viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: viktor:95a670836138dafe092fd2dc20864e21e293547d
Branches Tags
viktor:master
viktor:broker-sync-stack
...
compare: viktor:42403e0b353ff136aa83fbc27987752a932dc1f9
Branches Tags
viktor:master
viktor:broker-sync-stack

10 commits
95a6708361 ... 42403e0b35

Author SHA1 Message Date
Viktor Barzin
42403e0b35
add registry low cache hit rate alert [ci skip] 2025-12-29 10:43:57 +00:00
Viktor Barzin
a3624f80e0
replace hardcoded namespace with module reference [ci skip] 2025-12-29 10:23:42 +00:00
Viktor Barzin
b5924ad59b
add startup_shutdown to qemu vms to avoid metadata reset [ci skip] 2025-12-29 10:19:22 +00:00
Viktor Barzin
3f5a74b923
periodically restart the registry container to avoid stale blobs [ci skip] 2025-12-29 10:19:01 +00:00
Viktor Barzin
f221c9338a
reorder defcon services [ci skip] 2025-12-28 21:10:36 +00:00
Viktor Barzin
539928140e
migrate to for_each when defining cloudflare dns records [ci skip] 2025-12-28 21:04:14 +00:00
Viktor Barzin
ca872fe80a
add depends_on to all modules [ci skip] 2025-12-28 20:51:14 +00:00
Viktor Barzin
a3682bca61
add periodic cleanup of docker registry vm [ci skip] 2025-12-28 20:37:23 +00:00
Viktor Barzin
cd3f7b9cd6
add some more headers when authenticating with authentik [ci skip] 2025-12-28 20:07:50 +00:00
Viktor Barzin
8be0fc9699
add more alerts in prometheus and gorup them better [ci skip] 2025-12-28 20:07:33 +00:00
94 changed files with 923 additions and 659 deletions
Download patch file Download diff file Expand all files Collapse all files

2
main.tf
View file

@ -225,6 +225,8 @@ module "docker-registry-template" {
)
)
),
"( crontab -l 2>/dev/null; echo '0 3 * * 0 /usr/bin/docker exec registry registry garbage-collect -m /etc/docker/registry/config.yml' ) | crontab -",
"( crontab -l 2>/dev/null; echo '0 * * * * /usr/bin/docker restart registry' ) | crontab -",
"docker run -p 5000:5000 -p 5001:5001 -d --restart always --name registry -v /etc/docker-registry/config.yml:/etc/docker/registry/config.yml registry:2"
]
}

5
modules/create-vm/main.tf
View file

@ -61,6 +61,11 @@ resource "proxmox_vm_qemu" "cloudinit-vm" {
cores = var.vm_cpus
type = "host" # emulate host cpu
}
startup_shutdown {
order = -1
shutdown_timeout = -1
startup_delay = -1
}
# Most cloud-init images require a serial device for their display
serial {

4
modules/kubernetes/actualbudget/main.tf
View file

@ -18,7 +18,7 @@ resource "kubernetes_namespace" "actualbudget" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "actualbudget"
namespace = kubernetes_namespace.actualbudget
tls_secret_name = var.tls_secret_name
}
@ -29,6 +29,7 @@ module "viktor" {
name = "viktor"
tag = "edge"
tls_secret_name = var.tls_secret_name
depends_on = [kubernetes_namespace.actualbudget]
}
# https://budget-anca.viktorbarzin.me/
@ -37,4 +38,5 @@ module "anca" {
name = "anca"
tag = "edge"
tls_secret_name = var.tls_secret_name
depends_on = [kubernetes_namespace.actualbudget]
}

8
modules/kubernetes/audiobookshelf/main.tf
View file

@ -11,14 +11,14 @@ resource "kubernetes_namespace" "audiobookshelf" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "audiobookshelf"
namespace = kubernetes_namespace.audiobookshelf.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_deployment" "audiobookshelf" {
metadata {
name = "audiobookshelf"
namespace = "audiobookshelf"
namespace = kubernetes_namespace.audiobookshelf.metadata[0].name
labels = {
app = "audiobookshelf"
}
@ -103,7 +103,7 @@ resource "kubernetes_deployment" "audiobookshelf" {
resource "kubernetes_service" "audiobookshelf" {
metadata {
name = "audiobookshelf"
namespace = "audiobookshelf"
namespace = kubernetes_namespace.audiobookshelf.metadata[0].name
labels = {
"app" = "audiobookshelf"
}
@ -124,7 +124,7 @@ resource "kubernetes_service" "audiobookshelf" {
module "ingress" {
source = "../ingress_factory"
namespace = "audiobookshelf"
namespace = kubernetes_namespace.audiobookshelf.metadata[0].name
name = "audiobookshelf"
tls_secret_name = var.tls_secret_name
extra_annotations = {

12
modules/kubernetes/authelia/main.tf
View file

@ -11,12 +11,12 @@ resource "kubernetes_namespace" "authelia" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "authelia"
namespace = kubernetes_namespace.authelia.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "helm_release" "authelia" {
namespace = "authelia"
namespace = kubernetes_namespace.authelia.metadata[0].name
name = "authelia"
atomic = true
@ -32,7 +32,7 @@ resource "helm_release" "authelia" {
# resource "kubernetes_config_map" "configuration" {
# metadata {
# name = "configuration"
# namespace = "authelia"
# namespace = kubernetes_namespace.authelia.metadata[0].name
# labels = {
# app = "configuration"
@ -53,7 +53,7 @@ resource "helm_release" "authelia" {
# resource "kubernetes_deployment" "authelia" {
# metadata {
# name = "authelia"
# namespace = "authelia"
# namespace = kubernetes_namespace.authelia.metadata[0].name
# labels = {
# app = "authelia"
# }
@ -119,7 +119,7 @@ resource "helm_release" "authelia" {
# resource "kubernetes_service" "authelia" {
# metadata {
# name = "authelia"
# namespace = "authelia"
# namespace = kubernetes_namespace.authelia.metadata[0].name
# labels = {
# "app" = "authelia"
# }
@ -142,7 +142,7 @@ resource "helm_release" "authelia" {
# resource "kubernetes_ingress_v1" "authelia" {
# metadata {
# name = "authelia"
# namespace = "authelia"
# namespace = kubernetes_namespace.authelia.metadata[0].name
# annotations = {
# "kubernetes.io/ingress.class" = "nginx"
# # "nginx.ingress.kubernetes.io/affinity" = "cookie"

6
modules/kubernetes/authentik/main.tf
View file

@ -5,7 +5,7 @@ variable "postgres_password" {}
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "authentik"
namespace = kubernetes_namespace.authentik.metadata[0].name
tls_secret_name = var.tls_secret_name
}
@ -16,7 +16,7 @@ resource "kubernetes_namespace" "authentik" {
}
resource "helm_release" "authentik" {
namespace = "authentik"
namespace = kubernetes_namespace.authentik.metadata[0].name
create_namespace = true
name = "goauthentik"
@ -34,7 +34,7 @@ resource "helm_release" "authentik" {
resource "kubernetes_ingress_v1" "authentik" {
metadata {
name = "authentik"
namespace = "authentik"
namespace = kubernetes_namespace.authentik.metadata[0].name
annotations = {
"kubernetes.io/ingress.class" = "nginx"
}

10
modules/kubernetes/blog/main.tf
View file

@ -12,20 +12,20 @@ resource "kubernetes_namespace" "website" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "website"
namespace = kubernetes_namespace.website.metadata[0].name
tls_secret_name = var.tls_secret_name
}
# module "dockerhub_creds" {
# source = "../dockerhub_secret"
# namespace = "website"
# namespace = kubernetes_namespace.website.metadata[0].name
# password = var.dockerhub_password
# }
resource "kubernetes_deployment" "blog" {
metadata {
name = "blog"
namespace = "website"
namespace = kubernetes_namespace.website.metadata[0].name
labels = {
run = "blog"
}
@ -78,7 +78,7 @@ resource "kubernetes_deployment" "blog" {
resource "kubernetes_service" "blog" {
metadata {
name = "blog"
namespace = "website"
namespace = kubernetes_namespace.website.metadata[0].name
labels = {
"run" = "blog"
}
@ -109,7 +109,7 @@ resource "kubernetes_service" "blog" {
resource "kubernetes_ingress_v1" "blog" {
metadata {
name = "blog-ingress"
namespace = "website"
namespace = kubernetes_namespace.website.metadata[0].name
annotations = {
"kubernetes.io/ingress.class" = "nginx"
"nginx.ingress.kubernetes.io/configuration-snippet" = <<-EOT

16
modules/kubernetes/calibre/main.tf
View file

@ -17,14 +17,14 @@ resource "kubernetes_namespace" "calibre" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "calibre"
namespace = kubernetes_namespace.calibre.metadata[0].name
tls_secret_name = var.tls_secret_name
}
# resource "kubernetes_deployment" "calibre" {
# metadata {
# name = "calibre"
# namespace = "calibre"
# namespace = kubernetes_namespace.calibre.metadata[0].name
# labels = {
# app = "calibre"
# }
@ -97,7 +97,7 @@ module "tls_secret" {
resource "kubernetes_deployment" "calibre-web-automated" {
metadata {
name = "calibre-web-automated"
namespace = "calibre"
namespace = kubernetes_namespace.calibre.metadata[0].name
labels = {
app = "calibre-web-automated"
}
@ -196,7 +196,7 @@ resource "kubernetes_deployment" "calibre-web-automated" {
resource "kubernetes_service" "calibre" {
metadata {
name = "calibre"
namespace = "calibre"
namespace = kubernetes_namespace.calibre.metadata[0].name
labels = {
"app" = "calibre"
}
@ -218,7 +218,7 @@ resource "kubernetes_service" "calibre" {
module "ingress" {
source = "../ingress_factory"
namespace = "calibre"
namespace = kubernetes_namespace.calibre.metadata[0].name
name = "calibre"
tls_secret_name = var.tls_secret_name
extra_annotations = {
@ -248,7 +248,7 @@ module "ingress" {
resource "kubernetes_deployment" "annas-archive-stacks" {
metadata {
name = "annas-archive-stacks"
namespace = "calibre"
namespace = kubernetes_namespace.calibre.metadata[0].name
labels = {
app = "annas-archive-stacks"
}
@ -304,7 +304,7 @@ resource "kubernetes_deployment" "annas-archive-stacks" {
resource "kubernetes_service" "annas-archive-stacks" {
metadata {
name = "annas-archive-stacks"
namespace = "calibre"
namespace = kubernetes_namespace.calibre.metadata[0].name
labels = {
"app" = "annas-archive-stacks"
}
@ -324,7 +324,7 @@ resource "kubernetes_service" "annas-archive-stacks" {
module "stacks-ingress" {
source = "../ingress_factory"
namespace = "calibre"
namespace = kubernetes_namespace.calibre.metadata[0].name
name = "stacks"
service_name = "annas-archive-stacks"
tls_secret_name = var.tls_secret_name

8
modules/kubernetes/changedetection/main.tf
View file

@ -11,14 +11,14 @@ resource "kubernetes_namespace" "changedetection" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "changedetection"
namespace = kubernetes_namespace.changedetection.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_deployment" "changedetection" {
metadata {
name = "changedetection"
namespace = "changedetection"
namespace = kubernetes_namespace.changedetection.metadata[0].name
labels = {
app = "changedetection"
}
@ -103,7 +103,7 @@ resource "kubernetes_deployment" "changedetection" {
resource "kubernetes_service" "changedetection" {
metadata {
name = "changedetection"
namespace = "changedetection"
namespace = kubernetes_namespace.changedetection.metadata[0].name
labels = {
"app" = "changedetection"
}
@ -122,7 +122,7 @@ resource "kubernetes_service" "changedetection" {
module "ingress" {
source = "../ingress_factory"
namespace = "changedetection"
namespace = kubernetes_namespace.changedetection.metadata[0].name
name = "changedetection"
tls_secret_name = var.tls_secret_name
protected = true

22
modules/kubernetes/cloudflared/cloudflare.tf
View file

@ -1,10 +1,8 @@
# Contents for cloudflare account
variable "cloudflare_api_key" {}
variable "cloudflare_email" {}
variable "cloudflare_proxied_names" {}
variable "cloudflare_non_proxied_names" {
type = list(string)
}
variable "cloudflare_proxied_names" { type = list(string) }
variable "cloudflare_non_proxied_names" { type = list(string) }
variable "cloudflare_zone_id" {
description = "Zone ID for your domain"
type = string
@ -36,6 +34,18 @@ provider "cloudflare" {
email = var.cloudflare_email
}
locals {
cloudflare_proxied_names_map = {
for h in var.cloudflare_proxied_names :
h => h
}
cloudflare_non_proxied_names_map = {
for h in var.cloudflare_non_proxied_names :
h => h
}
}
resource "cloudflare_zero_trust_tunnel_cloudflared_config" "sof" {
account_id = var.cloudflare_account_id
tunnel_id = var.cloudflare_tunnel_id
@ -62,9 +72,11 @@ resource "cloudflare_zero_trust_tunnel_cloudflared_config" "sof" {
}
resource "cloudflare_record" "dns_record" {
# for_each = local.cloudflare_proxied_names_map
count = length(var.cloudflare_proxied_names)
content = "${var.cloudflare_tunnel_id}.cfargotunnel.com"
name = var.cloudflare_proxied_names[count.index]
# name = each.key
proxied = true
ttl = 1
type = "CNAME"
@ -72,10 +84,12 @@ resource "cloudflare_record" "dns_record" {
}
resource "cloudflare_record" "non_proxied_dns_record" {
# for_each = local.cloudflare_non_proxied_names_map
count = length(var.cloudflare_non_proxied_names)
# content = var.non_proxied_names[count.index].ip
content = var.public_ip
name = var.cloudflare_non_proxied_names[count.index]
# name = each.key
proxied = false
ttl = 1
type = "A"

6
modules/kubernetes/cloudflared/main.tf
View file

@ -10,14 +10,14 @@ resource "kubernetes_namespace" "cloudflared" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "cloudflared"
namespace = kubernetes_namespace.cloudflared.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_deployment" "cloudflared" {
metadata {
name = "cloudflared"
namespace = "cloudflared"
namespace = kubernetes_namespace.cloudflared.metadata[0].name
labels = {
app = "cloudflared"
}
@ -64,7 +64,7 @@ resource "kubernetes_deployment" "cloudflared" {
resource "kubernetes_service" "cloudflared" {
metadata {
name = "cloudflared"
namespace = "cloudflared"
namespace = kubernetes_namespace.cloudflared.metadata[0].name
labels = {
"app" = "cloudflared"
}

12
modules/kubernetes/crowdsec/main.tf
View file

@ -9,7 +9,7 @@ variable "crowdsec_dash_machine_password" { type = string } # used for web dash
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "crowdsec"
namespace = kubernetes_namespace.crowdsec.metadata[0].name
tls_secret_name = var.tls_secret_name
}
@ -22,7 +22,7 @@ resource "kubernetes_namespace" "crowdsec" {
resource "kubernetes_config_map" "crowdsec_custom_scenarios" {
metadata {
name = "crowdsec-custom-scenarios"
namespace = "crowdsec"
namespace = kubernetes_namespace.crowdsec.metadata[0].name
labels = {
"app.kubernetes.io/name" = "crowdsec"
}
@ -62,7 +62,7 @@ resource "kubernetes_config_map" "crowdsec_custom_scenarios" {
resource "helm_release" "crowdsec" {
namespace = "crowdsec"
namespace = kubernetes_namespace.crowdsec.metadata[0].name
create_namespace = true
name = "crowdsec"
atomic = true
@ -80,7 +80,7 @@ resource "helm_release" "crowdsec" {
resource "kubernetes_deployment" "crowdsec-web" {
metadata {
name = "crowdsec-web"
namespace = "crowdsec"
namespace = kubernetes_namespace.crowdsec.metadata[0].name
labels = {
app = "crowdsec_web"
"kubernetes.io/cluster-service" = "true"
@ -137,7 +137,7 @@ resource "kubernetes_deployment" "crowdsec-web" {
resource "kubernetes_service" "crowdsec-web" {
metadata {
name = "crowdsec-web"
namespace = "crowdsec"
namespace = kubernetes_namespace.crowdsec.metadata[0].name
labels = {
"app" = "crowdsec_web"
}
@ -155,7 +155,7 @@ resource "kubernetes_service" "crowdsec-web" {
}
module "ingress" {
source = "../ingress_factory"
namespace = "crowdsec"
namespace = kubernetes_namespace.crowdsec.metadata[0].name
name = "crowdsec-web"
protected = true
tls_secret_name = var.tls_secret_name

8
modules/kubernetes/cyberchef/main.tf
View file

@ -7,14 +7,14 @@ resource "kubernetes_namespace" "cyberchef" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "cyberchef"
namespace = kubernetes_namespace.cyberchef.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_deployment" "cyberchef" {
metadata {
name = "cyberchef"
namespace = "cyberchef"
namespace = kubernetes_namespace.cyberchef.metadata[0].name
labels = {
app = "cyberchef"
}
@ -55,7 +55,7 @@ resource "kubernetes_deployment" "cyberchef" {
resource "kubernetes_service" "cyberchef" {
metadata {
name = "cc"
namespace = "cyberchef"
namespace = kubernetes_namespace.cyberchef.metadata[0].name
labels = {
"app" = "cyberchef"
}
@ -76,7 +76,7 @@ resource "kubernetes_service" "cyberchef" {
module "ingress" {
source = "../ingress_factory"
namespace = "cyberchef"
namespace = kubernetes_namespace.cyberchef.metadata[0].name
name = "cc"
tls_secret_name = var.tls_secret_name
rybbit_site_id = "7c460afc68c4"

10
modules/kubernetes/dashy/main.tf
View file

@ -3,7 +3,7 @@ variable "tls_secret_name" {}
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "dashy"
namespace = kubernetes_namespace.dashy.metadata[0].name
tls_secret_name = var.tls_secret_name
}
@ -19,7 +19,7 @@ resource "kubernetes_namespace" "dashy" {
resource "kubernetes_config_map" "config" {
metadata {
name = "config"
namespace = "dashy"
namespace = kubernetes_namespace.dashy.metadata[0].name
annotations = {
"reloader.stakater.com/match" = "true"
@ -34,7 +34,7 @@ resource "kubernetes_config_map" "config" {
resource "kubernetes_deployment" "dashy" {
metadata {
name = "dashy"
namespace = "dashy"
namespace = kubernetes_namespace.dashy.metadata[0].name
labels = {
app = "dashy"
}
@ -85,7 +85,7 @@ resource "kubernetes_deployment" "dashy" {
resource "kubernetes_service" "dashy" {
metadata {
name = "dashy"
namespace = "dashy"
namespace = kubernetes_namespace.dashy.metadata[0].name
labels = {
app = "dashy"
}
@ -105,7 +105,7 @@ resource "kubernetes_service" "dashy" {
module "ingress" {
source = "../ingress_factory"
namespace = "dashy"
namespace = kubernetes_namespace.dashy.metadata[0].name
name = "dashy"
tls_secret_name = var.tls_secret_name
protected = true # hidden as we use homepage now

12
modules/kubernetes/dawarich/main.tf
View file

@ -17,14 +17,14 @@ resource "kubernetes_namespace" "dawarich" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "dawarich"
namespace = kubernetes_namespace.dawarich.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_deployment" "dawarich" {
metadata {
name = "dawarich"
namespace = "dawarich"
namespace = kubernetes_namespace.dawarich.metadata[0].name
labels = {
app = "dawarich"
}
@ -218,7 +218,7 @@ resource "kubernetes_deployment" "dawarich" {
# resource "kubernetes_deployment" "photon" {
# metadata {
# name = "photon"
# namespace = "dawarich"
# namespace = kubernetes_namespace.dawarich.metadata[0].name
# labels = {
# app = "photon"
# }
@ -276,7 +276,7 @@ resource "kubernetes_deployment" "dawarich" {
resource "kubernetes_service" "dawarich" {
metadata {
name = "dawarich"
namespace = "dawarich"
namespace = kubernetes_namespace.dawarich.metadata[0].name
labels = {
"app" = "dawarich"
}
@ -298,7 +298,7 @@ resource "kubernetes_service" "dawarich" {
# resource "kubernetes_service" "photon" {
# metadata {
# name = "photon"
# namespace = "dawarich"
# namespace = kubernetes_namespace.dawarich.metadata[0].name
# labels = {
# "app" = "photon"
# }
@ -318,7 +318,7 @@ resource "kubernetes_service" "dawarich" {
# }
module "ingress" {
source = "../ingress_factory"
namespace = "dawarich"
namespace = kubernetes_namespace.dawarich.metadata[0].name
name = "dawarich"
tls_secret_name = var.tls_secret_name
extra_annotations = {

