viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
infra/modules/kubernetes/main.tf
Viktor Barzin 39ce2000cf [ci skip] Remove 22 platform services from modules/kubernetes/main.tf 
Migrated to stacks/platform/: metallb, dbaas, redis, traefik, technitium,
headscale, authentik, rbac, k8s-portal, crowdsec, monitoring, vaultwarden,
reverse-proxy, metrics-server, nvidia, kyverno, uptime-kuma, wireguard,
xray, mailserver, cloudflared, infra-maintenance.

Also removed null_resource.core_services and all depends_on references to it
from the remaining ~66 service modules.
2026-02-22 13:40:45 +00:00

852 lines
30 KiB
HCL
Raw Blame History

variable "prod" {}
variable "tls_secret_name" {}
variable "client_certificate_secret_name" {}
variable "hackmd_db_password" {}
variable "mailserver_accounts" {}
variable "mailserver_aliases" {}
variable "mailserver_opendkim_key" {}
variable "mailserver_roundcubemail_db_password" { type = string }
variable "mailserver_sasl_passwd" {}
variable "pihole_web_password" {}
variable "webhook_handler_secret" {}
variable "wireguard_wg_0_conf" {}
variable "wireguard_wg_0_key" {}
variable "wireguard_firewall_sh" {}
variable "bind_db_viktorbarzin_me" {}
variable "bind_db_viktorbarzin_lan" {}
variable "bind_named_conf_options" {}
variable "alertmanager_account_password" {}
variable "dbaas_root_password" {}
variable "dbaas_postgresql_root_password" {}
variable "dbaas_pgadmin_password" {}
variable "drone_github_client_id" {}
variable "drone_github_client_secret" {}
variable "drone_rpc_secret" {}
variable "drone_webhook_secret" {}
variable "oauth2_proxy_client_id" {}
variable "oauth2_proxy_client_secret" {}
variable "oauth2_proxy_authenticated_emails" {}
variable "url_shortener_geolite_license_key" {}
variable "url_shortener_api_key" {}
variable "url_shortener_mysql_password" {}
variable "webhook_handler_fb_verify_token" {}
variable "webhook_handler_fb_page_token" {}
variable "webhook_handler_fb_app_secret" {}
variable "webhook_handler_git_user" {}
variable "webhook_handler_git_token" {}
variable "webhook_handler_ssh_key" {}
variable "technitium_username" {}
variable "technitium_password" {}
variable "technitium_db_password" {}
variable "idrac_username" {}
variable "idrac_password" {}
variable "alertmanager_slack_api_url" {}
variable "home_assistant_configuration" {}
variable "shadowsocks_password" {}
variable "finance_app_db_connection_string" {}
variable "finance_app_currency_converter_api_key" {}
variable "finance_app_graphql_api_secret" {}
variable "finance_app_gocardless_secret_key" {}
variable "finance_app_gocardless_secret_id" {}
variable "headscale_config" {}
variable "headscale_acl" {}
variable "immich_postgresql_password" {}
variable "immich_frame_api_key" {}
variable "ingress_crowdsec_api_key" {}
variable "crowdsec_enroll_key" { type = string }
variable "crowdsec_db_password" { type = string }
variable "crowdsec_dash_api_key" { type = string }
variable "crowdsec_dash_machine_id" { type = string }
variable "crowdsec_dash_machine_password" { type = string }
variable "vaultwarden_smtp_password" {}
variable "resume_database_url" {}
variable "resume_database_password" {}
variable "resume_redis_url" {}
variable "resume_auth_secret" { type = string }
variable "frigate_valchedrym_camera_credentials" { default = "" }
variable "paperless_db_password" {}
variable "diun_nfty_token" {}
variable "diun_slack_url" {}
variable "nextcloud_db_password" {}
variable "homepage_credentials" {}
variable "authentik_secret_key" {}
variable "authentik_postgres_password" {}
variable "linkwarden_postgresql_password" {}
variable "linkwarden_authentik_client_id" {}
variable "linkwarden_authentik_client_secret" {}
