From 71bfdc8e89e9296d8a7ac20ad08c8020bca5e969 Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Sun, 22 Feb 2026 13:58:07 +0000 Subject: [PATCH] [ci skip] Phase 3: Remove migrated service modules from monolith All 66 service modules removed from modules/kubernetes/main.tf (now just a migration notice). The kubernetes_cluster module block removed from root main.tf. All services now managed via stacks//. --- main.tf | 200 +-------- modules/kubernetes/main.tf | 855 +------------------------------------ 2 files changed, 8 insertions(+), 1047 deletions(-) diff --git a/main.tf b/main.tf index e244c138..78559292 100644 --- a/main.tf +++ b/main.tf @@ -317,200 +317,10 @@ provider "proxmox" { # } # } -module "kubernetes_cluster" { - source = "./modules/kubernetes" - - prod = var.prod - tls_secret_name = var.tls_secret_name - # dockerhub_password = var.dockerhub_password - client_certificate_secret_name = var.client_certificate_secret_name - mailserver_accounts = var.mailserver_accounts - mailserver_sasl_passwd = var.mailserver_sasl_passwd - mailserver_aliases = var.mailserver_aliases - mailserver_opendkim_key = var.mailserver_opendkim_key - mailserver_roundcubemail_db_password = var.mailserver_roundcubemail_db_password - pihole_web_password = var.pihole_web_password - - # Webhook tokens - webhook_handler_secret = var.webhook_handler_secret - webhook_handler_fb_verify_token = var.webhook_handler_fb_verify_token - webhook_handler_fb_page_token = var.webhook_handler_fb_page_token - webhook_handler_fb_app_secret = var.webhook_handler_fb_app_secret - webhook_handler_git_user = var.webhook_handler_git_user - webhook_handler_git_token = var.webhook_handler_git_token - webhook_handler_ssh_key = var.webhook_handler_ssh_key - - wireguard_wg_0_conf = var.wireguard_wg_0_conf - wireguard_wg_0_key = var.wireguard_wg_0_key - wireguard_firewall_sh = var.wireguard_firewall_sh - hackmd_db_password = var.hackmd_db_password - - # using the following hack to dynamically update dns from outside - bind_db_viktorbarzin_me = replace(var.bind_db_viktorbarzin_me, "85.130.108.6", "85.130.108.6") - bind_db_viktorbarzin_lan = var.bind_db_viktorbarzin_lan - bind_named_conf_options = var.bind_named_conf_options - - alertmanager_account_password = var.alertmanager_account_password - alertmanager_slack_api_url = var.alertmanager_slack_api_url - - # Drone - drone_github_client_id = var.drone_github_client_id - drone_github_client_secret = var.drone_github_client_secret - drone_rpc_secret = var.drone_rpc_secret - drone_webhook_secret = var.drone_webhook_secret - - # Oauth proxy - oauth2_proxy_client_id = var.oauth2_proxy_client_id - oauth2_proxy_client_secret = var.oauth2_proxy_client_secret - oauth2_proxy_authenticated_emails = var.oauth2_proxy_authenticated_emails - # oauth_client_id = var.oauth_client_id - # oauth_client_secret = var.oauth_client_secret - # depends_on = [module.k8s_master, module.k8s_node1, module.k8s_node2] # wait until master and at least 2 nodes are up - - idrac_username = var.monitoring_idrac_username - idrac_password = var.monitoring_idrac_password - - url_shortener_geolite_license_key = var.url_shortener_geolite_license_key - url_shortener_api_key = var.url_shortener_api_key - url_shortener_mysql_password = var.url_shortener_mysql_password - - # dbaas - dbaas_root_password = var.dbaas_root_password - dbaas_postgresql_root_password = var.dbaas_postgresql_root_password - dbaas_pgadmin_password = var.dbaas_pgadmin_password - - # home-assistant - home_assistant_configuration = var.home_assistant_configuration - - # shadowsocks - shadowsocks_password = var.shadowsocks_password - - # finance app - finance_app_graphql_api_secret = var.finance_app_graphql_api_secret - finance_app_db_connection_string = var.finance_app_db_connection_string - finance_app_currency_converter_api_key = var.finance_app_currency_converter_api_key - finance_app_gocardless_secret_key = var.finance_app_gocardless_secret_key - finance_app_gocardless_secret_id = var.finance_app_gocardless_secret_id - - headscale_config = var.headscale_config - headscale_acl = var.headscale_acl - - immich_postgresql_password = var.immich_postgresql_password - immich_frame_api_key = var.immich_frame_api_key - - ingress_crowdsec_api_key = var.ingress_crowdsec_api_key - crowdsec_enroll_key = var.crowdsec_enroll_key - crowdsec_db_password = var.crowdsec_db_password - crowdsec_dash_api_key = var.crowdsec_dash_api_key - crowdsec_dash_machine_id = var.crowdsec_dash_machine_id - crowdsec_dash_machine_password = var.crowdsec_dash_machine_password - - vaultwarden_smtp_password = var.vaultwarden_smtp_password - - resume_redis_url = var.resume_redis_url - resume_database_password = var.resume_database_password - resume_database_url = var.resume_database_url - resume_auth_secret = var.resume_auth_secret - - frigate_valchedrym_camera_credentials = var.frigate_valchedrym_camera_credentials - - // updating technitium records - technitium_username = var.technitium_username - technitium_password = var.technitium_password - technitium_db_password = var.technitium_db_password - - paperless_db_password = var.paperless_db_password - - diun_nfty_token = var.diun_nfty_token - diun_slack_url = var.diun_slack_url - - nextcloud_db_password = var.nextcloud_db_password - homepage_credentials = var.homepage_credentials - - authentik_secret_key = var.authentik_secret_key - authentik_postgres_password = var.authentik_postgres_password - - linkwarden_postgresql_password = var.linkwarden_postgresql_password - linkwarden_authentik_client_id = var.linkwarden_authentik_client_id - linkwarden_authentik_client_secret = var.linkwarden_authentik_client_secret - - # Cloudflare credentials - cloudflare_api_key = var.cloudflare_api_key - cloudflare_email = var.cloudflare_email - cloudflare_account_id = var.cloudflare_account_id - cloudflare_zone_id = var.cloudflare_zone_id - cloudflare_tunnel_id = var.cloudflare_tunnel_id - public_ip = var.public_ip - cloudflare_proxied_names = var.cloudflare_proxied_names - cloudflare_non_proxied_names = var.cloudflare_non_proxied_names - cloudflare_tunnel_token = var.cloudflare_tunnel_token - - owntracks_credentials = var.owntracks_credentials - - ollama_api_credentials = var.ollama_api_credentials - - dawarich_database_password = var.dawarich_database_password - geoapify_api_key = var.geoapify_api_key - - tandoor_database_password = var.tandoor_database_password - tandoor_email_password = var.mailserver_accounts["info@viktorbarzin.me"] - - n8n_postgresql_password = var.n8n_postgresql_password - - realestate_crawler_db_password = var.realestate_crawler_db_password - realestate_crawler_notification_settings = var.realestate_crawler_notification_settings - - kured_notify_url = var.kured_notify_url - - onlyoffice_db_password = var.onlyoffice_db_password - onlyoffice_jwt_token = var.onlyoffice_jwt_token - - xray_reality_clients = var.xray_reality_clients - xray_reality_private_key = var.xray_reality_private_key - xray_reality_short_ids = var.xray_reality_short_ids - - tiny_tuya_api_key = var.tiny_tuya_api_key - tiny_tuya_api_secret = var.tiny_tuya_api_secret - tiny_tuya_service_secret = var.tiny_tuya_service_secret - tiny_tuya_slack_url = var.tiny_tuya_slack_url - haos_api_token = var.haos_api_token - pve_password = var.pve_password - grafana_db_password = var.grafana_db_password - grafana_admin_password = var.grafana_admin_password - - clickhouse_password = var.clickhouse_password - clickhouse_postgres_password = var.clickhouse_postgres_password - - wealthfolio_password_hash = var.wealthfolio_password_hash - - aiostreams_database_connection_string = var.aiostreams_database_connection_string - - actualbudget_credentials = var.actualbudget_credentials - - speedtest_db_password = var.speedtest_db_password - freedify_credentials = var.freedify_credentials - - mcaptcha_postgresql_password = var.mcaptcha_postgresql_password - mcaptcha_cookie_secret = var.mcaptcha_cookie_secret - mcaptcha_captcha_salt = var.mcaptcha_captcha_salt - - openrouter_api_key = var.openrouter_api_key - slack_bot_token = var.slack_bot_token - slack_channel = var.slack_channel - - affine_postgresql_password = var.affine_postgresql_password - health_postgresql_password = var.health_postgresql_password - health_secret_key = var.health_secret_key - openclaw_ssh_key = var.openclaw_ssh_key - openclaw_skill_secrets = var.openclaw_skill_secrets - gemini_api_key = var.gemini_api_key - llama_api_key = var.llama_api_key - brave_api_key = var.brave_api_key - modal_api_key = var.modal_api_key - coturn_turn_secret = var.coturn_turn_secret - - k8s_users = var.k8s_users - ssh_private_key = var.ssh_private_key -} +# --------------------------------------------------------------------------- +# The kubernetes_cluster module (modules/kubernetes/) has been migrated to +# individual Terragrunt stacks under stacks/. +# See stacks//main.tf for each service's configuration. +# --------------------------------------------------------------------------- diff --git a/modules/kubernetes/main.tf b/modules/kubernetes/main.tf index 4bcf10af..d1bc22e3 100644 --- a/modules/kubernetes/main.tf +++ b/modules/kubernetes/main.tf @@ -1,852 +1,3 @@ -variable "prod" {} -variable "tls_secret_name" {} -variable "client_certificate_secret_name" {} -variable "hackmd_db_password" {} -variable "mailserver_accounts" {} -variable "mailserver_aliases" {} -variable "mailserver_opendkim_key" {} -variable "mailserver_roundcubemail_db_password" { type = string } -variable "mailserver_sasl_passwd" {} -variable "pihole_web_password" {} -variable "webhook_handler_secret" {} -variable "wireguard_wg_0_conf" {} -variable "wireguard_wg_0_key" {} -variable "wireguard_firewall_sh" {} -variable "bind_db_viktorbarzin_me" {} -variable "bind_db_viktorbarzin_lan" {} -variable "bind_named_conf_options" {} -variable "alertmanager_account_password" {} -variable "dbaas_root_password" {} -variable "dbaas_postgresql_root_password" {} -variable "dbaas_pgadmin_password" {} -variable "drone_github_client_id" {} -variable "drone_github_client_secret" {} -variable "drone_rpc_secret" {} -variable "drone_webhook_secret" {} -variable "oauth2_proxy_client_id" {} -variable "oauth2_proxy_client_secret" {} -variable "oauth2_proxy_authenticated_emails" {} -variable "url_shortener_geolite_license_key" {} -variable "url_shortener_api_key" {} -variable "url_shortener_mysql_password" {} -variable "webhook_handler_fb_verify_token" {} -variable "webhook_handler_fb_page_token" {} -variable "webhook_handler_fb_app_secret" {} -variable "webhook_handler_git_user" {} -variable "webhook_handler_git_token" {} -variable "webhook_handler_ssh_key" {} -variable "technitium_username" {} -variable "technitium_password" {} -variable "technitium_db_password" {} -variable "idrac_username" {} -variable "idrac_password" {} -variable "alertmanager_slack_api_url" {} -variable "home_assistant_configuration" {} -variable "shadowsocks_password" {} -variable "finance_app_db_connection_string" {} -variable "finance_app_currency_converter_api_key" {} -variable "finance_app_graphql_api_secret" {} -variable "finance_app_gocardless_secret_key" {} -variable "finance_app_gocardless_secret_id" {} -variable "headscale_config" {} -variable "headscale_acl" {} -variable "immich_postgresql_password" {} -variable "immich_frame_api_key" {} -variable "ingress_crowdsec_api_key" {} -variable "crowdsec_enroll_key" { type = string } -variable "crowdsec_db_password" { type = string } -variable "crowdsec_dash_api_key" { type = string } -variable "crowdsec_dash_machine_id" { type = string } -variable "crowdsec_dash_machine_password" { type = string } -variable "vaultwarden_smtp_password" {} -variable "resume_database_url" {} -variable "resume_database_password" {} -variable "resume_redis_url" {} -variable "resume_auth_secret" { type = string } -variable "frigate_valchedrym_camera_credentials" { default = "" } -variable "paperless_db_password" {} -variable "diun_nfty_token" {} -variable "diun_slack_url" {} -variable "nextcloud_db_password" {} -variable "homepage_credentials" {} -variable "authentik_secret_key" {} -variable "authentik_postgres_password" {} -variable "linkwarden_postgresql_password" {} -variable "linkwarden_authentik_client_id" {} -variable "linkwarden_authentik_client_secret" {} -variable "cloudflare_tunnel_token" {} -variable "cloudflare_api_key" {} -variable "cloudflare_email" {} -variable "cloudflare_account_id" {} -variable "cloudflare_zone_id" {} -variable "cloudflare_tunnel_id" {} -variable "public_ip" {} -variable "cloudflare_proxied_names" {} -variable "cloudflare_non_proxied_names" {} -variable "owntracks_credentials" {} -variable "ollama_api_credentials" {} -variable "dawarich_database_password" {} -variable "geoapify_api_key" {} -variable "tandoor_database_password" {} -variable "tandoor_email_password" {} -variable "n8n_postgresql_password" {} -variable "realestate_crawler_db_password" {} -variable "realestate_crawler_notification_settings" { - type = map(string) - default = { - } -} -variable "kured_notify_url" {} -variable "onlyoffice_db_password" { type = string } -variable "onlyoffice_jwt_token" { type = string } -variable "xray_reality_clients" { type = list(map(string)) } -variable "xray_reality_private_key" { type = string } -variable "xray_reality_short_ids" { type = list(string) } -variable "tiny_tuya_api_key" { type = string } -variable "tiny_tuya_api_secret" { type = string } -variable "tiny_tuya_service_secret" { type = string } -variable "tiny_tuya_slack_url" { type = string } -variable "haos_api_token" { type = string } -variable "pve_password" { type = string } -variable "grafana_db_password" { type = string } -variable "grafana_admin_password" { type = string } -variable "clickhouse_password" { type = string } -variable "clickhouse_postgres_password" { type = string } -variable "wealthfolio_password_hash" { type = string } -variable "aiostreams_database_connection_string" { type = string } -variable "actualbudget_credentials" { type = map(any) } -variable "speedtest_db_password" { type = string } -variable "freedify_credentials" { type = map(any) } -variable "mcaptcha_postgresql_password" { type = string } -variable "mcaptcha_cookie_secret" { type = string } -variable "mcaptcha_captcha_salt" { type = string } -variable "openrouter_api_key" { type = string } -variable "slack_bot_token" { type = string } -variable "slack_channel" { type = string } -variable "affine_postgresql_password" { type = string } -variable "health_postgresql_password" { type = string } -variable "health_secret_key" { type = string } -variable "openclaw_ssh_key" { type = string } -variable "openclaw_skill_secrets" { type = map(string) } -variable "modal_api_key" { type = string } -variable "gemini_api_key" { type = string } -variable "llama_api_key" { type = string } -variable "brave_api_key" { type = string } -variable "coturn_turn_secret" { type = string } - -variable "k8s_users" { - type = map(any) - default = {} -} -variable "ssh_private_key" { - type = string - default = "" - sensitive = true -} - - -variable "defcon_level" { - type = number - default = 5 - validation { - condition = var.defcon_level >= 1 && var.defcon_level <= 5 - error_message = "DEFCON level must be between 1 and 5. 1 is highest level of alertness" - } -} -locals { - defcon_modules = { - 1 : ["wireguard", "technitium", "headscale", "traefik", "xray", "authentik", "cloudflare", "authelia", "monitoring"], # Critical connectivity services - 2 : ["vaultwarden", "redis", "immich", "nvidia", "metrics-server", "uptime-kuma", "crowdsec", "kyverno"], # Storage and other db services - 3 : ["reverse-proxy"], # Cluster admin services (k8s-dashboard chart repo still 404) - 4 : [ - "mailserver", "shadowsocks", "webhook_handler", "tuya-bridge", "dawarich", "owntracks", "nextcloud", - "calibre", "onlyoffice", "f1-stream", "rybbit", "isponsorblocktv", "actualbudget", "coturn" - ], # Activel used services - # Optional services - 5 : [ - "blog", "descheduler", "drone", "hackmd", "health", "kms", "privatebin", "vault", "reloader", "city-guesser", "echo", - "url", "excalidraw", "travel_blog", "dashy", "send", "ytdlp", "wealthfolio", "rybbit", "stirling-pdf", - "networking-toolbox", "navidrome", "freshrss", "forgejo", "tor-proxy", "real-estate-crawler", "n8n", - "changedetection", "linkwarden", "matrix", "homepage", "meshcentral", "diun", "cyberchef", "ntfy", "ollama", - "servarr", "jsoncrack", "paperless-ngx", "frigate", "audiobookshelf", "tandoor", "ebook2audiobook", "netbox", "speedtest", "resume", "freedify", "mcaptcha", "affine", "plotting-book", "whisper", "osm-routing", "openclaw" - ], - } - active_modules = distinct(flatten([ - for level in range(1, var.defcon_level + 1) : # From current level to 5 - lookup(local.defcon_modules, level, []) - ])) - - tiers = { - core = "0-core" # Bare minimum cluster primitives - cluster = "1-cluster" # All cluster primitives - gpu = "2-gpu" # GPU services - edge = "3-edge" # Critical user services - aux = "4-aux" # Optional user services - } -} - -module "blog" { - for_each = contains(local.active_modules, "blog") ? { blog = true } : {} - source = "./blog" - tls_secret_name = var.tls_secret_name - # dockerhub_password = var.dockerhub_password - tier = local.tiers.aux -} - -# module "bind" { -# source = "./bind" -# db_viktorbarzin_me = var.bind_db_viktorbarzin_me -# db_viktorbarzin_lan = var.bind_db_viktorbarzin_lan -# named_conf_options = var.bind_named_conf_options -# } - -module "descheduler" { - source = "./descheduler" - for_each = contains(local.active_modules, "descheduler") ? { descheduler = true } : {} -} - -# module "dnscrypt" { -# source = "./dnscrypt" -# } - -# CI/CD -module "drone" { - source = "./drone" - for_each = contains(local.active_modules, "drone") ? { drone = true } : {} - tls_secret_name = var.tls_secret_name - - github_client_id = var.drone_github_client_id - github_client_secret = var.drone_github_client_secret - rpc_secret = var.drone_rpc_secret - webhook_secret = var.drone_webhook_secret - server_host = "drone.viktorbarzin.me" - server_proto = "https" - tier = local.tiers.edge -} - -module "f1-stream" { - source = "./f1-stream" - for_each = contains(local.active_modules, "f1-stream") ? { f1-stream = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.aux - turn_secret = var.coturn_turn_secret - public_ip = var.public_ip -} - -module "coturn" { - source = "./coturn" - for_each = contains(local.active_modules, "coturn") ? { coturn = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.edge - turn_secret = var.coturn_turn_secret - public_ip = var.public_ip -} - -module "hackmd" { - source = "./hackmd" - for_each = contains(local.active_modules, "hackmd") ? { hackmd = true } : {} - hackmd_db_password = var.hackmd_db_password - tls_secret_name = var.tls_secret_name - tier = local.tiers.edge -} - -# module "kafka" { -# source = "./kafka" -# client_certificate_secret_name = var.client_certificate_secret_name -# tls_secret_name = var.tls_secret_name -# } - -module "kms" { - source = "./kms" - for_each = contains(local.active_modules, "kms") ? { kms = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.aux -} - -module "k8s-dashboard" { - source = "./k8s-dashboard" - tier = local.tiers.cluster - for_each = contains(local.active_modules, "k8s-dashboard") ? { k8s-dashboard = true } : {} - tls_secret_name = var.tls_secret_name - client_certificate_secret_name = var.client_certificate_secret_name -} - -# module "oauth" { -# source = "./oauth-proxy" -# tls_secret_name = var.tls_secret_name -# oauth2_proxy_client_id = var.oauth2_proxy_client_id -# oauth2_proxy_client_secret = var.oauth2_proxy_client_secret -# authenticated_emails = var.oauth2_proxy_authenticated_emails - -# depends_on = [null_resource.core_services] -# } - -# module "openid_help_page" { -# source = "./openid_help_page" -# tls_secret_name = var.tls_secret_name - -# depends_on = [null_resource.core_services] -# } - -# module "pihole" { -# source = "./pihole" -# web_password = var.pihole_web_password - -# tls_secret_name = var.tls_secret_name - -# depends_on = [module.bind] # DNS goes like pihole -> bind -> dnscrypt -# } - -module "privatebin" { - source = "./privatebin" - for_each = contains(local.active_modules, "privatebin") ? { privatebin = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.edge -} - -# module "mcaptcha" { -# source = "./mcaptcha" -# for_each = contains(local.active_modules, "mcaptcha") ? { mcaptcha = true } : {} -# tls_secret_name = var.tls_secret_name -# tier = local.tiers.edge -# postgresql_password = var.mcaptcha_postgresql_password -# cookie_secret = var.mcaptcha_cookie_secret -# captcha_salt = var.mcaptcha_captcha_salt - -# depends_on = [null_resource.core_services] -# } - -# module "vault" { -# source = "./vault" -# tier = local.tiers.edge -# for_each = contains(local.active_modules, "vault") ? { vault = true } : {} -# tls_secret_name = var.tls_secret_name - -# depends_on = [null_resource.core_services] -# } - -module "reloader" { - source = "./reloader" - for_each = contains(local.active_modules, "reloader") ? { reloader = true } : {} - tier = local.tiers.aux -} - -module "shadowsocks" { - source = "./shadowsocks" - for_each = contains(local.active_modules, "shadowsocks") ? { shadowsocks = true } : {} - password = var.shadowsocks_password - tier = local.tiers.edge -} - -module "city-guesser" { - source = "./city-guesser" - for_each = contains(local.active_modules, "city-guesser") ? { city-guesser = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.aux -} - -module "echo" { - source = "./echo" - for_each = contains(local.active_modules, "echo") ? { echo = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.edge -} - -module "url" { - source = "./url-shortener" - for_each = contains(local.active_modules, "url") ? { url = true } : {} - tls_secret_name = var.tls_secret_name - geolite_license_key = var.url_shortener_geolite_license_key - api_key = var.url_shortener_api_key - mysql_password = var.url_shortener_mysql_password - tier = local.tiers.aux -} - -module "webhook_handler" { - source = "./webhook_handler" - for_each = contains(local.active_modules, "webhook_handler") ? { webhook_handler = true } : {} - tls_secret_name = var.tls_secret_name - webhook_secret = var.webhook_handler_secret - fb_verify_token = var.webhook_handler_fb_verify_token - fb_page_token = var.webhook_handler_fb_page_token - fb_app_secret = var.webhook_handler_fb_app_secret - git_user = var.webhook_handler_git_user - git_token = var.webhook_handler_git_token - ssh_key = var.webhook_handler_ssh_key - tier = local.tiers.aux -} - -# module "home_assistant" { -# source = "./home_assistant" -# tls_secret_name = var.tls_secret_name -# client_certificate_secret_name = var.client_certificate_secret_name -# configuration_yaml = var.home_assistant_configuration -# } - -# module "finance_app" { -# source = "./finance_app" -# tls_secret_name = var.tls_secret_name -# graphql_api_secret = var.finance_app_graphql_api_secret -# db_connection_string = var.finance_app_db_connection_string -# currency_converter_api_key = var.finance_app_currency_converter_api_key -# gocardless_secret_key = var.finance_app_gocardless_secret_key -# gocardless_secret_id = var.finance_app_gocardless_secret_id -# } - -module "excalidraw" { - source = "./excalidraw" - for_each = contains(local.active_modules, "excalidraw") ? { excalidraw = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.aux -} - -module "travel_blog" { - source = "./travel_blog" - for_each = contains(local.active_modules, "travel_blog") ? { travel_blog = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.aux -} - -module "dashy" { - source = "./dashy" - for_each = contains(local.active_modules, "dashy") ? { dashy = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.aux -} - -# module "localai" { -# source = "./localai" -# tls_secret_name = var.tls_secret_name -# } - -# Selfhosted Firefox send -module "send" { - source = "./send" - for_each = contains(local.active_modules, "send") ? { send = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.aux -} - -module "ytdlp" { - source = "./youtube_dl" - for_each = contains(local.active_modules, "ytdlp") ? { ytdlp = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.aux - openrouter_api_key = var.openrouter_api_key - slack_bot_token = var.slack_bot_token - slack_channel = var.slack_channel -} - -module "immich" { - source = "./immich" - for_each = contains(local.active_modules, "immich") ? { immich = true } : {} - tls_secret_name = var.tls_secret_name - postgresql_password = var.immich_postgresql_password - frame_api_key = var.immich_frame_api_key - homepage_token = var.homepage_credentials["immich"]["token"] - tier = local.tiers.gpu -} - -module "resume" { - source = "./resume" - for_each = contains(local.active_modules, "resume") ? { resume = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.aux - database_url = var.resume_database_url - auth_secret = var.resume_auth_secret - smtp_password = var.mailserver_accounts["info@viktorbarzin.me"] -} - -module "calibre" { - source = "./calibre" - for_each = contains(local.active_modules, "calibre") ? { calibre = true } : {} - tls_secret_name = var.tls_secret_name - homepage_username = var.homepage_credentials["calibre-web"]["username"] - homepage_password = var.homepage_credentials["calibre-web"]["password"] - tier = local.tiers.edge -} - -# Audiobooks are served using audiobookshelf; still looking for a usecawe for JF -# module "jellyfin" { -# source = "./jellyfin" -# tls_secret_name = var.tls_secret_name -# } - -module "audiobookshelf" { - source = "./audiobookshelf" - for_each = contains(local.active_modules, "audiobookshelf") ? { audiobookshelf = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.aux -} - -module "frigate" { - source = "./frigate" - for_each = contains(local.active_modules, "frigate") ? { frigate = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.gpu -} - -# TODO: Currently very unstable and half of the functionality does not work: -# notifications, import from todoist, email -# module "vikunja" { -# source = "./vikunja" -# tls_secret_name = var.tls_secret_name -# } - -# module "istio" { -# source = "./istio" -# tls_secret_name = var.tls_secret_name -# } - -# module "authelia" { -# source = "./authelia" -# for_each = contains(local.active_modules, "authelia") ? { authelia = true } : {} -# tls_secret_name = var.tls_secret_name -# } - -# module "discount-bandit" { -# source = "./discount-bandit" -# tls_secret_name = var.tls_secret_name -# } - -module "paperless-ngx" { - source = "./paperless-ngx" - for_each = contains(local.active_modules, "paperless-ngx") ? { paperless-ngx = true } : {} - tls_secret_name = var.tls_secret_name - db_password = var.paperless_db_password - # homepage_token = var.homepage_credentials["paperless-ngx"]["token"] - homepage_username = var.homepage_credentials["paperless-ngx"]["username"] - homepage_password = var.homepage_credentials["paperless-ngx"]["password"] - tier = local.tiers.edge -} - -module "jsoncrack" { - source = "./jsoncrack" - for_each = contains(local.active_modules, "jsoncrack") ? { jsoncrack = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.aux -} - -module "servarr" { - source = "./servarr" - for_each = contains(local.active_modules, "servarr") ? { servarr = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.aux - - aiostreams_database_connection_string = var.aiostreams_database_connection_string -} - -# module "dnscat2" { -# source = "./dnscat2" -# # tls_secret_name = var.tls_secret_name -# } - -module "ollama" { # Disabled as it requires too much resources... - source = "./ollama" - for_each = contains(local.active_modules, "ollama") ? { ollama = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.gpu - ollama_api_credentials = var.ollama_api_credentials -} - -module "ntfy" { - source = "./ntfy" - for_each = contains(local.active_modules, "ntfy") ? { ntfy = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.aux -} - -module "cyberchef" { - source = "./cyberchef" - for_each = contains(local.active_modules, "cyberchef") ? { cyberchef = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.aux -} - -module "diun" { - source = "./diun" - for_each = contains(local.active_modules, "diun") ? { diun = true } : {} - tls_secret_name = var.tls_secret_name - diun_nfty_token = var.diun_nfty_token - diun_slack_url = var.diun_slack_url - tier = local.tiers.aux -} - -module "meshcentral" { - source = "./meshcentral" - for_each = contains(local.active_modules, "meshcentral") ? { meshcentral = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.aux -} -module "netbox" { - source = "./netbox" - for_each = contains(local.active_modules, "netbox") ? { netbox = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.aux -} - -module "nextcloud" { - source = "./nextcloud" - for_each = contains(local.active_modules, "nextcloud") ? { nextcloud = true } : {} - tls_secret_name = var.tls_secret_name - db_password = var.nextcloud_db_password - tier = local.tiers.edge -} - -module "homepage" { - source = "./homepage" - tier = local.tiers.aux - for_each = contains(local.active_modules, "homepage") ? { homepage = true } : {} - tls_secret_name = var.tls_secret_name -} - -module "matrix" { - source = "./matrix" - for_each = contains(local.active_modules, "matrix") ? { matrix = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.aux -} - -module "linkwarden" { - source = "./linkwarden" - for_each = contains(local.active_modules, "linkwarden") ? { linkwarden = true } : {} - tls_secret_name = var.tls_secret_name - postgresql_password = var.linkwarden_postgresql_password - authentik_client_id = var.linkwarden_authentik_client_id - authentik_client_secret = var.linkwarden_authentik_client_secret - tier = local.tiers.aux -} - -module "actualbudget" { - source = "./actualbudget" - for_each = contains(local.active_modules, "actualbudget") ? { actualbudget = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.edge - credentials = var.actualbudget_credentials -} - -module "owntracks" { - source = "./owntracks" - for_each = contains(local.active_modules, "owntracks") ? { owntracks = true } : {} - tls_secret_name = var.tls_secret_name - owntracks_credentials = var.owntracks_credentials - tier = local.tiers.aux -} - -module "dawarich" { - source = "./dawarich" - for_each = contains(local.active_modules, "dawarich") ? { dawarich = true } : {} - tls_secret_name = var.tls_secret_name - database_password = var.dawarich_database_password - geoapify_api_key = var.geoapify_api_key - tier = local.tiers.edge -} - -module "changedetection" { - source = "./changedetection" - for_each = contains(local.active_modules, "changedetection") ? { changedetection = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.aux -} -module "tandoor" { - source = "./tandoor" - for_each = contains(local.active_modules, "tandoor") ? { tandoor = true } : {} - tls_secret_name = var.tls_secret_name - tandoor_database_password = var.tandoor_database_password - tandoor_email_password = var.tandoor_email_password - tier = local.tiers.aux -} - -module "n8n" { - source = "./n8n" - for_each = contains(local.active_modules, "n8n") ? { n8n = true } : {} - tls_secret_name = var.tls_secret_name - postgresql_password = var.n8n_postgresql_password - tier = local.tiers.aux -} - -module "real-estate-crawler" { - source = "./real-estate-crawler" - for_each = contains(local.active_modules, "real-estate-crawler") ? { real-estate-crawler = true } : {} - tls_secret_name = var.tls_secret_name - db_password = var.realestate_crawler_db_password - notification_settings = var.realestate_crawler_notification_settings - tier = local.tiers.aux -} - -module "osm_routing" { - source = "./osm-routing" - for_each = contains(local.active_modules, "osm-routing") ? { osm-routing = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.aux -} - -module "tor-proxy" { - source = "./tor-proxy" - for_each = contains(local.active_modules, "tor-proxy") ? { tor-proxy = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.aux -} - -# module "kured" { -# source = "./kured" -# tls_secret_name = var.tls_secret_name -# notify_url = var.kured_notify_url -# } - -module "onlyoffice" { - source = "./onlyoffice" - for_each = contains(local.active_modules, "onlyoffice") ? { onlyoffice = true } : {} - tls_secret_name = var.tls_secret_name - db_password = var.onlyoffice_db_password - jwt_token = var.onlyoffice_jwt_token - tier = local.tiers.edge -} - - -module "forgejo" { - source = "./forgejo" - for_each = contains(local.active_modules, "forgejo") ? { forgejo = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.edge -} - -module "freshrss" { - source = "./freshrss" - for_each = contains(local.active_modules, "freshrss") ? { freshrss = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.aux -} - -module "navidrome" { - source = "./navidrome" - for_each = contains(local.active_modules, "navidrome") ? { navidrome = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.aux -} - -module "networking-toolbox" { - source = "./networking-toolbox" - for_each = contains(local.active_modules, "networking-toolbox") ? { networking-toolbox = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.aux -} - -module "tuya-bridge" { - source = "./tuya-bridge" - for_each = contains(local.active_modules, "tuya-bridge") ? { tuya-bridge = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.cluster - - tiny_tuya_api_key = var.tiny_tuya_api_key - tiny_tuya_api_secret = var.tiny_tuya_api_secret - tiny_tuya_service_secret = var.tiny_tuya_service_secret - slack_url = var.tiny_tuya_slack_url -} - - -module "stirling-pdf" { - source = "./stirling-pdf" - for_each = contains(local.active_modules, "stirling-pdf") ? { stirling-pdf = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.aux -} - -module "isponsorblocktv" { - source = "./isponsorblocktv" - for_each = contains(local.active_modules, "isponsorblocktv") ? { isponsorblocktv = true } : {} - tier = local.tiers.edge -} - -module "ebook2audiobook" { - source = "./ebook2audiobook" - for_each = contains(local.active_modules, "ebook2audiobook") ? { ebook2audiobook = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.gpu -} - -module "rybbit" { - source = "./rybbit" - for_each = contains(local.active_modules, "rybbit") ? { rybbit = true } : {} - tls_secret_name = var.tls_secret_name - clickhouse_password = var.clickhouse_password - postgres_password = var.clickhouse_postgres_password - tier = local.tiers.aux -} - -module "wealthfolio" { - source = "./wealthfolio" - for_each = contains(local.active_modules, "wealthfolio") ? { wealthfolio = true } : {} - tls_secret_name = var.tls_secret_name - wealthfolio_password_hash = var.wealthfolio_password_hash - tier = local.tiers.aux -} - -module "speedtest" { - source = "./speedtest" - tls_secret_name = var.tls_secret_name - tier = local.tiers.aux - for_each = contains(local.active_modules, "speedtest") ? { speedtest = true } : {} - db_password = var.speedtest_db_password -} - -module "freedify" { - source = "./freedify" - tls_secret_name = var.tls_secret_name - tier = local.tiers.aux - for_each = contains(local.active_modules, "freedify") ? { freedify = true } : {} - additional_credentials = var.freedify_credentials -} - -module "affine" { - source = "./affine" - for_each = contains(local.active_modules, "affine") ? { affine = true } : {} - tls_secret_name = var.tls_secret_name - postgresql_password = var.affine_postgresql_password - smtp_password = var.mailserver_accounts["info@viktorbarzin.me"] - tier = local.tiers.aux -} - -module "plotting-book" { - source = "./plotting-book" - for_each = contains(local.active_modules, "plotting-book") ? { plotting-book = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.aux -} - -module "health" { - source = "./health" - for_each = contains(local.active_modules, "health") ? { health = true } : {} - tls_secret_name = var.tls_secret_name - postgresql_password = var.health_postgresql_password - secret_key = var.health_secret_key - tier = local.tiers.aux -} - -module "whisper" { - source = "./whisper" - for_each = contains(local.active_modules, "whisper") ? { whisper = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.gpu -} - -module "grampsweb" { - source = "./grampsweb" - for_each = contains(local.active_modules, "grampsweb") ? { grampsweb = true } : {} - tls_secret_name = var.tls_secret_name - smtp_password = var.mailserver_accounts["info@viktorbarzin.me"] - tier = local.tiers.aux -} - -module "openclaw" { - source = "./openclaw" - for_each = contains(local.active_modules, "openclaw") ? { openclaw = true } : {} - tls_secret_name = var.tls_secret_name - ssh_key = var.openclaw_ssh_key - skill_secrets = var.openclaw_skill_secrets - gemini_api_key = var.gemini_api_key - llama_api_key = var.llama_api_key - brave_api_key = var.brave_api_key - modal_api_key = var.modal_api_key - tier = local.tiers.aux -} +# All service modules have been migrated to individual Terragrunt stacks under stacks/. +# See stacks//main.tf for each service's configuration. +# This file is no longer used.