48
modules/kubernetes/dbaas/main.tf
View file

@ -19,7 +19,7 @@ resource "kubernetes_namespace" "dbaas" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "dbaas"
namespace = kubernetes_namespace.dbaas.metadata[0].name
tls_secret_name = var.tls_secret_name
}
@ -27,7 +27,7 @@ module "tls_secret" {
resource "kubernetes_config_map" "mycnf" {
metadata {
name = "mycnf"
namespace = "dbaas"
namespace = kubernetes_namespace.dbaas.metadata[0].name
annotations = {
"reloader.stakater.com/match" = "true"
@ -80,7 +80,7 @@ resource "kubernetes_config_map" "mycnf" {
resource "kubernetes_service" "mysql" {
metadata {
name = var.cluster_master_service
namespace = "dbaas"
namespace = kubernetes_namespace.dbaas.metadata[0].name
}
spec {
selector = {
@ -95,7 +95,7 @@ resource "kubernetes_service" "mysql" {
resource "kubernetes_deployment" "mysql" {
metadata {
name = "mysql"
namespace = "dbaas"
namespace = kubernetes_namespace.dbaas.metadata[0].name
annotations = {
"reloader.stakater.com/search" = "true"
}
@ -166,7 +166,7 @@ resource "kubernetes_deployment" "mysql" {
resource "kubernetes_cron_job_v1" "mysql-backup" {
metadata {
name = "mysql-backup"
namespace = "dbaas"
namespace = kubernetes_namespace.dbaas.metadata[0].name
}
spec {
concurrency_policy = "Replace"
@ -244,7 +244,7 @@ resource "kubernetes_cron_job_v1" "mysql-backup" {
# resource "helm_release" "mysql" {
# namespace = "dbaas"
# namespace = kubernetes_namespace.dbaas.metadata[0].name
# create_namespace = false
# name = "mysql"
@ -259,7 +259,7 @@ resource "kubernetes_cron_job_v1" "mysql-backup" {
# }
# # resource "helm_release" "mysql" {
# # namespace = "dbaas"
# # namespace = kubernetes_namespace.dbaas.metadata[0].name
# # create_namespace = false
# # name = "mysql-operator"
@ -270,7 +270,7 @@ resource "kubernetes_cron_job_v1" "mysql-backup" {
# # }
# # resource "helm_release" "innodb-cluster" {
# # namespace = "dbaas"
# # namespace = kubernetes_namespace.dbaas.metadata[0].name
# # create_namespace = false
# # name = var.cluster_master_service
@ -304,7 +304,7 @@ resource "kubernetes_cron_job_v1" "mysql-backup" {
resource "kubernetes_secret" "cluster-password" {
metadata {
name = "cluster-secret"
namespace = "dbaas"
namespace = kubernetes_namespace.dbaas.metadata[0].name
annotations = {
"reloader.stakater.com/match" = "true"
}
@ -318,7 +318,7 @@ resource "kubernetes_secret" "cluster-password" {
# resource "kubernetes_ingress_v1" "dbaas" {
# metadata {
# name = "orchestrator-ingress"
# namespace = "dbaas"
# namespace = kubernetes_namespace.dbaas.metadata[0].name
# annotations = {
# "kubernetes.io/ingress.class" = "nginx"
# "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on"
@ -355,7 +355,7 @@ resource "kubernetes_secret" "cluster-password" {
resource "kubernetes_deployment" "phpmyadmin" {
metadata {
name = "phpmyadmin"
namespace = "dbaas"
namespace = kubernetes_namespace.dbaas.metadata[0].name
labels = {
"app" = "phpmyadmin"
@ -414,7 +414,7 @@ resource "kubernetes_deployment" "phpmyadmin" {
resource "kubernetes_service" "phpmyadmin" {
metadata {
name = "pma"
namespace = "dbaas"
namespace = kubernetes_namespace.dbaas.metadata[0].name
}
spec {
selector = {
@ -428,7 +428,7 @@ resource "kubernetes_service" "phpmyadmin" {
}
module "ingress" {
source = "../ingress_factory"
namespace = "dbaas"
namespace = kubernetes_namespace.dbaas.metadata[0].name
name = "pma"
tls_secret_name = var.tls_secret_name
protected = true
@ -448,7 +448,7 @@ module "ingress" {
# kind: MysqlCluster
# metadata:
# name: mysql-cluster
# namespace: dbaas
# namespace = kubernetes_namespace.dbaas.metadata[0].name
# spec:
# mysqlVersion: "5.7"
# replicas: 1
@ -481,7 +481,7 @@ module "ingress" {
# # kind = "MysqlCluster"
# # metadata = {
# # name = "mysql-cluster"
# # namespace = "dbaas"
# # namespace = kubernetes_namespace.dbaas.metadata[0].name
# # }
# # spec = {
# # mysqlVersion = "5.7"
@ -523,7 +523,7 @@ module "ingress" {
# listKind: MysqlUserList
# plural: mysqlusers
# singular: mysqluser
# scope: Namespaced
# scope:namespace = kubernetes_namespace.dbaas.metadata[0].name
# versions:
# - additionalPrinterColumns:
# - description: The user status
@ -566,8 +566,8 @@ module "ingress" {
# name:
# description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
# type: string
# namespace:
# description: Namespace the MySQL cluster namespace
# namespace = kubernetes_namespace.dbaas.metadata[0].name
# description:namespace = kubernetes_namespace.dbaas.metadata[0].name
# type: string
# type: object
# password:
@ -680,7 +680,7 @@ module "ingress" {
resource "kubernetes_deployment" "postgres" {
metadata {
name = "postgresql"
namespace = "dbaas"
namespace = kubernetes_namespace.dbaas.metadata[0].name
annotations = {
"reloader.stakater.com/search" = "true"
}
@ -754,7 +754,7 @@ resource "kubernetes_deployment" "postgres" {
resource "kubernetes_service" "postgresql" {
metadata {
name = "postgresql"
namespace = "dbaas"
namespace = kubernetes_namespace.dbaas.metadata[0].name
}
spec {
selector = {
@ -773,7 +773,7 @@ resource "kubernetes_service" "postgresql" {
resource "kubernetes_deployment" "pgadmin" {
metadata {
name = "pgadmin"
namespace = "dbaas"
namespace = kubernetes_namespace.dbaas.metadata[0].name
annotations = {
"reloader.stakater.com/search" = "true"
}
@ -830,7 +830,7 @@ resource "kubernetes_deployment" "pgadmin" {
resource "kubernetes_service" "pgadmin" {
metadata {
name = "pgadmin"
namespace = "dbaas"
namespace = kubernetes_namespace.dbaas.metadata[0].name
}
spec {
selector = {
@ -844,7 +844,7 @@ resource "kubernetes_service" "pgadmin" {
}
module "ingress-pgadmin" {
source = "../ingress_factory"
namespace = "dbaas"
namespace = kubernetes_namespace.dbaas.metadata[0].name
name = "pgadmin"
tls_secret_name = var.tls_secret_name
protected = true
@ -858,7 +858,7 @@ module "ingress-pgadmin" {
resource "kubernetes_cron_job_v1" "postgresql-backup" {
metadata {
name = "postgresql-backup"
namespace = "dbaas"
namespace = kubernetes_namespace.dbaas.metadata[0].name
}
spec {
concurrency_policy = "Replace"

6
modules/kubernetes/descheduler/main.tf
View file

@ -53,7 +53,7 @@ resource "kubernetes_cluster_role" "descheduler" {
resource "kubernetes_service_account" "descheduler" {
metadata {
name = "descheduler-sa"
namespace = "descheduler"
namespace = kubernetes_namespace.descheduler.metadata[0].name
}
}
@ -70,12 +70,12 @@ resource "kubernetes_cluster_role_binding" "descheduler" {
subject {
name = "descheduler-sa"
kind = "ServiceAccount"
namespace = "descheduler"
namespace = kubernetes_namespace.descheduler.metadata[0].name
}
}
resource "helm_release" "prometheus" {
namespace = "descheduler"
namespace = kubernetes_namespace.descheduler.metadata[0].name
name = "descheduler"
repository = "https://kubernetes-sigs.github.io/descheduler/"

8
modules/kubernetes/discount-bandit/main.tf
View file

@ -11,14 +11,14 @@ resource "kubernetes_namespace" "discount-bandit" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "discount-bandit"
namespace = kubernetes_namespace.discount-bandit.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_deployment" "discount-bandit" {
metadata {
name = "discount-bandit"
namespace = "discount-bandit"
namespace = kubernetes_namespace.discount-bandit.metadata[0].name
labels = {
app = "discount-bandit"
}
@ -79,7 +79,7 @@ resource "kubernetes_deployment" "discount-bandit" {
resource "kubernetes_service" "discount-bandit" {
metadata {
name = "discount-bandit"
namespace = "discount-bandit"
namespace = kubernetes_namespace.discount-bandit.metadata[0].name
labels = {
"app" = "discount-bandit"
}
@ -101,7 +101,7 @@ resource "kubernetes_service" "discount-bandit" {
resource "kubernetes_ingress_v1" "discount-bandit" {
metadata {
name = "discount-bandit"
namespace = "discount-bandit"
namespace = kubernetes_namespace.discount-bandit.metadata[0].name
annotations = {
"kubernetes.io/ingress.class" = "nginx"
}

8
modules/kubernetes/diun/main.tf
View file

@ -13,14 +13,14 @@ resource "kubernetes_namespace" "diun" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "diun"
namespace = kubernetes_namespace.diun.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_service_account" "diun" {
metadata {
name = "diun"
namespace = "diun"
namespace = kubernetes_namespace.diun.metadata[0].name
}
}
@ -47,14 +47,14 @@ resource "kubernetes_cluster_role_binding" "diun" {
subject {
kind = "ServiceAccount"
name = "diun"
namespace = "diun"
namespace = kubernetes_namespace.diun.metadata[0].name
}
}
resource "kubernetes_deployment" "diun" {
metadata {
name = "diun"
namespace = "diun"
namespace = kubernetes_namespace.diun.metadata[0].name
labels = {
app = "diun"
}

8
modules/kubernetes/dnscat2/main.tf
View file

@ -11,14 +11,14 @@ resource "kubernetes_namespace" "dnscat2" {
# module "tls_secret" {
# source = "../setup_tls_secret"
# namespace = "dnscat2"
# namespace = kubernetes_namespace.dnscat2.metadata[0].name
# tls_secret_name = var.tls_secret_name
# }
resource "kubernetes_deployment" "dnscat2" {
metadata {
name = "dnscat2"
namespace = "dnscat2"
namespace = kubernetes_namespace.dnscat2.metadata[0].name
labels = {
app = "dnscat2"
}
@ -43,7 +43,7 @@ resource "kubernetes_deployment" "dnscat2" {
stdin = true
tty = true
port {
name="dns"
name = "dns"
container_port = 53
protocol = "UDP"
}
@ -60,7 +60,7 @@ resource "kubernetes_deployment" "dnscat2" {
resource "kubernetes_service" "dnscat2" {
metadata {
name = "dnscat2"
namespace = "dnscat2"
namespace = kubernetes_namespace.dnscat2.metadata[0].name
labels = {
"app" = "dnscat2"
}

6
modules/kubernetes/dnscrypt/main.tf
View file

@ -7,7 +7,7 @@ resource "kubernetes_namespace" "dnscrypt" {
resource "kubernetes_config_map" "dnscrypt" {
metadata {
name = "dnscrypt-proxy-configmap"
namespace = "dnscrypt"
namespace = kubernetes_namespace.dnscrypt.metadata[0].name
}
data = {
"dnscrypt-proxy.toml" = var.dnscrypt_proxy_toml
@ -17,7 +17,7 @@ resource "kubernetes_config_map" "dnscrypt" {
resource "kubernetes_deployment" "dnscrypt" {
metadata {
name = "dnscrypt-proxy"
namespace = "dnscrypt"
namespace = kubernetes_namespace.dnscrypt.metadata[0].name
labels = {
app = "dnscrypt-proxy"
"kubernetes.io/cluster-service" = "true"
@ -69,7 +69,7 @@ resource "kubernetes_deployment" "dnscrypt" {
resource "kubernetes_service" "dnscrypt" {
metadata {
name = "dnscrypt-proxy"
namespace = "dnscrypt"
namespace = kubernetes_namespace.dnscrypt.metadata[0].name
labels = {
"app" = "dnscrypt-proxy"
}

18
modules/kubernetes/drone/main.tf
View file

@ -23,14 +23,14 @@ resource "kubernetes_namespace" "drone" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "drone"
namespace = kubernetes_namespace.drone.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_config_map" "git_crypt_key" {
metadata {
name = "git-crypt-key"
namespace = "drone"
namespace = kubernetes_namespace.drone.metadata[0].name
}
data = {
@ -41,7 +41,7 @@ resource "kubernetes_config_map" "git_crypt_key" {
resource "kubernetes_deployment" "drone_server" {
metadata {
name = "drone-server"
namespace = "drone"
namespace = kubernetes_namespace.drone.metadata[0].name
labels = {
app = "drone"
}
@ -136,7 +136,7 @@ resource "kubernetes_deployment" "drone_server" {
resource "kubernetes_service" "drone" {
metadata {
name = "drone"
namespace = "drone"
namespace = kubernetes_namespace.drone.metadata[0].name
labels = {
app = "drone"
}
@ -155,7 +155,7 @@ resource "kubernetes_service" "drone" {
module "ingress" {
source = "../ingress_factory"
namespace = "drone"
namespace = kubernetes_namespace.drone.metadata[0].name
name = "drone"
tls_secret_name = var.tls_secret_name
# protected = true
@ -196,7 +196,7 @@ resource "kubernetes_cluster_role_binding" "drone" {
subject {
kind = "ServiceAccount"
name = "default"
namespace = "drone"
namespace = kubernetes_namespace.drone.metadata[0].name
}
role_ref {
kind = "ClusterRole"
@ -209,7 +209,7 @@ resource "kubernetes_cluster_role_binding" "drone" {
resource "kubernetes_deployment" "drone_runner" {
metadata {
name = "drone-runner"
namespace = "drone"
namespace = kubernetes_namespace.drone.metadata[0].name
labels = {
app = "drone-runner"
}
@ -284,7 +284,7 @@ resource "kubernetes_deployment" "drone_runner" {
resource "kubernetes_deployment" "drone_runner_secret" {
metadata {
name = "drone-runner-secret"
namespace = "drone"
namespace = kubernetes_namespace.drone.metadata[0].name
labels = {
app = "drone-runner-secret"
}
@ -339,7 +339,7 @@ resource "kubernetes_deployment" "drone_runner_secret" {
resource "kubernetes_service" "drone_runner_secret" {
metadata {
name = "drone-runner-secret"
namespace = "drone"
namespace = kubernetes_namespace.drone.metadata[0].name
labels = {
app = "drone-runner-secret"
}

8
modules/kubernetes/echo/main.tf
View file

@ -11,14 +11,14 @@ resource "kubernetes_namespace" "echo" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "echo"
namespace = kubernetes_namespace.echo.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_deployment" "echo" {
metadata {
name = "echo"
namespace = "echo"
namespace = kubernetes_namespace.echo.metadata[0].name
labels = {
app = "echo"
}
@ -55,7 +55,7 @@ resource "kubernetes_deployment" "echo" {
resource "kubernetes_service" "echo" {
metadata {
name = "echo"
namespace = "echo"
namespace = kubernetes_namespace.echo.metadata[0].name
labels = {
"app" = "echo"
}
@ -75,7 +75,7 @@ resource "kubernetes_service" "echo" {
module "ingress" {
source = "../ingress_factory"
namespace = "echo"
namespace = kubernetes_namespace.echo.metadata[0].name
name = "echo"
tls_secret_name = var.tls_secret_name
}

10
modules/kubernetes/excalidraw/main.tf
View file

@ -1,6 +1,6 @@
variable "tls_secret_name" {}
resource "kubernetes_namespace" "finance_app" {
resource "kubernetes_namespace" "excalidraw" {
metadata {
name = "excalidraw"
labels = {
@ -12,14 +12,14 @@ resource "kubernetes_namespace" "finance_app" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "excalidraw"
namespace = kubernetes_namespace.excalidraw.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_deployment" "excalidraw" {
metadata {
name = "excalidraw"
namespace = "excalidraw"
namespace = kubernetes_namespace.excalidraw.metadata[0].name
labels = {
app = "excalidraw"
}
@ -54,7 +54,7 @@ resource "kubernetes_deployment" "excalidraw" {
resource "kubernetes_service" "draw" {
metadata {
name = "draw"
namespace = "excalidraw"
namespace = kubernetes_namespace.excalidraw.metadata[0].name
labels = {
app = "excalidraw"
}
@ -73,7 +73,7 @@ resource "kubernetes_service" "draw" {
module "ingress" {
source = "../ingress_factory"
namespace = "excalidraw"
namespace = kubernetes_namespace.excalidraw.metadata[0].name
name = "draw"
tls_secret_name = var.tls_secret_name
}

8
modules/kubernetes/f1-stream/main.tf
View file

@ -12,7 +12,7 @@ resource "kubernetes_namespace" "f1-stream" {
resource "kubernetes_deployment" "f1-stream" {
metadata {
name = "f1-stream"
namespace = "f1-stream"
namespace = kubernetes_namespace.f1-stream.metadata[0].name
labels = {
app = "f1-stream"
}
@ -57,7 +57,7 @@ resource "kubernetes_deployment" "f1-stream" {
resource "kubernetes_service" "f1-stream" {
metadata {
name = "f1"
namespace = "f1-stream"
namespace = kubernetes_namespace.f1-stream.metadata[0].name
labels = {
"app" = "f1-stream"
}
@ -75,14 +75,14 @@ resource "kubernetes_service" "f1-stream" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "f1-stream"
namespace = kubernetes_namespace.f1-stream.metadata[0].name
tls_secret_name = var.tls_secret_name
}
module "ingress" {
source = "../ingress_factory"
namespace = "f1-stream"
namespace = kubernetes_namespace.f1-stream.metadata[0].name
name = "f1"
tls_secret_name = var.tls_secret_name
extra_annotations = {

14
modules/kubernetes/finance_app/main.tf
View file

@ -23,7 +23,7 @@ resource "kubernetes_namespace" "finance_app" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "finance-app"
namespace = kubernetes_namespace.finance_app.metadata[0].name
tls_secret_name = var.tls_secret_name
}
@ -49,7 +49,7 @@ module "tls_secret" {
# resource "kubernetes_persistent_volume_claim" "finance_app_pvc" {
# metadata {
# name = "finance-iscsi-pvc"
# namespace = "finance-app"
# namespace = kubernetes_namespace.finance_app.metadata[0].name
# }
# spec {
# access_modes = ["ReadWriteOnce"]
@ -64,7 +64,7 @@ module "tls_secret" {
resource "kubernetes_deployment" "finance_app" {
metadata {
name = "finance-app"
namespace = "finance-app"
namespace = kubernetes_namespace.finance_app.metadata[0].name
labels = {
app = "finance-app"
}
@ -175,7 +175,7 @@ resource "kubernetes_deployment" "finance_app" {
resource "kubernetes_deployment" "finance_app_frontend" {
metadata {
name = "finance-app-frontend"
namespace = "finance-app"
namespace = kubernetes_namespace.finance_app.metadata[0].name
labels = {
app = "finance-app-frontend"
}
@ -210,7 +210,7 @@ resource "kubernetes_deployment" "finance_app_frontend" {
resource "kubernetes_service" "finance_app" {
metadata {
name = "finance-app"
namespace = "finance-app"
namespace = kubernetes_namespace.finance_app.metadata[0].name
labels = {
app = "finance-app"
}
@ -230,7 +230,7 @@ resource "kubernetes_service" "finance_app" {
resource "kubernetes_service" "finance_app_frontend" {
metadata {
name = "finance-app-frontend"
namespace = "finance-app"
namespace = kubernetes_namespace.finance_app.metadata[0].name
labels = {
app = "finance-app-frontend"
}
@ -250,7 +250,7 @@ resource "kubernetes_service" "finance_app_frontend" {
resource "kubernetes_ingress_v1" "finance_app" {
metadata {
name = "finance-app"
namespace = "finance-app"
namespace = kubernetes_namespace.finance_app.metadata[0].name
annotations = {
"kubernetes.io/ingress.class" = "nginx"
#"nginx.ingress.kubernetes.io/auth-url"= "https://oauth-provider/auth"

8
modules/kubernetes/forgejo/main.tf
View file

@ -11,14 +11,14 @@ resource "kubernetes_namespace" "forgejo" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "forgejo"
namespace = kubernetes_namespace.forgejo.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_deployment" "forgejo" {
metadata {
name = "forgejo"
namespace = "forgejo"
namespace = kubernetes_namespace.forgejo.metadata[0].name
labels = {
app = "forgejo"
}
@ -76,7 +76,7 @@ resource "kubernetes_deployment" "forgejo" {
resource "kubernetes_service" "forgejo" {
metadata {
name = "forgejo"
namespace = "forgejo"
namespace = kubernetes_namespace.forgejo.metadata[0].name
labels = {
"app" = "forgejo"
}
@ -94,7 +94,7 @@ resource "kubernetes_service" "forgejo" {
}
module "ingress" {
source = "../ingress_factory"
namespace = "forgejo"
namespace = kubernetes_namespace.forgejo.metadata[0].name
name = "forgejo"
tls_secret_name = var.tls_secret_name
extra_annotations = {

