homelab-nomad/services/main.tf

257 lines
5.6 KiB
Terraform
Raw Normal View History

module "backups" {
source = "./backups"
}
resource "nomad_job" "whoami" {
hcl2 {
enabled = true
vars = {
2023-04-14 21:24:33 +00:00
"count" = 4,
}
}
jobspec = file("${path.module}/whoami.nomad")
}
resource "nomad_job" "ipdvr" {
jobspec = file("${path.module}/ip-dvr.nomad")
}
module "media-library" {
source = "./service"
name = "media-library"
image = "caddy"
args = ["caddy", "file-server", "--root", "/mnt/media", "--browse"]
ingress = true
service_port = 80
host_volumes = [
{
name = "media-read"
dest = "/mnt/media"
read_only = true
},
]
}
2022-11-15 17:02:57 +00:00
module "minitor" {
source = "./service"
2022-11-10 19:15:43 +00:00
name = "minitor"
image = "iamthefij/minitor-go:1.1"
args = ["-metrics", "-config=$${NOMAD_TASK_DIR}/config.yml"]
service_port = 8080
prometheus = true
2022-11-15 17:02:57 +00:00
templates = [
{
data = <<EOF
2023-03-24 18:24:36 +00:00
{{ with nomadVar "nomad/jobs/minitor" -}}
MAILGUN_API_KEY={{ .mailgun_api_key }}
2022-11-15 17:02:57 +00:00
{{ end -}}
EOF
dest = "env"
dest_prefix = "$${NOMAD_SECRETS_DIR}/"
env = true
},
{
data = file("${path.module}/minitor-config.yml")
left_delimiter = "[["
right_delimiter = "]]"
dest = "config.yml"
mount = false
2022-11-15 17:02:57 +00:00
},
]
}
module "photoprism_module" {
source = "./service"
name = "photoprism"
image = "photoprism/photoprism:221118-jammy"
image_pull_timeout = "10m"
constraints = [{
attribute = "$${meta.hw_transcode.type}"
# operator = "is_set"
value = "raspberry"
}]
2023-07-07 22:52:12 +00:00
docker_devices = [{
host_path = "$${meta.hw_transcode.device}"
container_path = "$${meta.hw_transcode.device}"
}]
resources = {
2023-03-02 18:39:42 +00:00
cpu = 2000
memory = 3000
memory_max = 4000
}
2023-07-07 22:52:12 +00:00
sticky_disk = true
host_volumes = [
{
name = "photoprism-storage"
dest = "/photoprism-storage"
read_only = false
},
{
name = "photoprism-media"
dest = "/photoprism-media"
read_only = false
},
]
2023-07-07 22:52:12 +00:00
ingress = true
service_port = 2342
ingress_middlewares = [
"authelia@nomad"
2023-07-07 22:52:12 +00:00
]
mysql_bootstrap = {
2023-07-07 22:52:12 +00:00
enabled = true
2022-11-10 19:15:43 +00:00
}
2023-07-07 22:52:12 +00:00
env = {
PHOTOPRISM_DEBUG = true
# Make public since we added Authelia at the proxy level
PHOTOPRISM_AUTH_MODE = "public"
# UI
PHOTOPRISM_SITE_CAPTION = "AI-Powered Photos App"
PHOTOPRISM_SITE_DESCRIPTION = "Fijolek home photos"
PHOTOPRISM_SITE_TITLE = "PhotoPrism"
PHOTOPRISM_SITE_URL = "https://photoprism.thefij.rocks/"
PHOTOPRISM_SPONSOR = "true"
# Worker config
PHOTOPRISM_WORKERS = 2
# Paths
PHOTOPRISM_ORIGINALS_PATH = "/photoprism-media/Library"
PHOTOPRISM_IMPORT_PATH = "/photoprism-media/Import"
PHOTOPRISM_STORAGE_PATH = "/photoprism-storage" # Storage PATH for generated files like cache and thumbnails
# Unix permissions
PHOTOPRISM_UID = 500
PHOTOPRISM_GID = 100
PHOTOPRISM_UMASK = 0000
}
templates = [
{
data = <<EOF
2023-03-24 18:24:36 +00:00
{{ with nomadVar "nomad/jobs/photoprism" -}}
PHOTOPRISM_ADMIN_USER={{ .admin_user }}
PHOTOPRISM_ADMIN_PASSWORD={{ .admin_password }}
PHOTOPRISM_DATABASE_DRIVER=mysql
2023-03-24 18:24:36 +00:00
PHOTOPRISM_DATABASE_NAME={{ .db_name }}
PHOTOPRISM_DATABASE_USER={{ .db_user }}
PHOTOPRISM_DATABASE_PASSWORD={{ .db_pass }}
PHOTOPRISM_DATABASE_SERVER=127.0.0.1:3306
{{- end }}
{{ if eq (env "meta.hw_transcode.type") "raspberry" -}}
PHOTOPRISM_FFMPEG_ENCODER=raspberry
PHOTOPRISM_FFMPEG_BUFFERS=64
{{ else if eq (env "meta.hw_transcode.type") "intel" -}}
PHOTOPRISM_FFMPEG_ENCODER=intel
PHOTOPRISM_INIT="intel tensorflow"
{{- end }}
EOF
dest_prefix = "$${NOMAD_SECRETS_DIR}/"
dest = "env"
env = true
mount = false
},
]
2022-11-10 19:15:43 +00:00
}
2023-01-12 20:11:16 +00:00
module "diun" {
source = "./service"
name = "diun"
image = "crazymax/diun:4.24"
args = ["serve", "--log-level=debug"]
env = {
DIUN_DB_PATH = "$${NOMAD_TASK_DIR}/diun.db"
DIUN_WATCH_SCHEDULE = "0 */6 * * *"
DIUN_PROVIDERS_NOMAD_WATCHBYDEFAULT = true
# Nomad API
2023-03-27 22:50:15 +00:00
# TODO: Use socket in $NOMAD_SECRETS_DIR/api.sock when we can assign workload ACLs with Terraform to
# allow read access. Will need to update template to allow passing token by env
2023-01-12 20:11:16 +00:00
NOMAD_ADDR = "http://$${attr.unique.network.ip-address}:4646/"
DIUN_PROVIDERS_NOMAD = true
}
templates = [
{
data = <<EOF
2023-03-24 18:24:36 +00:00
{{ with nomadVar "nomad/jobs/diun" -}}
DIUN_NOTIF_SLACK_WEBHOOKURL={{ .slack_hook_url }}
{{- end }}
2023-01-12 20:11:16 +00:00
EOF
dest_prefix = "$${NOMAD_SECRETS_DIR}"
dest = "env"
env = true
mount = false
},
]
}
module "adminer" {
source = "./service"
name = "adminer"
image = "adminer"
ingress = true
service_port = 8080
2023-07-25 23:40:01 +00:00
use_mysql = true
use_postgres = true
resources = {
cpu = 50
memory = 50
}
}
2023-07-25 18:05:23 +00:00
module "lidarr" {
source = "./service"
name = "lidarr"
image = "linuxserver/lidarr"
ingress = true
service_port = 8686
use_postgres = true
postgres_bootstrap = {
enabled = true
databases = [
"lidarr",
"lidarr-logs",
]
}
env = {
PGID = 100
PUID = 1001
TZ = "America/Los_Angeles"
}
host_volumes = [
{
name = "lidarr-config"
dest = "/config"
read_only = false
},
{
name = "media-write"
dest = "/media"
read_only = false
},
]
resources = {
2023-07-26 22:30:05 +00:00
cpu = 500
memory = 1500
2023-07-25 18:05:23 +00:00
}
}