Format Tofu files

2025-11-12 15:00:38 +00:00
parent 733ecdf498
commit 2d8083ba60
17 changed files with 356 additions and 356 deletions
@@ -7,19 +7,19 @@ module "services" {
 }
 locals {
-  volume_host = "${module.system_globals.volume_host}"
+  volume_host = module.system_globals.volume_host
 }
 module "caddy" {
-  source              = "./modules/01-networking/caddy-service"
+  source      = "./modules/01-networking/caddy-service"
-  volume_path         = "${local.volume_host}"
+  volume_path = local.volume_host
-  domains             = [
+  domains = [
    "blackchaosnl.myaddr.dev",
  ]
  tls_email           = "jjvijgen@gmail.com"
  container_name      = "caddy"
  service_definitions = module.services.service_definitions
-  networks            = [
+  networks = [
    module.services.infrastructure_int.name
  ]
 }
@@ -65,7 +65,7 @@ locals {
    ${site.site_address} {
      import headers
      route {
-        %{ if site.is_route_protected }
+        %{if site.is_route_protected}
        reverse_proxy /outpost.goauthentik.io/* http://authentik:9000
        forward_auth http://authentik:9000 {
@@ -73,17 +73,17 @@ locals {
            copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Entitlements X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
            trusted_proxies private_ranges
        }
-        %{ endif }
+        %{endif}
-        %{ if site.has_custom_config }
+        %{if site.has_custom_config}
        ${site.custom_config}
-        %{ else }
+        %{else}
        reverse_proxy ${site.endpoint} {
          ${join("\n        ", [
-            for key, value in site.reverse_proxy_options : 
+    for key, value in site.reverse_proxy_options :
-            "${key} ${value}"
+    "${key} ${value}"
-          ])}
+  ])}
        }
-        %{ endif }
+        %{endif}
      }
    }
    EOT
@@ -140,5 +140,5 @@ module "caddy" {
    }
  ]
-  networks   = var.networks
+  networks = var.networks
 }
@@ -181,20 +181,20 @@ variable "privileged" {
 variable "security_opts" {
  description = "Set's security options for container"
-  type = list(string)
+  type        = list(string)
-  default = null
+  default     = null
 }
 variable "userns_mode" {
  description = "Set's the USERNS Mode"
-  type = string
+  type        = string
-  default = null
+  default     = null
 }
 variable "gpus" {
  description = "Set the GPU passthrough"
-  type = string
+  type        = string
-  default = null
+  default     = null
 }
 // Logging options
@@ -207,8 +207,8 @@ variable "log_driver" {
 variable "log_opts" {
  description = "Log driver options"
  type        = map(string)
-  default     = {
+  default = {
-    max-size  = "10m"
+    max-size = "10m"
-    max-file  = "3"
+    max-file = "3"
  }
 }
@@ -7,25 +7,25 @@ terraform {
 }
 locals {
-  container_name         = "calibre"
+  container_name        = "calibre"
-  calibre_image          = "docker.io/crocodilestick/calibre-web-automated"
+  calibre_image         = "docker.io/crocodilestick/calibre-web-automated"
-  calibre_tag            = var.image_tag
+  calibre_tag           = var.image_tag
-  calibre_internal_port  = 8083
+  calibre_internal_port = 8083
  calibre_volumes = [
    {
      host_path      = "${var.volume_path}/${local.container_name}/config"
      container_path = "/config"
      read_only      = false
-    },{
+      }, {
      host_path      = "${var.volume_path}/${local.container_name}/book-ingest"
      container_path = "/cwa-book-ingest"
      read_only      = false
-    },{
+      }, {
      host_path      = "${var.volume_path}/${local.container_name}/Calibre Library"
      container_path = "/calibre-library"
      read_only      = false
-    },{
+      }, {
      host_path      = "${var.volume_path}/${local.container_name}/plugins"
      container_path = "/config/.config/calibre/plugins"
      read_only      = false
@@ -33,9 +33,9 @@ locals {
  ]
  calibre_env_vars = {
-    PUID        = var.user_id
+    PUID = var.user_id
-    PGID        = var.group_id
+    PGID = var.group_id
-    TZ          = var.timezone
+    TZ   = var.timezone
  }
 }
@@ -7,12 +7,12 @@ terraform {
 }
 locals {
-  container_name          = "jellyfin"
+  container_name         = "jellyfin"
-  jellyfin_image          = "docker.io/jellyfin/jellyfin"
+  jellyfin_image         = "docker.io/jellyfin/jellyfin"
-  jellyfin_tag            = var.image_tag
+  jellyfin_tag           = var.image_tag
-  env_file                = "${path.module}/.env"
+  env_file               = "${path.module}/.env"
-  jellyfin_internal_port  = 8096
+  jellyfin_internal_port = 8096
-  gpus                    = "all"
+  gpus                   = "all"
  jellyfin_volumes = [
    {
@@ -24,7 +24,7 @@ locals {
      host_path      = "${var.volume_path}/${local.container_name}/config"
      container_path = "/config"
      read_only      = false
-    },{
+      }, {
      host_path      = "${var.volume_path}/${local.container_name}/cache"
      container_path = "/cache"
      read_only      = false
@@ -32,9 +32,9 @@ locals {
  ]
  jellyfin_env_vars = {
-    PUID        = var.user_id
+    PUID = var.user_id
-    PGID        = var.group_id
+    PGID = var.group_id
-    TZ          = var.timezone
+    TZ   = var.timezone
  }
 }
@@ -7,11 +7,11 @@ terraform {
 }
 locals {
-  container_name         = "pelican"
+  container_name        = "pelican"
-  pelican_image          = "ghcr.io/pelican-dev/panel"
+  pelican_image         = "ghcr.io/pelican-dev/panel"
