From 7a7bc34ae3fec63221a031151b3042030d2e311a Mon Sep 17 00:00:00 2001
From: viktorbarzin <vbarzin@gmail.com>
Date: Sun, 7 Feb 2021 23:45:55 +0000
Subject: [PATCH] initial

---
 .gitignore                                    |   35 +
 idrac-power-cycle.sh                          |   11 +
 main.tf                                       |  164 ++
 migrate_tfstate.txt                           |    4 +
 modules/create-vm/main.tf                     |  153 ++
 .../bind/deployment-factory/main.tf           |   85 +
 modules/kubernetes/bind/main.tf               |   72 +
 .../kubernetes/bind/service-factory/main.tf   |   28 +
 modules/kubernetes/bind/variables.tf          |   71 +
 modules/kubernetes/blog/main.tf               |  130 ++
 modules/kubernetes/dnscrypt/main.tf           |   92 +
 modules/kubernetes/f1-stream/main.tf          |  113 +
 modules/kubernetes/hackmd/main.tf             |  168 ++
 modules/kubernetes/idrac-power-cycle.sh       |   12 +
 modules/kubernetes/k8s-dashboard/main.tf      |   95 +
 modules/kubernetes/kms/main.tf                |  209 ++
 modules/kubernetes/kms/variables.tf           |   68 +
 modules/kubernetes/mailserver/main.tf         |   65 +
 modules/kubernetes/mailserver/variables.tf    |  118 +
 modules/kubernetes/main.tf                    |  133 ++
 modules/kubernetes/metallb/main.tf            |   21 +
 .../monitoring/grafana_chart_values.yaml      | 2051 +++++++++++++++++
 modules/kubernetes/monitoring/main.tf         |  148 ++
 .../monitoring/prometheus_chart_values.tpl    |  176 ++
 modules/kubernetes/openid_help_page/main.tf   |  112 +
 modules/kubernetes/pihole/main.tf             |  200 ++
 modules/kubernetes/privatebin/main.tf         |  144 ++
 modules/kubernetes/setup_tls_secret/main.tf   |   16 +
 modules/kubernetes/versions.tf                |    8 +
 modules/kubernetes/webhook_handler/main.tf    |  146 ++
 playbook                                      |    1 +
 versions.tf                                   |    8 +
 32 files changed, 4857 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 idrac-power-cycle.sh
 create mode 100644 main.tf
 create mode 100644 migrate_tfstate.txt
 create mode 100644 modules/create-vm/main.tf
 create mode 100644 modules/kubernetes/bind/deployment-factory/main.tf
 create mode 100644 modules/kubernetes/bind/main.tf
 create mode 100644 modules/kubernetes/bind/service-factory/main.tf
 create mode 100644 modules/kubernetes/bind/variables.tf
 create mode 100644 modules/kubernetes/blog/main.tf
 create mode 100644 modules/kubernetes/dnscrypt/main.tf
 create mode 100644 modules/kubernetes/f1-stream/main.tf
 create mode 100644 modules/kubernetes/hackmd/main.tf
 create mode 100644 modules/kubernetes/idrac-power-cycle.sh
 create mode 100644 modules/kubernetes/k8s-dashboard/main.tf
 create mode 100644 modules/kubernetes/kms/main.tf
 create mode 100644 modules/kubernetes/kms/variables.tf
 create mode 100644 modules/kubernetes/mailserver/main.tf
 create mode 100644 modules/kubernetes/mailserver/variables.tf
 create mode 100644 modules/kubernetes/main.tf
 create mode 100644 modules/kubernetes/metallb/main.tf
 create mode 100644 modules/kubernetes/monitoring/grafana_chart_values.yaml
 create mode 100644 modules/kubernetes/monitoring/main.tf
 create mode 100644 modules/kubernetes/monitoring/prometheus_chart_values.tpl
 create mode 100644 modules/kubernetes/openid_help_page/main.tf
 create mode 100644 modules/kubernetes/pihole/main.tf
 create mode 100644 modules/kubernetes/privatebin/main.tf
 create mode 100644 modules/kubernetes/setup_tls_secret/main.tf
 create mode 100644 modules/kubernetes/versions.tf
 create mode 100644 modules/kubernetes/webhook_handler/main.tf
 create mode 120000 playbook
 create mode 100644 versions.tf

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 00000000..856495fb
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,35 @@
+
+# Created by https://www.toptal.com/developers/gitignore/api/terraform
+# Edit at https://www.toptal.com/developers/gitignore?templates=terraform
+
+### Terraform ###
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+*.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
diff --git a/idrac-power-cycle.sh b/idrac-power-cycle.sh
new file mode 100644
index 00000000..6f5a342f
--- /dev/null
+++ b/idrac-power-cycle.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+
+# Get power supply on outside system voltage
+curl -s -k -u root:calvin -H"Content-type: application/json" -X GET https://idrac/redfish/v1/Chassis/System.Embedded.1/Power/PowerSupplies/PSU.Slot.2 |jq .LineInputVoltage
+
+# Power off
+curl -s -k -u root:calvin -X POST -d '{"Action": "Reset", "ResetType": "GracefulShutdown"}' -H"Content-type: application/json" https://idrac/redfish/v1/Systems/System.Embedded.1/Actions/ComputerSystem.Reset
+
+# Power on
+curl -s -k -u root:calvin -X POST -d '{"Action": "Reset", "ResetType": "On"}' -H"Content-type: application/json" https://idrac/redfish/v1/Systems/System.Embedded.1/Actions/ComputerSystem.Reset
diff --git a/main.tf b/main.tf
new file mode 100644
index 00000000..b6e443bf
--- /dev/null
+++ b/main.tf
@@ -0,0 +1,164 @@
+variable "vsphere_password" {}
+variable "vsphere_user" {}
+variable "vsphere_server" {}
+variable "tls_secret_name" {}
+variable "tls_crt" {}
+variable "tls_key" {}
+variable "client_certificate_secret_name" {}
+variable "mailserver_accounts" {}
+variable "mailserver_aliases" {}
+variable "pihole_web_password" {}
+variable "webhook_handler_secret" {}
+variable "wireguard_wg_0_conf" {}
+variable "wireguard_firewall_sh" {}
+variable "hackmd_db_password" {}
+variable "bind_db_viktorbarzin_me" {}
+variable "bind_db_viktorbarzin_lan" {}
+variable "bind_named_conf_options" {}
+variable "alertmanager_account_password" {}
+variable "wireguard_wg_0_key" {}
+
+variable "ansible_prefix" {
+  default     = "ANSIBLE_VAULT_PASSWORD_FILE=~/.ansible/vault_pass.txt ansible-playbook -i playbook/hosts.yaml playbook/linux.yml -t linux/initial_setup"
+  description = "Provisioner command"
+}
+provider "kubernetes" {
+  config_path = "~/.kube/config"
+}
+
+provider "helm" {
+  kubernetes {
+    config_path = "~/.kube/config"
+  }
+}
+
+# Main module to init infra from
+module "pxe_server" {
+  source  = "./modules/create-vm"
+  vm_name = "pxe-server"
+  network = "dManagementVMs"
+  # provisioner_command = "${var.ansible_prefix} -t linux/pxe-server/add-distro"
+  provisioner_command = "# no provisioner needed #" # Noop until ubuntu autoinstall is setup
+
+  vsphere_password = var.vsphere_password
+  vsphere_user     = var.vsphere_user
+  vsphere_server   = var.vsphere_server
+  cdrom_path       = "ISO/ubuntu-server-20.04.1.iso"
+  vm_disk_size     = 50
+  vm_mac_address   = "00:50:56:87:4a:2d"
+}
+
+module "k8s_master" {
+  source              = "./modules/create-vm"
+  vm_name             = "k8s-master"
+  vm_mac_address      = "00:50:56:b0:a1:39"
+  network             = "dKubernetes"
+  provisioner_command = "${var.ansible_prefix} -t linux/k8s/master -e hostname=k8s-master"
+
+  vsphere_password      = var.vsphere_password
+  vsphere_user          = var.vsphere_user
+  vsphere_server        = var.vsphere_server
+  vsphere_datastore     = "r730-datastore"
+  vsphere_resource_pool = "R730"
+
+}
+module "k8s_node1" {
+  source              = "./modules/create-vm"
+  vm_name             = "k8s-node1"
+  vm_mac_address      = "00:50:56:b0:e0:c9"
+  network             = "dKubernetes"
+  provisioner_command = "${var.ansible_prefix} -t linux/k8s/node -e hostname=k8s-node1 -e k8s_master='wizard@${module.k8s_master.guest_ip}'"
+
+  vsphere_password      = var.vsphere_password
+  vsphere_user          = var.vsphere_user
+  vsphere_server        = var.vsphere_server
+  vsphere_datastore     = "r730-datastore"
+  vsphere_resource_pool = "R730"
+
+}
+
+module "k8s_node2" {
+  source              = "./modules/create-vm"
+  vm_name             = "k8s-node2"
+  vm_mac_address      = "00:50:56:b0:a1:36"
+  network             = "dKubernetes"
+  provisioner_command = "${var.ansible_prefix} -t linux/k8s/node -e hostname=k8s-node2 -e k8s_master='wizard@${module.k8s_master.guest_ip}'"
+
+  vsphere_password      = var.vsphere_password
+  vsphere_user          = var.vsphere_user
+  vsphere_server        = var.vsphere_server
+  vsphere_datastore     = "r730-datastore"
+  vsphere_resource_pool = "R730"
+}
+
+module "k8s_node3" {
+  source              = "./modules/create-vm"
+  vm_name             = "k8s-node3"
+  vm_mac_address      = "00:50:56:b0:a1:37"
+  network             = "dKubernetes"
+  provisioner_command = "${var.ansible_prefix} -t linux/k8s/node -e hostname=k8s-node3 -e k8s_master='wizard@${module.k8s_master.guest_ip}'"
+
+  vsphere_password      = var.vsphere_password
+  vsphere_user          = var.vsphere_user
+  vsphere_server        = var.vsphere_server
+  vsphere_datastore     = "r730-datastore"
+  vsphere_resource_pool = "R730"
+}
+
+module "k8s_node4" {
+  source              = "./modules/create-vm"
+  vm_name             = "k8s-node4"
+  vm_mac_address      = "00:50:56:b0:a1:38"
+  network             = "dKubernetes"
+  provisioner_command = "${var.ansible_prefix} -t linux/k8s/node -e hostname=k8s-node4 -e k8s_master='wizard@${module.k8s_master.guest_ip}'"
+
+  vsphere_password      = var.vsphere_password
+  vsphere_user          = var.vsphere_user
+  vsphere_server        = var.vsphere_server
+  vsphere_datastore     = "r730-datastore"
+  vsphere_resource_pool = "R730"
+}
+
+module "k8s_node5" {
+  source              = "./modules/create-vm"
+  vm_name             = "k8s-node5"
+  vm_mac_address      = "00:50:56:b0:a1:40"
+  network             = "dKubernetes"
+  provisioner_command = "${var.ansible_prefix} -t linux/k8s/node -e hostname=k8s-node5 -e k8s_master='wizard@${module.k8s_master.guest_ip}'"
+
+  vsphere_password      = var.vsphere_password
+  vsphere_user          = var.vsphere_user
+  vsphere_server        = var.vsphere_server
+  vsphere_datastore     = "r730-datastore"
+  vsphere_resource_pool = "R730"
+}
+
+# resource "null_resource" "test" {
+#   provisioner "local-exec" {
+#     working_dir = "/home/viktor/"
+#     command     = "ANSIBLE_VAULT_PASSWORD_FILE=~/.ansible/vault_pass.txt ansible-playbook -i playbook/hosts.yaml playbook/linux.yml -t linux/k8s/node -e host='10.0.40.126'"
+#   }
+# }
+
+module "kubernetes_cluster" {
+  source = "./modules/kubernetes"
+
+  tls_secret_name                = var.tls_secret_name
+  tls_crt                        = var.tls_crt
+  tls_key                        = var.tls_key
+  client_certificate_secret_name = var.client_certificate_secret_name
+  mailserver_accounts            = var.mailserver_accounts
+  mailserver_aliases             = var.mailserver_aliases
+  pihole_web_password            = var.pihole_web_password
+  webhook_handler_secret         = var.webhook_handler_secret
+  wireguard_wg_0_conf            = var.wireguard_wg_0_conf
+  wireguard_wg_0_key             = var.wireguard_wg_0_key
+  wireguard_firewall_sh          = var.wireguard_firewall_sh
+  hackmd_db_password             = var.hackmd_db_password
+
+  bind_db_viktorbarzin_me  = var.bind_db_viktorbarzin_me
+  bind_db_viktorbarzin_lan = var.bind_db_viktorbarzin_lan
+  bind_named_conf_options  = var.bind_named_conf_options
+
+  alertmanager_account_password = var.alertmanager_account_password
+}
diff --git a/migrate_tfstate.txt b/migrate_tfstate.txt
new file mode 100644
index 00000000..4ebc3c7e
--- /dev/null
+++ b/migrate_tfstate.txt
@@ -0,0 +1,4 @@
+# Steps to migrate 1 .tfstate into another
+
+# Inside the dir to be migrated out from do:
+for s in $(tf state list); do tf state mv -state-out=../../terraform.tfstate $s "module.UPPER_WORKSPACE_MODULE_NAME.$s"; done
diff --git a/modules/create-vm/main.tf b/modules/create-vm/main.tf
new file mode 100644
index 00000000..611648ea
--- /dev/null
+++ b/modules/create-vm/main.tf
@@ -0,0 +1,153 @@
+variable "vsphere_user" {
+  default = "Administrator@viktorbarzin.lan"
+}
+variable "vsphere_password" {}
+variable "vsphere_server" {
+  default = "vcenter"
+}
+variable "vm_name" {
+  default = "terraform-test"
+}
+variable "vm_cpus" {
+  type    = number
+  default = 4
+}
+
+variable "vm_mem" {
+  type    = number
+  default = 4096
+}
+
+variable "vm_guest_id" {
+  default = "ubuntu64Guest"
+}
+
+variable "vm_disk_size" {
+  type    = number
+  default = 64
+}
+
+variable "provisioner_command" {
+  description = "Additional provisioning commands to run"
+  # default     = "#"
+  type = string
+}
+
+variable "network" {
+  description = "Network to attach the vm guest to"
+}
+
+variable "ceph_disk_size" {
+  type    = number
+  default = 0
+}
+
+variable "cdrom_path" {
+  type    = string
+  default = ""
+}
+
+variable "vsphere_datastore" {
+  type    = string
+  default = "r730-datastore"
+}
+
+variable "vsphere_resource_pool" {
+  type    = string
+  default = "R730"
+}
+
+variable "vm_mac_address" {
+  type    = string
+  default = ""
+}
+
+provider "vsphere" {
+  user           = var.vsphere_user
+  password       = var.vsphere_password
+  vsphere_server = var.vsphere_server
+
+  # If you have a self-signed cert
+  allow_unverified_ssl = true
+}
+
+data "vsphere_datacenter" "dc" {
+  name = "Home"
+}
+
+data "vsphere_datastore" "datastore" {
+  name          = var.vsphere_datastore
+  datacenter_id = data.vsphere_datacenter.dc.id
+}
+
+data "vsphere_resource_pool" "pool" {
+  name          = var.vsphere_resource_pool
+  datacenter_id = data.vsphere_datacenter.dc.id
+}
+
+data "vsphere_network" "network" {
+  name          = var.network
+  datacenter_id = data.vsphere_datacenter.dc.id
+}
+
+resource "vsphere_virtual_machine" "vm" {
+  name             = var.vm_name
+  resource_pool_id = data.vsphere_resource_pool.pool.id
+  datastore_id     = data.vsphere_datastore.datastore.id
+
+  num_cpus = var.vm_cpus
+  memory   = var.vm_mem
+  guest_id = var.vm_guest_id
+
+  # If mac address is set create NIC with that MAC
+  dynamic "network_interface" {
+    for_each = var.vm_mac_address != "" ? [1] : []
+    content {
+      network_id     = data.vsphere_network.network.id
+      use_static_mac = true
+      mac_address    = var.vm_mac_address
+    }
+  }
+
+  # Else create a NIC with random MAC
+  dynamic "network_interface" {
+    for_each = var.vm_mac_address == "" ? [1] : []
+    content {
+      network_id = data.vsphere_network.network.id
+    }
+  }
+
+  disk {
+    label = "disk0"
+    size  = var.vm_disk_size
+  }
+
+  dynamic "disk" {
+    for_each = var.ceph_disk_size > 0 ? [1] : []
+    content {
+      label       = "ceph-disk0"
+      size        = var.ceph_disk_size
+      unit_number = 1
+    }
+  }
+
+  dynamic "cdrom" {
+    for_each = var.cdrom_path != "" ? [1] : []
+    content {
+      datastore_id = data.vsphere_datastore.datastore.id
+      path         = var.cdrom_path
+    }
+  }
+  wait_for_guest_net_timeout = 600
+
+  provisioner "local-exec" {
+    # for_each = var.provisioner_command != "" ? [1] : []
+    # content {
+    command = "${var.provisioner_command} -e 'host=${vsphere_virtual_machine.vm.default_ip_address}'"
+    # }
+  }
+}
+
+output "guest_ip" {
+  value = vsphere_virtual_machine.vm.default_ip_address
+}
diff --git a/modules/kubernetes/bind/deployment-factory/main.tf b/modules/kubernetes/bind/deployment-factory/main.tf
new file mode 100644
index 00000000..fbdda146
--- /dev/null
+++ b/modules/kubernetes/bind/deployment-factory/main.tf
@@ -0,0 +1,85 @@
+variable "named_conf_mounts" {}
+variable "deployment_name" {}
+
+resource "kubernetes_deployment" "bind" {
+  metadata {
+    name      = var.deployment_name
+    namespace = "bind"
+    labels = {
+      "app" = "bind"
+      "kubernetes.io/cluster-service" : "true"
+    }
+  }
+  spec {
+    replicas = "3"
+    selector {
+      match_labels = {
+        "app" = var.deployment_name
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          "app" = var.deployment_name
+          "kubernetes.io/cluster-service" : "true"
+        }
+      }
+      spec {
+        container {
+          name              = "bind"
+          image             = "resystit/bind9:latest"
+          image_pull_policy = "IfNotPresent"
+          port {
+            container_port = 53
+            protocol       = "UDP"
+          }
+          volume_mount {
+            mount_path = "/etc/bind/named.conf"
+            sub_path   = "named.conf"
+            name       = "bindconf"
+          }
+
+          dynamic "volume_mount" {
+            for_each = [for m in var.named_conf_mounts :
+              {
+                name       = m.name
+                mount_path = m.mount_path
+                sub_path   = m.sub_path
+            }]
+            content {
+              name       = volume_mount.value.name
+              mount_path = volume_mount.value.mount_path
+              sub_path   = volume_mount.value.sub_path
+            }
+          }
+
+          volume_mount {
+            mount_path = "/etc/bind/db.viktorbarzin.me"
+            sub_path   = "db.viktorbarzin.me"
+            name       = "bindconf"
+          }
+          volume_mount {
+            mount_path = "/etc/bind/db.viktorbarzin.lan"
+            sub_path   = "db.viktorbarzin.lan"
+            name       = "bindconf"
+          }
+        }
+        container {
+          name              = "bind-exporter"
+          image             = "prometheuscommunity/bind-exporter:latest"
+          image_pull_policy = "IfNotPresent"
+          port {
+            container_port = 9119
+          }
+        }
+
+        volume {
+          name = "bindconf"
+          config_map {
+            name = "bind-configmap"
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/modules/kubernetes/bind/main.tf b/modules/kubernetes/bind/main.tf
new file mode 100644
index 00000000..c8b75338
--- /dev/null
+++ b/modules/kubernetes/bind/main.tf
@@ -0,0 +1,72 @@
+variable "db_viktorbarzin_me" {}
+variable "db_viktorbarzin_lan" {}
+variable "named_conf_options" {}
+
+resource "kubernetes_namespace" "bind" {
+  metadata {
+    name = "bind"
+  }
+}
+
+resource "kubernetes_config_map" "bind_configmap" {
+  metadata {
+    name      = "bind-configmap"
+    namespace = "bind"
+  }
+
+  data = {
+    "db.viktorbarzin.lan"       = var.db_viktorbarzin_lan
+    "db.viktorbarzin.me"        = var.db_viktorbarzin_me
+    "named.conf"                = var.named_conf
+    "named.conf.local"          = var.named_conf_local
+    "named.conf.options"        = var.named_conf_options
+    "public-named.conf.local"   = var.public_named_conf_local
+    "public-named.conf.options" = var.public_named_conf_options
+  }
+}
+
+module "bind-local-deployment" {
+  source          = "./deployment-factory"
+  deployment_name = "bind"
+  named_conf_mounts = [
+    {
+      "mount_path" = "/etc/bind/named.conf.local"
+      "sub_path"   = "named.conf.local"
+      "name"       = "bindconf"
+    },
+    {
+      mount_path = "/etc/bind/named.conf.options"
+      sub_path   = "named.conf.options"
+      name       = "bindconf"
+    }
+  ]
+}
+
+module "bind-local-service" {
+  source       = "./service-factory"
+  service_name = "bind"
+  port         = 5354
+}
+
+module "bind-public-deployment" {
+  source          = "./deployment-factory"
+  deployment_name = "bind-public"
+  named_conf_mounts = [
+    {
+      "mount_path" = "/etc/bind/named.conf.local"
+      "sub_path"   = "public-named.conf.local"
