homelab-nomad/services/main.tf

module "backups" {
  source = "./backups"
}

resource "nomad_job" "whoami" {
  hcl2 {
    enabled = true
    vars = {
      "count" = 4,
    }
  }

  jobspec = file("${path.module}/whoami.nomad")
}

resource "nomad_job" "ipdvr" {
  jobspec = file("${path.module}/ip-dvr.nomad")
}

module "media-library" {
  source = "./service"

  name         = "media-library"
  image        = "caddy"
  args         = ["caddy", "file-server", "--root", "/mnt/media", "--browse"]
  ingress      = true
  service_port = 80
  host_volumes = [
    {
      name      = "media-read"
      dest      = "/mnt/media"
      read_only = true
    },
  ]
}

module "minitor" {
  source = "./service"

  name         = "minitor"
  image        = "iamthefij/minitor-go:1.1"
  args         = ["-metrics", "-config=$${NOMAD_TASK_DIR}/config.yml"]
  service_port = 8080
  prometheus   = true

  templates = [
    {
      data        = <<EOF
      {{ with nomadVar "nomad/jobs/minitor" -}}
      MAILGUN_API_KEY={{ .mailgun_api_key }}
      {{ end -}}
      EOF
      dest        = "env"
      dest_prefix = "$${NOMAD_SECRETS_DIR}/"
      env         = true
    },
    {
      data            = file("${path.module}/minitor-config.yml")
      left_delimiter  = "[["
      right_delimiter = "]]"
      dest            = "config.yml"
      mount           = false
    },
  ]
}

module "photoprism_module" {
  source = "./service"

  name               = "photoprism"
  image              = "photoprism/photoprism:221118-jammy"
  image_pull_timeout = "10m"
  constraints = [{
    attribute = "$${meta.hw_transcode.type}"
    # operator = "is_set"
    value = "raspberry"
  }]

  docker_devices = [{
    host_path      = "$${meta.hw_transcode.device}"
    container_path = "$${meta.hw_transcode.device}"
  }]
  resources = {
    cpu        = 2000
    memory     = 3000
    memory_max = 4000
  }
  sticky_disk = true
  host_volumes = [
    {
      name      = "photoprism-storage"
      dest      = "/photoprism-storage"
      read_only = false
    },
    {
      name      = "photoprism-media"
      dest      = "/photoprism-media"
      read_only = false
    },
  ]


  ingress      = true
  service_port = 2342
  ingress_middlewares = [
    "authelia@nomad"
  ]

  mysql_bootstrap = {
    enabled = true
  }

  env = {
    PHOTOPRISM_DEBUG = true
    # Make public since we added Authelia at the proxy level
    PHOTOPRISM_AUTH_MODE = "public"
    # UI
    PHOTOPRISM_SITE_CAPTION     = "AI-Powered Photos App"
    PHOTOPRISM_SITE_DESCRIPTION = "Fijolek home photos"
    PHOTOPRISM_SITE_TITLE       = "PhotoPrism"
    PHOTOPRISM_SITE_URL         = "https://photoprism.thefij.rocks/"
    PHOTOPRISM_SPONSOR          = "true"
    # Worker config
    PHOTOPRISM_WORKERS = 2
    # Paths
    PHOTOPRISM_ORIGINALS_PATH = "/photoprism-media/Library"
    PHOTOPRISM_IMPORT_PATH    = "/photoprism-media/Import"
    PHOTOPRISM_STORAGE_PATH   = "/photoprism-storage" # Storage PATH for generated files like cache and thumbnails
    # Unix permissions
    PHOTOPRISM_UID   = 500
    PHOTOPRISM_GID   = 100
    PHOTOPRISM_UMASK = 0000
  }

  templates = [
    {
      data        = <<EOF
      {{ with nomadVar "nomad/jobs/photoprism" -}}
      PHOTOPRISM_ADMIN_USER={{ .admin_user }}
      PHOTOPRISM_ADMIN_PASSWORD={{ .admin_password }}
      PHOTOPRISM_DATABASE_DRIVER=mysql
      PHOTOPRISM_DATABASE_NAME={{ .db_name }}
      PHOTOPRISM_DATABASE_USER={{ .db_user }}
      PHOTOPRISM_DATABASE_PASSWORD={{ .db_pass }}
      PHOTOPRISM_DATABASE_SERVER=127.0.0.1:3306
      {{- end }}
      {{ if eq (env "meta.hw_transcode.type") "raspberry" -}}
      PHOTOPRISM_FFMPEG_ENCODER=raspberry
      PHOTOPRISM_FFMPEG_BUFFERS=64
      {{ else if eq (env "meta.hw_transcode.type") "intel" -}}
      PHOTOPRISM_FFMPEG_ENCODER=intel
      PHOTOPRISM_INIT="intel tensorflow"
      {{- end }}
      EOF
      dest_prefix = "$${NOMAD_SECRETS_DIR}/"
      dest        = "env"
      env         = true
      mount       = false
    },
  ]
}

module "diun" {
  source = "./service"

  name  = "diun"
  image = "crazymax/diun:4.24"
  args  = ["serve", "--log-level=debug"]

  env = {
    DIUN_DB_PATH                        = "$${NOMAD_TASK_DIR}/diun.db"
    DIUN_WATCH_SCHEDULE                 = "0 */6 * * *"
    DIUN_PROVIDERS_NOMAD_WATCHBYDEFAULT = true

    # Nomad API
    # TODO: Use socket in $NOMAD_SECRETS_DIR/api.sock when we can assign workload ACLs with Terraform to
    # allow read access. Will need to update template to allow passing token by env
    NOMAD_ADDR           = "http://$${attr.unique.network.ip-address}:4646/"
    DIUN_PROVIDERS_NOMAD = true
  }

  templates = [
    {
      data        = <<EOF
      {{ with nomadVar "nomad/jobs/diun" -}}
      DIUN_NOTIF_SLACK_WEBHOOKURL={{ .slack_hook_url }}
      {{- end }}
      EOF
      dest_prefix = "$${NOMAD_SECRETS_DIR}"
      dest        = "env"
      env         = true
      mount       = false
    },
  ]
}

module "adminer" {
  source = "./service"

  name  = "adminer"
  image = "adminer"

  ingress      = true
  service_port = 8080

  use_mysql    = true
  use_postgres = true

  resources = {
    cpu    = 50
    memory = 50
  }
}

module "lidarr" {
  source = "./service"

  name  = "lidarr"
  image = "linuxserver/lidarr"

  ingress      = true
  service_port = 8686

  use_postgres = true
  postgres_bootstrap = {
    enabled = true
    databases = [
      "lidarr",
      "lidarr-logs",
    ]
  }

  env = {
    PGID = 100
    PUID = 1001
    TZ   = "America/Los_Angeles"
  }

  host_volumes = [
    {
      name      = "lidarr-config"
      dest      = "/config"
      read_only = false
    },
    {
      name      = "media-write"
      dest      = "/media"
      read_only = false
    },
  ]

  resources = {
    cpu    = 500
    memory = 1500
  }
}