diff --git a/main.tf b/main.tf index 63ebf1d8..3aa2c33c 100644 --- a/main.tf +++ b/main.tf @@ -79,6 +79,7 @@ variable "vaultwarden_smtp_password" {} variable "resume_database_url" {} variable "resume_database_password" {} variable "resume_redis_url" {} +variable "resume_auth_secret" { type = string } variable "frigate_valchedrym_camera_credentials" { default = "" } variable "paperless_db_password" {} variable "diun_nfty_token" {} @@ -496,6 +497,7 @@ module "kubernetes_cluster" { resume_redis_url = var.resume_redis_url resume_database_password = var.resume_database_password resume_database_url = var.resume_database_url + resume_auth_secret = var.resume_auth_secret frigate_valchedrym_camera_credentials = var.frigate_valchedrym_camera_credentials diff --git a/modules/kubernetes/main.tf b/modules/kubernetes/main.tf index 737aba30..6123015c 100644 --- a/modules/kubernetes/main.tf +++ b/modules/kubernetes/main.tf @@ -63,6 +63,7 @@ variable "vaultwarden_smtp_password" {} variable "resume_database_url" {} variable "resume_database_password" {} variable "resume_redis_url" {} +variable "resume_auth_secret" { type = string } variable "frigate_valchedrym_camera_credentials" { default = "" } variable "paperless_db_password" {} variable "diun_nfty_token" {} @@ -590,16 +591,15 @@ module "crowdsec" { crowdsec_dash_machine_password = var.crowdsec_dash_machine_password } -# Seems like it needs S3 even if pg is local... -# module "resume" { -# source = "./resume" -# tier = local.tiers.aux -# for_each = contains(local.active_modules, "resume") ? { resume = true } : {} -# tls_secret_name = var.tls_secret_name -# redis_url = var.resume_redis_url -# database_url = var.resume_database_url -# db_password = var.resume_database_password -# } +module "resume" { + source = "./resume" + for_each = contains(local.active_modules, "resume") ? { resume = true } : {} + tls_secret_name = var.tls_secret_name + tier = local.tiers.aux + database_url = var.resume_database_url + auth_secret = var.resume_auth_secret + smtp_password = var.mailserver_accounts["info@viktorbarzin.me"] +} module "uptime-kuma" { source = "./uptime-kuma" diff --git a/modules/kubernetes/resume/main.tf b/modules/kubernetes/resume/main.tf index cf3fd0ef..7d819448 100644 --- a/modules/kubernetes/resume/main.tf +++ b/modules/kubernetes/resume/main.tf @@ -1,8 +1,19 @@ -variable "tls_secret_name" { type = string } +variable "tls_secret_name" {} variable "tier" { type = string } variable "database_url" { type = string } -variable "redis_url" { type = string } -variable "db_password" { type = string } +variable "auth_secret" { type = string } +variable "smtp_password" { type = string } + +locals { + namespace = "resume" + app_url = "https://resume.viktorbarzin.me" +} + +resource "kubernetes_namespace" "resume" { + metadata { + name = local.namespace + } +} module "tls_secret" { source = "../setup_tls_secret" @@ -10,17 +21,103 @@ module "tls_secret" { tls_secret_name = var.tls_secret_name } -resource "kubernetes_namespace" "resume" { +# Printer service (browserless chromium for PDF generation) +resource "kubernetes_deployment" "printer" { metadata { - name = "resume" + name = "printer" + namespace = kubernetes_namespace.resume.metadata[0].name + labels = { + app = "printer" + tier = var.tier + } + } + spec { + replicas = 1 + selector { + match_labels = { + app = "printer" + } + } + template { + metadata { + labels = { + app = "printer" + } + } + spec { + container { + name = "printer" + image = "ghcr.io/browserless/chromium:latest" + + port { + container_port = 3000 + } + + env { + name = "HEALTH" + value = "true" + } + env { + name = "CONCURRENT" + value = "20" + } + env { + name = "QUEUED" + value = "10" + } + + resources { + requests = { + memory = "256Mi" + cpu = "100m" + } + limits = { + memory = "2Gi" + cpu = "2" + } + } + + liveness_probe { + http_get { + path = "/pressure" + port = 3000 + } + initial_delay_seconds = 30 + period_seconds = 10 + timeout_seconds = 5 + } + readiness_probe { + http_get { + path = "/pressure" + port = 3000 + } + initial_delay_seconds = 10 + period_seconds = 10 + timeout_seconds = 5 + } + } + } + } } } -resource "random_string" "random" { - length = 32 - lower = true +resource "kubernetes_service" "printer" { + metadata { + name = "printer" + namespace = kubernetes_namespace.resume.metadata[0].name + } + spec { + selector = { + app = "printer" + } + port { + port = 3000 + target_port = 3000 + } + } } +# Reactive Resume app resource "kubernetes_deployment" "resume" { metadata { name = "resume" @@ -29,9 +126,6 @@ resource "kubernetes_deployment" "resume" { app = "resume" tier = var.tier } - annotations = { - "reloader.stakater.com/search" = "true" - } } spec { replicas = 1 @@ -48,69 +142,109 @@ resource "kubernetes_deployment" "resume" { } spec { container { - image = "amruthpillai/reactive-resume:server-latest" name = "resume" + image = "amruthpillai/reactive-resume:v5.0.3" + + port { + container_port = 3000 + } + + # Required env vars + env { + name = "APP_URL" + value = local.app_url + } env { name = "DATABASE_URL" value = var.database_url } env { - name = "REDIS_URL" - value = var.redis_url - } - env { - name = "PUBLIC_URL" - value = "https://resume.viktorbarzin.me" - } - env { - name = "PUBLIC_SERVER_URL" - value = "https://resume.viktorbarzin.me" - } - - env { - name = "POSTGRES_HOST" - value = "postgresql.dbaas.svc.cluster.local" - } - env { - name = "POSTGRES_DB" - value = "resume" - } - env { - name = "POSTGRES_USER" - value = "resume" - } - env { - name = "POSTGRES_PASSWORD" - value = var.db_password - } - env { - name = "JWT_SECRET" - value = random_string.random.result + name = "PRINTER_ENDPOINT" + value = "http://printer.${local.namespace}.svc.cluster.local:3000" } env { name = "AUTH_SECRET" - value = random_string.random.result + value = var.auth_secret } - env { - name = "SECRET_KEY" - value = random_string.random.result - } - env { - name = "JWT_EXPIRY_TIME" - value = 604800 - } - env { - name = "STORAGE_ENDPOINT" - value = "https://resume.viktorbarzin.me" - } - // There's a tone of these... I give up... - // check https://github.com/AmruthPillai/Reactive-Resume/blob/main/.env.example - port { - container_port = 3000 + # Server config + env { + name = "TZ" + value = "Etc/UTC" } - port { - container_port = 3100 + + # SMTP config for password reset emails + env { + name = "SMTP_HOST" + value = "mail.viktorbarzin.me" + } + env { + name = "SMTP_PORT" + value = "587" + } + env { + name = "SMTP_USER" + value = "info@viktorbarzin.me" + } + env { + name = "SMTP_PASS" + value = var.smtp_password + } + env { + name = "SMTP_FROM" + value = "Reactive Resume " + } + env { + name = "SMTP_SECURE" + value = "false" + } + + # Feature flags + env { + name = "FLAG_DISABLE_SIGNUPS" + value = "false" # toggle me + } + + volume_mount { + name = "data" + mount_path = "/app/data" + } + + resources { + requests = { + memory = "256Mi" + cpu = "100m" + } + limits = { + memory = "1Gi" + cpu = "1" + } + } + + liveness_probe { + http_get { + path = "/api/health" + port = 3000 + } + initial_delay_seconds = 60 + period_seconds = 30 + timeout_seconds = 10 + } + readiness_probe { + http_get { + path = "/api/health" + port = 3000 + } + initial_delay_seconds = 30 + period_seconds = 10 + timeout_seconds = 5 + } + } + volume { + name = "data" + nfs { + server = "10.0.10.15" + path = "/mnt/main/resume" } } } @@ -118,22 +252,16 @@ resource "kubernetes_deployment" "resume" { } } - resource "kubernetes_service" "resume" { metadata { name = "resume" namespace = kubernetes_namespace.resume.metadata[0].name - labels = { - "app" = "resume" - } } - spec { selector = { app = "resume" } port { - name = "http" port = 80 target_port = 3000 }