12
modules/kubernetes/frigate/main.tf
View file

@ -11,14 +11,14 @@ resource "kubernetes_namespace" "frigate" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "frigate"
namespace = kubernetes_namespace.frigate.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_deployment" "frigate" {
metadata {
name = "frigate"
namespace = "frigate"
namespace = kubernetes_namespace.frigate.metadata[0].name
labels = {
app = "frigate"
}
@ -132,7 +132,7 @@ resource "kubernetes_deployment" "frigate" {
resource "kubernetes_service" "frigate" {
metadata {
name = "frigate"
namespace = "frigate"
namespace = kubernetes_namespace.frigate.metadata[0].name
labels = {
"app" = "frigate"
}
@ -154,7 +154,7 @@ resource "kubernetes_service" "frigate" {
resource "kubernetes_service" "frigate-rtsp" {
metadata {
name = "frigate-rtsp"
namespace = "frigate"
namespace = kubernetes_namespace.frigate.metadata[0].name
labels = {
"app" = "frigate"
}
@ -184,7 +184,7 @@ resource "kubernetes_service" "frigate-rtsp" {
module "ingress" {
source = "../ingress_factory"
namespace = "frigate"
namespace = kubernetes_namespace.frigate.metadata[0].name
name = "frigate"
tls_secret_name = var.tls_secret_name
protected = true
@ -206,7 +206,7 @@ module "ingress" {
module "ingress-internal" {
source = "../ingress_factory"
namespace = "frigate"
namespace = kubernetes_namespace.frigate.metadata[0].name
name = "frigate-lan"
host = "frigate-lan"
root_domain = "viktorbarzin.lan"

8
modules/kubernetes/hackmd/main.tf
View file

@ -12,14 +12,14 @@ resource "kubernetes_namespace" "hackmd" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "hackmd"
namespace = kubernetes_namespace.hackmd.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_deployment" "hackmd" {
metadata {
name = "hackmd"
namespace = "hackmd"
namespace = kubernetes_namespace.hackmd.metadata[0].name
labels = {
app = "hackmd"
"kubernetes.io/cluster-service" = "true"
@ -127,7 +127,7 @@ resource "kubernetes_deployment" "hackmd" {
resource "kubernetes_service" "hackmd" {
metadata {
name = "hackmd"
namespace = "hackmd"
namespace = kubernetes_namespace.hackmd.metadata[0].name
labels = {
"app" = "hackmd"
}
@ -145,7 +145,7 @@ resource "kubernetes_service" "hackmd" {
}
module "ingress" {
source = "../ingress_factory"
namespace = "hackmd"
namespace = kubernetes_namespace.hackmd.metadata[0].name
name = "hackmd"
tls_secret_name = var.tls_secret_name
extra_annotations = {

12
modules/kubernetes/headscale/main.tf
View file

@ -11,14 +11,14 @@ resource "kubernetes_namespace" "headscale" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "headscale"
namespace = kubernetes_namespace.headscale.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_deployment" "headscale" {
metadata {
name = "headscale"
namespace = "headscale"
namespace = kubernetes_namespace.headscale.metadata[0].name
labels = {
app = "headscale"
# scare to try but probably non-http will fail
@ -141,7 +141,7 @@ resource "kubernetes_deployment" "headscale" {
resource "kubernetes_service" "headscale" {
metadata {
name = "headscale"
namespace = "headscale"
namespace = kubernetes_namespace.headscale.metadata[0].name
labels = {
"app" = "headscale"
}
@ -184,7 +184,7 @@ resource "kubernetes_service" "headscale" {
resource "kubernetes_ingress_v1" "headscale" {
metadata {
name = "headscale-ingress"
namespace = "headscale"
namespace = kubernetes_namespace.headscale.metadata[0].name
annotations = {
// DO NOT ADD CLIENT TLS AUTH as this breaks vpn auth
"kubernetes.io/ingress.class" = "nginx"
@ -233,7 +233,7 @@ resource "kubernetes_ingress_v1" "headscale" {
resource "kubernetes_service" "headscale-server" {
metadata {
name = "headscale-server"
namespace = "headscale"
namespace = kubernetes_namespace.headscale.metadata[0].name
labels = {
"app" = "headscale"
}
@ -265,7 +265,7 @@ resource "kubernetes_service" "headscale-server" {
resource "kubernetes_config_map" "headscale-config" {
metadata {
name = "headscale-config"
namespace = "headscale"
namespace = kubernetes_namespace.headscale.metadata[0].name
annotations = {
"reloader.stakater.com/match" = "true"

12
modules/kubernetes/home_assistant/main.tf
View file

@ -11,7 +11,7 @@ resource "kubernetes_namespace" "home_assistant" {
resource "kubernetes_config_map" "home_assistant_config_map" {
metadata {
name = "home-assistant-configmap"
namespace = "home-assistant"
namespace = kubernetes_namespace.home_assistant.metadata[0].name
annotations = {
"reloader.stakater.com/match" = "true"
@ -28,12 +28,12 @@ resource "kubernetes_config_map" "home_assistant_config_map" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "home-assistant"
namespace = kubernetes_namespace.home_assistant.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "helm_release" "home_assistant" {
namespace = "home-assistant"
namespace = kubernetes_namespace.home_assistant.metadata[0].name
create_namespace = true
name = "home-assistant"
@ -46,7 +46,7 @@ resource "helm_release" "home_assistant" {
resource "kubernetes_deployment" "home_assistant" {
metadata {
name = "home-assistant"
namespace = "home-assistant"
namespace = kubernetes_namespace.home_assistant.metadata[0].name
labels = {
"app.kubernetes.io/instance" = "home-assistant"
@ -158,7 +158,7 @@ resource "kubernetes_deployment" "home_assistant" {
resource "kubernetes_service" "home_assistant" {
metadata {
name = "home-assistant"
namespace = "home-assistant"
namespace = kubernetes_namespace.home_assistant.metadata[0].name
labels = {
"app.kubernetes.io/instance" = "home-assistant"
@ -204,7 +204,7 @@ resource "kubernetes_service" "home_assistant" {
resource "kubernetes_ingress_v1" "home-assistant-ui" {
metadata {
name = "home-assistant-ui-ingress"
namespace = "home-assistant"
namespace = kubernetes_namespace.home_assistant.metadata[0].name
annotations = {
"kubernetes.io/ingress.class" = "nginx"
"nginx.ingress.kubernetes.io/force-ssl-redirect" = "true"

4
modules/kubernetes/homepage/main.tf
View file

@ -3,7 +3,7 @@ variable "tls_secret_name" {}
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "homepage"
namespace = kubernetes_namespace.homepage.metadata[0].name
tls_secret_name = var.tls_secret_name
}
@ -17,7 +17,7 @@ resource "kubernetes_namespace" "homepage" {
}
resource "helm_release" "homepage" {
namespace = "homepage"
namespace = kubernetes_namespace.homepage.metadata[0].name
create_namespace = false
name = "homepage"
atomic = true

26
modules/kubernetes/immich/main.tf
View file

@ -10,7 +10,7 @@ variable "immich_version" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "immich"
namespace = kubernetes_namespace.immich.metadata[0].name
tls_secret_name = var.tls_secret_name
}
@ -23,7 +23,7 @@ resource "kubernetes_namespace" "immich" {
resource "kubernetes_deployment" "immich_server" {
metadata {
name = "immich-server"
namespace = "immich"
namespace = kubernetes_namespace.immich.metadata[0].name
labels = {
app = "immich-server"
@ -215,7 +215,7 @@ resource "kubernetes_deployment" "immich_server" {
resource "kubernetes_service" "immich-server" {
metadata {
name = "immich-server"
namespace = "immich"
namespace = kubernetes_namespace.immich.metadata[0].name
labels = {
"app" = "immich-server"
}
@ -234,7 +234,7 @@ resource "kubernetes_service" "immich-server" {
resource "kubernetes_deployment" "immich-postgres" {
metadata {
name = "immich-postgresql"
namespace = "immich"
namespace = kubernetes_namespace.immich.metadata[0].name
}
spec {
replicas = 1
@ -298,7 +298,7 @@ resource "kubernetes_deployment" "immich-postgres" {
resource "kubernetes_service" "immich-postgresql" {
metadata {
name = "immich-postgresql"
namespace = "immich"
namespace = kubernetes_namespace.immich.metadata[0].name
labels = {
"app" = "immich-postgresql"
}
@ -317,7 +317,7 @@ resource "kubernetes_service" "immich-postgresql" {
# If you're having issuewith typesens container exiting prematurely, increase liveliness check
# resource "helm_release" "immich" {
# namespace = "immich"
# namespace = kubernetes_namespace.immich.metadata[0].name
# name = "immich"
# repository = "https://immich-app.github.io/immich-charts"
@ -333,7 +333,7 @@ resource "kubernetes_service" "immich-postgresql" {
resource "kubernetes_deployment" "immich-machine-learning" {
metadata {
name = "immich-machine-learning"
namespace = "immich"
namespace = kubernetes_namespace.immich.metadata[0].name
}
spec {
replicas = 1
@ -407,7 +407,7 @@ resource "kubernetes_deployment" "immich-machine-learning" {
resource "kubernetes_service" "immich-machine-learning" {
metadata {
name = "immich-machine-learning"
namespace = "immich"
namespace = kubernetes_namespace.immich.metadata[0].name
labels = {
"app" = "immich-machine-learning"
}
@ -425,7 +425,7 @@ resource "kubernetes_service" "immich-machine-learning" {
resource "kubernetes_ingress_v1" "ingress" {
metadata {
namespace = "immich"
namespace = kubernetes_namespace.immich.metadata[0].name
name = "immich"
annotations = {
# NOTE: when changing - test video playback from mobile and web!
@ -528,7 +528,7 @@ resource "kubernetes_ingress_v1" "ingress" {
resource "kubernetes_cron_job_v1" "postgresql-backup" {
metadata {
name = "postgresql-backup"
namespace = "immich"
namespace = kubernetes_namespace.immich.metadata[0].name
}
spec {
concurrency_policy = "Replace"
@ -581,7 +581,7 @@ resource "kubernetes_cron_job_v1" "postgresql-backup" {
# resource "kubernetes_deployment" "powertools" {
# metadata {
# name = "immich-powertools"
# namespace = "immich"
# namespace = kubernetes_namespace.immich.metadata[0].name
# labels = {
# app = "immich-powertools"
# }
@ -665,7 +665,7 @@ resource "kubernetes_cron_job_v1" "postgresql-backup" {
# resource "kubernetes_service" "powertools" {
# metadata {
# name = "immich-powertools"
# namespace = "immich"
# namespace = kubernetes_namespace.immich.metadata[0].name
# labels = {
# "app" = "immich-powertools"
# }
@ -686,7 +686,7 @@ resource "kubernetes_cron_job_v1" "postgresql-backup" {
# module "ingress-powertools" {
# source = "../ingress_factory"
# namespace = "immich"
# namespace = kubernetes_namespace.immich.metadata[0].name
# name = "immich-powertools"
# tls_secret_name = var.tls_secret_name
# protected = true

2
modules/kubernetes/isponsorblocktv/main.tf
View file

@ -15,7 +15,7 @@ resource "kubernetes_namespace" "isponsorblocktv" {
resource "kubernetes_deployment" "isponsorblocktv-vermont" {
metadata {
name = "isponsorblocktv-vermont"
namespace = "isponsorblocktv"
namespace = kubernetes_namespace.isponsorblocktv.metadata[0].name
labels = {
app = "isponsorblocktv-vermont"
}

14
modules/kubernetes/istio/main.tf
View file

@ -8,13 +8,13 @@ resource "kubernetes_namespace" "istio" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "istio-system"
namespace = kubernetes_namespace.istio.metadata[0].name
tls_secret_name = var.tls_secret_name
}
# to delete all CRDS: kubectl get crd -oname | grep --color=never 'istio.io' | xargs kubectl delete
resource "helm_release" "istio-base" {
namespace = "istio-system"
namespace = kubernetes_namespace.istio.metadata[0].name
create_namespace = false
name = "istio-base"
atomic = true
@ -25,7 +25,7 @@ resource "helm_release" "istio-base" {
}
resource "helm_release" "istiod" {
namespace = "istio-system"
namespace = kubernetes_namespace.istio.metadata[0].name
create_namespace = false
name = "istiod"
atomic = true
@ -36,7 +36,7 @@ resource "helm_release" "istiod" {
}
resource "helm_release" "istio-gateway" {
namespace = "istio-system"
namespace = kubernetes_namespace.istio.metadata[0].name
create_namespace = false
name = "istio-gateway"
atomic = true
@ -48,7 +48,7 @@ resource "helm_release" "istio-gateway" {
# Kiali dashboard
resource "helm_release" "kiali" {
namespace = "istio-system"
namespace = kubernetes_namespace.istio.metadata[0].name
create_namespace = false
name = "kiali"
atomic = true
@ -71,7 +71,7 @@ resource "helm_release" "kiali" {
resource "kubernetes_secret" "kiali-token" {
metadata {
name = "kiali-secret"
namespace = "istio-system"
namespace = kubernetes_namespace.istio.metadata[0].name
annotations = {
"kubernetes.io/service-account.name" : "kiali-service-account"
}
@ -83,7 +83,7 @@ resource "kubernetes_secret" "kiali-token" {
# resource "kubernetes_ingress_v1" "kiali" {
# metadata {
# name = "kiali"
# namespace = "istio-system"
# namespace = kubernetes_namespace.istio.metadata[0].name
# annotations = {
# "kubernetes.io/ingress.class" = "nginx"
# "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth"

8
modules/kubernetes/jellyfin/main.tf
View file

@ -8,14 +8,14 @@ resource "kubernetes_namespace" "jellyfin" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "jellyfin"
namespace = kubernetes_namespace.jellyfin.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_deployment" "jellyfin" {
metadata {
name = "jellyfin"
namespace = "jellyfin"
namespace = kubernetes_namespace.jellyfin.metadata[0].name
labels = {
app = "jellyfin"
}
@ -89,7 +89,7 @@ resource "kubernetes_deployment" "jellyfin" {
resource "kubernetes_service" "jellyfin" {
metadata {
name = "jellyfin"
namespace = "jellyfin"
namespace = kubernetes_namespace.jellyfin.metadata[0].name
labels = {
"app" = "jellyfin"
}
@ -111,7 +111,7 @@ resource "kubernetes_service" "jellyfin" {
resource "kubernetes_ingress_v1" "jellyfin" {
metadata {
name = "jellyfin"
namespace = "jellyfin"
namespace = kubernetes_namespace.jellyfin.metadata[0].name
annotations = {
"kubernetes.io/ingress.class" = "nginx"
"nginx.ingress.kubernetes.io/proxy-body-size" : "5000m"

8
modules/kubernetes/jsoncrack/main.tf
View file

@ -10,14 +10,14 @@ resource "kubernetes_namespace" "jsoncrack" {
}
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "jsoncrack"
namespace = kubernetes_namespace.jsoncrack.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_deployment" "jsoncrack" {
metadata {
name = "jsoncrack"
namespace = "jsoncrack"
namespace = kubernetes_namespace.jsoncrack.metadata[0].name
labels = {
app = "jsoncrack"
}
@ -51,7 +51,7 @@ resource "kubernetes_deployment" "jsoncrack" {
resource "kubernetes_service" "jsoncrack" {
metadata {
name = "json"
namespace = "jsoncrack"
namespace = kubernetes_namespace.jsoncrack.metadata[0].name
labels = {
"app" = "jsoncrack"
}
@ -72,7 +72,7 @@ resource "kubernetes_service" "jsoncrack" {
module "ingress" {
source = "../ingress_factory"
namespace = "jsoncrack"
namespace = kubernetes_namespace.jsoncrack.metadata[0].name
name = "json"
tls_secret_name = var.tls_secret_name
}

20
modules/kubernetes/k8s-dashboard/main.tf
View file

@ -32,12 +32,12 @@ resource "kubernetes_namespace" "k8s-dashboard" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "kubernetes-dashboard"
namespace = kubernetes_namespace.k8s-dashboard.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "helm_release" "kubernetes-dashboard" {
namespace = "kubernetes-dashboard"
namespace = kubernetes_namespace.k8s-dashboard.metadata[0].name
name = "kubernetes-dashboard"
repository = "https://kubernetes.github.io/dashboard/"
@ -68,7 +68,7 @@ resource "helm_release" "kubernetes-dashboard" {
# resource "kubernetes_secret" "dashboard-token" {
# metadata {
# name = "dashboard-secret"
# namespace = "kubernetes-dashboard"
# namespace = kubernetes_namespace.k8s-dashboard.metadata[0].name
# annotations = {
# "kubernetes.io/service-account.name" : "kubernetes-dashboard"
# }
@ -79,7 +79,7 @@ resource "helm_release" "kubernetes-dashboard" {
module "ingress" {
source = "../ingress_factory"
namespace = "kubernetes-dashboard"
namespace = kubernetes_namespace.k8s-dashboard.metadata[0].name
name = "kubernetes-dashboard"
service_name = "kubernetes-dashboard-kong-proxy"
host = "k8s"
@ -94,7 +94,7 @@ module "ingress" {
resource "kubernetes_service_account" "kubernetes-dashboard" {
metadata {
name = "kubernetes-dashboard"
namespace = "kubernetes-dashboard"
namespace = kubernetes_namespace.k8s-dashboard.metadata[0].name
}
}
@ -111,7 +111,7 @@ resource "kubernetes_cluster_role_binding" "kubernetes-dashboard" {
subject {
kind = "ServiceAccount"
name = "kubernetes-dashboard"
namespace = "kubernetes-dashboard"
namespace = kubernetes_namespace.k8s-dashboard.metadata[0].name
}
# depends_on = [module.dashboard]
}
@ -119,7 +119,7 @@ resource "kubernetes_cluster_role_binding" "kubernetes-dashboard" {
resource "kubernetes_secret" "kubernetes-dashboard-admin-token" {
metadata {
name = "kubernetes-dashboard-admin"
namespace = "kubernetes-dashboard"
namespace = kubernetes_namespace.k8s-dashboard.metadata[0].name
annotations = {
"kubernetes.io/service-account.name" : "kubernetes-dashboard"
}
@ -213,21 +213,21 @@ resource "kubernetes_cluster_role_binding" "kubernetes-dashboard-viewonly" {
subject {
kind = "ServiceAccount"
name = "kubernetes-dashboard-viewonly"
namespace = "kubernetes-dashboard"
namespace = kubernetes_namespace.k8s-dashboard.metadata[0].name
}
}
resource "kubernetes_service_account" "kubernetes-dashboard-viewonly" {
metadata {
name = "kubernetes-dashboard-viewonly"
namespace = "kubernetes-dashboard"
namespace = kubernetes_namespace.k8s-dashboard.metadata[0].name
}
}
resource "kubernetes_secret" "kubernetes-dashboard-viewonly-token" {
metadata {
name = "kubernetes-dashboard-viewonly"
namespace = "kubernetes-dashboard"
namespace = kubernetes_namespace.k8s-dashboard.metadata[0].name
annotations = {
"kubernetes.io/service-account.name" : "kubernetes-dashboard-viewonly"
}

10
modules/kubernetes/kafka/main.tf
View file

@ -3,12 +3,12 @@ variable "client_certificate_secret_name" {}
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "kafka"
namespace = kubernetes_namespace.kafka.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "helm_release" "kafka" {
namespace = "kafka"
namespace = kubernetes_namespace.kafka.metadata[0].name
create_namespace = true
name = "kafka"
@ -21,7 +21,7 @@ resource "helm_release" "kafka" {
resource "kubernetes_deployment" "kafka-ui" {
metadata {
name = "kafka-ui"
namespace = "kafka"
namespace = kubernetes_namespace.kafka.metadata[0].name
labels = {
run = "kafka-ui"
}
@ -77,7 +77,7 @@ resource "kubernetes_deployment" "kafka-ui" {
resource "kubernetes_service" "kafka-ui" {
metadata {
name = "kafka-ui"
namespace = "kafka"
namespace = kubernetes_namespace.kafka.metadata[0].name
labels = {
"run" = "kafka-ui"
}
@ -108,7 +108,7 @@ resource "kubernetes_service" "kafka-ui" {
resource "kubernetes_ingress_v1" "kafka-ui" {
metadata {
name = "kafka-ui-ingress"
namespace = "kafka"
namespace = kubernetes_namespace.kafka.metadata[0].name
annotations = {
"kubernetes.io/ingress.class" = "nginx"
"nginx.ingress.kubernetes.io/force-ssl-redirect" = "true"