-  pelican_tag            = var.image_tag
+  pelican_tag           = var.image_tag
-  env_file               = "${path.module}/.env"
+  env_file              = "${path.module}/.env"
-  pelican_internal_port  = 8000
+  pelican_internal_port = 8000
  caddyfile_content = <<-EOT
  {
@@ -48,13 +48,13 @@ locals {
 resource "local_file" "pelican_caddy_config_file" {
-    content  = local.caddyfile_content
+  content  = local.caddyfile_content
-    filename = "${var.volume_path}/${local.container_name}/Caddyfile"
+  filename = "${var.volume_path}/${local.container_name}/Caddyfile"
 }
 resource "local_file" "pelican_config_file" {
-    content  = local.pelican_env_file
+  content  = local.pelican_env_file
-    filename = "${var.volume_path}/${local.container_name}/.env"
+  filename = "${var.volume_path}/${local.container_name}/.env"
 }
@@ -66,19 +66,19 @@ module "pelican-panel" {
  tag            = local.pelican_tag
  networks       = var.networks
  restart_policy = "always"
-  volumes        = [
+  volumes = [
    {
-      host_path = "${var.volume_path}/${local.container_name}/Caddyfile"
+      host_path      = "${var.volume_path}/${local.container_name}/Caddyfile"
      container_path = "/etc/caddy/Caddyfile"
-      read_only = true
+      read_only      = true
    },
    {
-      host_path = "${var.volume_path}/${local.container_name}/.env"
+      host_path      = "${var.volume_path}/${local.container_name}/.env"
      container_path = "/pelican-data/.env"
-      read_only = true
+      read_only      = true
    }
  ]
-  env_vars       = {
+  env_vars = {
    TZ           = var.timezone
    PUID         = var.user_id
    PGID         = var.group_id
@@ -95,6 +95,6 @@ output "service_definition" {
    name         = local.container_name
    primary_port = local.pelican_internal_port
    endpoint     = "http://${local.container_name}:${local.pelican_internal_port}"
-    subdomains    = ["gpanel"]
+    subdomains   = ["gpanel"]
  }
 }
@@ -7,11 +7,11 @@ terraform {
 }
 locals {
-  container_name         = "pelican-wings"
+  container_name = "pelican-wings"
-  wings_image            = "ghcr.io/pelican-dev/wings"
+  wings_image    = "ghcr.io/pelican-dev/wings"
-  wings_tag              = var.image_tag
+  wings_tag      = var.image_tag
-  env_file               = "${path.module}/.env"
+  env_file       = "${path.module}/.env"
-  internal_port          = 8080
+  internal_port  = 8080
  wing_0_config = <<-EOT
  debug: false
@@ -36,8 +36,8 @@ locals {
 }
 resource "local_file" "wing_0_config_file" {
-    content  = local.wing_0_config
+  content  = local.wing_0_config
-    filename = "${var.volume_path}/${local.container_name}/wing-0-config.yml"
+  filename = "${var.volume_path}/${local.container_name}/wing-0-config.yml"
 }
 module "pelican-wings" {
@@ -47,47 +47,47 @@ module "pelican-wings" {
  tag            = local.wings_tag
  networks       = var.networks
  restart_policy = "always"
-  ports          = [
+  ports = [
    {
-        internal = 8080
+      internal = 8080
-        external = 8080
+      external = 8080
-        protocol = "tcp"
+      protocol = "tcp"
    },
    {
-        internal = 2022
+      internal = 2022
-        external = 2022
+      external = 2022
-        protocol = "tcp"
+      protocol = "tcp"
    }
  ]
-  volumes        = [
+  volumes = [
    {
-      host_path = "/run/user/1000/podman/podman.sock"
+      host_path      = "/run/user/1000/podman/podman.sock"
      container_path = "/var/run/docker.sock"
-      read_only = false
+      read_only      = false
    },
    {
-      host_path = "/home/jjvij/.local/share/containers"
+      host_path      = "/home/jjvij/.local/share/containers"
      container_path = "/var/lib/docker/containers/"
-      read_only = false
+      read_only      = false
    },
    {
-      host_path = "${var.volume_path}/${local.container_name}/wing-0-config.yml"
+      host_path      = "${var.volume_path}/${local.container_name}/wing-0-config.yml"
      container_path = "/etc/pelican/config.yml"
-      read_only = false
+      read_only      = false
    }
  ]
  env_vars = {
-    TZ               = var.timezone
+    TZ             = var.timezone
-    APP_TIMEZONE     = var.timezone
+    APP_TIMEZONE   = var.timezone
-    WINGS_UID        = var.user_id
+    WINGS_UID      = var.user_id
-    WINGS_GID        = var.group_id
+    WINGS_GID      = var.group_id
-    WINGS_USERNAME   = "pelican"
+    WINGS_USERNAME = "pelican"
  }
-  userns_mode    = "keep-id:uid=1000,gid=1000"
+  userns_mode = "keep-id:uid=1000,gid=1000"
-  labels         = {
+  labels = {
    "run.oci.keep_original_groups" = "1"
  }
-  security_opts  = [
+  security_opts = [
    "label:type:container_runtype_t"
  ]
 }
@@ -98,6 +98,6 @@ output "service_definition" {
    name         = local.container_name
    primary_port = local.internal_port
    endpoint     = "http://${local.container_name}:${local.internal_port}"
-    subdomains    = ["games"]
+    subdomains   = ["games"]
  }
 }
@@ -7,11 +7,11 @@ terraform {
 }
 locals {
-  container_name  = "actualbudget"
+  container_name = "actualbudget"
-  image           = "ghcr.io/actualbudget/actual"
+  image          = "ghcr.io/actualbudget/actual"
-  image_tag       = var.image_tag
+  image_tag      = var.image_tag
-  env_file        = "${path.module}/.env"
+  env_file       = "${path.module}/.env"
-  internal_port   = 5006
+  internal_port  = 5006
  default_volumes = [
    {