variable "cloudflare_tunnel_token" {}
variable "cloudflare_api_key" {}
variable "cloudflare_email" {}
variable "cloudflare_account_id" {}
variable "cloudflare_zone_id" {}
variable "cloudflare_tunnel_id" {}
variable "public_ip" {}
variable "cloudflare_proxied_names" {}
variable "cloudflare_non_proxied_names" {}
variable "owntracks_credentials" {}
variable "ollama_api_credentials" {}
variable "dawarich_database_password" {}
variable "geoapify_api_key" {}
variable "tandoor_database_password" {}
variable "tandoor_email_password" {}
variable "n8n_postgresql_password" {}
variable "realestate_crawler_db_password" {}
variable "realestate_crawler_notification_settings" {
type = map(string)
default = {
}
}
variable "kured_notify_url" {}
variable "onlyoffice_db_password" { type = string }
variable "onlyoffice_jwt_token" { type = string }
variable "xray_reality_clients" { type = list(map(string)) }
variable "xray_reality_private_key" { type = string }
variable "xray_reality_short_ids" { type = list(string) }
variable "tiny_tuya_api_key" { type = string }
variable "tiny_tuya_api_secret" { type = string }
variable "tiny_tuya_service_secret" { type = string }
variable "tiny_tuya_slack_url" { type = string }
variable "haos_api_token" { type = string }
variable "pve_password" { type = string }
variable "grafana_db_password" { type = string }
variable "grafana_admin_password" { type = string }
variable "clickhouse_password" { type = string }
variable "clickhouse_postgres_password" { type = string }
variable "wealthfolio_password_hash" { type = string }
variable "aiostreams_database_connection_string" { type = string }
variable "actualbudget_credentials" { type = map(any) }
variable "speedtest_db_password" { type = string }
variable "freedify_credentials" { type = map(any) }
variable "mcaptcha_postgresql_password" { type = string }
variable "mcaptcha_cookie_secret" { type = string }
variable "mcaptcha_captcha_salt" { type = string }
variable "openrouter_api_key" { type = string }
variable "slack_bot_token" { type = string }
variable "slack_channel" { type = string }
variable "affine_postgresql_password" { type = string }
variable "health_postgresql_password" { type = string }
variable "health_secret_key" { type = string }
variable "openclaw_ssh_key" { type = string }
variable "openclaw_skill_secrets" { type = map(string) }
variable "modal_api_key" { type = string }
variable "gemini_api_key" { type = string }
variable "llama_api_key" { type = string }
variable "brave_api_key" { type = string }
variable "coturn_turn_secret" { type = string }
variable "k8s_users" {
type = map(any)
default = {}
}
variable "ssh_private_key" {
type = string
default = ""
sensitive = true
}
variable "defcon_level" {
type = number
default = 5
validation {
condition = var.defcon_level >= 1 && var.defcon_level <= 5
error_message = "DEFCON level must be between 1 and 5. 1 is highest level of alertness"
}
}
locals {
defcon_modules = {
1 : ["wireguard", "technitium", "headscale", "traefik", "xray", "authentik", "cloudflare", "authelia", "monitoring"], # Critical connectivity services
2 : ["vaultwarden", "redis", "immich", "nvidia", "metrics-server", "uptime-kuma", "crowdsec", "kyverno"], # Storage and other db services
3 : ["reverse-proxy"], # Cluster admin services (k8s-dashboard chart repo still 404)
4 : [
"mailserver", "shadowsocks", "webhook_handler", "tuya-bridge", "dawarich", "owntracks", "nextcloud",
"calibre", "onlyoffice", "f1-stream", "rybbit", "isponsorblocktv", "actualbudget", "coturn"
], # Activel used services
# Optional services
5 : [
"blog", "descheduler", "drone", "hackmd", "health", "kms", "privatebin", "vault", "reloader", "city-guesser", "echo",
