add homepage module and some more integrations [ci skip]

2024-10-20 12:19:12 +00:00 · 2024-10-20 12:19:12 +00:00 · cf39034bdf
commit cf39034bdf
parent 045d271d52
9 changed files with 255 additions and 3 deletions
--- a/modules/kubernetes/calibre/main.tf
+++ b/modules/kubernetes/calibre/main.tf
@ -1,4 +1,10 @@
 variable "tls_secret_name" {}
+variable "homepage_username" {
+  default = ""
+}
+variable "homepage_password" {
+  default = ""
+}

 resource "kubernetes_namespace" "calibre" {
  metadata {
@ -113,6 +119,19 @@ resource "kubernetes_ingress_v1" "calibre" {
    annotations = {
      "kubernetes.io/ingress.class" = "nginx"
      "nginx.ingress.kubernetes.io/proxy-body-size" : "5000m"
+
+      "gethomepage.dev/enabled"     = "true"
+      "gethomepage.dev/description" = "Book library"
+      # gethomepage.dev/group: Media
+      "gethomepage.dev/icon" : "calibre-web.png"
+      "gethomepage.dev/name"            = "Calibre"
+      "gethomepage.dev/widget.type"     = "calibreweb"
+      "gethomepage.dev/widget.url"      = "https://calibre.viktorbarzin.me"
+      "gethomepage.dev/widget.username" = var.homepage_username
+      "gethomepage.dev/widget.password" = var.homepage_password
+      "gethomepage.dev/pod-selector"    = ""
+      # gethomepage.dev/weight: 10 # optional
+      # gethomepage.dev/instance: "public" # optional
    }
  }

--- a/modules/kubernetes/crowdsec/main.tf
+++ b/modules/kubernetes/crowdsec/main.tf
@ -1,4 +1,6 @@
 variable "tls_secret_name" {}
+variable "homepage_username" {}
+variable "homepage_password" {}

 module "tls_secret" {
  source          = "../setup_tls_secret"
@ -65,7 +67,7 @@ resource "helm_release" "crowdsec" {
  repository = "https://crowdsecurity.github.io/helm-charts"
  chart      = "crowdsec"

-  values = [templatefile("${path.module}/values.yaml", {})]
+  values = [templatefile("${path.module}/values.yaml", { homepage_username = var.homepage_username, homepage_password = var.homepage_password })]
 }

