diff --git a/main.tf b/main.tf index eb6382a4..9dcb32eb 100644 --- a/main.tf +++ b/main.tf @@ -131,7 +131,6 @@ variable "grafana_db_password" { type = string } variable "clickhouse_password" { type = string } variable "clickhouse_postgres_password" { type = string } variable "wealthfolio_password_hash" { type = string } -variable "aiostreams_database_connection_string" { type = string } provider "kubernetes" { @@ -544,8 +543,6 @@ module "kubernetes_cluster" { clickhouse_postgres_password = var.clickhouse_postgres_password wealthfolio_password_hash = var.wealthfolio_password_hash - - aiostreams_database_connection_string = var.aiostreams_database_connection_string } diff --git a/modules/kubernetes/actualbudget/factory/main.tf b/modules/kubernetes/actualbudget/factory/main.tf index b19f1f06..fc615705 100644 --- a/modules/kubernetes/actualbudget/factory/main.tf +++ b/modules/kubernetes/actualbudget/factory/main.tf @@ -3,15 +3,13 @@ variable "name" {} variable "tag" { default = "latest" } -variable "tier" { type = string } resource "kubernetes_deployment" "actualbudget" { metadata { name = "actualbudget-${var.name}" namespace = "actualbudget" labels = { - app = "actualbudget-${var.name}" - tier = var.tier + app = "actualbudget-${var.name}" } annotations = { "reloader.stakater.com/search" = "true" diff --git a/modules/kubernetes/actualbudget/main.tf b/modules/kubernetes/actualbudget/main.tf index fa5259ae..4bf5380a 100644 --- a/modules/kubernetes/actualbudget/main.tf +++ b/modules/kubernetes/actualbudget/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } # To create a new deployment: /** @@ -31,7 +30,6 @@ module "viktor" { tag = "edge" tls_secret_name = var.tls_secret_name depends_on = [kubernetes_namespace.actualbudget] - tier = var.tier } # https://budget-anca.viktorbarzin.me/ @@ -41,5 +39,4 @@ module "anca" { tag = "edge" tls_secret_name = var.tls_secret_name depends_on = [kubernetes_namespace.actualbudget] - tier = var.tier } diff --git a/modules/kubernetes/audiobookshelf/main.tf b/modules/kubernetes/audiobookshelf/main.tf index 62d1207b..39e46787 100644 --- a/modules/kubernetes/audiobookshelf/main.tf +++ b/modules/kubernetes/audiobookshelf/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } resource "kubernetes_namespace" "audiobookshelf" { metadata { @@ -21,8 +20,7 @@ resource "kubernetes_deployment" "audiobookshelf" { name = "audiobookshelf" namespace = kubernetes_namespace.audiobookshelf.metadata[0].name labels = { - app = "audiobookshelf" - tier = var.tier + app = "audiobookshelf" } annotations = { "reloader.stakater.com/search" = "true" @@ -46,7 +44,7 @@ resource "kubernetes_deployment" "audiobookshelf" { } spec { container { - image = "ghcr.io/advplyr/audiobookshelf:2.32.1" + image = "ghcr.io/advplyr/audiobookshelf:latest" name = "audiobookshelf" port { diff --git a/modules/kubernetes/authentik/main.tf b/modules/kubernetes/authentik/main.tf index 483e3ef0..f5df26e1 100644 --- a/modules/kubernetes/authentik/main.tf +++ b/modules/kubernetes/authentik/main.tf @@ -1,7 +1,6 @@ variable "tls_secret_name" {} variable "secret_key" {} variable "postgres_password" {} -variable "tier" { type = string } module "tls_secret" { @@ -13,9 +12,6 @@ module "tls_secret" { resource "kubernetes_namespace" "authentik" { metadata { name = "authentik" - labels = { - tier = var.tier - } } } diff --git a/modules/kubernetes/authentik/pgbouncer.tf b/modules/kubernetes/authentik/pgbouncer.tf index d6d24a8b..f9c83fd9 100644 --- a/modules/kubernetes/authentik/pgbouncer.tf +++ b/modules/kubernetes/authentik/pgbouncer.tf @@ -29,8 +29,7 @@ resource "kubernetes_deployment" "pgbouncer" { name = "pgbouncer" namespace = "authentik" labels = { - app = "pgbouncer" - tier = var.tier + app = "pgbouncer" } } diff --git a/modules/kubernetes/blog/main.tf b/modules/kubernetes/blog/main.tf index eef7860e..91cf4fed 100644 --- a/modules/kubernetes/blog/main.tf +++ b/modules/kubernetes/blog/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } # variable "dockerhub_password" {} resource "kubernetes_namespace" "website" { @@ -28,8 +27,7 @@ resource "kubernetes_deployment" "blog" { name = "blog" namespace = kubernetes_namespace.website.metadata[0].name labels = { - run = "blog" - tier = var.tier + run = "blog" } } spec { diff --git a/modules/kubernetes/calibre/main.tf b/modules/kubernetes/calibre/main.tf index 32594172..040374bf 100644 --- a/modules/kubernetes/calibre/main.tf +++ b/modules/kubernetes/calibre/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } variable "homepage_username" { default = "" } @@ -100,8 +99,7 @@ resource "kubernetes_deployment" "calibre-web-automated" { name = "calibre-web-automated" namespace = kubernetes_namespace.calibre.metadata[0].name labels = { - app = "calibre-web-automated" - tier = var.tier + app = "calibre-web-automated" } annotations = { "reloader.stakater.com/search" = "true" @@ -252,8 +250,7 @@ resource "kubernetes_deployment" "annas-archive-stacks" { name = "annas-archive-stacks" namespace = kubernetes_namespace.calibre.metadata[0].name labels = { - app = "annas-archive-stacks" - tier = var.tier + app = "annas-archive-stacks" } } spec { diff --git a/modules/kubernetes/changedetection/main.tf b/modules/kubernetes/changedetection/main.tf index 06f16212..c7154e72 100644 --- a/modules/kubernetes/changedetection/main.tf +++ b/modules/kubernetes/changedetection/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } resource "kubernetes_namespace" "changedetection" { metadata { @@ -21,8 +20,7 @@ resource "kubernetes_deployment" "changedetection" { name = "changedetection" namespace = kubernetes_namespace.changedetection.metadata[0].name labels = { - app = "changedetection" - tier = var.tier + app = "changedetection" } } spec { diff --git a/modules/kubernetes/city-guesser/main.tf b/modules/kubernetes/city-guesser/main.tf index e6f8bac1..72fbd7e0 100644 --- a/modules/kubernetes/city-guesser/main.tf +++ b/modules/kubernetes/city-guesser/main.tf @@ -1,5 +1,5 @@ variable "tls_secret_name" {} -variable "tier" { type = string } +# variable "dockerhub_password" {} resource "kubernetes_namespace" "city-guesser" { metadata { @@ -16,13 +16,18 @@ module "tls_secret" { tls_secret_name = var.tls_secret_name } +# module "dockerhub_creds" { +# source = "../dockerhub_secret" +# namespace = "website" +# password = var.dockerhub_password +# } + resource "kubernetes_deployment" "city-guesser" { metadata { name = "city-guesser" namespace = "city-guesser" labels = { - run = "city-guesser" - tier = var.tier + run = "city-guesser" } } spec { diff --git a/modules/kubernetes/cloudflared/main.tf b/modules/kubernetes/cloudflared/main.tf index e5c63b45..bbd33b47 100644 --- a/modules/kubernetes/cloudflared/main.tf +++ b/modules/kubernetes/cloudflared/main.tf @@ -7,7 +7,6 @@ resource "kubernetes_namespace" "cloudflared" { name = "cloudflared" } } -variable "tier" { type = string } module "tls_secret" { source = "../setup_tls_secret" @@ -20,8 +19,7 @@ resource "kubernetes_deployment" "cloudflared" { name = "cloudflared" namespace = kubernetes_namespace.cloudflared.metadata[0].name labels = { - app = "cloudflared" - tier = var.tier + app = "cloudflared" } annotations = { "reloader.stakater.com/search" = "true" diff --git a/modules/kubernetes/crowdsec/main.tf b/modules/kubernetes/crowdsec/main.tf index a06fa429..e3cb5566 100644 --- a/modules/kubernetes/crowdsec/main.tf +++ b/modules/kubernetes/crowdsec/main.tf @@ -6,7 +6,6 @@ variable "enroll_key" {} variable "crowdsec_dash_api_key" { type = string } # used for web dash variable "crowdsec_dash_machine_id" { type = string } # used for web dash variable "crowdsec_dash_machine_password" { type = string } # used for web dash -variable "tier" { type = string } module "tls_secret" { source = "../setup_tls_secret" @@ -17,9 +16,6 @@ module "tls_secret" { resource "kubernetes_namespace" "crowdsec" { metadata { name = "crowdsec" - labels = { - tier = var.tier - } } } @@ -39,7 +35,7 @@ resource "kubernetes_config_map" "crowdsec_custom_scenarios" { description: "Detect IPs triggering too many HTTP 403s in NGINX ingress logs" filter: "evt.Meta.log_type == 'http_access-log' && evt.Parsed.status == '403'" groupby: "evt.Meta.source_ip" - leakspeed: "2s" + leakspeed: "30s" capacity: 10 blackhole: 5m labels: @@ -88,7 +84,6 @@ resource "kubernetes_deployment" "crowdsec-web" { labels = { app = "crowdsec_web" "kubernetes.io/cluster-service" = "true" - tier = var.tier } } spec { diff --git a/modules/kubernetes/cyberchef/main.tf b/modules/kubernetes/cyberchef/main.tf index b8f4041c..8049635e 100644 --- a/modules/kubernetes/cyberchef/main.tf +++ b/modules/kubernetes/cyberchef/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } resource "kubernetes_namespace" "cyberchef" { metadata { name = "cyberchef" @@ -17,8 +16,7 @@ resource "kubernetes_deployment" "cyberchef" { name = "cyberchef" namespace = kubernetes_namespace.cyberchef.metadata[0].name labels = { - app = "cyberchef" - tier = var.tier + app = "cyberchef" } annotations = { "reloader.stakater.com/search" = "true" diff --git a/modules/kubernetes/dashy/main.tf b/modules/kubernetes/dashy/main.tf index 67d839b7..1fb34fb9 100644 --- a/modules/kubernetes/dashy/main.tf +++ b/modules/kubernetes/dashy/main.tf @@ -1,6 +1,5 @@ variable "tls_secret_name" {} -variable "tier" { type = string } module "tls_secret" { source = "../setup_tls_secret" @@ -37,8 +36,7 @@ resource "kubernetes_deployment" "dashy" { name = "dashy" namespace = kubernetes_namespace.dashy.metadata[0].name labels = { - app = "dashy" - tier = var.tier + app = "dashy" } annotations = { "reloader.stakater.com/search" = "true" diff --git a/modules/kubernetes/dawarich/main.tf b/modules/kubernetes/dawarich/main.tf index 215b18ef..d6a1cef5 100644 --- a/modules/kubernetes/dawarich/main.tf +++ b/modules/kubernetes/dawarich/main.tf @@ -1,10 +1,9 @@ variable "tls_secret_name" {} -variable "tier" { type = string } variable "database_password" {} variable "geoapify_api_key" {} variable "image_version" { type = string - default = "0.37.1" + default = "0.36.3" } resource "kubernetes_namespace" "dawarich" { @@ -27,8 +26,7 @@ resource "kubernetes_deployment" "dawarich" { name = "dawarich" namespace = kubernetes_namespace.dawarich.metadata[0].name labels = { - app = "dawarich" - tier = var.tier + app = "dawarich" } annotations = { "reloader.stakater.com/search" = "true" @@ -139,78 +137,78 @@ resource "kubernetes_deployment" "dawarich" { # mount_path = "/var/app/tmp/imports/watched" # } } - # container { - # image = "freikin/dawarich:${var.image_version}" - # name = "dawarich-sidekiq" - # command = ["sidekiq-entrypoint.sh"] - # args = ["bundle exec sidekiq"] - # env { - # name = "REDIS_URL" - # value = "redis://redis.redis.svc.cluster.local:6379" - # } - # env { - # name = "DATABASE_HOST" - # value = "postgresql.dbaas" - # } - # env { - # name = "DATABASE_USERNAME" - # value = "dawarich" - # } - # env { - # name = "DATABASE_PASSWORD" - # value = var.database_password - # } - # env { - # name = "DATABASE_NAME" - # value = "dawarich" - # } - # env { - # name = "MIN_MINUTES_SPENT_IN_CITY" - # value = "60" - # } - # env { - # name = "BACKGROUND_PROCESSING_CONCURRENCY" - # value = "10" - # } - # env { - # name = "ENABLE_TELEMETRY" - # value = "true" - # } - # env { - # name = "APPLICATION_HOST" - # value = "dawarich.viktorbarzin.me" - # } - # # env { - # # name = "PROMETHEUS_EXPORTER_ENABLED" - # # value = "false" - # # } - # # env { - # # name = "PROMETHEUS_EXPORTER_HOST" - # # value = "dawarich.dawarich" - # # } - # # env { - # # name = "PHOTON_API_HOST" - # # value = "photon.dawarich:2322" - # # # value = "photon.komoot.io" - # # } - # # env { - # # name = "PHOTON_API_USE_HTTPS" - # # value = "false" - # # } - # env { - # name = "GEOAPIFY_API_KEY" - # value = var.geoapify_api_key - # } - # env { - # name = "SELF_HOSTED" - # value = "true" - # } + container { + image = "freikin/dawarich:${var.image_version}" + name = "dawarich-sidekiq" + command = ["sidekiq-entrypoint.sh"] + args = ["sidekiq"] + env { + name = "REDIS_URL" + value = "redis://redis.redis.svc.cluster.local:6379" + } + env { + name = "DATABASE_HOST" + value = "postgresql.dbaas" + } + env { + name = "DATABASE_USERNAME" + value = "dawarich" + } + env { + name = "DATABASE_PASSWORD" + value = var.database_password + } + env { + name = "DATABASE_NAME" + value = "dawarich" + } + env { + name = "MIN_MINUTES_SPENT_IN_CITY" + value = "60" + } + env { + name = "BACKGROUND_PROCESSING_CONCURRENCY" + value = "10" + } + env { + name = "ENABLE_TELEMETRY" + value = "true" + } + env { + name = "APPLICATION_HOST" + value = "dawarich.viktorbarzin.me" + } + # env { + # name = "PROMETHEUS_EXPORTER_ENABLED" + # value = "false" + # } + # env { + # name = "PROMETHEUS_EXPORTER_HOST" + # value = "dawarich.dawarich" + # } + # env { + # name = "PHOTON_API_HOST" + # value = "photon.dawarich:2322" + # # value = "photon.komoot.io" + # } + # env { + # name = "PHOTON_API_USE_HTTPS" + # value = "false" + # } + env { + name = "GEOAPIFY_API_KEY" + value = var.geoapify_api_key + } + env { + name = "SELF_HOSTED" + value = "true" + } - # # volume_mount { - # # name = "watched" - # # mount_path = "/var/app/tmp/imports/watched" - # # } - # } + # volume_mount { + # name = "watched" + # mount_path = "/var/app/tmp/imports/watched" + # } + } } } } diff --git a/modules/kubernetes/dbaas/main.tf b/modules/kubernetes/dbaas/main.tf index 0ec05257..5d3a9d8f 100644 --- a/modules/kubernetes/dbaas/main.tf +++ b/modules/kubernetes/dbaas/main.tf @@ -1,6 +1,5 @@ # DB as a service. Installs MySQL operator variable "tls_secret_name" {} -variable "tier" { type = string } variable "dbaas_root_password" {} variable "cluster_master_service" { default = "mysql" @@ -100,9 +99,6 @@ resource "kubernetes_deployment" "mysql" { annotations = { "reloader.stakater.com/search" = "true" } - labels = { - tier = var.tier - } } spec { replicas = 1 @@ -362,7 +358,6 @@ resource "kubernetes_deployment" "phpmyadmin" { namespace = kubernetes_namespace.dbaas.metadata[0].name labels = { "app" = "phpmyadmin" - tier = var.tier } annotations = { @@ -689,9 +684,6 @@ resource "kubernetes_deployment" "postgres" { annotations = { "reloader.stakater.com/search" = "true" } - labels = { - tier = var.tier - } } spec { selector { @@ -785,9 +777,6 @@ resource "kubernetes_deployment" "pgadmin" { annotations = { "reloader.stakater.com/search" = "true" } - labels = { - tier = var.tier - } } spec { selector { diff --git a/modules/kubernetes/descheduler/main.tf b/modules/kubernetes/descheduler/main.tf index e7fed580..4d49240a 100644 --- a/modules/kubernetes/descheduler/main.tf +++ b/modules/kubernetes/descheduler/main.tf @@ -74,7 +74,7 @@ resource "kubernetes_cluster_role_binding" "descheduler" { } } -resource "helm_release" "descheduler" { # rename me +resource "helm_release" "prometheus" { namespace = kubernetes_namespace.descheduler.metadata[0].name name = "descheduler" diff --git a/modules/kubernetes/diun/main.tf b/modules/kubernetes/diun/main.tf index 46aec4ca..3a075d4d 100644 --- a/modules/kubernetes/diun/main.tf +++ b/modules/kubernetes/diun/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } variable "diun_nfty_token" {} variable "diun_slack_url" {} @@ -57,8 +56,7 @@ resource "kubernetes_deployment" "diun" { name = "diun" namespace = kubernetes_namespace.diun.metadata[0].name labels = { - app = "diun" - tier = var.tier + app = "diun" } annotations = { "reloader.stakater.com/search" = "true" diff --git a/modules/kubernetes/drone/main.tf b/modules/kubernetes/drone/main.tf index eb730be6..de9c02a6 100644 --- a/modules/kubernetes/drone/main.tf +++ b/modules/kubernetes/drone/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } variable "github_client_id" {} variable "github_client_secret" {} variable "rpc_secret" {} @@ -44,8 +43,7 @@ resource "kubernetes_deployment" "drone_server" { name = "drone-server" namespace = kubernetes_namespace.drone.metadata[0].name labels = { - app = "drone" - tier = var.tier + app = "drone" } } spec { @@ -213,8 +211,7 @@ resource "kubernetes_deployment" "drone_runner" { name = "drone-runner" namespace = kubernetes_namespace.drone.metadata[0].name labels = { - app = "drone-runner" - tier = var.tier + app = "drone-runner" } } spec { @@ -289,8 +286,7 @@ resource "kubernetes_deployment" "drone_runner_secret" { name = "drone-runner-secret" namespace = kubernetes_namespace.drone.metadata[0].name labels = { - app = "drone-runner-secret" - tier = var.tier + app = "drone-runner-secret" } } spec { diff --git a/modules/kubernetes/ebook2audiobook/main.tf b/modules/kubernetes/ebook2audiobook/main.tf deleted file mode 100644 index 0e1801cc..00000000 --- a/modules/kubernetes/ebook2audiobook/main.tf +++ /dev/null @@ -1,291 +0,0 @@ - -variable "tls_secret_name" {} -variable "tier" { type = string } - -module "tls_secret" { - source = "../setup_tls_secret" - namespace = kubernetes_namespace.ebook2audiobook.metadata[0].name - tls_secret_name = var.tls_secret_name -} - -resource "kubernetes_namespace" "ebook2audiobook" { - metadata { - name = "ebook2audiobook" - labels = { - "istio-injection" : "disabled" - } - } -} - - -# resource "kubernetes_deployment" "ebook2audiobook" { -# metadata { -# name = "ebook2audiobook" -# namespace = kubernetes_namespace.ebook2audiobook.metadata[0].name -# labels = { -# app = "ebook2audiobook" -# } -# } -# spec { -# replicas = 1 -# strategy { -# type = "Recreate" -# } - -# selector { -# match_labels = { -# app = "ebook2audiobook" -# } -# } - -# template { -# metadata { -# labels = { -# app = "ebook2audiobook" -# } -# } - -# spec { -# container { -# name = "ebook2audiobook" -# # image = "docker.io/athomasson2/ebook2audiobook:latest" -# image = "docker.io/athomasson2/ebook2audiobook:v25.12.30-cu128" - -# working_dir = "/app" -# # command = ["python", "app.py", "--script_mode", "full_docker"] -# # command = ["/bin/bash", "-c", <<-EOT -# # # echo "Uninstalling current pytorch" -# # # pip uninstall -y torch torchvision torchaudio coqui-tts pyannote.audio torchcodec || true -# # # echo "Installing cuda13 compatible pytorch" -# # # pip install --pre --extra-index-url https://download.pytorch.org/whl/nightly/cu130 torch torchvision torchaudio pyannote.audio torchcodec triton deepspeed coqui-tts-trainer -# # # #pip install torch==2.9.0 torchvision==0.24.0 torchaudio==2.9.0 --index-url https://download.pytorch.org/whl/cu130 -# # # echo "Starting main container" -# # #python app.py --script_mode full_docker -# # sleep 3600 -# # EOT -# # ] - -# tty = true -# stdin = true - -# port { -# container_port = 7860 -# } - -# volume_mount { -# mount_path = "/app" -# name = "data" -# } - -# resources { -# limits = { -# "nvidia.com/gpu" = "1" -# } -# } -# security_context { -# privileged = true -# } -# } - -# volume { -# name = "data" -# nfs { -# server = "10.0.10.15" -# path = "/mnt/main/ebook2audiobook" -# } -# } -# } -# } -# } -# } - - -resource "kubernetes_service" "ebook2audiobook" { - metadata { - name = "ebook2audiobook" - namespace = kubernetes_namespace.ebook2audiobook.metadata[0].name - labels = { - "app" = "ebook2audiobook" - } - } - - spec { - selector = { - app = "ebook2audiobook" - } - port { - name = "http" - port = 80 - target_port = 7860 - } - } -} - -# resource "kubernetes_deployment" "piper" { -# metadata { -# name = "piper" -# namespace = kubernetes_namespace.ebook2audiobook.metadata[0].name -# labels = { -# app = "piper" -# } -# } -# spec { -# replicas = 1 -# strategy { -# type = "Recreate" -# } - -# selector { -# match_labels = { -# app = "piper" -# } -# } - -# template { -# metadata { -# labels = { -# app = "piper" -# } -# } - -# spec { -# container { -# name = "piper" -# # image = "lscr.io/linuxserver/piper:gpu" -# # image = "piper-tts-wyoming:latest" -# image = "viktorbarzin/piper" -# # image = "nvidia/cuda:12.8.1-cudnn-devel-ubuntu24.04" - -# # working_dir = "/app" -# command = ["sleep", "3600"] - -# volume_mount { -# mount_path = "/config" -# name = "data" -# } - -# resources { -# limits = { -# "nvidia.com/gpu" = "1" -# } -# } -# # env { -# # name = "PIPER_VOICE" -# # value = "en_US-lessac-medium" -# # } - -# env { -# name = "VOICE_MODEL" -# value = "en_US-lessac-medium" -# } -# env { -# name = "LOG_LEVEL" -# value = "DEBUG" -# } -# port { -# name = "web" -# container_port = 10200 -# } -# } - -# volume { -# name = "data" -# nfs { -# server = "10.0.10.15" -# path = "/mnt/main/piper" -# } -# } -# } -# } -# } -# } - -# resource "kubernetes_service" "piper" { -# metadata { -# name = "piper" -# namespace = kubernetes_namespace.ebook2audiobook.metadata[0].name -# labels = { -# "app" = "piper" -# } -# } - -# spec { -# selector = { -# app = "piper" -# } -# port { -# name = "http" -# port = 80 -# target_port = 10200 -# } -# } -# } - - -module "ingress" { - source = "../ingress_factory" - namespace = kubernetes_namespace.ebook2audiobook.metadata[0].name - name = "ebook2audiobook" - tls_secret_name = var.tls_secret_name - protected = true -} - - -resource "kubernetes_deployment" "audiblez" { - metadata { - name = "audiblez" - namespace = kubernetes_namespace.ebook2audiobook.metadata[0].name - labels = { - app = "audiblez" - tier = var.tier - } - } - spec { - replicas = 1 - selector { - match_labels = { - app = "audiblez" - } - } - template { - metadata { - labels = { - app = "audiblez" - } - } - spec { - node_selector = { - "gpu" : "true" - } - container { - image = "viktorbarzin/audiblez:latest" - name = "audiblez" - command = ["/usr/bin/sleep", "86400"] - volume_mount { - name = "data" - mount_path = "/mnt" - } - # security_context { - # privileged = true - # capabilities { - # add = ["SYS_ADMIN"] - # } - # } - resources { - limits = { - "nvidia.com/gpu" = "1" - } - } - } - volume { - name = "data" - nfs { - server = "10.0.10.15" - path = "/mnt/main/audiblez" - } - } - } - } - } -} - diff --git a/modules/kubernetes/echo/main.tf b/modules/kubernetes/echo/main.tf index 724e07d4..e668d87c 100644 --- a/modules/kubernetes/echo/main.tf +++ b/modules/kubernetes/echo/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } resource "kubernetes_namespace" "echo" { metadata { @@ -21,8 +20,7 @@ resource "kubernetes_deployment" "echo" { name = "echo" namespace = kubernetes_namespace.echo.metadata[0].name labels = { - app = "echo" - tier = var.tier + app = "echo" } } spec { diff --git a/modules/kubernetes/excalidraw/main.tf b/modules/kubernetes/excalidraw/main.tf index 2df6db3a..206f8879 100644 --- a/modules/kubernetes/excalidraw/main.tf +++ b/modules/kubernetes/excalidraw/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } resource "kubernetes_namespace" "excalidraw" { metadata { @@ -22,8 +21,7 @@ resource "kubernetes_deployment" "excalidraw" { name = "excalidraw" namespace = kubernetes_namespace.excalidraw.metadata[0].name labels = { - app = "excalidraw" - tier = var.tier + app = "excalidraw" } } spec { diff --git a/modules/kubernetes/f1-stream/main.tf b/modules/kubernetes/f1-stream/main.tf index 24caf9da..bb0569bb 100644 --- a/modules/kubernetes/f1-stream/main.tf +++ b/modules/kubernetes/f1-stream/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } resource "kubernetes_namespace" "f1-stream" { metadata { @@ -15,8 +14,7 @@ resource "kubernetes_deployment" "f1-stream" { name = "f1-stream" namespace = kubernetes_namespace.f1-stream.metadata[0].name labels = { - app = "f1-stream" - tier = var.tier + app = "f1-stream" } } spec { diff --git a/modules/kubernetes/forgejo/main.tf b/modules/kubernetes/forgejo/main.tf index b1960ff0..e495b8a6 100644 --- a/modules/kubernetes/forgejo/main.tf +++ b/modules/kubernetes/forgejo/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } resource "kubernetes_namespace" "forgejo" { metadata { @@ -21,8 +20,7 @@ resource "kubernetes_deployment" "forgejo" { name = "forgejo" namespace = kubernetes_namespace.forgejo.metadata[0].name labels = { - app = "forgejo" - tier = var.tier + app = "forgejo" } } spec { diff --git a/modules/kubernetes/freshrss/main.tf b/modules/kubernetes/freshrss/main.tf index 5972e2a2..545ba50f 100644 --- a/modules/kubernetes/freshrss/main.tf +++ b/modules/kubernetes/freshrss/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } module "tls_secret" { source = "../setup_tls_secret" @@ -21,7 +20,6 @@ resource "kubernetes_deployment" "freshrss" { labels = { app = "freshrss" "kubernetes.io/cluster-service" = "true" - tier = var.tier } } spec { diff --git a/modules/kubernetes/frigate/main.tf b/modules/kubernetes/frigate/main.tf index 215836a4..261b75bb 100644 --- a/modules/kubernetes/frigate/main.tf +++ b/modules/kubernetes/frigate/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } resource "kubernetes_namespace" "frigate" { metadata { @@ -21,8 +20,7 @@ resource "kubernetes_deployment" "frigate" { name = "frigate" namespace = kubernetes_namespace.frigate.metadata[0].name labels = { - app = "frigate" - tier = var.tier + app = "frigate" } annotations = { "reloader.stakater.com/search" = "true" diff --git a/modules/kubernetes/hackmd/main.tf b/modules/kubernetes/hackmd/main.tf index e8bbdaed..0d3d6490 100644 --- a/modules/kubernetes/hackmd/main.tf +++ b/modules/kubernetes/hackmd/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } variable "hackmd_db_password" {} resource "kubernetes_namespace" "hackmd" { @@ -24,7 +23,6 @@ resource "kubernetes_deployment" "hackmd" { labels = { app = "hackmd" "kubernetes.io/cluster-service" = "true" - tier = var.tier } } spec { diff --git a/modules/kubernetes/headscale/main.tf