"url", "excalidraw", "travel_blog", "dashy", "send", "ytdlp", "wealthfolio", "rybbit", "stirling-pdf",
"networking-toolbox", "navidrome", "freshrss", "forgejo", "tor-proxy", "real-estate-crawler", "n8n",
"changedetection", "linkwarden", "matrix", "homepage", "meshcentral", "diun", "cyberchef", "ntfy", "ollama",
"servarr", "jsoncrack", "paperless-ngx", "frigate", "audiobookshelf", "tandoor", "ebook2audiobook", "netbox", "speedtest", "resume", "freedify", "mcaptcha", "affine", "plotting-book", "whisper", "osm-routing", "openclaw"
],
}
active_modules = distinct(flatten([
for level in range(1, var.defcon_level + 1) : # From current level to 5
lookup(local.defcon_modules, level, [])
]))
tiers = {
core = "0-core" # Bare minimum cluster primitives
cluster = "1-cluster" # All cluster primitives
gpu = "2-gpu" # GPU services
edge = "3-edge" # Critical user services
aux = "4-aux" # Optional user services
}
}
module "blog" {
for_each = contains(local.active_modules, "blog") ? { blog = true } : {}
source = "./blog"
tls_secret_name = var.tls_secret_name
# dockerhub_password = var.dockerhub_password
tier = local.tiers.aux
}
# module "bind" {
# source = "./bind"
# db_viktorbarzin_me = var.bind_db_viktorbarzin_me
# db_viktorbarzin_lan = var.bind_db_viktorbarzin_lan
# named_conf_options = var.bind_named_conf_options
# }
module "descheduler" {
source = "./descheduler"
for_each = contains(local.active_modules, "descheduler") ? { descheduler = true } : {}
}
# module "dnscrypt" {
# source = "./dnscrypt"
# }
# CI/CD
module "drone" {
source = "./drone"
for_each = contains(local.active_modules, "drone") ? { drone = true } : {}
tls_secret_name = var.tls_secret_name
github_client_id = var.drone_github_client_id
github_client_secret = var.drone_github_client_secret
rpc_secret = var.drone_rpc_secret
webhook_secret = var.drone_webhook_secret
server_host = "drone.viktorbarzin.me"
server_proto = "https"
tier = local.tiers.edge
}
module "f1-stream" {
source = "./f1-stream"
for_each = contains(local.active_modules, "f1-stream") ? { f1-stream = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.aux
turn_secret = var.coturn_turn_secret
public_ip = var.public_ip
}
module "coturn" {
source = "./coturn"
for_each = contains(local.active_modules, "coturn") ? { coturn = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.edge
turn_secret = var.coturn_turn_secret
public_ip = var.public_ip
}
module "hackmd" {
source = "./hackmd"
for_each = contains(local.active_modules, "hackmd") ? { hackmd = true } : {}
hackmd_db_password = var.hackmd_db_password
tls_secret_name = var.tls_secret_name
tier = local.tiers.edge
}
# module "kafka" {
# source = "./kafka"
# client_certificate_secret_name = var.client_certificate_secret_name
# tls_secret_name = var.tls_secret_name
# }
module "kms" {
source = "./kms"
for_each = contains(local.active_modules, "kms") ? { kms = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.aux
}
module "k8s-dashboard" {
source = "./k8s-dashboard"
tier = local.tiers.cluster
for_each = contains(local.active_modules, "k8s-dashboard") ? { k8s-dashboard = true } : {}
tls_secret_name = var.tls_secret_name
client_certificate_secret_name = var.client_certificate_secret_name
}
# module "oauth" {
# source = "./oauth-proxy"
# tls_secret_name = var.tls_secret_name
# oauth2_proxy_client_id = var.oauth2_proxy_client_id
# oauth2_proxy_client_secret = var.oauth2_proxy_client_secret
# authenticated_emails = var.oauth2_proxy_authenticated_emails
# depends_on = [null_resource.core_services]
# }
# module "openid_help_page" {
# source = "./openid_help_page"
# tls_secret_name = var.tls_secret_name
# depends_on = [null_resource.core_services]
# }
# module "pihole" {
# source = "./pihole"
# web_password = var.pihole_web_password
# tls_secret_name = var.tls_secret_name
# depends_on = [module.bind] # DNS goes like pihole -> bind -> dnscrypt
# }
module "privatebin" {