@@ -24,58 +24,58 @@ locals {
  authentik_volumes = [
    {
-      host_path       = "${var.volume_path}/${local.container_name}/media"
+      host_path      = "${var.volume_path}/${local.container_name}/media"
-      container_path  = "/media"
+      container_path = "/media"
-      read_only       = false
+      read_only      = false
    },
    {
-      host_path       = "${var.volume_path}/${local.container_name}/custom-templates"
+      host_path      = "${var.volume_path}/${local.container_name}/custom-templates"
-      container_path  = "/templates"
+      container_path = "/templates"
-      read_only       = false
+      read_only      = false
    },
    {
-      host_path       = "${var.volume_path}/${local.container_name}/user_settings.py"
+      host_path      = "${var.volume_path}/${local.container_name}/user_settings.py"
-      container_path  = "/data/user_settings.py"
+      container_path = "/data/user_settings.py"
-      read_only       = false
+      read_only      = false
    }
  ]
  redis_volumes = [
    {
-      host_path       = "${var.volume_path}/${local.container_name}/redis/data"
+      host_path      = "${var.volume_path}/${local.container_name}/redis/data"
-      container_path  = "/data"
+      container_path = "/data"
-      read_only       = false
+      read_only      = false
    },
  ]
  postgres_volumes = [
    {
-      host_path       = "${var.volume_path}/${local.container_name}/postgres/data"
+      host_path      = "${var.volume_path}/${local.container_name}/postgres/data"
-      container_path  = "/var/lib/postgresql/data"
+      container_path = "/var/lib/postgresql/data"
-      read_only       = false
+      read_only      = false
    },
  ]
  authentik_env_vars = {
-    AUTHENTIK_SECRET_KEY             = provider::dotenv::get_by_key("AUTHENTIK_SECRET_KEY", local.env_file)
+    AUTHENTIK_SECRET_KEY           = provider::dotenv::get_by_key("AUTHENTIK_SECRET_KEY", local.env_file)
-    AUTHENTIK_REDIS__HOST            = provider::dotenv::get_by_key("AUTHENTIK_REDIS__HOST", local.env_file)
+    AUTHENTIK_REDIS__HOST          = provider::dotenv::get_by_key("AUTHENTIK_REDIS__HOST", local.env_file)
-    AUTHENTIK_POSTGRESQL__HOST       = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__HOST", local.env_file)
+    AUTHENTIK_POSTGRESQL__HOST     = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__HOST", local.env_file)
-    AUTHENTIK_POSTGRESQL__USER       = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__USER", local.env_file)
+    AUTHENTIK_POSTGRESQL__USER     = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__USER", local.env_file)
-    AUTHENTIK_POSTGRESQL__NAME       = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__NAME", local.env_file)
+    AUTHENTIK_POSTGRESQL__NAME     = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__NAME", local.env_file)
-    AUTHENTIK_POSTGRESQL__PASSWORD   = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__PASSWORD", local.env_file)
+    AUTHENTIK_POSTGRESQL__PASSWORD = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__PASSWORD", local.env_file)
  }
  postgres_env_vars = {
-    POSTGRES_PASSWORD                = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__PASSWORD", local.env_file)
+    POSTGRES_PASSWORD = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__PASSWORD", local.env_file)
-    POSTGRES_USER                    = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__USER", local.env_file)
+    POSTGRES_USER     = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__USER", local.env_file)
-    POSTGRES_DB                      = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__DB", local.env_file)
+    POSTGRES_DB       = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__DB", local.env_file)
  }
 }
-  resource "local_file" "authentik_config_file" {
+resource "local_file" "authentik_config_file" {
-    content  = local.authentik_content
+  content  = local.authentik_content
-    filename = "${var.volume_path}/${local.container_name}/user_settings.py"
+  filename = "${var.volume_path}/${local.container_name}/user_settings.py"
-  }
+}
 module "authentik_network" {
  source = "../../01-networking/network-service"
@@ -83,49 +83,49 @@ module "authentik_network" {
  subnet = "172.16.0.0/29"
  driver = "bridge"
  options = {
-    "isolate": false
+    "isolate" : false
  }
 }
 module "authentik-postgres" {
-    source         = "../../10-generic/docker-service"
+  source         = "../../10-generic/docker-service"
-    container_name = local.postgres_container_name
+  container_name = local.postgres_container_name
-    image          = local.postgres_image
+  image          = local.postgres_image
-    tag            = local.postgres_tag
+  tag            = local.postgres_tag
-    volumes        = local.postgres_volumes
+  volumes        = local.postgres_volumes
-    env_vars       = local.postgres_env_vars
+  env_vars       = local.postgres_env_vars
-    networks       = [module.authentik_network.name]
+  networks       = [module.authentik_network.name]
 }
 module "authentik-redis" {
-    source         = "../../10-generic/docker-service"
+  source         = "../../10-generic/docker-service"
-    container_name = local.redis_container_name
+  container_name = local.redis_container_name
-    image          = local.redis_image
+  image          = local.redis_image
-    tag            = local.redis_tag
+  tag            = local.redis_tag
