diff --git a/main.tf b/main.tf index 4c2294b..2a5d9ac 100644 --- a/main.tf +++ b/main.tf @@ -7,19 +7,19 @@ module "services" { } locals { - volume_host = "${module.system_globals.volume_host}" + volume_host = module.system_globals.volume_host } module "caddy" { - source = "./modules/01-networking/caddy-service" - volume_path = "${local.volume_host}" - domains = [ + source = "./modules/01-networking/caddy-service" + volume_path = local.volume_host + domains = [ "blackchaosnl.myaddr.dev", ] tls_email = "jjvijgen@gmail.com" container_name = "caddy" service_definitions = module.services.service_definitions - networks = [ + networks = [ module.services.infrastructure_int.name ] } diff --git a/modules/01-networking/caddy-service/main.tf b/modules/01-networking/caddy-service/main.tf index 2c4f74b..a8847fb 100644 --- a/modules/01-networking/caddy-service/main.tf +++ b/modules/01-networking/caddy-service/main.tf @@ -65,7 +65,7 @@ locals { ${site.site_address} { import headers route { - %{ if site.is_route_protected } + %{if site.is_route_protected} reverse_proxy /outpost.goauthentik.io/* http://authentik:9000 forward_auth http://authentik:9000 { @@ -73,17 +73,17 @@ locals { copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Entitlements X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version trusted_proxies private_ranges } - %{ endif } - %{ if site.has_custom_config } + %{endif} + %{if site.has_custom_config} ${site.custom_config} - %{ else } + %{else} reverse_proxy ${site.endpoint} { ${join("\n ", [ - for key, value in site.reverse_proxy_options : - "${key} ${value}" - ])} + for key, value in site.reverse_proxy_options : + "${key} ${value}" + ])} } - %{ endif } + %{endif} } } EOT @@ -140,5 +140,5 @@ module "caddy" { } ] - networks = var.networks + networks = var.networks } \ No newline at end of file diff --git a/modules/10-generic/docker-service/main.tf b/modules/10-generic/docker-service/main.tf index 2d29b25..9cc50a3 100644 --- a/modules/10-generic/docker-service/main.tf +++ b/modules/10-generic/docker-service/main.tf @@ -61,7 +61,7 @@ resource "docker_container" "service_container" { # Set the network mode (bridge, host, etc.) network_mode = local.network_mode - + # Add host mappings (entries for /etc/hosts) dynamic "host" { for_each = var.host_mappings diff --git a/modules/10-generic/docker-service/variables.tf b/modules/10-generic/docker-service/variables.tf index 8abb706..7ef041d 100644 --- a/modules/10-generic/docker-service/variables.tf +++ b/modules/10-generic/docker-service/variables.tf @@ -181,20 +181,20 @@ variable "privileged" { variable "security_opts" { description = "Set's security options for container" - type = list(string) - default = null + type = list(string) + default = null } variable "userns_mode" { description = "Set's the USERNS Mode" - type = string - default = null + type = string + default = null } variable "gpus" { description = "Set the GPU passthrough" - type = string - default = null + type = string + default = null } // Logging options @@ -207,8 +207,8 @@ variable "log_driver" { variable "log_opts" { description = "Log driver options" type = map(string) - default = { - max-size = "10m" - max-file = "3" + default = { + max-size = "10m" + max-file = "3" } } \ No newline at end of file diff --git a/modules/20-services-entertainment/calibre-service/main.tf b/modules/20-services-entertainment/calibre-service/main.tf index 4207d9c..08fefad 100644 --- a/modules/20-services-entertainment/calibre-service/main.tf +++ b/modules/20-services-entertainment/calibre-service/main.tf @@ -7,25 +7,25 @@ terraform { } locals { - container_name = "calibre" - calibre_image = "docker.io/crocodilestick/calibre-web-automated" - calibre_tag = var.image_tag - calibre_internal_port = 8083 + container_name = "calibre" + calibre_image = "docker.io/crocodilestick/calibre-web-automated" + calibre_tag = var.image_tag + calibre_internal_port = 8083 calibre_volumes = [ { host_path = "${var.volume_path}/${local.container_name}/config" container_path = "/config" read_only = false - },{ + }, { host_path = "${var.volume_path}/${local.container_name}/book-ingest" container_path = "/cwa-book-ingest" read_only = false - },{ + }, { host_path = "${var.volume_path}/${local.container_name}/Calibre Library" container_path = "/calibre-library" read_only = false - },{ + }, { host_path = "${var.volume_path}/${local.container_name}/plugins" container_path = "/config/.config/calibre/plugins" read_only = false @@ -33,9 +33,9 @@ locals { ] calibre_env_vars = { - PUID = var.user_id - PGID = var.group_id - TZ = var.timezone + PUID = var.user_id + PGID = var.group_id + TZ = var.timezone } } diff --git a/modules/20-services-entertainment/jellyfin-service/main.tf b/modules/20-services-entertainment/jellyfin-service/main.tf index 438466a..52f978a 100644 --- a/modules/20-services-entertainment/jellyfin-service/main.tf +++ b/modules/20-services-entertainment/jellyfin-service/main.tf @@ -7,12 +7,12 @@ terraform { } locals { - container_name = "jellyfin" - jellyfin_image = "docker.io/jellyfin/jellyfin" - jellyfin_tag = var.image_tag - env_file = "${path.module}/.env" - jellyfin_internal_port = 8096 - gpus = "all" + container_name = "jellyfin" + jellyfin_image = "docker.io/jellyfin/jellyfin" + jellyfin_tag = var.image_tag + env_file = "${path.module}/.env" + jellyfin_internal_port = 8096 + gpus = "all" jellyfin_volumes = [ { @@ -24,7 +24,7 @@ locals { host_path = "${var.volume_path}/${local.container_name}/config" container_path = "/config" read_only = false - },{ + }, { host_path = "${var.volume_path}/${local.container_name}/cache" container_path = "/cache" read_only = false @@ -32,9 +32,9 @@ locals { ] jellyfin_env_vars = { - PUID = var.user_id - PGID = var.group_id - TZ = var.timezone + PUID = var.user_id + PGID = var.group_id + TZ = var.timezone } } diff --git a/modules/20-services-entertainment/pelican-service/main.tf b/modules/20-services-entertainment/pelican-service/main.tf index d6ecb0a..a1aaaf7 100644 --- a/modules/20-services-entertainment/pelican-service/main.tf +++ b/modules/20-services-entertainment/pelican-service/main.tf @@ -7,11 +7,11 @@ terraform { } locals { - container_name = "pelican" - pelican_image = "ghcr.io/pelican-dev/panel" - pelican_tag = var.image_tag - env_file = "${path.module}/.env" - pelican_internal_port = 8000 + container_name = "pelican" + pelican_image = "ghcr.io/pelican-dev/panel" + pelican_tag = var.image_tag + env_file = "${path.module}/.env" + pelican_internal_port = 8000 caddyfile_content = <<-EOT { @@ -48,13 +48,13 @@ locals { resource "local_file" "pelican_caddy_config_file" { - content = local.caddyfile_content - filename = "${var.volume_path}/${local.container_name}/Caddyfile" + content = local.caddyfile_content + filename = "${var.volume_path}/${local.container_name}/Caddyfile" } resource "local_file" "pelican_config_file" { - content = local.pelican_env_file - filename = "${var.volume_path}/${local.container_name}/.env" + content = local.pelican_env_file + filename = "${var.volume_path}/${local.container_name}/.env" } @@ -66,19 +66,19 @@ module "pelican-panel" { tag = local.pelican_tag networks = var.networks restart_policy = "always" - volumes = [ + volumes = [ { - host_path = "${var.volume_path}/${local.container_name}/Caddyfile" + host_path = "${var.volume_path}/${local.container_name}/Caddyfile" container_path = "/etc/caddy/Caddyfile" - read_only = true + read_only = true }, { - host_path = "${var.volume_path}/${local.container_name}/.env" + host_path = "${var.volume_path}/${local.container_name}/.env" container_path = "/pelican-data/.env" - read_only = true + read_only = true } ] - env_vars = { + env_vars = { TZ = var.timezone PUID = var.user_id PGID = var.group_id @@ -95,6 +95,6 @@ output "service_definition" { name = local.container_name primary_port = local.pelican_internal_port endpoint = "http://${local.container_name}:${local.pelican_internal_port}" - subdomains = ["gpanel"] + subdomains = ["gpanel"] } } diff --git a/modules/20-services-entertainment/wings-service/main.tf b/modules/20-services-entertainment/wings-service/main.tf index 9c01d21..fb51166 100644 --- a/modules/20-services-entertainment/wings-service/main.tf +++ b/modules/20-services-entertainment/wings-service/main.tf @@ -7,11 +7,11 @@ terraform { } locals { - container_name = "pelican-wings" - wings_image = "ghcr.io/pelican-dev/wings" - wings_tag = var.image_tag - env_file = "${path.module}/.env" - internal_port = 8080 + container_name = "pelican-wings" + wings_image = "ghcr.io/pelican-dev/wings" + wings_tag = var.image_tag + env_file = "${path.module}/.env" + internal_port = 8080 wing_0_config = <<-EOT debug: false @@ -36,8 +36,8 @@ locals { } resource "local_file" "wing_0_config_file" { - content = local.wing_0_config - filename = "${var.volume_path}/${local.container_name}/wing-0-config.yml" + content = local.wing_0_config + filename = "${var.volume_path}/${local.container_name}/wing-0-config.yml" } module "pelican-wings" { @@ -47,47 +47,47 @@ module "pelican-wings" { tag = local.wings_tag networks = var.networks restart_policy = "always" - ports = [ + ports = [ { - internal = 8080 - external = 8080 - protocol = "tcp" + internal = 8080 + external = 8080 + protocol = "tcp" }, { - internal = 2022 - external = 2022 - protocol = "tcp" + internal = 2022 + external = 2022 + protocol = "tcp" } ] - volumes = [ + volumes = [ { - host_path = "/run/user/1000/podman/podman.sock" + host_path = "/run/user/1000/podman/podman.sock" container_path = "/var/run/docker.sock" - read_only = false + read_only = false }, { - host_path = "/home/jjvij/.local/share/containers" + host_path = "/home/jjvij/.local/share/containers" container_path = "/var/lib/docker/containers/" - read_only = false + read_only = false }, { - host_path = "${var.volume_path}/${local.container_name}/wing-0-config.yml" + host_path = "${var.volume_path}/${local.container_name}/wing-0-config.yml" container_path = "/etc/pelican/config.yml" - read_only = false + read_only = false } ] env_vars = { - TZ = var.timezone - APP_TIMEZONE = var.timezone - WINGS_UID = var.user_id - WINGS_GID = var.group_id - WINGS_USERNAME = "pelican" + TZ = var.timezone + APP_TIMEZONE = var.timezone + WINGS_UID = var.user_id + WINGS_GID = var.group_id + WINGS_USERNAME = "pelican" } - userns_mode = "keep-id:uid=1000,gid=1000" - labels = { + userns_mode = "keep-id:uid=1000,gid=1000" + labels = { "run.oci.keep_original_groups" = "1" } - security_opts = [ + security_opts = [ "label:type:container_runtype_t" ] } @@ -98,6 +98,6 @@ output "service_definition" { name = local.container_name primary_port = local.internal_port endpoint = "http://${local.container_name}:${local.internal_port}" - subdomains = ["games"] + subdomains = ["games"] } } \ No newline at end of file diff --git a/modules/30-services-software/actualbudget-service/main.tf b/modules/30-services-software/actualbudget-service/main.tf index 226a5c3..cb98ca9 100644 --- a/modules/30-services-software/actualbudget-service/main.tf +++ b/modules/30-services-software/actualbudget-service/main.tf @@ -7,12 +7,12 @@ terraform { } locals { - container_name = "actualbudget" - image = "ghcr.io/actualbudget/actual" - image_tag = var.image_tag - env_file = "${path.module}/.env" - internal_port = 5006 - + container_name = "actualbudget" + image = "ghcr.io/actualbudget/actual" + image_tag = var.image_tag + env_file = "${path.module}/.env" + internal_port = 5006 + default_volumes = [ { host_path = "${var.volume_path}/data" diff --git a/modules/30-services-software/authentik-service/main.tf b/modules/30-services-software/authentik-service/main.tf index a6a6ebb..f0dfa59 100644 --- a/modules/30-services-software/authentik-service/main.tf +++ b/modules/30-services-software/authentik-service/main.tf @@ -24,58 +24,58 @@ locals { authentik_volumes = [ { - host_path = "${var.volume_path}/${local.container_name}/media" - container_path = "/media" - read_only = false + host_path = "${var.volume_path}/${local.container_name}/media" + container_path = "/media" + read_only = false }, { - host_path = "${var.volume_path}/${local.container_name}/custom-templates" - container_path = "/templates" - read_only = false + host_path = "${var.volume_path}/${local.container_name}/custom-templates" + container_path = "/templates" + read_only = false }, { - host_path = "${var.volume_path}/${local.container_name}/user_settings.py" - container_path = "/data/user_settings.py" - read_only = false + host_path = "${var.volume_path}/${local.container_name}/user_settings.py" + container_path = "/data/user_settings.py" + read_only = false } ] redis_volumes = [ { - host_path = "${var.volume_path}/${local.container_name}/redis/data" - container_path = "/data" - read_only = false + host_path = "${var.volume_path}/${local.container_name}/redis/data" + container_path = "/data" + read_only = false }, ] postgres_volumes = [ { - host_path = "${var.volume_path}/${local.container_name}/postgres/data" - container_path = "/var/lib/postgresql/data" - read_only = false + host_path = "${var.volume_path}/${local.container_name}/postgres/data" + container_path = "/var/lib/postgresql/data" + read_only = false }, ] authentik_env_vars = { - AUTHENTIK_SECRET_KEY = provider::dotenv::get_by_key("AUTHENTIK_SECRET_KEY", local.env_file) - AUTHENTIK_REDIS__HOST = provider::dotenv::get_by_key("AUTHENTIK_REDIS__HOST", local.env_file) - AUTHENTIK_POSTGRESQL__HOST = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__HOST", local.env_file) - AUTHENTIK_POSTGRESQL__USER = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__USER", local.env_file) - AUTHENTIK_POSTGRESQL__NAME = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__NAME", local.env_file) - AUTHENTIK_POSTGRESQL__PASSWORD = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__PASSWORD", local.env_file) + AUTHENTIK_SECRET_KEY = provider::dotenv::get_by_key("AUTHENTIK_SECRET_KEY", local.env_file) + AUTHENTIK_REDIS__HOST = provider::dotenv::get_by_key("AUTHENTIK_REDIS__HOST", local.env_file) + AUTHENTIK_POSTGRESQL__HOST = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__HOST", local.env_file) + AUTHENTIK_POSTGRESQL__USER = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__USER", local.env_file) + AUTHENTIK_POSTGRESQL__NAME = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__NAME", local.env_file) + AUTHENTIK_POSTGRESQL__PASSWORD = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__PASSWORD", local.env_file) } postgres_env_vars = { - POSTGRES_PASSWORD = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__PASSWORD", local.env_file) - POSTGRES_USER = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__USER", local.env_file) - POSTGRES_DB = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__DB", local.env_file) + POSTGRES_PASSWORD = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__PASSWORD", local.env_file) + POSTGRES_USER = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__USER", local.env_file) + POSTGRES_DB = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__DB", local.env_file) } } - resource "local_file" "authentik_config_file" { - content = local.authentik_content - filename = "${var.volume_path}/${local.container_name}/user_settings.py" - } +resource "local_file" "authentik_config_file" { + content = local.authentik_content + filename = "${var.volume_path}/${local.container_name}/user_settings.py" +} module "authentik_network" { source = "../../01-networking/network-service" @@ -83,49 +83,49 @@ module "authentik_network" { subnet = "172.16.0.0/29" driver = "bridge" options = { - "isolate": false + "isolate" : false } } module "authentik-postgres" { - source = "../../10-generic/docker-service" - container_name = local.postgres_container_name - image = local.postgres_image - tag = local.postgres_tag - volumes = local.postgres_volumes - env_vars = local.postgres_env_vars - networks = [module.authentik_network.name] + source = "../../10-generic/docker-service" + container_name = local.postgres_container_name + image = local.postgres_image + tag = local.postgres_tag + volumes = local.postgres_volumes + env_vars = local.postgres_env_vars + networks = [module.authentik_network.name] } module "authentik-redis" { - source = "../../10-generic/docker-service" - container_name = local.redis_container_name - image = local.redis_image - tag = local.redis_tag - volumes = local.redis_volumes - networks = [module.authentik_network.name] + source = "../../10-generic/docker-service" + container_name = local.redis_container_name + image = local.redis_image + tag = local.redis_tag + volumes = local.redis_volumes + networks = [module.authentik_network.name] } module "authentik-server" { - source = "../../10-generic/docker-service" - container_name = local.container_name - image = local.authentik_image - tag = local.authentik_tag - volumes = local.authentik_volumes - env_vars = local.authentik_env_vars - networks = concat([module.authentik_network.name], var.networks) - command = ["server"] + source = "../../10-generic/docker-service" + container_name = local.container_name + image = local.authentik_image + tag = local.authentik_tag + volumes = local.authentik_volumes + env_vars = local.authentik_env_vars + networks = concat([module.authentik_network.name], var.networks) + command = ["server"] } module "authentik-worker" { - source = "../../10-generic/docker-service" - container_name = "${local.container_name}-worker" - image = local.authentik_image - tag = local.authentik_tag - volumes = local.authentik_volumes - env_vars = local.authentik_env_vars - networks = [module.authentik_network.name] - command = ["worker"] + source = "../../10-generic/docker-service" + container_name = "${local.container_name}-worker" + image = local.authentik_image + tag = local.authentik_tag + volumes = local.authentik_volumes + env_vars = local.authentik_env_vars + networks = [module.authentik_network.name] + command = ["worker"] } output "service_definition" { diff --git a/modules/30-services-software/coder-service/main.tf b/modules/30-services-software/coder-service/main.tf index c353af3..5f1d89f 100644 --- a/modules/30-services-software/coder-service/main.tf +++ b/modules/30-services-software/coder-service/main.tf @@ -7,14 +7,14 @@ terraform { } locals { - container_name = "coder" - postgres_container_name = "coder-postgres" - coder_image = "ghcr.io/coder/coder" - postgres_image = "docker.io/library/postgres" - coder_tag = var.image_tag - postgres_tag = var.postgres_image_tag - env_file = "${path.module}/.env" - coder_internal_port = 7080 + container_name = "coder" + postgres_container_name = "coder-postgres" + coder_image = "ghcr.io/coder/coder" + postgres_image = "docker.io/library/postgres" + coder_tag = var.image_tag + postgres_tag = var.postgres_image_tag + env_file = "${path.module}/.env" + coder_internal_port = 7080 coder_volumes = [ { @@ -33,19 +33,19 @@ locals { ] coder_env_vars = { - CODER_PG_CONNECTION_URL = "postgresql://${provider::dotenv::get_by_key("POSTGRES_USER", local.env_file)}:${provider::dotenv::get_by_key("POSTGRES_PASSWORD", local.env_file)}@coder-postgres/${provider::dotenv::get_by_key("POSTGRES_DB", local.env_file)}?sslmode=disable" - CODER_HTTP_ADDRESS = provider::dotenv::get_by_key("CODER_HTTP_ADDRESS", local.env_file) - CODER_ACCESS_URL = provider::dotenv::get_by_key("CODER_ACCESS_URL", local.env_file) - CODER_PROXY_TRUSTED_HEADERS = provider::dotenv::get_by_key("CODER_PROXY_TRUSTED_HEADERS", local.env_file) - CODER_PROXY_TRUSTED_ORIGINS = provider::dotenv::get_by_key("CODER_PROXY_TRUSTED_ORIGINS", local.env_file) - CODER_DISABLE_PASSWORD_AUTH = provider::dotenv::get_by_key("CODER_DISABLE_PASSWORD_AUTH", local.env_file) - DOCKER_USER = provider::dotenv::get_by_key("DOCKER_USER", local.env_file) + CODER_PG_CONNECTION_URL = "postgresql://${provider::dotenv::get_by_key("POSTGRES_USER", local.env_file)}:${provider::dotenv::get_by_key("POSTGRES_PASSWORD", local.env_file)}@coder-postgres/${provider::dotenv::get_by_key("POSTGRES_DB", local.env_file)}?sslmode=disable" + CODER_HTTP_ADDRESS = provider::dotenv::get_by_key("CODER_HTTP_ADDRESS", local.env_file) + CODER_ACCESS_URL = provider::dotenv::get_by_key("CODER_ACCESS_URL", local.env_file) + CODER_PROXY_TRUSTED_HEADERS = provider::dotenv::get_by_key("CODER_PROXY_TRUSTED_HEADERS", local.env_file) + CODER_PROXY_TRUSTED_ORIGINS = provider::dotenv::get_by_key("CODER_PROXY_TRUSTED_ORIGINS", local.env_file) + CODER_DISABLE_PASSWORD_AUTH = provider::dotenv::get_by_key("CODER_DISABLE_PASSWORD_AUTH", local.env_file) + DOCKER_USER = provider::dotenv::get_by_key("DOCKER_USER", local.env_file) } postgres_env_vars = { - POSTGRES_USER = provider::dotenv::get_by_key("POSTGRES_USER", local.env_file) - POSTGRES_PASSWORD = provider::dotenv::get_by_key("POSTGRES_PASSWORD", local.env_file) - POSTGRES_DB = provider::dotenv::get_by_key("POSTGRES_DB", local.env_file) + POSTGRES_USER = provider::dotenv::get_by_key("POSTGRES_USER", local.env_file) + POSTGRES_PASSWORD = provider::dotenv::get_by_key("POSTGRES_PASSWORD", local.env_file) + POSTGRES_DB = provider::dotenv::get_by_key("POSTGRES_DB", local.env_file) } } @@ -56,7 +56,7 @@ module "coder_network" { subnet = "172.16.0.16/29" driver = "bridge" options = { - "isolate": false + "isolate" : false } } @@ -82,10 +82,10 @@ module "coder" { networks = concat([module.coder_network.name], var.networks) restart_policy = "always" userns_mode = "keep-id:uid=1000,gid=1000" - labels = { + labels = { "run.oci.keep_original_groups" = "1" } - security_opts = [ + security_opts = [ "label:type:container_runtype_t" ] } diff --git a/modules/30-services-software/penpot-service/main.tf b/modules/30-services-software/penpot-service/main.tf index 579f91e..63b7c86 100644 --- a/modules/30-services-software/penpot-service/main.tf +++ b/modules/30-services-software/penpot-service/main.tf @@ -7,135 +7,135 @@ terraform { } locals { - container_name = "penpot" - penpot_backend_name = "penpot-backend" - penpot_exporter_name = "penpot-exporter" - postgres_container_name = "penpot-postgres" - valkey_container_name = "penpot-valkey" - penpot_frontend_image = "docker.io/penpotapp/frontend" - penpot_backend_image = "docker.io/penpotapp/backend" - penpot_exporter_image = "docker.io/penpotapp/exporter" - valkey_image = "docker.io/valkey/valkey" - postgres_image = "docker.io/library/postgres" - penpot_frontend_tag = var.image_tag - penpot_backend_tag = var.image_tag - penpot_exporter_tag = var.image_tag - valkey_tag = var.valkey_image_tag - postgres_tag = var.postgres_image_tag - env_file = "${path.module}/.env" - internal_port = 8080 + container_name = "penpot" + penpot_backend_name = "penpot-backend" + penpot_exporter_name = "penpot-exporter" + postgres_container_name = "penpot-postgres" + valkey_container_name = "penpot-valkey" + penpot_frontend_image = "docker.io/penpotapp/frontend" + penpot_backend_image = "docker.io/penpotapp/backend" + penpot_exporter_image = "docker.io/penpotapp/exporter" + valkey_image = "docker.io/valkey/valkey" + postgres_image = "docker.io/library/postgres" + penpot_frontend_tag = var.image_tag + penpot_backend_tag = var.image_tag + penpot_exporter_tag = var.image_tag + valkey_tag = var.valkey_image_tag + postgres_tag = var.postgres_image_tag + env_file = "${path.module}/.env" + internal_port = 8080 - penpot_volumes = [ - { - host_path = "${var.volume_path}/${local.container_name}/assets" - container_path = "/opt/data/assets" - read_only = false - } - ] - - postgres_volumes = [ - { - host_path = "${var.volume_path}/${local.container_name}/data" - container_path = "/var/lib/postgresql/data" - read_only = false - } - ] - - penpot_exporter_env_vars = { - PENPOT_PUBLIC_URI = "http://${local.container_name}:${local.internal_port}" - PENPOT_REDIS_URI = "redis://${local.valkey_container_name}/0" + penpot_volumes = [ + { + host_path = "${var.volume_path}/${local.container_name}/assets" + container_path = "/opt/data/assets" + read_only = false } + ] - # Disable emails and enable OIDC since this is a private instanced managed with Authentik - penpot_env_vars = { - PENPOT_FLAGS = "disable-smtp enable-prepl-server enable-login-with-oidc" - - PENPOT_SECRET_KEY = provider::dotenv::get_by_key("PENPOT_SECRET_KEY", local.env_file) - - PENPOT_PREPL_HOST = "0.0.0.0" - - PENPOT_DATABASE_URI = "postgresql://${local.postgres_container_name}/${try(provider::dotenv::get_by_key("POSTGRES_DB", local.env_file), "penpot")}" - PENPOT_DATABASE_USERNAME = provider::dotenv::get_by_key("POSTGRES_USER", local.env_file) - PENPOT_DATABASE_PASSWORD = provider::dotenv::get_by_key("POSTGRES_PASSWORD", local.env_file) - PENPOT_REDIS_URI = "redis://${local.valkey_container_name}/0" - - PENPOT_ASSETS_STORAGE_BACKEND = "assets-fs" - PENPOT_STORAGE_ASSETS_FS_DIRECTORY = "/opt/data/assets" - - PENPOT_TELEMETRY_ENABLED = false - PENPOT_TELEMETRY_REFERER = "" - - PENPOT_OIDC_CLIENT_ID = provider::dotenv::get_by_key("PENPOT_OIDC_CLIENT_ID", local.env_file) - PENPOT_OIDC_BASE_URI = provider::dotenv::get_by_key("PENPOT_OIDC_BASE_URI", local.env_file) - PENPOT_OIDC_ROLES = provider::dotenv::get_by_key("PENPOT_OIDC_ROLES", local.env_file) + postgres_volumes = [ + { + host_path = "${var.volume_path}/${local.container_name}/data" + container_path = "/var/lib/postgresql/data" + read_only = false } + ] - postgres_env_vars = { - POSTGRES_USER = provider::dotenv::get_by_key("POSTGRES_USER", local.env_file) - POSTGRES_PASSWORD = provider::dotenv::get_by_key("POSTGRES_PASSWORD", local.env_file) - POSTGRES_DB = provider::dotenv::get_by_key("POSTGRES_DB", local.env_file) - } + penpot_exporter_env_vars = { + PENPOT_PUBLIC_URI = "http://${local.container_name}:${local.internal_port}" + PENPOT_REDIS_URI = "redis://${local.valkey_container_name}/0" + } + + # Disable emails and enable OIDC since this