+      "name"       = "bindconf"
+    },
+    {
+      mount_path = "/etc/bind/named.conf.options"
+      sub_path   = "public-named.conf.options"
+      name       = "bindconf"
+    }
+  ]
+}
+
+module "bind-public-service" {
+  source       = "./service-factory"
+  service_name = "bind-public"
+  port         = 10053
+}
diff --git a/modules/kubernetes/bind/service-factory/main.tf b/modules/kubernetes/bind/service-factory/main.tf
new file mode 100644
index 00000000..d64a4a7e
--- /dev/null
+++ b/modules/kubernetes/bind/service-factory/main.tf
@@ -0,0 +1,28 @@
+variable "service_name" {}
+variable "port" {}
+
+resource "kubernetes_service" "bind" {
+  metadata {
+    name      = var.service_name
+    namespace = "bind"
+    annotations = {
+      "metallb.universe.tf/allow-shared-ip" = "shared"
+    }
+    labels = {
+      "app" = var.service_name
+    }
+  }
+  spec {
+    type                    = "LoadBalancer"
+    external_traffic_policy = "Cluster"
+    selector = {
+      "app" = var.service_name
+    }
+    port {
+      name        = "dns"
+      protocol    = "UDP"
+      port        = var.port
+      target_port = "53"
+    }
+  }
+}
diff --git a/modules/kubernetes/bind/variables.tf b/modules/kubernetes/bind/variables.tf
new file mode 100644
index 00000000..519048a8
--- /dev/null
+++ b/modules/kubernetes/bind/variables.tf
@@ -0,0 +1,71 @@
+variable "named_conf" {
+  default = <<EOT
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
+// structure of BIND configuration files in Debian, *BEFORE* you customize
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+//include "/etc/bind/named.conf.default-zones";
+EOT
+}
+
+variable "named_conf_local" {
+  default = <<EOT
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
+zone "viktorbarzin.me" {
+  type master;
+  file "/etc/bind/db.viktorbarzin.me";
+};
+
+zone "viktorbarzin.lan" {
+  type master;
+  file "/etc/bind/db.viktorbarzin.lan";
+};
+EOT
+}
+
+variable "public_named_conf_local" {
+  default = <<EOT
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
+zone "viktorbarzin.me" {
+  type master;
+  file "/etc/bind/db.viktorbarzin.me";
+};
+EOT
+}
+
+variable "public_named_conf_options" {
+  default = <<EOT
+options {
+  querylog yes;
+  directory "/tmp/";
+  listen-on {
+    any;
+  };
+  dnssec-validation auto;
+
+  allow-recursion {
+    none;
+  };
+};
+EOT
+}
diff --git a/modules/kubernetes/blog/main.tf b/modules/kubernetes/blog/main.tf
new file mode 100644
index 00000000..88062436
--- /dev/null
+++ b/modules/kubernetes/blog/main.tf
@@ -0,0 +1,130 @@
+variable "tls_secret_name" {}
+variable "tls_crt" {}
+variable "tls_key" {}
+
+resource "kubernetes_namespace" "website" {
+  metadata {
+    name = "website"
+  }
+}
+
+module "tls_secret" {
+  source          = "../setup_tls_secret"
+  namespace       = "website"
+  tls_secret_name = var.tls_secret_name
+  tls_crt         = var.tls_crt
+  tls_key         = var.tls_key
+}
+
+resource "kubernetes_deployment" "blog" {
+  metadata {
+    name      = "blog"
+    namespace = "website"
+    labels = {
+      run = "blog"
+    }
+  }
+  spec {
+    replicas = 3
+    selector {
+      match_labels = {
+        run = "blog"
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          run = "blog"
+        }
+      }
+      spec {
+        container {
+          image = "viktorbarzin/blog:latest"
+          name  = "blog"
+          resources {
+            limits = {
+              cpu    = "0.5"
+              memory = "512Mi"
+            }
+            requests = {
+              cpu    = "250m"
+              memory = "50Mi"
+            }
+          }
+          port {
+            container_port = 80
+          }
+        }
+
+        container {
+          image = "nginx/nginx-prometheus-exporter"
+          name  = "nginx-exporter"
+          args  = ["-nginx.scrape-uri", "http://127.0.0.1:8080/nginx_status"]
+          port {
+            container_port = 9113
+          }
+        }
+      }
+    }
+  }
+}
+
+resource "kubernetes_service" "blog" {
+  metadata {
+    name      = "blog"
+    namespace = "website"
+    labels = {
+      "run" = "blog"
+    }
+    annotations = {
+      "prometheus.io/scrape" = "true"
+      "prometheus.io/path"   = "/metrics"
+      "prometheus.io/port"   = "9113"
+    }
+  }
+
+  spec {
+    selector = {
+      run = "blog"
+    }
+    port {
+      name        = "http"
+      port        = "80"
+      target_port = "80"
+    }
+    port {
+      name        = "prometheus"
+      port        = "9113"
+      target_port = "9113"
+    }
+  }
+}
+
+resource "kubernetes_ingress" "blog" {
+  metadata {
+    name      = "blog-ingress"
+    namespace = "website"
+    annotations = {
+      "kubernetes.io/ingress.class" = "nginx"
+    }
+  }
+
+  spec {
+    tls {
+      hosts       = ["viktorbarzin.me"]
+      secret_name = var.tls_secret_name
+    }
+    rule {
+      host = "viktorbarzin.me"
+      http {
+        path {
+          path = "/"
+          backend {
+            service_name = "blog"
+            service_port = "80"
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/modules/kubernetes/dnscrypt/main.tf b/modules/kubernetes/dnscrypt/main.tf
new file mode 100644
index 00000000..753d5ce9
--- /dev/null
+++ b/modules/kubernetes/dnscrypt/main.tf
@@ -0,0 +1,92 @@
+resource "kubernetes_namespace" "dnscrypt" {
+  metadata {
+    name = "dnscrypt"
+  }
+}
+
+resource "kubernetes_config_map" "dnscrypt" {
+  metadata {
+    name      = "dnscrypt-proxy-configmap"
+    namespace = "dnscrypt"
+  }
+  data = {
+    "dnscrypt-proxy.toml" = var.dnscrypt_proxy_toml
+  }
+}
+
+resource "kubernetes_deployment" "dnscrypt" {
+  metadata {
+    name      = "dnscrypt-proxy"
+    namespace = "dnscrypt"
+    labels = {
+      app                             = "dnscrypt-proxy"
+      "kubernetes.io/cluster-service" = "true"
+    }
+  }
+  spec {
+    replicas = 3
+    selector {
+      match_labels = {
+        app = "dnscrypt-proxy"
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          app                             = "dnscrypt-proxy"
+          "kubernetes.io/cluster-service" = "true"
+        }
+      }
+      spec {
+        container {
+          image             = "gists/dnscrypt-proxy:latest"
+          name              = "dnscrypt-proxy"
+          image_pull_policy = "IfNotPresent"
+          port {
+            container_port = 53
+            protocol       = "UDP"
+          }
+          volume_mount {
+            name       = "config"
+            mount_path = "/etc/dnscrypt-proxy/"
+          }
+        }
+        volume {
+          name = "config"
+          config_map {
+            name = "dnscrypt-proxy-configmap"
+            items {
+              key  = "dnscrypt-proxy.toml"
+              path = "dnscrypt-proxy.toml"
+            }
+          }
+        }
+      }
+    }
+  }
+}
+
+resource "kubernetes_service" "dnscrypt" {
+  metadata {
+    name      = "dnscrypt-proxy"
+    namespace = "dnscrypt"
+    labels = {
+      "app" = "dnscrypt-proxy"
+    }
+    annotations = {
+      "metallb.universe.tf/allow-shared-ip" = "shared"
+    }
+  }
+  spec {
+    type = "LoadBalancer"
+    selector = {
+      app = "dnscrypt-proxy"
+    }
+    port {
+      name        = "dns"
+      protocol    = "UDP"
+      port        = "5353"
+      target_port = "53"
+    }
+  }
+}
diff --git a/modules/kubernetes/f1-stream/main.tf b/modules/kubernetes/f1-stream/main.tf
new file mode 100644
index 00000000..e2f79306
--- /dev/null
+++ b/modules/kubernetes/f1-stream/main.tf
@@ -0,0 +1,113 @@
+variable tls_secret_name {}
+variable "tls_crt" {}
+variable "tls_key" {}
+
+resource "kubernetes_namespace" "f1-stream" {
+  metadata {
+    name = "f1-stream"
+  }
+}
+
+resource "kubernetes_deployment" "f1-stream" {
+  metadata {
+    name      = "f1-stream"
+    namespace = "f1-stream"
+    labels = {
+      app = "f1-stream"
+    }
+  }
+  spec {
+    replicas = 3
+    selector {
+      match_labels = {
+        app = "f1-stream"
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          app = "f1-stream"
+        }
+      }
+      spec {
+        container {
+          image = "viktorbarzin/f1-stream:latest"
+          name  = "f1-stream"
+          resources {
+            limits = {
+              cpu    = "0.5"
+              memory = "512Mi"
+            }
+            requests = {
+              cpu    = "250m"
+              memory = "512Mi"
+            }
+          }
+          port {
+            container_port = 80
+          }
+        }
+      }
+    }
+  }
+}
+
+
+resource "kubernetes_service" "f1-stream" {
+  metadata {
+    name      = "f1-stream"
+    namespace = "f1-stream"
+    labels = {
+      "app" = "f1-stream"
+    }
+  }
+
+  spec {
+    selector = {
+      app = "f1-stream"
+    }
+    port {
+      port = "80"
+    }
+  }
+}
+
+module "tls_secret" {
+  source          = "../setup_tls_secret"
+  namespace       = "f1-stream"
+  tls_secret_name = var.tls_secret_name
+  tls_crt         = var.tls_crt
+  tls_key         = var.tls_key
+}
+
+
+resource "kubernetes_ingress" "f1-stream" {
+  metadata {
+    name      = "f1-ingress"
+    namespace = "f1-stream"
+    annotations = {
+      "kubernetes.io/ingress.class" = "nginx"
+      "nginx.ingress.kubernetes.io/force-ssl-redirect" : "false"
+      "nginx.ingress.kubernetes.io/ssl-redirect" : "false"
+    }
+  }
+
+  spec {
+    tls {
+      hosts       = ["f1.viktorbarzin.me"]
+      secret_name = var.tls_secret_name
+    }
+    rule {
+      host = "f1.viktorbarzin.me"
+      http {
+        path {
+          path = "/"
+          backend {
+            service_name = "f1-stream"
+            service_port = "80"
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/modules/kubernetes/hackmd/main.tf b/modules/kubernetes/hackmd/main.tf
new file mode 100644
index 00000000..51a7ba25
--- /dev/null
+++ b/modules/kubernetes/hackmd/main.tf
@@ -0,0 +1,168 @@
+variable "tls_secret_name" {}
+variable "tls_crt" {}
+variable "tls_key" {}
+variable "hackmd_db_password" {}
+
+resource "kubernetes_namespace" "hackmd" {
+  metadata {
+    name = "hackmd"
+  }
+}
+
+module "tls_secret" {
+  source          = "../setup_tls_secret"
+  namespace       = "hackmd"
+  tls_secret_name = var.tls_secret_name
+  tls_crt         = var.tls_crt
+  tls_key         = var.tls_key
+}
+
+resource "kubernetes_deployment" "hackmd" {
+  metadata {
+    name      = "hackmd"
+    namespace = "hackmd"
+    labels = {
+      app                             = "hackmd"
+      "kubernetes.io/cluster-service" = "true"
+    }
+  }
+  spec {
+    replicas = 1
+    strategy {
+      type = "Recreate"
+    }
+    selector {
+      match_labels = {
+        app = "hackmd"
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          app                             = "hackmd"
+          "kubernetes.io/cluster-service" = "true"
+        }
+      }
+      spec {
+        container {
+          image             = "postgres:11.6-alpine"
+          name              = "postgres"
+          image_pull_policy = "IfNotPresent"
+          env {
+            name  = "POSTGRES_USER"
+            value = "codimd"
+          }
+          env {
+            name  = "POSTGRES_PASSWORD"
+            value = var.hackmd_db_password
+          }
+          env {
+            name  = "POSTGRES_DB"
+            value = "codimd"
+          }
+          resources {
+            limits = {
+              cpu    = "1"
+              memory = "1Gi"
+            }
+            requests = {
+              cpu    = "1"
+              memory = "1Gi"
+            }
+          }
+          port {
+            container_port = 80
+          }
+          volume_mount {
+            name       = "data"
+            mount_path = "/var/lib/postgresql/data"
+            sub_path   = "postgres"
+          }
+        }
+
+        container {
+          name              = "codumd"
+          image             = "nabo.codimd.dev/hackmdio/hackmd:2.0.1"
+          image_pull_policy = "IfNotPresent"
+          env {
+            name  = "CMD_DB_URL"
+            value = format("%s%s%s", "postgres://codimd:", var.hackmd_db_password, "@localhost/codimd")
+          }
+          env {
+            name  = "CMD_USECDN"
+            value = "false"
+          }
+          volume_mount {
+            name       = "data"
+            mount_path = "/home/hackmd/app/public/uploads"
+            sub_path   = "hackmd"
+          }
+          port {
+            name           = "http"
+            container_port = 3000
+            protocol       = "TCP"
+          }
+        }
+        volume {
+          name = "data"
+          iscsi {
+            target_portal = "iscsi.viktorbarzin.lan:3260"
+            fs_type       = "ext4"
+            iqn           = "iqn.2020-12.lan.viktorbarzin:storage:hackmd"
+            lun           = 0
+            read_only     = false
+          }
+        }
+      }
+    }
+  }
+}
+
+resource "kubernetes_service" "hackmd" {
+  metadata {
+    name      = "hackmd"
+    namespace = "hackmd"
+    labels = {
+      "app" = "hackmd"
+    }
+  }
+
+  spec {
+    selector = {
+      app = "hackmd"
+    }
+    port {
+      port        = "80"
+      target_port = "3000"
+    }
+  }
+}
+
+resource "kubernetes_ingress" "hackmd" {
+  metadata {
+    name      = "hackmd-ingress"
+    namespace = "hackmd"
+    annotations = {
+      "kubernetes.io/ingress.class" = "nginx"
+    }
+  }
+
+  spec {
+    tls {
+      hosts       = ["hackmd.viktorbarzin.me"]
+      secret_name = var.tls_secret_name
+    }
+    rule {
+      host = "hackmd.viktorbarzin.me"
+      http {
+        path {
+          path = "/"
+          backend {
+            service_name = "hackmd"
+            service_port = "80"
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/modules/kubernetes/idrac-power-cycle.sh b/modules/kubernetes/idrac-power-cycle.sh
new file mode 100644
index 00000000..41b7f497
--- /dev/null
+++ b/modules/kubernetes/idrac-power-cycle.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+user="user"
+pass="pass"
+# Get power supply on outside system voltage
+curl -s -k -u $user:$pass -H"Content-type: application/json" -X GET https://idrac/redfish/v1/Chassis/System.Embedded.1/Power/PowerSupplies/PSU.Slot.2 |jq .LineInputVoltage
+
+# Power off
+curl -s -k -u $user:$pass -X POST -d '{"Action": "Reset", "ResetType": "GracefulShutdown"}' -H"Content-type: application/json" https://idrac/redfish/v1/Systems/System.Embedded.1/Actions/ComputerSystem.Reset
+
+# Power on
+curl -s -k -u $user:$pass -X POST -d '{"Action": "Reset", "ResetType": "On"}' -H"Content-type: application/json" https://idrac/redfish/v1/Systems/System.Embedded.1/Actions/ComputerSystem.Reset
diff --git a/modules/kubernetes/k8s-dashboard/main.tf b/modules/kubernetes/k8s-dashboard/main.tf
new file mode 100644
index 00000000..67a729a3
--- /dev/null
+++ b/modules/kubernetes/k8s-dashboard/main.tf
@@ -0,0 +1,95 @@
+variable "tls_secret_name" {}
+variable "tls_crt" {}
+variable "tls_key" {}
+variable "client_certificate_secret_name" {}
+
+module "dashboard" {
+  #   source = "cookielab/dashboard/kubernetes"
+  # source  = "ViktorBarzin/dashboard/kubernetes"
+  # version = "0.13.0"
+  # TODO: update this once merged
+  source = "/opt/terraform-kubernetes-dashboard"
+  # insert the 1 required variable here
+  kubernetes_dashboard_csrf = "kekerino"
+  kubernetes_dashboard_deployment_args = list(
+    "--auto-generate-certificates",
+    "--token-ttl=0"
+  )
+}
+
+module "tls_secret" {
+  source          = "../setup_tls_secret"
+  namespace       = "kubernetes-dashboard"
+  tls_secret_name = var.tls_secret_name
+  tls_crt         = var.tls_crt
+  tls_key         = var.tls_key
+}
+
+# # locals {
+# #   resources = split("---\n", file("${path.module}/recommended.yaml"))
+# # }
+# # resource "k8s_manifest" "kubernetes-dashboard-manifests" {
+# #   count = length(local.resources) - 1
+# #   # count   = 2
+# #   #   content = local.resources[1 + count.index]
+# #   #   content = file("${path.module}/recommended.yaml")
+# #   content    = local.resources[1]
+# #   depends_on = [kubernetes_namespace.kubernetes-dashboard]
+# # }
+# resource "kubectl_manifest" "kubernetes-dashboard-manifests" {
+#   yaml_body  = file("${path.module}/recommended.yaml")
+#   force_new  = true
+#   depends_on = [kubernetes_namespace.kubernetes-dashboard]
+# }
+
+resource "kubernetes_ingress" "kubernetes-dashboard" {
+  metadata {
+    name      = "kubernetes-dashboard"
+    namespace = "kubernetes-dashboard"
+    annotations = {
+      "kubernetes.io/ingress.class"                        = "nginx"
+      "nginx.ingress.kubernetes.io/backend-protocol"       = "HTTPS"
+      "nginx.ingress.kubernetes.io/force-ssl-redirect"     = "true"
+      "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on"
+      "nginx.ingress.kubernetes.io/auth-tls-secret"        = var.client_certificate_secret_name
+    }
+  }
+
+  spec {
+    tls {
+      hosts       = ["k8s.viktorbarzin.me"]
+      secret_name = var.tls_secret_name
+    }
+    rule {
+      host = "k8s.viktorbarzin.me"
+      http {
+        path {
+          path = "/"
+          backend {
+            service_name = "kubernetes-dashboard"
+            service_port = "443"
+          }
+        }
+      }
+    }
+  }
+  depends_on = [module.dashboard]
+}
+
+# Give cluster-admin permissions to dashboard
+resource "kubernetes_cluster_role_binding" "kubernetes-dashboard" {
+  metadata {
+    name = "admin-user"
+  }
+  role_ref {
+    api_group = "rbac.authorization.k8s.io"
+    kind      = "ClusterRole"
+    name      = "cluster-admin"
+  }
+  subject {
+    kind      = "ServiceAccount"
+    name      = "kubernetes-dashboard"
+    namespace = "kubernetes-dashboard"
+  }
+  depends_on = [module.dashboard]
+}
diff --git a/modules/kubernetes/kms/main.tf b/modules/kubernetes/kms/main.tf
new file mode 100644
index 00000000..8b448aa5
--- /dev/null
+++ b/modules/kubernetes/kms/main.tf
@@ -0,0 +1,209 @@
+variable "tls_secret_name" {}
+variable "tls_crt" {}
+variable "tls_key" {}
+
+
+resource "kubernetes_namespace" "kms" {
+  metadata {
+    name = "kms"
+  }
+}
+
+module "tls_secret" {
+  source          = "../setup_tls_secret"
+  namespace       = "kms"
+  tls_secret_name = var.tls_secret_name
+  tls_crt         = var.tls_crt
+  tls_key         = var.tls_key
+}
+
+resource "kubernetes_config_map" "kms-web-page" {
+  metadata {
+    name      = "kms-web-page-config"
+    namespace = "kms"
+  }
+  data = {
+    "index.html" = var.index_html
+  }
+}
+
+resource "kubernetes_deployment" "kms-web-page" {
+  metadata {
+    name      = "kms-web-page"
+    namespace = "kms"
+    labels = {
+      "app"                           = "kms-web-page"
+      "kubernetes.io/cluster-service" = "true"
+    }
+  }
+  spec {
+    replicas = 3
+    selector {
+      match_labels = {
+        "app" = "kms-web-page"
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          "app"                           = "kms-web-page"
+          "kubernetes.io/cluster-service" = "true"
+        }
+      }
+      spec {
+        container {
+          image             = "nginx"
+          name              = "kms-web-page"
+          image_pull_policy = "IfNotPresent"
+          resources {
+            limits = {
+              cpu    = "0.5"
+              memory = "512Mi"