 # resource "kubernetes_ingress_v1" "metabase" {
--- a/modules/kubernetes/crowdsec/values.yaml
+++ b/modules/kubernetes/crowdsec/values.yaml
@ -31,6 +31,15 @@ lapi:
        nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
        nginx.ingress.kubernetes.io/auth-url: "https://oauth2.viktorbarzin.me/oauth2/auth"
        nginx.ingress.kubernetes.io/auth-signin: "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
+        gethomepage.dev/enabled: "true"
+        gethomepage.dev/description: "Web Application Firewall"
+        gethomepage.dev/icon: "crowdsec.png"
+        gethomepage.dev/name: "CrowdSec"
+        gethomepage.dev/widget.type: "crowdsec"
+        gethomepage.dev/widget.url: "http://crowdsec-service.crowdsec.svc.cluster.local:8080"
+        gethomepage.dev/widget.username: "${homepage_username}"
+        gethomepage.dev/widget.password: "${homepage_password}"
+        gethomepage.dev/pod-selector: ""
      ingressClassName: "nginx"
      host: "crowdsec.viktorbarzin.me"
      tls:
--- a/modules/kubernetes/homepage/main.tf
+++ b/modules/kubernetes/homepage/main.tf
@ -0,0 +1,29 @@
+
+variable "tls_secret_name" {}
+
+module "tls_secret" {
+  source          = "../setup_tls_secret"
+  namespace       = "homepage"
+  tls_secret_name = var.tls_secret_name
+}
+
+resource "kubernetes_namespace" "homepage" {
+  metadata {
+    name = "homepage"
+    labels = {
+      "istio-injection" : "disabled"
+    }
+  }
+}
+
+resource "helm_release" "homepage" {
+  namespace        = "homepage"
+  create_namespace = false
+  name             = "homepage"
+  atomic           = true
+
+  repository = "http://jameswynn.github.io/helm-charts"
+  chart      = "homepage"
+
+  values = [templatefile("${path.module}/values.yaml", { tls_secret_name = var.tls_secret_name })]
+}
--- a/modules/kubernetes/homepage/values.yaml
+++ b/modules/kubernetes/homepage/values.yaml
@ -0,0 +1,153 @@
+image:
+  repository: ghcr.io/gethomepage/homepage
+  # tag: v0.6.0
+
+# Enable RBAC. RBAC is necessary to use Kubernetes integration
+enableRbac: true
+
+extraClusterRoles:
+  # - apiGroups:
+  #   - some-group
+  #   resources:
+  #   - some-resource
+  #   verbs:
+  #   - get
+
+serviceAccount:
+  # Specify a different service account name. When blank it will default to the release
+  # name if *create* is enabled, otherwise it will refer to the default service account.
+  name: ""
+  # Create service account. Needed when RBAC is enabled.
+  create: false
+
+service:
+  main:
+    ports:
+      http:
+        port: 3000
+
+controller:
+  strategy: RollingUpdate
+  rollingUpdate:
+    maxSurge: 25%
+    maxUnavailable: 25%
+
+# Enable the ingress to expose Homepage to the network.
+ingress:
+  main:
+    enabled: true
+    labels:
+      # This label will enable discover of this deployment in Homepage
+      gethomepage.dev/enabled: "true"
+    annotations:
+      # These annotations will configure how this deployment is shown in Homepage
+      gethomepage.dev/name: "Homepage"
+      gethomepage.dev/description: "A modern, secure, highly customizable application dashboard."
+      gethomepage.dev/group: "A New Group"
+      gethomepage.dev/icon: "homepage.png"
+    ingressClassName: "nginx"
+    hosts:
+      - host: &host "home.viktorbarzin.me"
+        paths:
+          - path: /
+            pathType: Prefix
+    tls:
+      - hosts:
+          - *host
+        secretName: ${tls_secret_name}
+
+# All the config files for Homepage can be specified under their relevant config block.
+config:
+  # To use an existing ConfigMap uncomment this line and specify the name
+  # useExistingConfigMap: existing-homepage-configmap
+  bookmarks:
+    - Developer:
+        - Github:
+            - abbr: Viktor Barzin
+              href: https://github.com/viktorbarzin
+  services:
+    # - My First Group:
+    #     - My First Service:
+    #         href: http://localhost/
+    #         description: Homepage is awesome
+
+    # - My Second Group:
+    #     - My Second Service:
+    #         href: http://localhost/
+    #         description: Homepage is the best
+
+    # - My Third Group:
+    #     - My Third Service:
+    #         href: http://localhost/
+    #         description: Homepage is 😎
+  widgets:
+    - resources:
+        # change backend to 'kubernetes' to use Kubernetes integration. Requires RBAC.
+        # backend: resources
+        backend: kubernetes
+        expanded: true
+        cpu: true
+        memory: true
+    - search:
+        provider: duckduckgo
+        target: _blank
+    ## Uncomment to enable Kubernetes integration
+    - kubernetes:
+        cluster:
+          show: true
+          cpu: true
+          memory: true
+          showLabel: true
+          label: "cluster"
+        nodes:
+          show: true
+          cpu: true
+          memory: true
+          showLabel: true
+  kubernetes:
+    # change mode to 'cluster' to use RBAC service account
+    # mode: disable
+    mode: cluster
+  docker:
+  settings:
+
+# -- Main environment variables. Template enabled.
+# Syntax options:
+# A) TZ: UTC
+# B) PASSWD: '{{ .Release.Name }}'
+# C) PASSWD:
+#      configMapKeyRef:
+#        name: config-map-name
+#        key: key-name
+# D) PASSWD:
+#      valueFrom:
+#        secretKeyRef:
+#          name: secret-name
+#          key: key-name
+#      ...
+# E) - name: TZ
+#      value: UTC
+# F) - name: TZ
+#      value: '{{ .Release.Name }}'
+env:
+
+# To include environment variables from other configs or other secrets for use in
+# Homepage's variable substitutions. Refer to them here.
+# envFrom:
+#   - secretRef:
+#       name: my-secret
+#   - configMapRef:
+#       name: my-configmap
+
+persistence:
+  logs:
+    enabled: true
+    type: emptyDir
+    mountPath: /app/config/logs
+# resources:
+#   requests:
+#     memory: 10Mi
+#     cpu: 10m
+#   limits:
+#     memory: 200Mi
+#     cpu: 500m
--- a/modules/kubernetes/monitoring/prometheus_chart_values.tpl
+++ b/modules/kubernetes/monitoring/prometheus_chart_values.tpl
@ -89,6 +89,14 @@ server:
      # nginx.ingress.kubernetes.io/auth-tls-secret: "default/ca-secret"
      nginx.ingress.kubernetes.io/auth-url: "https://oauth2.viktorbarzin.me/oauth2/auth"
      nginx.ingress.kubernetes.io/auth-signin: "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
+
+      gethomepage.dev/enabled: "true"
+      gethomepage.dev/description: "Prometheus"
+      gethomepage.dev/icon: "prometheus.png"
+      gethomepage.dev/name: "Prometheus"
+      gethomepage.dev/widget.type: "prometheus"
+      gethomepage.dev/widget.url: "http://prometheus-server.monitoring.svc.cluster.local:80"
+      gethomepage.dev/pod-selector: ""
    tls:
      - secretName: "tls-secret"
        hosts:
--- a/modules/kubernetes/paperless-ngx/main.tf
+++ b/modules/kubernetes/paperless-ngx/main.tf
@ -1,5 +1,9 @@
 variable "tls_secret_name" {}
 variable "db_password" {}
+# variable "homepage_token" {}
+variable "homepage_username" {}
+variable "homepage_password" {}
+