source = "./privatebin"
for_each = contains(local.active_modules, "privatebin") ? { privatebin = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.edge
}
# module "mcaptcha" {
# source = "./mcaptcha"
# for_each = contains(local.active_modules, "mcaptcha") ? { mcaptcha = true } : {}
# tls_secret_name = var.tls_secret_name
# tier = local.tiers.edge
# postgresql_password = var.mcaptcha_postgresql_password
# cookie_secret = var.mcaptcha_cookie_secret
# captcha_salt = var.mcaptcha_captcha_salt
# depends_on = [null_resource.core_services]
# }
# module "vault" {
# source = "./vault"
# tier = local.tiers.edge
# for_each = contains(local.active_modules, "vault") ? { vault = true } : {}
# tls_secret_name = var.tls_secret_name
# depends_on = [null_resource.core_services]
# }
module "reloader" {
source = "./reloader"
for_each = contains(local.active_modules, "reloader") ? { reloader = true } : {}
tier = local.tiers.aux
}
module "shadowsocks" {
source = "./shadowsocks"
for_each = contains(local.active_modules, "shadowsocks") ? { shadowsocks = true } : {}
password = var.shadowsocks_password
tier = local.tiers.edge
}
module "city-guesser" {
source = "./city-guesser"
for_each = contains(local.active_modules, "city-guesser") ? { city-guesser = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.aux
}
module "echo" {
source = "./echo"
for_each = contains(local.active_modules, "echo") ? { echo = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.edge
}
module "url" {
source = "./url-shortener"
for_each = contains(local.active_modules, "url") ? { url = true } : {}
tls_secret_name = var.tls_secret_name
geolite_license_key = var.url_shortener_geolite_license_key
api_key = var.url_shortener_api_key
mysql_password = var.url_shortener_mysql_password
tier = local.tiers.aux
}
module "webhook_handler" {
source = "./webhook_handler"
for_each = contains(local.active_modules, "webhook_handler") ? { webhook_handler = true } : {}
tls_secret_name = var.tls_secret_name
webhook_secret = var.webhook_handler_secret
fb_verify_token = var.webhook_handler_fb_verify_token
fb_page_token = var.webhook_handler_fb_page_token
fb_app_secret = var.webhook_handler_fb_app_secret
git_user = var.webhook_handler_git_user
git_token = var.webhook_handler_git_token
ssh_key = var.webhook_handler_ssh_key
tier = local.tiers.aux
}
# module "home_assistant" {
# source = "./home_assistant"
# tls_secret_name = var.tls_secret_name
# client_certificate_secret_name = var.client_certificate_secret_name
# configuration_yaml = var.home_assistant_configuration
# }
# module "finance_app" {
# source = "./finance_app"
# tls_secret_name = var.tls_secret_name
# graphql_api_secret = var.finance_app_graphql_api_secret
# db_connection_string = var.finance_app_db_connection_string
# currency_converter_api_key = var.finance_app_currency_converter_api_key
# gocardless_secret_key = var.finance_app_gocardless_secret_key
# gocardless_secret_id = var.finance_app_gocardless_secret_id
# }
module "excalidraw" {
source = "./excalidraw"
for_each = contains(local.active_modules, "excalidraw") ? { excalidraw = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.aux
}
module "travel_blog" {
source = "./travel_blog"
for_each = contains(local.active_modules, "travel_blog") ? { travel_blog = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.aux
}
module "dashy" {
source = "./dashy"
for_each = contains(local.active_modules, "dashy") ? { dashy = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.aux
