From e386ddca96b9f02fa6a5a7114a8f5a981f2645f5 Mon Sep 17 00:00:00 2001
From: Viktor Barzin <vbarzin@gmail.com>
Date: Sat, 10 May 2025 19:12:01 +0000
Subject: [PATCH] add n8n and disable crowdsec temporarily [ci skip]

---
 main.tf                        |   3 +
 modules/kubernetes/main.tf     |  19 +++--
 modules/kubernetes/n8n/main.tf | 139 +++++++++++++++++++++++++++++++++
 3 files changed, 155 insertions(+), 6 deletions(-)
 create mode 100644 modules/kubernetes/n8n/main.tf

diff --git a/main.tf b/main.tf
index b9dfe94a..a08b4b04 100644
--- a/main.tf
+++ b/main.tf
@@ -99,6 +99,7 @@ variable "cloudflare_tunnel_token" {}
 variable "owntracks_credentials" {}
 variable "dawarich_database_password" {}
 variable "tandoor_database_password" {}
+variable "n8n_postgresql_password" {}
 
 # data "terraform_remote_state" "foo" {
 #   backend = "kubernetes"
@@ -410,6 +411,8 @@ module "kubernetes_cluster" {
 
   tandoor_database_password = var.tandoor_database_password
   tandoor_email_password    = var.mailserver_accounts["info@viktorbarzin.me"]
+
+  n8n_postgresql_password = var.n8n_postgresql_password
 }
 
 
diff --git a/modules/kubernetes/main.tf b/modules/kubernetes/main.tf
index e1fc23eb..1b563a8a 100644
--- a/modules/kubernetes/main.tf
+++ b/modules/kubernetes/main.tf
@@ -79,6 +79,7 @@ variable "owntracks_credentials" {}
 variable "dawarich_database_password" {}
 variable "tandoor_database_password" {}
 variable "tandoor_email_password" {}
+variable "n8n_postgresql_password" {}
 
 variable "defcon_level" {
   type    = number
@@ -407,12 +408,12 @@ module "nginx-ingress" {
   crowdsec_captcha_site_key   = var.ingress_crowdsec_captcha_site_key
 }
 
-module "crowdsec" {
-  source            = "./crowdsec"
-  tls_secret_name   = var.tls_secret_name
-  homepage_username = var.homepage_credentials["crowdsec"]["username"]
-  homepage_password = var.homepage_credentials["crowdsec"]["password"]
-}
+# module "crowdsec" {
+#   source            = "./crowdsec"
+#   tls_secret_name   = var.tls_secret_name
+#   homepage_username = var.homepage_credentials["crowdsec"]["username"]
+#   homepage_password = var.homepage_credentials["crowdsec"]["password"]
+# }
 
 # Seems like it needs S3 even if pg is local...
 # module "resume" {
@@ -606,3 +607,9 @@ module "tandoor" {
   tandoor_database_password = var.tandoor_database_password
   tandoor_email_password    = var.tandoor_email_password
 }
+
+module "n8n" {
+  source              = "./n8n"
+  tls_secret_name     = var.tls_secret_name
+  postgresql_password = var.n8n_postgresql_password
+}
diff --git a/modules/kubernetes/n8n/main.tf b/modules/kubernetes/n8n/main.tf
new file mode 100644
index 00000000..8aa8d13b
--- /dev/null
+++ b/modules/kubernetes/n8n/main.tf
@@ -0,0 +1,139 @@
+variable "tls_secret_name" {}
+variable "postgresql_password" {}
+
+module "tls_secret" {
+  source          = "../setup_tls_secret"
+  namespace       = "n8n"
+  tls_secret_name = var.tls_secret_name
+}
+
+resource "kubernetes_namespace" "immich" {
+  metadata {
+    name = "n8n"
+  }
+}
+
+resource "kubernetes_deployment" "n8n" {
+  metadata {
+    name      = "n8n"
+    namespace = "n8n"
+    labels = {
+      app = "n8n"
+    }
+  }
+  spec {
+    replicas = 1
+    selector {
+      match_labels = {
+        app = "n8n"
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          app                             = "n8n"
+          "kubernetes.io/cluster-service" = "true"
+        }
+      }
+      spec {
+        container {
+          name  = "n8n"
+          image = "docker.n8n.io/n8nio/n8n"
+          env {
+            name  = "DB_TYPE"
+            value = "postgresdb"
+          }
+          env {
+            name  = "DB_POSTGRESDB_DATABASE"
+            value = "n8n"
+          }
+          env {
+            name  = "DB_POSTGRESDB_HOST"
+            value = "postgresql.dbaas"
+          }
+          env {
+            name  = "DB_POSTGRESDB_PORT"
+            value = "5432"
+          }
+          env {
+            name  = "DB_POSTGRESDB_USER"
+            value = "n8n"
+          }
+          env {
+            name  = "DB_POSTGRESDB_PASSWORD"
+            value = var.postgresql_password
+          }
+          env {
+            name  = "GENERIC_TIMEZONE"
+            value = "Europe/Sofia"
+          }
+          env {
+            name  = "TZ"
+            value = "Europe/Sofia"
+          }
+          env {
+            name  = "DOMAIN_NAME"
+            value = "viktorbarzin.me"
+          }
+          env {
+            name  = "DOMAIN_NAME"
+            value = "n8n"
+          }
+          env {
+            name  = "N8N_EDITOR_BASE_URL"
+            value = "https://n8n.viktorbarzin.me"
+          }
+          env {
+            name  = "WEBHOOK_URL"
+            value = "https://n8n.viktorbarzin.me"
+          }
+          volume_mount {
+            name       = "data"
+            mount_path = "/home/node/.n8n"
+          }
+          port {
+            name           = "http"
+            container_port = 5678
+            protocol       = "TCP"
+          }
+        }
+        volume {
+          name = "data"
+          nfs {
+            path   = "/mnt/main/n8n"
+            server = "10.0.10.15"
+          }
+        }
+      }
+    }
+  }
+}
+
+resource "kubernetes_service" "n8n" {
+  metadata {
+    name      = "n8n"
+    namespace = "n8n"
+    labels = {
+      "app" = "n8n"
+    }
+  }
+
+  spec {
+    selector = {
+      app = "n8n"
+    }
+    port {
+      port        = "80"
+      target_port = "5678"
+    }
+  }
+}
+module "ingress" {
+  source          = "../ingress_factory"
+  namespace       = "n8n"
+  name            = "n8n"
+  tls_secret_name = var.tls_secret_name
+  extra_annotations = {
+    "nginx.ingress.kubernetes.io/proxy-body-size" : "20000m"
+  }
+}