diff --git a/main.tf b/main.tf index 5340c954..0f826048 100644 --- a/main.tf +++ b/main.tf @@ -134,7 +134,7 @@ variable "wealthfolio_password_hash" { type = string } variable "aiostreams_database_connection_string" { type = string } variable "actualbudget_credentials" { type = map(any) } variable "speedtest_db_password" { type = string } - +variable "freedify_credentials" { type = map(any) } provider "kubernetes" { config_path = var.prod ? "" : "~/.kube/config" @@ -560,6 +560,7 @@ module "kubernetes_cluster" { actualbudget_credentials = var.actualbudget_credentials speedtest_db_password = var.speedtest_db_password + freedify_credentials = var.freedify_credentials } diff --git a/modules/kubernetes/freedify/factory/main.tf b/modules/kubernetes/freedify/factory/main.tf new file mode 100755 index 00000000..a25a9272 --- /dev/null +++ b/modules/kubernetes/freedify/factory/main.tf @@ -0,0 +1,149 @@ +variable "tls_secret_name" {} +variable "name" {} +variable "tag" { + default = "latest" +} +variable "tier" { type = string } +variable "protected" { + type = bool + default = false +} +variable "listenbrainz_token" { + type = string + default = null +} +variable "genius_token" { + type = string + default = null +} +variable "dab_visitor_id" { + type = string + default = null +} +variable "dab_session" { + type = string + default = null +} +variable "gemini_api_key" { + type = string + default = null +} +variable "cpu_limit" { + type = string + default = "500m" +} +variable "memory_limit" { + type = string + default = "512Mi" +} +variable "cpu_request" { + type = string + default = "100m" +} +variable "memory_request" { + type = string + default = "256Mi" +} + + +resource "kubernetes_deployment" "freedify" { + metadata { + name = "music-${var.name}" + namespace = "freedify" + labels = { + app = "music-${var.name}" + tier = var.tier + } + } + spec { + replicas = 1 + strategy { + type = "RollingUpdate" + } + selector { + match_labels = { + app = "music-${var.name}" + } + } + template { + metadata { + annotations = { + "diun.enable" = "true" + "diun.include_tags" = "^${var.tag}$" + } + labels = { + app = "music-${var.name}" + } + } + spec { + container { + image = "viktorbarzin/freedify:${var.tag}" + name = "freedify" + + port { + container_port = 8000 + } + env { + name = "LISTENBRAINZ_TOKEN" + value = var.listenbrainz_token + } + env { + name = "GENIUS_ACCESS_TOKEN" + value = var.genius_token + } + env { + name = "DAB_SESSION" + value = var.dab_session + } + env { + name = "DAB_VISITOR_ID" + value = var.dab_visitor_id + } + env { + name = "GEMINI_API_KEY" + value = var.gemini_api_key + } + resources { + limits = { + cpu = var.cpu_limit + memory = var.memory_limit + } + requests = { + cpu = var.cpu_request + memory = var.memory_request + } + } + } + } + } + } +} + +resource "kubernetes_service" "freedify" { + metadata { + name = "music-${var.name}" + namespace = "freedify" + labels = { + app = "music-${var.name}" + } + } + + spec { + selector = { + app = "music-${var.name}" + } + port { + name = "http" + port = 80 + target_port = 8000 + } + } +} + +module "ingress" { + source = "../../ingress_factory" + namespace = "freedify" + name = "music-${var.name}" + tls_secret_name = var.tls_secret_name + protected = var.protected +} diff --git a/modules/kubernetes/freedify/main.tf b/modules/kubernetes/freedify/main.tf new file mode 100755 index 00000000..ec5bed0f --- /dev/null +++ b/modules/kubernetes/freedify/main.tf @@ -0,0 +1,54 @@ +variable "tls_secret_name" {} +variable "tier" { type = string } +variable "additional_credentials" { type = map(any) } + +# To create a new deployment: +/** + 1. Export a new nfs share with {name} in