14
modules/kubernetes/kms/main.tf
View file

@ -11,14 +11,14 @@ resource "kubernetes_namespace" "kms" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "kms"
namespace = kubernetes_namespace.kms.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_config_map" "kms-web-page" {
metadata {
name = "kms-web-page-config"
namespace = "kms"
namespace = kubernetes_namespace.kms.metadata[0].name
}
data = {
"index.html" = var.index_html
@ -28,7 +28,7 @@ resource "kubernetes_config_map" "kms-web-page" {
resource "kubernetes_deployment" "kms-web-page" {
metadata {
name = "kms-web-page"
namespace = "kms"
namespace = kubernetes_namespace.kms.metadata[0].name
labels = {
"app" = "kms-web-page"
"kubernetes.io/cluster-service" = "true"
@ -92,7 +92,7 @@ resource "kubernetes_deployment" "kms-web-page" {
resource "kubernetes_service" "kms-web-page" {
metadata {
name = "kms"
namespace = "kms"
namespace = kubernetes_namespace.kms.metadata[0].name
labels = {
"app" = "kms-web-page"
}
@ -111,7 +111,7 @@ resource "kubernetes_service" "kms-web-page" {
module "ingress" {
source = "../ingress_factory"
namespace = "kms"
namespace = kubernetes_namespace.kms.metadata[0].name
name = "kms"
tls_secret_name = var.tls_secret_name
}
@ -119,7 +119,7 @@ module "ingress" {
resource "kubernetes_deployment" "windows_kms" {
metadata {
name = "kms"
namespace = "kms"
namespace = kubernetes_namespace.kms.metadata[0].name
labels = {
app = "kms-service"
}
@ -163,7 +163,7 @@ resource "kubernetes_deployment" "windows_kms" {
resource "kubernetes_service" "windows_kms" {
metadata {
name = "windows-kms"
namespace = "kms"
namespace = kubernetes_namespace.kms.metadata[0].name
labels = {
app = "kms-service"
}

4
modules/kubernetes/kured/main.tf
View file

@ -12,12 +12,12 @@ resource "kubernetes_namespace" "kured" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "kured"
namespace = kubernetes_namespace.kured.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "helm_release" "kured" {
namespace = "kured"
namespace = kubernetes_namespace.kured.metadata[0].name
create_namespace = false
name = "kured"

8
modules/kubernetes/linkwarden/main.tf
View file

@ -11,7 +11,7 @@ resource "kubernetes_namespace" "linkwarden" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "linkwarden"
namespace = kubernetes_namespace.linkwarden.metadata[0].name
tls_secret_name = var.tls_secret_name
}
@ -24,7 +24,7 @@ resource "random_string" "secret" {
resource "kubernetes_deployment" "linkwarden" {
metadata {
name = "linkwarden"
namespace = "linkwarden"
namespace = kubernetes_namespace.linkwarden.metadata[0].name
labels = {
app = "linkwarden"
}
@ -93,7 +93,7 @@ resource "kubernetes_deployment" "linkwarden" {
resource "kubernetes_service" "linkwarden" {
metadata {
name = "linkwarden"
namespace = "linkwarden"
namespace = kubernetes_namespace.linkwarden.metadata[0].name
labels = {
app = "linkwarden"
}
@ -113,7 +113,7 @@ resource "kubernetes_service" "linkwarden" {
module "ingress" {
source = "../ingress_factory"
namespace = "linkwarden"
namespace = kubernetes_namespace.linkwarden.metadata[0].name
name = "linkwarden"
tls_secret_name = var.tls_secret_name
}

14
modules/kubernetes/mailserver/main.tf
View file

@ -16,14 +16,14 @@ resource "kubernetes_namespace" "mailserver" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "mailserver"
namespace = kubernetes_namespace.mailserver.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_config_map" "mailserver_env_config" {
metadata {
name = "mailserver.env.config"
namespace = "mailserver"
namespace = kubernetes_namespace.mailserver.metadata[0].name
labels = {
app = "mailserver"
}
@ -61,7 +61,7 @@ resource "kubernetes_config_map" "mailserver_env_config" {
resource "kubernetes_config_map" "mailserver_config" {
metadata {
name = "mailserver.config"
namespace = "mailserver"
namespace = kubernetes_namespace.mailserver.metadata[0].name
labels = {
app = "mailserver"
@ -98,7 +98,7 @@ resource "kubernetes_config_map" "mailserver_config" {
# resource "kubernetes_config_map" "user_patches" {
# metadata {
# name = "user-patches"
# namespace = "mailserver"
# namespace = kubernetes_namespace.mailserver.metadata[0].name
# labels = {
# "app" = "mailserver"
# }
@ -116,7 +116,7 @@ resource "kubernetes_config_map" "mailserver_config" {
resource "kubernetes_secret" "opendkim_key" {
metadata {
name = "mailserver.opendkim.key"
namespace = "mailserver"
namespace = kubernetes_namespace.mailserver.metadata[0].name
labels = {
"app" = "mailserver"
}
@ -131,7 +131,7 @@ resource "kubernetes_secret" "opendkim_key" {
resource "kubernetes_deployment" "mailserver" {
metadata {
name = "mailserver"
namespace = "mailserver"
namespace = kubernetes_namespace.mailserver.metadata[0].name
labels = {
"app" = "mailserver"
}
@ -383,7 +383,7 @@ resource "kubernetes_deployment" "mailserver" {
resource "kubernetes_service" "mailserver" {
metadata {
name = "mailserver"
namespace = "mailserver"
namespace = kubernetes_namespace.mailserver.metadata[0].name
labels = {
app = "mailserver"

129
modules/kubernetes/main.tf
View file

@ -122,17 +122,20 @@ variable "defcon_level" {
}
locals {
defcon_modules = {
1 : ["wireguard", "technitium", "headscale", "nginx-ingress", "xray", "authentik", "cloudflare", "authelia"], # Critical connectivity services
2 : ["vaultwarden", "redis", "immich", "nvidia", "metrics-server", "uptime-kuma", "crowdsec"], # Storage and other db services
3 : ["k8s-dashboard", "reverse-proxy"], # Cluster admin services
4 : ["mailserver", "shadowsocks", "webhook_handler", "tuya-bridge", "dawarich", "owntracks", "nextcloud"], # Nice to have services
1 : ["wireguard", "technitium", "headscale", "nginx-ingress", "xray", "authentik", "cloudflare", "authelia", "monitoring"], # Critical connectivity services
2 : ["vaultwarden", "redis", "immich", "nvidia", "metrics-server", "uptime-kuma", "crowdsec"], # Storage and other db services
3 : ["k8s-dashboard", "reverse-proxy"], # Cluster admin services
4 : [
"mailserver", "shadowsocks", "webhook_handler", "tuya-bridge", "dawarich", "owntracks", "nextcloud",
"calibre", "onlyoffice", "f1-stream", "rybbit", "isponsorblocktv", "actualbudget"
], # Activel used services
# Optional services
5 : [
"blog", "descheduler", "drone", "f1-stream", "hackmd", "kms", "privatebin", "vault", "reloader", "city-guesser", "echo"
, "url", "excalidraw", "travel_blog", "dashy", "send", "ytdlp", "wealthfolio", "rybbit", "isponsorblocktv", "stirling-pdf",
"networking-toolbox", "navidrome", "freshrss", "forgejo", "onlyoffice", "tor-proxy", "real-estate-crawler", "n8n", "tnadoor",
"changedetection", "actualbudget", "linkwarden", "matrix", "homepage", "meshcentral", "diun", "cyberchef", "ntfy", "ollama",
"servarr", "jsoncrack", "paperless-ngx", "frigate", "audiobookshelf", "calibre", "tandoor"
"blog", "descheduler", "drone", "hackmd", "kms", "privatebin", "vault", "reloader", "city-guesser", "echo",
"url", "excalidraw", "travel_blog", "dashy", "send", "ytdlp", "wealthfolio", "rybbit", "stirling-pdf",
"networking-toolbox", "navidrome", "freshrss", "forgejo", "tor-proxy", "real-estate-crawler", "n8n",
"changedetection", "linkwarden", "matrix", "homepage", "meshcentral", "diun", "cyberchef", "ntfy", "ollama",
"servarr", "jsoncrack", "paperless-ngx", "frigate", "audiobookshelf", "tandoor"
],
}
active_modules = distinct(flatten([
@ -143,7 +146,11 @@ locals {
resource "null_resource" "core_services" {
# List all the core modules that must be provisioned first
depends_on = [module.metallb]
depends_on = [
module.metallb, module.dbaas, module.technitium, module.vaultwarden, module.reverse-proxy,
module.redis, module.nginx-ingress, module.crowdsec, module.cloudflared, module.metrics-server, module.authentik,
module.nvidia,
]
}
module "blog" {
@ -172,8 +179,9 @@ module "dbaas" {
}
module "descheduler" {
source = "./descheduler"
for_each = contains(local.active_modules, "descheduler") ? { descheduler = true } : {}
source = "./descheduler"
for_each = contains(local.active_modules, "descheduler") ? { descheduler = true } : {}
depends_on = [null_resource.core_services]
}
# module "dnscrypt" {
@ -255,6 +263,7 @@ module "metallb" {
module "monitoring" {
source = "./monitoring"
tls_secret_name = var.tls_secret_name
for_each = contains(local.active_modules, "monitoring") ? { monitoring = true } : {}
alertmanager_account_password = var.alertmanager_account_password
idrac_username = var.idrac_username
idrac_password = var.idrac_password
@ -263,8 +272,6 @@ module "monitoring" {
haos_api_token = var.haos_api_token
pve_password = var.pve_password
grafana_db_password = var.grafana_db_password
depends_on = [null_resource.core_services]
}
# module "oauth" {
@ -305,17 +312,23 @@ module "vault" {
source = "./vault"
for_each = contains(local.active_modules, "vault") ? { vault = true } : {}
tls_secret_name = var.tls_secret_name
depends_on = [null_resource.core_services]
}
module "reloader" {
source = "./reloader"
for_each = contains(local.active_modules, "reloader") ? { reloader = true } : {}
depends_on = [null_resource.core_services]
}
module "shadowsocks" {
source = "./shadowsocks"
for_each = contains(local.active_modules, "shadowsocks") ? { shadowsocks = true } : {}
password = var.shadowsocks_password
depends_on = [null_resource.core_services]
}
module "city-guesser" {
@ -339,6 +352,8 @@ module "url" {
geolite_license_key = var.url_shortener_geolite_license_key
api_key = var.url_shortener_api_key
mysql_password = var.url_shortener_mysql_password
depends_on = [null_resource.core_services]
}
module "webhook_handler" {
@ -363,6 +378,8 @@ module "wireguard" {
wg_0_conf = var.wireguard_wg_0_conf
wg_0_key = var.wireguard_wg_0_key
firewall_sh = var.wireguard_firewall_sh
depends_on = [null_resource.core_services]
}
# module "home_assistant" {
@ -386,6 +403,8 @@ module "excalidraw" {
source = "./excalidraw"
for_each = contains(local.active_modules, "excalidraw") ? { excalidraw = true } : {}
tls_secret_name = var.tls_secret_name
depends_on = [null_resource.core_services]
}
module "infra-maintenance" {
@ -400,6 +419,8 @@ module "travel_blog" {
source = "./travel_blog"
for_each = contains(local.active_modules, "travel_blog") ? { travel_blog = true } : {}
tls_secret_name = var.tls_secret_name
depends_on = [null_resource.core_services]
}
module "technitium" {
@ -415,12 +436,16 @@ module "headscale" {
tls_secret_name = var.tls_secret_name
headscale_config = var.headscale_config
headscale_acl = var.headscale_acl
depends_on = [null_resource.core_services]
}
module "dashy" {
source = "./dashy"
for_each = contains(local.active_modules, "dashy") ? { dashy = true } : {}
tls_secret_name = var.tls_secret_name
depends_on = [null_resource.core_services]
}
# module "localai" {
@ -448,6 +473,8 @@ module "send" {
source = "./send"
for_each = contains(local.active_modules, "send") ? { send = true } : {}
tls_secret_name = var.tls_secret_name
depends_on = [null_resource.core_services]
}
module "redis" {
@ -460,6 +487,8 @@ module "ytdlp" {
source = "./youtube_dl"
for_each = contains(local.active_modules, "ytdlp") ? { ytdlp = true } : {}
tls_secret_name = var.tls_secret_name
depends_on = [null_resource.core_services]
}
module "immich" {
@ -469,6 +498,8 @@ module "immich" {
postgresql_password = var.immich_postgresql_password
frame_api_key = var.immich_frame_api_key
homepage_token = var.homepage_credentials["immich"]["token"]
depends_on = [null_resource.core_services]
}
module "nginx-ingress" {
@ -505,6 +536,8 @@ module "uptime-kuma" {
source = "./uptime-kuma"
for_each = contains(local.active_modules, "uptime-kuma") ? { uptime-kuma = true } : {}
tls_secret_name = var.tls_secret_name
depends_on = [null_resource.core_services]
}
module "calibre" {
@ -513,6 +546,8 @@ module "calibre" {
tls_secret_name = var.tls_secret_name
homepage_username = var.homepage_credentials["calibre-web"]["username"]
homepage_password = var.homepage_credentials["calibre-web"]["password"]
depends_on = [null_resource.core_services]
}
# Audiobooks are served using audiobookshelf; still looking for a usecawe for JF
@ -525,12 +560,16 @@ module "audiobookshelf" {
source = "./audiobookshelf"
for_each = contains(local.active_modules, "audiobookshelf") ? { audiobookshelf = true } : {}
tls_secret_name = var.tls_secret_name
depends_on = [null_resource.core_services]
}
module "frigate" {
source = "./frigate"
for_each = contains(local.active_modules, "frigate") ? { frigate = true } : {}
tls_secret_name = var.tls_secret_name
depends_on = [null_resource.core_services]
}
# TODO: Currently very unstable and half of the functionality does not work:
@ -586,18 +625,24 @@ module "paperless-ngx" {
# homepage_token = var.homepage_credentials["paperless-ngx"]["token"]
homepage_username = var.homepage_credentials["paperless-ngx"]["username"]
homepage_password = var.homepage_credentials["paperless-ngx"]["password"]
depends_on = [null_resource.core_services]
}
module "jsoncrack" {
source = "./jsoncrack"
for_each = contains(local.active_modules, "jsoncrack") ? { jsoncrack = true } : {}
tls_secret_name = var.tls_secret_name
depends_on = [null_resource.core_services]
}
module "servarr" {
source = "./servarr"
for_each = contains(local.active_modules, "servarr") ? { servarr = true } : {}
tls_secret_name = var.tls_secret_name
depends_on = [null_resource.core_services]
}
# module "dnscat2" {
@ -609,18 +654,24 @@ module "ollama" { # Disabled as it requires too much resources...
source = "./ollama"
for_each = contains(local.active_modules, "ollama") ? { ollama = true } : {}
tls_secret_name = var.tls_secret_name
depends_on = [null_resource.core_services]
}
module "ntfy" {
source = "./ntfy"
for_each = contains(local.active_modules, "ntfy") ? { ntfy = true } : {}
tls_secret_name = var.tls_secret_name
depends_on = [null_resource.core_services]
}
module "cyberchef" {
source = "./cyberchef"
for_each = contains(local.active_modules, "cyberchef") ? { cyberchef = true } : {}
tls_secret_name = var.tls_secret_name
depends_on = [null_resource.core_services]
}
module "diun" {
@ -629,12 +680,16 @@ module "diun" {
tls_secret_name = var.tls_secret_name
diun_nfty_token = var.diun_nfty_token
diun_slack_url = var.diun_slack_url
depends_on = [null_resource.core_services]
}
module "meshcentral" {
source = "./meshcentral"
for_each = contains(local.active_modules, "meshcentral") ? { meshcentral = true } : {}
tls_secret_name = var.tls_secret_name
depends_on = [null_resource.core_services]
}
# module "netbox" {
# source = "./netbox"
@ -646,18 +701,24 @@ module "nextcloud" {
for_each = contains(local.active_modules, "nextcloud") ? { nextcloud = true } : {}
tls_secret_name = var.tls_secret_name
db_password = var.nextcloud_db_password
depends_on = [null_resource.core_services]
}
module "homepage" {
source = "./homepage"
for_each = contains(local.active_modules, "homepage") ? { homepage = true } : {}
tls_secret_name = var.tls_secret_name
depends_on = [null_resource.core_services]
}
module "matrix" {
source = "./matrix"
for_each = contains(local.active_modules, "matrix") ? { matrix = true } : {}
tls_secret_name = var.tls_secret_name
depends_on = [null_resource.core_services]
}
module "authentik" {
@ -675,12 +736,16 @@ module "linkwarden" {
postgresql_password = var.linkwarden_postgresql_password
authentik_client_id = var.linkwarden_authentik_client_id
authentik_client_secret = var.linkwarden_authentik_client_secret
depends_on = [null_resource.core_services]
}
module "actualbudget" {
source = "./actualbudget"
for_each = contains(local.active_modules, "actualbudget") ? { actualbudget = true } : {}
tls_secret_name = var.tls_secret_name
depends_on = [null_resource.core_services]
}
module "owntracks" {
@ -688,6 +753,8 @@ module "owntracks" {
for_each = contains(local.active_modules, "owntracks") ? { owntracks = true } : {}
tls_secret_name = var.tls_secret_name
owntracks_credentials = var.owntracks_credentials
depends_on = [null_resource.core_services]
}
module "dawarich" {
@ -696,12 +763,16 @@ module "dawarich" {
tls_secret_name = var.tls_secret_name
database_password = var.dawarich_database_password
geoapify_api_key = var.geoapify_api_key
depends_on = [null_resource.core_services]
}
module "changedetection" {
source = "./changedetection"
for_each = contains(local.active_modules, "changedetection") ? { changedetection = true } : {}
tls_secret_name = var.tls_secret_name
depends_on = [null_resource.core_services]
}
module "tandoor" {
source = "./tandoor"
@ -709,6 +780,8 @@ module "tandoor" {
tls_secret_name = var.tls_secret_name
tandoor_database_password = var.tandoor_database_password
tandoor_email_password = var.tandoor_email_password
depends_on = [null_resource.core_services]
}
module "n8n" {
@ -716,6 +789,8 @@ module "n8n" {
for_each = contains(local.active_modules, "n8n") ? { n8n = true } : {}
tls_secret_name = var.tls_secret_name
postgresql_password = var.n8n_postgresql_password
depends_on = [null_resource.core_services]
}
module "real-estate-crawler" {
@ -724,12 +799,16 @@ module "real-estate-crawler" {
tls_secret_name = var.tls_secret_name
db_password = var.realestate_crawler_db_password
notification_settings = var.realestate_crawler_notification_settings
depends_on = [null_resource.core_services]
}
module "tor-proxy" {
source = "./tor-proxy"
for_each = contains(local.active_modules, "tor-proxy") ? { tor-proxy = true } : {}
tls_secret_name = var.tls_secret_name
depends_on = [null_resource.core_services]
}
# module "kured" {
@ -744,6 +823,8 @@ module "onlyoffice" {
tls_secret_name = var.tls_secret_name
db_password = var.onlyoffice_db_password
jwt_token = var.onlyoffice_jwt_token
depends_on = [null_resource.core_services]
}
@ -751,6 +832,8 @@ module "forgejo" {
source = "./forgejo"
for_each = contains(local.active_modules, "forgejo") ? { forgejo = true } : {}
tls_secret_name = var.tls_secret_name
depends_on = [null_resource.core_services]
}
module "xray" {
@ -761,24 +844,32 @@ module "xray" {
xray_reality_clients = var.xray_reality_clients
xray_reality_private_key = var.xray_reality_private_key
xray_reality_short_ids = var.xray_reality_short_ids
depends_on = [null_resource.core_services]
}
module "freshrss" {
source = "./freshrss"
for_each = contains(local.active_modules, "freshrss") ? { freshrss = true } : {}
tls_secret_name = var.tls_secret_name
depends_on = [null_resource.core_services]
}
module "navidrome" {
source = "./navidrome"
for_each = contains(local.active_modules, "navidrome") ? { navidrome = true } : {}
tls_secret_name = var.tls_secret_name
depends_on = [null_resource.core_services]
}
module "networking-toolbox" {
source = "./networking-toolbox"
for_each = contains(local.active_modules, "networking-toolbox") ? { networking-toolbox = true } : {}
tls_secret_name = var.tls_secret_name
depends_on = [null_resource.core_services]
}
module "tuya-bridge" {
@ -790,6 +881,8 @@ module "tuya-bridge" {
tiny_tuya_api_secret = var.tiny_tuya_api_secret
tiny_tuya_service_secret = var.tiny_tuya_service_secret
slack_url = var.tiny_tuya_slack_url
depends_on = [null_resource.core_services]
}
@ -797,11 +890,15 @@ module "stirling-pdf" {
source = "./stirling-pdf"
for_each = contains(local.active_modules, "stirling-pdf") ? { stirling-pdf = true } : {}
tls_secret_name = var.tls_secret_name
depends_on = [null_resource.core_services]
}
module "isponsorblocktv" {
source = "./isponsorblocktv"
for_each = contains(local.active_modules, "isponsorblocktv") ? { isponsorblocktv = true } : {}
depends_on = [null_resource.core_services]
}
module "nvidia" {
@ -821,6 +918,8 @@ module "rybbit" {
tls_secret_name = var.tls_secret_name
clickhouse_password = var.clickhouse_password
postgres_password = var.clickhouse_postgres_password
depends_on = [null_resource.core_services]
}
module "wealthfolio" {
@ -828,4 +927,6 @@ module "wealthfolio" {
for_each = contains(local.active_modules, "wealthfolio") ? { wealthfolio = true } : {}
tls_secret_name = var.tls_secret_name
wealthfolio_password_hash = var.wealthfolio_password_hash
depends_on = [null_resource.core_services]
}

