Add tandoor, fix traccar and fix an authentik env variable

2025-08-12 18:23:56 +00:00
parent 148bad8353
commit 3890e2a7ae
8 changed files with 179 additions and 5 deletions
@@ -3,4 +3,5 @@ AUTHENTIK_REDIS__HOST=
 AUTHENTIK_POSTGRESQL__HOST=
 AUTHENTIK_POSTGRESQL__USER=
 AUTHENTIK_POSTGRESQL__NAME=
-AUTHENTIK_POSTGRESQL__PASSWORD=
+AUTHENTIK_POSTGRESQL__PASSWORD=
+AUTHENTIK_POSTGRESQL__DB=
@@ -14,8 +14,8 @@ locals {
  redis_image             = "docker.io/library/redis"
  postgres_image          = "docker.io/library/postgres"
  authentik_tag           = var.image_tag
-  redis_tag               = "alpine"
-  postgres_tag            = "17-alpine"
+  redis_tag               = var.redis_image_tag
+  postgres_tag            = var.postgres_image_tag
  env_file                = "${path.module}/.env"
  authentik_internal_port = 9000

@@ -60,7 +60,7 @@ locals {
  postgres_env_vars = {
    POSTGRES_PASSWORD                = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__PASSWORD", local.env_file)
    POSTGRES_USER                    = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__USER", local.env_file)
-    POSTGRES_DB                      = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__PASSWORD", local.env_file)
+    POSTGRES_DB                      = provider::dotenv::get_by_key("AUTHENTIK_POSTGRESQL__DB", local.env_file)
  }
 }

@@ -1,10 +1,22 @@

 variable "image_tag" {
-  description = "The tag for the freeipa container image. Default: 2025.6.3"
+  description = "The tag for the authentik container image. Default: 2025.6.3"
  type        = string
  default     = "2025.6.3"
 }