}
# module "localai" {
# source = "./localai"
# tls_secret_name = var.tls_secret_name
# }
# Selfhosted Firefox send
module "send" {
source = "./send"
for_each = contains(local.active_modules, "send") ? { send = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.aux
}
module "ytdlp" {
source = "./youtube_dl"
for_each = contains(local.active_modules, "ytdlp") ? { ytdlp = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.aux
openrouter_api_key = var.openrouter_api_key
slack_bot_token = var.slack_bot_token
slack_channel = var.slack_channel
}
module "immich" {
source = "./immich"
for_each = contains(local.active_modules, "immich") ? { immich = true } : {}
tls_secret_name = var.tls_secret_name
postgresql_password = var.immich_postgresql_password
frame_api_key = var.immich_frame_api_key
homepage_token = var.homepage_credentials["immich"]["token"]
tier = local.tiers.gpu
}
module "resume" {
source = "./resume"
for_each = contains(local.active_modules, "resume") ? { resume = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.aux
database_url = var.resume_database_url
auth_secret = var.resume_auth_secret
smtp_password = var.mailserver_accounts["info@viktorbarzin.me"]
}
module "calibre" {
source = "./calibre"
for_each = contains(local.active_modules, "calibre") ? { calibre = true } : {}
tls_secret_name = var.tls_secret_name
homepage_username = var.homepage_credentials["calibre-web"]["username"]
homepage_password = var.homepage_credentials["calibre-web"]["password"]
tier = local.tiers.edge
}
# Audiobooks are served using audiobookshelf; still looking for a usecawe for JF
# module "jellyfin" {
# source = "./jellyfin"
# tls_secret_name = var.tls_secret_name
# }
module "audiobookshelf" {
source = "./audiobookshelf"
for_each = contains(local.active_modules, "audiobookshelf") ? { audiobookshelf = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.aux
}
module "frigate" {
source = "./frigate"
for_each = contains(local.active_modules, "frigate") ? { frigate = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.gpu
}
# TODO: Currently very unstable and half of the functionality does not work:
# notifications, import from todoist, email
# module "vikunja" {
# source = "./vikunja"
# tls_secret_name = var.tls_secret_name
# }
# module "istio" {
# source = "./istio"
# tls_secret_name = var.tls_secret_name
# }
# module "authelia" {
# source = "./authelia"
# for_each = contains(local.active_modules, "authelia") ? { authelia = true } : {}
# tls_secret_name = var.tls_secret_name
# }
# module "discount-bandit" {
# source = "./discount-bandit"
# tls_secret_name = var.tls_secret_name
# }
module "paperless-ngx" {
source = "./paperless-ngx"
for_each = contains(local.active_modules, "paperless-ngx") ? { paperless-ngx = true } : {}
tls_secret_name = var.tls_secret_name
db_password = var.paperless_db_password
# homepage_token = var.homepage_credentials["paperless-ngx"]["token"]
homepage_username = var.homepage_credentials["paperless-ngx"]["username"]
homepage_password = var.homepage_credentials["paperless-ngx"]["password"]
tier = local.tiers.edge
}
module "jsoncrack" {
source = "./jsoncrack"
for_each = contains(local.active_modules, "jsoncrack") ? { jsoncrack = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.aux
}
module "servarr" {
source = "./servarr"
for_each = contains(local.active_modules, "servarr") ? { servarr = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.aux
aiostreams_database_connection_string = var.aiostreams_database_connection_string
}
# module "dnscat2" {
# source = "./dnscat2"
# # tls_secret_name = var.tls_secret_name
# }
module "ollama" { # Disabled as it requires too much resources...