8
modules/kubernetes/matrix/main.tf
View file

@ -11,14 +11,14 @@ resource "kubernetes_namespace" "matrix" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "matrix"
namespace = kubernetes_namespace.matrix.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_deployment" "matrix" {
metadata {
name = "matrix"
namespace = "matrix"
namespace = kubernetes_namespace.matrix.metadata[0].name
labels = {
app = "matrix"
}
@ -71,7 +71,7 @@ resource "kubernetes_deployment" "matrix" {
resource "kubernetes_service" "matrix" {
metadata {
name = "matrix"
namespace = "matrix"
namespace = kubernetes_namespace.matrix.metadata[0].name
labels = {
"app" = "matrix"
}
@ -91,7 +91,7 @@ resource "kubernetes_service" "matrix" {
module "ingress" {
source = "../ingress_factory"
namespace = "matrix"
namespace = kubernetes_namespace.matrix.metadata[0].name
name = "matrix"
tls_secret_name = var.tls_secret_name
}

8
modules/kubernetes/meshcentral/main.tf
View file

@ -11,14 +11,14 @@ resource "kubernetes_namespace" "meshcentral" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "meshcentral"
namespace = kubernetes_namespace.meshcentral.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_deployment" "meshcentral" {
metadata {
name = "meshcentral"
namespace = "meshcentral"
namespace = kubernetes_namespace.meshcentral.metadata[0].name
labels = {
app = "meshcentral"
}
@ -120,7 +120,7 @@ resource "kubernetes_deployment" "meshcentral" {
resource "kubernetes_service" "meshcentral" {
metadata {
name = "meshcentral"
namespace = "meshcentral"
namespace = kubernetes_namespace.meshcentral.metadata[0].name
labels = {
"app" = "meshcentral"
}
@ -140,7 +140,7 @@ resource "kubernetes_service" "meshcentral" {
module "ingress" {
source = "../ingress_factory"
namespace = "meshcentral"
namespace = kubernetes_namespace.meshcentral.metadata[0].name
name = "meshcentral"
tls_secret_name = var.tls_secret_name
port = 443

8
modules/kubernetes/metrics-server/main.tf
View file

@ -11,14 +11,12 @@ resource "kubernetes_namespace" "metrics-server" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "metrics-server"
namespace = kubernetes_namespace.metrics-server.metadata[0].name
tls_secret_name = var.tls_secret_name
depends_on = [kubernetes_namespace.metrics-server]
}
resource "helm_release" "metrics-server" {
namespace = "metrics-server"
namespace = kubernetes_namespace.metrics-server.metadata[0].name
create_namespace = false
name = "metrics-server"
atomic = true
@ -27,6 +25,4 @@ resource "helm_release" "metrics-server" {
chart = "metrics-server"
values = [templatefile("${path.module}/values.yaml", {})]
depends_on = [kubernetes_namespace.metrics-server]
}

374
modules/kubernetes/monitoring/dashboards/registry.json
View file

@ -18,7 +18,7 @@
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": 24,
"id": 0,
"links": [],
"panels": [
{
@ -182,10 +182,12 @@
"type": "prometheus",
"uid": "PBFA97CFB590B2093"
},
"editorMode": "code",
"expr": "registry_registry_storage_cache_total{instance=\"$instance\",type=\"Request\"}",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{ type }}",
"range": true,
"refId": "A"
}
],
@ -260,10 +262,12 @@
"type": "prometheus",
"uid": "PBFA97CFB590B2093"
},
"editorMode": "code",
"expr": "registry_registry_storage_cache_total{instance=\"$instance\",type=\"Hit\"}",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{ type }}",
"range": true,
"refId": "A"
}
],
@ -353,38 +357,30 @@
"type": "prometheus",
"uid": "PBFA97CFB590B2093"
},
"description": "Process Resident Memory Usage",
"fieldConfig": {
"defaults": {
"color": {
"fixedColor": "rgb(31, 120, 193)",
"mode": "fixed"
"mode": "thresholds"
},
"mappings": [
{
"options": {
"match": "null",
"result": {
"text": "N/A"
}
},
"type": "special"
}
],
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"color": "dark-red",
"value": 0
},
{
"color": "red",
"value": 80
"color": "#EAB839",
"value": 0.3
},
{
"color": "green",
"value": 0.8
}
]
},
"unit": "decbytes"
"unit": "percentunit"
},
"overrides": []
},
@ -394,17 +390,16 @@
"x": 19,
"y": 1
},
"id": 24,
"maxDataPoints": 100,
"id": 45,
"options": {
"colorMode": "none",
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "horizontal",
"orientation": "auto",
"percentChangeColorMode": "standard",
"reduceOptions": {
"calcs": [
"mean"
"lastNotNull"
],
"fields": "",
"values": false
@ -421,15 +416,14 @@
"uid": "PBFA97CFB590B2093"
},
"editorMode": "code",
"expr": "avg(registry_process_resident_memory_bytes{instance=\"$instance\"})",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "",
"expr": "(sum by (job) (rate(registry_registry_storage_cache_total{type=\"Hit\"}[15m]))) / (sum by (job) (rate(registry_registry_storage_cache_total{type=\"Request\"}[15m])))",
"instant": false,
"legendFormat": "__auto",
"range": true,
"refId": "A"
}
],
"title": "Resident Memory Usage",
"title": "Cache Hit Rate",
"type": "stat"
},
{
@ -784,48 +778,24 @@
"type": "prometheus",
"uid": "PBFA97CFB590B2093"
},
"description": "The HTTP requests",
"description": "Process Resident Memory Usage",
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
"fixedColor": "rgb(31, 120, 193)",
"mode": "fixed"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 3,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"showValues": false,
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
"mappings": [
{
"options": {
"match": "null",
"result": {
"text": "N/A"
}
},
"type": "special"
}
},
"mappings": [],
"min": 0,
],
"thresholds": {
"mode": "absolute",
"steps": [
@ -839,31 +809,34 @@
}
]
},
"unit": "short"
"unit": "decbytes"
},
"overrides": []
},
"gridPos": {
"h": 8,
"h": 5,
"w": 8,
"x": 0,
"y": 12
},
"id": 26,
"id": 24,
"maxDataPoints": 100,
"options": {
"legend": {
"colorMode": "none",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "horizontal",
"percentChangeColorMode": "standard",
"reduceOptions": {
"calcs": [
"lastNotNull"
"mean"
],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
"fields": "",
"values": false
},
"tooltip": {
"hideZeros": false,
"mode": "multi",
"sort": "none"
}
"showPercentChange": false,
"textMode": "auto",
"wideLayout": true
},
"pluginVersion": "12.3.0",
"targets": [
@ -872,15 +845,17 @@
"type": "prometheus",
"uid": "PBFA97CFB590B2093"
},
"expr": "ceil(rate(registry_registry_http_requests_total{instance=\"$instance\"}[5m]))",
"editorMode": "code",
"expr": "avg(registry_process_resident_memory_bytes{instance=\"$instance\"})",
"format": "time_series",
"intervalFactor": 1,
"legendFormat": "{{ handler }}",
"intervalFactor": 2,
"legendFormat": "",
"range": true,
"refId": "A"
}
],
"title": "HTTP Requests",
"type": "timeseries"
"title": "Resident Memory Usage",
"type": "stat"
},
{
"datasource": {
@ -1091,6 +1066,7 @@
"type": "prometheus",
"uid": "PBFA97CFB590B2093"
},
"description": "The HTTP requests",
"fieldConfig": {
"defaults": {
"color": {
@ -1114,7 +1090,7 @@
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"lineWidth": 3,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
@ -1124,7 +1100,7 @@
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "normal"
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
@ -1145,28 +1121,30 @@
}
]
},
"unit": "s"
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 7,
"h": 8,
"w": 8,
"x": 0,
"y": 20
"y": 17
},
"id": 44,
"id": 26,
"options": {
"legend": {
"calcs": [],
"displayMode": "table",
"placement": "right",
"calcs": [
"lastNotNull"
],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"hideZeros": false,
"mode": "multi",
"sort": "desc"
"sort": "none"
}
},
"pluginVersion": "12.3.0",
@ -1176,17 +1154,14 @@
"type": "prometheus",
"uid": "PBFA97CFB590B2093"
},
"expr": "increase(registry_registry_storage_action_seconds_sum{instance=\"$instance\"}[2m]) * 1000",
"expr": "ceil(rate(registry_registry_http_requests_total{instance=\"$instance\"}[5m]))",
"format": "time_series",
"instant": false,
"intervalFactor": 2,
"legendFormat": "{{ action }}",
"refId": "A",
"step": 10,
"target": ""
"intervalFactor": 1,
"legendFormat": "{{ handler }}",
"refId": "A"
}
],
"title": "Registry Action Latency",
"title": "HTTP Requests",
"type": "timeseries"
},
{
@ -1364,16 +1339,59 @@
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisBorderShow": false,
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"barWidthFactor": 0.6,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"showValues": false,
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "normal"
},
"thresholdsStyle": {
"mode": "off"
}
}
},
"mappings": [],
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": 0
},
{
"color": "red",
"value": 80
}
]
},
"unit": "s"
},
"overrides": []
},
@ -1381,46 +1399,20 @@
"h": 7,
"w": 8,
"x": 0,
"y": 27
"y": 25
},
"id": 2,
"id": 44,
"options": {
"calculate": true,
"calculation": {},
"cellGap": 2,
"cellValues": {},
"color": {
"exponent": 0.5,
"fill": "#b4ff00",
"mode": "scheme",
"reverse": false,
"scale": "exponential",
"scheme": "Oranges",
"steps": 128
},
"exemplars": {
"color": "rgba(255,0,255,0.7)"
},
"filterValues": {
"le": 1e-9
},
"legend": {
"show": false
"calcs": [],
"displayMode": "table",
"placement": "right",
"showLegend": true
},
"rowsFrame": {
"layout": "auto"
},
"showValue": "never",
"tooltip": {
"mode": "single",
"showColorScale": false,
"yHistogram": false
},
"yAxis": {
"axisPlacement": "left",
"min": "0",
"reverse": false,
"unit": "short"
"hideZeros": false,
"mode": "multi",
"sort": "desc"
}
},
"pluginVersion": "12.3.0",
@ -1430,16 +1422,18 @@
"type": "prometheus",
"uid": "PBFA97CFB590B2093"
},
"editorMode": "code",
"expr": "rate(registry_http_request_duration_seconds_bucket{handler=\"blob_upload\"}[10m])",
"format": "heatmap",
"intervalFactor": 1,
"range": true,
"refId": "A"
"expr": "increase(registry_registry_storage_action_seconds_sum{instance=\"$instance\"}[2m]) * 1000",
"format": "time_series",
"instant": false,
"intervalFactor": 2,
"legendFormat": "{{ action }}",
"refId": "A",
"step": 10,
"target": ""
}
],
"title": "Upload HTTP Request Latencies in seconds (blob_upload)",
"type": "heatmap"
"title": "Registry Action Latency",
"type": "timeseries"
},
{
"datasource": {
@ -1606,6 +1600,90 @@
],
"title": "Catalog HTTP Request Latencies in seconds (catalog)",
"type": "heatmap"
},
{
"datasource": {
"type": "prometheus",
"uid": "PBFA97CFB590B2093"
},
"fieldConfig": {
"defaults": {
"custom": {
"hideFrom": {
"legend": false,
"tooltip": false,
"viz": false
},
"scaleDistribution": {
"type": "linear"
}
}
},
"overrides": []
},
"gridPos": {
"h": 7,
"w": 8,
"x": 0,
"y": 32
},
"id": 2,
"options": {
"calculate": true,
"calculation": {},
"cellGap": 2,
"cellValues": {},
"color": {
"exponent": 0.5,
"fill": "#b4ff00",
"mode": "scheme",
"reverse": false,
"scale": "exponential",
"scheme": "Oranges",
"steps": 128
},
"exemplars": {
"color": "rgba(255,0,255,0.7)"
},
"filterValues": {
"le": 1e-9
},
"legend": {
"show": false
},
"rowsFrame": {
"layout": "auto"
},
"showValue": "never",
"tooltip": {
"mode": "single",
"showColorScale": false,
"yHistogram": false
},
"yAxis": {
"axisPlacement": "left",
"min": "0",
"reverse": false,
"unit": "short"
}
},
"pluginVersion": "12.3.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "PBFA97CFB590B2093"
},
"editorMode": "code",
"expr": "rate(registry_http_request_duration_seconds_bucket{handler=\"blob_upload\"}[10m])",
"format": "heatmap",
"intervalFactor": 1,
"range": true,
"refId": "A"
}
],
"title": "Upload HTTP Request Latencies in seconds (blob_upload)",
"type": "heatmap"
}
],
"preload": false,
@ -1675,12 +1753,12 @@
]
},
"time": {
"from": "now-6h",
"from": "now-12h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "Docker Registry",
"uid": "CoBSgj8iz",
"version": 6
"version": 10
}

4
modules/kubernetes/monitoring/grafana.tf
View file

@ -43,7 +43,7 @@ resource "kubernetes_persistent_volume" "alertmanager_pv" {
# resource "kubernetes_persistent_volume_claim" "grafana_pvc" {
# metadata {
# name = "grafana-pvc"
# namespace = "monitoring"
# namespace = kubernetes_namespace.monitoring.metadata[0].name
# }
# spec {
# access_modes = ["ReadWriteOnce"]
@ -56,7 +56,7 @@ resource "kubernetes_persistent_volume" "alertmanager_pv" {
# }
resource "helm_release" "grafana" {
namespace = "monitoring"
namespace = kubernetes_namespace.monitoring.metadata[0].name
create_namespace = true
name = "grafana"
atomic = true

8
modules/kubernetes/monitoring/idrac.tf
View file

@ -2,7 +2,7 @@
resource "kubernetes_config_map" "redfish-config" {
metadata {
name = "redfish-exporter-config"
namespace = "monitoring"
namespace = kubernetes_namespace.monitoring.metadata[0].name
annotations = {
"reloader.stakater.com/match" = "true"
@ -28,7 +28,7 @@ resource "kubernetes_config_map" "redfish-config" {
resource "kubernetes_deployment" "idrac-redfish" {
metadata {
name = "idrac-redfish-exporter"
namespace = "monitoring"
namespace = kubernetes_namespace.monitoring.metadata[0].name
labels = {
app = "idrac-redfish-exporter"
}
@ -78,7 +78,7 @@ resource "kubernetes_deployment" "idrac-redfish" {
resource "kubernetes_service" "idrac-redfish-exporter" {
metadata {
name = "idrac-redfish-exporter"
namespace = "monitoring"
namespace = kubernetes_namespace.monitoring.metadata[0].name
labels = {
"app" = "idrac-redfish-exporter"
}
@ -103,7 +103,7 @@ resource "kubernetes_service" "idrac-redfish-exporter" {
module "idrac-redfish-exporter-ingress" {
source = "../ingress_factory"
namespace = "monitoring"
namespace = kubernetes_namespace.monitoring.metadata[0].name
name = "idrac-redfish-exporter"
root_domain = "viktorbarzin.lan"
tls_secret_name = var.tls_secret_name

6
modules/kubernetes/monitoring/loki.tf
View file

@ -1,5 +1,5 @@
# resource "helm_release" "loki" {
# namespace = "monitoring"
# namespace = kubernetes_namespace.monitoring.metadata[0].name
# create_namespace = true
# name = "loki"
@ -54,7 +54,7 @@
# https://grafana.com/docs/alloy/latest/configure/kubernetes/
# resource "helm_release" "alloy" {
# namespace = "monitoring"
# namespace = kubernetes_namespace.monitoring.metadata[0].name
# create_namespace = true
# name = "alloy"
@ -71,7 +71,7 @@
# for n in $(kbn | awk '{print $1}'); do echo $n; s wizard@$n 'sudo sysctl -w fs.inotify.max_user_watches=2099999999; sudo sysctl -w fs.inotify.max_user_instances=2099999999;sudo sysctl -w fs.inotify.max_queued_events=2099999999'; done
# resource "helm_release" "k8s-monitoring" {
# namespace = "monitoring"
# namespace = kubernetes_namespace.monitoring.metadata[0].name
# create_namespace = true
# name = "k8s-monitoring"

17
modules/kubernetes/monitoring/main.tf
View file

@ -15,14 +15,23 @@ variable "haos_api_token" { type = string }
variable "pve_password" { type = string }
variable "grafana_db_password" { type = string }
resource "kubernetes_namespace" "monitoring" {
metadata {
name = "monitoring"
labels = {
"istio-injection" : "disabled"
}
}
}
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "monitoring"
namespace = kubernetes_namespace.monitoring.metadata[0].name
tls_secret_name = var.tls_secret_name
}
# Terraform get angry with the 30k values file :/ use ansible until solved
# resource "helm_release" "ups_prometheus_snmp_exporter" {
# namespace = "monitoring"
# namespace = kubernetes_namespace.monitoring.metadata[0].name
# create_namespace = true
# name = "ups_prometheus_exporter"
@ -67,7 +76,7 @@ resource "kubernetes_cron_job_v1" "monitor_prom" {
resource "kubernetes_ingress_v1" "status" {
metadata {
name = "hetrix-redirect-ingress"
namespace = "monitoring"
namespace = kubernetes_namespace.monitoring.metadata[0].name
annotations = {
"kubernetes.io/ingress.class" = "nginx"
"nginx.ingress.kubernetes.io/permanent-redirect" = "https://hetrixtools.com/r/38981b548b5d38b052aca8d01285a3f3/"
@ -101,7 +110,7 @@ resource "kubernetes_ingress_v1" "status" {
resource "kubernetes_ingress_v1" "status_yotovski" {
metadata {
name = "hetrix-yotovski-redirect-ingress"
namespace = "monitoring"
namespace = kubernetes_namespace.monitoring.metadata[0].name
annotations = {
"kubernetes.io/ingress.class" = "nginx"
"nginx.ingress.kubernetes.io/permanent-redirect" = "https://hetrixtools.com/r/2ba9d7a5e017794db0fd91f0115a8b3b/"

4
modules/kubernetes/monitoring/prometheus.tf
View file

@ -2,7 +2,7 @@
resource "kubernetes_persistent_volume_claim" "prometheus_server_pvc" {
metadata {
name = "prometheus-iscsi-pvc"
namespace = "monitoring"
namespace = kubernetes_namespace.monitoring.metadata[0].name
}
spec {
@ -45,7 +45,7 @@ resource "kubernetes_persistent_volume" "prometheus_server_pvc" {
}
resource "helm_release" "prometheus" {
namespace = "monitoring"
namespace = kubernetes_namespace.monitoring.metadata[0].name
create_namespace = true
name = "prometheus"

