diff --git a/modules/kubernetes/actualbudget/factory/main.tf b/modules/kubernetes/actualbudget/factory/main.tf index c232f94f..cd1318b4 100644 --- a/modules/kubernetes/actualbudget/factory/main.tf +++ b/modules/kubernetes/actualbudget/factory/main.tf @@ -28,7 +28,7 @@ resource "kubernetes_deployment" "actualbudget" { template { metadata { annotations = { - "diun.enable" = "true" + "diun.enable" = "false" # daily updates; pretty noisy "diun.include_tags" = "^${var.tag}$" } labels = { diff --git a/modules/kubernetes/immich/main.tf b/modules/kubernetes/immich/main.tf index 9555b71c..25a77696 100644 --- a/modules/kubernetes/immich/main.tf +++ b/modules/kubernetes/immich/main.tf @@ -275,3 +275,150 @@ resource "kubernetes_cron_job_v1" "postgresql-backup" { } } } + +# POWER TOOLS + +resource "kubernetes_deployment" "powertools" { + metadata { + name = "powertools" + namespace = "immich" + labels = { + app = "powertools" + } + annotations = { + "reloader.stakater.com/search" = "true" + } + } + spec { + replicas = 1 + strategy { + type = "Recreate" + } + selector { + match_labels = { + app = "powertools" + } + } + template { + metadata { + labels = { + app = "powertools" + } + annotations = { + "diun.enable" = "true" + "diun.include_tags" = "latest" + } + } + spec { + + container { + image = "ghcr.io/varun-raj/immich-power-tools:latest" + name = "owntracks" + port { + name = "http" + container_port = 3000 + } + env { + name = "IMMICH_API_KEY" + value = "bLz8OIoRrtUFumDaBrXjkgwXkU5YoJBXcwRr8F90KQ" + } + env { + name = "IMMICH_URL" + # value = "http://immich-server.immich.svc.cluster.local" + value = "http://10.109.73.214" + } + env { + name = "EXTERNAL_IMMICH_URL" + value = "https://immich.viktorbarzin.me" + } + env { + name = "DB_USERNAME" + value = "immich" + } + env { + name = "DB_PASSWORD" + value = var.postgresql_password + } + env { + name = "DB_HOST" + # value = "immich-postgresql.immich.svc.cluster.local" + value = "10.102.122.16" + } + # env { + # name = "DB_PORT" + # value = "5432" + # } + env { + name = "DB_DATABASE_NAME" + value = "immich" + } + env { + name = "NODE_ENV" + value = "development" + } + + } + } + } + } +} + + +resource "kubernetes_service" "powertools" { + metadata { + name = "powertools" + namespace = "immich" + labels = { + "app" = "powertools" + } + } + + spec { + selector = { + app = "powertools" + } + port { + name = "http" + port = 80 + target_port = 3000 + protocol = "TCP" + } + } +} + +resource "kubernetes_ingress_v1" "powertools" { + metadata { + name = "powertools" + namespace = "immich" + annotations = { + "kubernetes.io/ingress.class" = "nginx" + "nginx.ingress.kubernetes.io/auth-url" : "http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx" + "nginx.ingress.kubernetes.io/auth-signin" : "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme%3A%2F%2F$host$escaped_request_uri" + "nginx.ingress.kubernetes.io/auth-response-headers" : "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid" + "nginx.ingress.kubernetes.io/auth-snippet" : "proxy_set_header X-Forwarded-Host $http_host;" + } + } + + spec { + tls { + hosts = ["immich-powertools.viktorbarzin.me"] + secret_name = var.tls_secret_name + } + rule { + host = "immich-powertools.viktorbarzin.me" + http { + path { + path = "/" + backend { + service { + name = "powertools" + port { + number = 80 + } + } + } + } + } + } + } +}