Add fs manager

modules/30-services-software/filesystem-service/.env.example

@@ -0,0 +1,2 @@
+FILEBROWSER_OIDC_CLIENT_ID=
+FILEBROWSER_OIDC_CLIENT_SECRET=

modules/30-services-software/filesystem-service/main.tf

@@ -0,0 +1,91 @@
+terraform {
+  required_providers {
+    dotenv = {
+      source = "germanbrew/dotenv"
+    }
+  }
+}
+
+locals {
+  container_name            = "fs-quantum"
+  fs_image                  = "ghcr.io/gtstef/filebrowser"
+  fs_tag                    = var.image_tag
+  env_file                  = "${path.module}/.env"
+  internal_port             = 80
+
+  fs_env_vars = {
+    PUID                           = var.user_id
+    PGID                           = var.group_id
+    TZ                             = var.timezone
+    PORT                           = 80
+    FILEBROWSER_OIDC_CLIENT_ID     = provider::dotenv::get_by_key("FILEBROWSER_OIDC_CLIENT_ID", local.env_file)
+    FILEBROWSER_OIDC_CLIENT_SECRET = provider::dotenv::get_by_key("FILEBROWSER_OIDC_CLIENT_SECRET", local.env_file)
+  }
+
+  fs_settings = <<-EOT
+  server:
+    sources:
+      - path: "/black"
+        config:
+          defaultEnabled: false
+      - path: "/blue"
+        config:
+          defaultEnabled: false
+  auth:
+    methods:
+        oidc:
+          enabled: true
+          issuerUrl: "https://authz.blackchaosnl.myaddr.dev/application/o/fs/"
+          scopes: "email openid profile groups"
+          userIdentifier: "preferred_username"
+          createUser: true
+          userGroups: "user"
+          adminGroup: "admin"
+          groupsClaim: "groups"
+        password:
+          enabled: false
+          signup: false
+  EOT
+}
+
+resource "local_file" "fs_config_file" {
+  content  = local.fs_settings
+  filename = "${var.volume_path}/${local.container_name}/config.yaml"
+}
+
+module "fs-quantum" {
+    source = "../../10-generic/docker-service"
+    container_name = local.container_name
+    image          = local.fs_image
+    tag            = local.fs_tag
+    volumes        = [
+    {
+      host_path      = "/mnt/storage"
+      container_path = "/black"
+      read_only      = false
+    },
+    {
+      host_path      = "/mnt/ssd"
+      container_path = "/blue"
+      read_only      = false
+    },
+    {
+      host_path      = "${var.volume_path}/${local.container_name}/config.yaml"
+      container_path = "/home/filebrowser/data/config.yaml"
+      read_only      = true
+    }
+  ]
+  env_vars       = local.fs_env_vars
+  networks       = concat(var.networks)
+  restart_policy = "always"
+}
+
+output "service_definition" {
+  description = "General service definition with optional ingress configuration"
+  value = {
+    name         = local.container_name
+    primary_port = local.internal_port
+    endpoint     = "http://${local.container_name}:${local.internal_port}"
+    subdomains   = ["fs"]
+  }
+}

modules/30-services-software/filesystem-service/variables.tf

@@ -0,0 +1,34 @@
+variable "image_tag" {
+  description = "The tag for the Filebrowser Quantum container image. Default: Latest"
+  type        = string
+  default     = "latest"
+}
+
+variable "volume_path" {
+  description = "Base directory for volumes"
+  type        = string
+}
+
+variable "networks" {
+  description = "List of networks to which the container should be attached"
+  type        = list(string)
+  default     = []
+}
+
+variable "user_id" {
+  description = "User ID for container permissions"
+  type        = string
+  default     = "1000"
+}
+
+variable "group_id" {
+  description = "Group ID for container permissions"
+  type        = string
+  default     = "1000"
+}
+
+variable "timezone" {
+  description = "Timezone for the container"
+  type        = string
+  default     = "Europe/Helsinki"
+}

services/main.tf

@@ -53,4 +53,10 @@ module "penpot" {
   source      = "${local.module_dir}/30-services-software/penpot-service"
   volume_path = "${local.root_volume}/penpot"
   networks    = [module.infrastructure_int.name]
+}
+
+module "fs-quantum" {
+  source      = "${local.module_dir}/30-services-software/filesystem-service"
+  volume_path = "${local.root_volume}/fs-quantum"
+  networks    = [module.infrastructure_int.name]
 }

services/outputs.tf

@@ -7,6 +7,7 @@ output "service_definitions" {
     module.tandoor.service_definition,
     module.coder.service_definition,
     module.penpot.service_definition,
+    module.fs-quantum.service_definition,
   ]
 }