-    volumes        = local.redis_volumes
+  volumes        = local.redis_volumes
-    networks       = [module.authentik_network.name]
+  networks       = [module.authentik_network.name]
 }
 module "authentik-server" {
-    source         = "../../10-generic/docker-service"
+  source         = "../../10-generic/docker-service"
-    container_name = local.container_name
+  container_name = local.container_name
-    image          = local.authentik_image
+  image          = local.authentik_image
-    tag            = local.authentik_tag
+  tag            = local.authentik_tag
-    volumes        = local.authentik_volumes
+  volumes        = local.authentik_volumes
-    env_vars       = local.authentik_env_vars
+  env_vars       = local.authentik_env_vars
-    networks       = concat([module.authentik_network.name], var.networks)
+  networks       = concat([module.authentik_network.name], var.networks)
-    command        = ["server"]
+  command        = ["server"]
 }
 module "authentik-worker" {
-    source         = "../../10-generic/docker-service"
+  source         = "../../10-generic/docker-service"
-    container_name = "${local.container_name}-worker"
+  container_name = "${local.container_name}-worker"
-    image          = local.authentik_image
+  image          = local.authentik_image
-    tag            = local.authentik_tag
+  tag            = local.authentik_tag
-    volumes        = local.authentik_volumes
+  volumes        = local.authentik_volumes
-    env_vars       = local.authentik_env_vars
+  env_vars       = local.authentik_env_vars
-    networks       = [module.authentik_network.name]
+  networks       = [module.authentik_network.name]
-    command        = ["worker"]
+  command        = ["worker"]
 }
 output "service_definition" {
@@ -7,14 +7,14 @@ terraform {
 }
 locals {
-  container_name             = "coder"
+  container_name          = "coder"
-  postgres_container_name    = "coder-postgres"
+  postgres_container_name = "coder-postgres"
-  coder_image                = "ghcr.io/coder/coder"
+  coder_image             = "ghcr.io/coder/coder"
-  postgres_image             = "docker.io/library/postgres"
+  postgres_image          = "docker.io/library/postgres"
-  coder_tag                  = var.image_tag
+  coder_tag               = var.image_tag
-  postgres_tag               = var.postgres_image_tag
+  postgres_tag            = var.postgres_image_tag
-  env_file                   = "${path.module}/.env"
+  env_file                = "${path.module}/.env"
-  coder_internal_port        = 7080
+  coder_internal_port     = 7080
  coder_volumes = [
    {
@@ -33,19 +33,19 @@ locals {
  ]
  coder_env_vars = {
-    CODER_PG_CONNECTION_URL              = "postgresql://${provider::dotenv::get_by_key("POSTGRES_USER", local.env_file)}:${provider::dotenv::get_by_key("POSTGRES_PASSWORD", local.env_file)}@coder-postgres/${provider::dotenv::get_by_key("POSTGRES_DB", local.env_file)}?sslmode=disable"
+    CODER_PG_CONNECTION_URL     = "postgresql://${provider::dotenv::get_by_key("POSTGRES_USER", local.env_file)}:${provider::dotenv::get_by_key("POSTGRES_PASSWORD", local.env_file)}@coder-postgres/${provider::dotenv::get_by_key("POSTGRES_DB", local.env_file)}?sslmode=disable"
-    CODER_HTTP_ADDRESS                   = provider::dotenv::get_by_key("CODER_HTTP_ADDRESS", local.env_file)
+    CODER_HTTP_ADDRESS          = provider::dotenv::get_by_key("CODER_HTTP_ADDRESS", local.env_file)
-    CODER_ACCESS_URL                     = provider::dotenv::get_by_key("CODER_ACCESS_URL", local.env_file)
+    CODER_ACCESS_URL            = provider::dotenv::get_by_key("CODER_ACCESS_URL", local.env_file)
-    CODER_PROXY_TRUSTED_HEADERS          = provider::dotenv::get_by_key("CODER_PROXY_TRUSTED_HEADERS", local.env_file)
+    CODER_PROXY_TRUSTED_HEADERS = provider::dotenv::get_by_key("CODER_PROXY_TRUSTED_HEADERS", local.env_file)
-    CODER_PROXY_TRUSTED_ORIGINS          = provider::dotenv::get_by_key("CODER_PROXY_TRUSTED_ORIGINS", local.env_file)
+    CODER_PROXY_TRUSTED_ORIGINS = provider::dotenv::get_by_key("CODER_PROXY_TRUSTED_ORIGINS", local.env_file)
-    CODER_DISABLE_PASSWORD_AUTH          = provider::dotenv::get_by_key("CODER_DISABLE_PASSWORD_AUTH", local.env_file)
+    CODER_DISABLE_PASSWORD_AUTH = provider::dotenv::get_by_key("CODER_DISABLE_PASSWORD_AUTH", local.env_file)
-    DOCKER_USER                          = provider::dotenv::get_by_key("DOCKER_USER", local.env_file)
+    DOCKER_USER                 = provider::dotenv::get_by_key("DOCKER_USER", local.env_file)
  }
  postgres_env_vars = {
-    POSTGRES_USER                        = provider::dotenv::get_by_key("POSTGRES_USER", local.env_file)
+    POSTGRES_USER     = provider::dotenv::get_by_key("POSTGRES_USER", local.env_file)
-    POSTGRES_PASSWORD                    = provider::dotenv::get_by_key("POSTGRES_PASSWORD", local.env_file)
+    POSTGRES_PASSWORD = provider::dotenv::get_by_key("POSTGRES_PASSWORD", local.env_file)
-    POSTGRES_DB                          = provider::dotenv::get_by_key("POSTGRES_DB", local.env_file)
+    POSTGRES_DB       = provider::dotenv::get_by_key("POSTGRES_DB", local.env_file)
  }
 }
@@ -56,7 +56,7 @@ module "coder_network" {
  subnet = "172.16.0.16/29"
  driver = "bridge"
  options = {
-    "isolate": false
+    "isolate" : false
  }
 }
@@ -82,10 +82,10 @@ module "coder" {
  networks       = concat([module.coder_network.name], var.networks)