b/modules/kubernetes/headscale/main.tf index 61ad739c..9ffac4e9 100644 --- a/modules/kubernetes/headscale/main.tf +++ b/modules/kubernetes/headscale/main.tf @@ -1,6 +1,5 @@ variable "tls_secret_name" {} -variable "tier" { type = string } variable "headscale_config" {} variable "headscale_acl" {} @@ -21,8 +20,7 @@ resource "kubernetes_deployment" "headscale" { name = "headscale" namespace = kubernetes_namespace.headscale.metadata[0].name labels = { - app = "headscale" - tier = var.tier + app = "headscale" # scare to try but probably non-http will fail # "istio-injection" : "enabled" } diff --git a/modules/kubernetes/homepage/main.tf b/modules/kubernetes/homepage/main.tf index 9f8f0d31..ecdc421a 100644 --- a/modules/kubernetes/homepage/main.tf +++ b/modules/kubernetes/homepage/main.tf @@ -1,5 +1,5 @@ + variable "tls_secret_name" {} -variable "tier" { type = string } module "tls_secret" { source = "../setup_tls_secret" @@ -12,7 +12,6 @@ resource "kubernetes_namespace" "homepage" { name = "homepage" labels = { "istio-injection" : "disabled" - tier = var.tier } } } diff --git a/modules/kubernetes/immich/frame.tf b/modules/kubernetes/immich/frame.tf index 3d07176d..b81d29c5 100644 --- a/modules/kubernetes/immich/frame.tf +++ b/modules/kubernetes/immich/frame.tf @@ -41,9 +41,6 @@ resource "kubernetes_deployment" "immich-frame" { annotations = { "reloader.stakater.com/search" = "true" } - labels = { - tier = var.tier - } } spec { diff --git a/modules/kubernetes/immich/main.tf b/modules/kubernetes/immich/main.tf index aca51fe6..19522715 100644 --- a/modules/kubernetes/immich/main.tf +++ b/modules/kubernetes/immich/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } variable "postgresql_password" {} variable "homepage_token" {} variable "immich_version" { @@ -27,8 +26,7 @@ resource "kubernetes_deployment" "immich_server" { namespace = kubernetes_namespace.immich.metadata[0].name labels = { - app = "immich-server" - tier = var.tier + app = "immich-server" } } @@ -237,9 +235,6 @@ resource "kubernetes_deployment" "immich-postgres" { metadata { name = "immich-postgresql" namespace = kubernetes_namespace.immich.metadata[0].name - labels = { - tier = var.tier - } } spec { replicas = 1 @@ -339,9 +334,6 @@ resource "kubernetes_deployment" "immich-machine-learning" { metadata { name = "immich-machine-learning" namespace = kubernetes_namespace.immich.metadata[0].name - labels = { - tier = var.tier - } } spec { replicas = 1 diff --git a/modules/kubernetes/ingress_factory/main.tf b/modules/kubernetes/ingress_factory/main.tf index 89e8bc7c..4c21ac5f 100644 --- a/modules/kubernetes/ingress_factory/main.tf +++ b/modules/kubernetes/ingress_factory/main.tf @@ -107,7 +107,7 @@ resource "kubernetes_ingress_v1" "proxied-ingress" { "nginx.ingress.kubernetes.io/proxy-read-timeout" : var.proxy_timeout "nginx.ingress.kubernetes.io/proxy-buffering" : "on" - "nginx.ingress.kubernetes.io/whitelist-source-range" : var.allow_local_access_only ? "192.168.1.0/24, 10.0.0.0/8, ::1/128, fc00::/7, fe80::/10" : "0.0.0.0/0, ::/0" + "nginx.ingress.kubernetes.io/whitelist-source-range" : var.allow_local_access_only ? "192.168.1.0/24, 10.0.0.0/8" : "0.0.0.0/0" "nginx.ingress.kubernetes.io/ssl-redirect" : "${var.ssl_redirect}" # DDOS protection diff --git a/modules/kubernetes/isponsorblocktv/main.tf b/modules/kubernetes/isponsorblocktv/main.tf index e7b452be..40773697 100644 --- a/modules/kubernetes/isponsorblocktv/main.tf +++ b/modules/kubernetes/isponsorblocktv/main.tf @@ -1,5 +1,4 @@ # https://github.com/dmunozv04/iSponsorBlockTV -variable "tier" { type = string } resource "kubernetes_namespace" "isponsorblocktv" { metadata { @@ -18,8 +17,7 @@ resource "kubernetes_deployment" "isponsorblocktv-vermont" { name = "isponsorblocktv-vermont" namespace = kubernetes_namespace.isponsorblocktv.metadata[0].name labels = { - app = "isponsorblocktv-vermont" - tier = var.tier + app = "isponsorblocktv-vermont" } } spec { diff --git a/modules/kubernetes/jsoncrack/main.tf b/modules/kubernetes/jsoncrack/main.tf index bfa02284..db5d8df3 100644 --- a/modules/kubernetes/jsoncrack/main.tf +++ b/modules/kubernetes/jsoncrack/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } resource "kubernetes_namespace" "jsoncrack" { metadata { @@ -20,8 +19,7 @@ resource "kubernetes_deployment" "jsoncrack" { name = "jsoncrack" namespace = kubernetes_namespace.jsoncrack.metadata[0].name labels = { - app = "jsoncrack" - tier = var.tier + app = "jsoncrack" } } spec { diff --git a/modules/kubernetes/k8s-dashboard/main.tf b/modules/kubernetes/k8s-dashboard/main.tf index 20ded87d..ac815daf 100644 --- a/modules/kubernetes/k8s-dashboard/main.tf +++ b/modules/kubernetes/k8s-dashboard/main.tf @@ -1,6 +1,5 @@ variable "tls_secret_name" {} variable "client_certificate_secret_name" {} -variable "tier" { type = string } resource "random_password" "csrf_token" { length = 16 @@ -26,7 +25,6 @@ resource "kubernetes_namespace" "k8s-dashboard" { name = "kubernetes-dashboard" labels = { "istio-injection" : "disabled" - tier = var.tier } } } diff --git a/modules/kubernetes/keyserver/deploy_keyserver.yaml b/modules/kubernetes/keyserver/deploy_keyserver.yaml deleted file mode 100644 index 2a5b5291..00000000 --- a/modules/kubernetes/keyserver/deploy_keyserver.yaml +++ /dev/null @@ -1,155 +0,0 @@ -# @nocommit: job to periodically update the certs ---- -- name: Deploy Nginx-based key server for TrueNAS unlock - hosts: keyserver - become: true - vars: - server_name: "keyserver.viktorbarzin.me" - key_filename: "truenas.key" - htpasswd_user: "truenas" - htpasswd_password: "3RgTvqHWeiae7drCUBGyj6XZSIP" # replace with vault - ssl_cert_path: "/etc/ssl/certs/keyserver.crt" - ssl_key_path: "/etc/ssl/private/keyserver.key" - local_ssl_cert: "../../../secrets/fullchain.pem" # LOCAL path - local_ssl_key: "../../../secrets/privkey.pem" # LOCAL path - - tasks: - - - name: Install packages - apt: - name: - - nginx - - apache2-utils - - python3-passlib - state: present - update_cache: yes - - - name: Create basic-auth file - community.general.htpasswd: - path: /etc/nginx/.htpasswd - name: "{{ htpasswd_user }}" - password: "{{ htpasswd_password }}" - crypt_scheme: bcrypt - - - name: Create key directory - file: - path: /srv/keys - state: directory - owner: root - group: root - mode: '0755' - - - name: Create key file if it doesn't exist - command: "head -c 128 /dev/urandom > /srv/keys/{{ key_filename }}" - args: - creates: "/srv/keys/{{ key_filename }}" - - - name: Set key file permissions - file: - path: "/srv/keys/{{ key_filename }}" - owner: www-data - group: www-data - mode: '0640' - - - name: Enable info logging in nginx.conf - lineinfile: - path: /etc/nginx/nginx.conf - regexp: '^(\s*)error_log' - line: ' error_log /var/log/nginx/error.log info;' - insertafter: 'http {' - notify: reload nginx - - - name: Ensure rate limit config exists - copy: - dest: /etc/nginx/conf.d/ratelimit.conf - content: | - limit_req_zone $binary_remote_addr zone=authfail:10m rate=5r/m; - notify: reload nginx - - - name: Deploy keyserver nginx site - copy: - dest: /etc/nginx/sites-available/keyserver.conf - content: | - server { - listen 443 ssl; - server_name {{ server_name }}; - - ssl_certificate {{ ssl_cert_path }}; - ssl_certificate_key {{ ssl_key_path }}; - - ssl_protocols TLSv1.2 TLSv1.3; - ssl_prefer_server_ciphers on; - - limit_req zone=authfail burst=2 nodelay; - - location /keys/ { - alias /srv/keys/; - - auth_basic "Restricted"; - auth_basic_user_file /etc/nginx/.htpasswd; - - autoindex off; - - add_header Cache-Control "no-store, no-cache, must-revalidate, max-age=0" always; - } - } - notify: reload nginx - - - name: Enable keyserver site - file: - src: /etc/nginx/sites-available/keyserver.conf - dest: /etc/nginx/sites-enabled/keyserver.conf - state: link - notify: reload nginx - - - name: Remove default site - file: - path: /etc/nginx/sites-enabled/default - state: absent - notify: reload nginx - - - name: Copy SSL certificate to server - copy: - src: "{{ local_ssl_cert }}" - dest: "{{ ssl_cert_path }}" - owner: root - group: root - mode: '0644' - notify: reload nginx - - - name: Copy SSL private key to server - copy: - src: "{{ local_ssl_key }}" - dest: "{{ ssl_key_path }}" - owner: root - group: root - mode: '0644' - notify: reload nginx - - # - name: Create self-signed SSL certificate if missing - # command: > - # openssl req -x509 -newkey rsa:2048 -nodes - # -keyout {{ ssl_key_path }} - # -out {{ ssl_cert_path }} - # -days 365 - # -subj "/CN={{ server_name }}" - # args: - # creates: "{{ ssl_cert_path }}" - notify: reload nginx - - - name: Test nginx config - command: nginx -t - register: nginx_test - failed_when: "'successful' not in nginx_test.stderr" - - - name: Ensure nginx is running - service: - name: nginx - state: started - enabled: true - - handlers: - - name: reload nginx - service: - name: nginx - state: reloaded diff --git a/modules/kubernetes/kms/main.tf b/modules/kubernetes/kms/main.tf index 955a9b38..4d6d703b 100644 --- a/modules/kubernetes/kms/main.tf +++ b/modules/kubernetes/kms/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } resource "kubernetes_namespace" "kms" { metadata { @@ -33,7 +32,6 @@ resource "kubernetes_deployment" "kms-web-page" { labels = { "app" = "kms-web-page" "kubernetes.io/cluster-service" = "true" - tier = var.tier } } spec { @@ -123,8 +121,7 @@ resource "kubernetes_deployment" "windows_kms" { name = "kms" namespace = kubernetes_namespace.kms.metadata[0].name labels = { - app = "kms-service" - tier = var.tier + app = "kms-service" } } spec { diff --git a/modules/kubernetes/kyverno/main.tf b/modules/kubernetes/kyverno/main.tf deleted file mode 100644 index eb50274b..00000000 --- a/modules/kubernetes/kyverno/main.tf +++ /dev/null @@ -1,120 +0,0 @@ - -resource "kubernetes_namespace" "kyverno" { - metadata { - name = "kyverno" - labels = { - "istio-injection" : "disabled" - } - } -} - -resource "helm_release" "kyverno" { - namespace = kubernetes_namespace.kyverno.metadata[0].name - create_namespace = false - name = "kyverno" - atomic = true - - repository = "https://kyverno.github.io/kyverno/" - chart = "kyverno" - - # values = [templatefile("${path.module}/grafana_chart_values.yaml", { db_password = var.grafana_db_password })] -} - -# To unlabel all: -# kubectl label deployment,statefulset,daemonset --all-namespaces -l tier tier- -resource "kubernetes_manifest" "mutate_tier_from_namespace" { - manifest = { - apiVersion = "kyverno.io/v1" - kind = "ClusterPolicy" - metadata = { - name = "sync-tier-label-from-namespace" - } - spec = { - rules = [ - { - name = "lookup-and-add-tier" - match = { - any = [ - { - resources = { - kinds = ["Deployment", "StatefulSet", "DaemonSet"] - } - } - ] - } - exclude = { - any = [ - { - resources = { - namespaces = ["kube-system", "metallb-system", "n8n"] - } - } - ] - } - # Context allows us to perform an API call to get Namespace metadata - context = [ - { - name = "namespaceLabel" - apiCall = { - urlPath = "/api/v1/namespaces/{{request.namespace}}" - jmesPath = "metadata.labels.tier || 'default'" - } - } - ] - mutate = { - patchStrategicMerge = { - metadata = { - labels = { - # Injects the variable discovered in the context above - "+(tier)" = "{{namespaceLabel}}" - } - } - } - } - } - ] - } - } -} - -# resource "kubernetes_manifest" "enforce_pod_tier_label" { -# manifest = { -# apiVersion = "kyverno.io/v1" -# kind = "ClusterPolicy" -# metadata = { -# name = "enforce-pod-tier-label" -# annotations = { -# "policies.kyverno.io/description" = "Rejects any pod that does not have a tier label." -# } -# } -# spec = { -# # 'Enforce' blocks the creation. 'Audit' just reports it. -# validationFailureAction = "Enforce" -# background = true -# rules = [ -# { -# name = "check-for-tier-label" -# match = { -# any = [ -# { -# resources = { -# kinds = ["Pod"] -# } -# } -# ] -# } -# validate = { -# message = "The label 'tier' is required for all pods in this cluster." -# pattern = { -# metadata = { -# labels = { -# "tier" = "?*" # The "?