diff --git a/modules/kubernetes/immich/chart_values.tpl b/modules/kubernetes/immich/chart_values.tpl index bdab9b56..9606f6e8 100644 --- a/modules/kubernetes/immich/chart_values.tpl +++ b/modules/kubernetes/immich/chart_values.tpl @@ -28,7 +28,7 @@ env: IMMICH_MACHINE_LEARNING_URL: "http://immich-machine-learning.immich.svc.cluster.local:3003" image: - tag: v1.114.0 + tag: v1.115.0 immich: persistence: diff --git a/modules/kubernetes/immich/main.tf b/modules/kubernetes/immich/main.tf index dfda5ee1..2e8398a4 100644 --- a/modules/kubernetes/immich/main.tf +++ b/modules/kubernetes/immich/main.tf @@ -113,7 +113,7 @@ resource "kubernetes_ingress_v1" "immich" { "nginx.ingress.kubernetes.io/proxy-send-timeout" : "600s", "nginx.ingress.kubernetes.io/proxy-connect-timeout" : "600s" "nginx.ingress.kubernetes.io/client-max-body-size" : "0" - "nginx.ingress.kubernetes.io/proxy-body-size" : "2G", + "nginx.ingress.kubernetes.io/proxy-body-size" : "10G", "nginx.ingress.kubernetes.io/proxy-buffering" : "on" "nginx.ingress.kubernetes.io/proxy-max-temp-file-size" : "4096m" "nginx.ingress.kubernetes.io/proxy-request-buffering" : "off" diff --git a/modules/kubernetes/main.tf b/modules/kubernetes/main.tf index 212abde7..4dddb2a1 100644 --- a/modules/kubernetes/main.tf +++ b/modules/kubernetes/main.tf @@ -479,3 +479,12 @@ module "meshcentral" { source = "./meshcentral" tls_secret_name = var.tls_secret_name } +# module "netbox" { +# source = "./netbox" +# tls_secret_name = var.tls_secret_name +# } + +# module "nextcloud" { +# source = "./nextcloud" +# tls_secret_name = var.tls_secret_name +# } diff --git a/modules/kubernetes/netbox/main.tf b/modules/kubernetes/netbox/main.tf new file mode 100644 index 00000000..0eef1fc4 --- /dev/null +++ b/modules/kubernetes/netbox/main.tf @@ -0,0 +1,190 @@ +variable "tls_secret_name" {} + +resource "kubernetes_namespace" "netbox" { + metadata { + name = "netbox" + } +} + +module "tls_secret" { + source = "../setup_tls_secret" + namespace = "netbox" + tls_secret_name = var.tls_secret_name +} + +resource "kubernetes_deployment" "netbox" { + metadata { + name = "netbox" + namespace = "netbox" + labels = { + app = "netbox" + } + annotations = { + "reloader.stakater.com/search" = "true" + } + } + spec { + replicas = 1 + strategy { + type = "Recreate" + } + selector { + match_labels = { + app = "netbox" + } + } + template { + metadata { + annotations = { + "diun.enable" = "true" + } + labels = { + app = "netbox" + } + } + spec { + container { + image = "lscr.io/linuxserver/netbox:v4.0.9-ls219" + name = "netbox" + env { + name = "DB_USER" + value = "netbox" + } + env { + name = "DB_PASSWORD" + value = "ttPSBjF9oPLb49XZst3sGF" + } + env { + name = "DB_HOST" + value = "postgresql.dbaas.svc.cluster.local" + } + env { + name = "REDIS_HOST" + value = "redis.redis" + } + env { + name = "ALLOWED_HOST" + value = "netbox.viktorbarzin.me" + } + env { + name = "SUPERUSER_EMAIL" + value = "me@viktorbarzin.me" + } + env { + name = "SUPERUSER_PASSWORD" + value = "ttPSBjF9oPLb49XZst3sGFasdf" + } + env { + name = "REMOTE_AUTH_ENABLED" + value = "True" + } + env { + name = "REMOTE_AUTH_AUTO_CREATE_USER" + value = "True" + } + + env { + name = "PUID" + value = 1000 + } + env { + name = "PGID" + value = 1000 + } + env { + name = "TZ" + value = "Europe/Sofia" + } + + port { + container_port = 8000 + } + # volume_mount { + # name = "data" + # mount_path = "/books" + # } + } + # volume { + # name = "data" + # nfs { + # path = "/mnt/main/netbox" + # server = "10.0.10.15" + # } + # } + } + } + } +} +resource "kubernetes_service" "netbox" { + metadata { + name = "netbox" + namespace = "netbox" + labels = { + "app" = "netbox" + } + } + + spec { + selector = { + app = "netbox" + } + port { + name = "http" + target_port = 8000 + port = 80 + protocol = "TCP" + } + } +} +resource "kubernetes_ingress_v1" "netbox" { + metadata { + name = "netbox" + namespace = "netbox" + annotations = { + "kubernetes.io/ingress.class" = "nginx" + # "nginx.ingress.kubernetes.io/proxy-body-size" : "5000m" + "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" + "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" + } + } + + spec { + tls { + hosts = ["netbox.viktorbarzin.me"] + secret_name = var.tls_secret_name + } + rule { + host = "netbox.viktorbarzin.me" + http { + path { + path = "/" + backend { + service { + name = "netbox" + port { + number = 80 + } + } + } + } + } + } + rule { + host = "books.viktorbarzin.me" + http { + path { + path = "/" + backend { + service { + name = "netbox" + port { + number = 80 + } + } + } + } + } + } + } +} + diff --git a/modules/kubernetes/nextcloud/chart_values.yaml b/modules/kubernetes/nextcloud/chart_values.yaml new file mode 100644 index 00000000..7918cea7 --- /dev/null +++ b/modules/kubernetes/nextcloud/chart_values.yaml @@ -0,0 +1,47 @@ +# ingress: +# enabled: true +# annotations: +# "kubernetes.io/ingress.class": "nginx" +# nginx.ingress.kubernetes.io/proxy-body-size: 4G +# # kubernetes.io/tls-acme: "true" +# # cert-manager.io/cluster-issuer: letsencrypt-prod +# # # Keep this in sync with the README.md: +# # nginx.ingress.kubernetes.io/server-snippet: |- +# # server_tokens off; +# # proxy_hide_header X-Powered-By; +# # rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last; +# # rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last; +# # rewrite ^/.well-known/host-meta /public.php?service=host-meta last; +# # rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json; +# # location = /.well-known/carddav { +# # return 301 $scheme://$host/remote.php/dav; +# # } +# # location = /.well-known/caldav { +# # return 301 $scheme://$host/remote.php/dav; +# # } +# # location = /robots.txt { +# # allow all; +# # log_not_found off; +# # access_log off; +# # } +# # location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { +# # deny all; +# # } +# # location ~ ^/(?:autotest|occ|issue|indie|db_|console) { +# # deny all; +# # } +# tls: +# - secretName: "${tls_secret_name}" +# hosts: +# - nextcloud.viktorbarzin.me +# labels: {} +# path: / +# pathType: Prefix + +nextcloud: + host: nextcloud.viktorbarin.me + trustedDomains: + - nextcloud.viktorbarin.me + extraEnv: + - name: TRUSTED_PROXIES + value: "127.0.0.1,10.0.0.0/8" diff --git a/modules/kubernetes/nextcloud/main.tf b/modules/kubernetes/nextcloud/main.tf new file mode 100644 index 00000000..0789f19e --- /dev/null +++ b/modules/kubernetes/nextcloud/main.tf @@ -0,0 +1,151 @@ +variable "tls_secret_name" {} + +module "tls_secret" { + source = "../setup_tls_secret" + namespace = "nextcloud" + tls_secret_name = var.tls_secret_name +} + +resource "kubernetes_namespace" "nextcloud" { + metadata { + name = "nextcloud" + labels = { + "istio-injection" : "disabled" + } + } +} + +resource "helm_release" "nextcloud" { + namespace = "nextcloud" + name = "nextcloud" + + repository = "https://nextcloud.github.io/helm/" + chart = "nextcloud" + atomic = true + # version = "0.7.0" + + values = [templatefile("${path.module}/chart_values.yaml", { tls_secret_name = var.tls_secret_name })] +} + +# resource "kubernetes_config_map" "config" { +# metadata { +# name = "config" +# namespace = "nextcloud" + +# annotations = { +# "reloader.stakater.com/match" = "true" +# } +# } + +# data = { +# "conf.yml" = file("${path.module}/conf.yml") +# } +# } + +# resource "kubernetes_deployment" "nextcloud" { +# metadata { +# name = "nextcloud" +# namespace = "nextcloud" +# labels = { +# app = "nextcloud" +# } +# annotations = { +# "reloader.stakater.com/search" = "true" +# } +# } +# spec { +# replicas = 1 +# selector { +# match_labels = { +# app = "nextcloud" +# } +# } +# template { +# metadata { +# annotations = { +# "diun.enable" = "true" +# } +# labels = { +# app = "nextcloud" +# } +# } +# spec { +# container { +# image = "lissy93/nextcloud:latest" +# name = "nextcloud" + +# port { +# container_port = 8080 +# } +# volume_mount { +# name = "config" +# mount_path = "/app/user-data/" +# } +# } +# volume { +# name = "config" +# config_map { +# name = "config" +# } +# } +# } +# } +# } +# } + +# resource "kubernetes_service" "nextcloud" { +# metadata { +# name = "nextcloud" +# namespace = "nextcloud" +# labels = { +# app = "nextcloud" +# } +# } + +# spec { +# selector = { +# app = "nextcloud" +# } +# port { +# name = "http" +# port = 80 +# target_port = 8080 +# } +# } +# } + +resource "kubernetes_ingress_v1" "nextcloud" { + metadata { + name = "nextcloud-ingress" + namespace = "nextcloud" + annotations = { + "kubernetes.io/ingress.class" = "nginx" + "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth" + "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" + } + } + + spec { + tls { + hosts = ["nextcloud.viktorbarzin.me"] + secret_name = var.tls_secret_name + } + rule { + host = "nextcloud.viktorbarzin.me" + http { + path { + path = "/" + backend { + service { + name = "nextcloud" + port { + number = 8080 + } + } + } + } + } + } + } +} + diff --git a/terraform.tfstate b/terraform.tfstate index e513c0ba..b8ed9f0b 100644 Binary files a/terraform.tfstate and b/terraform.tfstate differ