add rybbit monitoring to ingresses [ci skip]

modules/kubernetes/reverse_proxy/factory/main.tf

@@ -33,6 +33,10 @@ variable "proxy_timeout" {
 variable "extra_annotations" {
   default = {}
 }
+variable "rybbit_site_id" {
+  default = null
+  type    = string
+}
 
 
 resource "kubernetes_service" "proxied-service" {
@@ -81,39 +85,62 @@ resource "kubernetes_ingress_v1" "proxied-ingress" {
       "nginx.ingress.kubernetes.io/proxy-send-timeout" : var.proxy_timeout
       "nginx.ingress.kubernetes.io/proxy-read-timeout" : var.proxy_timeout
 
-    }, var.extra_annotations)
+      "nginx.ingress.kubernetes.io/configuration-snippet" = <<-EOF
+        limit_req_status 429;
+        limit_conn_status 429;
+        ${var.rybbit_site_id != null ? <<-JS
+          # Rybbit Analytics
+          # Only modify HTML
+          sub_filter_types text/html;
+          sub_filter_once off;
+
+          # Disable compression so sub_filter works
+          proxy_set_header Accept-Encoding "";
+
+          # Inject analytics before </head>
+          sub_filter '</head>' '
+          <script src="https://rybbit.viktorbarzin.me/api/script.js"
+                data-site-id="${var.rybbit_site_id}"
+                defer></script> 
+          </head>';
+        JS
+      : ""
+      }
+      EOF
+
+  }, var.extra_annotations)
+}
+
+spec {
+  tls {
+    hosts       = ["${var.name}.viktorbarzin.me"]
+    secret_name = var.tls_secret_name
   }
+  rule {
+    host = "${var.name}.viktorbarzin.me"
+    http {
+      dynamic "path" {
+        # for_each = { for pr in var.ingress_path : pr => pr }
+        for_each = var.ingress_path
 
-  spec {
-    tls {
-      hosts       = ["${var.name}.viktorbarzin.me"]
-      secret_name = var.tls_secret_name
-    }
-    rule {
-      host = "${var.name}.viktorbarzin.me"
-      http {
-        dynamic "path" {
-          # for_each = { for pr in var.ingress_path : pr => pr }
-          for_each = var.ingress_path
+        content {
+          path = path.value
+          backend {
+            service {
 
-          content {
-            path = path.value
-            backend {
-              service {
-
-                name = var.name
-                port {
-                  number = var.port
-                }
+              name = var.name
+              port {
+                number = var.port
               }
             }
           }
         }
-        # path {
-        #   # path = var.ingress_path
-        #   path = each.value
-        # }
       }
+      # path {
+      #   # path = var.ingress_path
+      #   path = each.value
+      # }
     }
   }
 }
+}

modules/kubernetes/reverse_proxy/main.tf

@@ -43,7 +43,8 @@ module "pfsense" {
     "gethomepage.dev/widget.wan"    = "vmx0"
     # "gethomepage.dev/pod-selector" : ""
   }
-  depends_on = [kubernetes_namespace.reverse-proxy]
+  depends_on     = [kubernetes_namespace.reverse-proxy]
+  rybbit_site_id = "b029580e5a7c"
 }
 
 # https://nas.viktorbarzin.me/
@@ -56,6 +57,7 @@ module "nas" {
   backend_protocol = "HTTPS"
   max_body_size    = "0m"
   depends_on       = [kubernetes_namespace.reverse-proxy]
+  rybbit_site_id   = "1e11f8449f7d"
 }
 
 # https://files.viktorbarzin.me/
@@ -117,7 +119,8 @@ module "truenas" {
     # "gethomepage.dev/widget.enablePools" : "true"
     # "gethomepage.dev/pod-selector" : ""
   }
-  depends_on = [kubernetes_namespace.reverse-proxy]
+  depends_on     = [kubernetes_namespace.reverse-proxy]
+  rybbit_site_id = "b66fbd3cb58a"
 }
 
 # https://r730.viktorbarzin.me/
@@ -141,6 +144,7 @@ module "proxmox" {
   backend_protocol = "HTTPS"
   max_body_size    = "0" # unlimited
   depends_on       = [kubernetes_namespace.reverse-proxy]
+  rybbit_site_id   = "190a7ad3e1c7"
 }
 
 # https://valchedrym.viktorbarzin.me/
@@ -198,6 +202,7 @@ module "ha-sofia" {
   tls_secret_name = var.tls_secret_name
   depends_on      = [kubernetes_namespace.reverse-proxy]
   protected       = false
+  rybbit_site_id  = "590fc392690a"
 }
 
 # https://ha-london.viktorbarzin.me/