diff --git a/modules/kubernetes/main.tf b/modules/kubernetes/main.tf index 45c9ab08..f6bbdf96 100644 --- a/modules/kubernetes/main.tf +++ b/modules/kubernetes/main.tf @@ -312,11 +312,6 @@ module "headscale" { headscale_acl = var.headscale_acl } -# module "metrics_api" { -# source = "./metrics_api" -# tls_secret_name = var.tls_secret_name -# } - module "dashy" { source = "./dashy" tls_secret_name = var.tls_secret_name @@ -450,3 +445,8 @@ module "jsoncrack" { source = "./jsoncrack" tls_secret_name = var.tls_secret_name } + +module "servarr" { + source = "./servarr" + tls_secret_name = var.tls_secret_name +} diff --git a/modules/kubernetes/metrics_api/main.tf b/modules/kubernetes/metrics_api/main.tf deleted file mode 100644 index d8f1c845..00000000 --- a/modules/kubernetes/metrics_api/main.tf +++ /dev/null @@ -1,24 +0,0 @@ -variable "tls_secret_name" {} - -# resource "kubernetes_namespace" "metrics" { -# metadata { -# name = "metrics" -# } -# } - -module "tls_secret" { - source = "../setup_tls_secret" - namespace = "metrics" - tls_secret_name = var.tls_secret_name -} - -resource "helm_release" "metrics_api" { - namespace = "metrics" - create_namespace = true - name = "metrics-server" - - repository = "https://kubernetes-sigs.github.io/metrics-server/" - chart = "metrics-server" - - # values = [templatefile("${path.module}/prometheus_chart_values.tpl", { alertmanager_mail_pass = var.alertmanager_account_password, alertmanager_slack_api_url = var.alertmanager_slack_api_url })] -} diff --git a/modules/kubernetes/servarr/flaresolverr/main.tf b/modules/kubernetes/servarr/flaresolverr/main.tf new file mode 100644 index 00000000..0a416ccc --- /dev/null +++ b/modules/kubernetes/servarr/flaresolverr/main.tf @@ -0,0 +1,109 @@ +variable "tls_secret_name" {} +resource "kubernetes_namespace" "flaresolverr" { + metadata { + name = "flaresolverr" + # labels = { + # "istio-injection" : "enabled" + # } + } +} + + +module "tls_secret" { + source = "../../setup_tls_secret" + namespace = "flaresolverr" + tls_secret_name = var.tls_secret_name +} + +resource "kubernetes_deployment" "flaresolverr" { + metadata { + name = "flaresolverr" + namespace = "flaresolverr" + labels = { + app = "flaresolverr" + } + annotations = { + "reloader.stakater.com/search" = "true" + } + } + spec { + replicas = 1 + selector { + match_labels = { + app = "flaresolverr" + } + } + template { + metadata { + labels = { + app = "flaresolverr" + } + } + spec { + container { + image = "ghcr.io/flaresolverr/flaresolverr:latest" + name = "flaresolverr" + + port { + container_port = 8191 + } + } + } + } + } +} + +resource "kubernetes_service" "flaresolverr" { + metadata { + name = "flaresolverr" + namespace = "flaresolverr" + labels = { + app = "flaresolverr" + } + } + + spec { + selector = { + app = "flaresolverr" + } + port { + name = "http" + port = 8191 + } + } +} + +resource "kubernetes_ingress_v1" "flaresolverr" { + metadata { + name = "flaresolverr" + namespace = "flaresolverr" + annotations = { + "kubernetes.io/ingress.class" = "nginx" + "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" + "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" + } + } + + spec { + tls { + hosts = ["flaresolverr.viktorbarzin.me"] + secret_name = var.tls_secret_name + } + rule { + host = "flaresolverr.viktorbarzin.me" + http { + path { + path = "/" + backend { + service { + name = "flaresolverr" + port { + number = 8191 + } + } + } + } + } + } + } +} diff --git a/modules/kubernetes/servarr/main.tf b/modules/kubernetes/servarr/main.tf new file mode 100644 index 00000000..ab296af8 --- /dev/null +++ b/modules/kubernetes/servarr/main.tf @@ -0,0 +1,21 @@ +variable "tls_secret_name" {} + +module "readarr" { + source = "./readarr" + tls_secret_name = var.tls_secret_name +} + +module "prowlarr" { + source = "./prowlarr" + tls_secret_name = var.tls_secret_name +} + +module "qbittorrent" { + source = "./qbittorrent" + tls_secret_name = var.tls_secret_name +} + +module "flaresolverr" { + source = "./flaresolverr" + tls_secret_name = var.tls_secret_name +} diff --git a/modules/kubernetes/servarr/prowlarr/main.tf b/modules/kubernetes/servarr/prowlarr/main.tf new file mode 100644 index 00000000..fd738683 --- /dev/null +++ b/modules/kubernetes/servarr/prowlarr/main.tf @@ -0,0 +1,140 @@ +variable "tls_secret_name" {} +resource "kubernetes_namespace" "prowlarr" { + metadata { + name = "prowlarr" + # labels = { + # "istio-injection" : "enabled" + # } + } +} + + +module "tls_secret" { + source = "../../setup_tls_secret" + namespace = "prowlarr" + tls_secret_name = var.tls_secret_name +} + +resource "kubernetes_deployment" "prowlarr" { + metadata { + name = "prowlarr" + namespace = "prowlarr" + labels = { + app = "prowlarr" + } + annotations = { + "reloader.stakater.com/search" = "true" + } + } + spec { + replicas = 1 + selector { + match_labels = { + app = "prowlarr" + } + } + template { + metadata { + labels = { + app = "prowlarr" + } + } + spec { + container { + image = "lscr.io/linuxserver/prowlarr:latest" + name = "prowlarr" + + port { + container_port = 9696 + } + env { + name = "PUID" + value = 1000 + } + env { + name = "PGID" + value = 1000 + } + env { + name = "TZ" + value = "Etc/UTC" + } + volume_mount { + name = "data" + mount_path = "/config" + } + volume_mount { + name = "data" + mount_path = "/books" + } + volume_mount { + name = "data" + mount_path = "/downloads" + } + } + volume { + name = "data" + nfs { + path = "/mnt/main/servarr/prowlarr" + server = "10.0.10.15" + } + } + } + } + } +} + +resource "kubernetes_service" "prowlarr" { + metadata { + name = "prowlarr" + namespace = "prowlarr" + labels = { + app = "prowlarr" + } + } + + spec { + selector = { + app = "prowlarr" + } + port { + name = "http" + port = 9696 + } + } +} + +resource "kubernetes_ingress_v1" "prowlarr" { + metadata { + name = "prowlarr" + namespace = "prowlarr" + annotations = { + "kubernetes.io/ingress.class" = "nginx" + "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" + "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" + } + } + + spec { + tls { + hosts = ["prowlarr.viktorbarzin.me"] + secret_name = var.tls_secret_name + } + rule { + host = "prowlarr.viktorbarzin.me" + http { + path { + path = "/" + backend { + service { + name = "prowlarr" + port { + number = 9696 + } + } + } + } + } + } + } +} diff --git a/modules/kubernetes/servarr/qbittorrent/main.tf b/modules/kubernetes/servarr/qbittorrent/main.tf new file mode 100644 index 00000000..ff95d665 --- /dev/null +++ b/modules/kubernetes/servarr/qbittorrent/main.tf @@ -0,0 +1,175 @@ +variable "tls_secret_name" {} +resource "kubernetes_namespace" "qbittorrent" { + metadata { + name = "qbittorrent" + # labels = { + # "istio-injection" : "enabled" + # } + } +} + + +module "tls_secret" { + source = "../../setup_tls_secret" + namespace = "qbittorrent" + tls_secret_name = var.tls_secret_name +} + +resource "kubernetes_deployment" "qbittorrent" { + metadata { + name = "qbittorrent" + namespace = "qbittorrent" + labels = { + app = "qbittorrent" + } + annotations = { + "reloader.stakater.com/search" = "true" + } + } + spec { + replicas = 1 + selector { + match_labels = { + app = "qbittorrent" + } + } + template { + metadata { + labels = { + app = "qbittorrent" + } + } + spec { + container { + image = "lscr.io/linuxserver/qbittorrent:latest" + name = "qbittorrent" + + port { + container_port = 8787 + } + env { + name = "PUID" + value = 1000 + } + env { + name = "PGID" + value = 1000 + } + env { + name = "WEBUI_PORT" + value = 8080 + } + env { + name = "TORRENTING_PORT" + value = 6881 + } + volume_mount { + name = "data" + mount_path = "/config" + } + volume_mount { + name = "data" + mount_path = "/downloads" + } + } + volume { + name = "data" + nfs { + path = "/mnt/main/servarr/qbittorrent" + server = "10.0.10.15" + } + } + } + } + } +} + +resource "kubernetes_service" "qbittorrent" { + metadata { + name = "qbittorrent" + namespace = "qbittorrent" + labels = { + app = "qbittorrent" + } + } + + spec { + selector = { + app = "qbittorrent" + } + port { + name = "http" + port = 8080 + target_port = 8080 + } + } +} + +resource "kubernetes_service" "qbittorrent-torrenting" { + metadata { + name = "qbittorrent-torrenting" + namespace = "qbittorrent" + labels = { + app = "qbittorrent-torrenting" + + } + annotations = { + "metallb.universe.tf/allow-shared-ip" = "shared" + } + } + + spec { + type = "LoadBalancer" + external_traffic_policy = "Cluster" + selector = { + app = "qbittorrent" + } + port { + name = "torrenting" + port = 6881 + target_port = 6881 + } + port { + name = "torrenting-udp" + port = 6881 + protocol = "UDP" + target_port = 6881 + } + } +} + +resource "kubernetes_ingress_v1" "qbittorrent" { + metadata { + name = "qbittorrent" + namespace = "qbittorrent" + annotations = { + "kubernetes.io/ingress.class" = "nginx" + "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" + "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" + "nginx.ingress.kubernetes.io/proxy-body-size" : "100000m" // allow uploading .torrent files + } + } + + spec { + tls { + hosts = ["qbittorrent.viktorbarzin.me"] + secret_name = var.tls_secret_name + } + rule { + host = "qbittorrent.viktorbarzin.me" + http { + path { + path = "/" + backend { + service { + name = "qbittorrent" + port { + number = 8080 + } + } + } + } + } + } + } +} diff --git a/modules/kubernetes/servarr/readarr/main.tf b/modules/kubernetes/servarr/readarr/main.tf new file mode 100644 index 00000000..b612b762 --- /dev/null +++ b/modules/kubernetes/servarr/readarr/main.tf @@ -0,0 +1,152 @@ +variable "tls_secret_name" {} +resource "kubernetes_namespace" "readarr" { + metadata { + name = "readarr" + # labels = { + # "istio-injection" : "enabled" + # } + } +} + + +module "tls_secret" { + source = "../../setup_tls_secret" + namespace = "readarr" + tls_secret_name = var.tls_secret_name +} + +resource "kubernetes_deployment" "readarr" { + metadata { + name = "readarr" + namespace = "readarr" + labels = { + app = "readarr" + } + annotations = { + "reloader.stakater.com/search" = "true" + } + } + spec { + replicas = 1 + selector { + match_labels = { + app = "readarr" + } + } + template { + metadata { + labels = { + app = "readarr" + } + } + spec { + container { + image = "lscr.io/linuxserver/readarr:develop" + name = "readarr" + + port { + container_port = 8787 + } + env { + name = "PUID" + value = 1000 + } + env { + name = "PGID" + value = 1000 + } + env { + name = "TZ" + value = "Etc/UTC" + } + volume_mount { + name = "data" + mount_path = "/config" + } + volume_mount { + name = "data" + mount_path = "/books" + } + volume_mount { + name = "data" + mount_path = "/downloads" + } + volume_mount { + name = "qbittorrent" + mount_path = "/mnt" + read_only = true + } + } + volume { + name = "data" + nfs { + path = "/mnt/main/servarr/readarr" + server = "10.0.10.15" + } + } + volume { + name = "qbittorrent" + nfs { + path = "/mnt/main/servarr/qbittorrent" + server = "10.0.10.15" + } + } + } + } + } +} + +resource "kubernetes_service" "readarr" { + metadata { + name = "readarr" + namespace = "readarr" + labels = { + app = "readarr" + } + } + + spec { + selector = { + app = "readarr" + } + port { + name = "http" + port = 8787 + } + } +} + +resource "kubernetes_ingress_v1" "readarr" { + metadata { + name = "readarr" + namespace = "readarr" + annotations = { + "kubernetes.io/ingress.class" = "nginx" + "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" + "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" + } + } + + spec { + tls { + hosts = ["readarr.viktorbarzin.me"] + secret_name = var.tls_secret_name + } + rule { + host = "readarr.viktorbarzin.me" + http { + path { + path = "/" + backend { + service { + name = "readarr" + port { + number = 8787 + } + } + } + } + } + } + } +}