  restart_policy = "always"
  userns_mode    = "keep-id:uid=1000,gid=1000"
-  labels         = {
+  labels = {
    "run.oci.keep_original_groups" = "1"
  }
-  security_opts  = [
+  security_opts = [
    "label:type:container_runtype_t"
  ]
 }
@@ -7,135 +7,135 @@ terraform {
 }
 locals {
-    container_name             = "penpot"
+  container_name          = "penpot"
-    penpot_backend_name        = "penpot-backend"
+  penpot_backend_name     = "penpot-backend"
-    penpot_exporter_name       = "penpot-exporter"
+  penpot_exporter_name    = "penpot-exporter"
-    postgres_container_name    = "penpot-postgres"
+  postgres_container_name = "penpot-postgres"
-    valkey_container_name      = "penpot-valkey"
+  valkey_container_name   = "penpot-valkey"
-    penpot_frontend_image      = "docker.io/penpotapp/frontend"
+  penpot_frontend_image   = "docker.io/penpotapp/frontend"
-    penpot_backend_image       = "docker.io/penpotapp/backend"
+  penpot_backend_image    = "docker.io/penpotapp/backend"
-    penpot_exporter_image      = "docker.io/penpotapp/exporter"
+  penpot_exporter_image   = "docker.io/penpotapp/exporter"
-    valkey_image               = "docker.io/valkey/valkey"
+  valkey_image            = "docker.io/valkey/valkey"
-    postgres_image             = "docker.io/library/postgres"
+  postgres_image          = "docker.io/library/postgres"
-    penpot_frontend_tag        = var.image_tag
+  penpot_frontend_tag     = var.image_tag
-    penpot_backend_tag         = var.image_tag
+  penpot_backend_tag      = var.image_tag
-    penpot_exporter_tag        = var.image_tag
+  penpot_exporter_tag     = var.image_tag
-    valkey_tag                 = var.valkey_image_tag
+  valkey_tag              = var.valkey_image_tag
-    postgres_tag               = var.postgres_image_tag
+  postgres_tag            = var.postgres_image_tag
-    env_file                   = "${path.module}/.env"
+  env_file                = "${path.module}/.env"
-    internal_port              = 8080
+  internal_port           = 8080
-    penpot_volumes = [
+  penpot_volumes = [
-        {
+    {
-            host_path      = "${var.volume_path}/${local.container_name}/assets"
+      host_path      = "${var.volume_path}/${local.container_name}/assets"
-            container_path = "/opt/data/assets"
+      container_path = "/opt/data/assets"
-            read_only      = false
+      read_only      = false
        }
    ]
    postgres_volumes = [
        {
            host_path      = "${var.volume_path}/${local.container_name}/data"
            container_path = "/var/lib/postgresql/data"
            read_only      = false
        }
    ]
    penpot_exporter_env_vars = {
        PENPOT_PUBLIC_URI                    = "http://${local.container_name}:${local.internal_port}"
        PENPOT_REDIS_URI                     = "redis://${local.valkey_container_name}/0"
    }
  ]
-    # Disable emails and enable OIDC since this is a private instanced managed with Authentik
+  postgres_volumes = [
-    penpot_env_vars = {
+    {
-        PENPOT_FLAGS = "disable-smtp enable-prepl-server enable-login-with-oidc"
+      host_path      = "${var.volume_path}/${local.container_name}/data"
-
+      container_path = "/var/lib/postgresql/data"
-        PENPOT_SECRET_KEY                    = provider::dotenv::get_by_key("PENPOT_SECRET_KEY", local.env_file)
+      read_only      = false
        PENPOT_PREPL_HOST                    = "0.0.0.0"
        PENPOT_DATABASE_URI                  = "postgresql://${local.postgres_container_name}/${try(provider::dotenv::get_by_key("POSTGRES_DB", local.env_file), "penpot")}"
        PENPOT_DATABASE_USERNAME             = provider::dotenv::get_by_key("POSTGRES_USER", local.env_file)
        PENPOT_DATABASE_PASSWORD             = provider::dotenv::get_by_key("POSTGRES_PASSWORD", local.env_file)
        PENPOT_REDIS_URI                     = "redis://${local.valkey_container_name}/0"
        PENPOT_ASSETS_STORAGE_BACKEND        = "assets-fs"
        PENPOT_STORAGE_ASSETS_FS_DIRECTORY   = "/opt/data/assets"
        PENPOT_TELEMETRY_ENABLED             = false
        PENPOT_TELEMETRY_REFERER             = ""
        PENPOT_OIDC_CLIENT_ID                = provider::dotenv::get_by_key("PENPOT_OIDC_CLIENT_ID", local.env_file)
        PENPOT_OIDC_BASE_URI                 = provider::dotenv::get_by_key("PENPOT_OIDC_BASE_URI", local.env_file)
        PENPOT_OIDC_ROLES                    = provider::dotenv::get_by_key("PENPOT_OIDC_ROLES", local.env_file)
    }
  ]
-    postgres_env_vars = {
+  penpot_exporter_env_vars = {
-        POSTGRES_USER                        = provider::dotenv::get_by_key("POSTGRES_USER", local.env_file)
+    PENPOT_PUBLIC_URI = "http://${local.container_name}:${local.internal_port}"
-        POSTGRES_PASSWORD                    = provider::dotenv::get_by_key("POSTGRES_PASSWORD", local.env_file)
+    PENPOT_REDIS_URI  = "redis://${local.valkey_container_name}/0"
-        POSTGRES_DB                          = provider::dotenv::get_by_key("POSTGRES_DB", local.env_file)
+  }
-    }
+
  # Disable emails and enable OIDC since this is a private instanced managed with Authentik
  penpot_env_vars = {
    PENPOT_FLAGS = "disable-smtp enable-prepl-server enable-login-with-oidc"
    PENPOT_SECRET_KEY = provider::dotenv::get_by_key("PENPOT_SECRET_KEY", local.env_file)
    PENPOT_PREPL_HOST = "0.0.0.0"
