jjvijgen/homelab
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add env files, fix LLDAP pod to be created and fix random issues

Browse Source
This commit is contained in:
Jeroen Vijgen
2025-08-11 15:38:36 +00:00
parent 1fa1e2ed57
commit 098939e018
14 changed files with 74 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.env.example
+5
View File
@@ -0,0 +1,5 @@
TIMEZONE=""
VOLUME_HOST=""
PUID=""
PGID=""
DOCKER_SOCK=""
.gitignore
+2 -1
View File
@@ -7,4 +7,5 @@ override.tf
override.tf.json override.tf.json
.terraformrc .terraformrc
terraform.rc terraform.rc
.env .env
./**/.env
.tool-versions
+1 -1
View File
@@ -1 +1 @@
opentofu 1.10.0 opentofu 1.10.5
main.tf
+2 -2
View File
@@ -12,14 +12,14 @@ locals {
module "caddy" { module "caddy" {
source = "./modules/01-networking/caddy-service" source = "./modules/01-networking/caddy-service"
volume_path = "./docker/infrastructure/" volume_path = "${local.volume_host}"
domains = [ domains = [
"blackchaosnl.duckdns.org", "blackchaosnl.duckdns.org",
"blackchaosnl.myaddr.io", "blackchaosnl.myaddr.io",
"blackchaosnl.myaddr.dev", "blackchaosnl.myaddr.dev",
"blackchaosnl.myaddr.tools" "blackchaosnl.myaddr.tools"
] ]
tls_email = "your-email@example.com" # For Let's Encrypt tls_email = "jjvijgen@gmail.com"
container_name = "caddy" container_name = "caddy"
service_definitions = module.services.service_definitions service_definitions = module.services.service_definitions
networks = ["default"] networks = ["default"]
modules/01-networking/caddy-service/main.tf
+5 -6
View File
@@ -25,7 +25,6 @@ locals {
site_address = "${subdomain}.${domain}" site_address = "${subdomain}.${domain}"
endpoint = service.endpoint endpoint = service.endpoint
service_name = service.name service_name = service.name
tls_email = var.tls_email
has_custom_config = service.caddy_config != "" has_custom_config = service.caddy_config != ""
custom_config = service.caddy_config custom_config = service.caddy_config
reverse_proxy_options = service.caddy_options reverse_proxy_options = service.caddy_options
@@ -62,7 +61,7 @@ locals {
EOT EOT
// Generate the main Caddyfile content // Generate the main Caddyfile content
caddyfile_content = merge(local.caddyfile_default, join("\n\n", [ caddyfile_content = format("%s%s", local.caddyfile_default, join("\n\n", [
for site in local.caddy_site_configs : for site in local.caddy_site_configs :
site.has_custom_config ? site.has_custom_config ?
// Use the custom Caddy config if provided // Use the custom Caddy config if provided
@@ -95,7 +94,7 @@ resource "docker_volume" "caddy_config" {
// Create Caddyfile in the volume path // Create Caddyfile in the volume path
resource "local_file" "caddyfile" { resource "local_file" "caddyfile" {
content = local.caddyfile_content content = local.caddyfile_content
filename = "${var.volume_path}/${image}/Caddyfile" filename = "${var.volume_path}/${local.container_name}/Caddyfile"
} }
@@ -108,17 +107,17 @@ module "caddy" {
volumes = [ volumes = [
{ {
host_path = "${var.volume_path}/${image}/data" host_path = "${var.volume_path}/${local.container_name}/data"
container_path = "/data" container_path = "/data"
read_only = false read_only = false
}, },
{ {
host_path = "${var.volume_path}/${image}/config" host_path = "${var.volume_path}/${local.container_name}/config"
container_path = "/config" container_path = "/config"
read_only = false read_only = false
}, },
{ {
host_path = "${var.volume_path}/${image}/Caddyfile" host_path = "${var.volume_path}/${local.container_name}/Caddyfile"
container_path = "/etc/caddy/Caddyfile" container_path = "/etc/caddy/Caddyfile"
read_only = true read_only = true
} }
modules/01-networking/caddy-service/variables.tf
+2 -4
View File
@@ -16,10 +16,8 @@ variable "volume_path" {
} }
variable "domains" { variable "domains" {
description = "Which domain name to use for services" description = "Which domain names to use for services"
type = list(object({ type = list(string)
name = string
}))
} }
variable "tls_email" { variable "tls_email" {
modules/20-services-entertainment/jellyfin-service/main.tf
+6 -4
View File
@@ -8,8 +8,8 @@ terraform {
locals { locals {
container_name = "jellyfin" container_name = "jellyfin"
jellyfin_image = "docker.io/jellyfin/jellyfin" jellyfin_image = "docker.io/jellyfin/jellyfin"
jellyfin_tag = var.image_tag jellyfin_tag = var.image_tag
env_file = "${path.module}/.env" env_file = "${path.module}/.env"
jellyfin_internal_port = 8096 jellyfin_internal_port = 8096
@@ -20,11 +20,13 @@ locals {
read_only = true read_only = true
}, },
{ {
host_path = "${volume_path}/${container_name}/config" host_path = "${var.volume_path}/${local.container_name}/config"
container_path = "/config" container_path = "/config"
read_only = false
},{ },{
host_path = "${volume_path}/${container_name}/cache" host_path = "${var.volume_path}/${local.container_name}/cache"
container_path = "/cache" container_path = "/cache"
read_only = false
}, },
] ]
modules/30-services-software/lldap-service/.env.example
+6
View File
@@ -0,0 +1,6 @@
LLDAP_JWT_SECRET=
LLDAP_BASE_DN=
LLDAP_USER_DN=
LLDAP_USER_EMAIL=
LLDAP_USER_PASS=
LLDAP_KEY_SEED=
modules/30-services-software/lldap-service/main.tf
+25 -35
View File
