truenas deprecation: migrate all non-immich storage to proxmox NFS

- Migrate 7 backup CronJobs to Proxmox host NFS (192.168.1.127) (etcd, mysql, postgresql, nextcloud, redis, vaultwarden, plotting-book) - Migrate headscale backup, ebook2audiobook, osm_routing to Proxmox NFS - Migrate servarr (lidarr, readarr, soulseek) NFS refs to Proxmox - Remove 79 orphaned TrueNAS NFS module declarations from 49 stacks - Delete stacks/platform/modules/ (27 dead module copies, 65MB) - Update nfs-truenas StorageClass to point to Proxmox (192.168.1.127) - Remove iscsi DNS record from config.tfvars - Fix woodpecker persistence config and alertmanager PV Only Immich (8 PVCs, ~1.4TB) remains on TrueNAS.
2026-04-12 14:35:39 +01:00 · 2026-04-12 14:35:39 +01:00 · 82b0f6c4cb
commit 82b0f6c4cb
parent 3246c4d112
193 changed files with 825 additions and 177172 deletions
--- a/stacks/crowdsec/modules/crowdsec/main.tf
+++ b/stacks/crowdsec/modules/crowdsec/main.tf
@ -15,6 +15,7 @@ variable "crowdsec_dash_machine_password" {
 variable "tier" { type = string }
 variable "slack_webhook_url" { type = string }
 variable "mysql_host" { type = string }
+variable "postgresql_host" { type = string }

 module "tls_secret" {
  source          = "../../../../modules/kubernetes/setup_tls_secret"
@ -127,7 +128,7 @@ resource "helm_release" "crowdsec" {
  repository = "https://crowdsecurity.github.io/helm-charts"
  chart      = "crowdsec"

-  values  = [templatefile("${path.module}/values.yaml", { homepage_username = var.homepage_username, homepage_password = var.homepage_password, DB_PASSWORD = var.db_password, ENROLL_KEY = var.enroll_key, SLACK_WEBHOOK_URL = var.slack_webhook_url, mysql_host = var.mysql_host })]
+  values  = [templatefile("${path.module}/values.yaml", { homepage_username = var.homepage_username, homepage_password = var.homepage_password, DB_PASSWORD = var.db_password, ENROLL_KEY = var.enroll_key, SLACK_WEBHOOK_URL = var.slack_webhook_url, mysql_host = var.mysql_host, postgresql_host = var.postgresql_host })]
  timeout       = 1200
  wait          = true
  wait_for_jobs = true
@ -338,7 +339,7 @@ resource "kubernetes_cron_job_v1" "crowdsec_blocklist_import" {

                  # Run with native mode since we are inside the CrowdSec container
                  export MODE=native
-                  export DECISION_DURATION=24h
+                  export DECISION_DURATION=168h
                  export FETCH_TIMEOUT=60
                  export LOG_LEVEL=INFO

--- a/stacks/crowdsec/modules/crowdsec/values.yaml
+++ b/stacks/crowdsec/modules/crowdsec/values.yaml
@ -116,15 +116,17 @@ lapi:
    enabled: true
    env:
    - name: MB_DB_TYPE
-      value: "mysql"
+      value: "postgres"
    - name: MB_DB_DBNAME
-      value: crowdsec-metabase
+      value: crowdsec_metabase
    - name: MB_DB_USER
      value: "crowdsec"
    - name: MB_DB_PASS
      value: "${DB_PASSWORD}"
    - name: MB_DB_HOST
-      value: "${mysql_host}"
+      value: "${postgresql_host}"
+    - name: MB_DB_PORT
+      value: "5432"

    - name: MB_EMAIL_SMTP_USERNAME
      value: "info@viktorbarzin.me"
@ -206,12 +208,20 @@ config:

  config.yaml.local: |
    db_config:
-      type:     mysql
+      type:     postgres
      user:     crowdsec
      password: ${DB_PASSWORD}
      db_name:  crowdsec
-      host:     ${mysql_host}
-      port:     3306
+      host:     ${postgresql_host}
+      port:     5432
+      flush:
+        max_items: 10000
+        max_age: "7d"
+        bouncers_autodelete:
+          api_key: "30d"
+        agents_autodelete:
+          login_password: "30d"
+      decision_bulk_size: 2000
    api:
      server:
        auto_registration: # Activate if not using TLS for authentication