+            }
+            requests = {
+              cpu    = "0.5"
+              memory = "512Mi"
+            }
+          }
+          port {
+            container_port = 80
+            protocol       = "TCP"
+          }
+          volume_mount {
+            name       = "config"
+            mount_path = "/usr/share/nginx/html/"
+          }
+        }
+
+        volume {
+          name = "config"
+          config_map {
+            name = "kms-web-page-config"
+            items {
+              key  = "index.html"
+              path = "index.html"
+            }
+          }
+        }
+      }
+    }
+  }
+  depends_on = [kubernetes_config_map.kms-web-page]
+}
+
+resource "kubernetes_service" "kms-web-page" {
+  metadata {
+    name      = "kms-web-page"
+    namespace = "kms"
+    labels = {
+      "app" = "kms-web-page"
+    }
+  }
+
+  spec {
+    selector = {
+      "app" = "kms-web-page"
+    }
+    port {
+      port     = "80"
+      protocol = "TCP"
+    }
+  }
+}
+
+resource "kubernetes_ingress" "kms-web-page" {
+  metadata {
+    name      = "kms-web-page"
+    namespace = "kms"
+    annotations = {
+      "kubernetes.io/ingress.class" = "nginx"
+    }
+  }
+
+  spec {
+    tls {
+      hosts       = ["kms.viktorbarzin.me"]
+      secret_name = var.tls_secret_name
+    }
+    rule {
+      host = "kms.viktorbarzin.me"
+      http {
+        path {
+          path = "/"
+          backend {
+            service_name = "kms-web-page"
+            service_port = "80"
+          }
+        }
+      }
+    }
+  }
+}
+
+resource "kubernetes_deployment" "windows_kms" {
+  metadata {
+    name      = "kms"
+    namespace = "kms"
+    labels = {
+      app = "kms-service"
+    }
+  }
+  spec {
+    replicas = 1
+    selector {
+      match_labels = {
+        app = "kms-service"
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          app = "kms-service"
+        }
+      }
+      spec {
+        container {
+          image = "kebe/vlmcsd:latest"
+          name  = "windows-kms"
+          resources {
+            limits = {
+              cpu    = "1"
+              memory = "512Mi"
+            }
+            requests = {
+              cpu    = "1"
+              memory = "50Mi"
+            }
+          }
+          port {
+            container_port = 1688
+          }
+        }
+      }
+    }
+  }
+}
+
+resource "kubernetes_service" "windows_kms" {
+  metadata {
+    name      = "windows-kms"
+    namespace = "kms"
+    labels = {
+      "app" = "windows-kms"
+    }
+    annotations = {
+      "metallb.universe.tf/allow-shared-ip" = "shared"
+    }
+  }
+
+  spec {
+    type                    = "LoadBalancer"
+    external_traffic_policy = "Cluster"
+    selector = {
+      "app" = "windows-kms"
+    }
+    port {
+      port = "1688"
+    }
+  }
+}
diff --git a/modules/kubernetes/kms/variables.tf b/modules/kubernetes/kms/variables.tf
new file mode 100644
index 00000000..6baa99a9
--- /dev/null
+++ b/modules/kubernetes/kms/variables.tf
@@ -0,0 +1,68 @@
+variable "index_html" {
+
+  default = <<EOT
+<h1>How to activate windows</h1>
+Open the following link and find a key for you version of windows: </br>
+<b><a href="https://goo.gl/BcrPjW" target="_blank">https://goo.gl/BcrPjW</a></b>
+</br>
+</br>
+Open cmd as <b>Administrator</b> and run the following: </br>
+</br>
+<b>slmgr.vbs /ipk key_for_your_windows</b>
+</br>
+<b>slmgr.vbs /skms kms.viktorbarzin.me </b>
+<br>
+<b>
+    slmgr /ato
+</b>
+<br>
+<p>
+<h3> If you have an evaluation windows, you need to change it to retail one. This is how:</h3>
+<br>
+From an elevated command prompt, determine the current edition name with the command <br>
+<strong>DISM /online /Get-CurrentEdition</strong>.
+<br>Make note of the edition ID, an abbreviated form of the edition name. Then run
+<br>
+<strong>DISM /online /Set-Edition:<edition ID> /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX /AcceptEula</strong>
+<br> providing the edition ID and a retail product key. The server will restart
+</p>
+<hr>
+
+
+<h1>How to activate Microsoft Office</h1>
+<br>
+<b>
+    CD \Program Files\Microsoft Office\Office16 </b> OR <b>CD \Program Files (x86)\Microsoft Office\Office16
+</b>
+<br>
+<b>
+    cscript ospp.vbs /sethst:kms.viktorbarzin.me
+</b>
+<br>
+<b>
+    cscript ospp.vbs /inpkey:xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
+</b>
+<br>
+where 'xxxx' is a key for your office. Some examples for office 2016 - <a
+    href="https://www.techdee.com/microsoft-office-2016-product-key/">https://www.techdee.com/microsoft-office-2016-product-key/</a>
+<br>
+<b>
+    cscript ospp.vbs /act
+</b>
+
+<br>
+<br>
+If you messed up activation settings reset them using
+<br>
+slmgr /upk
+
+<br>
+slmgr /cpky
+<br>
+and
+<br>
+slmgr /rearm
+
+<h3>Buy me a beer :P</h3>
+EOT
+}
diff --git a/modules/kubernetes/mailserver/main.tf b/modules/kubernetes/mailserver/main.tf
new file mode 100644
index 00000000..a0bbdae6
--- /dev/null
+++ b/modules/kubernetes/mailserver/main.tf
@@ -0,0 +1,65 @@
+variable "mailserver_accounts" {}
+variable postfix_account_aliases {}
+
+resource "kubernetes_namespace" "mailserver" {
+  metadata {
+    name = "mailserver"
+  }
+}
+
+resource "kubernetes_config_map" "mailserver_env_config" {
+  metadata {
+    name      = "mailserver.env.config"
+    namespace = "mailserver"
+    labels = {
+      app = "mailserver"
+    }
+  }
+
+  data = {
+    DMS_DEBUG           = "0"
+    ENABLE_CLAMAV       = "0"
+    ENABLE_FAIL2BAN     = "1"
+    ENABLE_FETCHMAIL    = "0"
+    ENABLE_POSTGREY     = "0"
+    ENABLE_SPAMASSASSIN = "0"
+    ENABLE_SRS          = "1"
+    FETCHMAIL_POLL      = "120"
+    ONE_DIR             = "1"
+    OVERRIDE_HOSTNAME   = "mail.viktorbarzin.me"
+    TLS_LEVEL           = "intermediate"
+  }
+}
+
+locals {
+  postfix_accounts_cf = join("\n", [for user, pass in var.mailserver_accounts : "${user}|${bcrypt(pass, 6)}"])
+  #   postfix_accounts_cf = join("\n", [for user, pass in var.mailserver_accounts : format("%s%s%s", user, "|{SHA512-CRYPT}$6$$", sha512(pass))])  # Does not work :/
+}
+
+resource "kubernetes_config_map" "mailserver_config" {
+  metadata {
+    name      = "mailserver.config"
+    namespace = "mailserver"
+
+    labels = {
+      app = "mailserver"
+    }
+  }
+
+  data = {
+    # Actual mail settings
+    "postfix-accounts.cf" = local.postfix_accounts_cf
+    "postfix-main.cf"     = var.postfix_cf
+    "postfix-virtual.cf"  = var.postfix_account_aliases
+
+    KeyTable     = "mail._domainkey.viktorbarzin.me viktorbarzin.me:mail:/etc/opendkim/keys/viktorbarzin.me-mail.key\n"
+    SigningTable = "*@viktorbarzin.me mail._domainkey.viktorbarzin.me\n"
+    TrustedHosts = "127.0.0.1\nlocalhost\n"
+  }
+  # Password hashes are different each time and avoid changing secret constantly. 
+  # Either 1.Create consistent hashes or 2.Find a way to ignore_changes on per password
+  lifecycle {
+    ignore_changes = [data["postfix-accounts.cf"]]
+  }
+
+}
diff --git a/modules/kubernetes/mailserver/variables.tf b/modules/kubernetes/mailserver/variables.tf
new file mode 100644
index 00000000..f20b862b
--- /dev/null
+++ b/modules/kubernetes/mailserver/variables.tf
@@ -0,0 +1,118 @@
+variable "postfix_cf" {
+  default = <<EOT
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian)
+biff = no
+append_dot_mydomain = no
+readme_directory = no
+
+# Basic configuration
+# myhostname =
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+mydestination = $myhostname, localhost.$mydomain, localhost
+relayhost =
+mynetworks = 127.0.0.0/8 [::1]/128 [fe80::]/64 10.47.0.11/32
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = all
+inet_protocols = ipv4
+
+# TLS parameters
+smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+#smtpd_tls_CAfile=
+#smtp_tls_CAfile=
+smtpd_tls_security_level = may
+smtpd_use_tls=yes
+smtpd_tls_loglevel = 1
+smtp_tls_security_level = may
+smtp_tls_loglevel = 1
+tls_ssl_options = NO_COMPRESSION
+tls_high_cipherlist = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
+tls_preempt_cipherlist = yes
+smtpd_tls_protocols = !SSLv2,!SSLv3
+smtp_tls_protocols = !SSLv2,!SSLv3
+smtpd_tls_mandatory_ciphers = high
+smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
+smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, RSA+AES, eNULL
+smtpd_tls_dh1024_param_file = /etc/postfix/dhparams.pem
+smtpd_tls_CApath = /etc/ssl/certs
+smtp_tls_CApath = /etc/ssl/certs
+
+# Settings to prevent SPAM early
+smtpd_helo_required = yes
+smtpd_delay_reject = yes
+smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, permit
+smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
+smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_recipient_domain, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net
+smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining
+smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain
+disable_vrfy_command = yes
+
+# Postscreen settings to drop zombies/open relays/spam early
+postscreen_dnsbl_action = enforce
+postscreen_dnsbl_sites = zen.spamhaus.org*3
+        bl.mailspike.net
+        b.barracudacentral.org*2
+        bl.spameatingmonkey.net
+        bl.spamcop.net
+        dnsbl.sorbs.net
+        psbl.surriel.com
+        list.dnswl.org=127.0.[0..255].0*-2
+        list.dnswl.org=127.0.[0..255].1*-3
+        list.dnswl.org=127.0.[0..255].[2..3]*-4
+postscreen_dnsbl_threshold = 3
+postscreen_dnsbl_whitelist_threshold = -1
+postscreen_greet_action = enforce
+postscreen_bare_newline_action = enforce
+
+# SASL
+smtpd_sasl_auth_enable = yes
+smtpd_sasl_path = /var/spool/postfix/private/auth
+smtpd_sasl_type = dovecot
+
+smtpd_sasl_security_options = noanonymous
+smtpd_sasl_local_domain = $mydomain
+broken_sasl_auth_clients = yes
+
+# Mail directory
+virtual_transport = lmtp:unix:/var/run/dovecot/lmtp
+virtual_mailbox_domains = /etc/postfix/vhost
+virtual_mailbox_maps = texthash:/etc/postfix/vmailbox
+virtual_alias_maps = texthash:/etc/postfix/virtual
+
+# Additional option for filtering
+content_filter = smtp-amavis:[127.0.0.1]:10024
+
+# Milters used by DKIM
+milter_protocol = 6
+milter_default_action = accept
+dkim_milter = inet:localhost:8891
+dmarc_milter = inet:localhost:8893
+smtpd_milters = $dkim_milter,$dmarc_milter
+non_smtpd_milters = $dkim_milter
+
+# SPF policy settings
+policyd-spf_time_limit = 3600
+
+# Header checks for content inspection on receiving
+header_checks = pcre:/etc/postfix/maps/header_checks.pcre
+
+# Remove unwanted headers that reveail our privacy
+smtp_header_checks = pcre:/etc/postfix/maps/sender_header_filter.pcre
+myhostname = mail.viktorbarzin.me
+mydomain = viktorbarzin.me
+smtputf8_enable = no
+message_size_limit = 10240000
+sender_canonical_maps = tcp:localhost:10001
+sender_canonical_classes = envelope_sender
+recipient_canonical_maps = tcp:localhost:10002
+recipient_canonical_classes = envelope_recipient,header_recipient
+compatibility_level = 2
+
+always_add_missing_headers = yes
+EOT
+}
+
diff --git a/modules/kubernetes/main.tf b/modules/kubernetes/main.tf
new file mode 100644
index 00000000..8de84b1b
--- /dev/null
+++ b/modules/kubernetes/main.tf
@@ -0,0 +1,133 @@
+variable "tls_secret_name" {}
+variable "tls_crt" {}
+variable "tls_key" {}
+variable "client_certificate_secret_name" {}
+variable "hackmd_db_password" {}
+variable "mailserver_accounts" {}
+variable "mailserver_aliases" {}
+variable "pihole_web_password" {}
+variable "webhook_handler_secret" {}
+variable "wireguard_wg_0_conf" {}
+variable "wireguard_wg_0_key" {}
+variable "wireguard_firewall_sh" {}
+variable "bind_db_viktorbarzin_me" {}
+variable "bind_db_viktorbarzin_lan" {}
+variable "bind_named_conf_options" {}
+variable "alertmanager_account_password" {}
+
+module "blog" {
+  source          = "./blog"
+  tls_secret_name = var.tls_secret_name
+  tls_crt         = var.tls_crt
+  tls_key         = var.tls_key
+}
+
+module "bind" {
+  source              = "./bind"
+  db_viktorbarzin_me  = var.bind_db_viktorbarzin_me
+  db_viktorbarzin_lan = var.bind_db_viktorbarzin_lan
+  named_conf_options  = var.bind_named_conf_options
+}
+
+module "dnscrypt" {
+  source = "./dnscrypt"
+}
+
+module "f1-stream" {
+  source          = "./f1-stream"
+  tls_secret_name = var.tls_secret_name
+  tls_crt         = var.tls_crt
+  tls_key         = var.tls_key
+}
+
+module "hackmd" {
+  source             = "./hackmd"
+  hackmd_db_password = var.hackmd_db_password
+  tls_secret_name    = var.tls_secret_name
+  tls_crt            = var.tls_crt
+  tls_key            = var.tls_key
+}
+
+# TODO
+# module "ingress-nginx" {
+#   source = "./ingress-nginx"
+# }
+
+module "kms" {
+  source          = "./kms"
+  tls_secret_name = var.tls_secret_name
+  tls_crt         = var.tls_crt
+  tls_key         = var.tls_key
+}
+
+# TODO
+# module "kube-system"{}
+
+module "k8s-dashboard" {
+  source                         = "./k8s-dashboard"
+  tls_secret_name                = var.tls_secret_name
+  tls_crt                        = var.tls_crt
+  tls_key                        = var.tls_key
+  client_certificate_secret_name = var.client_certificate_secret_name
+}
+
+module "mailserver" {
+  source                  = "./mailserver"
+  mailserver_accounts     = var.mailserver_accounts
+  postfix_account_aliases = var.mailserver_aliases
+}
+
+module "metallb" {
+  source = "./metallb"
+}
+
+module monitoring {
+  source                        = "./monitoring"
+  tls_secret_name               = var.tls_secret_name
+  tls_crt                       = var.tls_crt
+  tls_key                       = var.tls_key
+  alertmanager_account_password = var.alertmanager_account_password
+}
+
+module openid_help_page {
+  source          = "./openid_help_page"
+  tls_secret_name = var.tls_secret_name
+  tls_crt         = var.tls_crt
+  tls_key         = var.tls_key
+}
+
+module pihole {
+  source       = "./pihole"
+  web_password = var.pihole_web_password
+
+  tls_secret_name = var.tls_secret_name
+  tls_crt         = var.tls_crt
+  tls_key         = var.tls_key
+
+  depends_on = [module.bind] # DNS goes like pihole -> bind -> dnscrypt
+}
+
+module privatebin {
+  source          = "./privatebin"
+  tls_secret_name = var.tls_secret_name
+  tls_crt         = var.tls_crt
+  tls_key         = var.tls_key
+}
+
+module webhook_handler {
+  source          = "./webhook_handler"
+  tls_secret_name = var.tls_secret_name
+  tls_crt         = var.tls_crt
+  tls_key         = var.tls_key
+  webhook_secret  = var.webhook_handler_secret
+}
+
+module wireguard {
+  source          = "./wireguard"
+  tls_secret_name = var.tls_secret_name
+  tls_crt         = var.tls_crt
+  tls_key         = var.tls_key
+  wg_0_conf       = var.wireguard_wg_0_conf
+  wg_0_key        = var.wireguard_wg_0_key
+  firewall_sh     = var.wireguard_firewall_sh
+}
diff --git a/modules/kubernetes/metallb/main.tf b/modules/kubernetes/metallb/main.tf
new file mode 100644
index 00000000..10b9079f
--- /dev/null
+++ b/modules/kubernetes/metallb/main.tf
@@ -0,0 +1,21 @@
+# Creates namespace and everythin needed
+module "metallb" {
+  source  = "colinwilson/metallb/kubernetes"
+  version = "0.1.5"
+}
+
+resource "kubernetes_config_map" "config" {
+  metadata {
+    name      = "config"
+    namespace = "metallb-system"
+  }
+  data = {
+    config = <<EOT
+address-pools:
+- name: default
+  protocol: layer2
+  addresses:
+  - 10.0.20.200-10.0.20.220
+EOT
+  }
+}
diff --git a/modules/kubernetes/monitoring/grafana_chart_values.yaml b/modules/kubernetes/monitoring/grafana_chart_values.yaml
new file mode 100644
index 00000000..1502ee25
--- /dev/null
+++ b/modules/kubernetes/monitoring/grafana_chart_values.yaml
@@ -0,0 +1,2051 @@
+deploymentStrategy:
+    type: Recreate
+persistence:
+  # storageClassName: rook-cephfs
+  enabled: true
+  existingClaim: "grafana-iscsi-pvc"
+ingress:
+  enabled: "true"
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+  tls:
+    - secretName: "tls-secret"
+      hosts:
+        - "grafana.viktorbarzin.me"
+  hosts:
+    - "grafana.viktorbarzin.me"
+sidecar:
+  datasources:
+    enabled: "true"
+  dashboards:
+    enabled: false
+    # label: "grafana_dashboard"
+    # folder: "/var/lib/grafana/dashboards"
+dashboardProviders:
+  dashboardproviders.yaml:
+    apiVersion: 1
+    name: default
+    ordId: 1
+    # folder: ""
+    type: "file"
+    # disableDeletion: "false"
+    # editable: "true"
+    options:
+      path: "/var/lib/grafana/dashboards/default"
+grafana.ini: 
+  auth.anonymous:
+    enabled: true
+    org_role: Viewer
+  analytics:
+    check_for_updates: "true"
+  grafana_net:
+    url: "https://grafana.net"
+  log:
+    mode: "console"
+  paths:
+    data: "/var/lib/grafana/data"
+    logs: "/var/log/grafana"
+    plugins: "/var/lib/grafana/plugins"
+    provisioning: "/etc/grafana/provisioning"
+dashboards:
+  default:
+    node_exporter:
+      # gnetId: 11074
+      # datasource: Prometheus
+      json: |-
+        {
+          "__inputs": [
+            {
+              "name": "DS_PROMETHEUS_111",
+              "label": "Prometheus Data Source",
+              "description": "Prometheus Data Source",
+              "type": "datasource",
+              "pluginId": "prometheus",
+              "pluginName": "Prometheus"
+            }
+          ],
+          "__requires": [
+            { "type": "panel", "id": "bargauge", "name": "Bar Gauge", "version": "" },
+            {
+              "type": "grafana",
+              "id": "grafana",
+              "name": "Grafana",
+              "version": "6.4.2"
+            },
+            { "type": "panel", "id": "graph", "name": "Graph", "version": "" },
+            {
+              "type": "datasource",
+              "id": "prometheus",
+              "name": "Prometheus",
+              "version": "1.0.0"
+            },
+            {
+              "type": "panel",
+              "id": "singlestat",
+              "name": "Singlestat",
+              "version": ""
+            },
+            { "type": "panel", "id": "table", "name": "Table", "version": "" }
+          ],
+          "annotations": {
+            "list": [
+              {
+                "builtIn": 1,
+                "datasource": "-- Grafana --",
+                "enable": true,
+                "hide": true,
+                "iconColor": "rgba(0, 211, 255, 1)",
+                "name": "Annotations & Alerts",
+                "type": "dashboard"
+              }
+            ]
+          },
+          "description": "【English version】Support Node Exporter v0.16 and above.Optimize the main metrics display. Includes: CPU, memory, disk IO, network, temperature and other monitoring metrics。https://github.com/starsliao/Prometheus",
+          "editable": true,
+          "gnetId": 11074,
+          "graphTooltip": 0,
+          "id": null,
+          "iteration": 1572697129883,
+          "links": [
+            {
+              "asDropdown": false,
+              "icon": "info",
+              "includeVars": false,
+              "tags": ["$node"],
+              "targetBlank": true,
+              "title": "Server IP：$node",
+              "type": "link",
+              "url": ""
+            },
+            {
+              "icon": "external link",
+              "tags": [],
+              "targetBlank": true,
+              "title": "Update node_exporter",
+              "tooltip": "",
+              "type": "link",