+variable "redis_image_tag" {
+  description = "The tag for the redis container image. Default: 2025.6.3"
+  type        = string
+  default     = "alpine"
+}
+
+variable "postgres_image_tag" {
+  description = "The tag for the redis container image. Default: 2025.6.3"
+  type        = string
+  default     = "17-alpine"
+}
+
 variable "volume_path" {
  description = "Base directory for volumes"
  type        = string
@@ -0,0 +1,19 @@
+# ---------------------------------------------------------------------------
+# This template contains only required options.
+# Visit the docs to find more https://docs.tandoor.dev/system/configuration/
+# ---------------------------------------------------------------------------
+
+# random secret key, use for example `base64 /dev/urandom | head -c50` to generate one
+SECRET_KEY=
+DEBUG=0
+
+# allowed hosts (see documentation), should be set to your hostname(s) but might be * (default) for some proxies/providers
+ALLOWED_HOSTS=
+
+# add only a database password if you want to run with the default postgres, otherwise change settings accordingly
+DB_ENGINE=django.db.backends.postgresql
+POSTGRES_HOST=db_recipes
+POSTGRES_DB=djangodb
+POSTGRES_PORT=5432
+POSTGRES_USER=djangouser
+POSTGRES_PASSWORD=
@@ -0,0 +1,93 @@
+terraform {
+  required_providers {
+    dotenv = {
+      source = "germanbrew/dotenv"
+    }
+  }
+}
+
+locals {
+  container_name         = "tandoor"
+  postgres_name          = "tandoor-postgres"
+  tandoor_image          = "docker.io/vabene1111/recipes"
+  postgres_image         = "docker.io/library/postgres"
+  tandoor_tag            = var.image_tag
+  postgres_tag           = var.postgres_image_tag
+  env_file               = "${path.module}/.env"
+  tandoor_internal_port  = 8080
+
+  tandoor_volumes = [
+    {
+      host_path      = "/mnt/storage/media"
+      container_path = "/media"
+      read_only      = true
+    },
+    {
+      host_path      = "${var.volume_path}/${local.container_name}/config"
+      container_path = "/config"
+      read_only      = false
+    },{
+      host_path      = "${var.volume_path}/${local.container_name}/cache"
+      container_path = "/cache"
+      read_only      = false
+    },
+  ]
+
+    postgres_volumes = [
+    {
+      host_path       = "${var.volume_path}/${local.container_name}/postgres/data"
+      container_path  = "/var/lib/postgresql/data"
+      read_only       = false
+    },
+  ]
+
+  tandoor_env_vars = {
+    SECRET_KEY                       = provider::dotenv::get_by_key("SECRET_KEY", local.env_file)
+    DEBUG                            = provider::dotenv::get_by_key("DEBUG", local.env_file)
+    ALLOWED_HOSTS                    = provider::dotenv::get_by_key("ALLOWED_HOSTS", local.env_file)
+    DB_ENGINE                        = provider::dotenv::get_by_key("DB_ENGINE", local.env_file)
+    POSTGRES_HOST                    = provider::dotenv::get_by_key("POSTGRES_HOST", local.env_file)
+    POSTGRES_DB                      = provider::dotenv::get_by_key("POSTGRES_DB", local.env_file)
+    POSTGRES_PORT                    = provider::dotenv::get_by_key("POSTGRES_PORT", local.env_file)
+    POSTGRES_USER                    = provider::dotenv::get_by_key("POSTGRES_USER", local.env_file)
+    POSTGRES_PASSWORD                = provider::dotenv::get_by_key("POSTGRES_PASSWORD", local.env_file)
+  }
+
+  postgres_env_vars = {
+    POSTGRES_PASSWORD                = provider::dotenv::get_by_key("POSTGRES_PASSWORD", local.env_file)
+    POSTGRES_USER                    = provider::dotenv::get_by_key("POSTGRES_USER", local.env_file)
+    POSTGRES_DB                      = provider::dotenv::get_by_key("POSTGRES_DB", local.env_file)
+  }
+}
+
+module "tandoor-postgres" {
+  source         = "../../10-generic/docker-service"
+  container_name = local.postgres_name
+  image          = local.postgres_image
+  tag            = local.postgres_tag
+  volumes        = local.postgres_volumes
+  env_vars       = local.postgres_env_vars
+  networks       = var.networks
+}
+
+module "tandoor" {
+  source         = "../../10-generic/docker-service"
+  container_name = local.container_name
+  image          = local.tandoor_image
+  tag            = local.tandoor_tag
+  volumes        = local.tandoor_volumes
+  env_vars       = local.tandoor_env_vars
+  networks       = concat(var.networks)
+  restart_policy = "always"
+}
+
+output "service_definition" {
+  description = "General service definition with optional ingress configuration"
+  value = {
+    name         = local.container_name
+    primary_port = local.tandoor_internal_port
+    endpoint     = "http://${local.container_name}:${local.tandoor_internal_port}"
+    subdomains   = ["tandoor"]
+    is_guarded   = true
+  }
+}
@@ -0,0 +1,40 @@
+variable "image_tag" {
+  description = "The tag for the JellyFin container image. Default: Latest"
+  type        = string
+  default     = "latest"
+}
+
+variable "postgres_image_tag" {
+  description = "The tag for the redis container image. Default: 2025.6.3"
+  type        = string
+  default     = "17-alpine"
+}
+
+variable "volume_path" {
+  description = "Base directory for volumes"
+  type        = string
+}
+
+variable "networks" {
+  description = "List of networks to which the container should be attached"
+  type        = list(string)
+  default     = []
+}
+
+variable "user_id" {
+  description = "User ID for container permissions"
+  type        = string
+  default     = "1000"
+}
+
+variable "group_id" {
+  description = "Group ID for container permissions"
+  type        = string
+  default     = "1000"
+}
+
+variable "timezone" {
+  description = "Timezone for the container"
+  type        = string
+  default     = "Europe/Helsinki"
+}
@@ -32,6 +32,14 @@ module "traccar" {
  ]
 }

+module "tandoor" {
+  source = "${local.module_dir}/30-services-software/tandoor-service"
+  volume_path = "${local.root_volume}/tandoor"
+  networks = [
+    "blue",
+  ]
+}
+
 module "jellyfin" {
  source = "${local.module_dir}/20-services-entertainment/jellyfin-service"
  volume_path = "${local.root_volume}/jellyfin"
@@ -4,6 +4,7 @@ output "service_definitions" {
    module.jellyfin.service_definition,
    module.calibre.service_definition,
    module.traccar.service_definition,
+    module.tandoor.service_definition,
    module.authentik.service_definition,
  ]
 }