add wealthfolio deployment [ci skip]

2025-12-23 12:22:52 +00:00 · 2025-12-23 12:22:52 +00:00 · 98115b4b3b
commit 98115b4b3b
parent 579c128e8f
5 changed files with 146 additions and 9 deletions
--- a/main.tf
+++ b/main.tf
@ -128,6 +128,7 @@ variable "tiny_tuya_slack_url" { type = string }
 variable "haos_api_token" { type = string }
 variable "clickhouse_password" { type = string }
 variable "clickhouse_postgres_password" { type = string }
+variable "wealthfolio_password_hash" { type = string }


 provider "kubernetes" {
@ -522,6 +523,8 @@ module "kubernetes_cluster" {

  clickhouse_password          = var.clickhouse_password
  clickhouse_postgres_password = var.clickhouse_postgres_password
+
+  wealthfolio_password_hash = var.wealthfolio_password_hash
 }


--- a/modules/kubernetes/main.tf
+++ b/modules/kubernetes/main.tf
@ -107,6 +107,7 @@ variable "tiny_tuya_slack_url" { type = string }
 variable "haos_api_token" { type = string }
 variable "clickhouse_password" { type = string }
 variable "clickhouse_postgres_password" { type = string }
+variable "wealthfolio_password_hash" { type = string }


 variable "defcon_level" {
@ -344,15 +345,15 @@ module "wireguard" {
 #   configuration_yaml             = var.home_assistant_configuration
 # }

-module "finance_app" {
-  source                     = "./finance_app"
-  tls_secret_name            = var.tls_secret_name
-  graphql_api_secret         = var.finance_app_graphql_api_secret
-  db_connection_string       = var.finance_app_db_connection_string
-  currency_converter_api_key = var.finance_app_currency_converter_api_key
-  gocardless_secret_key      = var.finance_app_gocardless_secret_key
-  gocardless_secret_id       = var.finance_app_gocardless_secret_id
-}
+# module "finance_app" {
+#   source                     = "./finance_app"
+#   tls_secret_name            = var.tls_secret_name
+#   graphql_api_secret         = var.finance_app_graphql_api_secret
+#   db_connection_string       = var.finance_app_db_connection_string
+#   currency_converter_api_key = var.finance_app_currency_converter_api_key
+#   gocardless_secret_key      = var.finance_app_gocardless_secret_key
+#   gocardless_secret_id       = var.finance_app_gocardless_secret_id
+# }

 module "excalidraw" {
  source          = "./excalidraw"
@ -742,3 +743,9 @@ module "rybbit" {
  clickhouse_password = var.clickhouse_password
  postgres_password   = var.clickhouse_postgres_password
 }
+
+module "wealthfolio" {
+  source                    = "./wealthfolio"
+  tls_secret_name           = var.tls_secret_name
+  wealthfolio_password_hash = var.wealthfolio_password_hash
+}
--- a/modules/kubernetes/wealthfolio/main.tf
+++ b/modules/kubernetes/wealthfolio/main.tf
@ -0,0 +1,127 @@
+# To refresh transactions use finance db positions exporters:
+#
+# workon finace-app && cd ~/code/finance && python main.py fetch position --imap-user=$IMAP_USER --imap-password=$IMAP_PASSWORD --trading212-api-keys=$TRADING212_API_KEYS --output-file positions.csv && mv positions.csv /home/wizard/code/infra/modules/kubernetes/wealthfolio/updated_trades.csv
+#
+# Then upload updated_trades.csv
+# Note that currently wealthfolio doesn't dedup (https://github.com/afadil/wealthfolio/issues/476)
+
+variable "tls_secret_name" {}
+variable "wealthfolio_password_hash" {}
+
+resource "kubernetes_namespace" "wealthfolio" {
+  metadata {
+    name = "wealthfolio"
+    labels = {
+      "istio-injection" : "disabled"
+    }
+  }
+}
+
+module "tls_secret" {
+  source          = "../setup_tls_secret"
+  namespace       = "wealthfolio"
+  tls_secret_name = var.tls_secret_name
+}
+
+resource "random_string" "random" {
+  length = 32
+  lower  = true
+}
+
+resource "kubernetes_deployment" "wealthfolio" {
+  metadata {
+    name      = "wealthfolio"
+    namespace = "wealthfolio"
+    labels = {
+      app = "wealthfolio"
+    }
+  }
+  spec {
+    replicas = 1
+    selector {
+      match_labels = {
+        app = "wealthfolio"
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          app = "wealthfolio"
+        }
+      }
+      spec {
+        container {
+          image = "afadil/wealthfolio:latest"
+          name  = "wealthfolio"
+          port {
+            container_port = 8080
+          }
+          env {
+            name  = "WF_LISTEN_ADDR"
+            value = "0.0.0.0:8080"
+          }
+          env {
+            name  = "WF_AUTH_PASSWORD_HASH"
+            value = var.wealthfolio_password_hash
+          }
+          env {
+            name  = "WF_DB_PATH"
+            value = "/data/wealthfolio.db"
+          }
+          env {
+            name  = "WF_CORS_ALLOW_ORIGINS"
+            value = "https://authentik.viktorbarzin.me"
+          }
+          env {
+            name  = "WF_AUTH_TOKEN_TTL_MINUTES"
+            value = "10080"
+          }
+          env {
+            name  = "WF_SECRET_KEY"
+            value = random_string.random.result
+          }
+          volume_mount {
+            name       = "data"
+            mount_path = "/data"
+          }
+        }
+        volume {
+          name = "data"
+          nfs {
+            server = "10.0.10.15"
+            path   = "/mnt/main/wealthfolio"
+          }
+        }
+      }
+    }
+  }
+}
+
+resource "kubernetes_service" "wealthfolio" {
+  metadata {
+    name      = "wealthfolio"
+    namespace = "wealthfolio"
+    labels = {
+      "app" = "wealthfolio"
+    }
+  }
+
+  spec {
+    selector = {
+      app = "wealthfolio"
+    }
+    port {
+      name        = "http"
+      port        = 80
+      target_port = 8080
+    }
+  }
+}
+
+module "ingress" {
+  source          = "../ingress_factory"
+  namespace       = "wealthfolio"
+  name            = "wealthfolio"
+  tls_secret_name = var.tls_secret_name
+  protected       = true
+}
--- a/terraform.tfstate
+++ b/terraform.tfstate
--- a/terraform.tfvars
+++ b/terraform.tfvars