source = "./ollama"
for_each = contains(local.active_modules, "ollama") ? { ollama = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.gpu
ollama_api_credentials = var.ollama_api_credentials
}
module "ntfy" {
source = "./ntfy"
for_each = contains(local.active_modules, "ntfy") ? { ntfy = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.aux
}
module "cyberchef" {
source = "./cyberchef"
for_each = contains(local.active_modules, "cyberchef") ? { cyberchef = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.aux
}
module "diun" {
source = "./diun"
for_each = contains(local.active_modules, "diun") ? { diun = true } : {}
tls_secret_name = var.tls_secret_name
diun_nfty_token = var.diun_nfty_token
diun_slack_url = var.diun_slack_url
tier = local.tiers.aux
}
module "meshcentral" {
source = "./meshcentral"
for_each = contains(local.active_modules, "meshcentral") ? { meshcentral = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.aux
}
module "netbox" {
source = "./netbox"
for_each = contains(local.active_modules, "netbox") ? { netbox = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.aux
}
module "nextcloud" {
source = "./nextcloud"
for_each = contains(local.active_modules, "nextcloud") ? { nextcloud = true } : {}
tls_secret_name = var.tls_secret_name
db_password = var.nextcloud_db_password
tier = local.tiers.edge
}
module "homepage" {
source = "./homepage"
tier = local.tiers.aux
for_each = contains(local.active_modules, "homepage") ? { homepage = true } : {}
tls_secret_name = var.tls_secret_name
}
module "matrix" {
source = "./matrix"
for_each = contains(local.active_modules, "matrix") ? { matrix = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.aux
}
module "linkwarden" {
source = "./linkwarden"
for_each = contains(local.active_modules, "linkwarden") ? { linkwarden = true } : {}
tls_secret_name = var.tls_secret_name
postgresql_password = var.linkwarden_postgresql_password
authentik_client_id = var.linkwarden_authentik_client_id
authentik_client_secret = var.linkwarden_authentik_client_secret
tier = local.tiers.aux
}
module "actualbudget" {
source = "./actualbudget"
for_each = contains(local.active_modules, "actualbudget") ? { actualbudget = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.edge
credentials = var.actualbudget_credentials
}
module "owntracks" {
source = "./owntracks"
for_each = contains(local.active_modules, "owntracks") ? { owntracks = true } : {}
tls_secret_name = var.tls_secret_name
owntracks_credentials = var.owntracks_credentials
tier = local.tiers.aux
}
module "dawarich" {
source = "./dawarich"
for_each = contains(local.active_modules, "dawarich") ? { dawarich = true } : {}
tls_secret_name = var.tls_secret_name
database_password = var.dawarich_database_password
geoapify_api_key = var.geoapify_api_key
tier = local.tiers.edge
}
module "changedetection" {
source = "./changedetection"
for_each = contains(local.active_modules, "changedetection") ? { changedetection = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.aux
}
module "tandoor" {
source = "./tandoor"
for_each = contains(local.active_modules, "tandoor") ? { tandoor = true } : {}
tls_secret_name = var.tls_secret_name
tandoor_database_password = var.tandoor_database_password
tandoor_email_password = var.tandoor_email_password
tier = local.tiers.aux
}
module "n8n" {
source = "./n8n"
for_each = contains(local.active_modules, "n8n") ? { n8n = true } : {}
tls_secret_name = var.tls_secret_name
postgresql_password = var.n8n_postgresql_password
tier = local.tiers.aux
}
module "real-estate-crawler" {
source = "./real-estate-crawler"
for_each = contains(local.active_modules, "real-estate-crawler") ? { real-estate-crawler = true } : {}
tls_secret_name = var.tls_secret_name
db_password = var.realestate_crawler_db_password
notification_settings = var.realestate_crawler_notification_settings
tier = local.tiers.aux
}
module "osm_routing" {
source = "./osm-routing"
for_each = contains(local.active_modules, "osm-routing") ? { osm-routing = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.aux
}
module "tor-proxy" {
source = "./tor-proxy"
for_each = contains(local.active_modules, "tor-proxy") ? { tor-proxy = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.aux
}
# module "kured" {
# source = "./kured"
# tls_secret_name = var.tls_secret_name
# notify_url = var.kured_notify_url
# }
module "onlyoffice" {
source = "./onlyoffice"
for_each = contains(local.active_modules, "onlyoffice") ? { onlyoffice = true } : {}
