diff --git a/modules/kubernetes/servarr/flaresolverr/main.tf b/modules/kubernetes/servarr/flaresolverr/main.tf index da2a010d..6e8f7131 100644 --- a/modules/kubernetes/servarr/flaresolverr/main.tf +++ b/modules/kubernetes/servarr/flaresolverr/main.tf @@ -1,24 +1,9 @@ variable "tls_secret_name" {} -resource "kubernetes_namespace" "flaresolverr" { - metadata { - name = "flaresolverr" - # labels = { - # "istio-injection" : "enabled" - # } - } -} - - -module "tls_secret" { - source = "../../setup_tls_secret" - namespace = "flaresolverr" - tls_secret_name = var.tls_secret_name -} resource "kubernetes_deployment" "flaresolverr" { metadata { name = "flaresolverr" - namespace = "flaresolverr" + namespace = "servarr" labels = { app = "flaresolverr" } @@ -56,7 +41,7 @@ resource "kubernetes_deployment" "flaresolverr" { resource "kubernetes_service" "flaresolverr" { metadata { name = "flaresolverr" - namespace = "flaresolverr" + namespace = "servarr" labels = { app = "flaresolverr" } @@ -67,49 +52,21 @@ resource "kubernetes_service" "flaresolverr" { app = "flaresolverr" } port { - name = "http" - port = 8191 + name = "http" + target_port = 8191 + port = 80 } } } -resource "kubernetes_ingress_v1" "flaresolverr" { - metadata { - name = "flaresolverr" - namespace = "flaresolverr" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - # "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" - # "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" +module "ingress" { + source = "../../ingress_factory" + namespace = "servarr" + name = "flaresolverr" + tls_secret_name = var.tls_secret_name + protected = true + # extra_annotations = { + # "nginx.ingress.kubernetes.io/proxy-body-size" : "1G" // allow uploading .torrent files + # } - "nginx.ingress.kubernetes.io/auth-url" = "http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx" - "nginx.ingress.kubernetes.io/auth-signin" = "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme%3A%2F%2F$host$escaped_request_uri" - - "nginx.ingress.kubernetes.io/auth-response-headers" = "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid" - "nginx.ingress.kubernetes.io/auth-snippet" = "proxy_set_header X-Forwarded-Host $http_host;" - } - } - - spec { - tls { - hosts = ["flaresolverr.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "flaresolverr.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "flaresolverr" - port { - number = 8191 - } - } - } - } - } - } - } } diff --git a/modules/kubernetes/servarr/lidarr/main.tf b/modules/kubernetes/servarr/lidarr/main.tf new file mode 100644 index 00000000..f172941e --- /dev/null +++ b/modules/kubernetes/servarr/lidarr/main.tf @@ -0,0 +1,105 @@ +variable "tls_secret_name" {} + + +resource "kubernetes_deployment" "lidarr" { + metadata { + name = "lidarr" + namespace = "servarr" + labels = { + app = "lidarr" + } + annotations = { + "reloader.stakater.com/search" = "true" + } + } + spec { + replicas = 1 + selector { + match_labels = { + app = "lidarr" + } + } + template { + metadata { + labels = { + app = "lidarr" + } + } + spec { + container { + image = "lscr.io/linuxserver/lidarr:latest" + name = "lidarr" + + port { + container_port = 8686 + } + env { + name = "PUID" + value = 1000 + } + env { + name = "PGID" + value = 1000 + } + env { + name = "TZ" + value = "Etc/UTC" + } + volume_mount { + name = "data" + mount_path = "/config" + } + volume_mount { + name = "data" + mount_path = "/downloads" + } + volume_mount { + name = "data" + mount_path = "/music" + } + } + volume { + name = "data" + nfs { + path = "/mnt/main/servarr/lidarr" + server = "10.0.10.15" + } + } + } + } + } +} + +resource "kubernetes_service" "lidarr" { + metadata { + name = "lidarr" + namespace = "servarr" + labels = { + app = "lidarr" + } + } + + spec { + selector = { + app = "lidarr" + } + port { + name = "http" + port = 80 + target_port = 8686 + } + } +} + + +module "ingress" { + source = "../../ingress_factory" + namespace = "servarr" + name = "lidarr" + tls_secret_name = var.tls_secret_name + protected = true + # extra_annotations = { + # "nginx.ingress.kubernetes.io/proxy-body-size" : "1G" // allow uploading .torrent files + # } + +} diff --git a/modules/kubernetes/servarr/main.tf b/modules/kubernetes/servarr/main.tf index 421cbd86..17ee51c5 100644 --- a/modules/kubernetes/servarr/main.tf +++ b/modules/kubernetes/servarr/main.tf @@ -1,21 +1,39 @@ variable "tls_secret_name" {} +resource "kubernetes_namespace" "servarr" { + metadata { + name = "servarr" + } +} + +module "tls_secret" { + source = "../setup_tls_secret" + namespace = "servarr" + tls_secret_name = var.tls_secret_name +} + + # module "readarr" { # source = "./readarr" # tls_secret_name = var.tls_secret_name # } -# module "prowlarr" { -# source = "./prowlarr" -# tls_secret_name = var.tls_secret_name -# } +module "prowlarr" { + source = "./prowlarr" + tls_secret_name = var.tls_secret_name +} module "qbittorrent" { source = "./qbittorrent" tls_secret_name = var.tls_secret_name } -# module "flaresolverr" { -# source = "./flaresolverr" -# tls_secret_name = var.tls_secret_name -# } +module "flaresolverr" { + source = "./flaresolverr" + tls_secret_name = var.tls_secret_name +} + +module "lidarr" { + source = "./lidarr" + tls_secret_name = var.tls_secret_name +} diff --git a/modules/kubernetes/servarr/prowlarr/main.tf b/modules/kubernetes/servarr/prowlarr/main.tf index 1d03aed7..1fd07a06 100644 --- a/modules/kubernetes/servarr/prowlarr/main.tf +++ b/modules/kubernetes/servarr/prowlarr/main.tf @@ -1,24 +1,10 @@ variable "tls_secret_name" {} -resource "kubernetes_namespace" "prowlarr" { - metadata { - name = "prowlarr" - # labels = { - # "istio-injection" : "enabled" - # } - } -} -module "tls_secret" { - source = "../../setup_tls_secret" - namespace = "prowlarr" - tls_secret_name = var.tls_secret_name -} - resource "kubernetes_deployment" "prowlarr" { metadata { name = "prowlarr" - namespace = "prowlarr" + namespace = "servarr" labels = { app = "prowlarr" } @@ -87,7 +73,7 @@ resource "kubernetes_deployment" "prowlarr" { resource "kubernetes_service" "prowlarr" { metadata { name = "prowlarr" - namespace = "prowlarr" + namespace = "servarr" labels = { app = "prowlarr" } @@ -98,48 +84,18 @@ resource "kubernetes_service" "prowlarr" { app = "prowlarr" } port { - name = "http" - port = 9696 + name = "http" + port = 80 + target_port = 9696 } } } -resource "kubernetes_ingress_v1" "prowlarr" { - metadata { - name = "prowlarr" - namespace = "prowlarr" - annotations = { - "kubernetes.io/ingress.class" = "nginx" - # "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" - # "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" - "nginx.ingress.kubernetes.io/auth-url" = "http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx" - "nginx.ingress.kubernetes.io/auth-signin" = "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme%3A%2F%2F$host$escaped_request_uri" - "nginx.ingress.kubernetes.io/auth-response-headers" = "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid" - "nginx.ingress.kubernetes.io/auth-snippet" = "proxy_set_header X-Forwarded-Host $http_host;" - } - } - - spec { - tls { - hosts = ["prowlarr.viktorbarzin.me"] - secret_name = var.tls_secret_name - } - rule { - host = "prowlarr.viktorbarzin.me" - http { - path { - path = "/" - backend { - service { - name = "prowlarr" - port { - number = 9696 - } - } - } - } - } - } - } +module "ingress" { + source = "../../ingress_factory" + namespace = "servarr" + name = "prowlarr" + tls_secret_name = var.tls_secret_name + protected = true } diff --git a/modules/kubernetes/servarr/qbittorrent/main.tf b/modules/kubernetes/servarr/qbittorrent/main.tf index 90f492e0..0b2acfb0 100644 --- a/modules/kubernetes/servarr/qbittorrent/main.tf +++ b/modules/kubernetes/servarr/qbittorrent/main.tf @@ -1,24 +1,10 @@ variable "tls_secret_name" {} -resource "kubernetes_namespace" "qbittorrent" { - metadata { - name = "qbittorrent" - # labels = { - # "istio-injection" : "enabled" - # } - } -} -module "tls_secret" { - source = "../../setup_tls_secret" - namespace = "qbittorrent" - tls_secret_name = var.tls_secret_name -} - resource "kubernetes_deployment" "qbittorrent" { metadata { name = "qbittorrent" - namespace = "qbittorrent" + namespace = "servarr" labels = { app = "qbittorrent" } @@ -87,7 +73,7 @@ resource "kubernetes_deployment" "qbittorrent" { resource "kubernetes_service" "qbittorrent" { metadata { name = "qbittorrent" - namespace = "qbittorrent" + namespace = "servarr" labels = { app = "qbittorrent" } @@ -108,7 +94,7 @@ resource "kubernetes_service" "qbittorrent" { resource "kubernetes_service" "qbittorrent-torrenting" { metadata { name = "qbittorrent-torrenting" - namespace = "qbittorrent" + namespace = "servarr" labels = { app = "qbittorrent-torrenting" @@ -141,12 +127,11 @@ resource "kubernetes_service" "qbittorrent-torrenting" { module "ingress" { source = "../../ingress_factory" - namespace = "qbittorrent" + namespace = "servarr" name = "qbittorrent" tls_secret_name = var.tls_secret_name protected = true extra_annotations = { "nginx.ingress.kubernetes.io/proxy-body-size" : "1G" // allow uploading .torrent files } - } diff --git a/terraform.tfstate b/terraform.tfstate index a12b9f62..cacdb080 100644 Binary files a/terraform.tfstate and b/terraform.tfstate differ diff --git a/terraform.tfvars b/terraform.tfvars index c1bcbba7..6f859dc1 100644 Binary files a/terraform.tfvars and b/terraform.tfvars differ