+              "url": "https://github.com/prometheus/node_exporter/releases"
+            },
+            {
+              "icon": "external link",
+              "tags": [],
+              "targetBlank": true,
+              "title": "Update Dashboards",
+              "tooltip": "",
+              "type": "link",
+              "url": "https://grafana.com/dashboards/11074"
+            },
+            {
+              "icon": "external link",
+              "tags": [],
+              "targetBlank": true,
+              "title": "StarsL's Blog",
+              "tooltip": "",
+              "type": "link",
+              "url": "https://starsl.cn"
+            }
+          ],
+          "panels": [
+            {
+              "cacheTimeout": null,
+              "colorBackground": false,
+              "colorPostfix": false,
+              "colorPrefix": false,
+              "colorValue": true,
+              "colors": [
+                "rgba(245, 54, 54, 0.9)",
+                "rgba(237, 129, 40, 0.89)",
+                "rgba(50, 172, 45, 0.97)"
+              ],
+              "datasource": "${DS_PROMETHEUS_111}",
+              "decimals": 1,
+              "description": "",
+              "format": "s",
+              "gauge": {
+                "maxValue": 100,
+                "minValue": 0,
+                "show": false,
+                "thresholdLabels": false,
+                "thresholdMarkers": true
+              },
+              "gridPos": { "h": 3, "w": 2, "x": 0, "y": 0 },
+              "hideTimeOverride": true,
+              "id": 15,
+              "interval": null,
+              "links": [],
+              "mappingType": 1,
+              "mappingTypes": [
+                { "name": "value to text", "value": 1 },
+                { "name": "range to text", "value": 2 }
+              ],
+              "maxDataPoints": 100,
+              "nullPointMode": "null",
+              "nullText": null,
+              "options": {},
+              "pluginVersion": "6.4.2",
+              "postfix": "",
+              "postfixFontSize": "50%",
+              "prefix": "",
+              "prefixFontSize": "50%",
+              "rangeMaps": [{ "from": "null", "text": "N/A", "to": "null" }],
+              "sparkline": {
+                "fillColor": "rgba(31, 118, 189, 0.18)",
+                "full": false,
+                "lineColor": "rgb(31, 120, 193)",
+                "show": false
+              },
+              "tableColumn": "",
+              "targets": [
+                {
+                  "expr": "sum(time() - node_boot_time_seconds{instance=~\"$node\"})",
+                  "format": "time_series",
+                  "hide": false,
+                  "instant": true,
+                  "intervalFactor": 1,
+                  "refId": "A",
+                  "step": 40
+                }
+              ],
+              "thresholds": "1,2",
+              "title": "System Uptime",
+              "type": "singlestat",
+              "valueFontSize": "100%",
+              "valueMaps": [{ "op": "=", "text": "N/A", "value": "null" }],
+              "valueName": "current"
+            },
+            {
+              "cacheTimeout": null,
+              "colorBackground": false,
+              "colorValue": true,
+              "colors": [
+                "rgba(245, 54, 54, 0.9)",
+                "rgba(237, 129, 40, 0.89)",
+                "rgba(50, 172, 45, 0.97)"
+              ],
+              "datasource": "${DS_PROMETHEUS_111}",
+              "decimals": 2,
+              "description": "",
+              "format": "bytes",
+              "gauge": {
+                "maxValue": 100,
+                "minValue": 0,
+                "show": false,
+                "thresholdLabels": false,
+                "thresholdMarkers": true
+              },
+              "gridPos": { "h": 3, "w": 2, "x": 2, "y": 0 },
+              "id": 75,
+              "interval": null,
+              "links": [],
+              "mappingType": 1,
+              "mappingTypes": [
+                { "name": "value to text", "value": 1 },
+                { "name": "range to text", "value": 2 }
+              ],
+              "maxDataPoints": 100,
+              "maxPerRow": 6,
+              "nullPointMode": "null",
+              "nullText": null,
+              "options": {},
+              "postfix": "",
+              "postfixFontSize": "70%",
+              "prefix": "",
+              "prefixFontSize": "50%",
+              "rangeMaps": [{ "from": "null", "text": "N/A", "to": "null" }],
+              "sparkline": {
+                "fillColor": "rgba(31, 118, 189, 0.18)",
+                "full": false,
+                "lineColor": "rgb(31, 120, 193)",
+                "show": false
+              },
+              "tableColumn": "",
+              "targets": [
+                {
+                  "expr": "sum(node_memory_MemTotal_bytes{instance=~\"$node\"})",
+                  "format": "time_series",
+                  "instant": true,
+                  "intervalFactor": 1,
+                  "legendFormat": "{{instance}}",
+                  "refId": "A",
+                  "step": 20
+                }
+              ],
+              "thresholds": "2,3",
+              "title": "Total RAM",
+              "type": "singlestat",
+              "valueFontSize": "80%",
+              "valueMaps": [{ "op": "=", "text": "N/A", "value": "null" }],
+              "valueName": "current"
+            },
+            {
+              "datasource": "${DS_PROMETHEUS_111}",
+              "gridPos": { "h": 6, "w": 4, "x": 4, "y": 0 },
+              "id": 177,
+              "options": {
+                "displayMode": "lcd",
+                "fieldOptions": {
+                  "calcs": ["last"],
+                  "defaults": {
+                    "mappings": [],
+                    "max": 100,
+                    "min": 0,
+                    "thresholds": [
+                      { "color": "green", "value": null },
+                      { "color": "#EAB839", "value": 60 },
+                      { "color": "red", "value": 80 }
+                    ],
+                    "title": "",
+                    "unit": "percent"
+                  },
+                  "override": {},
+                  "values": false
+                },
+                "orientation": "horizontal"
+              },
+              "pluginVersion": "6.4.2",
+              "targets": [
+                {
+                  "expr": "100 - (avg(irate(node_cpu_seconds_total{instance=~\"$node\",mode=\"idle\"}[30m])) * 100)",
+                  "instant": true,
+                  "legendFormat": "CPU Busy",
+                  "refId": "A"
+                },
+                {
+                  "expr": "avg(irate(node_cpu_seconds_total{instance=~\"$node\",mode=\"iowait\"}[30m])) * 100",
+                  "hide": true,
+                  "instant": true,
+                  "legendFormat": "Busy Iowait",
+                  "refId": "C"
+                },
+                {
+                  "expr": "(1 - (node_memory_MemAvailable_bytes{instance=~\"$node\"} / (node_memory_MemTotal_bytes{instance=~\"$node\"})))* 100",
+                  "instant": true,
+                  "legendFormat": "Used RAM Memory",
+                  "refId": "B"
+                },
+                {
+                  "expr": "100 - ((node_filesystem_avail_bytes{instance=~\"$node\",mountpoint=\"$maxmount\",fstype=~\"ext4|xfs\"} * 100) / node_filesystem_size_bytes {instance=~\"$node\",mountpoint=\"$maxmount\",fstype=~\"ext4|xfs\"})",
+                  "hide": false,
+                  "instant": true,
+                  "legendFormat": "Used Max Mount($maxmount)",
+                  "refId": "D"
+                },
+                {
+                  "expr": "(1 - (node_memory_SwapFree_bytes{instance=~\"$node\"} / node_memory_SwapTotal_bytes{instance=~\"$node\"})) * 100",
+                  "instant": true,
+                  "legendFormat": "Used SWAP",
+                  "refId": "E"
+                }
+              ],
+              "timeFrom": null,
+              "timeShift": null,
+              "title": "",
+              "type": "bargauge"
+            },
+            {
+              "columns": [],
+              "datasource": "${DS_PROMETHEUS_111}",
+              "fontSize": "110%",
+              "gridPos": { "h": 6, "w": 10, "x": 8, "y": 0 },
+              "id": 164,
+              "links": [],
+              "options": {},
+              "pageSize": null,
+              "scroll": true,
+              "showHeader": true,
+              "sort": { "col": 6, "desc": false },
+              "styles": [
+                {
+                  "alias": "Mounted on",
+                  "colorMode": null,
+                  "colors": [
+                    "rgba(50, 172, 45, 0.97)",
+                    "rgba(237, 129, 40, 0.89)",
+                    "rgba(245, 54, 54, 0.9)"
+                  ],
+                  "dateFormat": "YYYY-MM-DD HH:mm:ss",
+                  "decimals": 2,
+                  "mappingType": 1,
+                  "pattern": "mountpoint",
+                  "thresholds": [""],
+                  "type": "string",
+                  "unit": "bytes"
+                },
+                {
+                  "alias": "Avail",
+                  "colorMode": "value",
+                  "colors": [
+                    "rgba(245, 54, 54, 0.9)",
+                    "rgba(237, 129, 40, 0.89)",
+                    "rgba(50, 172, 45, 0.97)"
+                  ],
+                  "dateFormat": "YYYY-MM-DD HH:mm:ss",
+                  "decimals": 2,
+                  "mappingType": 1,
+                  "pattern": "Value #A",
+                  "thresholds": ["10000000000", "20000000000"],
+                  "type": "number",
+                  "unit": "bytes"
+                },
+                {
+                  "alias": "Used",
+                  "colorMode": "cell",
+                  "colors": [
+                    "rgba(50, 172, 45, 0.97)",
+                    "rgba(237, 129, 40, 0.89)",
+                    "rgba(245, 54, 54, 0.9)"
+                  ],
+                  "dateFormat": "YYYY-MM-DD HH:mm:ss",
+                  "decimals": 2,
+                  "mappingType": 1,
+                  "pattern": "Value #B",
+                  "thresholds": ["0.6", "0.8"],
+                  "type": "number",
+                  "unit": "percentunit"
+                },
+                {
+                  "alias": "Size",
+                  "colorMode": null,
+                  "colors": [
+                    "rgba(245, 54, 54, 0.9)",
+                    "rgba(237, 129, 40, 0.89)",
+                    "rgba(50, 172, 45, 0.97)"
+                  ],
+                  "dateFormat": "YYYY-MM-DD HH:mm:ss",
+                  "decimals": 1,
+                  "link": false,
+                  "mappingType": 1,
+                  "pattern": "Value #C",
+                  "thresholds": [],
+                  "type": "number",
+                  "unit": "bytes"
+                },
+                {
+                  "alias": "Filesystem",
+                  "colorMode": null,
+                  "colors": [
+                    "rgba(245, 54, 54, 0.9)",
+                    "rgba(237, 129, 40, 0.89)",
+                    "rgba(50, 172, 45, 0.97)"
+                  ],
+                  "dateFormat": "YYYY-MM-DD HH:mm:ss",
+                  "decimals": 2,
+                  "link": false,
+                  "mappingType": 1,
+                  "pattern": "fstype",
+                  "thresholds": [],
+                  "type": "string",
+                  "unit": "short"
+                },
+                {
+                  "alias": "IP",
+                  "colorMode": null,
+                  "colors": [
+                    "rgba(245, 54, 54, 0.9)",
+                    "rgba(237, 129, 40, 0.89)",
+                    "rgba(50, 172, 45, 0.97)"
+                  ],
+                  "dateFormat": "YYYY-MM-DD HH:mm:ss",
+                  "decimals": 2,
+                  "link": false,
+                  "mappingType": 1,
+                  "pattern": "instance",
+                  "preserveFormat": false,
+                  "sanitize": false,
+                  "thresholds": [],
+                  "type": "string",
+                  "unit": "short"
+                },
+                {
+                  "alias": "",
+                  "colorMode": null,
+                  "colors": [
+                    "rgba(245, 54, 54, 0.9)",
+                    "rgba(237, 129, 40, 0.89)",
+                    "rgba(50, 172, 45, 0.97)"
+                  ],
+                  "decimals": 2,
+                  "pattern": "/.*/",
+                  "preserveFormat": true,
+                  "sanitize": false,
+                  "thresholds": [],
+                  "type": "hidden",
+                  "unit": "short"
+                }
+              ],
+              "targets": [
+                {
+                  "expr": "node_filesystem_size_bytes{instance=~'$node',fstype=~\"ext4|xfs\"}-0",
+                  "format": "table",
+                  "hide": false,
+                  "instant": true,
+                  "intervalFactor": 1,
+                  "legendFormat": "",
+                  "refId": "C"
+                },
+                {
+                  "expr": "node_filesystem_avail_bytes {instance=~'$node',fstype=~\"ext4|xfs\"}-0",
+                  "format": "table",
+                  "hide": false,
+                  "instant": true,
+                  "interval": "10s",
+                  "intervalFactor": 1,
+                  "legendFormat": "",
+                  "refId": "A"
+                },
+                {
+                  "expr": "1-(node_filesystem_free_bytes{instance=~'$node',fstype=~\"ext4|xfs\"} / node_filesystem_size_bytes{instance=~'$node',fstype=~\"ext4|xfs\"})",
+                  "format": "table",
+                  "hide": false,
+                  "instant": true,
+                  "intervalFactor": 1,
+                  "legendFormat": "",
+                  "refId": "B"
+                }
+              ],
+              "title": "Disk Space Used Basic(EXT4/XFS)",
+              "transform": "table",
+              "type": "table"
+            },
+            {
+              "aliasColors": {
+                "filefd_192.168.200.241:9100": "super-light-green",
+                "switches_192.168.200.241:9100": "semi-dark-red"
+              },
+              "bars": false,
+              "cacheTimeout": null,
+              "dashLength": 10,
+              "dashes": false,
+              "datasource": "${DS_PROMETHEUS_111}",
+              "description": "",
+              "fill": 0,
+              "fillGradient": 1,
+              "gridPos": { "h": 6, "w": 6, "x": 18, "y": 0 },
+              "hideTimeOverride": false,
+              "id": 16,
+              "legend": {
+                "alignAsTable": false,
+                "avg": false,
+                "current": true,
+                "max": true,
+                "min": false,
+                "rightSide": false,
+                "show": true,
+                "total": false,
+                "values": true
+              },
+              "lines": true,
+              "linewidth": 2,
+              "links": [],
+              "nullPointMode": "null",
+              "options": { "dataLinks": [] },
+              "percentage": false,
+              "pluginVersion": "6.4.2",
+              "pointradius": 1,
+              "points": false,
+              "renderer": "flot",
+              "seriesOverrides": [
+                {
+                  "alias": "/filefd_.*/",
+                  "lines": false,
+                  "pointradius": 1,
+                  "points": true
+                },
+                { "alias": "/switches_.*/", "color": "#F2495C", "yaxis": 2 }
+              ],
+              "spaceLength": 10,
+              "stack": false,
+              "steppedLine": false,
+              "targets": [
+                {
+                  "expr": "node_filefd_allocated{instance=~\"$node\"}",
+                  "format": "time_series",
+                  "instant": false,
+                  "interval": "",
+                  "intervalFactor": 5,
+                  "legendFormat": "filefd_{{instance}}",
+                  "refId": "B"
+                },
+                {
+                  "expr": "irate(node_context_switches_total{instance=~\"$node\"}[30m])",
+                  "intervalFactor": 5,
+                  "legendFormat": "switches_{{instance}}",
+                  "refId": "A"
+                },
+                {
+                  "expr": "node_filefd_maximum{instance=~\"$node\"}",
+                  "hide": true,
+                  "refId": "C"
+                }
+              ],
+              "thresholds": [],
+              "timeFrom": null,
+              "timeRegions": [],
+              "timeShift": null,
+              "title": "Open  File Descriptor(left)/Context switches(right)",
+              "tooltip": { "shared": true, "sort": 2, "value_type": "individual" },
+              "type": "graph",
+              "xaxis": {
+                "buckets": null,
+                "mode": "time",
+                "name": null,
+                "show": true,
+                "values": []
+              },
+              "yaxes": [
+                {
+                  "format": "short",
+                  "label": "",
+                  "logBase": 1,
+                  "max": null,
+                  "min": null,
+                  "show": true
+                },
+                {
+                  "format": "short",
+                  "label": "context_switches",
+                  "logBase": 1,
+                  "max": null,
+                  "min": null,
+                  "show": true
+                }
+              ],
+              "yaxis": { "align": false, "alignLevel": null }
+            },
+            {
+              "cacheTimeout": null,
+              "colorBackground": false,
+              "colorPostfix": false,
+              "colorValue": true,
+              "colors": [
+                "rgba(245, 54, 54, 0.9)",
+                "rgba(237, 129, 40, 0.89)",
+                "rgba(50, 172, 45, 0.97)"
+              ],
+              "datasource": "${DS_PROMETHEUS_111}",
+              "description": "",
+              "format": "short",
+              "gauge": {
+                "maxValue": 100,
+                "minValue": 0,
+                "show": false,
+                "thresholdLabels": false,
+                "thresholdMarkers": true
+              },
+              "gridPos": { "h": 3, "w": 2, "x": 0, "y": 3 },
+              "id": 14,
+              "interval": null,
+              "links": [],
+              "mappingType": 1,
+              "mappingTypes": [
+                { "name": "value to text", "value": 1 },
+                { "name": "range to text", "value": 2 }
+              ],
+              "maxDataPoints": 100,
+              "maxPerRow": 6,
+              "nullPointMode": "null",
+              "nullText": null,
+              "options": {},
