variable "prod" {} variable "tls_secret_name" {} variable "client_certificate_secret_name" {} variable "hackmd_db_password" {} variable "mailserver_accounts" {} variable "mailserver_aliases" {} variable "mailserver_opendkim_key" {} variable "mailserver_roundcubemail_db_password" { type = string } variable "mailserver_sasl_passwd" {} variable "pihole_web_password" {} variable "webhook_handler_secret" {} variable "wireguard_wg_0_conf" {} variable "wireguard_wg_0_key" {} variable "wireguard_firewall_sh" {} variable "bind_db_viktorbarzin_me" {} variable "bind_db_viktorbarzin_lan" {} variable "bind_named_conf_options" {} variable "alertmanager_account_password" {} variable "dbaas_root_password" {} variable "dbaas_postgresql_root_password" {} variable "dbaas_pgadmin_password" {} variable "drone_github_client_id" {} variable "drone_github_client_secret" {} variable "drone_rpc_secret" {} variable "drone_webhook_secret" {} variable "oauth2_proxy_client_id" {} variable "oauth2_proxy_client_secret" {} variable "oauth2_proxy_authenticated_emails" {} variable "url_shortener_geolite_license_key" {} variable "url_shortener_api_key" {} variable "url_shortener_mysql_password" {} variable "webhook_handler_fb_verify_token" {} variable "webhook_handler_fb_page_token" {} variable "webhook_handler_fb_app_secret" {} variable "webhook_handler_git_user" {} variable "webhook_handler_git_token" {} variable "webhook_handler_ssh_key" {} variable "technitium_username" {} variable "technitium_password" {} variable "technitium_db_password" {} variable "idrac_username" {} variable "idrac_password" {} variable "alertmanager_slack_api_url" {} variable "home_assistant_configuration" {} variable "shadowsocks_password" {} variable "finance_app_db_connection_string" {} variable "finance_app_currency_converter_api_key" {} variable "finance_app_graphql_api_secret" {} variable "finance_app_gocardless_secret_key" {} variable "finance_app_gocardless_secret_id" {} variable "headscale_config" {} variable "headscale_acl" {} variable "immich_postgresql_password" {} variable "immich_frame_api_key" {} variable "ingress_crowdsec_api_key" {} variable "crowdsec_enroll_key" { type = string } variable "crowdsec_db_password" { type = string } variable "crowdsec_dash_api_key" { type = string } variable "crowdsec_dash_machine_id" { type = string } variable "crowdsec_dash_machine_password" { type = string } variable "vaultwarden_smtp_password" {} variable "resume_database_url" {} variable "resume_database_password" {} variable "resume_redis_url" {} variable "resume_auth_secret" { type = string } variable "frigate_valchedrym_camera_credentials" { default = "" } variable "paperless_db_password" {} variable "diun_nfty_token" {} variable "diun_slack_url" {} variable "nextcloud_db_password" {} variable "homepage_credentials" {} variable "authentik_secret_key" {} variable "authentik_postgres_password" {} variable "linkwarden_postgresql_password" {} variable "linkwarden_authentik_client_id" {} variable "linkwarden_authentik_client_secret" {} variable "cloudflare_tunnel_token" {} variable "cloudflare_api_key" {} variable "cloudflare_email" {} variable "cloudflare_account_id" {} variable "cloudflare_zone_id" {} variable "cloudflare_tunnel_id" {} variable "public_ip" {} variable "cloudflare_proxied_names" {} variable "cloudflare_non_proxied_names" {} variable "owntracks_credentials" {} variable "ollama_api_credentials" {} variable "dawarich_database_password" {} variable "geoapify_api_key" {} variable "tandoor_database_password" {} variable "tandoor_email_password" {} variable "n8n_postgresql_password" {} variable "realestate_crawler_db_password" {} variable "realestate_crawler_notification_settings" { type = map(string) default = { } } variable "kured_notify_url" {} variable "onlyoffice_db_password" { type = string } variable "onlyoffice_jwt_token" { type = string } variable "xray_reality_clients" { type = list(map(string)) } variable "xray_reality_private_key" { type = string } variable "xray_reality_short_ids" { type = list(string) } variable "tiny_tuya_api_key" { type = string } variable "tiny_tuya_api_secret" { type = string } variable "tiny_tuya_service_secret" { type = string } variable "tiny_tuya_slack_url" { type = string } variable "haos_api_token" { type = string } variable "pve_password" { type = string } variable "grafana_db_password" { type = string } variable "grafana_admin_password" { type = string } variable "clickhouse_password" { type = string } variable "clickhouse_postgres_password" { type = string } variable "wealthfolio_password_hash" { type = string } variable "aiostreams_database_connection_string" { type = string } variable "actualbudget_credentials" { type = map(any) } variable "speedtest_db_password" { type = string } variable "freedify_credentials" { type = map(any) } variable "mcaptcha_postgresql_password" { type = string } variable "mcaptcha_cookie_secret" { type = string } variable "mcaptcha_captcha_salt" { type = string } variable "openrouter_api_key" { type = string } variable "slack_bot_token" { type = string } variable "slack_channel" { type = string } variable "affine_postgresql_password" { type = string } variable "health_postgresql_password" { type = string } variable "health_secret_key" { type = string } variable "openclaw_ssh_key" { type = string } variable "openclaw_skill_secrets" { type = map(string) } variable "modal_api_key" { type = string } variable "gemini_api_key" { type = string } variable "llama_api_key" { type = string } variable "brave_api_key" { type = string } variable "coturn_turn_secret" { type = string } variable "k8s_users" { type = map(any) default = {} } variable "ssh_private_key" { type = string default = "" sensitive = true } variable "defcon_level" { type = number default = 5 validation { condition = var.defcon_level >= 1 && var.defcon_level <= 5 error_message = "DEFCON level must be between 1 and 5. 1 is highest level of alertness" } } locals { defcon_modules = { 1 : ["wireguard", "technitium", "headscale", "traefik", "xray", "authentik", "cloudflare", "authelia", "monitoring"], # Critical connectivity services 2 : ["vaultwarden", "redis", "immich", "nvidia", "metrics-server", "uptime-kuma", "crowdsec", "kyverno"], # Storage and other db services 3 : ["reverse-proxy"], # Cluster admin services (k8s-dashboard chart repo still 404) 4 : [ "mailserver", "shadowsocks", "webhook_handler", "tuya-bridge", "dawarich", "owntracks", "nextcloud", "calibre", "onlyoffice", "f1-stream", "rybbit", "isponsorblocktv", "actualbudget", "coturn" ], # Activel used services # Optional services 5 : [ "blog", "descheduler", "drone", "hackmd", "health", "kms", "privatebin", "vault", "reloader", "city-guesser", "echo", "url", "excalidraw", "travel_blog", "dashy", "send", "ytdlp", "wealthfolio", "rybbit", "stirling-pdf", "networking-toolbox", "navidrome", "freshrss", "forgejo", "tor-proxy", "real-estate-crawler", "n8n", "changedetection", "linkwarden", "matrix", "homepage", "meshcentral", "diun", "cyberchef", "ntfy", "ollama", "servarr", "jsoncrack", "paperless-ngx", "frigate", "audiobookshelf", "tandoor", "ebook2audiobook", "netbox", "speedtest", "resume", "freedify", "mcaptcha", "affine", "plotting-book", "whisper", "osm-routing", "openclaw" ], } active_modules = distinct(flatten([ for level in range(1, var.defcon_level + 1) : # From current level to 5 lookup(local.defcon_modules, level, []) ])) tiers = { core = "0-core" # Bare minimum cluster primitives cluster = "1-cluster" # All cluster primitives gpu = "2-gpu" # GPU services edge = "3-edge" # Critical user services aux = "4-aux" # Optional user services } } module "blog" { for_each = contains(local.active_modules, "blog") ? { blog = true } : {} source = "./blog" tls_secret_name = var.tls_secret_name # dockerhub_password = var.dockerhub_password tier = local.tiers.aux } # module "bind" { # source = "./bind" # db_viktorbarzin_me = var.bind_db_viktorbarzin_me # db_viktorbarzin_lan = var.bind_db_viktorbarzin_lan # named_conf_options = var.bind_named_conf_options # } module "descheduler" { source = "./descheduler" for_each = contains(local.active_modules, "descheduler") ? { descheduler = true } : {} } # module "dnscrypt" { # source = "./dnscrypt" # } # CI/CD module "drone" { source = "./drone" for_each = contains(local.active_modules, "drone") ? { drone = true } : {} tls_secret_name = var.tls_secret_name github_client_id = var.drone_github_client_id github_client_secret = var.drone_github_client_secret rpc_secret = var.drone_rpc_secret webhook_secret = var.drone_webhook_secret server_host = "drone.viktorbarzin.me" server_proto = "https" tier = local.tiers.edge } module "f1-stream" { source = "./f1-stream" for_each = contains(local.active_modules, "f1-stream") ? { f1-stream = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.aux turn_secret = var.coturn_turn_secret