    PENPOT_DATABASE_URI      = "postgresql://${local.postgres_container_name}/${try(provider::dotenv::get_by_key("POSTGRES_DB", local.env_file), "penpot")}"
    PENPOT_DATABASE_USERNAME = provider::dotenv::get_by_key("POSTGRES_USER", local.env_file)
    PENPOT_DATABASE_PASSWORD = provider::dotenv::get_by_key("POSTGRES_PASSWORD", local.env_file)
    PENPOT_REDIS_URI         = "redis://${local.valkey_container_name}/0"
    PENPOT_ASSETS_STORAGE_BACKEND      = "assets-fs"
    PENPOT_STORAGE_ASSETS_FS_DIRECTORY = "/opt/data/assets"
    PENPOT_TELEMETRY_ENABLED = false
    PENPOT_TELEMETRY_REFERER = ""
    PENPOT_OIDC_CLIENT_ID = provider::dotenv::get_by_key("PENPOT_OIDC_CLIENT_ID", local.env_file)
    PENPOT_OIDC_BASE_URI  = provider::dotenv::get_by_key("PENPOT_OIDC_BASE_URI", local.env_file)
    PENPOT_OIDC_ROLES     = provider::dotenv::get_by_key("PENPOT_OIDC_ROLES", local.env_file)
  }
  postgres_env_vars = {
    POSTGRES_USER     = provider::dotenv::get_by_key("POSTGRES_USER", local.env_file)
    POSTGRES_PASSWORD = provider::dotenv::get_by_key("POSTGRES_PASSWORD", local.env_file)
    POSTGRES_DB       = provider::dotenv::get_by_key("POSTGRES_DB", local.env_file)
  }
 }
 module "penpot_network" {
-    source = "../../01-networking/network-service"
+  source = "../../01-networking/network-service"
-    name   = "penpot-network"
+  name   = "penpot-network"
-    subnet = "172.16.0.32/29"
+  subnet = "172.16.0.32/29"
-    driver = "bridge"
+  driver = "bridge"
-    options = {
+  options = {
-        "isolate": false
+    "isolate" : false
-    }
+  }
 }
 module "penpot-postgres" {
-    source         = "../../10-generic/docker-service"
+  source         = "../../10-generic/docker-service"
-    container_name = local.postgres_container_name
+  container_name = local.postgres_container_name
-    image          = local.postgres_image
+  image          = local.postgres_image
-    tag            = local.postgres_tag
+  tag            = local.postgres_tag
-    volumes        = local.postgres_volumes
+  volumes        = local.postgres_volumes
-    env_vars       = local.postgres_env_vars
+  env_vars       = local.postgres_env_vars
-    networks       = module.penpot_network.name
+  networks       = module.penpot_network.name
-    restart_policy = "always"
+  restart_policy = "always"
 }
 module "penpot-valkey" {
-    source         = "../../10-generic/docker-service"
+  source         = "../../10-generic/docker-service"
-    container_name = local.valkey_container_name
+  container_name = local.valkey_container_name
-    image          = local.valkey_image
+  image          = local.valkey_image
-    tag            = local.valkey_tag
+  tag            = local.valkey_tag
-    networks       = module.penpot_network.name
+  networks       = module.penpot_network.name
-    restart_policy = "always"
+  restart_policy = "always"
 }
 module "penpot-exporter" {
-    source         = "../../10-generic/docker-service"
+  source         = "../../10-generic/docker-service"
-    container_name = local.penpot_exporter_name
+  container_name = local.penpot_exporter_name
-    image          = local.penpot_backend_image
+  image          = local.penpot_backend_image
-    tag            = local.penpot_backend_tag
+  tag            = local.penpot_backend_tag
-    env_vars       = local.penpot_exporter_env_vars
+  env_vars       = local.penpot_exporter_env_vars
-    networks       = module.penpot_network.name
+  networks       = module.penpot_network.name
-    restart_policy = "always"
+  restart_policy = "always"
 }
 module "penpot-backend" {
-    source         = "../../10-generic/docker-service"
+  source         = "../../10-generic/docker-service"
-    container_name = local.penpot_backend_name
+  container_name = local.penpot_backend_name
-    image          = local.penpot_backend_image
+  image          = local.penpot_backend_image
-    tag            = local.penpot_backend_tag
+  tag            = local.penpot_backend_tag
-    volumes        = local.penpot_volumes
+  volumes        = local.penpot_volumes
-    env_vars       = local.penpot_env_vars
+  env_vars       = local.penpot_env_vars
-    networks       = module.penpot_network.name
+  networks       = module.penpot_network.name
-    restart_policy = "always"
+  restart_policy = "always"
 }
 module "penpot" {
-    source         = "../../10-generic/docker-service"
+  source         = "../../10-generic/docker-service"
-    container_name = local.container_name
+  container_name = local.container_name
-    image          = local.penpot_frontend_image
+  image          = local.penpot_frontend_image
-    tag            = local.penpot_frontend_tag
+  tag            = local.penpot_frontend_tag
-    volumes        = local.penpot_volumes
+  volumes        = local.penpot_volumes
-    networks       = concat([module.penpot_network.name], var.networks)
+  networks       = concat([module.penpot_network.name], var.networks)
-    restart_policy = "always"
+  restart_policy = "always"
 }
@@ -7,11 +7,11 @@ terraform {
 }
 locals {
-  container_name             = "qbittorrent"
+  container_name            = "qbittorrent"
-  qbittorrent_image          = "lscr.io/linuxserver/qbittorrent"
+  qbittorrent_image         = "lscr.io/linuxserver/qbittorrent"
-  qbittorrent_tag            = var.image_tag
+  qbittorrent_tag           = var.image_tag
-  env_file                   = "${path.module}/.env"
+  env_file                  = "${path.module}/.env"
-  qbittorrent_internal_port  = 9080
