From 4e74f816bc95df29fe0d82f135e22f8840a61d4c Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Wed, 25 Mar 2026 23:56:07 +0200 Subject: [PATCH] cleanup: remove calibre and audiobookshelf stacks after ebooks migration [ci skip] Both services migrated to unified ebooks namespace. Remove: - Old stack directories and Terraform state - calibre references from monitoring namespace lists - calibre/audiobookshelf from operational scripts --- scripts/gen_service_stacks.py | 10 - scripts/migrate_service_state.sh | 2 - scripts/stop_storage_services.sh | 2 - stacks/audiobookshelf/.terraform.lock.hcl | 60 --- stacks/audiobookshelf/backend.tf | 6 - stacks/audiobookshelf/main.tf | 243 ---------- stacks/audiobookshelf/providers.tf | 29 -- stacks/audiobookshelf/secrets | 1 - stacks/audiobookshelf/terragrunt.hcl | 9 - stacks/audiobookshelf/tiers.tf | 10 - stacks/calibre/.terraform.lock.hcl | 60 --- stacks/calibre/Dockerfile | 7 - stacks/calibre/backend.tf | 6 - stacks/calibre/main.tf | 439 ------------------ stacks/calibre/providers.tf | 29 -- stacks/calibre/secrets | 1 - stacks/calibre/terragrunt.hcl | 9 - stacks/calibre/tiers.tf | 10 - .../monitoring/k8s-monitoring-values.yaml | 2 - .../monitoring/k8s-monitoring-values.yaml | 2 - .../audiobookshelf/terraform.tfstate.enc | 38 -- state/stacks/calibre/terraform.tfstate.enc | 38 -- 22 files changed, 1013 deletions(-) delete mode 100644 stacks/audiobookshelf/.terraform.lock.hcl delete mode 100644 stacks/audiobookshelf/backend.tf delete mode 100644 stacks/audiobookshelf/main.tf delete mode 100644 stacks/audiobookshelf/providers.tf delete mode 120000 stacks/audiobookshelf/secrets delete mode 100644 stacks/audiobookshelf/terragrunt.hcl delete mode 100644 stacks/audiobookshelf/tiers.tf delete mode 100644 stacks/calibre/.terraform.lock.hcl delete mode 100644 stacks/calibre/Dockerfile delete mode 100644 stacks/calibre/backend.tf delete mode 100644 stacks/calibre/main.tf delete mode 100644 stacks/calibre/providers.tf delete mode 120000 stacks/calibre/secrets delete mode 100644 stacks/calibre/terragrunt.hcl delete mode 100644 stacks/calibre/tiers.tf delete mode 100644 state/stacks/audiobookshelf/terraform.tfstate.enc delete mode 100644 state/stacks/calibre/terraform.tfstate.enc diff --git a/scripts/gen_service_stacks.py b/scripts/gen_service_stacks.py index 0cf56e52..db09c001 100644 --- a/scripts/gen_service_stacks.py +++ b/scripts/gen_service_stacks.py @@ -116,16 +116,6 @@ SERVICES = [ ("auth_secret", "var.resume_auth_secret"), ("smtp_password", 'var.mailserver_accounts["info@viktorbarzin.me"]'), ]), - ("calibre", "calibre", [ - ("tls_secret_name", "var.tls_secret_name"), - ("homepage_username", 'var.homepage_credentials["calibre-web"]["username"]'), - ("homepage_password", 'var.homepage_credentials["calibre-web"]["password"]'), - ("tier", "LOCAL_TIER:edge"), - ]), - ("audiobookshelf", "audiobookshelf", [ - ("tls_secret_name", "var.tls_secret_name"), - ("tier", "LOCAL_TIER:aux"), - ]), ("frigate", "frigate", [ ("tls_secret_name", "var.tls_secret_name"), ("tier", "LOCAL_TIER:gpu"), diff --git a/scripts/migrate_service_state.sh b/scripts/migrate_service_state.sh index f392b421..c2bdb83d 100644 --- a/scripts/migrate_service_state.sh +++ b/scripts/migrate_service_state.sh @@ -12,9 +12,7 @@ STATE_DIR="$(pwd)/state/stacks" MODULES=( actualbudget affine - audiobookshelf blog - calibre changedetection city-guesser coturn diff --git a/scripts/stop_storage_services.sh b/scripts/stop_storage_services.sh index 3664f5c8..162c07cd 100755 --- a/scripts/stop_storage_services.sh +++ b/scripts/stop_storage_services.sh @@ -13,7 +13,6 @@ function scale() { kubectl scale deployment --replicas=$3 --namespace $1 $2; } cmd="${1:-stop}" case "$cmd" in stop) - scale calibre calibre-web-automated 0 scale redis redis 0 scale uptime-kuma uptime-kuma 0 scale paperless-ngx paperless-ngx 0 @@ -37,7 +36,6 @@ case "$cmd" in scale redis redis 1 scale uptime-kuma uptime-kuma 1 scale vaultwarden vaultwarden 1 - scale calibre calibre-web-automated 1 ;; # echo "[!] Cleanup only removes links (not flushing all iptables to avoid surprises)." # ip netns list | grep -qw "$NS_NAME" && sudo ip netns del "$NS_NAME" || true diff --git a/stacks/audiobookshelf/.terraform.lock.hcl b/stacks/audiobookshelf/.terraform.lock.hcl deleted file mode 100644 index 8830db04..00000000 --- a/stacks/audiobookshelf/.terraform.lock.hcl +++ /dev/null @@ -1,60 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/helm" { - version = "3.1.1" - hashes = [ - "h1:47CqNwkxctJtL/N/JuEj+8QMg8mRNI/NWeKO5/ydfZU=", - "zh:1a6d5ce931708aec29d1f3d9e360c2a0c35ba5a54d03eeaff0ce3ca597cd0275", - "zh:3411919ba2a5941801e677f0fea08bdd0ae22ba3c9ce3309f55554699e06524a", - "zh:81b36138b8f2320dc7f877b50f9e38f4bc614affe68de885d322629dd0d16a29", - "zh:95a2a0a497a6082ee06f95b38bd0f0d6924a65722892a856cfd914c0d117f104", - "zh:9d3e78c2d1bb46508b972210ad706dd8c8b106f8b206ecf096cd211c54f46990", - "zh:a79139abf687387a6efdbbb04289a0a8e7eaca2bd91cdc0ce68ea4f3286c2c34", - "zh:aaa8784be125fbd50c48d84d6e171d3fb6ef84a221dbc5165c067ce05faab4c8", - "zh:afecd301f469975c9d8f350cc482fe656e082b6ab0f677d1a816c3c615837cc1", - "zh:c54c22b18d48ff9053d899d178d9ffef7d9d19785d9bf310a07d648b7aac075b", - "zh:db2eefd55aea48e73384a555c72bac3f7d428e24147bedb64e1a039398e5b903", - "zh:ee61666a233533fd2be971091cecc01650561f1585783c381b6f6e8a390198a4", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/hashicorp/kubernetes" { - version = "3.0.1" - hashes = [ - "h1:P0c8knzZnouTNFIRij8IS7+pqd0OKaFDYX0j4GRsiqo=", - "zh:02d55b0b2238fd17ffa12d5464593864e80f402b90b31f6e1bd02249b9727281", - "zh:20b93a51bfeed82682b3c12f09bac3031f5bdb4977c47c97a042e4df4fb2f9ba", - "zh:6e14486ecfaee38c09ccf33d4fdaf791409f90795c1b66e026c226fad8bc03c7", - "zh:8d0656ff422df94575668e32c310980193fccb1c28117e5c78dd2d4050a760a6", - "zh:9795119b30ec0c1baa99a79abace56ac850b6e6fbce60e7f6067792f6eb4b5f4", - "zh:b388c87acc40f6bd9620f4e23f01f3c7b41d9b88a68d5255dec0a72f0bdec249", - "zh:b59abd0a980649c2f97f172392f080eaeb18e486b603f83bf95f5d93aeccc090", - "zh:ba6e3060fddf4a022087d8f09e38aa0001c705f21170c2ded3d1c26c12f70d97", - "zh:c12626d044b1d5501cf95ca78cbe507c13ad1dd9f12d4736df66eb8e5f336eb8", - "zh:c55203240d50f4cdeb3df1e1760630d677679f5b1a6ffd9eba23662a4ad05119", - "zh:ea206a5a32d6e0d6e32f1849ad703da9a28355d9c516282a8458b5cf1502b2a1", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/hashicorp/vault" { - version = "4.8.0" - constraints = "~> 4.0" - hashes = [ - "h1:GPfhH6dr1LY0foPBDYv9bEGifx7eSwYqFcEAOWOUxLk=", - "zh:269ab13433f67684012ae7e15876532b0312f5d0d2002a9cf9febb1279ce5ea6", - "zh:4babc95bf0c40eb85005db1dc2ca403c46be4a71dd3e409db3711a56f7a5ca0e", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:86e27c1c625ecc24446a11eeffc3ac319b36c2b4e51251db8579256a0dbcf136", - "zh:a32f31da94824009e26b077374440b52098aecb93c92ff55dc3d31dd37c4ea25", - "zh:be0a18c6c0425518bab4fbffd82078b82036a88503b5d76064de551c9f646cbf", - "zh:be5a77fdfd36863ebeec79cd12b1d13322ffad6821d157a0b279789fa06b5937", - "zh:be8317d142a3caad74c7d936039ae27076a1b2b8312ef5208e2871a5f525977c", - "zh:c94a84895a3d9954b80e983eed4603330a5cdbbd8eef5b3c99278c2d1402ef3c", - "zh:de1fb712784dd8415f011ca5346a34f87fab6046c730557615247e511dbc7d98", - "zh:e3eafae7da550f86cae395d6660b2a0e93ec8d2b0e0e5ef982ec762e961fc952", - "zh:ff35fb1ab6add288f0f368981e56f780b50405accd1937131cba1137999c8d83", - ] -} diff --git a/stacks/audiobookshelf/backend.tf b/stacks/audiobookshelf/backend.tf deleted file mode 100644 index 486ccbea..00000000 --- a/stacks/audiobookshelf/backend.tf +++ /dev/null @@ -1,6 +0,0 @@ -# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa -terraform { - backend "local" { - path = "/Users/viktorbarzin/code/infra/state/stacks/audiobookshelf/terraform.tfstate" - } -} diff --git a/stacks/audiobookshelf/main.tf b/stacks/audiobookshelf/main.tf deleted file mode 100644 index 5b3466ca..00000000 --- a/stacks/audiobookshelf/main.tf +++ /dev/null @@ -1,243 +0,0 @@ -variable "tls_secret_name" { - type = string - sensitive = true -} -variable "nfs_server" { type = string } -resource "kubernetes_namespace" "audiobookshelf" { - metadata { - name = "audiobookshelf" - labels = { - "istio-injection" : "disabled" - tier = local.tiers.aux - } - } -} - -resource "kubernetes_manifest" "external_secret" { - manifest = { - apiVersion = "external-secrets.io/v1beta1" - kind = "ExternalSecret" - metadata = { - name = "audiobookshelf-secrets" - namespace = "audiobookshelf" - } - spec = { - refreshInterval = "15m" - secretStoreRef = { - name = "vault-kv" - kind = "ClusterSecretStore" - } - target = { - name = "audiobookshelf-secrets" - } - dataFrom = [{ - extract = { - key = "audiobookshelf" - } - }] - } - } - depends_on = [kubernetes_namespace.audiobookshelf] -} - -data "kubernetes_secret" "eso_secrets" { - metadata { - name = "audiobookshelf-secrets" - namespace = kubernetes_namespace.audiobookshelf.metadata[0].name - } - depends_on = [kubernetes_manifest.external_secret] -} - -locals { - homepage_credentials = jsondecode(data.kubernetes_secret.eso_secrets.data["homepage_credentials"]) -} - -module "tls_secret" { - source = "../../modules/kubernetes/setup_tls_secret" - namespace = kubernetes_namespace.audiobookshelf.metadata[0].name - tls_secret_name = var.tls_secret_name -} - -module "nfs_audiobooks" { - source = "../../modules/kubernetes/nfs_volume" - name = "audiobookshelf-audiobooks" - namespace = kubernetes_namespace.audiobookshelf.metadata[0].name - nfs_server = var.nfs_server - nfs_path = "/mnt/main/audiobookshelf/audiobooks" -} - -module "nfs_podcasts" { - source = "../../modules/kubernetes/nfs_volume" - name = "audiobookshelf-podcasts" - namespace = kubernetes_namespace.audiobookshelf.metadata[0].name - nfs_server = var.nfs_server - nfs_path = "/mnt/main/audiobookshelf/podcasts" -} - -module "nfs_config" { - source = "../../modules/kubernetes/nfs_volume" - name = "audiobookshelf-config" - namespace = kubernetes_namespace.audiobookshelf.metadata[0].name - nfs_server = var.nfs_server - nfs_path = "/mnt/main/audiobookshelf/config" -} - -module "nfs_metadata" { - source = "../../modules/kubernetes/nfs_volume" - name = "audiobookshelf-metadata" - namespace = kubernetes_namespace.audiobookshelf.metadata[0].name - nfs_server = var.nfs_server - nfs_path = "/mnt/main/audiobookshelf/metadata" -} - -resource "kubernetes_deployment" "audiobookshelf" { - metadata { - name = "audiobookshelf" - namespace = kubernetes_namespace.audiobookshelf.metadata[0].name - labels = { - app = "audiobookshelf" - tier = local.tiers.aux - } - annotations = { - "reloader.stakater.com/search" = "true" - } - } - spec { - replicas = 1 - strategy { - type = "Recreate" - } - selector { - match_labels = { - app = "audiobookshelf" - } - } - template { - metadata { - labels = { - app = "audiobookshelf" - } - } - spec { - container { - image = "ghcr.io/advplyr/audiobookshelf:2.32.1" - name = "audiobookshelf" - - port { - container_port = 80 - } - liveness_probe { - http_get { - path = "/healthcheck" - port = 80 - } - initial_delay_seconds = 15 - period_seconds = 30 - timeout_seconds = 5 - failure_threshold = 5 - } - readiness_probe { - http_get { - path = "/healthcheck" - port = 80 - } - initial_delay_seconds = 5 - period_seconds = 30 - timeout_seconds = 5 - failure_threshold = 3 - } - volume_mount { - name = "audiobooks" - mount_path = "/audiobooks" - } - volume_mount { - name = "podcasts" - mount_path = "/podcasts" - } - volume_mount { - name = "config" - mount_path = "/config" - } - volume_mount { - name = "metadata" - mount_path = "/metadata" - } - resources { - requests = { - cpu = "15m" - memory = "64Mi" - } - limits = { - memory = "256Mi" - } - } - } - volume { - name = "audiobooks" - persistent_volume_claim { - claim_name = module.nfs_audiobooks.claim_name - } - } - volume { - name = "podcasts" - persistent_volume_claim { - claim_name = module.nfs_podcasts.claim_name - } - } - volume { - name = "config" - persistent_volume_claim { - claim_name = module.nfs_config.claim_name - } - } - volume { - name = "metadata" - persistent_volume_claim { - claim_name = module.nfs_metadata.claim_name - } - } - } - } - } -} - -resource "kubernetes_service" "audiobookshelf" { - metadata { - name = "audiobookshelf" - namespace = kubernetes_namespace.audiobookshelf.metadata[0].name - labels = { - "app" = "audiobookshelf" - } - } - - spec { - selector = { - app = "audiobookshelf" - } - port { - name = "http" - target_port = 80 - port = 80 - protocol = "TCP" - } - } -} - -module "ingress" { - source = "../../modules/kubernetes/ingress_factory" - namespace = kubernetes_namespace.audiobookshelf.metadata[0].name - name = "audiobookshelf" - tls_secret_name = var.tls_secret_name - rybbit_site_id = "b38fda4285df" - extra_annotations = { - "gethomepage.dev/enabled" = "true" - "gethomepage.dev/name" = "Audiobookshelf" - "gethomepage.dev/description" = "Audiobook library" - "gethomepage.dev/icon" = "audiobookshelf.png" - "gethomepage.dev/group" = "Media & Entertainment" - "gethomepage.dev/pod-selector" = "" - "gethomepage.dev/widget.type" = "audiobookshelf" - "gethomepage.dev/widget.url" = "http://audiobookshelf.audiobookshelf.svc.cluster.local" - "gethomepage.dev/widget.key" = local.homepage_credentials["audiobookshelf"]["token"] - } -} diff --git a/stacks/audiobookshelf/providers.tf b/stacks/audiobookshelf/providers.tf deleted file mode 100644 index 