public_ip = var.public_ip } module "coturn" { source = "./coturn" for_each = contains(local.active_modules, "coturn") ? { coturn = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.edge turn_secret = var.coturn_turn_secret public_ip = var.public_ip } module "hackmd" { source = "./hackmd" for_each = contains(local.active_modules, "hackmd") ? { hackmd = true } : {} hackmd_db_password = var.hackmd_db_password tls_secret_name = var.tls_secret_name tier = local.tiers.edge } # module "kafka" { # source = "./kafka" # client_certificate_secret_name = var.client_certificate_secret_name # tls_secret_name = var.tls_secret_name # } module "kms" { source = "./kms" for_each = contains(local.active_modules, "kms") ? { kms = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.aux } module "k8s-dashboard" { source = "./k8s-dashboard" tier = local.tiers.cluster for_each = contains(local.active_modules, "k8s-dashboard") ? { k8s-dashboard = true } : {} tls_secret_name = var.tls_secret_name client_certificate_secret_name = var.client_certificate_secret_name } # module "oauth" { # source = "./oauth-proxy" # tls_secret_name = var.tls_secret_name # oauth2_proxy_client_id = var.oauth2_proxy_client_id # oauth2_proxy_client_secret = var.oauth2_proxy_client_secret # authenticated_emails = var.oauth2_proxy_authenticated_emails # depends_on = [null_resource.core_services] # } # module "openid_help_page" { # source = "./openid_help_page" # tls_secret_name = var.tls_secret_name # depends_on = [null_resource.core_services] # } # module "pihole" { # source = "./pihole" # web_password = var.pihole_web_password # tls_secret_name = var.tls_secret_name # depends_on = [module.bind] # DNS goes like pihole -> bind -> dnscrypt # } module "privatebin" { source = "./privatebin" for_each = contains(local.active_modules, "privatebin") ? { privatebin = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.edge } # module "mcaptcha" { # source = "./mcaptcha" # for_each = contains(local.active_modules, "mcaptcha") ? { mcaptcha = true } : {} # tls_secret_name = var.tls_secret_name # tier = local.tiers.edge # postgresql_password = var.mcaptcha_postgresql_password # cookie_secret = var.mcaptcha_cookie_secret # captcha_salt = var.mcaptcha_captcha_salt # depends_on = [null_resource.core_services] # } # module "vault" { # source = "./vault" # tier = local.tiers.edge # for_each = contains(local.active_modules, "vault") ? { vault = true } : {} # tls_secret_name = var.tls_secret_name # depends_on = [null_resource.core_services] # } module "reloader" { source = "./reloader" for_each = contains(local.active_modules, "reloader") ? { reloader = true } : {} tier = local.tiers.aux } module "shadowsocks" { source = "./shadowsocks" for_each = contains(local.active_modules, "shadowsocks") ? { shadowsocks = true } : {} password = var.shadowsocks_password tier = local.tiers.edge } module "city-guesser" { source = "./city-guesser" for_each = contains(local.active_modules, "city-guesser") ? { city-guesser = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.aux } module "echo" { source = "./echo" for_each = contains(local.active_modules, "echo") ? { echo = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.edge } module "url" { source = "./url-shortener" for_each = contains(local.active_modules, "url") ? { url = true } : {} tls_secret_name = var.tls_secret_name geolite_license_key = var.url_shortener_geolite_license_key api_key = var.url_shortener_api_key mysql_password = var.url_shortener_mysql_password tier = local.tiers.aux } module "webhook_handler" { source = "./webhook_handler" for_each = contains(local.active_modules, "webhook_handler") ? { webhook_handler = true } : {} tls_secret_name = var.tls_secret_name webhook_secret = var.webhook_handler_secret fb_verify_token = var.webhook_handler_fb_verify_token fb_page_token = var.webhook_handler_fb_page_token fb_app_secret = var.webhook_handler_fb_app_secret git_user = var.webhook_handler_git_user git_token = var.webhook_handler_git_token ssh_key = var.webhook_handler_ssh_key tier = local.tiers.aux } # module "home_assistant" { # source = "./home_assistant" # tls_secret_name = var.tls_secret_name # client_certificate_secret_name = var.client_certificate_secret_name # configuration_yaml = var.home_assistant_configuration # } # module "finance_app" { # source = "./finance_app" # tls_secret_name = var.tls_secret_name # graphql_api_secret = var.finance_app_graphql_api_secret # db_connection_string = var.finance_app_db_connection_string # currency_converter_api_key = var.finance_app_currency_converter_api_key # gocardless_secret_key = var.finance_app_gocardless_secret_key # gocardless_secret_id = var.finance_app_gocardless_secret_id # } module "excalidraw" { source = "./excalidraw" for_each = contains(local.active_modules, "excalidraw") ? { excalidraw = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.aux } module "travel_blog" { source = "./travel_blog" for_each = contains(local.active_modules, "travel_blog") ? { travel_blog = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.aux } module "dashy" { source = "./dashy" for_each = contains(local.active_modules, "dashy") ? { dashy = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.aux } # module "localai" { # source = "./localai" # tls_secret_name = var.tls_secret_name # } # Selfhosted Firefox send module "send" { source = "./send" for_each = contains(local.active_modules, "send") ? { send = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.aux } module "ytdlp" { source = "./youtube_dl" for_each = contains(local.active_modules, "ytdlp") ? { ytdlp = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.aux openrouter_api_key = var.openrouter_api_key slack_bot_token = var.slack_bot_token slack_channel = var.slack_channel } module "immich" { source = "./immich" for_each = contains(local.active_modules, "immich") ? { immich = true } : {} tls_secret_name = var.tls_secret_name postgresql_password = var.immich_postgresql_password frame_api_key = var.immich_frame_api_key homepage_token = var.homepage_credentials["immich"]["token"] tier = local.tiers.gpu } module "resume" { source = "./resume" for_each = contains(local.active_modules, "resume") ? { resume = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.aux database_url = var.resume_database_url auth_secret = var.resume_auth_secret smtp_password = var.mailserver_accounts["info@viktorbarzin.me"] } module "calibre" { source = "./calibre" for_each = contains(local.active_modules, "calibre") ? { calibre = true } : {} tls_secret_name = var.tls_secret_name homepage_username = var.homepage_credentials["calibre-web"]["username"] homepage_password = var.homepage_credentials["calibre-web"]["password"] tier = local.tiers.edge } # Audiobooks are served using audiobookshelf; still looking for a usecawe for JF # module "jellyfin" { # source = "./jellyfin" # tls_secret_name = var.tls_secret_name # } module "audiobookshelf" { source = "./audiobookshelf" for_each = contains(local.active_modules, "audiobookshelf") ? { audiobookshelf = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.aux } module "frigate" { source = "./frigate" for_each = contains(local.active_modules, "frigate") ? { frigate = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.gpu } # TODO: Currently very unstable and half of the functionality does not work: # notifications, import from todoist, email # module "vikunja" { # source = "./vikunja" # tls_secret_name = var.tls_secret_name # } # module "istio" { # source = "./istio" # tls_secret_name = var.tls_secret_name # } # module "authelia" { # source = "./authelia" # for_each = contains(local.active_modules, "authelia") ? { authelia = true } : {} # tls_secret_name = var.tls_secret_name # } # module "discount-bandit" { # source = "./discount-bandit" # tls_secret_name = var.tls_secret_name # } module "paperless-ngx" { source = "./paperless-ngx" for_each = contains(local.active_modules, "paperless-ngx") ? { paperless-ngx = true } : {} tls_secret_name = var.tls_secret_name db_password = var.paperless_db_password # homepage_token = var.homepage_credentials["paperless-ngx"]["token"] homepage_username = var.homepage_credentials["paperless-ngx"]["username"] homepage_password = var.homepage_credentials["paperless-ngx"]["password"] tier = local.tiers.edge } module "jsoncrack" { source = "./jsoncrack" for_each = contains(local.active_modules, "jsoncrack") ? { jsoncrack = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.aux } module "servarr" { source = "./servarr" for_each = contains(local.active_modules, "servarr") ? { servarr = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.aux aiostreams_database_connection_string = var.aiostreams_database_connection_string } # module "dnscat2" { # source = "./dnscat2" # # tls_secret_name = var.tls_secret_name # } module "ollama" { # Disabled as it requires too much