*" syntax means the value must not be empty -# } -# } -# } -# } -# } -# ] -# } -# } -# } diff --git a/modules/kubernetes/linkwarden/main.tf b/modules/kubernetes/linkwarden/main.tf index a1d1ea66..b16a3fff 100644 --- a/modules/kubernetes/linkwarden/main.tf +++ b/modules/kubernetes/linkwarden/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } variable "postgresql_password" {} variable "authentik_client_id" {} variable "authentik_client_secret" {} @@ -27,8 +26,7 @@ resource "kubernetes_deployment" "linkwarden" { name = "linkwarden" namespace = kubernetes_namespace.linkwarden.metadata[0].name labels = { - app = "linkwarden" - tier = var.tier + app = "linkwarden" } annotations = { "reloader.stakater.com/search" = "true" diff --git a/modules/kubernetes/mailserver/main.tf b/modules/kubernetes/mailserver/main.tf index bd30225b..2e1b3805 100644 --- a/modules/kubernetes/mailserver/main.tf +++ b/modules/kubernetes/mailserver/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } variable "mailserver_accounts" {} variable "postfix_account_aliases" {} variable "opendkim_key" {} @@ -135,7 +134,6 @@ resource "kubernetes_deployment" "mailserver" { namespace = kubernetes_namespace.mailserver.metadata[0].name labels = { "app" = "mailserver" - tier = var.tier } annotations = { "reloader.stakater.com/search" = "true" @@ -159,6 +157,7 @@ resource "kubernetes_deployment" "mailserver" { labels = { "app" = "mailserver" "role" = "mail" + "tier" = "backend" } } spec { diff --git a/modules/kubernetes/mailserver/roundcubemail.tf b/modules/kubernetes/mailserver/roundcubemail.tf index 1eb4902d..d1217db8 100644 --- a/modules/kubernetes/mailserver/roundcubemail.tf +++ b/modules/kubernetes/mailserver/roundcubemail.tf @@ -32,7 +32,6 @@ resource "kubernetes_deployment" "roundcubemail" { namespace = "mailserver" labels = { "app" = "roundcubemail" - tier = var.tier } annotations = { "reloader.stakater.com/search" = "true" diff --git a/modules/kubernetes/main.tf b/modules/kubernetes/main.tf index 3e6ebb82..808a8f32 100644 --- a/modules/kubernetes/main.tf +++ b/modules/kubernetes/main.tf @@ -110,7 +110,6 @@ variable "grafana_db_password" { type = string } variable "clickhouse_password" { type = string } variable "clickhouse_postgres_password" { type = string } variable "wealthfolio_password_hash" { type = string } -variable "aiostreams_database_connection_string" { type = string } variable "defcon_level" { @@ -118,13 +117,13 @@ variable "defcon_level" { default = 5 validation { condition = var.defcon_level >= 1 && var.defcon_level <= 5 - error_message = "DEFCON level must be between 1 and 5. 1 is highest level of alertness" + error_message = "DEFCON level must be between 1 and 5. 1 is highest level or alertness" } } locals { defcon_modules = { 1 : ["wireguard", "technitium", "headscale", "nginx-ingress", "xray", "authentik", "cloudflare", "authelia", "monitoring"], # Critical connectivity services - 2 : ["vaultwarden", "redis", "immich", "nvidia", "metrics-server", "uptime-kuma", "crowdsec", "kyverno"], # Storage and other db services + 2 : ["vaultwarden", "redis", "immich", "nvidia", "metrics-server", "uptime-kuma", "crowdsec"], # Storage and other db services 3 : ["k8s-dashboard", "reverse-proxy"], # Cluster admin services 4 : [ "mailserver", "shadowsocks", "webhook_handler", "tuya-bridge", "dawarich", "owntracks", "nextcloud", @@ -136,21 +135,13 @@ locals { "url", "excalidraw", "travel_blog", "dashy", "send", "ytdlp", "wealthfolio", "rybbit", "stirling-pdf", "networking-toolbox", "navidrome", "freshrss", "forgejo", "tor-proxy", "real-estate-crawler", "n8n", "changedetection", "linkwarden", "matrix", "homepage", "meshcentral", "diun", "cyberchef", "ntfy", "ollama", - "servarr", "jsoncrack", "paperless-ngx", "frigate", "audiobookshelf", "tandoor", "ebook2audiobook", "netbox" + "servarr", "jsoncrack", "paperless-ngx", "frigate", "audiobookshelf", "tandoor" ], } active_modules = distinct(flatten([ for level in range(1, var.defcon_level + 1) : # From current level to 5 lookup(local.defcon_modules, level, []) ])) - - tiers = { - core = "0-core" # Bare minimum cluster primitives - cluster = "1-cluster" # All cluster primitives - gpu = "2-gpu" # GPU services - edge = "3-edge" # Critical user services - aux = "4-aux" # Optional user services - } } resource "null_resource" "core_services" { @@ -167,7 +158,6 @@ module "blog" { source = "./blog" tls_secret_name = var.tls_secret_name # dockerhub_password = var.dockerhub_password - tier = local.tiers.aux depends_on = [null_resource.core_services] } @@ -186,7 +176,6 @@ module "dbaas" { dbaas_root_password = var.dbaas_root_password postgresql_root_password = var.dbaas_postgresql_root_password pgadmin_password = var.dbaas_pgadmin_password - tier = local.tiers.core } module "descheduler" { @@ -210,7 +199,6 @@ module "drone" { rpc_secret = var.drone_rpc_secret server_host = "drone.viktorbarzin.me" server_proto = "https" - tier = local.tiers.edge depends_on = [null_resource.core_services] } @@ -219,7 +207,6 @@ module "f1-stream" { source = "./f1-stream" for_each = contains(local.active_modules, "f1-stream") ? { f1-stream = true } : {} tls_secret_name = var.tls_secret_name - tier = local.tiers.aux depends_on = [null_resource.core_services] } @@ -229,7 +216,6 @@ module "hackmd" { for_each = contains(local.active_modules, "hackmd") ? { hackmd = true } : {} hackmd_db_password = var.hackmd_db_password tls_secret_name = var.tls_secret_name - tier = local.tiers.edge depends_on = [null_resource.core_services] } @@ -244,14 +230,12 @@ module "kms" { source = "./kms" for_each = contains(local.active_modules, "kms") ? { kms = true } : {} tls_secret_name = var.tls_secret_name - tier = local.tiers.aux depends_on = [null_resource.core_services] } module "k8s-dashboard" { source = "./k8s-dashboard" - tier = local.tiers.cluster for_each = contains(local.active_modules, "k8s-dashboard") ? { k8s-dashboard = true } : {} tls_secret_name = var.tls_secret_name client_certificate_secret_name = var.client_certificate_secret_name @@ -268,14 +252,12 @@ module "mailserver" { opendkim_key = var.mailserver_opendkim_key sasl_passwd = var.mailserver_sasl_passwd roundcube_db_password = var.mailserver_roundcubemail_db_password - tier = local.tiers.edge depends_on = [null_resource.core_services] } module "metallb" { source = "./metallb" - tier = local.tiers.core } module "monitoring" { @@ -290,7 +272,6 @@ module "monitoring" { haos_api_token = var.haos_api_token pve_password = var.pve_password grafana_db_password = var.grafana_db_password - tier = local.tiers.cluster } # module "oauth" { @@ -323,24 +304,21 @@ module "privatebin" { source = "./privatebin" for_each = contains(local.active_modules, "privatebin") ? { privatebin = true } : {} tls_secret_name = var.tls_secret_name - tier = local.tiers.edge depends_on = [null_resource.core_services] } -# module "vault" { -# source = "./vault" -# tier = local.tiers.edge -# for_each = contains(local.active_modules, "vault") ? { vault = true } : {} -# tls_secret_name = var.tls_secret_name +module "vault" { + source = "./vault" + for_each = contains(local.active_modules, "vault") ? { vault = true } : {} + tls_secret_name = var.tls_secret_name -# depends_on = [null_resource.core_services] -# } + depends_on = [null_resource.core_services] +} module "reloader" { source = "./reloader" for_each = contains(local.active_modules, "reloader") ? { reloader = true } : {} - tier = local.tiers.aux depends_on = [null_resource.core_services] } @@ -349,7 +327,6 @@ module "shadowsocks" { source = "./shadowsocks" for_each = contains(local.active_modules, "shadowsocks") ? { shadowsocks = true } : {} password = var.shadowsocks_password - tier = local.tiers.edge depends_on = [null_resource.core_services] } @@ -358,7 +335,6 @@ module "city-guesser" { source = "./city-guesser" for_each = contains(local.active_modules, "city-guesser") ? { city-guesser = true } : {} tls_secret_name = var.tls_secret_name - tier = local.tiers.aux depends_on = [null_resource.core_services] } @@ -367,7 +343,6 @@ module "echo" { for_each = contains(local.active_modules, "echo") ? { echo = true } : {} tls_secret_name = var.tls_secret_name depends_on = [null_resource.core_services] - tier = local.tiers.edge } module "url" { @@ -377,7 +352,6 @@ module "url" { geolite_license_key = var.url_shortener_geolite_license_key api_key = var.url_shortener_api_key mysql_password = var.url_shortener_mysql_password - tier = local.tiers.aux depends_on = [null_resource.core_services] } @@ -393,7 +367,6 @@ module "webhook_handler" { git_user = var.webhook_handler_git_user git_token = var.webhook_handler_git_token ssh_key = var.webhook_handler_ssh_key - tier = local.tiers.aux depends_on = [null_resource.core_services] } @@ -405,7 +378,6 @@ module "wireguard" { wg_0_conf = var.wireguard_wg_0_conf wg_0_key = var.wireguard_wg_0_key firewall_sh = var.wireguard_firewall_sh - tier = local.tiers.cluster depends_on = [null_resource.core_services] } @@ -431,7 +403,6 @@ module "excalidraw" { source = "./excalidraw" for_each = contains(local.active_modules, "excalidraw") ? { excalidraw = true } : {} tls_secret_name = var.tls_secret_name - tier = local.tiers.aux depends_on = [null_resource.core_services] } @@ -448,7 +419,6 @@ module "travel_blog" { source = "./travel_blog" for_each = contains(local.active_modules, "travel_blog") ? { travel_blog = true } : {} tls_secret_name = var.tls_secret_name - tier = local.tiers.aux depends_on = [null_resource.core_services] } @@ -458,7 +428,6 @@ module "technitium" { for_each = contains(local.active_modules, "technitium") ? { technitium = true } : {} tls_secret_name = var.tls_secret_name homepage_token = var.homepage_credentials["technitium"]["token"] - tier = local.tiers.core } module "headscale" { @@ -467,7 +436,6 @@ module "headscale" { tls_secret_name = var.tls_secret_name headscale_config = var.headscale_config headscale_acl = var.headscale_acl - tier = local.tiers.core depends_on = [null_resource.core_services] } @@ -476,7 +444,6 @@ module "dashy" { source = "./dashy" for_each = contains(local.active_modules, "dashy") ? { dashy = true } : {} tls_secret_name = var.tls_secret_name - tier = local.tiers.aux depends_on = [null_resource.core_services] } @@ -491,7 +458,6 @@ module "vaultwarden" { for_each = contains(local.active_modules, "vaultwarden") ? { vaultwarden = true } : {} tls_secret_name = var.tls_secret_name smtp_password = var.vaultwarden_smtp_password - tier = local.tiers.edge } module "reverse-proxy" { @@ -507,7 +473,6 @@ module "send" { source = "./send" for_each = contains(local.active_modules, "send") ? { send = true } : {} tls_secret_name = var.tls_secret_name - tier = local.tiers.aux depends_on = [null_resource.core_services] } @@ -516,14 +481,12 @@ module "redis" { source = "./redis" for_each = contains(local.active_modules, "redis") ? { redis = true } : {} tls_secret_name = var.tls_secret_name - tier = local.tiers.core } module "ytdlp" { source = "./youtube_dl" for_each = contains(local.active_modules, "ytdlp") ? { ytdlp = true } : {} tls_secret_name = var.tls_secret_name - tier = local.tiers.aux depends_on = [null_resource.core_services] } @@ -535,14 +498,12 @@ module "immich" { postgresql_password = var.immich_postgresql_password frame_api_key = var.immich_frame_api_key homepage_token = var.homepage_credentials["immich"]["token"] - tier = local.tiers.gpu depends_on = [null_resource.core_services] } module "nginx-ingress" { source = "./nginx-ingress" - tier = local.tiers.core for_each = contains(local.active_modules, "nginx-ingress") ? { nginx-ingress = true } : {} honeypotapikey = var.ingress_honeypotapikey crowdsec_api_key = var.ingress_crowdsec_api_key @@ -552,7 +513,6 @@ module "nginx-ingress" { module "crowdsec" { source = "./crowdsec" - tier = local.tiers.cluster for_each = contains(local.active_modules, "crowdsec") ? { crowdsec = true } : {} tls_secret_name = var.tls_secret_name homepage_username = var.homepage_credentials["crowdsec"]["username"] @@ -576,7 +536,6 @@ module "uptime-kuma" { source = "./uptime-kuma" for_each = contains(local.active_modules, "uptime-kuma") ? { uptime-kuma = true } : {} tls_secret_name = var.tls_secret_name - tier = local.tiers.cluster depends_on = [null_resource.core_services] } @@ -587,7 +546,6 @@ module "calibre" { tls_secret_name = var.tls_secret_name homepage_username = var.homepage_credentials["calibre-web"]["username"] homepage_password = var.homepage_credentials["calibre-web"]["password"] - tier = local.tiers.edge depends_on = [null_resource.core_services] } @@ -602,7 +560,6 @@ module "audiobookshelf" { source = "./audiobookshelf" for_each = contains(local.active_modules, "audiobookshelf") ? { audiobookshelf = true } : {} tls_secret_name = var.tls_secret_name - tier = local.tiers.aux depends_on = [null_resource.core_services] } @@ -611,7 +568,6 @@ module "frigate" { source = "./frigate" for_each = contains(local.active_modules, "frigate") ? { frigate = true } : {} tls_secret_name = var.tls_secret_name - tier = local.tiers.gpu depends_on = [null_resource.core_services] } @@ -625,7 +581,6 @@ module "frigate" { module "cloudflared" { source = "./cloudflared" - tier = local.tiers.core # for_each = contains(local.active_modules, "cloudflared") ? { cloudflared = true } : {} tls_secret_name = var.tls_secret_name @@ -660,7 +615,6 @@ module "cloudflared" { module "metrics-server" { source = "./metrics-server" - tier = local.tiers.cluster for_each = contains(local.active_modules, "metrics-server") ? { metrics-server = true } : {} tls_secret_name = var.tls_secret_name } @@ -673,7 +627,6 @@ module "paperless-ngx" { # homepage_token = var.homepage_credentials["paperless-ngx"]["token"] homepage_username = var.homepage_credentials["paperless-ngx"]["username"] homepage_password = var.homepage_credentials["paperless-ngx"]["password"] - tier = local.tiers.edge depends_on = [null_resource.core_services] } @@ -682,7 +635,6 @@ module "jsoncrack" { source = "./jsoncrack" for_each = contains(local.active_modules, "jsoncrack") ? { jsoncrack = true } : {} tls_secret_name = var.tls_secret_name - tier = local.tiers.aux depends_on = [null_resource.core_services] } @@ -691,10 +643,8 @@ module "servarr" { source = "./servarr" for_each = contains(local.active_modules, "servarr") ? { servarr = true } : {} tls_secret_name = var.tls_secret_name - tier = local.tiers.aux - depends_on = [null_resource.core_services] - aiostreams_database_connection_string = var.aiostreams_database_connection_string + depends_on = [null_resource.core_services] } # module "dnscat2" { @@ -706,7 +656,6 @@ module "ollama" { # Disabled as it requires too much resources... source = "./ollama" for_each = contains(local.active_modules, "ollama") ? { ollama = true } : {} tls_secret_name = var.tls_secret_name - tier = local.tiers.gpu depends_on = [null_resource.core_services] } @@ -715,7 +664,6 @@ module "ntfy" { source = "./ntfy" for_each = contains(local.active_modules, "ntfy") ? { ntfy = true } : {} tls_secret_name = var.tls_secret_name - tier = local.tiers.aux depends_on = [null_resource.core_services] } @@ -724,7 +672,6 @@ module "cyberchef" { source = "./cyberchef" for_each = contains(local.active_modules, "cyberchef") ? { cyberchef = true } : {} tls_secret_name = var.tls_secret_name - tier = local.tiers.aux depends_on = [null_resource.core_services] } @@ -735,7 +682,6 @@ module "diun" { tls_secret_name = var.tls_secret_name diun_nfty_token = var.diun_nfty_token diun_slack_url = var.diun_slack_url - tier = local.tiers.aux depends_on = [null_resource.core_services] } @@ -744,30 +690,25 @@ module "meshcentral" { source = "./meshcentral" for_each = contains(local.active_modules, "meshcentral") ? { meshcentral = true } : {} tls_secret_name = var.tls_secret_name - tier = local.tiers.aux depends_on = [null_resource.core_services] } -module "netbox" { - source = "./netbox" - for_each = contains(local.active_modules, "netbox") ? { netbox = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.aux -} +# module "netbox" { +# source = "./netbox" +# tls_secret_name = var.tls_secret_name +# } module "nextcloud" { source = "./nextcloud" for_each = contains(local.active_modules, "nextcloud") ? { nextcloud = true } : {} tls_secret_name = var.tls_secret_name db_password = var.nextcloud_db_password - tier = local.tiers.edge depends_on = [null_resource.core_services] } module "homepage" { source = "./homepage" - tier = local.tiers.aux for_each = contains(local.active_modules, "homepage") ? { homepage = true } : {} tls_secret_name = var.tls_secret_name @@ -778,14 +719,12 @@ module "matrix" { source = "./matrix" for_each = contains(local.active_modules, "matrix") ? { matrix = true } : {} tls_secret_name = var.tls_secret_name - tier = local.tiers.aux depends_on = [null_resource.core_services] } module "authentik" { source = "./authentik" - tier = local.tiers.core for_each = contains(local.active_modules, "authentik") ? { authentik = true } : {} tls_secret_name = var.tls_secret_name secret_key = var.authentik_secret_key @@ -799,7 +738,6 @@ module "linkwarden" { postgresql_password = var.linkwarden_postgresql_password authentik_client_id = var.linkwarden_authentik_client_id authentik_client_secret = var.linkwarden_authentik_client_secret - tier = local.tiers.aux depends_on = [null_resource.core_services] } @@ -808,7 +746,6 @@ module "actualbudget" { source = "./actualbudget" for_each = contains(local.active_modules, "actualbudget") ? { actualbudget = true } : {} tls_secret_name = var.tls_secret_name - tier = local.tiers.edge depends_on = [null_resource.core_services] } @@ -818,7 +755,6 @@ module "owntracks" { for_each = contains(local.active_modules, "owntracks") ? { owntracks = true } : {} tls_secret_name = var.tls_secret_name owntracks_credentials = var.owntracks_credentials - tier = local.tiers.aux depends_on = [null_resource.core_services] } @@ -829,7 +765,6 @@ module "dawarich" { tls_secret_name = var.tls_secret_name database_password = var.dawarich_database_password geoapify_api_key = var.geoapify_api_key - tier = local.tiers.edge depends_on = [null_resource.core_services] } @@ -838,7 +773,6 @@ module "changedetection" { source = "./changedetection" for_each = contains(local.active_modules, "changedetection") ? { changedetection = true } : {} tls_secret_name = var.tls_secret_name - tier = local.tiers.aux depends_on = [null_resource.core_services] } @@ -848,7 +782,6 @@ module "tandoor" { tls_secret_name = var.tls_secret_name tandoor_database_password = var.tandoor_database_password tandoor_email_password = var.tandoor_email_password - tier = local.tiers.aux depends_on = [null_resource.core_services] } @@ -858,7 +791,6 @@ module "n8n" { for_each = contains(local.active_modules, "n8n") ? { n8n = true } : {} tls_secret_name = var.tls_secret_name postgresql_password = var.n8n_postgresql_password - tier = local.tiers.aux depends_on = [null_resource.core_services] } @@ -869,7 +801,6 @@ module "real-estate-crawler" { tls_secret_name = var.tls_secret_name db_password = var.realestate_crawler_db_password notification_settings = var.realestate_crawler_notification_settings - tier = local.tiers.aux depends_on = [null_resource.core_services] } @@ -878,7 +809,6 @@ module "tor-proxy" { source = "./tor-proxy" for_each = contains(local.active_modules, "tor-proxy") ? { tor-proxy = true } : {} tls_secret_name = var.tls_secret_name - tier = local.tiers.aux depends_on = [null_resource.core_services] } @@ -895,7 +825,6 @@ module "onlyoffice" { tls_secret_name = var.tls_secret_name db_password = var.onlyoffice_db_password jwt_token = var.onlyoffice_jwt_token - tier = local.tiers.edge depends_on = [null_resource.core_services] } @@ -905,7 +834,6 @@ module "forgejo" { source = "./forgejo" for_each = contains(local.active_modules, "forgejo") ? { forgejo = true } : {} tls_secret_name = var.tls_secret_name - tier = local.tiers.edge depends_on = [null_resource.core_services] } @@ -914,7 +842,6 @@ module "xray" { source = "./xray" for_each = contains(local.active_modules, "xray") ? { xray = true } : {} tls_secret_name = var.tls_secret_name - tier = local.tiers.aux xray_reality_clients = var.xray_reality_clients xray_reality_private_key = var.xray_reality_private_key @@ -927,7 +854,6 @@ module "freshrss" { source = "./freshrss" for_each = contains(local.active_modules, "freshrss") ? { freshrss = true } : {} tls_secret_name = var.tls_secret_name - tier = local.tiers.aux depends_on = [null_resource.core_services] } @@ -936,7 +862,6 @@ module "navidrome" { source = "./navidrome" for_each = contains(local.active_modules, "navidrome") ? { navidrome = true } : {} tls_secret_name = var.tls_secret_name - tier = local.tiers.aux depends_on = [null_resource.core_services] } @@ -945,7 +870,6 @@ module "networking-toolbox" { source = "./networking-toolbox" for_each = contains(local.active_modules, "networking-toolbox") ? { networking-toolbox = true } : {} tls_secret_name = var.tls_secret_name - tier = local.tiers.aux depends_on = [null_resource.core_services] } @@ -954,7 +878,6 @@ module "tuya-bridge" { source = "./tuya-bridge" for_each = contains(local.active_modules, "tuya-bridge") ? { tuya-bridge = true } : {} tls_secret_name = var.tls_secret_name - tier = local.tiers.cluster tiny_tuya_api_key = var.tiny_tuya_api_key tiny_tuya_api_secret = var.tiny_tuya_api_secret @@ -969,7 +892,6 @@ module "stirling-pdf" { source = "./stirling-pdf" for_each = contains(local.active_modules, "stirling-pdf") ? { stirling-pdf = true } : {} tls_secret_name = var.tls_secret_name - tier = local.tiers.aux depends_on = [null_resource.core_services] } @@ -977,7 +899,6 @@ module "stirling-pdf" { module "isponsorblocktv" { source = "./isponsorblocktv" for_each = contains(local.active_modules, "isponsorblocktv") ? { isponsorblocktv = true } : {} - tier = local.tiers.edge depends_on = [null_resource.core_services] } @@ -986,15 +907,12 @@ module "nvidia" { source = "./nvidia" for_each = contains(local.active_modules, "nvidia") ? { nvidia = true } : {} tls_secret_name = var.tls_secret_name - tier = local.tiers.gpu } -module "ebook2audiobook" { - source = "./ebook2audiobook" - for_each = contains(local.active_modules, "ebook2audiobook") ? { ebook2audiobook = true } : {} - tls_secret_name = var.tls_secret_name - tier = local.tiers.gpu -} +# module "ebook2audiobook" { +# source = "./ebook2audiobook" +# tls_secret_name = var.tls_secret_name +# } module "rybbit" { source = "./rybbit" @@ -1002,7 +920,6 @@ module "rybbit" { tls_secret_name = var.tls_secret_name clickhouse_password = var.clickhouse_password postgres_password = var.clickhouse_postgres_password - tier = local.tiers.aux depends_on = [null_resource.core_services] } @@ -1012,13 +929,6 @@ module "wealthfolio" { for_each = contains(local.active_modules, "wealthfolio") ? { wealthfolio = true } : {} tls_secret_name = var.tls_secret_name wealthfolio_password_hash = var.wealthfolio_password_hash - tier = local.tiers.aux depends_on = [null_resource.core_services] } - -module "kyverno" { - source = "./kyverno" - for_each = contains(local.active_modules, "kyverno") ? { kyverno = true } : {} - depends_on = [null_resource.core_services] -} diff --git a/modules/kubernetes/matrix/main.tf b/modules/kubernetes/matrix/main.tf index 12a069af..bd025f73 100644 --- a/modules/kubernetes/matrix/main.tf +++ b/modules/kubernetes/matrix/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } resource "kubernetes_namespace" "matrix" { metadata { @@ -21,8 +20,7 @@ resource "kubernetes_deployment" "matrix" { name = "matrix" namespace = kubernetes_namespace.matrix.metadata[0].name labels = { - app = "matrix" - tier = var.tier + app = "matrix" } } spec { diff --git a/modules/kubernetes/meshcentral/main.tf b/modules/kubernetes/meshcentral/main.tf index 563d53dc..12609f05 100644 --- a/modules/kubernetes/meshcentral/main.tf +++ b/modules/kubernetes/meshcentral/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } resource "kubernetes_namespace" "meshcentral" { metadata { @@ -21,8 +20,7 @@ resource "kubernetes_deployment" "meshcentral" { name = "meshcentral" namespace = kubernetes_namespace.meshcentral.metadata[0].name labels = { - app = "meshcentral" - tier = var.tier + app = "meshcentral" } annotations = { "reloader.stakater.com/search" = "true" diff --git a/modules/kubernetes/metallb/main.tf b/modules/kubernetes/metallb/main.tf index 1659f08e..374f377c 100644 --- a/modules/kubernetes/metallb/main.tf +++ b/modules/kubernetes/metallb/main.tf @@ -4,29 +4,16 @@ # source = "colinwilson/metallb/kubernetes" # version = "0.1.7" # } -variable "tier" { type = string } - -resource "kubernetes_namespace" "metallb" { - metadata { - name = "metallb-system" - labels = { - app = "metallb" - # "istio-injection" : "disabled" - # tier = var.tier - } - } -} module "metallb" { - source = "ViktorBarzin/metallb/kubernetes" - version = "0.1.5" - depends_on = [kubernetes_namespace.metallb] + source = "ViktorBarzin/metallb/kubernetes" + version = "0.1.5" } resource "kubernetes_config_map" "config" { metadata { name = "config" - namespace = kubernetes_namespace.metallb.metadata[0].name + namespace = "metallb-system" } data = { config = < 60 + expr: node_hwmon_temp_celsius{instance="pve-node-r730"} * on(chip) group_left(chip_name) node_hwmon_chip_names{instance="pve-node-r730"} > 75 for: 30m labels: severity: page @@ -303,8 +302,8 @@ serverFiles: annotations: summary: "Low registry cache hit rate" - alert: NodeHighCPUUsage - expr: pve_cpu_usage_ratio > 0.3 - for: 6h + expr: node_load1{instance!="pve-node-r730"} > 2 + for: 20m labels: severity: page annotations: @@ -473,8 +472,8 @@ extraScrapeConfigs: | regex: '(.