860c9eba..00000000 --- a/stacks/audiobookshelf/providers.tf +++ /dev/null @@ -1,29 +0,0 @@ -# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa -terraform { - required_providers { - vault = { - source = "hashicorp/vault" - version = "~> 4.0" - } - } -} - -variable "kube_config_path" { - type = string - default = "~/.kube/config" -} - -provider "kubernetes" { - config_path = var.kube_config_path -} - -provider "helm" { - kubernetes = { - config_path = var.kube_config_path - } -} - -provider "vault" { - address = "https://vault.viktorbarzin.me" - skip_child_token = true -} diff --git a/stacks/audiobookshelf/secrets b/stacks/audiobookshelf/secrets deleted file mode 120000 index ca54a7cf..00000000 --- a/stacks/audiobookshelf/secrets +++ /dev/null @@ -1 +0,0 @@ -../../secrets \ No newline at end of file diff --git a/stacks/audiobookshelf/terragrunt.hcl b/stacks/audiobookshelf/terragrunt.hcl deleted file mode 100644 index 7aa411a2..00000000 --- a/stacks/audiobookshelf/terragrunt.hcl +++ /dev/null @@ -1,9 +0,0 @@ -include "root" { - path = find_in_parent_folders() -} - -dependency "platform" { - config_path = "../platform" - skip_outputs = true -} - diff --git a/stacks/audiobookshelf/tiers.tf b/stacks/audiobookshelf/tiers.tf deleted file mode 100644 index eb0f8083..00000000 --- a/stacks/audiobookshelf/tiers.tf +++ /dev/null @@ -1,10 +0,0 @@ -# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa -locals { - tiers = { - core = "0-core" - cluster = "1-cluster" - gpu = "2-gpu" - edge = "3-edge" - aux = "4-aux" - } -} diff --git a/stacks/calibre/.terraform.lock.hcl b/stacks/calibre/.terraform.lock.hcl deleted file mode 100644 index 8830db04..00000000 --- a/stacks/calibre/.terraform.lock.hcl +++ /dev/null @@ -1,60 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/helm" { - version = "3.1.1" - hashes = [ - "h1:47CqNwkxctJtL/N/JuEj+8QMg8mRNI/NWeKO5/ydfZU=", - "zh:1a6d5ce931708aec29d1f3d9e360c2a0c35ba5a54d03eeaff0ce3ca597cd0275", - "zh:3411919ba2a5941801e677f0fea08bdd0ae22ba3c9ce3309f55554699e06524a", - "zh:81b36138b8f2320dc7f877b50f9e38f4bc614affe68de885d322629dd0d16a29", - "zh:95a2a0a497a6082ee06f95b38bd0f0d6924a65722892a856cfd914c0d117f104", - "zh:9d3e78c2d1bb46508b972210ad706dd8c8b106f8b206ecf096cd211c54f46990", - "zh:a79139abf687387a6efdbbb04289a0a8e7eaca2bd91cdc0ce68ea4f3286c2c34", - "zh:aaa8784be125fbd50c48d84d6e171d3fb6ef84a221dbc5165c067ce05faab4c8", - "zh:afecd301f469975c9d8f350cc482fe656e082b6ab0f677d1a816c3c615837cc1", - "zh:c54c22b18d48ff9053d899d178d9ffef7d9d19785d9bf310a07d648b7aac075b", - "zh:db2eefd55aea48e73384a555c72bac3f7d428e24147bedb64e1a039398e5b903", - "zh:ee61666a233533fd2be971091cecc01650561f1585783c381b6f6e8a390198a4", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/hashicorp/kubernetes" { - version = "3.0.1" - hashes = [ - "h1:P0c8knzZnouTNFIRij8IS7+pqd0OKaFDYX0j4GRsiqo=", - "zh:02d55b0b2238fd17ffa12d5464593864e80f402b90b31f6e1bd02249b9727281", - "zh:20b93a51bfeed82682b3c12f09bac3031f5bdb4977c47c97a042e4df4fb2f9ba", - "zh:6e14486ecfaee38c09ccf33d4fdaf791409f90795c1b66e026c226fad8bc03c7", - "zh:8d0656ff422df94575668e32c310980193fccb1c28117e5c78dd2d4050a760a6", - "zh:9795119b30ec0c1baa99a79abace56ac850b6e6fbce60e7f6067792f6eb4b5f4", - "zh:b388c87acc40f6bd9620f4e23f01f3c7b41d9b88a68d5255dec0a72f0bdec249", - "zh:b59abd0a980649c2f97f172392f080eaeb18e486b603f83bf95f5d93aeccc090", - "zh:ba6e3060fddf4a022087d8f09e38aa0001c705f21170c2ded3d1c26c12f70d97", - "zh:c12626d044b1d5501cf95ca78cbe507c13ad1dd9f12d4736df66eb8e5f336eb8", - "zh:c55203240d50f4cdeb3df1e1760630d677679f5b1a6ffd9eba23662a4ad05119", - "zh:ea206a5a32d6e0d6e32f1849ad703da9a28355d9c516282a8458b5cf1502b2a1", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/hashicorp/vault" { - version = "4.8.0" - constraints = "~> 4.0" - hashes = [ - "h1:GPfhH6dr1LY0foPBDYv9bEGifx7eSwYqFcEAOWOUxLk=", - "zh:269ab13433f67684012ae7e15876532b0312f5d0d2002a9cf9febb1279ce5ea6", - "zh:4babc95bf0c40eb85005db1dc2ca403c46be4a71dd3e409db3711a56f7a5ca0e", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:86e27c1c625ecc24446a11eeffc3ac319b36c2b4e51251db8579256a0dbcf136", - "zh:a32f31da94824009e26b077374440b52098aecb93c92ff55dc3d31dd37c4ea25", - "zh:be0a18c6c0425518bab4fbffd82078b82036a88503b5d76064de551c9f646cbf", - "zh:be5a77fdfd36863ebeec79cd12b1d13322ffad6821d157a0b279789fa06b5937", - "zh:be8317d142a3caad74c7d936039ae27076a1b2b8312ef5208e2871a5f525977c", - "zh:c94a84895a3d9954b80e983eed4603330a5cdbbd8eef5b3c99278c2d1402ef3c", - "zh:de1fb712784dd8415f011ca5346a34f87fab6046c730557615247e511dbc7d98", - "zh:e3eafae7da550f86cae395d6660b2a0e93ec8d2b0e0e5ef982ec762e961fc952", - "zh:ff35fb1ab6add288f0f368981e56f780b50405accd1937131cba1137999c8d83", - ] -} diff --git a/stacks/calibre/Dockerfile b/stacks/calibre/Dockerfile deleted file mode 100644 index 66f82020..00000000 --- a/stacks/calibre/Dockerfile +++ /dev/null @@ -1,7 +0,0 @@ -FROM crocodilestick/calibre-web-automated:latest - -# Pre-install the universal-calibre mod at build time (avoids apt-get on every container start) -ENV DOCKER_MODS=linuxserver/mods:universal-calibre -RUN /docker-mods || true -# Clear the env so it doesn't re-run at startup -ENV DOCKER_MODS= diff --git a/stacks/calibre/backend.tf b/stacks/calibre/backend.tf deleted file mode 100644 index 93431ff5..00000000 --- a/stacks/calibre/backend.tf +++ /dev/null @@ -1,6 +0,0 @@ -# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa -terraform { - backend "local" { - path = "/Users/viktorbarzin/code/infra/state/stacks/calibre/terraform.tfstate" - } -} diff --git a/stacks/calibre/main.tf b/stacks/calibre/main.tf deleted file mode 100644 index 1700a7b1..00000000 --- a/stacks/calibre/main.tf +++ /dev/null @@ -1,439 +0,0 @@ -variable "tls_secret_name" { - type = string - sensitive = true -} -variable "nfs_server" { type = string } - -resource "kubernetes_namespace" "calibre" { - metadata { - name = "calibre" - labels = { - tier = local.tiers.edge - } - # labels = { - # "istio-injection" : "enabled" - # } - } -} - -resource "kubernetes_manifest" "external_secret" { - manifest = { - apiVersion = "external-secrets.io/v1beta1" - kind = "ExternalSecret" - metadata = { - name = "calibre-secrets" - namespace = "calibre" - } - spec = { - refreshInterval = "15m" - secretStoreRef = { - name = "vault-kv" - kind = "ClusterSecretStore" - } - target = { - name = "calibre-secrets" - } - dataFrom = [{ - extract = { - key = "calibre" - } - }] - } - } - depends_on = [kubernetes_namespace.calibre] -} - -data "kubernetes_secret" "eso_secrets" { - metadata { - name = "calibre-secrets" - namespace = kubernetes_namespace.calibre.metadata[0].name - } - depends_on = [kubernetes_manifest.external_secret] -} - -locals { - homepage_credentials = jsondecode(data.kubernetes_secret.eso_secrets.data["homepage_credentials"]) -} - -module "tls_secret" { - source = "../../modules/kubernetes/setup_tls_secret" - namespace = kubernetes_namespace.calibre.metadata[0].name - tls_secret_name = var.tls_secret_name -} - -module "nfs_library" { - source = "../../modules/kubernetes/nfs_volume" - name = "calibre-library" - namespace = kubernetes_namespace.calibre.metadata[0].name - nfs_server = var.nfs_server - nfs_path = "/mnt/main/calibre-web-automated/calibre-library" -} - -module "nfs_config" { - source = "../../modules/kubernetes/nfs_volume" - name = "calibre-config" - namespace = kubernetes_namespace.calibre.metadata[0].name - nfs_server = var.nfs_server - nfs_path = "/mnt/main/calibre-web-automated/config" -} - -module "nfs_ingest" { - source = "../../modules/kubernetes/nfs_volume" - name = "calibre-ingest" - namespace = kubernetes_namespace.calibre.metadata[0].name - nfs_server = var.nfs_server - nfs_path = "/mnt/main/calibre-web-automated/cwa-book-ingest" -} - -module "nfs_stacks_config" { - source = "../../modules/kubernetes/nfs_volume" - name = "calibre-stacks-config" - namespace = kubernetes_namespace.calibre.metadata[0].name - nfs_server = var.nfs_server - nfs_path = "/mnt/main/calibre-web-automated/stacks" -} - -# resource "kubernetes_deployment" "calibre" { -# metadata { -# name = "calibre" -# namespace = kubernetes_namespace.calibre.metadata[0].name -# labels = { -# app = "calibre" -# } -# annotations = { -# "reloader.stakater.com/search" = "true" -# } -# } -# spec { -# replicas = 1 -# strategy { -# type = "Recreate" -# } -# selector { -# match_labels = { -# app = "calibre" -# } -# } -# template { -# metadata { -# annotations = { -# # "diun.enable" = "true" -# "diun.enable" = "false" -# "diun.include_tags" = "^\\d+(?:\\.\\d+)?(?:\\.\\d+)?