+              "postfix": "",
+              "postfixFontSize": "50%",
+              "prefix": "",
+              "prefixFontSize": "50%",
+              "rangeMaps": [{ "from": "null", "text": "N/A", "to": "null" }],
+              "sparkline": {
+                "fillColor": "rgba(31, 118, 189, 0.18)",
+                "full": false,
+                "lineColor": "rgb(31, 120, 193)",
+                "show": false
+              },
+              "tableColumn": "",
+              "targets": [
+                {
+                  "expr": "sum(count(node_cpu_seconds_total{instance=~\"$node\", mode='system'}) by (cpu))",
+                  "format": "time_series",
+                  "instant": true,
+                  "intervalFactor": 1,
+                  "legendFormat": "",
+                  "refId": "A",
+                  "step": 20
+                }
+              ],
+              "thresholds": "1,2",
+              "title": "CPU Cores",
+              "type": "singlestat",
+              "valueFontSize": "100%",
+              "valueMaps": [{ "op": "=", "text": "N/A", "value": "null" }],
+              "valueName": "current"
+            },
+            {
+              "cacheTimeout": null,
+              "colorBackground": false,
+              "colorValue": true,
+              "colors": ["#299c46", "rgba(237, 129, 40, 0.89)", "#d44a3a"],
+              "datasource": "${DS_PROMETHEUS_111}",
+              "decimals": 2,
+              "description": "",
+              "format": "percent",
+              "gauge": {
+                "maxValue": 100,
+                "minValue": 0,
+                "show": false,
+                "thresholdLabels": false,
+                "thresholdMarkers": true
+              },
+              "gridPos": { "h": 3, "w": 2, "x": 2, "y": 3 },
+              "id": 20,
+              "interval": null,
+              "links": [],
+              "mappingType": 1,
+              "mappingTypes": [
+                { "name": "value to text", "value": 1 },
+                { "name": "range to text", "value": 2 }
+              ],
+              "maxDataPoints": 100,
+              "nullPointMode": "connected",
+              "nullText": null,
+              "options": {},
+              "pluginVersion": "6.4.2",
+              "postfix": "",
+              "postfixFontSize": "50%",
+              "prefix": "",
+              "prefixFontSize": "50%",
+              "rangeMaps": [{ "from": "null", "text": "N/A", "to": "null" }],
+              "sparkline": {
+                "fillColor": "rgba(31, 118, 189, 0.18)",
+                "full": false,
+                "lineColor": "#3274D9",
+                "show": true,
+                "ymax": null,
+                "ymin": null
+              },
+              "tableColumn": "",
+              "targets": [
+                {
+                  "expr": "avg(irate(node_cpu_seconds_total{instance=~\"$node\",mode=\"iowait\"}[30m])) * 100",
+                  "format": "time_series",
+                  "hide": false,
+                  "instant": false,
+                  "interval": "",
+                  "intervalFactor": 1,
+                  "legendFormat": "",
+                  "refId": "A",
+                  "step": 20
+                }
+              ],
+              "thresholds": "20,50",
+              "timeFrom": null,
+              "timeShift": null,
+              "title": "CPU IOwait",
+              "type": "singlestat",
+              "valueFontSize": "100%",
+              "valueMaps": [{ "op": "=", "text": "N/A", "value": "null" }],
+              "valueName": "avg"
+            },
+            {
+              "aliasColors": {
+                "15分钟": "#6ED0E0",
+                "1分钟": "#BF1B00",
+                "5分钟": "#CCA300"
+              },
+              "bars": false,
+              "dashLength": 10,
+              "dashes": false,
+              "datasource": "${DS_PROMETHEUS_111}",
+              "editable": true,
+              "error": false,
+              "fill": 1,
+              "fillGradient": 1,
+              "grid": {},
+              "gridPos": { "h": 8, "w": 8, "x": 0, "y": 6 },
+              "height": "300",
+              "id": 13,
+              "legend": {
+                "alignAsTable": true,
+                "avg": true,
+                "current": true,
+                "max": true,
+                "min": false,
+                "rightSide": false,
+                "show": true,
+                "total": false,
+                "values": true
+              },
+              "lines": true,
+              "linewidth": 2,
+              "links": [],
+              "maxPerRow": 6,
+              "nullPointMode": "null as zero",
+              "options": { "dataLinks": [] },
+              "percentage": false,
+              "pointradius": 5,
+              "points": false,
+              "renderer": "flot",
+              "repeat": null,
+              "seriesOverrides": [],
+              "spaceLength": 10,
+              "stack": false,
+              "steppedLine": false,
+              "targets": [
+                {
+                  "expr": "node_load1{instance=~\"$node\"}",
+                  "format": "time_series",
+                  "instant": false,
+                  "interval": "",
+                  "intervalFactor": 1,
+                  "legendFormat": "{{instance}}_1m",
+                  "metric": "",
+                  "refId": "A",
+                  "step": 20,
+                  "target": ""
+                },
+                {
+                  "expr": "node_load5{instance=~\"$node\"}",
+                  "format": "time_series",
+                  "instant": false,
+                  "interval": "",
+                  "intervalFactor": 1,
+                  "legendFormat": "{{instance}}_5m",
+                  "refId": "B",
+                  "step": 20
+                },
+                {
+                  "expr": "node_load15{instance=~\"$node\"}",
+                  "format": "time_series",
+                  "instant": false,
+                  "interval": "",
+                  "intervalFactor": 1,
+                  "legendFormat": "{{instance}}_15m",
+                  "refId": "C",
+                  "step": 20
+                }
+              ],
+              "thresholds": [],
+              "timeFrom": null,
+              "timeRegions": [],
+              "timeShift": null,
+              "title": "System Load",
+              "tooltip": {
+                "msResolution": false,
+                "shared": true,
+                "sort": 2,
+                "value_type": "cumulative"
+              },
+              "type": "graph",
+              "xaxis": {
+                "buckets": null,
+                "mode": "time",
+                "name": null,
+                "show": true,
+                "values": []
+              },
+              "yaxes": [
+                {
+                  "format": "short",
+                  "logBase": 1,
+                  "max": null,
+                  "min": null,
+                  "show": true
+                },
+                {
+                  "format": "short",
+                  "logBase": 1,
+                  "max": null,
+                  "min": null,
+                  "show": true
+                }
+              ],
+              "yaxis": { "align": false, "alignLevel": null }
+            },
+            {
+              "aliasColors": {
+                "192.168.200.241:9100_Total": "dark-red",
+                "Idle - Waiting for something to happen": "#052B51",
+                "guest": "#9AC48A",
+                "idle": "#052B51",
+                "iowait": "#EAB839",
+                "irq": "#BF1B00",
+                "nice": "#C15C17",
+                "sdb_每秒I/O操作%": "#d683ce",
+                "softirq": "#E24D42",
+                "steal": "#FCE2DE",
+                "system": "#508642",
+                "user": "#5195CE",
+                "磁盘花费在I/O操作占比": "#ba43a9"
+              },
+              "bars": false,
+              "dashLength": 10,
+              "dashes": false,
+              "datasource": "${DS_PROMETHEUS_111}",
+              "decimals": 2,
+              "description": "",
+              "fill": 1,
+              "fillGradient": 0,
+              "gridPos": { "h": 8, "w": 8, "x": 8, "y": 6 },
+              "id": 7,
+              "legend": {
+                "alignAsTable": true,
+                "avg": true,
+                "current": true,
+                "hideEmpty": true,
+                "hideZero": true,
+                "max": true,
+                "min": false,
+                "rightSide": false,
+                "show": true,
+                "sideWidth": null,
+                "sort": "current",
+                "sortDesc": true,
+                "total": false,
+                "values": true
+              },
+              "lines": true,
+              "linewidth": 2,
+              "links": [],
+              "maxPerRow": 6,
+              "nullPointMode": "null",
+              "options": { "dataLinks": [] },
+              "percentage": false,
+              "pointradius": 5,
+              "points": false,
+              "renderer": "flot",
+              "repeat": null,
+              "seriesOverrides": [
+                { "alias": "/.*_Total/", "color": "#C4162A", "fill": 0 }
+              ],
+              "spaceLength": 10,
+              "stack": false,
+              "steppedLine": false,
+              "targets": [
+                {
+                  "expr": "avg(irate(node_cpu_seconds_total{instance=~\"$node\",mode=\"system\"}[30m])) by (instance)",
+                  "format": "time_series",
+                  "hide": false,
+                  "instant": false,
+                  "interval": "",
+                  "intervalFactor": 1,
+                  "legendFormat": "{{instance}}_System",
+                  "refId": "A",
+                  "step": 20
+                },
+                {
+                  "expr": "avg(irate(node_cpu_seconds_total{instance=~\"$node\",mode=\"user\"}[30m])) by (instance)",
+                  "format": "time_series",
+                  "hide": false,
+                  "intervalFactor": 1,
+                  "legendFormat": "{{instance}}_User",
+                  "refId": "B",
+                  "step": 240
+                },
+                {
+                  "expr": "avg(irate(node_cpu_seconds_total{instance=~\"$node\",mode=\"iowait\"}[30m])) by (instance)",
+                  "format": "time_series",
+                  "hide": false,
+                  "instant": false,
+                  "intervalFactor": 1,
+                  "legendFormat": "{{instance}}_Iowait",
+                  "refId": "D",
+                  "step": 240
+                },
+                {
+                  "expr": "1 - avg(irate(node_cpu_seconds_total{instance=~\"$node\",mode=\"idle\"}[30m])) by (instance)",
+                  "format": "time_series",
+                  "hide": false,
+                  "intervalFactor": 1,
+                  "legendFormat": "{{instance}}_Total",
+                  "refId": "F",
+                  "step": 240
+                }
+              ],
+              "thresholds": [],
+              "timeFrom": null,
+              "timeRegions": [],
+              "timeShift": null,
+              "title": "CPU Basic",
+              "tooltip": { "shared": true, "sort": 2, "value_type": "individual" },
+              "type": "graph",
+              "xaxis": {
+                "buckets": null,
+                "mode": "time",
+                "name": null,
+                "show": true,
+                "values": []
+              },
+              "yaxes": [
+                {
+                  "decimals": 2,
+                  "format": "percentunit",
+                  "label": "",
+                  "logBase": 1,
+                  "max": null,
+                  "min": null,
+                  "show": true
+                },
+                {
+                  "format": "short",
+                  "label": null,
+                  "logBase": 1,
+                  "max": null,
+                  "min": null,
+                  "show": false
+                }
+              ],
+              "yaxis": { "align": false, "alignLevel": null }
+            },
+            {
+              "aliasColors": {
+                "192.168.10.227:9100_em1_in下载": "super-light-green",
+                "192.168.10.227:9100_em1_out上传": "dark-blue"
+              },
+              "bars": false,
+              "dashLength": 10,
+              "dashes": false,
+              "datasource": "${DS_PROMETHEUS_111}",
+              "fill": 1,
+              "fillGradient": 3,
+              "gridPos": { "h": 8, "w": 8, "x": 16, "y": 6 },
+              "height": "300",
+              "id": 157,
+              "legend": {
+                "alignAsTable": true,
+                "avg": false,
+                "current": true,
+                "hideEmpty": true,
+                "hideZero": true,
+                "max": true,
+                "min": false,
+                "rightSide": false,
+                "show": true,
+                "sort": "current",
+                "sortDesc": true,
+                "total": false,
+                "values": true
+              },
+              "lines": true,
+              "linewidth": 2,
+              "links": [],
+              "nullPointMode": "null",
+              "options": { "dataLinks": [] },
+              "percentage": false,
+              "pointradius": 2,
+              "points": false,
+              "renderer": "flot",
+              "seriesOverrides": [
+                { "alias": "/.*_transmit$/", "transform": "negative-Y" }
+              ],
+              "spaceLength": 10,
+              "stack": false,
+              "steppedLine": false,
+              "targets": [
+                {
+                  "expr": "irate(node_network_receive_bytes_total{instance=~'$node',device!~'tap.*|veth.*|br.*|docker.*|virbr*|lo*'}[30m])*8",
+                  "format": "time_series",
+                  "intervalFactor": 1,
+                  "legendFormat": "{{instance}}_{{device}}_receive",
+                  "refId": "A",
+                  "step": 4
+                },
+                {
+                  "expr": "irate(node_network_transmit_bytes_total{instance=~'$node',device!~'tap.*|veth.*|br.*|docker.*|virbr*|lo*'}[30m])*8",
+                  "format": "time_series",
+                  "intervalFactor": 1,
+                  "legendFormat": "{{instance}}_{{device}}_transmit",
+                  "refId": "B",
+                  "step": 4
+                }
+              ],
+              "thresholds": [],
+              "timeFrom": null,
+              "timeRegions": [],
+              "timeShift": null,
+              "title": "Network Traffic Basic",
+              "tooltip": { "shared": true, "sort": 2, "value_type": "individual" },
+              "type": "graph",
+              "xaxis": {
+                "buckets": null,
+                "mode": "time",
+                "name": null,
+                "show": true,
+                "values": []
+              },
+              "yaxes": [
+                {
+                  "format": "bps",
+                  "label": "transmit（-）/receive（+）",
+                  "logBase": 1,
+                  "max": null,
+                  "min": null,
+                  "show": true
+                },
+                {
+                  "format": "short",
+                  "label": null,
+                  "logBase": 1,
+                  "max": null,
+                  "min": null,
+                  "show": false
+                }
+              ],
+              "yaxis": { "align": false, "alignLevel": null }
+            },
+            {
+              "aliasColors": {},
+              "bars": false,
+              "dashLength": 10,
+              "dashes": false,
+              "datasource": "${DS_PROMETHEUS_111}",
+              "fill": 1,
+              "fillGradient": 3,
+              "gridPos": { "h": 8, "w": 8, "x": 0, "y": 14 },
+              "id": 174,
+              "legend": {
+                "alignAsTable": true,
+                "avg": false,
+                "current": true,
+                "hideEmpty": false,
+                "hideZero": false,
+                "max": false,
+                "min": false,
+                "rightSide": false,
+                "show": true,
+                "sideWidth": null,
+                "total": false,
+                "values": true
+              },
+              "lines": true,
+              "linewidth": 2,
+              "links": [],
+              "nullPointMode": "null",
+              "options": { "dataLinks": [] },
+              "percentage": false,
+              "pointradius": 5,
+              "points": false,
+              "renderer": "flot",
+              "seriesOverrides": [{ "alias": "/Inodes.*/", "yaxis": 2 }],
+              "spaceLength": 10,
+              "stack": false,
+              "steppedLine": false,
+              "targets": [
+                {
+                  "expr": "1-(node_filesystem_free_bytes{instance=~'$node',fstype=~\"ext4|xfs\"} / node_filesystem_size_bytes{instance=~'$node',fstype=~\"ext4|xfs\"})",
+                  "format": "time_series",
+                  "instant": false,
+                  "intervalFactor": 1,
+                  "legendFormat": "{{instance}}：{{mountpoint}}",
+                  "refId": "A"
+                },
+                {
+                  "expr": "node_filesystem_files_free{instance=~'$node',fstype=~\"ext4|xfs\"} / node_filesystem_files{instance=~'$node',fstype=~\"ext4|xfs\"}",
+                  "hide": true,
+                  "legendFormat": "Inodes：{{instance}}：{{mountpoint}}",
+                  "refId": "B"
+                }
+              ],
+              "thresholds": [],
+              "timeFrom": null,
+              "timeRegions": [],
+              "timeShift": null,
+              "title": "Disk Space Used Basic",
+              "tooltip": { "shared": true, "sort": 2, "value_type": "individual" },
+              "type": "graph",
+              "xaxis": {
+                "buckets": null,
+                "mode": "time",
+                "name": null,
+                "show": true,
+                "values": []
+              },
+              "yaxes": [
+                {
+                  "decimals": 2,
+                  "format": "percentunit",
+                  "label": "",
+                  "logBase": 1,
+                  "max": null,
+                  "min": null,
+                  "show": true
+                },
+                {
+                  "decimals": 2,
+                  "format": "percentunit",
+                  "label": null,
+                  "logBase": 1,
+                  "max": "1",
+                  "min": null,
+                  "show": true
+                }
+              ],
+              "yaxis": { "align": false, "alignLevel": null }
+            },
+            {
+              "aliasColors": {
+                "192.168.200.241:9100_总内存": "dark-red",
+                "内存_Avaliable": "#6ED0E0",
+                "内存_Cached": "#EF843C",