tls_secret_name = var.tls_secret_name
db_password = var.onlyoffice_db_password
jwt_token = var.onlyoffice_jwt_token
tier = local.tiers.edge
}
module "forgejo" {
source = "./forgejo"
for_each = contains(local.active_modules, "forgejo") ? { forgejo = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.edge
}
module "freshrss" {
source = "./freshrss"
for_each = contains(local.active_modules, "freshrss") ? { freshrss = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.aux
}
module "navidrome" {
source = "./navidrome"
for_each = contains(local.active_modules, "navidrome") ? { navidrome = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.aux
}
module "networking-toolbox" {
source = "./networking-toolbox"
for_each = contains(local.active_modules, "networking-toolbox") ? { networking-toolbox = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.aux
}
module "tuya-bridge" {
source = "./tuya-bridge"
for_each = contains(local.active_modules, "tuya-bridge") ? { tuya-bridge = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.cluster
tiny_tuya_api_key = var.tiny_tuya_api_key
tiny_tuya_api_secret = var.tiny_tuya_api_secret
tiny_tuya_service_secret = var.tiny_tuya_service_secret
slack_url = var.tiny_tuya_slack_url
}
module "stirling-pdf" {
source = "./stirling-pdf"
for_each = contains(local.active_modules, "stirling-pdf") ? { stirling-pdf = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.aux
}
module "isponsorblocktv" {
source = "./isponsorblocktv"
for_each = contains(local.active_modules, "isponsorblocktv") ? { isponsorblocktv = true } : {}
tier = local.tiers.edge
}
module "ebook2audiobook" {
source = "./ebook2audiobook"
for_each = contains(local.active_modules, "ebook2audiobook") ? { ebook2audiobook = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.gpu
}
module "rybbit" {
source = "./rybbit"
for_each = contains(local.active_modules, "rybbit") ? { rybbit = true } : {}
tls_secret_name = var.tls_secret_name
clickhouse_password = var.clickhouse_password
postgres_password = var.clickhouse_postgres_password
tier = local.tiers.aux
}
module "wealthfolio" {
source = "./wealthfolio"
for_each = contains(local.active_modules, "wealthfolio") ? { wealthfolio = true } : {}
tls_secret_name = var.tls_secret_name
wealthfolio_password_hash = var.wealthfolio_password_hash
tier = local.tiers.aux
}
module "speedtest" {
source = "./speedtest"
tls_secret_name = var.tls_secret_name
tier = local.tiers.aux
for_each = contains(local.active_modules, "speedtest") ? { speedtest = true } : {}
db_password = var.speedtest_db_password
}
module "freedify" {
source = "./freedify"
tls_secret_name = var.tls_secret_name
tier = local.tiers.aux
for_each = contains(local.active_modules, "freedify") ? { freedify = true } : {}
additional_credentials = var.freedify_credentials
}
module "affine" {
source = "./affine"
for_each = contains(local.active_modules, "affine") ? { affine = true } : {}
tls_secret_name = var.tls_secret_name
postgresql_password = var.affine_postgresql_password
smtp_password = var.mailserver_accounts["info@viktorbarzin.me"]
tier = local.tiers.aux
}
module "plotting-book" {
source = "./plotting-book"
for_each = contains(local.active_modules, "plotting-book") ? { plotting-book = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.aux
}
module "health" {
source = "./health"
for_each = contains(local.active_modules, "health") ? { health = true } : {}
tls_secret_name = var.tls_secret_name
postgresql_password = var.health_postgresql_password
secret_key = var.health_secret_key
tier = local.tiers.aux
}
module "whisper" {
source = "./whisper"
for_each = contains(local.active_modules, "whisper") ? { whisper = true } : {}
tls_secret_name = var.tls_secret_name
tier = local.tiers.gpu
}
module "grampsweb" {
source = "./grampsweb"
for_each = contains(local.active_modules, "grampsweb") ? { grampsweb = true } : {}
tls_secret_name = var.tls_secret_name
smtp_password = var.mailserver_accounts["info@viktorbarzin.me"]
tier = local.tiers.aux
}
module "openclaw" {
source = "./openclaw"
for_each = contains(local.active_modules, "openclaw") ? { openclaw = true } : {}
tls_secret_name = var.tls_secret_name
ssh_key = var.openclaw_ssh_key
skill_secrets = var.openclaw_skill_secrets
gemini_api_key = var.gemini_api_key
llama_api_key = var.llama_api_key
brave_api_key = var.brave_api_key
modal_api_key = var.modal_api_key
tier = local.tiers.aux
}
Reference in a new issue View git blame Copy permalink