resources... source = "./ollama" for_each = contains(local.active_modules, "ollama") ? { ollama = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.gpu ollama_api_credentials = var.ollama_api_credentials } module "ntfy" { source = "./ntfy" for_each = contains(local.active_modules, "ntfy") ? { ntfy = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.aux } module "cyberchef" { source = "./cyberchef" for_each = contains(local.active_modules, "cyberchef") ? { cyberchef = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.aux } module "diun" { source = "./diun" for_each = contains(local.active_modules, "diun") ? { diun = true } : {} tls_secret_name = var.tls_secret_name diun_nfty_token = var.diun_nfty_token diun_slack_url = var.diun_slack_url tier = local.tiers.aux } module "meshcentral" { source = "./meshcentral" for_each = contains(local.active_modules, "meshcentral") ? { meshcentral = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.aux } module "netbox" { source = "./netbox" for_each = contains(local.active_modules, "netbox") ? { netbox = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.aux } module "nextcloud" { source = "./nextcloud" for_each = contains(local.active_modules, "nextcloud") ? { nextcloud = true } : {} tls_secret_name = var.tls_secret_name db_password = var.nextcloud_db_password tier = local.tiers.edge } module "homepage" { source = "./homepage" tier = local.tiers.aux for_each = contains(local.active_modules, "homepage") ? { homepage = true } : {} tls_secret_name = var.tls_secret_name } module "matrix" { source = "./matrix" for_each = contains(local.active_modules, "matrix") ? { matrix = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.aux } module "linkwarden" { source = "./linkwarden" for_each = contains(local.active_modules, "linkwarden") ? { linkwarden = true } : {} tls_secret_name = var.tls_secret_name postgresql_password = var.linkwarden_postgresql_password authentik_client_id = var.linkwarden_authentik_client_id authentik_client_secret = var.linkwarden_authentik_client_secret tier = local.tiers.aux } module "actualbudget" { source = "./actualbudget" for_each = contains(local.active_modules, "actualbudget") ? { actualbudget = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.edge credentials = var.actualbudget_credentials } module "owntracks" { source = "./owntracks" for_each = contains(local.active_modules, "owntracks") ? { owntracks = true } : {} tls_secret_name = var.tls_secret_name owntracks_credentials = var.owntracks_credentials tier = local.tiers.aux } module "dawarich" { source = "./dawarich" for_each = contains(local.active_modules, "dawarich") ? { dawarich = true } : {} tls_secret_name = var.tls_secret_name database_password = var.dawarich_database_password geoapify_api_key = var.geoapify_api_key tier = local.tiers.edge } module "changedetection" { source = "./changedetection" for_each = contains(local.active_modules, "changedetection") ? { changedetection = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.aux } module "tandoor" { source = "./tandoor" for_each = contains(local.active_modules, "tandoor") ? { tandoor = true } : {} tls_secret_name = var.tls_secret_name tandoor_database_password = var.tandoor_database_password tandoor_email_password = var.tandoor_email_password tier = local.tiers.aux } module "n8n" { source = "./n8n" for_each = contains(local.active_modules, "n8n") ? { n8n = true } : {} tls_secret_name = var.tls_secret_name postgresql_password = var.n8n_postgresql_password tier = local.tiers.aux } module "real-estate-crawler" { source = "./real-estate-crawler" for_each = contains(local.active_modules, "real-estate-crawler") ? { real-estate-crawler = true } : {} tls_secret_name = var.tls_secret_name db_password = var.realestate_crawler_db_password notification_settings = var.realestate_crawler_notification_settings tier = local.tiers.aux } module "osm_routing" { source = "./osm-routing" for_each = contains(local.active_modules, "osm-routing") ? { osm-routing = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.aux } module "tor-proxy" { source = "./tor-proxy" for_each = contains(local.active_modules, "tor-proxy") ? { tor-proxy = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.aux } # module "kured" { # source = "./kured" # tls_secret_name = var.tls_secret_name # notify_url = var.kured_notify_url # } module "onlyoffice" { source = "./onlyoffice" for_each = contains(local.active_modules, "onlyoffice") ? { onlyoffice = true } : {} tls_secret_name = var.tls_secret_name db_password = var.onlyoffice_db_password jwt_token = var.onlyoffice_jwt_token tier = local.tiers.edge } module "forgejo" { source = "./forgejo" for_each = contains(local.active_modules, "forgejo") ? { forgejo = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.edge } module "freshrss" { source = "./freshrss" for_each = contains(local.active_modules, "freshrss") ? { freshrss = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.aux } module "navidrome" { source = "./navidrome" for_each = contains(local.active_modules, "navidrome") ? { navidrome = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.aux } module "networking-toolbox" { source = "./networking-toolbox" for_each = contains(local.active_modules, "networking-toolbox") ? { networking-toolbox = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.aux } module "tuya-bridge" { source = "./tuya-bridge" for_each = contains(local.active_modules, "tuya-bridge") ? { tuya-bridge = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.cluster tiny_tuya_api_key = var.tiny_tuya_api_key tiny_tuya_api_secret = var.tiny_tuya_api_secret tiny_tuya_service_secret = var.tiny_tuya_service_secret slack_url = var.tiny_tuya_slack_url } module "stirling-pdf" { source = "./stirling-pdf" for_each = contains(local.active_modules, "stirling-pdf") ? { stirling-pdf = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.aux } module "isponsorblocktv" { source = "./isponsorblocktv" for_each = contains(local.active_modules, "isponsorblocktv") ? { isponsorblocktv = true } : {} tier = local.tiers.edge } module "ebook2audiobook" { source = "./ebook2audiobook" for_each = contains(local.active_modules, "ebook2audiobook") ? { ebook2audiobook = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.gpu } module "rybbit" { source = "./rybbit" for_each = contains(local.active_modules, "rybbit") ? { rybbit = true } : {} tls_secret_name = var.tls_secret_name clickhouse_password = var.clickhouse_password postgres_password = var.clickhouse_postgres_password tier = local.tiers.aux } module "wealthfolio" { source = "./wealthfolio" for_each = contains(local.active_modules, "wealthfolio") ? { wealthfolio = true } : {} tls_secret_name = var.tls_secret_name wealthfolio_password_hash = var.wealthfolio_password_hash tier = local.tiers.aux } module "speedtest" { source = "./speedtest" tls_secret_name = var.tls_secret_name tier = local.tiers.aux for_each = contains(local.active_modules, "speedtest") ? { speedtest = true } : {} db_password = var.speedtest_db_password } module "freedify" { source = "./freedify" tls_secret_name = var.tls_secret_name tier = local.tiers.aux for_each = contains(local.active_modules, "freedify") ? { freedify = true } : {} additional_credentials = var.freedify_credentials } module "affine" { source = "./affine" for_each = contains(local.active_modules, "affine") ? { affine = true } : {} tls_secret_name = var.tls_secret_name postgresql_password = var.affine_postgresql_password smtp_password = var.mailserver_accounts["info@viktorbarzin.me"] tier = local.tiers.aux } module "plotting-book" { source = "./plotting-book" for_each = contains(local.active_modules, "plotting-book") ? { plotting-book = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.aux } module "health" { source = "./health" for_each = contains(local.active_modules, "health") ? { health = true } : {} tls_secret_name = var.tls_secret_name postgresql_password = var.health_postgresql_password secret_key = var.health_secret_key tier = local.tiers.aux } module "whisper" { source = "./whisper" for_each = contains(local.active_modules, "whisper") ? { whisper = true } : {} tls_secret_name = var.tls_secret_name tier = local.tiers.gpu } module "grampsweb" { source = "./grampsweb" for_each = contains(local.active_modules, "grampsweb") ? { grampsweb = true } : {} tls_secret_name = var.tls_secret_name smtp_password = var.mailserver_accounts["info@viktorbarzin.me"] tier = local.tiers.aux } module "openclaw" { source = "./openclaw" for_each = contains(local.active_modules, "openclaw") ? { openclaw = true } : {} tls_secret_name = var.tls_secret_name ssh_key = var.openclaw_ssh_key skill_secrets = var.openclaw_skill_secrets gemini_api_key = var.gemini_api_key llama_api_key = var.llama_api_key brave_api_key = var.brave_api_key modal_api_key = var.modal_api_key tier = local.tiers.aux }