+                "内存_Free": "#629E51",
+                "内存_Total": "#6d1f62",
+                "内存_Used": "#eab839",
+                "可用": "#9ac48a",
+                "总内存": "#bf1b00"
+              },
+              "bars": false,
+              "dashLength": 10,
+              "dashes": false,
+              "datasource": "${DS_PROMETHEUS_111}",
+              "decimals": 2,
+              "fill": 1,
+              "fillGradient": 0,
+              "gridPos": { "h": 8, "w": 8, "x": 8, "y": 14 },
+              "height": "300",
+              "id": 156,
+              "legend": {
+                "alignAsTable": true,
+                "avg": false,
+                "current": true,
+                "max": false,
+                "min": false,
+                "rightSide": false,
+                "show": true,
+                "sort": "current",
+                "sortDesc": true,
+                "total": false,
+                "values": true
+              },
+              "lines": true,
+              "linewidth": 2,
+              "links": [],
+              "nullPointMode": "null",
+              "options": { "dataLinks": [] },
+              "percentage": false,
+              "pointradius": 5,
+              "points": false,
+              "renderer": "flot",
+              "seriesOverrides": [
+                { "alias": "/.*_Total/", "color": "#C4162A", "fill": 0 }
+              ],
+              "spaceLength": 10,
+              "stack": false,
+              "steppedLine": false,
+              "targets": [
+                {
+                  "expr": "node_memory_MemTotal_bytes{instance=~\"$node\"}",
+                  "format": "time_series",
+                  "hide": false,
+                  "instant": false,
+                  "intervalFactor": 1,
+                  "legendFormat": "{{instance}}_Total",
+                  "refId": "A",
+                  "step": 4
+                },
+                {
+                  "expr": "node_memory_MemTotal_bytes{instance=~\"$node\"} - node_memory_MemAvailable_bytes{instance=~\"$node\"}",
+                  "format": "time_series",
+                  "hide": false,
+                  "intervalFactor": 1,
+                  "legendFormat": "{{instance}}_Used",
+                  "refId": "B",
+                  "step": 4
+                },
+                {
+                  "expr": "node_memory_MemAvailable_bytes{instance=~\"$node\"}",
+                  "format": "time_series",
+                  "hide": false,
+                  "interval": "",
+                  "intervalFactor": 1,
+                  "legendFormat": "{{instance}}_Avaliable",
+                  "refId": "F",
+                  "step": 4
+                }
+              ],
+              "thresholds": [],
+              "timeFrom": null,
+              "timeRegions": [],
+              "timeShift": null,
+              "title": "Memory Basic",
+              "tooltip": { "shared": true, "sort": 2, "value_type": "individual" },
+              "type": "graph",
+              "xaxis": {
+                "buckets": null,
+                "mode": "time",
+                "name": null,
+                "show": true,
+                "values": []
+              },
+              "yaxes": [
+                {
+                  "format": "bytes",
+                  "label": null,
+                  "logBase": 1,
+                  "max": null,
+                  "min": "0",
+                  "show": true
+                },
+                {
+                  "format": "short",
+                  "label": null,
+                  "logBase": 1,
+                  "max": null,
+                  "min": null,
+                  "show": true
+                }
+              ],
+              "yaxis": { "align": false, "alignLevel": null }
+            },
+            {
+              "aliasColors": {
+                "Idle - Waiting for something to happen": "#052B51",
+                "guest": "#9AC48A",
+                "idle": "#052B51",
+                "iowait": "#EAB839",
+                "irq": "#BF1B00",
+                "nice": "#C15C17",
+                "sdb_每秒I/O操作%": "#d683ce",
+                "softirq": "#E24D42",
+                "steal": "#FCE2DE",
+                "system": "#508642",
+                "user": "#5195CE",
+                "磁盘花费在I/O操作占比": "#ba43a9"
+              },
+              "bars": false,
+              "dashLength": 10,
+              "dashes": false,
+              "datasource": "${DS_PROMETHEUS_111}",
+              "decimals": null,
+              "description": "The time spent on I/O in the natural time of each second.（wall-clock time）",
+              "fill": 1,
+              "fillGradient": 5,
+              "gridPos": { "h": 8, "w": 8, "x": 16, "y": 14 },
+              "id": 175,
+              "legend": {
+                "alignAsTable": true,
+                "avg": true,
+                "current": true,
+                "hideEmpty": true,
+                "hideZero": true,
+                "max": true,
+                "min": false,
+                "rightSide": false,
+                "show": true,
+                "sideWidth": null,
+                "sort": null,
+                "sortDesc": null,
+                "total": false,
+                "values": true
+              },
+              "lines": true,
+              "linewidth": 2,
+              "links": [],
+              "maxPerRow": 6,
+              "nullPointMode": "null",
+              "options": { "dataLinks": [] },
+              "percentage": false,
+              "pointradius": 5,
+              "points": false,
+              "renderer": "flot",
+              "seriesOverrides": [],
+              "spaceLength": 10,
+              "stack": false,
+              "steppedLine": false,
+              "targets": [
+                {
+                  "expr": "irate(node_disk_io_time_seconds_total{instance=~\"$node\"}[30m])",
+                  "format": "time_series",
+                  "intervalFactor": 1,
+                  "legendFormat": "{{instance}}_{{device}}_ IO time",
+                  "refId": "C"
+                }
+              ],
+              "thresholds": [],
+              "timeFrom": null,
+              "timeRegions": [],
+              "timeShift": null,
+              "title": "Time Spent Doing I/Os",
+              "tooltip": { "shared": true, "sort": 2, "value_type": "individual" },
+              "type": "graph",
+              "xaxis": {
+                "buckets": null,
+                "mode": "time",
+                "name": null,
+                "show": true,
+                "values": []
+              },
+              "yaxes": [
+                {
+                  "decimals": null,
+                  "format": "s",
+                  "label": "",
+                  "logBase": 1,
+                  "max": null,
+                  "min": null,
+                  "show": true
+                },
+                {
+                  "format": "short",
+                  "label": null,
+                  "logBase": 1,
+                  "max": null,
+                  "min": null,
+                  "show": false
+                }
+              ],
+              "yaxis": { "align": false, "alignLevel": null }
+            },
+            {
+              "aliasColors": { "vda_write": "#6ED0E0" },
+              "bars": false,
+              "dashLength": 10,
+              "dashes": false,
+              "datasource": "${DS_PROMETHEUS_111}",
+              "description": "Read/write completions per second",
+              "fill": 1,
+              "fillGradient": 1,
+              "gridPos": { "h": 9, "w": 8, "x": 0, "y": 22 },
+              "height": "300",
+              "id": 161,
+              "legend": {
+                "alignAsTable": true,
+                "avg": true,
+                "current": true,
+                "hideEmpty": true,
+                "hideZero": true,
+                "max": true,
+                "min": false,
+                "show": true,
+                "sort": "current",
+                "sortDesc": true,
+                "total": false,
+                "values": true
+              },
+              "lines": true,
+              "linewidth": 2,
+              "links": [],
+              "nullPointMode": "null",
+              "options": { "dataLinks": [] },
+              "percentage": false,
+              "pointradius": 5,
+              "points": false,
+              "renderer": "flot",
+              "seriesOverrides": [
+                { "alias": "/.*_Reads completed$/", "transform": "negative-Y" }
+              ],
+              "spaceLength": 10,
+              "stack": false,
+              "steppedLine": false,
+              "targets": [
+                {
+                  "expr": "irate(node_disk_reads_completed_total{instance=~\"$node\"}[30m])",
+                  "format": "time_series",
+                  "hide": false,
+                  "interval": "",
+                  "intervalFactor": 1,
+                  "legendFormat": "{{instance}}_{{device}}_Reads completed",
+                  "refId": "A",
+                  "step": 10
+                },
+                {
+                  "expr": "irate(node_disk_writes_completed_total{instance=~\"$node\"}[30m])",
+                  "format": "time_series",
+                  "hide": false,
+                  "intervalFactor": 1,
+                  "legendFormat": "{{instance}}_{{device}}_Writes completed",
+                  "refId": "B",
+                  "step": 10
+                }
+              ],
+              "thresholds": [],
+              "timeFrom": null,
+              "timeRegions": [],
+              "timeShift": null,
+              "title": "Disk IOps Completed",
+              "tooltip": { "shared": true, "sort": 2, "value_type": "individual" },
+              "type": "graph",
+              "xaxis": {
+                "buckets": null,
+                "mode": "time",
+                "name": null,
+                "show": true,
+                "values": []
+              },
+              "yaxes": [
+                {
+                  "decimals": null,
+                  "format": "iops",
+                  "label": "IO read (-) / write (+)",
+                  "logBase": 1,
+                  "max": null,
+                  "min": null,
+                  "show": true
+                },
+                {
+                  "format": "short",
+                  "label": null,
+                  "logBase": 1,
+                  "max": null,
+                  "min": null,
+                  "show": true
+                }
+              ],
+              "yaxis": { "align": false, "alignLevel": null }
+            },
+            {
+              "aliasColors": { "vda_write": "#6ED0E0" },
+              "bars": false,
+              "dashLength": 10,
+              "dashes": false,
+              "datasource": "${DS_PROMETHEUS_111}",
+              "description": "Per second read / write bytes ",
+              "fill": 1,
+              "fillGradient": 1,
+              "gridPos": { "h": 9, "w": 8, "x": 8, "y": 22 },
+              "height": "300",
+              "id": 168,
+              "legend": {
+                "alignAsTable": true,
+                "avg": true,
+                "current": true,
+                "hideEmpty": true,
+                "hideZero": true,
+                "max": true,
+                "min": false,
+                "show": true,
+                "sort": "current",
+                "sortDesc": true,
+                "total": false,
+                "values": true
+              },
+              "lines": true,
+              "linewidth": 2,
+              "links": [],
+              "nullPointMode": "null",
+              "options": { "dataLinks": [] },
+              "percentage": false,
+              "pointradius": 5,
+              "points": false,
+              "renderer": "flot",
+              "seriesOverrides": [
+                { "alias": "/.*_Read bytes$/", "transform": "negative-Y" }
+              ],
+              "spaceLength": 10,
+              "stack": false,
+              "steppedLine": false,
+              "targets": [
+                {
+                  "expr": "irate(node_disk_read_bytes_total{instance=~\"$node\"}[30m])",
+                  "format": "time_series",
+                  "interval": "",
+                  "intervalFactor": 1,
+                  "legendFormat": "{{instance}}_{{device}}_Read bytes",
+                  "refId": "A",
+                  "step": 10
+                },
+                {
+                  "expr": "irate(node_disk_written_bytes_total{instance=~\"$node\"}[30m])",
+                  "format": "time_series",
+                  "hide": false,
+                  "intervalFactor": 1,
+                  "legendFormat": "{{instance}}_{{device}}_Written bytes",
+                  "refId": "B",
+                  "step": 10
+                }
+              ],
+              "thresholds": [],
+              "timeFrom": null,
+              "timeRegions": [],
+              "timeShift": null,
+              "title": "Disk R/W Data",
+              "tooltip": { "shared": true, "sort": 2, "value_type": "individual" },
+              "type": "graph",
+              "xaxis": {
+                "buckets": null,
+                "mode": "time",
+                "name": null,
+                "show": true,
+                "values": []
+              },
+              "yaxes": [
+                {
+                  "decimals": null,
+                  "format": "Bps",
+                  "label": "Bytes read (-) / write (+)",
+                  "logBase": 1,
+                  "max": null,
+                  "min": null,
+                  "show": true
+                },
+                {
+                  "format": "short",
+                  "label": null,
+                  "logBase": 1,
+                  "max": null,
+                  "min": null,
+                  "show": false
+                }
+              ],
+              "yaxis": { "align": false, "alignLevel": null }
+            },
+            {
+              "aliasColors": { "vda": "#6ED0E0" },
+              "bars": false,
+              "dashLength": 10,
+              "dashes": false,
+              "datasource": "${DS_PROMETHEUS_111}",
+              "description": "Time spent on each read/write operation",
+              "fill": 1,
+              "fillGradient": 1,
+              "gridPos": { "h": 9, "w": 8, "x": 16, "y": 22 },
+              "height": "300",
+              "id": 160,
+              "legend": {
+                "alignAsTable": true,
+                "avg": true,
+                "current": true,
+                "hideEmpty": true,
+                "hideZero": true,
+                "max": true,
+                "min": false,
+                "show": true,
+                "sort": "current",
+                "sortDesc": true,
+                "total": false,
+                "values": true
+              },
+              "lines": true,
+              "linewidth": 2,
+              "links": [],
+              "nullPointMode": "null as zero",
+              "options": { "dataLinks": [] },
+              "percentage": false,
+              "pointradius": 5,
+              "points": false,
+              "renderer": "flot",
+              "seriesOverrides": [
+                { "alias": "/,*_Read time$/", "transform": "negative-Y" }
+              ],
+              "spaceLength": 10,
+              "stack": false,
+              "steppedLine": false,
+              "targets": [
+                {
+                  "expr": "irate(node_disk_read_time_seconds_total{instance=~\"$node\"}[30m]) / irate(node_disk_reads_completed_total{instance=~\"$node\"}[30m])",
+                  "format": "time_series",
+                  "hide": false,
+                  "instant": false,
+                  "interval": "",
+                  "intervalFactor": 1,
+                  "legendFormat": "{{instance}}_{{device}}_Read time",
+                  "refId": "B"
+                },
+                {
+                  "expr": "irate(node_disk_write_time_seconds_total{instance=~\"$node\"}[30m]) / irate(node_disk_writes_completed_total{instance=~\"$node\"}[30m])",
+                  "format": "time_series",
+                  "hide": false,
+                  "instant": false,
+                  "intervalFactor": 1,
+                  "legendFormat": "{{instance}}_{{device}}_Write time",
+                  "refId": "C"
+                }
+              ],
+              "thresholds": [],
+              "timeFrom": null,
+              "timeRegions": [],
+              "timeShift": null,
+              "title": "Disk R/W Time(Reference: less than 100ms)(beta)",
+              "tooltip": { "shared": true, "sort": 2, "value_type": "individual" },
+              "type": "graph",
+              "xaxis": {
+                "buckets": null,
+                "mode": "time",
+                "name": null,
+                "show": true,
+                "values": []
+              },
+              "yaxes": [
+                {
+                  "format": "s",
+                  "label": "Time. read (-) / write (+)",
+                  "logBase": 1,
+                  "max": null,
+                  "min": null,
+                  "show": true
+                },
+                {
+                  "format": "short",
+                  "label": null,
+                  "logBase": 1,
+                  "max": null,
+                  "min": null,
+                  "show": false
+                }
+              ],
+              "yaxis": { "align": false, "alignLevel": null }
+            },
+            {
+              "aliasColors": { "TCP": "#6ED0E0" },
+              "bars": false,
+              "dashLength": 10,
+              "dashes": false,
+              "datasource": "${DS_PROMETHEUS_111}",
+              "description": "TCP_alloc - Allocated sockets\n\nCurrEstab - TCP connections for which the current state is either ESTABLISHED or CLOSE- WAIT\n\nTCP_tw - Sockets wating close\n\nUDP_inuse - Udp sockets currently in use\n\nSockets_used - Sockets currently in use",
+              "fill": 1,
+              "fillGradient": 0,
+              "gridPos": { "h": 12, "w": 12, "x": 0, "y": 31 },
+              "height": "300",
+              "id": 158,
+              "interval": "",
+              "legend": {
+                "alignAsTable": true,
+                "avg": true,
+                "current": true,
+                "hideEmpty": true,
+                "hideZero": true,
+                "max": true,
+                "min": false,
+                "rightSide": false,
+                "show": true,
+                "sort": "current",
+                "sortDesc": true,
+                "total": false,
+                "values": true
+              },
+              "lines": true,
+              "linewidth": 2,
+              "links": [],
+              "nullPointMode": "null",
+              "options": { "dataLinks": [] },
+              "percentage": false,
+              "pointradius": 5,
+              "points": false,
+              "renderer": "flot",