+  qbittorrent_internal_port = 9080
  qbittorrent_volumes = [
    {
@@ -27,11 +27,11 @@ locals {
  ]
  qbittorrent_env_vars = {
-    PUID                             = var.user_id
+    PUID            = var.user_id
-    PGID                             = var.group_id
+    PGID            = var.group_id
-    TZ                               = var.timezone
+    TZ              = var.timezone
-    WEBUI_PORT                       = provider::dotenv::get_by_key("WEBUI_PORT", local.env_file)
+    WEBUI_PORT      = provider::dotenv::get_by_key("WEBUI_PORT", local.env_file)
-    TORRENTING_PORT                  = provider::dotenv::get_by_key("TORRENTING_PORT", local.env_file)
+    TORRENTING_PORT = provider::dotenv::get_by_key("TORRENTING_PORT", local.env_file)
  }
 }
@@ -7,55 +7,55 @@ terraform {
 }
 locals {
-  container_name         = "tandoor"
+  container_name        = "tandoor"
-  postgres_name          = "tandoor-postgres"
+  postgres_name         = "tandoor-postgres"
-  tandoor_image          = "docker.io/vabene1111/recipes"
+  tandoor_image         = "docker.io/vabene1111/recipes"
-  postgres_image         = "docker.io/library/postgres"
+  postgres_image        = "docker.io/library/postgres"
-  tandoor_tag            = var.image_tag
+  tandoor_tag           = var.image_tag
-  postgres_tag           = var.postgres_image_tag
+  postgres_tag          = var.postgres_image_tag
-  env_file               = "${path.module}/.env"
+  env_file              = "${path.module}/.env"
-  tandoor_internal_port  = 80
+  tandoor_internal_port = 80
  tandoor_volumes = [
    {
      host_path      = "${var.volume_path}/${local.container_name}/config"
      container_path = "/config"
      read_only      = false
-    },{
+      }, {
      host_path      = "${var.volume_path}/${local.container_name}/cache"
      container_path = "/cache"
      read_only      = false
    },
  ]
-    postgres_volumes = [
+  postgres_volumes = [
    {
-      host_path       = "${var.volume_path}/${local.container_name}/postgres/data"
+      host_path      = "${var.volume_path}/${local.container_name}/postgres/data"
-      container_path  = "/var/lib/postgresql/data"
+      container_path = "/var/lib/postgresql/data"
-      read_only       = false
+      read_only      = false
    },
  ]
  tandoor_env_vars = {
-    SOCIAL_PROVIDERS                 = provider::dotenv::get_by_key("SOCIAL_PROVIDERS", local.env_file)
+    SOCIAL_PROVIDERS        = provider::dotenv::get_by_key("SOCIAL_PROVIDERS", local.env_file)
-    SOCIALACCOUNT_PROVIDERS          = provider::dotenv::get_by_key("SOCIALACCOUNT_PROVIDERS", local.env_file)
+    SOCIALACCOUNT_PROVIDERS = provider::dotenv::get_by_key("SOCIALACCOUNT_PROVIDERS", local.env_file)
-    ENABLE_SIGNUP                    = provider::dotenv::get_by_key("ENABLE_SIGNUP", local.env_file)
+    ENABLE_SIGNUP           = provider::dotenv::get_by_key("ENABLE_SIGNUP", local.env_file)
-    MEDIA_URL                        = provider::dotenv::get_by_key("MEDIA_URL", local.env_file)
+    MEDIA_URL               = provider::dotenv::get_by_key("MEDIA_URL", local.env_file)
-    SECRET_KEY                       = provider::dotenv::get_by_key("SECRET_KEY", local.env_file)
+    SECRET_KEY              = provider::dotenv::get_by_key("SECRET_KEY", local.env_file)
-    DEBUG                            = provider::dotenv::get_by_key("DEBUG", local.env_file)
+    DEBUG                   = provider::dotenv::get_by_key("DEBUG", local.env_file)
-    ALLOWED_HOSTS                    = provider::dotenv::get_by_key("ALLOWED_HOSTS", local.env_file)
+    ALLOWED_HOSTS           = provider::dotenv::get_by_key("ALLOWED_HOSTS", local.env_file)
-    DB_ENGINE                        = provider::dotenv::get_by_key("DB_ENGINE", local.env_file)
+    DB_ENGINE               = provider::dotenv::get_by_key("DB_ENGINE", local.env_file)
-    POSTGRES_HOST                    = provider::dotenv::get_by_key("POSTGRES_HOST", local.env_file)
+    POSTGRES_HOST           = provider::dotenv::get_by_key("POSTGRES_HOST", local.env_file)
-    POSTGRES_DB                      = provider::dotenv::get_by_key("POSTGRES_DB", local.env_file)
+    POSTGRES_DB             = provider::dotenv::get_by_key("POSTGRES_DB", local.env_file)
-    POSTGRES_PORT                    = provider::dotenv::get_by_key("POSTGRES_PORT", local.env_file)
+    POSTGRES_PORT           = provider::dotenv::get_by_key("POSTGRES_PORT", local.env_file)
-    POSTGRES_USER                    = provider::dotenv::get_by_key("POSTGRES_USER", local.env_file)
+    POSTGRES_USER           = provider::dotenv::get_by_key("POSTGRES_USER", local.env_file)
-    POSTGRES_PASSWORD                = provider::dotenv::get_by_key("POSTGRES_PASSWORD", local.env_file)
+    POSTGRES_PASSWORD       = provider::dotenv::get_by_key("POSTGRES_PASSWORD", local.env_file)
  }
  postgres_env_vars = {
-    POSTGRES_PASSWORD                = provider::dotenv::get_by_key("POSTGRES_PASSWORD", local.env_file)
+    POSTGRES_PASSWORD = provider::dotenv::get_by_key("POSTGRES_PASSWORD", local.env_file)
-    POSTGRES_USER                    = provider::dotenv::get_by_key("POSTGRES_USER", local.env_file)
+    POSTGRES_USER     = provider::dotenv::get_by_key("POSTGRES_USER", local.env_file)
-    POSTGRES_DB                      = provider::dotenv::get_by_key("POSTGRES_DB", local.env_file)
+    POSTGRES_DB       = provider::dotenv::get_by_key("POSTGRES_DB", local.env_file)
  }
 }