161
modules/kubernetes/monitoring/prometheus_chart_values.tpl
View file

@ -168,15 +168,82 @@ serverFiles:
# targets: "alertmanager.viktorbarzin.lan"
alerting_rules.yml:
groups:
- name: Cluster
- name: R730 Host
rules:
- alert: LowVoltage
expr: ups_upsInputVoltage < 205
- alert: HighCPUTemperature
expr: node_hwmon_temp_celsius{instance="pve-node-r730"} * on(chip) group_left(chip_name) node_hwmon_chip_names{instance="pve-node-r730"} > 75
for: 30m
labels:
severity: page
annotations:
summary: "High CPU Temperature: {{ $value }}."
- alert: SSDHighWriteRate
expr: rate(node_disk_written_bytes_total{job="proxmox-host", device="sdb"}[2m]) / 1024 / 1024 > 2 # sdb is SSD; value in MB
for: 10m
labels:
severity: page
annotations:
summary: "Low input voltage - {{ $value }}"
summary: "High write rate on SSD - {{ $value }}MB"
- alert: HDDHighWriteRate
expr: rate(node_disk_written_bytes_total{job="proxmox-host", device="sdc"}[2m]) / 1024 / 1024 > 10 # sdc is 11TB HDD; value in MB
for: 20m
labels:
severity: page
annotations:
summary: "High write rate on HDD - {{ $value }}MB"
- alert: NoiDRACData
expr: (max(r730_idrac_idrac_system_health + 1) or on() vector(0)) == 0
for: 30m
labels:
severity: page
annotations:
summary: No iDRAC amperage reading. Can signal that prometheus is not scraping
- alert: HighRAMUsage
expr: clamp_min((1 - (node_memory_MemAvailable_bytes{instance="pve-node-r730"} / node_memory_MemTotal_bytes{instance="pve-node-r730"})) * 100, 0) > 90
for: 30m
labels:
severity: page
annotations:
summary: "High memory usage: {{ $value }}. Risk of OOM-ing."
- alert: HighSystemLoad
expr: scalar(node_load1{instance="pve-node-r730"}) * 100 / count(count(node_cpu_seconds_total{instance="pve-node-r730"}) by (cpu)) > 50
for: 30m
labels:
severity: page
annotations:
summary: "High system load: {{ $value }}. Can signal runaway process."
- name: Nvidia Tesla T4 GPU
rules:
- alert: HighGPUTemp
expr: nvidia_tesla_t4_DCGM_FI_DEV_GPU_TEMP > 65
for: 1m
labels:
severity: page
annotations:
summary: "High GPU Temperature {{$value}}"
- alert: HighPowerUsage
expr: nvidia_tesla_t4_DCGM_FI_DEV_POWER_USAGE > 50
for: 30m
labels:
severity: page
annotations:
summary: "High GPU power usage {{$value}}"
- alert: HighUtilization
expr: nvidia_tesla_t4_DCGM_FI_DEV_GPU_UTIL > 50
for: 30m
labels:
severity: page
annotations:
summary: "High GPU utilization {{$value}}"
- alert: HighMemoryUsage
expr: nvidia_tesla_t4_DCGM_FI_DEV_FB_USED / 1024 > 12
for: 5m
labels:
severity: page
annotations:
summary: "High VRAM usage {{$value}}"
- name: Power
rules:
- alert: OnBattery
expr: ups_upsSecondsOnBattery > 0
for: 30m
@ -184,13 +251,35 @@ serverFiles:
severity: critical
annotations:
summary: "UPS on battery for {{ $value }} seconds"
- alert: LowUPBattery
- alert: LowUPSBattery
expr: ups_upsEstimatedMinutesRemaining < 25 and on(instance) ups_upsInputVoltage < 150
for: 1m
labels:
severity: critical
annotations:
summary: "UPS battery running out - {{ $value }} minutes remaining"
- alert: PowerOutage
expr: ups_upsInputVoltage < 150
labels:
severity: page
annotations:
summary: Power voltage on a power supply is {{ $value }} indicating power outage.
- alert: HighPowerUsage
expr: r730_idrac_idrac_power_control_consumed_watts > 200
for: 60m
labels:
severity: page
annotations:
summary: "High server power usage - {{$value}} watts"
- alert: UsingInverterEnergyForTooLong
expr: automatic_transfer_switch_power_mode > 0 # 1 = Inverter; 0 = Grid
for: 24h
labels:
severity: page
annotations:
summary: "Running on inverter for too long: {{ $value }}%. Maybe switching to grid does not work."
- name: Cluster
rules:
- alert: NodeDown
expr: (up{job="kubernetes-nodes"} or on() vector(0)) == 0
for: 1m
@ -198,6 +287,20 @@ serverFiles:
severity: page
annotations:
summary: Node {{$labels.instance}} down.
- alert: DockerRegistryDown
expr: (registry_process_start_time_seconds or on() vector(0)) == 0
for: 10m
labels:
severity: page
annotations:
summary: "Docker registry is down"
- alert: RegistryLowCacheHitRate
expr: (sum by (job) (rate(registry_registry_storage_cache_total{type="Hit"}[15m]))) / (sum by (job) (rate(registry_registry_storage_cache_total{type="Request"}[15m]))) * 100 < 50
for: 12h
labels:
severity: page
annotations:
summary: "Low registry cache hit rate"
- alert: NodeHighCPUUsage
expr: node_load1{instance!="pve-node-r730"} > 2
for: 20m
@ -212,13 +315,6 @@ serverFiles:
severity: page
annotations:
summary: "Low free memory on {{ $labels.node }} - {{ $value }}"
- alert: SSDHighWriteRate
expr: rate(node_disk_written_bytes_total{job="proxmox-host", device="sdb"}[2m]) / 1024 / 1024 > 2 # sdb is SSD; value in MB
for: 10m
labels:
severity: page
annotations:
summary: "High write rate on SSD - {{ $value }}MB"
# - name: PodStuckNotReady
# rules:
# - alert: PodStuckNotReady
@ -235,26 +331,6 @@ serverFiles:
# severity: page
# annotations:
# summary: Number of ready pods in {{ $labels.deployment }} is less than what is defined in spec.
- alert: PowerOutage
expr: ups_upsInputVoltage < 150
labels:
severity: page
annotations:
summary: Power voltage on a power supply is {{ $value }} indicating power outage.
- alert: HighGPUTemp
expr: nvidia_tesla_t4_DCGM_FI_DEV_GPU_TEMP > 65
for: 1m
labels:
severity: page
annotations:
summary: "High GPU Temperature {{$value}}"
- alert: HighPowerUsage
expr: r730_idrac_idrac_power_control_consumed_watts > 200
for: 60m
labels:
severity: page
annotations:
summary: "High server power usage - {{$value}} watts"
- alert: NoNodeLoadData
expr: (node_load1 OR on() vector(0)) == 0
for: 10m
@ -262,13 +338,6 @@ serverFiles:
severity: page
annotations:
summary: No node load data. Can signal that prometheus is not scraping
- alert: NoiDRACData
expr: (max(r730_idrac_idrac_system_health + 1) or on() vector(0)) == 0
for: 30m
labels:
severity: page
annotations:
summary: No iDRAC amperage reading. Can signal that prometheus is not scraping
- alert: HighIngressPermissionErrors
expr: (sum(rate(nginx_ingress_controller_requests{status=~"4.*", ingress!="nextcloud", ingress!="grafana"}[2m])) by (ingress) / sum(rate(nginx_ingress_controller_requests[2m])) by (ingress) * 100) > 10
for: 20m
@ -283,20 +352,6 @@ serverFiles:
severity: page
annotations:
summary: "High server failiure rate for {{ $labels.ingress }}: {{ $value }}%."
- alert: UsingInverterEnergyForTooLong
expr: automatic_transfer_switch_power_mode > 0 # 1 = Inverter; 0 = Grid
for: 24h
labels:
severity: page
annotations:
summary: "Running on inverter for too long: {{ $value }}%. Maybe switching to grid does not work."
- alert: DockerRegistryDown
expr: (registry_process_start_time_seconds or on() vector(0)) == 0
for: 10m
labels:
severity: page
annotations:
summary: "Docker registry is down"
# - alert: OpenWRT High Memory Usage
# expr: 100 - ((openwrt_node_memory_MemAvailable_bytes * 100) / openwrt_node_memory_MemTotal_bytes) > 90
# for: 10m

6
modules/kubernetes/monitoring/pve_exporter.tf
View file

@ -2,7 +2,7 @@
resource "kubernetes_secret" "pve_exporter_config" {
metadata {
name = "pve-exporter-config"
namespace = "monitoring"
namespace = kubernetes_namespace.monitoring.metadata[0].name
}
data = {
@ -19,7 +19,7 @@ resource "kubernetes_secret" "pve_exporter_config" {
resource "kubernetes_deployment" "pve_exporter" {
metadata {
name = "proxmox-exporter"
namespace = "monitoring"
namespace = kubernetes_namespace.monitoring.metadata[0].name
}
spec {
@ -72,7 +72,7 @@ resource "kubernetes_deployment" "pve_exporter" {
resource "kubernetes_service" "proxmox-exporter" {
metadata {
name = "proxmox-exporter"
namespace = "monitoring"
namespace = kubernetes_namespace.monitoring.metadata[0].name
labels = {
"app" = "proxmox-exporter"
}

8
modules/kubernetes/monitoring/snmp_exporter.tf
View file

@ -12,7 +12,7 @@ https://sbcode.net/prometheus/snmp-generate-huawei/
resource "kubernetes_config_map" "snmp-exporter-yaml" {
metadata {
name = "snmp-exporter-yaml"
namespace = "monitoring"
namespace = kubernetes_namespace.monitoring.metadata[0].name
annotations = {
"reloader.stakater.com/match" = "true"
@ -27,7 +27,7 @@ resource "kubernetes_config_map" "snmp-exporter-yaml" {
resource "kubernetes_deployment" "snmp-exporter" {
metadata {
name = "snmp-exporter"
namespace = "monitoring"
namespace = kubernetes_namespace.monitoring.metadata[0].name
labels = {
app = "snmp-exporter"
}
@ -77,7 +77,7 @@ resource "kubernetes_deployment" "snmp-exporter" {
resource "kubernetes_service" "snmp-exporter" {
metadata {
name = "snmp-exporter"
namespace = "monitoring"
namespace = kubernetes_namespace.monitoring.metadata[0].name
labels = {
"app" = "snmp-exporter"
}
@ -102,7 +102,7 @@ resource "kubernetes_service" "snmp-exporter" {
module "snmp-exporter-ingress" {
source = "../ingress_factory"
namespace = "monitoring"
namespace = kubernetes_namespace.monitoring.metadata[0].name
name = "snmp-exporter"
root_domain = "viktorbarzin.lan"
tls_secret_name = var.tls_secret_name

10
modules/kubernetes/n8n/main.tf
View file

@ -3,11 +3,11 @@ variable "postgresql_password" {}
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "n8n"
namespace = kubernetes_namespace.n8n.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_namespace" "immich" {
resource "kubernetes_namespace" "n8n" {
metadata {
name = "n8n"
}
@ -16,7 +16,7 @@ resource "kubernetes_namespace" "immich" {
resource "kubernetes_deployment" "n8n" {
metadata {
name = "n8n"
namespace = "n8n"
namespace = kubernetes_namespace.n8n.metadata[0].name
labels = {
app = "n8n"
}
@ -112,7 +112,7 @@ resource "kubernetes_deployment" "n8n" {
resource "kubernetes_service" "n8n" {
metadata {
name = "n8n"
namespace = "n8n"
namespace = kubernetes_namespace.n8n.metadata[0].name
labels = {
"app" = "n8n"
}
@ -130,7 +130,7 @@ resource "kubernetes_service" "n8n" {
}
module "ingress" {
source = "../ingress_factory"
namespace = "n8n"
namespace = kubernetes_namespace.n8n.metadata[0].name
name = "n8n"
tls_secret_name = var.tls_secret_name
extra_annotations = {

8
modules/kubernetes/navidrome/main.tf
View file

@ -11,14 +11,14 @@ resource "kubernetes_namespace" "navidrome" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "navidrome"
namespace = kubernetes_namespace.navidrome.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_deployment" "navidrome" {
metadata {
name = "navidrome"
namespace = "navidrome"
namespace = kubernetes_namespace.navidrome.metadata[0].name
labels = {
app = "navidrome"
"kubernetes.io/cluster-service" = "true"
@ -94,7 +94,7 @@ resource "kubernetes_deployment" "navidrome" {
resource "kubernetes_service" "navidrome" {
metadata {
name = "navidrome"
namespace = "navidrome"
namespace = kubernetes_namespace.navidrome.metadata[0].name
labels = {
"app" = "navidrome"
}
@ -112,7 +112,7 @@ resource "kubernetes_service" "navidrome" {
}
module "ingress" {
source = "../ingress_factory"
namespace = "navidrome"
namespace = kubernetes_namespace.navidrome.metadata[0].name
name = "navidrome"
tls_secret_name = var.tls_secret_name
rybbit_site_id = "8a3844ff75ba"

8
modules/kubernetes/netbox/main.tf
View file

@ -8,14 +8,14 @@ resource "kubernetes_namespace" "netbox" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "netbox"
namespace = kubernetes_namespace.netbox.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_deployment" "netbox" {
metadata {
name = "netbox"
namespace = "netbox"
namespace = kubernetes_namespace.netbox.metadata[0].name
labels = {
app = "netbox"
}
@ -118,7 +118,7 @@ resource "kubernetes_deployment" "netbox" {
resource "kubernetes_service" "netbox" {
metadata {
name = "netbox"
namespace = "netbox"
namespace = kubernetes_namespace.netbox.metadata[0].name
labels = {
"app" = "netbox"
}
@ -138,7 +138,7 @@ resource "kubernetes_service" "netbox" {
}
module "ingress" {
source = "../ingress_factory"
namespace = "netbox"
namespace = kubernetes_namespace.netbox.metadata[0].name
name = "netbox"
tls_secret_name = var.tls_secret_name
protected = true

8
modules/kubernetes/networking-toolbox/main.tf
View file

@ -11,14 +11,14 @@ resource "kubernetes_namespace" "networking-toolbox" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "networking-toolbox"
namespace = kubernetes_namespace.networking-toolbox.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_deployment" "networking-toolbox" {
metadata {
name = "networking-toolbox"
namespace = "networking-toolbox"
namespace = kubernetes_namespace.networking-toolbox.metadata[0].name
labels = {
app = "networking-toolbox"
}
@ -52,7 +52,7 @@ resource "kubernetes_deployment" "networking-toolbox" {
resource "kubernetes_service" "networking-toolbox" {
metadata {
name = "networking-toolbox"
namespace = "networking-toolbox"
namespace = kubernetes_namespace.networking-toolbox.metadata[0].name
labels = {
"app" = "networking-toolbox"
}
@ -72,7 +72,7 @@ resource "kubernetes_service" "networking-toolbox" {
module "ingress" {
source = "../ingress_factory"
namespace = "networking-toolbox"
namespace = kubernetes_namespace.networking-toolbox.metadata[0].name
name = "networking-toolbox"
tls_secret_name = var.tls_secret_name
protected = true

16
modules/kubernetes/nextcloud/main.tf
View file

@ -3,7 +3,7 @@ variable "db_password" {}
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "nextcloud"
namespace = kubernetes_namespace.nextcloud.metadata[0].name
tls_secret_name = var.tls_secret_name
}
@ -17,7 +17,7 @@ resource "kubernetes_namespace" "nextcloud" {
}
resource "helm_release" "nextcloud" {
namespace = "nextcloud"
namespace = kubernetes_namespace.nextcloud.metadata[0].name
name = "nextcloud"
repository = "https://nextcloud.github.io/helm/"
@ -32,7 +32,7 @@ resource "helm_release" "nextcloud" {
# resource "kubernetes_config_map" "config" {
# metadata {
# name = "config"
# namespace = "nextcloud"
# namespace = kubernetes_namespace.nextcloud.metadata[0].name
# annotations = {
# "reloader.stakater.com/match" = "true"
@ -47,7 +47,7 @@ resource "helm_release" "nextcloud" {
resource "kubernetes_deployment" "whiteboard" {
metadata {
name = "whiteboard"
namespace = "nextcloud"
namespace = kubernetes_namespace.nextcloud.metadata[0].name
labels = {
app = "whiteboard"
}
@ -93,7 +93,7 @@ resource "kubernetes_deployment" "whiteboard" {
resource "kubernetes_service" "whiteboard" {
metadata {
name = "whiteboard"
namespace = "nextcloud"
namespace = kubernetes_namespace.nextcloud.metadata[0].name
labels = {
app = "whiteboard"
}
@ -132,7 +132,7 @@ resource "kubernetes_persistent_volume" "nextcloud-data-pv" {
resource "kubernetes_persistent_volume_claim" "nextcloud-data-pvc" {
metadata {
name = "nextcloud-data-pvc"
namespace = "nextcloud"
namespace = kubernetes_namespace.nextcloud.metadata[0].name
}
spec {
access_modes = ["ReadWriteOnce"]
@ -147,7 +147,7 @@ resource "kubernetes_persistent_volume_claim" "nextcloud-data-pvc" {
module "ingress" {
source = "../ingress_factory"
namespace = "nextcloud"
namespace = kubernetes_namespace.nextcloud.metadata[0].name
name = "nextcloud"
tls_secret_name = var.tls_secret_name
port = 8080
@ -162,7 +162,7 @@ module "ingress" {
module "whiteboard_ingress" {
source = "../ingress_factory"
namespace = "nextcloud"
namespace = kubernetes_namespace.nextcloud.metadata[0].name
name = "whiteboard"
tls_secret_name = var.tls_secret_name
port = 80

8
modules/kubernetes/ntfy/main.tf
View file

@ -7,14 +7,14 @@ resource "kubernetes_namespace" "ntfy" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "ntfy"
namespace = kubernetes_namespace.ntfy.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_deployment" "ntfy" {
metadata {
name = "ntfy"
namespace = "ntfy"
namespace = kubernetes_namespace.ntfy.metadata[0].name
labels = {
app = "ntfy"
}
@ -96,7 +96,7 @@ resource "kubernetes_deployment" "ntfy" {
resource "kubernetes_service" "ntfy" {
metadata {
name = "ntfy"
namespace = "ntfy"
namespace = kubernetes_namespace.ntfy.metadata[0].name
labels = {
"app" = "ntfy"
}
@ -121,7 +121,7 @@ resource "kubernetes_service" "ntfy" {
module "ingress" {
source = "../ingress_factory"
namespace = "ntfy"
namespace = kubernetes_namespace.ntfy.metadata[0].name
name = "ntfy"
tls_secret_name = var.tls_secret_name
}

14
modules/kubernetes/nvidia/main.tf
View file

@ -2,7 +2,7 @@ variable "tls_secret_name" {}
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "nvidia"
namespace = kubernetes_namespace.nvidia.metadata[0].name
tls_secret_name = var.tls_secret_name
}
@ -21,7 +21,7 @@ resource "kubernetes_namespace" "nvidia" {
resource "kubernetes_config_map" "time_slicing_config" {
metadata {
name = "time-slicing-config"
namespace = "nvidia"
namespace = kubernetes_namespace.nvidia.metadata[0].name
}
data = {
@ -41,7 +41,7 @@ resource "kubernetes_config_map" "time_slicing_config" {
}
resource "helm_release" "nvidia-gpu-operator" {
namespace = "nvidia"
namespace = kubernetes_namespace.nvidia.metadata[0].name
name = "nvidia-gpu-operator"
repository = "https://helm.ngc.nvidia.com/nvidia"
@ -57,7 +57,7 @@ resource "helm_release" "nvidia-gpu-operator" {
resource "kubernetes_deployment" "nvidia-exporter" {
metadata {
name = "nvidia-exporter"
namespace = "nvidia"
namespace = kubernetes_namespace.nvidia.metadata[0].name
labels = {
app = "nvidia-exporter"
}
@ -106,7 +106,7 @@ resource "kubernetes_deployment" "nvidia-exporter" {
resource "kubernetes_service" "nvidia-exporter" {
metadata {
name = "nvidia-exporter"
namespace = "nvidia"
namespace = kubernetes_namespace.nvidia.metadata[0].name
labels = {
"app" = "nvidia-exporter"
}
@ -127,7 +127,7 @@ resource "kubernetes_service" "nvidia-exporter" {
module "ingress" {
source = "../ingress_factory"
namespace = "nvidia"
namespace = kubernetes_namespace.nvidia.metadata[0].name
name = "nvidia-exporter"
root_domain = "viktorbarzin.lan"
tls_secret_name = var.tls_secret_name
@ -138,7 +138,7 @@ module "ingress" {
# resource "kubernetes_ingress_v1" "nvidia-exporter" {
# metadata {
# name = "nvidia-exporter"
# namespace = "nvidia"
# namespace = kubernetes_namespace.nvidia.metadata[0].name
# annotations = {
# "kubernetes.io/ingress.class" = "nginx"
# "nginx.ingress.kubernetes.io/whitelist-source-range" : "192.168.1.0/24, 10.0.0.0/8"

18
modules/kubernetes/ollama/main.tf
View file

@ -8,13 +8,13 @@ resource "kubernetes_namespace" "ollama" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "ollama"
namespace = kubernetes_namespace.ollama.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_persistent_volume_claim" "ollama-pvc" {
metadata {
name = "ollama-pvc"
namespace = "ollama"
namespace = kubernetes_namespace.ollama.metadata[0].name
}
spec {
@ -47,7 +47,7 @@ resource "kubernetes_persistent_volume" "ollama-pv" {
}
# resource "helm_release" "ollama" {
# namespace = "ollama"
# namespace = kubernetes_namespace.ollama.metadata[0].name
# name = "ollama"
# repository = "https://otwld.github.io/ollama-helm/"
@ -62,7 +62,7 @@ resource "kubernetes_persistent_volume" "ollama-pv" {
resource "kubernetes_deployment" "ollama" {
metadata {
name = "ollama"
namespace = "ollama"
namespace = kubernetes_namespace.ollama.metadata[0].name
labels = {
app = "ollama"
}
@ -126,7 +126,7 @@ resource "kubernetes_deployment" "ollama" {
resource "kubernetes_service" "ollama" {
metadata {
name = "ollama"
namespace = "ollama"
namespace = kubernetes_namespace.ollama.metadata[0].name
labels = {
app = "ollama"
}
@ -146,7 +146,7 @@ resource "kubernetes_service" "ollama" {
# Allow ollama to be connected to from external apps
module "ollama-ingress" {
source = "../ingress_factory"
namespace = "ollama"
namespace = kubernetes_namespace.ollama.metadata[0].name
name = "ollama-server"
service_name = "ollama"
root_domain = "viktorbarzin.lan"
@ -160,7 +160,7 @@ module "ollama-ingress" {
resource "kubernetes_deployment" "ollama-ui" {
metadata {
name = "ollama-ui"
namespace = "ollama"
namespace = kubernetes_namespace.ollama.metadata[0].name
labels = {
app = "ollama-ui"
}
@ -211,7 +211,7 @@ resource "kubernetes_deployment" "ollama-ui" {
resource "kubernetes_service" "ollama-ui" {
metadata {
name = "ollama-ui"
namespace = "ollama"
namespace = kubernetes_namespace.ollama.metadata[0].name
labels = {
app = "dashy"
}
@ -231,7 +231,7 @@ resource "kubernetes_service" "ollama-ui" {
module "ingress" {
source = "../ingress_factory"
namespace = "ollama"
namespace = kubernetes_namespace.ollama.metadata[0].name
name = "ollama"
service_name = "ollama-ui"
tls_secret_name = var.tls_secret_name