is a private instanced managed with Authentik + penpot_env_vars = { + PENPOT_FLAGS = "disable-smtp enable-prepl-server enable-login-with-oidc" + + PENPOT_SECRET_KEY = provider::dotenv::get_by_key("PENPOT_SECRET_KEY", local.env_file) + + PENPOT_PREPL_HOST = "0.0.0.0" + + PENPOT_DATABASE_URI = "postgresql://${local.postgres_container_name}/${try(provider::dotenv::get_by_key("POSTGRES_DB", local.env_file), "penpot")}" + PENPOT_DATABASE_USERNAME = provider::dotenv::get_by_key("POSTGRES_USER", local.env_file) + PENPOT_DATABASE_PASSWORD = provider::dotenv::get_by_key("POSTGRES_PASSWORD", local.env_file) + PENPOT_REDIS_URI = "redis://${local.valkey_container_name}/0" + + PENPOT_ASSETS_STORAGE_BACKEND = "assets-fs" + PENPOT_STORAGE_ASSETS_FS_DIRECTORY = "/opt/data/assets" + + PENPOT_TELEMETRY_ENABLED = false + PENPOT_TELEMETRY_REFERER = "" + + PENPOT_OIDC_CLIENT_ID = provider::dotenv::get_by_key("PENPOT_OIDC_CLIENT_ID", local.env_file) + PENPOT_OIDC_BASE_URI = provider::dotenv::get_by_key("PENPOT_OIDC_BASE_URI", local.env_file) + PENPOT_OIDC_ROLES = provider::dotenv::get_by_key("PENPOT_OIDC_ROLES", local.env_file) + } + + postgres_env_vars = { + POSTGRES_USER = provider::dotenv::get_by_key("POSTGRES_USER", local.env_file) + POSTGRES_PASSWORD = provider::dotenv::get_by_key("POSTGRES_PASSWORD", local.env_file) + POSTGRES_DB = provider::dotenv::get_by_key("POSTGRES_DB", local.env_file) + } } module "penpot_network" { - source = "../../01-networking/network-service" - name = "penpot-network" - subnet = "172.16.0.32/29" - driver = "bridge" - options = { - "isolate": false - } + source = "../../01-networking/network-service" + name = "penpot-network" + subnet = "172.16.0.32/29" + driver = "bridge" + options = { + "isolate" : false + } } module "penpot-postgres" { - source = "../../10-generic/docker-service" - container_name = local.postgres_container_name - image = local.postgres_image - tag = local.postgres_tag - volumes = local.postgres_volumes - env_vars = local.postgres_env_vars - networks = module.penpot_network.name - restart_policy = "always" + source = "../../10-generic/docker-service" + container_name = local.postgres_container_name + image = local.postgres_image + tag = local.postgres_tag + volumes = local.postgres_volumes + env_vars = local.postgres_env_vars + networks = module.penpot_network.name + restart_policy = "always" } module "penpot-valkey" { - source = "../../10-generic/docker-service" - container_name = local.valkey_container_name - image = local.valkey_image - tag = local.valkey_tag - networks = module.penpot_network.name - restart_policy = "always" + source = "../../10-generic/docker-service" + container_name = local.valkey_container_name + image = local.valkey_image + tag = local.valkey_tag + networks = module.penpot_network.name + restart_policy = "always" } module "penpot-exporter" { - source = "../../10-generic/docker-service" - container_name = local.penpot_exporter_name - image = local.penpot_backend_image - tag = local.penpot_backend_tag - env_vars = local.penpot_exporter_env_vars - networks = module.penpot_network.name - restart_policy = "always" + source = "../../10-generic/docker-service" + container_name = local.penpot_exporter_name + image = local.penpot_backend_image + tag = local.penpot_backend_tag + env_vars = local.penpot_exporter_env_vars + networks = module.penpot_network.name + restart_policy = "always" } module "penpot-backend" { - source = "../../10-generic/docker-service" - container_name = local.penpot_backend_name - image = local.penpot_backend_image - tag = local.penpot_backend_tag - volumes = local.penpot_volumes - env_vars = local.penpot_env_vars - networks = module.penpot_network.name - restart_policy = "always" + source = "../../10-generic/docker-service" + container_name = local.penpot_backend_name + image = local.penpot_backend_image + tag = local.penpot_backend_tag + volumes = local.penpot_volumes + env_vars = local.penpot_env_vars + networks = module.penpot_network.name + restart_policy = "always" } module "penpot" { - source = "../../10-generic/docker-service" - container_name = local.container_name - image = local.penpot_frontend_image - tag = local.penpot_frontend_tag - volumes = local.penpot_volumes - networks = concat([module.penpot_network.name], var.networks) - restart_policy = "always" + source = "../../10-generic/docker-service" + container_name = local.container_name + image = local.penpot_frontend_image + tag = local.penpot_frontend_tag + volumes = local.penpot_volumes + networks = concat([module.penpot_network.name], var.networks) + restart_policy = "always" } diff --git a/modules/30-services-software/qbittorrent-service/main.tf b/modules/30-services-software/qbittorrent-service/main.tf index 4b1070b..7c9da76 100644 --- a/modules/30-services-software/qbittorrent-service/main.tf +++ b/modules/30-services-software/qbittorrent-service/main.tf @@ -7,11 +7,11 @@ terraform { } locals { - container_name = "qbittorrent" - qbittorrent_image = "lscr.io/linuxserver/qbittorrent" - qbittorrent_tag = var.image_tag - env_file = "${path.module}/.env" - qbittorrent_internal_port = 9080 + container_name = "qbittorrent" + qbittorrent_image = "lscr.io/linuxserver/qbittorrent" + qbittorrent_tag = var.image_tag + env_file = "${path.module}/.env" + qbittorrent_internal_port = 9080 qbittorrent_volumes = [ { @@ -27,11 +27,11 @@ locals { ] qbittorrent_env_vars = { - PUID = var.user_id - PGID = var.group_id - TZ = var.timezone - WEBUI_PORT = provider::dotenv::get_by_key("WEBUI_PORT", local.env_file) - TORRENTING_PORT = provider::dotenv::get_by_key("TORRENTING_PORT", local.env_file) + PUID = var.user_id + PGID = var.group_id + TZ = var.timezone + WEBUI_PORT = provider::dotenv::get_by_key("WEBUI_PORT", local.env_file) + TORRENTING_PORT = provider::dotenv::get_by_key("TORRENTING_PORT", local.env_file) } } diff --git a/modules/30-services-software/tandoor-service/main.tf b/modules/30-services-software/tandoor-service/main.tf index e193891..8c1bea4 100644 --- a/modules/30-services-software/tandoor-service/main.tf +++ b/modules/30-services-software/tandoor-service/main.tf @@ -7,55 +7,55 @@ terraform { } locals { - container_name = "tandoor" - postgres_name = "tandoor-postgres" - tandoor_image = "docker.io/vabene1111/recipes" - postgres_image = "docker.io/library/postgres" - tandoor_tag = var.image_tag - postgres_tag = var.postgres_image_tag - env_file = "${path.module}/.env" - tandoor_internal_port = 80 + container_name = "tandoor" + postgres_name = "tandoor-postgres" + tandoor_image = "docker.io/vabene1111/recipes" + postgres_image = "docker.io/library/postgres" + tandoor_tag = var.image_tag + postgres_tag = var.postgres_image_tag + env_file = "${path.module}/.env" + tandoor_internal_port = 80 tandoor_volumes = [ { host_path = "${var.volume_path}/${local.container_name}/config" container_path = "/config" read_only = false - },{ + }, { host_path = "${var.volume_path}/${local.container_name}/cache" container_path = "/cache" read_only = false }, ] - postgres_volumes = [ + postgres_volumes = [ { - host_path = "${var.volume_path}/${local.container_name}/postgres/data" - container_path = "/var/lib/postgresql/data" - read_only = false + host_path = "${var.volume_path}/${local.container_name}/postgres/data" + container_path = "/var/lib/postgresql/data" + read_only = false }, ] tandoor_env_vars = { - SOCIAL_PROVIDERS = provider::dotenv::get_by_key("SOCIAL_PROVIDERS", local.env_file) - SOCIALACCOUNT_PROVIDERS = provider::dotenv::get_by_key("SOCIALACCOUNT_PROVIDERS", local.env_file) - ENABLE_SIGNUP = provider::dotenv::get_by_key("ENABLE_SIGNUP", local.env_file) - MEDIA_URL = provider::dotenv::get_by_key("MEDIA_URL", local.env_file) - SECRET_KEY = provider::dotenv::get_by_key("SECRET_KEY", local.env_file) - DEBUG = provider::dotenv::get_by_key("DEBUG", local.env_file) - ALLOWED_HOSTS = provider::dotenv::get_by_key("ALLOWED_HOSTS", local.env_file) - DB_ENGINE = provider::dotenv::get_by_key("DB_ENGINE", local.env_file) - POSTGRES_HOST = provider::dotenv::get_by_key("POSTGRES_HOST", local.env_file) - POSTGRES_DB = provider::dotenv::get_by_key("POSTGRES_DB", local.env_file) - POSTGRES_PORT = provider::dotenv::get_by_key("POSTGRES_PORT", local.env_file) - POSTGRES_USER = provider::dotenv::get_by_key("POSTGRES_USER", local.env_file) - POSTGRES_PASSWORD = provider::dotenv::get_by_key("POSTGRES_PASSWORD", local.env_file) + SOCIAL_PROVIDERS = provider::dotenv::get_by_key("SOCIAL_PROVIDERS", local.env_file) + SOCIALACCOUNT_PROVIDERS = provider::dotenv::get_by_key("SOCIALACCOUNT_PROVIDERS", local.env_file) + ENABLE_SIGNUP = provider::dotenv::get_by_key("ENABLE_SIGNUP", local.env_file) + MEDIA_URL = provider::dotenv::get_by_key("MEDIA_URL", local.env_file) + SECRET_KEY = provider::dotenv::get_by_key("SECRET_KEY", local.env_file) + DEBUG = provider::dotenv::get_by_key("DEBUG", local.env_file) + ALLOWED_HOSTS = provider::dotenv::get_by_key("ALLOWED_HOSTS", local.env_file) + DB_ENGINE = provider::dotenv::get_by_key("DB_ENGINE", local.env_file) + POSTGRES_HOST = provider::dotenv::get_by_key("POSTGRES_HOST", local.env_file) + POSTGRES_DB = provider::dotenv::get_by_key("POSTGRES_DB", local.env_file) + POSTGRES_PORT = provider::dotenv::get_by_key("POSTGRES_PORT", local.env_file) + POSTGRES_USER = provider::dotenv::get_by_key("POSTGRES_USER", local.env_file) + POSTGRES_PASSWORD = provider::dotenv::get_by_key("POSTGRES_PASSWORD", local.env_file) } postgres_env_vars = { - POSTGRES_PASSWORD = provider::dotenv::get_by_key("POSTGRES_PASSWORD", local.env_file) - POSTGRES_USER = provider::dotenv::get_by_key("POSTGRES_USER", local.env_file) - POSTGRES_DB = provider::dotenv::get_by_key("POSTGRES_DB", local.env_file) + POSTGRES_PASSWORD = provider::dotenv::get_by_key("POSTGRES_PASSWORD", local.env_file) + POSTGRES_USER = provider::dotenv::get_by_key("POSTGRES_USER", local.env_file) + POSTGRES_DB = provider::dotenv::get_by_key("POSTGRES_DB", local.env_file) } } @@ -65,7 +65,7 @@ module "tandoor_network" { subnet = "172.16.0.24/29" driver = "bridge" options = { - "isolate": false + "isolate" : false } } diff --git a/modules/30-services-software/traccar-service/main.tf b/modules/30-services-software/traccar-service/main.tf index a920323..a345cdc 100644 --- a/modules/30-services-software/traccar-service/main.tf +++ b/modules/30-services-software/traccar-service/main.tf @@ -7,16 +7,16 @@ terraform { } locals { - container_name = "traccar" - traccar_image = "docker.io/traccar/traccar" - traccar_tag = var.image_tag - env_file = "${path.module}/.env" - traccar_internal_port = 8082 + container_name = "traccar" + traccar_image = "docker.io/traccar/traccar" + traccar_tag = var.image_tag + env_file = "${path.module}/.env" + traccar_internal_port = 8082 traccar_env_vars = { - PUID = var.user_id - PGID = var.group_id - TZ = var.timezone + PUID = var.user_id + PGID = var.group_id + TZ = var.timezone } traccar_content = <<-EOT @@ -52,16 +52,16 @@ module "traccar" { container_name = local.container_name image = local.traccar_image tag = local.traccar_tag - volumes = [ + volumes = [ { host_path = "${var.volume_path}/${local.container_name}/logs" container_path = "/opt/traccar/logs" read_only = false - },{ + }, { host_path = "${var.volume_path}/${local.container_name}/data" container_path = "/opt/traccar/data" read_only = false - },{ + }, { host_path = "${var.volume_path}/${local.container_name}/traccar.xml" container_path = "/opt/traccar/conf/traccar.xml" read_only = true diff --git a/services/main.tf b/services/main.tf index e4a503c..3db9daa 100644 --- a/services/main.tf +++ b/services/main.tf @@ -15,72 +15,72 @@ module "infrastructure_int" { driver = "bridge" attachable = true options = { - "isolate": false + "isolate" : false } } module "jellyfin" { - source = "${local.module_dir}/20-services-entertainment/jellyfin-service" + source = "${local.module_dir}/20-services-entertainment/jellyfin-service" volume_path = "${local.root_volume}/jellyfin" - networks = [module.infrastructure_int.name] + networks = [module.infrastructure_int.name] } module "calibre" { - source = "${local.module_dir}/20-services-entertainment/calibre-service" + source = "${local.module_dir}/20-services-entertainment/calibre-service" volume_path = "${local.root_volume}/calibre" - networks = [module.infrastructure_int.name] + networks = [module.infrastructure_int.name] } module "pelican" { - source = "${local.module_dir}/20-services-entertainment/pelican-service" + source = "${local.module_dir}/20-services-entertainment/pelican-service" volume_path = "${local.root_volume}/pelican" - networks = [module.infrastructure_int.name] + networks = [module.infrastructure_int.name] } module "wings" { - source = "${local.module_dir}/20-services-entertainment/wings-service" + source = "${local.module_dir}/20-services-entertainment/wings-service" volume_path = "${local.root_volume}/wings" - networks = [module.infrastructure_int.name] + networks = [module.infrastructure_int.name] } module "authentik" { - source = "${local.module_dir}/30-services-software/authentik-service" + source = "${local.module_dir}/30-services-software/authentik-service" volume_path = "${local.root_volume}/authentik" - networks = [module.infrastructure_int.name] + networks = [module.infrastructure_int.name] } module "traccar" { - source = "${local.module_dir}/30-services-software/traccar-service" + source = "${local.module_dir}/30-services-software/traccar-service" volume_path = "${local.root_volume}/traccar" - networks = [module.infrastructure_int.name] + networks = [module.infrastructure_int.name] } module "tandoor" { - source = "${local.module_dir}/30-services-software/tandoor-service" + source = "${local.module_dir}/30-services-software/tandoor-service" volume_path = "${local.root_volume}/tandoor" - networks = [module.infrastructure_int.name] + networks = [module.infrastructure_int.name] } module "qbittorrent" { - source = "${local.module_dir}/30-services-software/qbittorrent-service" + source = "${local.module_dir}/30-services-software/qbittorrent-service" volume_path = "${local.root_volume}/qbittorrent" - networks = [module.infrastructure_int.name] + networks = [module.infrastructure_int.name] } module "coder" { - source = "${local.module_dir}/30-services-software/coder-service" + source = "${local.module_dir}/30-services-software/coder-service" volume_path = "${local.root_volume}/coder" - networks = [module.infrastructure_int.name] + networks = [module.infrastructure_int.name] } module "actualbudget" { - source = "${local.module_dir}/30-services-software/actualbudget-service" + source = "${local.module_dir}/30-services-software/actualbudget-service" volume_path = "${local.root_volume}/actualbudget" - networks = [module.infrastructure_int.name] + networks = [module.infrastructure_int.name] } module "penpot" { - source = "${local.module_dir}/30-services-software/penpot-service" + source = "${local.module_dir}/30-services-software/penpot-service" volume_path = "${local.root_volume}/penpot" - networks = [module.infrastructure_int.name] + networks = [module.infrastructure_int.name] } \ No newline at end of file diff --git a/services/outputs.tf b/services/outputs.tf index 0c72a3a..c9d9203 100644 --- a/services/outputs.tf +++ b/services/outputs.tf @@ -17,5 +17,5 @@ output "service_definitions" { output "infrastructure_int" { description = "The internal infrastructure network" - value = module.infrastructure_int + value = module.infrastructure_int } \ No newline at end of file