@@ -65,7 +65,7 @@ module "tandoor_network" {
  subnet = "172.16.0.24/29"
  driver = "bridge"
  options = {
-    "isolate": false
+    "isolate" : false
  }
 }
@@ -7,16 +7,16 @@ terraform {
 }
 locals {
-  container_name         = "traccar"
+  container_name        = "traccar"
-  traccar_image          = "docker.io/traccar/traccar"
+  traccar_image         = "docker.io/traccar/traccar"
-  traccar_tag            = var.image_tag
+  traccar_tag           = var.image_tag
-  env_file               = "${path.module}/.env"
+  env_file              = "${path.module}/.env"
-  traccar_internal_port  = 8082
+  traccar_internal_port = 8082
  traccar_env_vars = {
-    PUID        = var.user_id
+    PUID = var.user_id
-    PGID        = var.group_id
+    PGID = var.group_id
-    TZ          = var.timezone
+    TZ   = var.timezone
  }
  traccar_content = <<-EOT
@@ -52,16 +52,16 @@ module "traccar" {
  container_name = local.container_name
  image          = local.traccar_image
  tag            = local.traccar_tag
-  volumes        = [
+  volumes = [
    {
      host_path      = "${var.volume_path}/${local.container_name}/logs"
      container_path = "/opt/traccar/logs"
      read_only      = false
-    },{
+      }, {
      host_path      = "${var.volume_path}/${local.container_name}/data"
      container_path = "/opt/traccar/data"
      read_only      = false
-    },{
+      }, {
      host_path      = "${var.volume_path}/${local.container_name}/traccar.xml"
      container_path = "/opt/traccar/conf/traccar.xml"
      read_only      = true
@@ -15,72 +15,72 @@ module "infrastructure_int" {
  driver     = "bridge"
  attachable = true
  options = {
-    "isolate": false
+    "isolate" : false
  }
 }
 module "jellyfin" {
-  source = "${local.module_dir}/20-services-entertainment/jellyfin-service"
+  source      = "${local.module_dir}/20-services-entertainment/jellyfin-service"
  volume_path = "${local.root_volume}/jellyfin"
-  networks = [module.infrastructure_int.name]
+  networks    = [module.infrastructure_int.name]
 }
 module "calibre" {
-  source = "${local.module_dir}/20-services-entertainment/calibre-service"
+  source      = "${local.module_dir}/20-services-entertainment/calibre-service"
  volume_path = "${local.root_volume}/calibre"
-  networks = [module.infrastructure_int.name]
+  networks    = [module.infrastructure_int.name]
 }
 module "pelican" {
-  source = "${local.module_dir}/20-services-entertainment/pelican-service"
+  source      = "${local.module_dir}/20-services-entertainment/pelican-service"
  volume_path = "${local.root_volume}/pelican"
-  networks = [module.infrastructure_int.name]
+  networks    = [module.infrastructure_int.name]
 }
 module "wings" {
-  source = "${local.module_dir}/20-services-entertainment/wings-service"
+  source      = "${local.module_dir}/20-services-entertainment/wings-service"
  volume_path = "${local.root_volume}/wings"
-  networks = [module.infrastructure_int.name]
+  networks    = [module.infrastructure_int.name]
 }
 module "authentik" {
-  source = "${local.module_dir}/30-services-software/authentik-service"
+  source      = "${local.module_dir}/30-services-software/authentik-service"
  volume_path = "${local.root_volume}/authentik"
-  networks = [module.infrastructure_int.name]
+  networks    = [module.infrastructure_int.name]
 }
 module "traccar" {
-  source = "${local.module_dir}/30-services-software/traccar-service"
+  source      = "${local.module_dir}/30-services-software/traccar-service"
  volume_path = "${local.root_volume}/traccar"
-  networks = [module.infrastructure_int.name]
+  networks    = [module.infrastructure_int.name]
 }
 module "tandoor" {
-  source = "${local.module_dir}/30-services-software/tandoor-service"
+  source      = "${local.module_dir}/30-services-software/tandoor-service"
  volume_path = "${local.root_volume}/tandoor"
-  networks = [module.infrastructure_int.name]
+  networks    = [module.infrastructure_int.name]
 }
 module "qbittorrent" {
-  source = "${local.module_dir}/30-services-software/qbittorrent-service"
+  source      = "${local.module_dir}/30-services-software/qbittorrent-service"
  volume_path = "${local.root_volume}/qbittorrent"
-  networks = [module.infrastructure_int.name]
+  networks    = [module.infrastructure_int.name]
 }
 module "coder" {
-  source = "${local.module_dir}/30-services-software/coder-service"
+  source      = "${local.module_dir}/30-services-software/coder-service"
  volume_path = "${local.root_volume}/coder"
-  networks = [module.infrastructure_int.name]
+  networks    = [module.infrastructure_int.name]
 }
 module "actualbudget" {
-  source = "${local.module_dir}/30-services-software/actualbudget-service"
+  source      = "${local.module_dir}/30-services-software/actualbudget-service"
  volume_path = "${local.root_volume}/actualbudget"
-  networks = [module.infrastructure_int.name]
+  networks    = [module.infrastructure_int.name]
 }
 module "penpot" {
-  source = "${local.module_dir}/30-services-software/penpot-service"
+  source      = "${local.module_dir}/30-services-software/penpot-service"
  volume_path = "${local.root_volume}/penpot"
-  networks = [module.infrastructure_int.name]
+  networks    = [module.infrastructure_int.name]
 }
@@ -17,5 +17,5 @@ output "service_definitions" {
 output "infrastructure_int" {
  description = "The internal infrastructure network"
-  value = module.infrastructure_int
+  value       = module.infrastructure_int
 }