*)' replacement: 'r730_idrac_$${1}' - job_name: 'redfish-idrac' - scrape_interval: 1m - scrape_timeout: 45s + scrape_interval: 3m + scrape_timeout: 1m metrics_path: /metrics static_configs: - targets: diff --git a/modules/kubernetes/monitoring/pve_exporter.tf b/modules/kubernetes/monitoring/pve_exporter.tf index 74937a05..af20cd19 100644 --- a/modules/kubernetes/monitoring/pve_exporter.tf +++ b/modules/kubernetes/monitoring/pve_exporter.tf @@ -20,9 +20,6 @@ resource "kubernetes_deployment" "pve_exporter" { metadata { name = "proxmox-exporter" namespace = kubernetes_namespace.monitoring.metadata[0].name - labels = { - tier = var.tier - } } spec { diff --git a/modules/kubernetes/monitoring/snmp_exporter.tf b/modules/kubernetes/monitoring/snmp_exporter.tf index 9f97bda8..f8c3eeb3 100644 --- a/modules/kubernetes/monitoring/snmp_exporter.tf +++ b/modules/kubernetes/monitoring/snmp_exporter.tf @@ -29,8 +29,7 @@ resource "kubernetes_deployment" "snmp-exporter" { name = "snmp-exporter" namespace = kubernetes_namespace.monitoring.metadata[0].name labels = { - app = "snmp-exporter" - tier = var.tier + app = "snmp-exporter" } annotations = { "reloader.stakater.com/search" = "true" diff --git a/modules/kubernetes/n8n/main.tf b/modules/kubernetes/n8n/main.tf index 77c06fe4..29cd54d0 100644 --- a/modules/kubernetes/n8n/main.tf +++ b/modules/kubernetes/n8n/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } variable "postgresql_password" {} module "tls_secret" { @@ -19,8 +18,7 @@ resource "kubernetes_deployment" "n8n" { name = "n8n" namespace = kubernetes_namespace.n8n.metadata[0].name labels = { - app = "n8n" - tier = var.tier + app = "n8n" } } spec { @@ -33,7 +31,8 @@ resource "kubernetes_deployment" "n8n" { template { metadata { labels = { - app = "n8n" + app = "n8n" + "kubernetes.io/cluster-service" = "true" } } spec { diff --git a/modules/kubernetes/navidrome/main.tf b/modules/kubernetes/navidrome/main.tf index 12d21684..b1597eaa 100644 --- a/modules/kubernetes/navidrome/main.tf +++ b/modules/kubernetes/navidrome/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } resource "kubernetes_namespace" "navidrome" { metadata { @@ -21,8 +20,8 @@ resource "kubernetes_deployment" "navidrome" { name = "navidrome" namespace = kubernetes_namespace.navidrome.metadata[0].name labels = { - app = "navidrome" - tier = var.tier + app = "navidrome" + "kubernetes.io/cluster-service" = "true" } } spec { @@ -38,7 +37,8 @@ resource "kubernetes_deployment" "navidrome" { template { metadata { labels = { - app = "navidrome" + app = "navidrome" + "kubernetes.io/cluster-service" = "true" } } spec { diff --git a/modules/kubernetes/netbox/main.tf b/modules/kubernetes/netbox/main.tf index 21ee2c51..46c9f58a 100644 --- a/modules/kubernetes/netbox/main.tf +++ b/modules/kubernetes/netbox/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } resource "kubernetes_namespace" "netbox" { metadata { @@ -13,22 +12,12 @@ module "tls_secret" { tls_secret_name = var.tls_secret_name } -resource "random_string" "random" { - length = 50 - lower = true -} -resource "random_string" "api_token_pepper" { - length = 50 - lower = true -} - resource "kubernetes_deployment" "netbox" { metadata { name = "netbox" namespace = kubernetes_namespace.netbox.metadata[0].name labels = { - app = "netbox" - tier = var.tier + app = "netbox" } annotations = { "reloader.stakater.com/search" = "true" @@ -55,7 +44,7 @@ resource "kubernetes_deployment" "netbox" { } spec { container { - image = "netboxcommunity/netbox:v4.5.0-beta1" + image = "lscr.io/linuxserver/netbox:v4.0.9-ls219" name = "netbox" env { name = "DB_USER" @@ -69,22 +58,6 @@ resource "kubernetes_deployment" "netbox" { name = "DB_HOST" value = "postgresql.dbaas.svc.cluster.local" } - env { - name = "DB_NAME" - value = "netbox" - } - env { - name = "DB_WAIT_DEBUG" - value = "1" - } - env { - name = "SECRET_KEY" - value = random_string.random.result - } - env { - name = "API_TOKEN_PEPPERS" - value = random_string.api_token_pepper.result - } env { name = "REDIS_HOST" value = "redis.redis" @@ -124,7 +97,7 @@ resource "kubernetes_deployment" "netbox" { } port { - container_port = 8080 + container_port = 8000 } # volume_mount { # name = "data" @@ -157,7 +130,7 @@ resource "kubernetes_service" "netbox" { } port { name = "http" - target_port = 8080 + target_port = 8000 port = 80 protocol = "TCP" } diff --git a/modules/kubernetes/networking-toolbox/main.tf b/modules/kubernetes/networking-toolbox/main.tf index df8ab459..56abc187 100644 --- a/modules/kubernetes/networking-toolbox/main.tf +++ b/modules/kubernetes/networking-toolbox/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } resource "kubernetes_namespace" "networking-toolbox" { metadata { @@ -21,8 +20,7 @@ resource "kubernetes_deployment" "networking-toolbox" { name = "networking-toolbox" namespace = kubernetes_namespace.networking-toolbox.metadata[0].name labels = { - app = "networking-toolbox" - tier = var.tier + app = "networking-toolbox" } } spec { diff --git a/modules/kubernetes/nextcloud/main.tf b/modules/kubernetes/nextcloud/main.tf index b76bb7bd..e33fef1a 100644 --- a/modules/kubernetes/nextcloud/main.tf +++ b/modules/kubernetes/nextcloud/main.tf @@ -1,6 +1,5 @@ variable "tls_secret_name" {} variable "db_password" {} -variable "tier" { type = string } module "tls_secret" { source = "../setup_tls_secret" @@ -13,7 +12,6 @@ resource "kubernetes_namespace" "nextcloud" { name = "nextcloud" labels = { "istio-injection" : "disabled" - tier = var.tier } } } @@ -51,8 +49,7 @@ resource "kubernetes_deployment" "whiteboard" { name = "whiteboard" namespace = kubernetes_namespace.nextcloud.metadata[0].name labels = { - app = "whiteboard" - tier = var.tier + app = "whiteboard" } annotations = { "reloader.stakater.com/search" = "true" diff --git a/modules/kubernetes/nginx-ingress/main.tf b/modules/kubernetes/nginx-ingress/main.tf index 8ba56189..27e5f6ee 100644 --- a/modules/kubernetes/nginx-ingress/main.tf +++ b/modules/kubernetes/nginx-ingress/main.tf @@ -12,8 +12,6 @@ variable "honeypotapikey" { variable "crowdsec_api_key" {} variable "crowdsec_captcha_secret_key" {} variable "crowdsec_captcha_site_key" {} -variable "tier" { type = string } - resource "kubernetes_namespace" "ingress_nginx" { metadata { name = "ingress-nginx" @@ -471,7 +469,6 @@ resource "kubernetes_deployment" "ingress_nginx_controller" { "app.kubernetes.io/name" = "ingress-nginx" "app.kubernetes.io/part-of" = "ingress-nginx" "app.kubernetes.io/version" = "1.13.1" - tier = var.tier } annotations = { "reloader.stakater.com/search" = "true" diff --git a/modules/kubernetes/ntfy/main.tf b/modules/kubernetes/ntfy/main.tf index dafdbd5b..7a7d9a5d 100644 --- a/modules/kubernetes/ntfy/main.tf +++ b/modules/kubernetes/ntfy/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } resource "kubernetes_namespace" "ntfy" { metadata { name = "ntfy" @@ -17,8 +16,7 @@ resource "kubernetes_deployment" "ntfy" { name = "ntfy" namespace = kubernetes_namespace.ntfy.metadata[0].name labels = { - app = "ntfy" - tier = var.tier + app = "ntfy" } annotations = { "reloader.stakater.com/search" = "true" diff --git a/modules/kubernetes/nvidia/Dockerfile b/modules/kubernetes/nvidia/Dockerfile deleted file mode 100644 index aba73858..00000000 --- a/modules/kubernetes/nvidia/Dockerfile +++ /dev/null @@ -1,27 +0,0 @@ -# GPU container - -FROM ubuntu - -ENV DEBIAN_FRONTEND=noninteractive - -# Install Python and pip -RUN apt-get update && \ - apt-get install -y --no-install-recommends \ - python3 \ - python3-pip \ - python3-venv - -# Deps -RUN apt-get install -y ffmpeg espeak-ng - -# Set a working directory -WORKDIR /app - -RUN python3 -m venv audiblez && ./audiblez/bin/pip install audiblez -# RUN python3 -m venv audiblez - -CMD ["/usr/bin/sleep", "86400"] -# RUN pip install audiblez - -# # Default command -# CMD ["/usr/bin/sleep", "86400"] diff --git a/modules/kubernetes/nvidia/main.tf b/modules/kubernetes/nvidia/main.tf index 70f294cb..1948e58e 100644 --- a/modules/kubernetes/nvidia/main.tf +++ b/modules/kubernetes/nvidia/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } module "tls_secret" { source = "../setup_tls_secret" @@ -12,7 +11,6 @@ resource "kubernetes_namespace" "nvidia" { name = "nvidia" labels = { "istio-injection" : "disabled" - tier = var.tier } } } @@ -61,8 +59,7 @@ resource "kubernetes_deployment" "nvidia-exporter" { name = "nvidia-exporter" namespace = kubernetes_namespace.nvidia.metadata[0].name labels = { - app = "nvidia-exporter" - tier = var.tier + app = "nvidia-exporter" } } spec { @@ -171,51 +168,3 @@ module "ingress" { # } # } # } - - -# resource "kubernetes_deployment" "gpu-container" { -# metadata { -# name = "gpu-container" -# namespace = kubernetes_namespace.nvidia.metadata[0].name -# labels = { -# app = "gpu-container" -# } -# } -# spec { -# replicas = 1 -# selector { -# match_labels = { -# app = "gpu-container" -# } -# } -# template { -# metadata { -# labels = { -# app = "gpu-container" -# } -# } -# spec { -# node_selector = { -# "gpu" : "true" -# } -# container { -# image = "ubuntu" -# name = "gpu-container" -# command = ["/usr/bin/sleep", "3600"] -# # security_context { -# # privileged = true -# # capabilities { -# # add = ["SYS_ADMIN"] -# # } -# # } -# resources { -# limits = { -# "nvidia.com/gpu" = "1" -# } -# } -# } -# } -# } -# } -# depends_on = [helm_release.nvidia-gpu-operator] -# } diff --git a/modules/kubernetes/ollama/main.tf b/modules/kubernetes/ollama/main.tf index 0ecf6063..9a4de923 100644 --- a/modules/kubernetes/ollama/main.tf +++ b/modules/kubernetes/ollama/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } resource "kubernetes_namespace" "ollama" { metadata { @@ -65,8 +64,7 @@ resource "kubernetes_deployment" "ollama" { name = "ollama" namespace = kubernetes_namespace.ollama.metadata[0].name labels = { - app = "ollama" - tier = var.tier + app = "ollama" } } spec { @@ -164,8 +162,7 @@ resource "kubernetes_deployment" "ollama-ui" { name = "ollama-ui" namespace = kubernetes_namespace.ollama.metadata[0].name labels = { - app = "ollama-ui" - tier = var.tier + app = "ollama-ui" } } spec { diff --git a/modules/kubernetes/onlyoffice/main.tf b/modules/kubernetes/onlyoffice/main.tf index df130db4..c3c26811 100644 --- a/modules/kubernetes/onlyoffice/main.tf +++ b/modules/kubernetes/onlyoffice/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } variable "db_password" { type = string } variable "jwt_token" { type = string } @@ -23,8 +22,7 @@ resource "kubernetes_deployment" "onlyoffice-document-server" { name = "onlyoffice-document-server" namespace = kubernetes_namespace.onlyoffice.metadata[0].name labels = { - app = "onlyoffice-document-server" - tier = var.tier + app = "onlyoffice-document-server" } } spec { diff --git a/modules/kubernetes/owntracks/main.tf b/modules/kubernetes/owntracks/main.tf index 9a68196c..6e9cce09 100644 --- a/modules/kubernetes/owntracks/main.tf +++ b/modules/kubernetes/owntracks/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } variable "owntracks_credentials" { type = map(string) default = { @@ -48,8 +47,7 @@ resource "kubernetes_deployment" "owntracks" { name = "owntracks" namespace = kubernetes_namespace.owntracks.metadata[0].name labels = { - app = "owntracks" - tier = var.tier + app = "owntracks" } annotations = { "reloader.stakater.com/search" = "true" diff --git a/modules/kubernetes/paperless-ngx/main.tf b/modules/kubernetes/paperless-ngx/main.tf index e2bcce71..e847a4f4 100644 --- a/modules/kubernetes/paperless-ngx/main.tf +++ b/modules/kubernetes/paperless-ngx/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } variable "db_password" {} # variable "homepage_token" {} variable "homepage_username" {} @@ -26,8 +25,7 @@ resource "kubernetes_deployment" "paperless-ngx" { name = "paperless-ngx" namespace = kubernetes_namespace.paperless-ngx.metadata[0].name labels = { - app = "paperless-ngx" - tier = var.tier + app = "paperless-ngx" } annotations = { "reloader.stakater.com/search" = "true" diff --git a/modules/kubernetes/privatebin/main.tf b/modules/kubernetes/privatebin/main.tf index 199fe729..36f63c27 100644 --- a/modules/kubernetes/privatebin/main.tf +++ b/modules/kubernetes/privatebin/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } resource "kubernetes_namespace" "privatebin" { metadata { @@ -21,8 +20,8 @@ resource "kubernetes_deployment" "privatebin" { name = "privatebin" namespace = kubernetes_namespace.privatebin.metadata[0].name labels = { - app = "privatebin" - tier = var.tier + app = "privatebin" + "kubernetes.io/cluster-service" = "true" } } spec { @@ -38,7 +37,8 @@ resource "kubernetes_deployment" "privatebin" { template { metadata { labels = { - app = "privatebin" + app = "privatebin" + "kubernetes.io/cluster-service" = "true" } } spec { diff --git a/modules/kubernetes/real-estate-crawler/main.tf b/modules/kubernetes/real-estate-crawler/main.tf index 9bb495c0..38d1d628 100644 --- a/modules/kubernetes/real-estate-crawler/main.tf +++ b/modules/kubernetes/real-estate-crawler/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } variable "notification_settings" { type = map(string) default = { @@ -27,8 +26,7 @@ resource "kubernetes_deployment" "realestate-crawler-ui" { name = "realestate-crawler-ui" namespace = kubernetes_namespace.realestate-crawler.metadata[0].name labels = { - app = "realestate-crawler-ui" - tier = var.tier + app = "realestate-crawler-ui" } } spec { @@ -44,7 +42,8 @@ resource "kubernetes_deployment" "realestate-crawler-ui" { template { metadata { labels = { - app = "realestate-crawler-ui" + app = "realestate-crawler-ui" + "kubernetes.io/cluster-service" = "true" } } spec { @@ -98,8 +97,7 @@ resource "kubernetes_deployment" "realestate-crawler-api" { name = "realestate-crawler-api" namespace = kubernetes_namespace.realestate-crawler.metadata[0].name labels = { - app = "realestate-crawler-api" - tier = var.tier + app = "realestate-crawler-api" } } spec { diff --git a/modules/kubernetes/redis/main.tf b/modules/kubernetes/redis/main.tf index 4271c99e..7750d447 100644 --- a/modules/kubernetes/redis/main.tf +++ b/modules/kubernetes/redis/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } resource "kubernetes_namespace" "redis" { metadata { @@ -18,8 +17,7 @@ resource "kubernetes_deployment" "redis" { name = "redis" namespace = kubernetes_namespace.redis.metadata[0].name labels = { - app = "redis" - tier = var.tier + app = "redis" } annotations = { "reloader.stakater.com/search" = "true" diff --git a/modules/kubernetes/reloader/main.tf b/modules/kubernetes/reloader/main.tf index f220b799..59971834 100644 --- a/modules/kubernetes/reloader/main.tf +++ b/modules/kubernetes/reloader/main.tf @@ -1,18 +1,7 @@ -variable "tier" { type = string } - -resource "kubernetes_namespace" "crowdsec" { - metadata { - name = "reloader" - labels = { - tier = var.tier - } - } -} resource "helm_release" "reloader" { - namespace = kubernetes_namespace.crowdsec.metadata[0].name - create_namespace = false + namespace = "reloader" + create_namespace = true name = "reloader" - atomic = true repository = "https://stakater.github.io/stakater-charts" chart = "reloader" diff --git a/modules/kubernetes/reverse_proxy/factory/main.tf b/modules/kubernetes/reverse_proxy/factory/main.tf index a80407f5..1c3c9af3 100644 --- a/modules/kubernetes/reverse_proxy/factory/main.tf +++ b/modules/kubernetes/reverse_proxy/factory/main.tf @@ -37,10 +37,6 @@ variable "rybbit_site_id" { default = null type = string } -variable "additional_configuration_snippet" { - default = "" - type = string -} resource "kubernetes_service" "proxied-service" { @@ -94,7 +90,6 @@ resource "kubernetes_ingress_v1" "proxied-ingress" { "nginx.ingress.kubernetes.io/configuration-snippet" = <<-EOF limit_req_status 429; limit_conn_status 429; - ${var.additional_configuration_snippet} ${var.rybbit_site_id != null ? <<-JS # Rybbit Analytics # Only modify HTML diff --git a/modules/kubernetes/reverse_proxy/main.tf b/modules/kubernetes/reverse_proxy/main.tf index 3ea44e12..9f459271 100644 --- a/modules/kubernetes/reverse_proxy/main.tf +++ b/modules/kubernetes/reverse_proxy/main.tf @@ -96,23 +96,6 @@ module "tp-link-gateway" { backend_protocol = "HTTPS" depends_on = [kubernetes_namespace.reverse-proxy] protected = true - # Doesn't work due to 413 due to GA/authentik cookie - # additional_configuration_snippet = <<-EOF - # # 1. Try to extract the sysauth cookie and its value - # # This regex looks for 'sysauth=' followed by everything until a semicolon or end of string - # set $sysauth_only ""; - # if ($http_cookie ~* "sysauth=([^;]+)") { - # set $sysauth_only "sysauth=$1"; - # } - - # # 2. Overwrite the Cookie header. - # # If sysauth was found, only it is sent. If not found, no cookies are sent. - # proxy_set_header Cookie $sysauth_only; - # EOF - # extra_annotations = { - # client-header-buffer-size : "16k" - # large-client-header-buffers : "4 16k" - # } } # https://truenas.viktorbarzin.me/ diff --git a/modules/kubernetes/rybbit/main.tf b/modules/kubernetes/rybbit/main.tf index 8e30f113..51d212a3 100644 --- a/modules/kubernetes/rybbit/main.tf +++ b/modules/kubernetes/rybbit/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } variable "clickhouse_password" { type = string } variable "postgres_password" { type = string } @@ -30,8 +29,7 @@ resource "kubernetes_deployment" "clickhouse" { name = "clickhouse" namespace = kubernetes_namespace.rybbit.metadata[0].name labels = { - app = "clickhouse" - tier = var.tier + app = "clickhouse" } } spec { @@ -112,8 +110,7 @@ resource "kubernetes_deployment" "rybbit" { name = "rybbit" namespace = kubernetes_namespace.rybbit.metadata[0].name labels = { - app = "rybbit" - tier = var.tier + app = "rybbit" } } spec { @@ -225,8 +222,7 @@ resource "kubernetes_deployment" "rybbit-client" { name = "rybbit-client" namespace = kubernetes_namespace.rybbit.metadata[0].name labels = { - app = "rybbit-client" - tier = var.tier + app = "rybbit-client" } } spec { diff --git a/modules/kubernetes/send/main.tf b/modules/kubernetes/send/main.tf index 6469688b..bf4773f9 100644 --- a/modules/kubernetes/send/main.tf +++ b/modules/kubernetes/send/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } resource "kubernetes_namespace" "send" { metadata { @@ -21,8 +20,7 @@ resource "kubernetes_deployment" "send" { name = "send" namespace = kubernetes_namespace.send.metadata[0].name labels = { - app = "send" - tier = var.tier + app = "send" } annotations = { "reloader.stakater.com/search" = "true" diff --git a/modules/kubernetes/servarr/aiostreams/main.tf b/modules/kubernetes/servarr/aiostreams/main.tf deleted file mode 100644 index e5ec5ec6..00000000 --- a/modules/kubernetes/servarr/aiostreams/main.tf +++ /dev/null @@ -1,103 +0,0 @@ -variable "tls_secret_name" {} -variable "tier" { type = string } -variable "aiostreams_database_connection_string" { type = string } - -resource "kubernetes_namespace" "aiostreams" { - metadata { - name = "aiostreams" - labels = { - "istio-injection" : "disabled" - } - } -} - -resource "random_id" "secret_key" { - byte_length = 32 # 32 bytes × 2 hex chars = 64 hex characters -} - -resource "kubernetes_deployment" "aiostreams" { - metadata { - name = "aiostreams" - namespace = kubernetes_namespace.aiostreams.metadata[0].name - labels = { - app = "aiostreams" - tier = var.tier - } - } - spec { - replicas = 1 - selector { - match_labels = { - app = "aiostreams" - } - } - template { - metadata { - labels = { - app = "aiostreams" - } - } - spec { - container { - image = "viren070/aiostreams:nightly" - name = "aiostreams" - port { - container_port = 3000 - } - env { - name = "BASE_URL" - value = "https://aiostreams.viktorbarzin.me" - } - env { - name = "SECRET_KEY" - value = random_id.secret_key.hex - } - env { - name = "DATABASE_URI" - value = var.aiostreams_database_connection_string - } - volume_mount { - name = "data" - mount_path = "/app/data" - } - } - volume { - name = "data" - nfs { - server = "10.0.10.15" - path = "/mnt/main/servarr/aiostreams" - } - } - } - } - } -} - -resource "kubernetes_service" "aiostreams" { - metadata { - name = "aiostreams" - namespace = kubernetes_namespace.aiostreams.metadata[0].name - labels = { - "app" = "aiostreams" - } - } - - spec { - selector = { - app = "aiostreams" - } - port { - name = "http" - port = 80 - target_port = 3000 - } - } -} - -module "ingress" { - source = "../../ingress_factory" - namespace = kubernetes_namespace.aiostreams.metadata[0].name - name = "aiostreams" - tls_secret_name = var.tls_secret_name - # protected = true -} diff --git a/modules/kubernetes/servarr/flaresolverr/main.tf b/modules/kubernetes/servarr/flaresolverr/main.tf index 623685e6..6e8f7131 100644 --- a/modules/kubernetes/servarr/flaresolverr/main.tf +++ b/modules/kubernetes/servarr/flaresolverr/main.tf @@ -1,13 +1,11 @@ variable "tls_secret_name" {} -variable "tier" { type = string } resource "kubernetes_deployment" "flaresolverr" { metadata { name = "flaresolverr" namespace = "servarr" labels = { - app = "flaresolverr" - tier = var.tier + app = "flaresolverr" } annotations = { "reloader.stakater.com/search" = "true" diff --git a/modules/kubernetes/servarr/lidarr/main.tf b/modules/kubernetes/servarr/lidarr/main.tf index 7539754a..8166298b 100644 --- a/modules/kubernetes/servarr/lidarr/main.tf +++ b/modules/kubernetes/servarr/lidarr/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } resource "kubernetes_deployment" "lidarr" { @@ -7,8 +6,7 @@ resource "kubernetes_deployment" "lidarr" { name = "lidarr" namespace = "servarr" labels = { - app = "lidarr" - tier = var.tier + app = "lidarr" } annotations = { "reloader.stakater.com/search" = "true" diff --git a/modules/kubernetes/servarr/listenarr/main.tf b/modules/kubernetes/servarr/listenarr/main.tf deleted file mode 100644 index 98651a12..00000000 --- a/modules/kubernetes/servarr/listenarr/main.tf +++ /dev/null @@ -1,90 +0,0 @@ -variable "tls_secret_name" {} -variable "tier" { type = string } - - -resource "kubernetes_deployment" "listenarr" { - metadata { - name = "listenarr" - namespace = "servarr" - labels = { - app = "listenarr" - tier = var.tier - } - annotations = { - "reloader.stakater.com/search" = "true" - } - } - spec { - replicas = 1 - selector { - match_labels = { - app = "listenarr" - } - } - template { - metadata { - labels = { - app = "listenarr" - } - } - spec { - container { - image = "ghcr.io/therobbiedavis/listenarr:canary" - name = "listenarr" - - port { - container_port = 5000 - } - volume_mount { - name = "data" - mount_path = "/app/config" - } - } - volume { - name = "data" - nfs { - path = "/mnt/main/servarr/listenarr" - server = "10.0.10.15" - } - } - volume { - name = "downloads" - nfs { - path = "/mnt/main/servarr/downloads" - server = "10.0.10.15" - } - } - } - } - } -} - -resource "kubernetes_service" "listenarr" { - metadata { - name = "listenarr" - namespace = "servarr" - labels = { - app = "listenarr" - } - } - - spec { - selector = { - app = "listenarr" - } - port { - name = "http" - port = 80 - target_port = 5000 - } - } -} - - -module "ingress" { - source = "../../ingress_factory" - namespace = "servarr" - name = "listenarr" - tls_secret_name = var.tls_secret_name - protected = true -} diff --git a/modules/kubernetes/servarr/main.tf b/modules/kubernetes/servarr/main.tf index e55e8da0..7604b8d4 100644 --- a/modules/kubernetes/servarr/main.tf +++ b/modules/kubernetes/servarr/main.tf @@ -1,6 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } -variable "aiostreams_database_connection_string" { type = string } resource "kubernetes_namespace" "servarr" { metadata { @@ -18,48 +16,29 @@ module "tls_secret" { # module "readarr" { # source = "./readarr" # tls_secret_name = var.tls_secret_name -# tier = var.tier # } -module "prowlarr" { - source = "./prowlarr" - tls_secret_name = var.tls_secret_name - tier = var.tier -} +# module "prowlarr" { +# source = "./prowlarr" +# tls_secret_name = var.tls_secret_name +# } -module "qbittorrent" { - source = "./qbittorrent" - tls_secret_name = var.tls_secret_name - tier = var.tier -} +# module "qbittorrent" { +# source = "./qbittorrent" +# tls_secret_name = var.tls_secret_name +# } module "flaresolverr" { source = "./flaresolverr" tls_secret_name = var.tls_secret_name - tier = var.tier } # module "lidarr" { # source = "./lidarr" # tls_secret_name = var.tls_secret_name -# tier = var.tier # } # module "soulseek" { # source = "./soulseek" # tls_secret_name = var.tls_secret_name -# tier = var.tier # } - -module "listenarr" { - source = "./listenarr" - tls_secret_name = var.tls_secret_name - tier = var.tier -} - -module "aiostreams" { - source = "./aiostreams" - tls_secret_name = var.tls_secret_name - aiostreams_database_connection_string = var.aiostreams_database_connection_string - tier = var.tier -} diff --git a/modules/kubernetes/servarr/prowlarr/main.tf b/modules/kubernetes/servarr/prowlarr/main.tf index 82204bec..44350de9 100644 --- a/modules/kubernetes/servarr/prowlarr/main.tf +++ b/modules/kubernetes/servarr/prowlarr/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } resource "kubernetes_deployment" "prowlarr" { @@ -7,8 +6,7 @@ resource "kubernetes_deployment" "prowlarr" { name = "prowlarr" namespace = "servarr" labels = { - app = "prowlarr" - tier = var.tier + app = "prowlarr" } annotations = { "reloader.stakater.com/search" = "true" diff --git a/modules/kubernetes/servarr/qbittorrent/main.tf b/modules/kubernetes/servarr/qbittorrent/main.tf index 2a473a3e..ecb858a8 100644 --- a/modules/kubernetes/servarr/qbittorrent/main.tf +++ b/modules/kubernetes/servarr/qbittorrent/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } resource "kubernetes_deployment" "qbittorrent" { @@ -7,8 +6,7 @@ resource "kubernetes_deployment" "qbittorrent" { name = "qbittorrent" namespace = "servarr" labels = { - app = "qbittorrent" - tier = var.tier + app = "qbittorrent" } annotations = { "reloader.stakater.com/search" = "true" diff --git