+              "seriesOverrides": [
+                { "alias": "/.*_Sockets_used/", "color": "#C4162A", "fill": 0 }
+              ],
+              "spaceLength": 10,
+              "stack": false,
+              "steppedLine": false,
+              "targets": [
+                {
+                  "expr": "node_netstat_Tcp_CurrEstab{instance=~'$node'}",
+                  "format": "time_series",
+                  "hide": false,
+                  "instant": false,
+                  "interval": "",
+                  "intervalFactor": 1,
+                  "legendFormat": "{{instance}}_CurrEstab",
+                  "refId": "A",
+                  "step": 20
+                },
+                {
+                  "expr": "node_sockstat_TCP_tw{instance=~'$node'}",
+                  "format": "time_series",
+                  "intervalFactor": 1,
+                  "legendFormat": "{{instance}}_TCP_tw",
+                  "refId": "D"
+                },
+                {
+                  "expr": "node_sockstat_sockets_used{instance=~'$node'}",
+                  "legendFormat": "{{instance}}_Sockets_used",
+                  "refId": "B"
+                },
+                {
+                  "expr": "node_sockstat_UDP_inuse{instance=~'$node'}",
+                  "legendFormat": "{{instance}}_UDP_inuse",
+                  "refId": "C"
+                },
+                {
+                  "expr": "node_sockstat_TCP_alloc{instance=~'$node'}",
+                  "legendFormat": "{{instance}}_TCP_alloc",
+                  "refId": "E"
+                }
+              ],
+              "thresholds": [],
+              "timeFrom": null,
+              "timeRegions": [],
+              "timeShift": null,
+              "title": "Network Sockstat",
+              "tooltip": { "shared": true, "sort": 2, "value_type": "individual" },
+              "type": "graph",
+              "xaxis": {
+                "buckets": null,
+                "mode": "time",
+                "name": null,
+                "show": true,
+                "values": []
+              },
+              "yaxes": [
+                {
+                  "format": "short",
+                  "label": null,
+                  "logBase": 1,
+                  "max": null,
+                  "min": null,
+                  "show": true
+                },
+                {
+                  "format": "short",
+                  "label": null,
+                  "logBase": 1,
+                  "max": null,
+                  "min": null,
+                  "show": true
+                }
+              ],
+              "yaxis": { "align": false, "alignLevel": null }
+            },
+            {
+              "aliasColors": {},
+              "bars": false,
+              "dashLength": 10,
+              "dashes": false,
+              "datasource": "${DS_PROMETHEUS_111}",
+              "description": "",
+              "fill": 0,
+              "fillGradient": 1,
+              "gridPos": { "h": 12, "w": 12, "x": 12, "y": 31 },
+              "id": 169,
+              "legend": {
+                "alignAsTable": true,
+                "avg": true,
+                "current": true,
+                "hideEmpty": true,
+                "hideZero": true,
+                "max": true,
+                "min": false,
+                "rightSide": false,
+                "show": true,
+                "sideWidth": null,
+                "sort": "current",
+                "sortDesc": true,
+                "total": false,
+                "values": true
+              },
+              "lines": true,
+              "linewidth": 2,
+              "links": [],
+              "nullPointMode": "null",
+              "options": { "dataLinks": [] },
+              "percentage": false,
+              "pointradius": 0.5,
+              "points": false,
+              "renderer": "flot",
+              "seriesOverrides": [],
+              "spaceLength": 10,
+              "stack": false,
+              "steppedLine": false,
+              "targets": [
+                {
+                  "expr": "node_hwmon_temp_celsius{instance=~'$node'}",
+                  "format": "time_series",
+                  "intervalFactor": 10,
+                  "legendFormat": "{{instance}}_{{chip}}_{{sensor}}",
+                  "refId": "A"
+                }
+              ],
+              "thresholds": [],
+              "timeFrom": null,
+              "timeRegions": [],
+              "timeShift": null,
+              "title": "Hardware Temperature(VM may not display the metrics)",
+              "tooltip": { "shared": true, "sort": 2, "value_type": "individual" },
+              "type": "graph",
+              "xaxis": {
+                "buckets": null,
+                "mode": "time",
+                "name": null,
+                "show": true,
+                "values": []
+              },
+              "yaxes": [
+                {
+                  "format": "celsius",
+                  "label": null,
+                  "logBase": 1,
+                  "max": null,
+                  "min": null,
+                  "show": true
+                },
+                {
+                  "format": "short",
+                  "label": null,
+                  "logBase": 1,
+                  "max": null,
+                  "min": null,
+                  "show": true
+                }
+              ],
+              "yaxis": { "align": false, "alignLevel": null }
+            }
+          ],
+          "refresh": false,
+          "schemaVersion": 20,
+          "style": "dark",
+          "tags": ["Prometheus", "node_exporter", "StarsL.cn"],
+          "templating": {
+            "list": [
+              {
+                "allValue": null,
+                "current": {},
+                "datasource": "${DS_PROMETHEUS_111}",
+                "definition": "label_values(node_uname_info, job)",
+                "hide": 0,
+                "includeAll": false,
+                "label": "JOB",
+                "multi": false,
+                "name": "job",
+                "options": [],
+                "query": "label_values(node_uname_info, job)",
+                "refresh": 1,
+                "regex": "",
+                "skipUrlSync": false,
+                "sort": 1,
+                "tagValuesQuery": "",
+                "tags": [],
+                "tagsQuery": "",
+                "type": "query",
+                "useTags": false
+              },
+              {
+                "allValue": null,
+                "current": {},
+                "datasource": "${DS_PROMETHEUS_111}",
+                "definition": "label_values(node_uname_info{job=~\"$job\"}, nodename)",
+                "hide": 0,
+                "includeAll": true,
+                "label": "Host",
+                "multi": true,
+                "name": "hostname",
+                "options": [],
+                "query": "label_values(node_uname_info{job=~\"$job\"}, nodename)",
+                "refresh": 1,
+                "regex": "",
+                "skipUrlSync": false,
+                "sort": 0,
+                "tagValuesQuery": "",
+                "tags": [],
+                "tagsQuery": "",
+                "type": "query",
+                "useTags": false
+              },
+              {
+                "allFormat": "glob",
+                "allValue": null,
+                "current": {},
+                "datasource": "${DS_PROMETHEUS_111}",
+                "definition": "label_values(node_uname_info{nodename=~\"$hostname\"},instance)",
+                "hide": 0,
+                "includeAll": true,
+                "label": "IP",
+                "multi": false,
+                "multiFormat": "regex values",
+                "name": "node",
+                "options": [],
+                "query": "label_values(node_uname_info{nodename=~\"$hostname\"},instance)",
+                "refresh": 2,
+                "regex": "",
+                "skipUrlSync": false,
+                "sort": 1,
+                "tagValuesQuery": "",
+                "tags": [],
+                "tagsQuery": "",
+                "type": "query",
+                "useTags": false
+              },
+              {
+                "allValue": null,
+                "current": {},
+                "datasource": "${DS_PROMETHEUS_111}",
+                "definition": "",
+                "hide": 2,
+                "includeAll": false,
+                "label": "",
+                "multi": false,
+                "name": "maxmount",
+                "options": [],
+                "query": "query_result(topk(1,sort_desc (max(node_filesystem_size_bytes{instance=~'$node',fstype=~\"ext4|xfs\"}) by (mountpoint))))",
+                "refresh": 2,
+                "regex": "/.*\\\"(.*)\\\".*/",
+                "skipUrlSync": false,
+                "sort": 0,
+                "tagValuesQuery": "",
+                "tags": [],
+                "tagsQuery": "",
+                "type": "query",
+                "useTags": false
+              },
+              {
+                "allFormat": "glob",
+                "allValue": null,
+                "current": {},
+                "datasource": "${DS_PROMETHEUS_111}",
+                "definition": "",
+                "hide": 2,
+                "includeAll": false,
+                "label": "环境",
+                "multi": false,
+                "multiFormat": "regex values",
+                "name": "env",
+                "options": [],
+                "query": "label_values(node_exporter_build_info,env)",
+                "refresh": 2,
+                "regex": "",
+                "skipUrlSync": false,
+                "sort": 1,
+                "tagValuesQuery": "",
+                "tags": [],
+                "tagsQuery": "",
+                "type": "query",
+                "useTags": false
+              },
+              {
+                "allFormat": "glob",
+                "allValue": "",
+                "current": {},
+                "datasource": "${DS_PROMETHEUS_111}",
+                "definition": "label_values(node_exporter_build_info{env=~'$env'},name)",
+                "hide": 2,
+                "includeAll": false,
+                "label": "名称",
+                "multi": true,
+                "multiFormat": "regex values",
+                "name": "name",
+                "options": [],
+                "query": "label_values(node_exporter_build_info{env=~'$env'},name)",
+                "refresh": 2,
+                "regex": "",
+                "skipUrlSync": false,
+                "sort": 1,
+                "tagValuesQuery": "/.*/",
+                "tags": [],
+                "tagsQuery": "",
+                "type": "query",
+                "useTags": false
+              }
+            ]
+          },
+          "time": { "from": "now-2d", "to": "now" },
+          "timepicker": {
+            "now": true,
+            "refresh_intervals": [
+              "5s",
+              "10s",
+              "30s",
+              "1m",
+              "5m",
+              "15m",
+              "30m",
+              "1h",
+              "2h",
+              "1d"
+            ],
+            "time_options": ["5m", "15m", "1h", "6h", "12h", "24h", "2d", "7d", "30d"]
+          },
+          "timezone": "browser",
+          "title": "1  Node Exporter for Prometheus Dashboard EN v20191102",
+          "uid": "hb7fSE0Zz",
+          "version": 13
+        }
+
+# url: https://grafana.com/api/dashboards/11074/revisions/2/download
+# datasources:
+#   - name: Prometheus
+#     url: http://prometheus-server
diff --git a/modules/kubernetes/monitoring/main.tf b/modules/kubernetes/monitoring/main.tf
new file mode 100644
index 00000000..166999ff
--- /dev/null
+++ b/modules/kubernetes/monitoring/main.tf
@@ -0,0 +1,148 @@
+variable "tls_secret_name" {}
+variable "tls_crt" {}
+variable "tls_key" {}
+variable "alertmanager_account_password" {}
+
+module "tls_secret" {
+  source          = "../setup_tls_secret"
+  namespace       = "monitoring"
+  tls_secret_name = var.tls_secret_name
+  tls_crt         = var.tls_crt
+  tls_key         = var.tls_key
+}
+
+resource "helm_release" "prometheus" {
+  namespace        = "monitoring"
+  create_namespace = true
+  name             = "prometheus"
+
+  repository = "https://prometheus-community.github.io/helm-charts"
+  chart      = "prometheus"
+
+  values = [templatefile("${path.module}/prometheus_chart_values.tpl", { alertmanager_mail_pass = var.alertmanager_account_password })]
+}
+
+# Terraform get angry with the 30k values file :/ use ansible until solved
+# resource "helm_release" "prometheus_snmp_exporter" {
+#   namespace        = "monitoring"
+#   create_namespace = true
+#   name             = "prometheus_exporter"
+
+#   repository = "https://prometheus-community.github.io/helm-charts"
+#   chart      = "prometheus-snmp-exporter"
+
+#   values = [file("${path.module}/prometheus_snmp_chart_values.yaml")]
+# }
+
+resource "kubernetes_secret" "prometheus_grafana_datasource" {
+  metadata {
+    name      = "prometheus-grafana-datasource"
+    namespace = "monitoring"
+
+    labels = {
+      grafana_datasource = "1"
+    }
+  }
+
+  data = {
+    "datasource.yaml" = <<EOT
+# config file version
+apiVersion: 1
+
+# list of datasources that should be deleted from the database
+#deleteDatasources:
+# - name: Prometheus
+#   orgId: 1
+
+# list of datasources to insert/update depending
+# whats available in the database
+datasources:
+  # <string, required> name of the datasource. Required
+- name: Prometheus
+  # <string, required> datasource type. Required
+  type: prometheus
+  # <string, required> access mode. proxy or direct (Server or Browser in the UI). Required
+  access: proxy
+  # <int> org id. will default to orgId 1 if not specified
+  orgId: 1
+  # <string> url
+  url: http://prometheus-server
+  # <string> database password, if used
+  password:
+  # <string> database user, if used
+  user:
+  # <string> database name, if used
+  database:
+  # <bool> enable/disable basic auth
+  basicAuth:
+  # <string> basic auth username
+  basicAuthUser:
+  # <string> basic auth password
+  basicAuthPassword:
+  # <bool> enable/disable with credentials headers
+  withCredentials:
+  # <bool> mark as default datasource. Max one per org
+  isDefault:
+  # <map> fields that will be converted to json and stored in json_data
+  #jsonData:
+  #  graphiteVersion: \"1.1\"
+  #  tlsAuth: true
+  #  tlsAuthWithCACert: true
+  # <string> json object of data that will be encrypted.
+  #secureJsonData:
+  #  tlsCACert: \"...\"
+  #  tlsClientCert: \"...\"
+  #  tlsClientKey: \"...\"
+  version: 1
+  # <bool> allow users to edit datasources from the UI.
+  editable: false
+  EOT
+  }
+
+  type = "Opaque"
+}
+
+resource "kubernetes_persistent_volume" "prometheus_grafana_pv" {
+  metadata {
+    name = "grafana-iscsi-pv"
+  }
+  spec {
+    capacity = {
+      "storage" = "2Gi"
+    }
+    access_modes = ["ReadWriteOnce"]
+    persistent_volume_source {
+      iscsi {
+        target_portal = "iscsi.viktorbarzin.lan:3260"
+        iqn           = "iqn.2020-12.lan.viktorbarzin:storage:monitoring:grafana"
+        lun           = 0
+        fs_type       = "ext4"
+      }
+    }
+  }
+}
+resource "kubernetes_persistent_volume_claim" "prometheus_grafana_pvc" {
+  metadata {
+    name      = "grafana-iscsi-pvc"
+    namespace = "monitoring"
+  }
+  spec {
+    access_modes = ["ReadWriteOnce"]
+    resources {
+      requests = {
+        "storage" = "2Gi"
+      }
+    }
+  }
+}
+
+resource "helm_release" "grafana" {
+  namespace        = "monitoring"
+  create_namespace = true
+  name             = "grafana"
+
+  repository = "https://grafana.github.io/helm-charts"
+  chart      = "grafana"
+
+  values = [file("${path.module}/grafana_chart_values.yaml")]
+}
diff --git a/modules/kubernetes/monitoring/prometheus_chart_values.tpl b/modules/kubernetes/monitoring/prometheus_chart_values.tpl
new file mode 100644
index 00000000..7c32778c
--- /dev/null
+++ b/modules/kubernetes/monitoring/prometheus_chart_values.tpl
@@ -0,0 +1,176 @@
+# Helm values
+# all values - https://github.com/prometheus-community/helm-charts/blob/main/charts/prometheus/values.yaml
+alertmanager:
+  persistentVolume:
+    # enabled: false
+    existingClaim: alertmanager-iscsi-pvc
+    # storageClass: rook-cephfs
+  strategy:
+    type: Recreate
+  ingress:
+    enabled: "true"
+    annotations:
+      kubernetes.io/ingress.class: nginx
+      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+      # Enable client certificate authentication
+      nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
+      # Create the secret containing the trusted ca certificates
+      nginx.ingress.kubernetes.io/auth-tls-secret: "default/ca-secret"
+    tls:
+      - secretName: "tls-secret"
+        hosts:
+          - "alertmanager.viktorbarzin.me"
+    hosts:
+      - "alertmanager.viktorbarzin.me"
+alertmanagerFiles:
+  alertmanager.yml:
+    global:
+      smtp_from: "alertmanager@viktorbarzin.me" 
+      # smtp_smarthost: "smtp.viktorbarzin.me:587"
+      smtp_smarthost: "mailserver.mailserver.svc.cluster.local:587"
+      smtp_auth_username: "alertmanager@viktorbarzin.me"
+      smtp_auth_password: "${alertmanager_mail_pass}"
+      smtp_require_tls: true
+    templates:
+      - "/etc/alertmanager/template/*.tmpl"
+    route:
+      group_by: ["alertname"]
+      group_wait: 3s
+      group_interval: 5s
+      repeat_interval: 1h
+      receiver: SMTP_STARTTLS
+    receivers:
+      - name: 'SMTP_STARTTLS'
+        email_configs:
+          - to: "me@viktorbarzin.me"
+            send_resolved: true
+            tls_config:
+              insecure_skip_verify: true
+
+server:
+  # Enable me to delete metrics
+  # extraFlags:
+  #   - "web.enable-admin-api"
+  persistentVolume:
+    # enabled: false
+    existingClaim: prometheus-iscsi-pvc
+    # storageClass: rook-cephfs
+  retention: "12w" # ~100GB storage
+  strategy:
+    type: Recreate
+  ingress:
+    enabled: "true"
+    annotations:
+      kubernetes.io/ingress.class: nginx
+      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+      # Enable client certificate authentication
+      nginx.ingress.kubernetes.io/auth-tls-verify-client: "on"
+      # Create the secret containing the trusted ca certificates
+      nginx.ingress.kubernetes.io/auth-tls-secret: "default/ca-secret"
+    tls:
+      - secretName: "tls-secret"
+        hosts:
+          - "prometheus.viktorbarzin.me"
+    hosts:
+      - "prometheus.viktorbarzin.me"
+  alertmanagers:
+    - static_configs:
+        - targets: 
+          - "prometheus-alertmanager.monitoring.svc.cluster.local"
+          # - "alertmanager.viktorbarzin.me"
+      tls_config:
+        insecure_skip_verify: true
+
+serverFiles:
+  # prometheus.yml: 
+  #   alertingaaa:
+  #     alertmanagers:
+  #       - static_configs:
+  #           targets: "alertmanager.viktorbarzin.lan"
+  alerting_rules.yml:
+    groups:
+      - name: NodeDown
+        rules:
+        - alert: NodeDown
+          expr: up{job="kubernetes-nodes"} == 0
+          for: 1m
+          labels:
+            severity: page
+          annotations:
+            summary: Node down.