$" -# } -# labels = { -# app = "calibre" -# } -# } -# spec { -# container { -# image = "lscr.io/linuxserver/calibre-web:latest" -# name = "calibre" -# env { -# name = "PUID" -# value = 1000 -# } -# env { -# name = "PGID" -# value = 1000 -# } -# env { -# name = "DOCKER_MODS" -# value = "linuxserver/mods:universal-calibre" -# } - -# port { -# container_port = 8083 -# } -# volume_mount { -# name = "data" -# mount_path = "/config" -# } -# volume_mount { -# name = "data" -# mount_path = "/books" -# } -# } -# volume { -# name = "data" -# nfs { -# path = "/mnt/main/calibre" -# server = var.nfs_server -# } -# } -# } -# } -# } -# } - -resource "kubernetes_deployment" "calibre-web-automated" { - wait_for_rollout = true - metadata { - name = "calibre-web-automated" - namespace = kubernetes_namespace.calibre.metadata[0].name - labels = { - app = "calibre-web-automated" - tier = local.tiers.edge - } - annotations = { - "reloader.stakater.com/search" = "true" - } - } - spec { - replicas = 1 - strategy { - type = "Recreate" - } - selector { - match_labels = { - app = "calibre-web-automated" - } - } - template { - metadata { - annotations = { - # "diun.enable" = "true" - "diun.enable" = "false" - "diun.include_tags" = "^\\d+(?:\\.\\d+)?(?:\\.\\d+)?$" - } - labels = { - app = "calibre-web-automated" - } - } - spec { - container { - image = "viktorbarzin/calibre-web-automated:latest" - name = "calibre-web-automated" - env { - name = "PUID" - value = 1000 - } - env { - name = "PGID" - value = 1000 - } - env { - name = "NO_CHOWN" - value = "true" - } - env { - # If your library is on a network share (e.g., NFS/SMB), disable WAL to reduce locking issues - name = "NETWORK_SHARE_MODE" - value = "true" - } - env { - name = "CALIBRE_PORT" - value = "8083" - } - - port { - container_port = 8083 - } - startup_probe { - http_get { - path = "/" - port = 8083 - } - initial_delay_seconds = 10 - timeout_seconds = 5 - period_seconds = 5 - failure_threshold = 24 - } - liveness_probe { - http_get { - path = "/" - port = 8083 - } - timeout_seconds = 10 - period_seconds = 30 - failure_threshold = 6 - } - resources { - requests = { - cpu = "50m" - memory = "512Mi" - } - limits = { - memory = "1Gi" - } - } - volume_mount { - name = "config" - mount_path = "/config" - } - volume_mount { - name = "library" - mount_path = "/calibre-library" - } - volume_mount { - name = "ingest" - mount_path = "/cwa-book-ingest" - } - } - volume { - name = "library" - persistent_volume_claim { - claim_name = module.nfs_library.claim_name - } - } - volume { - name = "config" - persistent_volume_claim { - claim_name = module.nfs_config.claim_name - } - } - volume { - name = "ingest" - persistent_volume_claim { - claim_name = module.nfs_ingest.claim_name - } - } - } - } - } -} -resource "kubernetes_service" "calibre" { - metadata { - name = "calibre" - namespace = kubernetes_namespace.calibre.metadata[0].name - labels = { - "app" = "calibre" - } - } - - spec { - selector = { - # app = "calibre" - app = "calibre-web-automated" - } - port { - name = "http" - target_port = 8083 - port = 80 - protocol = "TCP" - } - } -} - -module "ingress" { - source = "../../modules/kubernetes/ingress_factory" - namespace = kubernetes_namespace.calibre.metadata[0].name - name = "calibre" - tls_secret_name = var.tls_secret_name - extra_annotations = { - "gethomepage.dev/enabled" = "true" - "gethomepage.dev/description" = "Book library" - "gethomepage.dev/group" = "Media & Entertainment" - "gethomepage.dev/icon" : "calibre-web.png" - "gethomepage.dev/name" = "Calibre" - "gethomepage.dev/widget.type" = "calibreweb" - "gethomepage.dev/widget.url" = "http://calibre.calibre.svc.cluster.local" - "gethomepage.dev/widget.username" = local.homepage_credentials["calibre-web"]["username"] - "gethomepage.dev/widget.password" = local.homepage_credentials["calibre-web"]["password"] - "gethomepage.dev/pod-selector" = "" - # gethomepage.dev/weight: 10 # optional - # gethomepage.dev/instance: "public" # optional - } - rybbit_site_id = "17a5c7fbb077" - custom_content_security_policy = "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rybbit.viktorbarzin.me" -} - -# Stacks - Anna's Archive Download Manager - -resource "kubernetes_deployment" "annas-archive-stacks" { - metadata { - name = "annas-archive-stacks" - namespace = kubernetes_namespace.calibre.metadata[0].name - labels = { - app = "annas-archive-stacks" - tier = local.tiers.edge - } - } - spec { - replicas = 1 - selector { - match_labels = { - app = "annas-archive-stacks" - } - } - template { - metadata { - labels = { - app = "annas-archive-stacks" - } - } - spec { - container { - image = "zelest/stacks:latest" - name = "annas-archive-stacks" - resources { - requests = { - cpu = "10m" - memory = "384Mi" - } - limits = { - memory = "384Mi" - } - } - port { - container_port = 7788 - } - volume_mount { - name = "config" - mount_path = "/opt/stacks/config" - } - volume_mount { - name = "ingest" - mount_path = "/opt/stacks/download" # this must be the same as CWA ingest dir to auto ingest - } - } - volume { - name = "config" - persistent_volume_claim { - claim_name = module.nfs_stacks_config.claim_name - } - } - volume { - name = "ingest" - persistent_volume_claim { - claim_name = module.nfs_ingest.claim_name - } - } - } - } - } -} - -resource "kubernetes_service" "annas-archive-stacks" { - metadata { - name = "annas-archive-stacks" - namespace = kubernetes_namespace.calibre.metadata[0].name - labels = { - "app" = "annas-archive-stacks" - } - } - - spec { - selector = { - app = "annas-archive-stacks" - } - port { - name = "http" - port = "80" - target_port = 7788 - } - } -} - -module "stacks-ingress" { - source = "../../modules/kubernetes/ingress_factory" - namespace = kubernetes_namespace.calibre.metadata[0].name - name = "stacks" - service_name = "annas-archive-stacks" - tls_secret_name = var.tls_secret_name - protected = true - rybbit_site_id = "ce5f8aed6bbb" - extra_annotations = { - "gethomepage.dev/enabled" = "false" - } -} diff --git a/stacks/calibre/providers.tf b/stacks/calibre/providers.tf deleted file mode 100644 index 860c9eba..00000000 --- a/stacks/calibre/providers.tf +++ /dev/null @@ -1,29 +0,0 @@ -# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa -terraform { - required_providers { - vault = { - source = "hashicorp/vault" - version = "~> 4.0" - } - } -} - -variable "kube_config_path" { - type = string - default = "~/.kube/config" -} - -provider "kubernetes" { - config_path = var.kube_config_path -} - -provider "helm" { - kubernetes = { - config_path = var.kube_config_path - } -} - -provider "vault" { - address = "https://vault.viktorbarzin.me" - skip_child_token = true -} diff --git a/stacks/calibre/secrets b/stacks/calibre/secrets deleted file mode 120000 index ca54a7cf..00000000 --- a/stacks/calibre/secrets +++ /dev/null @@ -1 +0,0 @@ -../../secrets \ No newline at end of file diff --git a/stacks/calibre/terragrunt.hcl b/stacks/calibre/terragrunt.hcl deleted file mode 100644 index 7aa411a2..00000000 --- a/stacks/calibre/terragrunt.hcl +++ /dev/null @@ -1,9 +0,0 @@ -include "root" { - path = find_in_parent_folders() -} - -dependency "platform" { - config_path = "../platform" - skip_outputs = true -} - diff --git a/stacks/calibre/tiers.tf b/stacks/calibre/tiers.tf deleted file mode 100644 index eb0f8083..00000000 --- a/stacks/calibre/tiers.tf +++ /dev/null @@ -1,10 +0,0 @@ -# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa -locals { - tiers = { - core = "0-core" - cluster = "1-cluster" - gpu = "2-gpu" - edge = "3-edge" - aux = "4-aux" - } -} diff --git a/stacks/monitoring/modules/monitoring/k8s-monitoring-values.yaml b/stacks/monitoring/modules/monitoring/k8s-monitoring-values.yaml index 6fda2edc..8ecbd30a 100644 --- a/stacks/monitoring/modules/monitoring/k8s-monitoring-values.yaml +++ b/stacks/monitoring/modules/monitoring/k8s-monitoring-values.yaml @@ -17,7 +17,6 @@ clusterEvents: - mailserver - crowdsec - descheduler - - calibre - monitoring - ingress-nginx - vaultwarden @@ -51,7 +50,6 @@ podLogs: - mailserver - crowdsec - descheduler - - calibre - monitoring - ingress-nginx - vaultwarden diff --git a/stacks/platform/modules/monitoring/k8s-monitoring-values.yaml b/stacks/platform/modules/monitoring/k8s-monitoring-values.yaml index 6fda2edc..8ecbd30a 100644 --- a/stacks/platform/modules/monitoring/k8s-monitoring-values.yaml +++ b/stacks/platform/modules/monitoring/k8s-monitoring-values.yaml @@ -17,7 +17,6 @@ clusterEvents: - mailserver - crowdsec - descheduler - - calibre - monitoring - ingress-nginx - vaultwarden @@ -51,7 +50,6 @@ podLogs: - mailserver - crowdsec - descheduler - - calibre - monitoring - ingress-nginx - vaultwarden diff --git a/state/stacks/audiobookshelf/terraform.tfstate.enc b/state/stacks/audiobookshelf/terraform.tfstate.enc deleted file mode 100644 index b278c0fb..00000000 --- a/state/stacks/audiobookshelf/terraform.tfstate.enc +++ /dev/null @@ -1,38 +0,0 @@ -{ - "version": "ENC[AES256_GCM,data:lg==,iv:VY0Ba9kHnvwhaEhVfi+37F4LrG00RFH5mDTgxTGYJtA=,tag:xb/Zh39JnuofdDIcaaxvvw==,type:float]", - "terraform_version": "ENC[AES256_GCM,data:OujvFUE=,iv:Rwv89m/Weg955oGp6MEeDv30Fh9USFOYxlTRUws0SxM=,tag:mOnYZJEK/yLxoG1LBw39Ww==,type:str]", - "serial": "ENC[AES256_GCM,data:Vkw=,iv:ZnPIQs23u0bD70tiUMXD+8gurriwGpGSzEnzLqaOnNE=,tag:ptPZ/+srjSiFHjr7U5wQSQ==,type:float]", - "lineage": "ENC[AES256_GCM,data:zDjmoAULQDBY3QZQqFDsWT9E3akwT5T8FdRKjjQCjr4XFV7z,iv:BWay8XKCKTl450c9WBDlEi/BkkgErFliAcUs8vZ7lig=,tag:Jo4ea1oVtnn6bzJcqoqdrg==,type:str]", - "outputs": {}, - "resources": [], - "check_results": null, - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": [ - { - "vault_address": "https://vault.viktorbarzin.me", - "engine_path": "transit", - "key_name": "sops-state-audiobookshelf", - "created_at": "2026-03-25T21:54:55Z", - "enc": "vault:v1:XepOQx1CtF/dv0Qm/ceVRdnHjrk9UYO+fZw12PH7hfM/i8WScVNBan+bdiZlN6fI1HDNVRTPan4/m13a" - } - ], - "age": [ - { - "recipient": "age1z64h9t3acsm2rr74pz7j4846kwj5tutx9sk78jqv46y8fln4vs2sy920ce", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIYTA0QnBOc2N3ZkZKNXFu\nRy9LU3JnZXdGTnpEeVo2YWQ2MmlmRmhBSnowCjEyaXN0bWpJVDRIOXl0K1kzdlg5\nb2dHM2NPbHNkVkp2U0x4djNLeHJRKzAKLS0tIGZmcEJySHBMVDZ1RWkyUkxZek5T\ndWYwUmxJeWczUGp3SDRUM1ZBNmk0RHMK5gSfLAGuY6IHSa6H9QijzthsE6A2C7YK\ngtPzZ0eREKQO7ns5GaAz+YRX46ztjM1ZgpdnaiNrmc9BnQsC9eAhTQ==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1rekkad48r2wzhwqgfetw5yugu3ln3qlht4xg3txmx55tee8cveess60r90", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUYkN0enU3NTNWNGlDeEQy\nbEM4OHkrYU1SUnV6bmx0VzFwUXVkNEYyQWtNClNiNGFDVVdxc1BFSFdpdmdNNFlU\nNjdsVXhrczlwL0tGcXViZEVGTzF4c0UKLS0tIEtXZ2F2dEkxbnVjTWcxMUZ5YWw2\nNmpBUlcvYmNVeUJjWWNsZ25XOWEvN1EK75bdg/uzfBrV2E79q0IdazbXnYNpeh4S\n/AhmGepraFX+UIoh4GBwNoRGbkW0uNm3jiPz6qmI/0ne1M1QXcvaAQ==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2026-03-25T21:54:55Z", - "mac": "ENC[AES256_GCM,data:Mwzj8CZACO5TbUTa20Rc9EStDHIaGy3xYMm660qroVbSlJKRmGpmpCJrht1J9ngRBovegwzLWiHINTQb6PCYFWTpYPeBV+islV0rpJH75EGOVdGaUGdimbTjeICbu61Ra6P5NXoDP4wE6B1C+nEWddwqt41OsfrEozJz3jSexZE=,iv:4ZiH3dttQf1eVows0n8PEDsvlTts42mdR+8bafJJMOg=,tag:FxQb6tLqVAelW2uATuC+Zw==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.9.4" - } -} \ No newline at end of file diff --git a/state/stacks/calibre/terraform.tfstate.enc b/state/stacks/calibre/terraform.tfstate.enc deleted file mode 100644 index b09bd3c6..00000000 --- a/state/stacks/calibre/terraform.tfstate.enc +++ /dev/null @@ -1,38 +0,0 @@ -{ - "version": "ENC[AES256_GCM,data:iA==,iv:TAEp5Nz5zxum7aH2ZzY96LY1oMvCiOqyoZrkW6s15j8=,tag:GFlS9gbWjYD+Yz6H/zi53Q==,type:float]", - "terraform_version": "ENC[AES256_GCM,data:zp8fD2Y=,iv:9qmiSVXPkWtS2qmIBqn8KtoD4WqBMx+djisvQA4e3C8=,tag:swQMT+fWwow8Kt2M+I+s9w==,type:str]", - "serial": "ENC[AES256_GCM,data:3wpq,iv:ar1lC4CxJ3Fuw1RIR6I5e68vWBIDcBbmqsaeaP6s1ro=,tag:ha82dL0K50UI8ZSnWwonig==,type:float]", - "lineage": "ENC[AES256_GCM,data:CFfWHzZosaM41LFdP9IuvRlOE9BI5XkwMyh64wTjGz+7szWn,iv:lTckr1BUnygwaHeGPnWeAbP+y0TRqFYz9QjC6hM86UM=,tag:WAE4LnXdRqoxBxkyl9X97A==,type:str]", - "outputs": {}, - "resources": [], - "check_results": null, - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": [ - { - "vault_address": "https://vault.viktorbarzin.me", - "engine_path": "transit", - "key_name": "sops-state-calibre", - "created_at": "2026-03-25T21:54:37Z", - "enc": "vault:v1:Fj+AncGXZgUiy/4/B9txj1RpJcCGRFpK8lGxpFXLvomPK1/eXYzug6l+dM7sI/OMgZPJhe0zhdePHnLB" - } - ], - "age": [ - { - "recipient": "age1z64h9t3acsm2rr74pz7j4846kwj5tutx9sk78jqv46y8fln4vs2sy920ce", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkVkVrWVg1RVJadm83Y0xD\nUDVCSUhUZDNzSTlNTVM1dHp6Yks4V2FVUEM4CnBnd2drTFR6RFZFTEkwWEd3cUdR\neGtSVWwrQTV5QWxRcHdlNE5veloya3cKLS0tIEFvZUkyYTRaZUdJTm1wUXc2aHJw\nTkRaamR6d0RkcUxnN2RBNittZ2phWjgKiJMfhmhcyFB0F+bwVZr495lRLmfkDHGV\nNrHNL03eKgl6BNSP0+NAhS0FDixB0SfiRiEdfHCdBiEdllPj3bxSHw==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1rekkad48r2wzhwqgfetw5yugu3ln3qlht4xg3txmx55tee8cveess60r90", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxRFJ4dkMremhGNjhqZHIr\nS0hFSVZZUk1NYUZNdVBEVzBPbnY0UE9xQXpJCnJmekVhOFNnNkVCN0VRa2JidUIr\nZ0FMaDJXZVZkU3BUNkpnbnBzSnZRR0kKLS0tIEpvN05KNHd3SjlnSjlPY0ZyNS9l\nZWttcCttZ1lCS3Z0UlJIekNjK25Hb28K9y6z8wLkxiBLg93H13c+HE65Mbc8fo99\nTOAJhHBvSURqzTuQZEowzCa59NU8ruy8SDFwtu4aQAw35yihtX/jBA==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2026-03-25T21:54:37Z", - "mac": "ENC[AES256_GCM,data:DiC6VQ+mmXKUAlQCuxLup/+0bsLC5UEZrhIbAQrLTcE5lBlFqOGg7OJlWDIkFD7llZatn5asKnhZJ9T6QOFCAUUoSwMstzt/TwIR0etw58HIS+5rpdTOP1IDc3leTItBV/1bAM3AzVzUYotxooY0ykdPj1nxGP41Wh0cphtHJCM=,iv:o4cTyjeqFFdS7yEYixU4FeimLuqFdQwD9NFTYj58p94=,tag:Va6KhVIBc5XTfXOhnZGTww==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.9.4" - } -} \ No newline at end of file