable "freedify_credentials" { type = map(any) }
 
 
 variable "defcon_level" {
@@ -138,7 +139,7 @@ locals {
       "url", "excalidraw", "travel_blog", "dashy", "send", "ytdlp", "wealthfolio", "rybbit", "stirling-pdf",
       "networking-toolbox", "navidrome", "freshrss", "forgejo", "tor-proxy", "real-estate-crawler", "n8n",
       "changedetection", "linkwarden", "matrix", "homepage", "meshcentral", "diun", "cyberchef", "ntfy", "ollama",
-      "servarr", "jsoncrack", "paperless-ngx", "frigate", "audiobookshelf", "tandoor", "ebook2audiobook", "netbox", "speedtest"
+      "servarr", "jsoncrack", "paperless-ngx", "frigate", "audiobookshelf", "tandoor", "ebook2audiobook", "netbox", "speedtest", "resume", "freedify"
     ],
   }
   active_modules = distinct(flatten([
@@ -569,6 +570,8 @@ module "crowdsec" {
 # Seems like it needs S3 even if pg is local...
 # module "resume" {
 #   source          = "./resume"
+#   tier            = local.tiers.aux
+#   for_each        = contains(local.active_modules, "resume") ? { resume = true } : {}
 #   tls_secret_name = var.tls_secret_name
 #   redis_url       = var.resume_redis_url
 #   database_url    = var.resume_database_url
@@ -1034,3 +1037,11 @@ module "speedtest" {
   depends_on      = [null_resource.core_services]
   db_password     = var.speedtest_db_password
 }
+
+module "freedify" {
+  source                 = "./freedify"
+  tls_secret_name        = var.tls_secret_name
+  tier                   = local.tiers.aux
+  for_each               = contains(local.active_modules, "freedify") ? { freedify = true } : {}
+  additional_credentials = var.freedify_credentials
+}