truenas at /mnt/main/freedify/{name} + 2. Add {name} as proxied cloudflare route (tfvars) + 3. Add module here +*/ + +resource "kubernetes_namespace" "freedify" { + metadata { + name = "freedify" + labels = { + "istio-injection" : "disabled" + } + } +} + +module "tls_secret" { + source = "../setup_tls_secret" + namespace = kubernetes_namespace.freedify.metadata[0].name + tls_secret_name = var.tls_secret_name +} + +# https://music-viktor.viktorbarzin.me/ +module "viktor" { + source = "./factory" + name = "viktor" + tag = "latest" + tls_secret_name = var.tls_secret_name + depends_on = [kubernetes_namespace.freedify] + tier = var.tier + protected = true + listenbrainz_token = lookup(var.additional_credentials["viktor"], "listenbrainz_token", null) + genius_token = lookup(var.additional_credentials["viktor"], "genius_token", null) + dab_session = lookup(var.additional_credentials["viktor"], "dab_session", null) + dab_visitor_id = lookup(var.additional_credentials["viktor"], "dab_visitor_id", null) + gemini_api_key = lookup(var.additional_credentials["viktor"], "gemini_api_key", null) +} + +# https://music-emo.viktorbarzin.me/ +module "emo" { + source = "./factory" + name = "emo" + tag = "latest" + tls_secret_name = var.tls_secret_name + depends_on = [kubernetes_namespace.freedify] + tier = var.tier + protected = true + genius_token = lookup(var.additional_credentials["emo"], "genius_token", null) + gemini_api_key = lookup(var.additional_credentials["emo"], "gemini_api_key", null) +} diff --git a/modules/kubernetes/main.tf b/modules/kubernetes/main.tf index 36f0c672..1dcbd6a6 100644 --- a/modules/kubernetes/main.tf +++ b/modules/kubernetes/main.tf @@ -113,6 +113,7 @@ variable "wealthfolio_password_hash" { type = string } variable "aiostreams_database_connection_string" { type = string } variable "actualbudget_credentials" { type = map(any) } variable "speedtest_db_password" { type = string } +variable "freedify_credentials" { type = map(any) } variable "defcon_level" { @@ -138,7 +139,7 @@ locals { "url", "excalidraw", "travel_blog", "dashy", "send", "ytdlp", "wealthfolio", "rybbit", "stirling-pdf", "networking-toolbox", "navidrome", "freshrss", "forgejo", "tor-proxy", "real-estate-crawler", "n8n", "changedetection", "linkwarden", "matrix", "homepage", "meshcentral", "diun", "cyberchef", "ntfy", "ollama", - "servarr", "jsoncrack", "paperless-ngx", "frigate", "audiobookshelf", "tandoor", "ebook2audiobook", "netbox", "speedtest" + "servarr", "jsoncrack", "paperless-ngx", "frigate", "audiobookshelf", "tandoor", "ebook2audiobook", "netbox", "speedtest", "resume", "freedify" ], } active_modules = distinct(flatten([ @@ -569,6 +570,8 @@ module "crowdsec" { # Seems like it needs S3 even if pg is local... # module "resume" { # source = "./resume" +# tier = local.tiers.aux +# for_each = contains(local.active_modules, "resume") ? { resume = true } : {} # tls_secret_name = var.tls_secret_name # redis_url = var.resume_redis_url # database_url = var.resume_database_url @@ -1034,3 +1037,11 @@ module "speedtest" { depends_on = [null_resource.core_services] db_password = var.speedtest_db_password } + +module "freedify" { + source = "./freedify" + tls_secret_name = var.tls_secret_name + tier = local.tiers.aux + for_each = contains(local.active_modules, "freedify") ? { freedify = true } : {} + additional_credentials = var.freedify_credentials +} diff --git a/terraform.tfstate b/terraform.tfstate index b721d922..24946bc1 100644 Binary files a/terraform.tfstate and b/terraform.tfstate differ diff --git a/terraform.tfvars b/terraform.tfvars index 82058f36..ffaa6945 100644 Binary files a/terraform.tfvars and b/terraform.tfvars differ