 resource "kubernetes_namespace" "paperless-ngx" {
  metadata {
@ -144,6 +148,21 @@ resource "kubernetes_ingress_v1" "paperless-ngx" {
      "nginx.ingress.kubernetes.io/proxy-body-size" : "100000m"
      # see https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#rate-limiting for all annotations
      # "nginx.ingress.kubernetes.io/limit-rpm": "5"
+
+      "gethomepage.dev/enabled"     = "true"
+      "gethomepage.dev/description" = "Document library"
+      # gethomepage.dev/group: Media
+      "gethomepage.dev/icon" : "paperless-ngx.png"
+      "gethomepage.dev/name"        = "Paperless-ngx"
+      "gethomepage.dev/widget.type" = "paperlessngx"
+      "gethomepage.dev/widget.url"  = "https://pdf.viktorbarzin.me"
+      # "gethomepage.dev/widget.token"    = var.homepage_token
+      "gethomepage.dev/widget.username" = var.homepage_username
+      "gethomepage.dev/widget.password" = var.homepage_password
+      "gethomepage.dev/widget.fields"   = "[\"total\"]"
+      "gethomepage.dev/pod-selector"    = ""
+      # gethomepage.dev/weight: 10 # optional
+      # gethomepage.dev/instance: "public" # optional
    }
  }

--- a/modules/kubernetes/reverse_proxy/factory/main.tf
+++ b/modules/kubernetes/reverse_proxy/factory/main.tf
@ -30,6 +30,9 @@ variable "proxy_timeout" {
  type    = number
  default = 60
 }
+variable "extra_annotations" {
+  default = {}
+}


 resource "kubernetes_service" "proxied-service" {
@ -58,7 +61,7 @@ resource "kubernetes_ingress_v1" "proxied-ingress" {
  metadata {
    name      = var.name
    namespace = var.namespace
-    annotations = {
+    annotations = merge({
      "nginx.ingress.kubernetes.io/backend-protocol" = "${var.backend_protocol}"
      "kubernetes.io/ingress.class"                  = "nginx"
      # "nginx.ingress.kubernetes.io/auth-url" : var.protected ? "https://oauth2.viktorbarzin.me/oauth2/auth" : null
@ -72,7 +75,7 @@ resource "kubernetes_ingress_v1" "proxied-ingress" {
      "nginx.ingress.kubernetes.io/proxy-send-timeout" : var.proxy_timeout
      "nginx.ingress.kubernetes.io/proxy-read-timeout" : var.proxy_timeout

-    }
+    }, var.extra_annotations)
  }

  spec {
--- a/modules/kubernetes/uptime-kuma/main.tf
+++ b/modules/kubernetes/uptime-kuma/main.tf
@ -97,6 +97,16 @@ resource "kubernetes_ingress_v1" "uptime-kuma" {
      "nginx.ingress.kubernetes.io/affinity"            = "cookie"
      "nginx.ingress.kubernetes.io/affinity-mode"       = "persistent"
      "nginx.ingress.kubernetes.io/session-cookie-name" = "_sa_nginx"
+
+      "gethomepage.dev/enabled"     = "true"
+      "gethomepage.dev/description" = "Uptime monitor"
+      # gethomepage.dev/group: Media
+      "gethomepage.dev/icon" : "uptime-kuma.png"
+      "gethomepage.dev/name"         = "Uptime Kuma"
+      "gethomepage.dev/widget.type"  = "uptimekuma"
+      "gethomepage.dev/widget.url"   = "https://uptime.viktorbarzin.me"
+      "gethomepage.dev/widget.slug"  = "cluster-internal"
+      "gethomepage.dev/pod-selector" = ""
    }
  }