8
modules/kubernetes/onlyoffice/main.tf
View file

@ -13,14 +13,14 @@ resource "kubernetes_namespace" "onlyoffice" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "onlyoffice"
namespace = kubernetes_namespace.onlyoffice.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_deployment" "onlyoffice-document-server" {
metadata {
name = "onlyoffice-document-server"
namespace = "onlyoffice"
namespace = kubernetes_namespace.onlyoffice.metadata[0].name
labels = {
app = "onlyoffice-document-server"
}
@ -104,7 +104,7 @@ resource "kubernetes_deployment" "onlyoffice-document-server" {
resource "kubernetes_service" "onlyoffice" {
metadata {
name = "onlyoffice-document-server"
namespace = "onlyoffice"
namespace = kubernetes_namespace.onlyoffice.metadata[0].name
labels = {
"app" = "onlyoffice-document-server"
}
@ -121,7 +121,7 @@ resource "kubernetes_service" "onlyoffice" {
}
module "ingress" {
source = "../ingress_factory"
namespace = "onlyoffice"
namespace = kubernetes_namespace.onlyoffice.metadata[0].name
name = "onlyoffice"
service_name = "onlyoffice-document-server"
tls_secret_name = var.tls_secret_name

10
modules/kubernetes/owntracks/main.tf
View file

@ -17,7 +17,7 @@ resource "kubernetes_namespace" "owntracks" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "owntracks"
namespace = kubernetes_namespace.owntracks.metadata[0].name
tls_secret_name = var.tls_secret_name
}
@ -29,7 +29,7 @@ locals {
resource "kubernetes_secret" "basic_auth" {
metadata {
name = "basic-auth-secret"
namespace = "owntracks"
namespace = kubernetes_namespace.owntracks.metadata[0].name
}
data = {
@ -45,7 +45,7 @@ resource "kubernetes_secret" "basic_auth" {
resource "kubernetes_deployment" "owntracks" {
metadata {
name = "owntracks"
namespace = "owntracks"
namespace = kubernetes_namespace.owntracks.metadata[0].name
labels = {
app = "owntracks"
}
@ -112,7 +112,7 @@ resource "kubernetes_deployment" "owntracks" {
resource "kubernetes_service" "owntracks" {
metadata {
name = "owntracks"
namespace = "owntracks"
namespace = kubernetes_namespace.owntracks.metadata[0].name
labels = {
"app" = "owntracks"
}
@ -133,7 +133,7 @@ resource "kubernetes_service" "owntracks" {
module "ingress" {
source = "../ingress_factory"
namespace = "owntracks"
namespace = kubernetes_namespace.owntracks.metadata[0].name
name = "owntracks"
tls_secret_name = var.tls_secret_name
port = 443

8
modules/kubernetes/paperless-ngx/main.tf
View file

@ -15,7 +15,7 @@ resource "kubernetes_namespace" "paperless-ngx" {
}
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "paperless-ngx"
namespace = kubernetes_namespace.paperless-ngx.metadata[0].name
tls_secret_name = var.tls_secret_name
}
@ -23,7 +23,7 @@ module "tls_secret" {
resource "kubernetes_deployment" "paperless-ngx" {
metadata {
name = "paperless-ngx"
namespace = "paperless-ngx"
namespace = kubernetes_namespace.paperless-ngx.metadata[0].name
labels = {
app = "paperless-ngx"
}
@ -124,7 +124,7 @@ resource "kubernetes_deployment" "paperless-ngx" {
resource "kubernetes_service" "paperless-ngx" {
metadata {
name = "paperless-ngx"
namespace = "paperless-ngx"
namespace = kubernetes_namespace.paperless-ngx.metadata[0].name
labels = {
"app" = "paperless-ngx"
}
@ -145,7 +145,7 @@ resource "kubernetes_service" "paperless-ngx" {
module "ingress" {
source = "../ingress_factory"
namespace = "paperless-ngx"
namespace = kubernetes_namespace.paperless-ngx.metadata[0].name
name = "paperless-ngx"
service_name = "paperless-ngx"
host = "pdf"

12
modules/kubernetes/pihole/main.tf
View file

@ -9,7 +9,7 @@ resource "kubernetes_namespace" "pihole" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "pihole"
namespace = kubernetes_namespace.pihole.metadata[0].name
tls_secret_name = var.tls_secret_name
}
@ -17,7 +17,7 @@ module "tls_secret" {
resource "kubernetes_config_map" "external_conf" {
metadata {
name = "external-conf"
namespace = "pihole"
namespace = kubernetes_namespace.pihole.metadata[0].name
labels = {
app = "pihole"
@ -31,7 +31,7 @@ resource "kubernetes_config_map" "external_conf" {
resource "kubernetes_deployment" "pihole" {
metadata {
name = "pihole"
namespace = "pihole"
namespace = kubernetes_namespace.pihole.metadata[0].name
labels = {
app = "pihole"
}
@ -118,7 +118,7 @@ resource "kubernetes_deployment" "pihole" {
resource "kubernetes_service" "pihole-dns" {
metadata {
name = "pihole-dns"
namespace = "pihole"
namespace = kubernetes_namespace.pihole.metadata[0].name
labels = {
"app" = "pihole"
}
@ -144,7 +144,7 @@ resource "kubernetes_service" "pihole-dns" {
resource "kubernetes_service" "pihole-web" {
metadata {
name = "pihole-web"
namespace = "pihole"
namespace = kubernetes_namespace.pihole.metadata[0].name
labels = {
"app" = "pihole"
}
@ -167,7 +167,7 @@ resource "kubernetes_service" "pihole-web" {
resource "kubernetes_ingress_v1" "pihole" {
metadata {
name = "pihole-ingress"
namespace = "pihole"
namespace = kubernetes_namespace.pihole.metadata[0].name
annotations = {
"kubernetes.io/ingress.class" = "nginx"
"nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on"

8
modules/kubernetes/privatebin/main.tf
View file

@ -11,14 +11,14 @@ resource "kubernetes_namespace" "privatebin" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "privatebin"
namespace = kubernetes_namespace.privatebin.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_deployment" "privatebin" {
metadata {
name = "privatebin"
namespace = "privatebin"
namespace = kubernetes_namespace.privatebin.metadata[0].name
labels = {
app = "privatebin"
"kubernetes.io/cluster-service" = "true"
@ -71,7 +71,7 @@ resource "kubernetes_deployment" "privatebin" {
resource "kubernetes_service" "privatebin" {
metadata {
name = "privatebin"
namespace = "privatebin"
namespace = kubernetes_namespace.privatebin.metadata[0].name
labels = {
"app" = "privatebin"
}
@ -90,7 +90,7 @@ resource "kubernetes_service" "privatebin" {
module "ingress" {
source = "../ingress_factory"
namespace = "privatebin"
namespace = kubernetes_namespace.privatebin.metadata[0].name
name = "privatebin"
host = "pb"
tls_secret_name = var.tls_secret_name

18
modules/kubernetes/real-estate-crawler/main.tf
View file

@ -17,14 +17,14 @@ resource "kubernetes_namespace" "realestate-crawler" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "realestate-crawler"
namespace = kubernetes_namespace.realestate-crawler.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_deployment" "realestate-crawler-ui" {
metadata {
name = "realestate-crawler-ui"
namespace = "realestate-crawler"
namespace = kubernetes_namespace.realestate-crawler.metadata[0].name
labels = {
app = "realestate-crawler-ui"
}
@ -68,7 +68,7 @@ resource "kubernetes_deployment" "realestate-crawler-ui" {
resource "kubernetes_service" "realestate-crawler-ui" {
metadata {
name = "realestate-crawler-ui"
namespace = "realestate-crawler"
namespace = kubernetes_namespace.realestate-crawler.metadata[0].name
labels = {
"app" = "realestate-crawler-ui"
}
@ -85,7 +85,7 @@ resource "kubernetes_service" "realestate-crawler-ui" {
}
# module "ingress" {
# source = "../ingress_factory"
# namespace = "realestate-crawler"
# namespace = kubernetes_namespace.realestate-crawler.metadata[0].name
# name = "wrongmove"
# service_name = "realestate-crawler-ui"
# tls_secret_name = var.tls_secret_name
@ -95,7 +95,7 @@ resource "kubernetes_service" "realestate-crawler-ui" {
resource "kubernetes_deployment" "realestate-crawler-api" {
metadata {
name = "realestate-crawler-api"
namespace = "realestate-crawler"
namespace = kubernetes_namespace.realestate-crawler.metadata[0].name
labels = {
app = "realestate-crawler-api"
}
@ -179,7 +179,7 @@ resource "kubernetes_deployment" "realestate-crawler-api" {
resource "kubernetes_service" "realestate-crawler-api" {
metadata {
name = "realestate-crawler-api"
namespace = "realestate-crawler"
namespace = kubernetes_namespace.realestate-crawler.metadata[0].name
labels = {
"app" = "realestate-crawler-api"
}
@ -197,7 +197,7 @@ resource "kubernetes_service" "realestate-crawler-api" {
}
# module "ingress-api" {
# source = "../ingress_factory"
# namespace = "realestate-crawler"
# namespace = kubernetes_namespace.realestate-crawler.metadata[0].name
# name = "wrongmove-api"
# service_name = "realestate-crawler-api"
# tls_secret_name = var.tls_secret_name
@ -206,7 +206,7 @@ resource "kubernetes_service" "realestate-crawler-api" {
resource "kubernetes_ingress_v1" "proxied-ingress" {
metadata {
name = "realestate-crawler"
namespace = "realestate-crawler"
namespace = kubernetes_namespace.realestate-crawler.metadata[0].name
annotations = {
"kubernetes.io/ingress.class" = "nginx"
"nginx.ingress.kubernetes.io/backend-protocol" = "http"
@ -278,7 +278,7 @@ resource "kubernetes_ingress_v1" "proxied-ingress" {
resource "kubernetes_cron_job_v1" "scrape-rightmove" {
metadata {
name = "scrape-rightmove"
namespace = "realestate-crawler"
namespace = kubernetes_namespace.realestate-crawler.metadata[0].name
}
spec {
concurrency_policy = "Replace"

8
modules/kubernetes/redis/main.tf
View file

@ -8,14 +8,14 @@ resource "kubernetes_namespace" "redis" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "redis"
namespace = kubernetes_namespace.redis.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_deployment" "redis" {
metadata {
name = "redis"
namespace = "redis"
namespace = kubernetes_namespace.redis.metadata[0].name
labels = {
app = "redis"
}
@ -69,7 +69,7 @@ resource "kubernetes_deployment" "redis" {
resource "kubernetes_service" "redis" {
metadata {
name = "redis"
namespace = "redis"
namespace = kubernetes_namespace.redis.metadata[0].name
labels = {
app = "redis"
}
@ -91,7 +91,7 @@ resource "kubernetes_service" "redis" {
}
module "ingress" {
source = "../ingress_factory"
namespace = "redis"
namespace = kubernetes_namespace.redis.metadata[0].name
name = "redis"
tls_secret_name = var.tls_secret_name
protected = true

4
modules/kubernetes/resume/main.tf
View file

@ -4,7 +4,7 @@ variable "redis_url" {}
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "resume"
namespace = kubernetes_namespace.resume.metadata[0].name
tls_secret_name = var.tls_secret_name
}
@ -17,7 +17,7 @@ resource "kubernetes_namespace" "resume" {
resource "kubernetes_deployment" "resume" {
metadata {
name = "resume"
namespace = "resume"
namespace = kubernetes_namespace.resume.metadata[0].name
labels = {
app = "resume"
}

6
modules/kubernetes/reverse_proxy/factory/main.tf
View file

@ -75,8 +75,10 @@ resource "kubernetes_ingress_v1" "proxied-ingress" {
# "nginx.ingress.kubernetes.io/auth-signin" : var.protected ? "http://oauth2.oauth2.svc.cluster.local/oauth2/start?rd=/redirect/$http_host$escaped_request_uri" : null
"nginx.ingress.kubernetes.io/auth-url" : var.protected ? "http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx" : null
"nginx.ingress.kubernetes.io/auth-signin" : var.protected ? "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme%3A%2F%2F$host$escaped_request_uri" : null
# "nginx.ingress.kubernetes.io/auth-response-headers" : var.protected ? "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid" : null
# "nginx.ingress.kubernetes.io/auth-signin" : var.protected ? "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme%3A%2F%2F$host$escaped_request_uri" : null
# "nginx.ingress.kubernetes.io/auth-signin" : var.protected ? "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$scheme://$http_host$escaped_request_uri" : null
"nginx.ingress.kubernetes.io/auth-signin" : var.protected ? "https://authentik.viktorbarzin.me/outpost.goauthentik.io/start?rd=$escaped_request_uri" : null
"nginx.ingress.kubernetes.io/auth-response-headers" : var.protected ? "Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid" : null
"nginx.ingress.kubernetes.io/auth-snippet" : var.protected ? "proxy_set_header X-Forwarded-Host $http_host;" : null
"nginx.ingress.kubernetes.io/proxy-body-size" : var.max_body_size

16
modules/kubernetes/rybbit/main.tf
View file

@ -10,7 +10,7 @@ resource "kubernetes_namespace" "rybbit" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "rybbit"
namespace = kubernetes_namespace.rybbit.metadata[0].name
tls_secret_name = var.tls_secret_name
}
@ -27,7 +27,7 @@ locals {
resource "kubernetes_deployment" "clickhouse" {
metadata {
name = "clickhouse"
namespace = "rybbit"
namespace = kubernetes_namespace.rybbit.metadata[0].name
labels = {
app = "clickhouse"
}
@ -86,7 +86,7 @@ resource "kubernetes_deployment" "clickhouse" {
resource "kubernetes_service" "clickhouse" {
metadata {
name = "clickhouse"
namespace = "rybbit"
namespace = kubernetes_namespace.rybbit.metadata[0].name
labels = {
"app" = "clickhouse"
}
@ -108,7 +108,7 @@ resource "kubernetes_service" "clickhouse" {
resource "kubernetes_deployment" "rybbit" {
metadata {
name = "rybbit"
namespace = "rybbit"
namespace = kubernetes_namespace.rybbit.metadata[0].name
labels = {
app = "rybbit"
}
@ -199,7 +199,7 @@ resource "kubernetes_deployment" "rybbit" {
resource "kubernetes_service" "rybbit" {
metadata {
name = "rybbit"
namespace = "rybbit"
namespace = kubernetes_namespace.rybbit.metadata[0].name
labels = {
"app" = "rybbit"
}
@ -220,7 +220,7 @@ resource "kubernetes_service" "rybbit" {
resource "kubernetes_deployment" "rybbit-client" {
metadata {
name = "rybbit-client"
namespace = "rybbit"
namespace = kubernetes_namespace.rybbit.metadata[0].name
labels = {
app = "rybbit-client"
}
@ -264,7 +264,7 @@ resource "kubernetes_deployment" "rybbit-client" {
resource "kubernetes_service" "rybbit-client" {
metadata {
name = "rybbit-client"
namespace = "rybbit"
namespace = kubernetes_namespace.rybbit.metadata[0].name
labels = {
"app" = "rybbit-client"
}
@ -286,7 +286,7 @@ resource "kubernetes_service" "rybbit-client" {
resource "kubernetes_ingress_v1" "rybbit" {
metadata {
name = "rybbit"
namespace = "rybbit"
namespace = kubernetes_namespace.rybbit.metadata[0].name
annotations = {
"kubernetes.io/ingress.class" = "nginx"

8
modules/kubernetes/send/main.tf
View file

@ -11,14 +11,14 @@ resource "kubernetes_namespace" "send" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "send"
namespace = kubernetes_namespace.send.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_deployment" "send" {
metadata {
name = "send"
namespace = "send"
namespace = kubernetes_namespace.send.metadata[0].name
labels = {
app = "send"
}
@ -90,7 +90,7 @@ resource "kubernetes_deployment" "send" {
resource "kubernetes_service" "send" {
metadata {
name = "send"
namespace = "send"
namespace = kubernetes_namespace.send.metadata[0].name
labels = {
app = "send"
}
@ -108,7 +108,7 @@ resource "kubernetes_service" "send" {
}
module "ingress" {
source = "../ingress_factory"
namespace = "send"
namespace = kubernetes_namespace.send.metadata[0].name
name = "send"
tls_secret_name = var.tls_secret_name
port = 1443

2
modules/kubernetes/servarr/main.tf
View file

@ -8,7 +8,7 @@ resource "kubernetes_namespace" "servarr" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "servarr"
namespace = kubernetes_namespace.servarr.metadata[0].name
tls_secret_name = var.tls_secret_name
}

6
modules/kubernetes/shadowsocks/main.tf
View file

@ -3,7 +3,7 @@ variable "method" {
default = "chacha20-ietf-poly1305"
}
resource "kubernetes_namespace" "mailserver" {
resource "kubernetes_namespace" "shadowsocks" {
metadata {
name = "shadowsocks"
# TLS termination seems iffy - I get pfsense MiTM-ing
@ -16,7 +16,7 @@ resource "kubernetes_namespace" "mailserver" {
resource "kubernetes_deployment" "shadowsocks" {
metadata {
name = "shadowsocks"
namespace = "shadowsocks"
namespace = kubernetes_namespace.shadowsocks.metadata[0].name
labels = {
"app" = "shadowsocks"
}
@ -67,7 +67,7 @@ resource "kubernetes_deployment" "shadowsocks" {
resource "kubernetes_service" "mailserver" {
metadata {
name = "shadowsocks"
namespace = "shadowsocks"
namespace = kubernetes_namespace.shadowsocks.metadata[0].name
labels = {
app = "shadowsocks"

8
modules/kubernetes/stirling-pdf/main.tf
View file

@ -11,14 +11,14 @@ resource "kubernetes_namespace" "stirling-pdf" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "stirling-pdf"
namespace = kubernetes_namespace.stirling-pdf.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_deployment" "stirling-pdf" {
metadata {
name = "stirling-pdf"
namespace = "stirling-pdf"
namespace = kubernetes_namespace.stirling-pdf.metadata[0].name
labels = {
app = "stirling-pdf"
}
@ -63,7 +63,7 @@ resource "kubernetes_deployment" "stirling-pdf" {
resource "kubernetes_service" "stirling-pdf" {
metadata {
name = "stirling-pdf"
namespace = "stirling-pdf"
namespace = kubernetes_namespace.stirling-pdf.metadata[0].name
labels = {
"app" = "stirling-pdf"
}
@ -83,7 +83,7 @@ resource "kubernetes_service" "stirling-pdf" {
module "ingress" {
source = "../ingress_factory"
namespace = "stirling-pdf"
namespace = kubernetes_namespace.stirling-pdf.metadata[0].name
name = "stirling-pdf"
tls_secret_name = var.tls_secret_name
rybbit_site_id = "a55ac54ec749"

8
modules/kubernetes/tandoor/main.tf
View file

@ -17,14 +17,14 @@ resource "random_password" "secret_key" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "tandoor"
namespace = kubernetes_namespace.tandoor.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_deployment" "tandoor" {
metadata {
name = "tandoor"
namespace = "tandoor"
namespace = kubernetes_namespace.tandoor.metadata[0].name
labels = {
app = "tandoor"
}
@ -144,7 +144,7 @@ resource "kubernetes_deployment" "tandoor" {
resource "kubernetes_service" "tandoor" {
metadata {
name = "tandoor"
namespace = "tandoor"
namespace = kubernetes_namespace.tandoor.metadata[0].name
labels = {
"app" = "tandoor"
}
@ -163,7 +163,7 @@ resource "kubernetes_service" "tandoor" {
module "ingress" {
source = "../ingress_factory"
namespace = "tandoor"
namespace = kubernetes_namespace.tandoor.metadata[0].name
name = "tandoor"
tls_secret_name = var.tls_secret_name
}