+      - name: NodeHighCPUUsage
+        rules:
+        - alert: NodeHighCPUUsage
+          expr: node_load1 > 2
+          # for: 10m
+          for: 1m # DEBUG
+          labels:
+            severity: page
+          annotations:
+            summary: High CPU usage on node.
+      # - name: PodStuckNotReady
+      #   rules:
+      #   - alert: PodStuckNotReady
+      #     expr: kube_pod_status_ready{condition="true"} == 0
+      #     for: 5m
+      #     labels:
+      #       severity: page
+      #     annotations:
+      #       summary: Pod stuck not ready.
+      - name: ReadyPodsInDeploymentLessThanSpec
+        rules:
+        - alert: ReadyPodsInDeploymentLessThanSpec
+          expr: kube_deployment_status_replicas_available - on(namespace, deployment) kube_deployment_spec_replicas < 0
+          for: 10m
+          labels:
+            severity: page
+          annotations:
+            summary: Number of ready pods in deployment is less than what is defined in spec.
+      - name: PowerOutage
+        rules:
+        - alert: PowerOutage
+          expr:   r730_idrac_powerSupplyCurrentInputVoltage < 200
+          labels:
+            severity: page
+          annotations:
+            summary: Power voltage on a power supply is critically low indicating power outage.
+          
+extraScrapeConfigs: |
+  - job_name: 'snmp-idrac'
+    static_configs:
+        - targets:
+          - "idrac.viktorbarzin.lan:161"
+    metrics_path: '/snmp'
+    params:
+      module: [dell_idrac]
+    relabel_configs:
+      - source_labels: [__address__]
+        target_label: __param_target
+      - source_labels: [__param_target]
+        target_label: instance
+      - target_label: __address__
+        replacement: 'prometheus-snmp-exporter.monitoring.svc.cluster.local:9116'
+    metric_relabel_configs:
+      - source_labels: [ __name__ ]
+        target_label: '__name__'
+        action: replace
+        regex: '(.*)'
+        replacement: 'r730_idrac_${1}'
+  - job_name: 'openwrt'
+    static_configs:
+        - targets:
+          - "home.viktorbarzin.lan:9100"
+    metrics_path: '/metrics'
+    relabel_configs:
+      - source_labels: [__address__]
+        target_label: __param_target
+      - source_labels: [__param_target]
+        target_label: instance
+      - target_label: __address__
+        replacement: 'home.viktorbarzin.lan:9100'
+    metric_relabel_configs:
+      - source_labels: [ __name__ ]
+        target_label: '__name__'
+        action: replace
+        regex: '(.*)'
+        replacement: 'openwrt_${1}'
diff --git a/modules/kubernetes/openid_help_page/main.tf b/modules/kubernetes/openid_help_page/main.tf
new file mode 100644
index 00000000..0d9c16eb
--- /dev/null
+++ b/modules/kubernetes/openid_help_page/main.tf
@@ -0,0 +1,112 @@
+variable "tls_secret_name" {}
+variable "tls_crt" {}
+variable "tls_key" {}
+
+resource "kubernetes_namespace" "openid_help_page" {
+  metadata {
+    name = "openid-help-page"
+  }
+}
+
+module "tls_secret" {
+  source          = "../setup_tls_secret"
+  namespace       = "openid-help-page"
+  tls_secret_name = var.tls_secret_name
+  tls_crt         = var.tls_crt
+  tls_key         = var.tls_key
+}
+
+resource "kubernetes_deployment" "openid_help_page" {
+  metadata {
+    name      = "openid-help-page"
+    namespace = "openid-help-page"
+    labels = {
+      app = "openid-help-page"
+    }
+  }
+  spec {
+    replicas = 3
+    selector {
+      match_labels = {
+        app = "openid-help-page"
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          app = "openid-help-page"
+        }
+      }
+      spec {
+        container {
+          image = "viktorbarzin/openid-create-account-help-webpage:latest"
+          name  = "openid-help-page"
+          resources {
+            limits = {
+              cpu    = "0.5"
+              memory = "512Mi"
+            }
+            requests = {
+              cpu    = "250m"
+              memory = "50Mi"
+            }
+          }
+          port {
+            container_port = 80
+          }
+        }
+      }
+    }
+  }
+}
+
+resource "kubernetes_service" "openid_help_page" {
+  metadata {
+    name      = "openid-help-page"
+    namespace = "openid-help-page"
+  }
+
+  spec {
+    port {
+      name        = "service-port"
+      protocol    = "TCP"
+      port        = 80
+      target_port = "80"
+    }
+
+    selector = {
+      app = "openid-help-page"
+    }
+    type             = "ClusterIP"
+    session_affinity = "None"
+  }
+}
+
+resource "kubernetes_ingress" "openid_help_page" {
+  metadata {
+    name      = "openid-help-page"
+    namespace = "openid-help-page"
+    annotations = {
+      "kubernetes.io/ingress.class" = "nginx"
+    }
+  }
+
+  spec {
+    tls {
+      hosts       = ["kubectl.viktorbarzin.me"]
+      secret_name = var.tls_secret_name
+    }
+    rule {
+      host = "kubectl.viktorbarzin.me"
+      http {
+        path {
+          path = "/"
+          backend {
+            service_name = "openid-help-page"
+            service_port = "80"
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/modules/kubernetes/pihole/main.tf b/modules/kubernetes/pihole/main.tf
new file mode 100644
index 00000000..71e810df
--- /dev/null
+++ b/modules/kubernetes/pihole/main.tf
@@ -0,0 +1,200 @@
+variable "tls_secret_name" {}
+variable "tls_crt" {}
+variable "tls_key" {}
+variable "web_password" {}
+
+resource "kubernetes_namespace" "pihole" {
+  metadata {
+    name = "pihole"
+  }
+}
+
+module "tls_secret" {
+  source          = "../setup_tls_secret"
+  namespace       = "pihole"
+  tls_secret_name = var.tls_secret_name
+  tls_crt         = var.tls_crt
+  tls_key         = var.tls_key
+}
+
+
+resource "kubernetes_config_map" "external_conf" {
+  metadata {
+    name      = "external-conf"
+    namespace = "pihole"
+
+    labels = {
+      app = "pihole"
+    }
+  }
+  data = {
+    "external.conf" = "$HTTP[\"host\"] == \"pihole.viktorbarzin.me\" {\n    server.document-root = \"/var/www/html/admin/\"\n}\n"
+  }
+}
+
+resource "kubernetes_deployment" "pihole" {
+  metadata {
+    name      = "pihole"
+    namespace = "pihole"
+    labels = {
+      app = "pihole"
+    }
+  }
+  spec {
+    replicas = 1
+    selector {
+      match_labels = {
+        app = "pihole"
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          app = "pihole"
+        }
+      }
+      spec {
+        container {
+          image = "pihole/pihole:latest"
+          name  = "pihole"
+          resources {
+            limits = {
+              cpu    = "1"
+              memory = "1Gi"
+            }
+            requests = {
+              cpu    = "1"
+              memory = "1Gi"
+            }
+          }
+          port {
+            container_port = 80
+          }
+          env {
+            name  = "DNS1"
+            value = "10.0.20.200#5354" # bind
+          }
+          env {
+            name  = "VIRTUAL_HOST"
+            value = "pihole.viktorbarzin.me"
+          }
+          env {
+            name  = "WEBPASSWORD"
+            value = var.web_password
+          }
+          env {
+            name  = "TZ"
+            value = "Europe/Sofia"
+          }
+          volume_mount {
+            name       = "external-conf"
+            mount_path = "/tmp/external.conf"
+            sub_path   = "external.conf"
+          }
+          volume_mount {
+            name       = "pihole-local-etc-volume"
+            mount_path = "/etc/pihole"
+          }
+          volume_mount {
+            name       = "pihole-local-dnsmasq-volume"
+            mount_path = "/etc/dnsmasq.d"
+          }
+        }
+        volume {
+          name = "external-conf"
+          config_map {
+            name = "external-conf"
+          }
+        }
+        volume {
+          name = "pihole-local-etc-volume"
+          empty_dir {} # no hard dependencies on truenas which needs dns
+        }
+        volume {
+          name = "pihole-local-dnsmasq-volume"
+          empty_dir {} # no hard dependencies on truenas which needs dns
+        }
+      }
+    }
+  }
+}
+
+resource "kubernetes_service" "pihole-dns" {
+  metadata {
+    name      = "pihole-dns"
+    namespace = "pihole"
+    labels = {
+      "app" = "pihole"
+    }
+    annotations = {
+      "metallb.universe.tf/allow-shared-ip" : "shared"
+    }
+  }
+
+  spec {
+    type                    = "LoadBalancer"
+    external_traffic_policy = "Cluster"
+    selector = {
+      app = "pihole"
+    }
+    port {
+      name     = "dns-udp"
+      port     = "53"
+      protocol = "UDP"
+    }
+  }
+}
+
+resource "kubernetes_service" "pihole-web" {
+  metadata {
+    name      = "pihole-web"
+    namespace = "pihole"
+    labels = {
+      "app" = "pihole"
+    }
+    annotations = {
+      "metallb.universe.tf/allow-shared-ip" : "shared"
+    }
+  }
+
+  spec {
+    selector = {
+      app = "pihole"
+    }
+    port {
+      name = "dns-web"
+      port = "80"
+    }
+  }
+}
+
+resource "kubernetes_ingress" "pihole" {
+  metadata {
+    name      = "pihole-ingress"
+    namespace = "pihole"
+    annotations = {
+      "kubernetes.io/ingress.class"                        = "nginx"
+      "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on"
+      "nginx.ingress.kubernetes.io/auth-tls-secret"        = "default/ca-secret"
+    }
+  }
+
+  spec {
+    tls {
+      hosts       = ["pihole.viktorbarzin.me"]
+      secret_name = var.tls_secret_name
+    }
+    rule {
+      host = "pihole.viktorbarzin.me"
+      http {
+        path {
+          path = "/"
+          backend {
+            service_name = "pihole-web"
+            service_port = "80"
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/modules/kubernetes/privatebin/main.tf b/modules/kubernetes/privatebin/main.tf
new file mode 100644
index 00000000..5386acec
--- /dev/null
+++ b/modules/kubernetes/privatebin/main.tf
@@ -0,0 +1,144 @@
+variable "tls_secret_name" {}
+variable "tls_crt" {}
+variable "tls_key" {}
+
+resource "kubernetes_namespace" "privatebin" {
+  metadata {
+    name = "privatebin"
+  }
+}
+
+module "tls_secret" {
+  source          = "../setup_tls_secret"
+  namespace       = "privatebin"
+  tls_secret_name = var.tls_secret_name
+  tls_crt         = var.tls_crt
+  tls_key         = var.tls_key
+}
+
+resource "kubernetes_deployment" "privatebin" {
+  metadata {
+    name      = "privatebin"
+    namespace = "privatebin"
+    labels = {
+      app                             = "privatebin"
+      "kubernetes.io/cluster-service" = "true"
+    }
+  }
+  spec {
+    replicas = 1
+    strategy {
+      type = "Recreate"
+    }
+    selector {
+      match_labels = {
+        app = "privatebin"
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          app                             = "privatebin"
+          "kubernetes.io/cluster-service" = "true"
+        }
+      }
+      spec {
+        container {
+          image             = "privatebin/nginx-fpm-alpine"
+          name              = "privatebin"
+          image_pull_policy = "IfNotPresent"
+          resources {
+            limits = {
+              cpu    = "1"
+              memory = "1Gi"
+            }
+            requests = {
+              cpu    = "1"
+              memory = "1Gi"
+            }
+          }
+          port {
+            container_port = 8080
+          }
+          volume_mount {
+            name       = "data"
+            mount_path = "/srv/data"
+            sub_path   = "data"
+          }
+        }
+
+        volume {
+          name = "data"
+          iscsi {
+            target_portal = "iscsi.viktorbarzin.lan:3260"
+            fs_type       = "ext4"
+            iqn           = "iqn.2020-12.lan.viktorbarzin:storage:privatebin"
+            lun           = 0
+            read_only     = false
+          }
+        }
+      }
+    }
+  }
+}
+
+resource "kubernetes_service" "privatebin" {
+  metadata {
+    name      = "privatebin"
+    namespace = "privatebin"
+    labels = {
+      "app" = "privatebin"
+    }
+  }
+
+  spec {
+    selector = {
+      app = "privatebin"
+    }
+    port {
+      port        = "80"
+      target_port = "8080"
+    }
+  }
+}
+
+resource "kubernetes_ingress" "privatebin" {
+  metadata {
+    name      = "privatebin-ingress"
+    namespace = "privatebin"
+    annotations = {
+      "kubernetes.io/ingress.class" = "nginx"
+    }
+  }
+
+  spec {
+    tls {
+      hosts       = ["privatebin.viktorbarzin.me", "pb.viktorbarzin.me"]
+      secret_name = var.tls_secret_name
+    }
+    rule {
+      host = "privatebin.viktorbarzin.me"
+      http {
+        path {
+          path = "/"
+          backend {
+            service_name = "privatebin"
+            service_port = "80"
+          }
+        }
+      }
+    }
+    rule {
+      host = "pb.viktorbarzin.me"
+      http {
+        path {
+          path = "/"
+          backend {
+            service_name = "privatebin"
+            service_port = "80"
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/modules/kubernetes/setup_tls_secret/main.tf b/modules/kubernetes/setup_tls_secret/main.tf
new file mode 100644
index 00000000..3ad16d9e
--- /dev/null
+++ b/modules/kubernetes/setup_tls_secret/main.tf
@@ -0,0 +1,16 @@
+variable namespace {}
+variable tls_secret_name {}
+variable tls_crt {}
+variable tls_key {}
+
+resource "kubernetes_secret" "tls_secret" {
+  metadata {
+    name      = var.tls_secret_name
+    namespace = var.namespace
+  }
+  data = {
+    "tls.crt" = var.tls_crt
+    "tls.key" = var.tls_key
+  }
+  type = "kubernetes.io/tls"
+}
diff --git a/modules/kubernetes/versions.tf b/modules/kubernetes/versions.tf
new file mode 100644
index 00000000..5d7c4592
--- /dev/null
+++ b/modules/kubernetes/versions.tf
@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    kubernetes = {
+      source = "hashicorp/kubernetes"
+    }
+  }
+  required_version = ">= 0.13"
+}
diff --git a/modules/kubernetes/webhook_handler/main.tf b/modules/kubernetes/webhook_handler/main.tf
new file mode 100644
index 00000000..90e4594b
--- /dev/null
+++ b/modules/kubernetes/webhook_handler/main.tf
@@ -0,0 +1,146 @@
+
+variable "tls_secret_name" {}
+variable "tls_crt" {}
+variable "tls_key" {}
+variable "webhook_secret" {}
+
+resource "kubernetes_namespace" "webhook-handler" {
+  metadata {
+    name = "webhook-handler"
+  }
+}
+
+module "tls_secret" {
+  source          = "../setup_tls_secret"
+  namespace       = "webhook-handler"
+  tls_secret_name = var.tls_secret_name
+  tls_crt         = var.tls_crt
+  tls_key         = var.tls_key
+}
+
+resource "kubernetes_cluster_role" "deployment_updater" {
+  metadata {
+    name = "deployment-updater"
+  }
+
+  rule {
+    verbs      = ["create", "update", "get", "patch", "list"]
+    api_groups = ["extensions", "apps", ""]
+    resources  = ["deployments", "namespaces", "pods", "services"]
+  }
+}
+
+resource "kubernetes_cluster_role_binding" "update_deployment_binding" {
+  metadata {
+    name = "update-deployment-binding"
+  }
+
+  subject {
+    kind      = "ServiceAccount"
+    name      = "default"
+    namespace = "webhook-handler"
+  }
+
+  role_ref {
+    api_group = "rbac.authorization.k8s.io"
+    kind      = "ClusterRole"
+    name      = "deployment-updater"
+  }
+}
+
+resource "kubernetes_deployment" "webhook_handler" {
+  metadata {
+    name      = "webhook-handler"
+    namespace = "webhook-handler"
+    labels = {
+      app = "webhook-handler"
+    }
+  }
+  spec {
+    replicas = 1
+    selector {
+      match_labels = {
+        app = "webhook-handler"
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          app = "webhook-handler"
+        }
+      }
+      spec {
+        container {
+          image = "viktorbarzin/webhook-handler:latest"
+          name  = "webhook-handler"
+          resources {
+            limits = {
+              cpu    = "0.5"
+              memory = "512Mi"
+            }
+            requests = {
+              cpu    = "250m"
+              memory = "50Mi"
+            }
+          }
+          port {
+            container_port = 80
+          }
+          env {
+            name  = "WEBHOOKSECRET"
+            value = var.webhook_secret
+          }
+        }
+      }
+    }
+  }
+}
+
+resource "kubernetes_service" "webhook_handler" {
+  metadata {
+    name      = "webhook-handler"
+    namespace = "webhook-handler"
+    labels = {
+      "app" = "webhook-handler"
+    }
+  }
+
+  spec {
+    selector = {
+      app = "webhook-handler"
+    }
+    port {
+      port        = "80"
+      target_port = "3000"
+    }
+  }
+}
+
+resource "kubernetes_ingress" "webhook_handler" {
+  metadata {
+    name      = "webhook-handler-ingress"
+    namespace = "webhook-handler"
+    annotations = {
+      "kubernetes.io/ingress.class" = "nginx"
+    }
+  }
+
+  spec {
+    tls {
+      hosts       = ["webhook.viktorbarzin.me"]
+      secret_name = var.tls_secret_name
+    }
+    rule {
+      host = "webhook.viktorbarzin.me"
+      http {
+        path {
+          path = "/"
+          backend {
+            service_name = "webhook-handler"
+            service_port = "80"
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/playbook b/playbook
new file mode 120000
index 00000000..9f2f234b
--- /dev/null
+++ b/playbook
@@ -0,0 +1 @@
+../playbook
\ No newline at end of file
diff --git a/versions.tf b/versions.tf
new file mode 100644
index 00000000..5d7c4592
--- /dev/null
+++ b/versions.tf
@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    kubernetes = {
+      source = "hashicorp/kubernetes"
+    }
+  }
+  required_version = ">= 0.13"
+}