From add3bc4cbf14ef1ea0944c320e9eb0a79fc7a05a Mon Sep 17 00:00:00 2001
From: Viktor Barzin <vbarzin@gmail.com>
Date: Sun, 18 Jan 2026 14:05:01 +0000
Subject: [PATCH] update resume to be a bit more working; still not workign but
 closer...[ci skip]

---
 main.tf                           |  6 ++-
 modules/kubernetes/main.tf        |  2 +
 modules/kubernetes/resume/main.tf | 89 ++++++++++++++++++++++++-------
 3 files changed, 76 insertions(+), 21 deletions(-)

diff --git a/main.tf b/main.tf
index 0f826048..509fb6f9 100644
--- a/main.tf
+++ b/main.tf
@@ -77,6 +77,7 @@ variable "crowdsec_dash_machine_id" { type = string }
 variable "crowdsec_dash_machine_password" { type = string }
 variable "vaultwarden_smtp_password" {}
 variable "resume_database_url" {}
+variable "resume_database_password" {}
 variable "resume_redis_url" {}
 variable "frigate_valchedrym_camera_credentials" { default = "" }
 variable "paperless_db_password" {}
@@ -485,8 +486,9 @@ module "kubernetes_cluster" {
 
   vaultwarden_smtp_password = var.vaultwarden_smtp_password
 
-  resume_redis_url    = var.resume_redis_url
-  resume_database_url = var.resume_database_url
+  resume_redis_url         = var.resume_redis_url
+  resume_database_password = var.resume_database_password
+  resume_database_url      = var.resume_database_url
 
   frigate_valchedrym_camera_credentials = var.frigate_valchedrym_camera_credentials
 
diff --git a/modules/kubernetes/main.tf b/modules/kubernetes/main.tf
index 1dcbd6a6..121276b4 100644
--- a/modules/kubernetes/main.tf
+++ b/modules/kubernetes/main.tf
@@ -61,6 +61,7 @@ variable "crowdsec_dash_machine_id" { type = string }
 variable "crowdsec_dash_machine_password" { type = string }
 variable "vaultwarden_smtp_password" {}
 variable "resume_database_url" {}
+variable "resume_database_password" {}
 variable "resume_redis_url" {}
 variable "frigate_valchedrym_camera_credentials" { default = "" }
 variable "paperless_db_password" {}
@@ -575,6 +576,7 @@ module "crowdsec" {
 #   tls_secret_name = var.tls_secret_name
 #   redis_url       = var.resume_redis_url
 #   database_url    = var.resume_database_url
+#   db_password     = var.resume_database_password
 # }
 
 module "uptime-kuma" {
diff --git a/modules/kubernetes/resume/main.tf b/modules/kubernetes/resume/main.tf
index f4f6cba1..cf3fd0ef 100644
--- a/modules/kubernetes/resume/main.tf
+++ b/modules/kubernetes/resume/main.tf
@@ -1,6 +1,8 @@
-variable "tls_secret_name" {}
-variable "database_url" {}
-variable "redis_url" {}
+variable "tls_secret_name" { type = string }
+variable "tier" { type = string }
+variable "database_url" { type = string }
+variable "redis_url" { type = string }
+variable "db_password" { type = string }
 
 module "tls_secret" {
   source          = "../setup_tls_secret"
@@ -14,12 +16,18 @@ resource "kubernetes_namespace" "resume" {
   }
 }
 
+resource "random_string" "random" {
+  length = 32
+  lower  = true
+}
+
 resource "kubernetes_deployment" "resume" {
   metadata {
     name      = "resume"
     namespace = kubernetes_namespace.resume.metadata[0].name
     labels = {
-      app = "resume"
+      app  = "resume"
+      tier = var.tier
     }
     annotations = {
       "reloader.stakater.com/search" = "true"
@@ -58,9 +66,34 @@ resource "kubernetes_deployment" "resume" {
             name  = "PUBLIC_SERVER_URL"
             value = "https://resume.viktorbarzin.me"
           }
+
+          env {
+            name  = "POSTGRES_HOST"
+            value = "postgresql.dbaas.svc.cluster.local"
+          }
+          env {
+            name  = "POSTGRES_DB"
+            value = "resume"
+          }
+          env {
+            name  = "POSTGRES_USER"
+            value = "resume"
+          }
+          env {
+            name  = "POSTGRES_PASSWORD"
+            value = var.db_password
+          }
           env {
             name  = "JWT_SECRET"
-            value = "kek"
+            value = random_string.random.result
+          }
+          env {
+            name  = "AUTH_SECRET"
+            value = random_string.random.result
+          }
+          env {
+            name  = "SECRET_KEY"
+            value = random_string.random.result
           }
           env {
             name  = "JWT_EXPIRY_TIME"
@@ -70,28 +103,46 @@ resource "kubernetes_deployment" "resume" {
             name  = "STORAGE_ENDPOINT"
             value = "https://resume.viktorbarzin.me"
           }
-          env {
-            name  = "STORAGE_PORT"
-            value = 443
-          }
           // There's a tone of these... I give up...
           // check https://github.com/AmruthPillai/Reactive-Resume/blob/main/.env.example
 
           port {
             container_port = 3000
           }
-          # volume_mount {
-          #   name       = "config"
-          #   mount_path = "/app/public/"
-          # }
+          port {
+            container_port = 3100
+          }
         }
-        # volume {
-        #   name = "config"
-        #   config_map {
-        #     name = "config"
-        #   }
-        # }
       }
     }
   }
 }
+
+
+resource "kubernetes_service" "resume" {
+  metadata {
+    name      = "resume"
+    namespace = kubernetes_namespace.resume.metadata[0].name
+    labels = {
+      "app" = "resume"
+    }
+  }
+
+  spec {
+    selector = {
+      app = "resume"
+    }
+    port {
+      name        = "http"
+      port        = 80
+      target_port = 3000
+    }
+  }
+}
+
+module "ingress" {
+  source          = "../ingress_factory"
+  namespace       = kubernetes_namespace.resume.metadata[0].name
+  name            = "resume"
+  tls_secret_name = var.tls_secret_name
+}