@@ -7,36 +7,37 @@ terraform {
} }
locals { locals {
container_name = "freeipa" container_name = "lldap"
freeipa_image = "quay.io/repository/freeipa/freeipa-server" lldap_image = "ghcr.io/lldap/lldap"
freeipa_tag = var.image_tag lldap_tag = var.image_tag
env_file = "${path.module}/.env" env_file = "${path.module}/.env"
freeipa_internal_port = 8443 lldap_internal_port = 17170
freeipa_volumes = [ lldap_volumes = [
{ {
host_path = "${var.volume_path}/${local.container_name}/data" host_path = "${var.volume_path}/${local.container_name}/data"
container_path = "${var.volume_path}/${local.container_name}/data" container_path = "/data"
read_only = false
}, },
{
host_path = ""
container_path = "${var.volume_path}/${local.container_name}/data"
}
] ]
freeipa_env_vars = { lldap_env_vars = {
PASSWORD = var.admin_password LLDAP_JWT_SECRET = provider::dotenv::get_by_key("LLDAP_JWT_SECRET", local.env_file)
LLDAP_BASE_DN = provider::dotenv::get_by_key("LLDAP_BASE_DN", local.env_file)
LLDAP_USER_DN = provider::dotenv::get_by_key("LLDAP_USER_DN", local.env_file)
LLDAP_USER_EMAIL = provider::dotenv::get_by_key("LLDAP_USER_EMAIL", local.env_file)
LLDAP_USER_PASS = provider::dotenv::get_by_key("LLDAP_USER_PASS", local.env_file)
LLDAP_KEY_SEED = provider::dotenv::get_by_key("LLDAP_KEY_SEED", local.env_file)
} }
} }
module "freeipa" { module "lldap" {
source = "../../10-generic/docker-service" source = "../../10-generic/docker-service"
container_name = local.container_name container_name = local.container_name
image = local.freeipa_image image = local.lldap_image
tag = local.freeipa_tag tag = local.lldap_tag
volumes = local.freeipa_volumes volumes = local.lldap_volumes
env_vars = local.freeipa_env_vars env_vars = local.lldap_env_vars
networks = concat(var.networks) networks = concat(var.networks)
restart_policy = "always" restart_policy = "always"
} }
@@ -45,20 +46,9 @@ output "service_definition" {
description = "General service definition with optional ingress configuration" description = "General service definition with optional ingress configuration"
value = { value = {
name = local.container_name name = local.container_name
primary_port = local.freeipa_internal_port primary_port = local.lldap_internal_port
endpoint = "http://${local.container_name}:${local.freeipa_internal_port}" endpoint = "http://${local.container_name}:${local.lldap_internal_port}"
subdomains = ["ipa"] subdomains = ["users"]
ports = [ ports = []
{
external = 8080
internal = 80
protocol = "tcp"
},
{
external = 8443
internal = 443
protocol = "tcp"
}
]
} }
} }
modules/30-services-software/lldap-service/variables.tf
+2 -7
View File
@@ -1,8 +1,8 @@
variable "image_tag" { variable "image_tag" {
description = "The tag for the freeipa container image. Default: Latest" description = "The tag for the freeipa container image. Default: latest-alpine-rootless"
type = string type = string
default = "rocky-9" default = "latest-alpine-rootless"
} }
variable "volume_path" { variable "volume_path" {
@@ -32,9 +32,4 @@ variable "timezone" {
description = "Timezone for the container" description = "Timezone for the container"
type = string type = string
default = "Europe/Helsinki" default = "Europe/Helsinki"
}
variable "admin_password" {
description = "Default password for logging into the IPA admin account"
type = string
} }
outputs.tf
+9
View File
@@ -0,0 +1,9 @@
output "services" {
description = "Service definitions for all services"
value = [
for service in module.services.service_definitions : {
name = service.name
endpoint = service.endpoint
}
]
}
providers.tf
+5 -1
View File
@@ -1,6 +1,6 @@
terraform { terraform {
required_providers { required_providers {
podman = { docker = {
source = "kreuzwerker/docker" source = "kreuzwerker/docker"
version = "~> 3.6.0" version = "~> 3.6.0"
} }
@@ -14,3 +14,7 @@ terraform {
} }
} }
} }
provider "docker" {
host = provider::dotenv::get_by_key("DOCKER_SOCK", "${path.module}/.env")
}
services/main.tf
+3 -3
View File
@@ -16,9 +16,9 @@ module "homelab_docker_network" {
subnet = "10.88.0.0/16" subnet = "10.88.0.0/16"
} }
module "freeipa" { module "lldap" {
source = "${local.module_dir}/30-services-software/lldap-service" source = "${local.module_dir}/30-services-software/lldap-service"
volume_path = "${local.volume_path}/freeipa" volume_path = "${local.root_volume}/lldap"
networks = [ networks = [
module.homelab_docker_network.name module.homelab_docker_network.name
] ]
@@ -26,7 +26,7 @@ module "freeipa" {
module "jellyfin" { module "jellyfin" {
source = "${local.module_dir}/20-services-entertainment/jellyfin-service" source = "${local.module_dir}/20-services-entertainment/jellyfin-service"
volume_path = "${local.volume_path}/jellyfin" volume_path = "${local.root_volume}/jellyfin"
networks = [ networks = [
module.homelab_docker_network.name module.homelab_docker_network.name
] ]
services/outputs.tf
+1 -1
View File
@@ -2,7 +2,7 @@ output "service_definitions" {
description = "Service definitions for all services" description = "Service definitions for all services"
value = [ value = [
module.jellyfin.service_definition, module.jellyfin.service_definition,
module.freeipa.service_definition, module.lldap.service_definition,
] ]
} }