12
modules/kubernetes/technitium/main.tf
View file

@ -13,7 +13,7 @@ resource "kubernetes_namespace" "technitium" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "technitium"
namespace = kubernetes_namespace.technitium.metadata[0].name
tls_secret_name = var.tls_secret_name
}
@ -21,7 +21,7 @@ resource "kubernetes_deployment" "technitium" {
# resource "kubernetes_daemonset" "technitium" {
metadata {
name = "technitium"
namespace = "technitium"
namespace = kubernetes_namespace.technitium.metadata[0].name
labels = {
app = "technitium"
}
@ -103,7 +103,7 @@ resource "kubernetes_deployment" "technitium" {
resource "kubernetes_service" "technitium-web" {
metadata {
name = "technitium-web"
namespace = "technitium"
namespace = kubernetes_namespace.technitium.metadata[0].name
labels = {
"app" = "technitium"
}
@ -134,7 +134,7 @@ resource "kubernetes_service" "technitium-web" {
resource "kubernetes_service" "technitium-dns" {
metadata {
name = "technitium-dns"
namespace = "technitium"
namespace = kubernetes_namespace.technitium.metadata[0].name
labels = {
"app" = "technitium"
}
@ -162,7 +162,7 @@ resource "kubernetes_service" "technitium-dns" {
}
module "ingress" {
source = "../ingress_factory"
namespace = "technitium"
namespace = kubernetes_namespace.technitium.metadata[0].name
name = "technitium"
tls_secret_name = var.tls_secret_name
port = 5380
@ -185,7 +185,7 @@ module "ingress" {
module "ingress-doh" {
source = "../ingress_factory"
namespace = "technitium"
namespace = kubernetes_namespace.technitium.metadata[0].name
name = "technitium-doh"
tls_secret_name = var.tls_secret_name
host = "dns"

10
modules/kubernetes/travel_blog/main.tf
View file

@ -11,20 +11,20 @@ resource "kubernetes_namespace" "travel-blog" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "travel-blog"
namespace = kubernetes_namespace.travel-blog.metadata[0].name
tls_secret_name = var.tls_secret_name
}
# module "dockerhub_creds" {
# source = "../dockerhub_secret"
# namespace = "website"
# namespace = kubernetes_namespace.travel.metadata[0].name
# password = var.dockerhub_password
# }
resource "kubernetes_deployment" "blog" {
metadata {
name = "travel-blog"
namespace = "travel-blog"
namespace = kubernetes_namespace.travel-blog.metadata[0].name
labels = {
run = "travel-blog"
}
@ -77,7 +77,7 @@ resource "kubernetes_deployment" "blog" {
resource "kubernetes_service" "travel-blog" {
metadata {
name = "travel-blog"
namespace = "travel-blog"
namespace = kubernetes_namespace.travel-blog.metadata[0].name
labels = {
"run" = "travel-blog"
}
@ -107,7 +107,7 @@ resource "kubernetes_service" "travel-blog" {
module "ingress" {
source = "../ingress_factory"
namespace = "travel-blog"
namespace = kubernetes_namespace.travel-blog.metadata[0].name
name = "travel"
tls_secret_name = var.tls_secret_name
service_name = "travel-blog"

8
modules/kubernetes/tuya-bridge/main.tf
View file

@ -15,14 +15,14 @@ resource "kubernetes_namespace" "tuya-bridge" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "tuya-bridge"
namespace = kubernetes_namespace.tuya-bridge.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_deployment" "tuya-bridge" {
metadata {
name = "tuya-bridge"
namespace = "tuya-bridge"
namespace = kubernetes_namespace.tuya-bridge.metadata[0].name
labels = {
app = "tuya-bridge"
}
@ -72,7 +72,7 @@ resource "kubernetes_deployment" "tuya-bridge" {
resource "kubernetes_service" "tuya-bridge" {
metadata {
name = "tuya-bridge"
namespace = "tuya-bridge"
namespace = kubernetes_namespace.tuya-bridge.metadata[0].name
labels = {
"app" = "tuya-bridge"
}
@ -92,7 +92,7 @@ resource "kubernetes_service" "tuya-bridge" {
module "ingress" {
source = "../ingress_factory"
namespace = "tuya-bridge"
namespace = kubernetes_namespace.tuya-bridge.metadata[0].name
name = "tuya-bridge"
tls_secret_name = var.tls_secret_name

20
modules/kubernetes/uptime-kuma/main.tf
View file

@ -1,11 +1,5 @@
variable "tls_secret_name" {}
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "uptime-kuma"
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_namespace" "uptime-kuma" {
metadata {
name = "uptime-kuma"
@ -15,10 +9,16 @@ resource "kubernetes_namespace" "uptime-kuma" {
}
}
module "tls_secret" {
source = "../setup_tls_secret"
namespace = kubernetes_namespace.uptime-kuma.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_deployment" "uptime-kuma" {
metadata {
name = "uptime-kuma"
namespace = "uptime-kuma"
namespace = kubernetes_namespace.uptime-kuma.metadata[0].name
labels = {
app = "uptime-kuma"
}
@ -73,7 +73,7 @@ resource "kubernetes_deployment" "uptime-kuma" {
resource "kubernetes_service" "uptime-kuma" {
metadata {
name = "uptime-kuma"
namespace = "uptime-kuma"
namespace = kubernetes_namespace.uptime-kuma.metadata[0].name
labels = {
"app" = "uptime-kuma"
}
@ -91,7 +91,7 @@ resource "kubernetes_service" "uptime-kuma" {
}
module "ingress" {
source = "../ingress_factory"
namespace = "uptime-kuma"
namespace = kubernetes_namespace.uptime-kuma.metadata[0].name
name = "uptime"
tls_secret_name = var.tls_secret_name
service_name = "uptime-kuma"
@ -114,7 +114,7 @@ module "ingress" {
# resource "kubernetes_cron_job_v1" "sqlite-backup" {
# metadata {
# name = "backup"
# namespace = "uptime-kuma"
# namespace = kubernetes_namespace.uptime-kuma.metadata[0].name
# }
# spec {
# concurrency_policy = "Replace"

22
modules/kubernetes/url-shortener/main.tf
View file

@ -23,14 +23,14 @@ resource "kubernetes_namespace" "shlink" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "url"
namespace = kubernetes_namespace.shlink.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_secret" "mysql_config" {
metadata {
name = "mysql-config"
namespace = "url"
namespace = kubernetes_namespace.shlink.metadata[0].name
annotations = {
"reloader.stakater.com/match" = "true"
}
@ -48,12 +48,12 @@ resource "kubernetes_secret" "mysql_config" {
# kind: MysqlUser
# metadata:
# name: shlink
# namespace: url
# namespace = kubernetes_namespace.shlink.metadata[0].name
# spec:
# user: shlink
# clusterRef:
# name: mysql-cluster
# namespace: dbaas
# namespace = kubernetes_namespace.shlink.metadata[0].name
# password:
# name: mysql-config
# key: password
@ -74,7 +74,7 @@ resource "kubernetes_secret" "mysql_config" {
resource "kubernetes_deployment" "shlink" {
metadata {
name = "shlink"
namespace = "url"
namespace = kubernetes_namespace.shlink.metadata[0].name
labels = {
run = "shlink"
}
@ -152,7 +152,7 @@ resource "kubernetes_deployment" "shlink" {
resource "kubernetes_service" "shlink" {
metadata {
name = "shlink"
namespace = "url"
namespace = kubernetes_namespace.shlink.metadata[0].name
labels = {
"run" = "shlink"
}
@ -172,7 +172,7 @@ resource "kubernetes_service" "shlink" {
module "ingress" {
source = "../ingress_factory"
namespace = "url"
namespace = kubernetes_namespace.shlink.metadata[0].name
name = "url"
service_name = "shlink"
tls_secret_name = var.tls_secret_name
@ -192,7 +192,7 @@ module "ingress" {
resource "kubernetes_config_map" "shlink-web" {
metadata {
name = "shlink-web-servers"
namespace = "url"
namespace = kubernetes_namespace.shlink.metadata[0].name
annotations = {
"reloader.stakater.com/match" = "true"
@ -211,7 +211,7 @@ resource "kubernetes_config_map" "shlink-web" {
resource "kubernetes_deployment" "shlink-web" {
metadata {
name = "shlink-web"
namespace = "url"
namespace = kubernetes_namespace.shlink.metadata[0].name
labels = {
run = "shlink-web"
}
@ -269,7 +269,7 @@ resource "kubernetes_deployment" "shlink-web" {
resource "kubernetes_service" "shlink-web" {
metadata {
name = "shlink-web"
namespace = "url"
namespace = kubernetes_namespace.shlink.metadata[0].name
labels = {
"run" = "shlink-web"
}
@ -289,7 +289,7 @@ resource "kubernetes_service" "shlink-web" {
module "ingress-web" {
source = "../ingress_factory"
namespace = "url"
namespace = kubernetes_namespace.shlink.metadata[0].name
name = "shlink"
service_name = "shlink-web"
tls_secret_name = var.tls_secret_name

8
modules/kubernetes/vault/main.tf
View file

@ -11,7 +11,7 @@ resource "kubernetes_namespace" "vault" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "vault"
namespace = kubernetes_namespace.vault.metadata[0].name
tls_secret_name = var.tls_secret_name
}
@ -33,8 +33,8 @@ resource "kubernetes_persistent_volume" "vault_data" {
}
}
resource "helm_release" "prometheus" {
namespace = "vault"
resource "helm_release" "vault" {
namespace = kubernetes_namespace.vault.metadata[0].name
create_namespace = true
name = "vault"
@ -48,7 +48,7 @@ resource "helm_release" "prometheus" {
module "ingress" {
source = "../ingress_factory"
namespace = "vault"
namespace = kubernetes_namespace.vault.metadata[0].name
name = "vault"
service_name = "vault-ui"
port = 8200

8
modules/kubernetes/vaultwarden/main.tf
View file

@ -12,14 +12,14 @@ resource "kubernetes_namespace" "vaultwarden" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "vaultwarden"
namespace = kubernetes_namespace.vaultwarden.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_deployment" "vaultwarden" {
metadata {
name = "vaultwarden"
namespace = "vaultwarden"
namespace = kubernetes_namespace.vaultwarden.metadata[0].name
labels = {
app = "vaultwarden"
}
@ -104,7 +104,7 @@ resource "kubernetes_deployment" "vaultwarden" {
resource "kubernetes_service" "vaultwarden" {
metadata {
name = "vaultwarden"
namespace = "vaultwarden"
namespace = kubernetes_namespace.vaultwarden.metadata[0].name
labels = {
"app" = "vaultwarden"
}
@ -124,7 +124,7 @@ resource "kubernetes_service" "vaultwarden" {
module "ingress" {
source = "../ingress_factory"
namespace = "vaultwarden"
namespace = kubernetes_namespace.vaultwarden.metadata[0].name
name = "vaultwarden"
tls_secret_name = var.tls_secret_name
rybbit_site_id = "b8fc85e18683"

10
modules/kubernetes/vikunja/main.tf
View file

@ -8,14 +8,14 @@ resource "kubernetes_namespace" "vikunja" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "vikunja"
namespace = kubernetes_namespace.vikunja.metadata[0].name
tls_secret_name = var.tls_secret_name
}
resource "kubernetes_deployment" "vikunja" {
metadata {
name = "vikunja"
namespace = "vikunja"
namespace = kubernetes_namespace.vikunja.metadata[0].name
labels = {
app = "vikunja"
}
@ -154,7 +154,7 @@ resource "kubernetes_deployment" "vikunja" {
resource "kubernetes_service" "vikunja" {
metadata {
name = "vikunja"
namespace = "vikunja"
namespace = kubernetes_namespace.vikunja.metadata[0].name
labels = {
"app" = "vikunja"
}
@ -176,7 +176,7 @@ resource "kubernetes_service" "vikunja" {
resource "kubernetes_service" "api" {
metadata {
name = "api"
namespace = "vikunja"
namespace = kubernetes_namespace.vikunja.metadata[0].name
labels = {
"app" = "vikunja"
}
@ -198,7 +198,7 @@ resource "kubernetes_service" "api" {
resource "kubernetes_ingress_v1" "vikunja" {
metadata {
name = "vikunja"
namespace = "vikunja"
namespace = kubernetes_namespace.vikunja.metadata[0].name
annotations = {
"kubernetes.io/ingress.class" = "nginx"
}

8
modules/kubernetes/wealthfolio/main.tf
View file

@ -19,7 +19,7 @@ resource "kubernetes_namespace" "wealthfolio" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "wealthfolio"
namespace = kubernetes_namespace.wealthfolio.metadata[0].name
tls_secret_name = var.tls_secret_name
}
@ -31,7 +31,7 @@ resource "random_string" "random" {
resource "kubernetes_deployment" "wealthfolio" {
metadata {
name = "wealthfolio"
namespace = "wealthfolio"
namespace = kubernetes_namespace.wealthfolio.metadata[0].name
labels = {
app = "wealthfolio"
}
@ -100,7 +100,7 @@ resource "kubernetes_deployment" "wealthfolio" {
resource "kubernetes_service" "wealthfolio" {
metadata {
name = "wealthfolio"
namespace = "wealthfolio"
namespace = kubernetes_namespace.wealthfolio.metadata[0].name
labels = {
"app" = "wealthfolio"
}
@ -120,7 +120,7 @@ resource "kubernetes_service" "wealthfolio" {
module "ingress" {
source = "../ingress_factory"
namespace = "wealthfolio"
namespace = kubernetes_namespace.wealthfolio.metadata[0].name
name = "wealthfolio"
tls_secret_name = var.tls_secret_name
protected = true

12
modules/kubernetes/webhook_handler/main.tf
View file

@ -16,7 +16,7 @@ resource "kubernetes_namespace" "webhook-handler" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "webhook-handler"
namespace = kubernetes_namespace.webhook-handler.metadata[0].name
tls_secret_name = var.tls_secret_name
}
@ -40,7 +40,7 @@ resource "kubernetes_cluster_role_binding" "update_deployment_binding" {
subject {
kind = "ServiceAccount"
name = "default"
namespace = "webhook-handler"
namespace = kubernetes_namespace.webhook-handler.metadata[0].name
}
role_ref {
@ -54,7 +54,7 @@ resource "kubernetes_cluster_role_binding" "update_deployment_binding" {
resource "kubernetes_secret" "ssh-key" {
metadata {
name = "ssh-key"
namespace = "webhook-handler"
namespace = kubernetes_namespace.webhook-handler.metadata[0].name
annotations = {
"reloader.stakater.com/match" = "true"
@ -68,7 +68,7 @@ resource "kubernetes_secret" "ssh-key" {
resource "kubernetes_deployment" "webhook_handler" {
metadata {
name = "webhook-handler"
namespace = "webhook-handler"
namespace = kubernetes_namespace.webhook-handler.metadata[0].name
labels = {
app = "webhook-handler"
}
@ -170,7 +170,7 @@ resource "kubernetes_deployment" "webhook_handler" {
resource "kubernetes_service" "webhook_handler" {
metadata {
name = "webhook-handler"
namespace = "webhook-handler"
namespace = kubernetes_namespace.webhook-handler.metadata[0].name
labels = {
"app" = "webhook-handler"
}
@ -190,7 +190,7 @@ resource "kubernetes_service" "webhook_handler" {
resource "kubernetes_ingress_v1" "webhook_handler" {
metadata {
name = "webhook-handler-ingress"
namespace = "webhook-handler"
namespace = kubernetes_namespace.webhook-handler.metadata[0].name
annotations = {
"kubernetes.io/ingress.class" = "nginx"
}

12
modules/kubernetes/wireguard/main.tf
View file

@ -5,7 +5,7 @@ variable "wg_0_key" {}
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "wireguard"
namespace = kubernetes_namespace.wireguard.metadata[0].name
tls_secret_name = var.tls_secret_name
}
@ -17,7 +17,7 @@ resource "kubernetes_namespace" "wireguard" {
resource "kubernetes_config_map" "wg_0_conf" {
metadata {
name = "wg0-conf"
namespace = "wireguard"
namespace = kubernetes_namespace.wireguard.metadata[0].name
labels = {
app = "wireguard"
@ -36,7 +36,7 @@ resource "kubernetes_config_map" "wg_0_conf" {
resource "kubernetes_secret" "wg_0_key" {
metadata {
name = "wg0-key"
namespace = "wireguard"
namespace = kubernetes_namespace.wireguard.metadata[0].name
annotations = {
"reloader.stakater.com/match" = "true"
@ -54,7 +54,7 @@ resource "kubernetes_secret" "wg_0_key" {
resource "kubernetes_deployment" "wireguard" {
metadata {
name = "wireguard"
namespace = "wireguard"
namespace = kubernetes_namespace.wireguard.metadata[0].name
labels = {
app = "wireguard"
}
@ -177,7 +177,7 @@ resource "kubernetes_deployment" "wireguard" {
resource "kubernetes_service" "wireguard" {
metadata {
name = "wireguard"
namespace = "wireguard"
namespace = kubernetes_namespace.wireguard.metadata[0].name
annotations = {
"metallb.universe.tf/allow-shared-ip" = "shared"
}
@ -203,7 +203,7 @@ resource "kubernetes_service" "wireguard" {
resource "kubernetes_service" "wireguard_exporter" {
metadata {
name = "wireguard-exporter"
namespace = "wireguard"
namespace = kubernetes_namespace.wireguard.metadata[0].name
labels = {
"app" = "wireguard-exporter"
}

16
modules/kubernetes/xray/main.tf
View file

@ -11,7 +11,7 @@ variable "xray_reality_short_ids" { type = list(string) }
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "xray"
namespace = kubernetes_namespace.xray.metadata[0].name
tls_secret_name = var.tls_secret_name
}
@ -24,7 +24,7 @@ resource "kubernetes_namespace" "xray" {
resource "kubernetes_config_map" "xray_config" {
metadata {
name = "xray-config"
namespace = "xray"
namespace = kubernetes_namespace.xray.metadata[0].name
labels = {
app = "xray"
@ -46,7 +46,7 @@ resource "kubernetes_config_map" "xray_config" {
resource "kubernetes_deployment" "xray" {
metadata {
name = "xray"
namespace = "xray"
namespace = kubernetes_namespace.xray.metadata[0].name
labels = {
app = "xray"
}
@ -131,7 +131,7 @@ resource "kubernetes_deployment" "xray" {
resource "kubernetes_service" "xray" {
metadata {
name = "xray"
namespace = "xray"
namespace = kubernetes_namespace.xray.metadata[0].name
labels = {
"app" = "xray"
}
@ -162,7 +162,7 @@ resource "kubernetes_service" "xray" {
resource "kubernetes_service" "xray-reality" {
metadata {
name = "xray-reality"
namespace = "xray"
namespace = kubernetes_namespace.xray.metadata[0].name
labels = {
"app" = "xray"
}
@ -183,7 +183,7 @@ resource "kubernetes_service" "xray-reality" {
resource "kubernetes_ingress_v1" "ingress" {
metadata {
namespace = "xray"
namespace = kubernetes_namespace.xray.metadata[0].name
name = "xray"
annotations = {
"kubernetes.io/ingress.class" = "nginx"
@ -219,7 +219,7 @@ resource "kubernetes_ingress_v1" "ingress" {
resource "kubernetes_ingress_v1" "ingress-grpc" {
metadata {
namespace = "xray"
namespace = kubernetes_namespace.xray.metadata[0].name
name = "xray-grpc"
annotations = {
"kubernetes.io/ingress.class" = "nginx"
@ -257,7 +257,7 @@ resource "kubernetes_ingress_v1" "ingress-grpc" {
resource "kubernetes_ingress_v1" "ingress-vless" {
metadata {
namespace = "xray"
namespace = kubernetes_namespace.xray.metadata[0].name
name = "xray-vless"
annotations = {
"kubernetes.io/ingress.class" = "nginx"

8
modules/kubernetes/youtube_dl/main.tf
View file

@ -11,7 +11,7 @@ resource "kubernetes_namespace" "ytdlp" {
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "ytdlp"
namespace = kubernetes_namespace.ytdlp.metadata[0].name
tls_secret_name = var.tls_secret_name
}
@ -19,7 +19,7 @@ resource "kubernetes_deployment" "ytdlp" {
# resource "kubernetes_daemonset" "technitium" {
metadata {
name = "ytdlp"
namespace = "ytdlp"
namespace = kubernetes_namespace.ytdlp.metadata[0].name
labels = {
app = "ytdlp"
}
@ -97,7 +97,7 @@ resource "kubernetes_deployment" "ytdlp" {
resource "kubernetes_service" "ytdlp" {
metadata {
name = "ytdlp"
namespace = "ytdlp"
namespace = kubernetes_namespace.ytdlp.metadata[0].name
labels = {
"app" = "ytdlp"
}
@ -117,7 +117,7 @@ resource "kubernetes_service" "ytdlp" {
}
module "ingress" {
source = "../ingress_factory"
namespace = "ytdlp"
namespace = kubernetes_namespace.ytdlp.metadata[0].name
name = "ytdlp"
tls_secret_name = var.tls_secret_name
host = "yt"

BIN
terraform.tfstate
View file

Binary file not shown.

BIN
terraform.tfvars
View file

Binary file not shown.