a/modules/kubernetes/servarr/readarr/main.tf b/modules/kubernetes/servarr/readarr/main.tf index 68369b06..b612b762 100644 --- a/modules/kubernetes/servarr/readarr/main.tf +++ b/modules/kubernetes/servarr/readarr/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } resource "kubernetes_namespace" "readarr" { metadata { name = "readarr" @@ -21,8 +20,7 @@ resource "kubernetes_deployment" "readarr" { name = "readarr" namespace = "readarr" labels = { - app = "readarr" - tier = var.tier + app = "readarr" } annotations = { "reloader.stakater.com/search" = "true" diff --git a/modules/kubernetes/servarr/soulseek/main.tf b/modules/kubernetes/servarr/soulseek/main.tf index 446ba8c6..2ca68c32 100644 --- a/modules/kubernetes/servarr/soulseek/main.tf +++ b/modules/kubernetes/servarr/soulseek/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } resource "kubernetes_deployment" "soulseek" { @@ -7,8 +6,7 @@ resource "kubernetes_deployment" "soulseek" { name = "soulseek" namespace = "servarr" labels = { - app = "soulseek" - tier = var.tier + app = "soulseek" } annotations = { "reloader.stakater.com/search" = "true" diff --git a/modules/kubernetes/shadowsocks/main.tf b/modules/kubernetes/shadowsocks/main.tf index acb5ea9b..6dd980e9 100644 --- a/modules/kubernetes/shadowsocks/main.tf +++ b/modules/kubernetes/shadowsocks/main.tf @@ -1,5 +1,4 @@ variable "password" {} -variable "tier" { type = string } variable "method" { default = "chacha20-ietf-poly1305" } @@ -20,7 +19,6 @@ resource "kubernetes_deployment" "shadowsocks" { namespace = kubernetes_namespace.shadowsocks.metadata[0].name labels = { "app" = "shadowsocks" - tier = var.tier } annotations = { "reloader.stakater.com/search" = "true" @@ -66,7 +64,7 @@ resource "kubernetes_deployment" "shadowsocks" { } } -resource "kubernetes_service" "mailserver" { # rename me +resource "kubernetes_service" "mailserver" { metadata { name = "shadowsocks" namespace = kubernetes_namespace.shadowsocks.metadata[0].name diff --git a/modules/kubernetes/stirling-pdf/main.tf b/modules/kubernetes/stirling-pdf/main.tf index 25b29ee4..319285e9 100644 --- a/modules/kubernetes/stirling-pdf/main.tf +++ b/modules/kubernetes/stirling-pdf/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } resource "kubernetes_namespace" "stirling-pdf" { metadata { @@ -21,8 +20,7 @@ resource "kubernetes_deployment" "stirling-pdf" { name = "stirling-pdf" namespace = kubernetes_namespace.stirling-pdf.metadata[0].name labels = { - app = "stirling-pdf" - tier = var.tier + app = "stirling-pdf" } } spec { diff --git a/modules/kubernetes/tandoor/main.tf b/modules/kubernetes/tandoor/main.tf index b395890c..d1aa6c5e 100644 --- a/modules/kubernetes/tandoor/main.tf +++ b/modules/kubernetes/tandoor/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } variable "tandoor_database_password" {} variable "tandoor_email_password" {} @@ -27,8 +26,7 @@ resource "kubernetes_deployment" "tandoor" { name = "tandoor" namespace = kubernetes_namespace.tandoor.metadata[0].name labels = { - app = "tandoor" - tier = var.tier + app = "tandoor" } } spec { diff --git a/modules/kubernetes/technitium/main.tf b/modules/kubernetes/technitium/main.tf index 57b37d5e..b3376443 100644 --- a/modules/kubernetes/technitium/main.tf +++ b/modules/kubernetes/technitium/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } variable "homepage_token" {} resource "kubernetes_namespace" "technitium" { @@ -24,8 +23,7 @@ resource "kubernetes_deployment" "technitium" { name = "technitium" namespace = kubernetes_namespace.technitium.metadata[0].name labels = { - app = "technitium" - tier = var.tier + app = "technitium" } } spec { diff --git a/modules/kubernetes/tor-proxy/main.tf b/modules/kubernetes/tor-proxy/main.tf index 6994393d..b13b0c4e 100644 --- a/modules/kubernetes/tor-proxy/main.tf +++ b/modules/kubernetes/tor-proxy/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } resource "kubernetes_namespace" "tor-proxy" { metadata { @@ -35,8 +34,7 @@ resource "kubernetes_deployment" "tor-proxy" { name = "tor-proxy" namespace = "tor-proxy" labels = { - app = "tor-proxy" - tier = var.tier + app = "tor-proxy" } annotations = { "reloader.stakater.com/search" = "true" diff --git a/modules/kubernetes/travel_blog/main.tf b/modules/kubernetes/travel_blog/main.tf index 15b29720..067838c4 100644 --- a/modules/kubernetes/travel_blog/main.tf +++ b/modules/kubernetes/travel_blog/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } resource "kubernetes_namespace" "travel-blog" { metadata { @@ -27,21 +26,20 @@ resource "kubernetes_deployment" "blog" { name = "travel-blog" namespace = kubernetes_namespace.travel-blog.metadata[0].name labels = { - app = "travel-blog" - tier = var.tier + run = "travel-blog" } } spec { replicas = 3 selector { match_labels = { - app = "travel-blog" + run = "travel-blog" } } template { metadata { labels = { - app = "travel-blog" + run = "travel-blog" } } spec { @@ -81,7 +79,7 @@ resource "kubernetes_service" "travel-blog" { name = "travel-blog" namespace = kubernetes_namespace.travel-blog.metadata[0].name labels = { - app = "travel-blog" + "run" = "travel-blog" } annotations = { "prometheus.io/scrape" = "true" @@ -92,7 +90,7 @@ resource "kubernetes_service" "travel-blog" { spec { selector = { - app = "travel-blog" + run = "travel-blog" } port { name = "http" diff --git a/modules/kubernetes/tuya-bridge/main.tf b/modules/kubernetes/tuya-bridge/main.tf index e685c59a..9545ebf7 100644 --- a/modules/kubernetes/tuya-bridge/main.tf +++ b/modules/kubernetes/tuya-bridge/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } variable "tiny_tuya_api_key" { type = string } variable "tiny_tuya_api_secret" { type = string } variable "tiny_tuya_service_secret" { type = string } @@ -25,8 +24,7 @@ resource "kubernetes_deployment" "tuya-bridge" { name = "tuya-bridge" namespace = kubernetes_namespace.tuya-bridge.metadata[0].name labels = { - app = "tuya-bridge" - tier = var.tier + app = "tuya-bridge" } } spec { diff --git a/modules/kubernetes/uptime-kuma/main.tf b/modules/kubernetes/uptime-kuma/main.tf index 2c5e410b..19641350 100644 --- a/modules/kubernetes/uptime-kuma/main.tf +++ b/modules/kubernetes/uptime-kuma/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } resource "kubernetes_namespace" "uptime-kuma" { metadata { @@ -21,8 +20,7 @@ resource "kubernetes_deployment" "uptime-kuma" { name = "uptime-kuma" namespace = kubernetes_namespace.uptime-kuma.metadata[0].name labels = { - app = "uptime-kuma" - tier = var.tier + app = "uptime-kuma" } annotations = { "reloader.stakater.com/search" = "true" diff --git a/modules/kubernetes/url-shortener/main.tf b/modules/kubernetes/url-shortener/main.tf index caaeb0f3..157844e8 100644 --- a/modules/kubernetes/url-shortener/main.tf +++ b/modules/kubernetes/url-shortener/main.tf @@ -5,7 +5,6 @@ ## to the mysql tier variable "tls_secret_name" {} -variable "tier" { type = string } variable "geolite_license_key" {} variable "api_key" {} variable "mysql_password" {} @@ -77,8 +76,7 @@ resource "kubernetes_deployment" "shlink" { name = "shlink" namespace = kubernetes_namespace.shlink.metadata[0].name labels = { - run = "shlink" - tier = var.tier + run = "shlink" } } spec { @@ -215,8 +213,7 @@ resource "kubernetes_deployment" "shlink-web" { name = "shlink-web" namespace = kubernetes_namespace.shlink.metadata[0].name labels = { - run = "shlink-web" - tier = var.tier + run = "shlink-web" } annotations = { "reloader.stakater.com/search" = "true" diff --git a/modules/kubernetes/vault/main.tf b/modules/kubernetes/vault/main.tf index 8d4d4ded..99c6ccf2 100644 --- a/modules/kubernetes/vault/main.tf +++ b/modules/kubernetes/vault/main.tf @@ -2,14 +2,10 @@ variable "tls_secret_name" {} variable "host" { default = "vault.viktorbarzin.me" } -variable "tier" { type = string } resource "kubernetes_namespace" "vault" { metadata { name = "vault" - labels = { - tier = var.tier - } } } @@ -38,9 +34,9 @@ resource "kubernetes_persistent_volume" "vault_data" { } resource "helm_release" "vault" { - namespace = kubernetes_namespace.vault.metadata[0].name - name = "vault" - atomic = true + namespace = kubernetes_namespace.vault.metadata[0].name + name = "vault" + atomic = true repository = "https://helm.releases.hashicorp.com" chart = "vault" diff --git a/modules/kubernetes/vaultwarden/main.tf b/modules/kubernetes/vaultwarden/main.tf index 11cfb4bd..62214392 100644 --- a/modules/kubernetes/vaultwarden/main.tf +++ b/modules/kubernetes/vaultwarden/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } variable "smtp_password" {} resource "kubernetes_namespace" "vaultwarden" { @@ -22,8 +21,7 @@ resource "kubernetes_deployment" "vaultwarden" { name = "vaultwarden" namespace = kubernetes_namespace.vaultwarden.metadata[0].name labels = { - app = "vaultwarden" - tier = var.tier + app = "vaultwarden" } annotations = { "reloader.stakater.com/search" = "true" diff --git a/modules/kubernetes/wealthfolio/main.tf b/modules/kubernetes/wealthfolio/main.tf index f9733332..30c146d0 100644 --- a/modules/kubernetes/wealthfolio/main.tf +++ b/modules/kubernetes/wealthfolio/main.tf @@ -6,7 +6,6 @@ # Note that currently wealthfolio doesn't dedup (https://github.com/afadil/wealthfolio/issues/476) variable "tls_secret_name" {} -variable "tier" { type = string } variable "wealthfolio_password_hash" {} resource "kubernetes_namespace" "wealthfolio" { @@ -34,8 +33,7 @@ resource "kubernetes_deployment" "wealthfolio" { name = "wealthfolio" namespace = kubernetes_namespace.wealthfolio.metadata[0].name labels = { - app = "wealthfolio" - tier = var.tier + app = "wealthfolio" } } spec { diff --git a/modules/kubernetes/webhook_handler/main.tf b/modules/kubernetes/webhook_handler/main.tf index fc33c938..b670285f 100644 --- a/modules/kubernetes/webhook_handler/main.tf +++ b/modules/kubernetes/webhook_handler/main.tf @@ -1,6 +1,5 @@ variable "tls_secret_name" {} -variable "tier" { type = string } variable "webhook_secret" {} variable "fb_verify_token" {} variable "fb_page_token" {} @@ -71,8 +70,7 @@ resource "kubernetes_deployment" "webhook_handler" { name = "webhook-handler" namespace = kubernetes_namespace.webhook-handler.metadata[0].name labels = { - app = "webhook-handler" - tier = var.tier + app = "webhook-handler" } annotations = { "reloader.stakater.com/search" = "true" diff --git a/modules/kubernetes/wireguard/main.tf b/modules/kubernetes/wireguard/main.tf index 32d1a7d9..8b3c577a 100644 --- a/modules/kubernetes/wireguard/main.tf +++ b/modules/kubernetes/wireguard/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } variable "wg_0_conf" {} variable "firewall_sh" {} variable "wg_0_key" {} @@ -57,8 +56,7 @@ resource "kubernetes_deployment" "wireguard" { name = "wireguard" namespace = kubernetes_namespace.wireguard.metadata[0].name labels = { - app = "wireguard" - tier = var.tier + app = "wireguard" } annotations = { "reloader.stakater.com/search" = "true" diff --git a/modules/kubernetes/xray/main.tf b/modules/kubernetes/xray/main.tf index b2538ddc..1234c0bf 100644 --- a/modules/kubernetes/xray/main.tf +++ b/modules/kubernetes/xray/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } variable "xray_reality_clients" { type = list(map(string)) } variable "xray_reality_private_key" { type = string } variable "xray_reality_short_ids" { type = list(string) } @@ -49,8 +48,7 @@ resource "kubernetes_deployment" "xray" { name = "xray" namespace = kubernetes_namespace.xray.metadata[0].name labels = { - app = "xray" - tier = var.tier + app = "xray" } annotations = { "reloader.stakater.com/search" = "true" diff --git a/modules/kubernetes/youtube_dl/main.tf b/modules/kubernetes/youtube_dl/main.tf index 71523195..0693de7f 100644 --- a/modules/kubernetes/youtube_dl/main.tf +++ b/modules/kubernetes/youtube_dl/main.tf @@ -1,5 +1,4 @@ variable "tls_secret_name" {} -variable "tier" { type = string } resource "kubernetes_namespace" "ytdlp" { metadata { @@ -22,8 +21,7 @@ resource "kubernetes_deployment" "ytdlp" { name = "ytdlp" namespace = kubernetes_namespace.ytdlp.metadata[0].name labels = { - app = "ytdlp" - tier = var.tier + app = "ytdlp" } annotations = { "diun.enable" = "true" diff --git a/secrets/fullchain.pem b/secrets/fullchain.pem index 9c130cfd..b7da727a 100644 Binary files a/secrets/fullchain.pem and b/secrets/fullchain.pem differ diff --git a/secrets/privkey.pem b/secrets/privkey.pem index 181d9698..c4fa8479 100644 Binary files a/secrets/privkey.pem and b/secrets/privkey.pem differ diff --git a/terraform.tfstate b/terraform.tfstate index bcb43bcf..ba3881b9 100644 Binary files a/terraform.tfstate and b/terraform.tfstate differ diff --git a/terraform.tfvars b/terraform.tfvars index 984fd4e0..bff261db 100644 Binary files a/terraform.tfvars and b/terraform.tfvars differ