iac/modules/castopod/main.tf
Florian Maury 1b9eeb1288 blip
2025-01-10 16:10:39 +01:00

452 lines
14 KiB
HCL

locals {
caddy_frontend_network_name = "caddy-frontend"
caddy_container_name = "caddy"
caddy_version = "2.9.1-alpine"
caddy_config_dir = "/var/opt/caddy"
castopod_frontend_network_name = "castopod-frontend"
castopod_backend_network_name = "castopod-backend"
castopod_media_volume_name = "castopod-media"
castopod_container_name = "castopod"
castopod_db_name = "castopod"
castopod_db_user = "castopod"
castopod_base_url = var.base_url
valkey_container_name = "valkey"
valkey_cache_volume_name = "castopod-cache"
mariadb_container_name = "mariadb"
mariadb_data_volume_name = "castopod-db"
mariadb_version = "11.5"
secrets_part_name = "secrets"
secrets_path = "/var/opt/secrets"
secrets_path_escaped = "var-opt-secrets"
data_device_path = "/dev/vdb"
data_disk = {
device = local.data_device_path
wipeTable = true
partitions = [
{
label = local.secrets_part_name
number = 1
sizeMiB = 1024
wipePartitionEntry = true
shouldExist = true
resize = true
},
{
label = local.castopod_media_volume_name
number = 2
sizeMiB = 20 * 1024
wipePartitionEntry = true
shouldExist = true
resize = true
},
{
label = local.mariadb_data_volume_name
number = 3
sizeMiB = 5 * 1024
wipePartitionEntry = true
shouldExist = true
resize = true
},
{
label = local.valkey_cache_volume_name
number = 4
sizeMiB = 1024
wipePartitionEntry = true
shouldExist = true
resize = true
},
]
}
caddy_config_directory = {
path = local.caddy_config_dir
user = {id = 0}
group = {id = 0}
mode = 448 # 0700
}
caddy_config_file = {
path = "${local.caddy_config_dir}/Caddyfile"
user = {id = 0}
group = {id = 0}
mode = 420 # 0644
contents = {
source = format(
"data:text/plain;base64,%s",
base64encode(
templatefile(
"${path.module}/files/Caddyfile.tftpl",
{
castopod_domain = var.castopod_domain
castopod_container_name = local.castopod_container_name
}
)
)
)
}
}
caddy_frontend_network_file = {
path = "/etc/containers/systemd/caddy-frontend.network"
user = {id = 0}
group = {id = 0}
mode = 420 # 0644
contents = {
source = format(
"data:text/plain;base64,%s",
base64encode(
templatefile(
"${path.module}/files/caddy-frontend.network.tftpl",
{
caddy_frontend_network_name = local.caddy_frontend_network_name
}
)
)
)
}
}
caddy_container_file = {
path = "/etc/containers/systemd/caddy.container"
user = {id = 0}
group = {id = 0}
mode = 420 # 0644
contents = {
source = format(
"data:text/plain;base64,%s",
base64encode(
templatefile(
"${path.module}/files/caddy.container.tftpl",
{
caddy_container_name = local.caddy_container_name
caddy_version = local.caddy_version
caddy_config_dir = local.caddy_config_dir
caddy_frontend_network_name = local.caddy_frontend_network_name
castopod_frontend_network_name = local.castopod_frontend_network_name
castopod_upstream_port = var.castopod_upstream_port
castopod_media_volume_name = local.castopod_media_volume_name
}
)
)
)
}
}
castopod_secrets_filesystem = {
device = "${local.data_device_path}1"
format = "ext4"
label = local.secrets_part_name
}
castopod_secrets_directory = {
path = local.secrets_path
user = {id = 0}
group = {id = 0}
mode = 448 # 0700
}
castopod_secrets_mount_unit = {
name = "${local.secrets_path_escaped}.mount"
enabled = true
contents = templatefile(
"${path.module}/files/secrets.mount.tftpl",
{
secrets_part_name = local.secrets_part_name
secrets_path = local.secrets_path
}
)
}
castopod_generate_secrets_script_file = {
path = "/var/opt/generate_secrets.sh"
user = {id = 0}
group = {id = 0}
mode = 448 # 0700
contents = {
source = format(
"data:text/plain;base64,%s",
base64encode(
templatefile(
"${path.module}/files/generate_secrets.sh.tftpl",
{
secrets_path = local.secrets_path
}
)
)
)
}
}
castopod_generate_secrets_service_unit = {
name = "generate_secrets.service"
enabled = true
contents = templatefile(
"${path.module}/files/generate_secrets.service.tftpl",
{
secrets_path = local.secrets_path
secrets_path_escaped = local.secrets_path_escaped
}
)
}
castopod_frontend_network_file = {
path = "/etc/containers/systemd/${local.castopod_frontend_network_name}.network"
user = {id = 0}
group = {id = 0}
mode = 420 # 0644
contents = {
source = format(
"data:text/plain;base64,%s",
base64encode(
templatefile(
"${path.module}/files/castopod-frontend.network.tftpl",
{
castopod_frontend_network_name = local.castopod_frontend_network_name
}
)
)
)
}
}
castopod_backend_network_file = {
path = "/etc/containers/systemd/${local.castopod_backend_network_name}.network"
user = {id = 0}
group = {id = 0}
mode = 420 # 0644
contents = {
source = format(
"data:text/plain;base64,%s",
base64encode(
templatefile(
"${path.module}/files/castopod-backend.network.tftpl",
{
castopod_backend_network_name = local.castopod_backend_network_name
}
)
)
)
}
}
castopod_media_volume_filesystem = {
device = "${local.data_device_path}2"
format = "ext4"
label = local.castopod_media_volume_name
options = [
"-E", "root_owner=33:33",
]
}
castopod_media_volume_file = {
path = "/etc/containers/systemd/${local.castopod_media_volume_name}.volume"
user = {id = 0}
group = {id = 0}
mode = 420 # 0644
contents = {
source = format(
"data:text/plain;base64,%s",
base64encode(
templatefile(
"${path.module}/files/castopod-media.volume.tftpl",
{
castopod_media_volume_name = local.castopod_media_volume_name
}
)
)
)
}
}
mariadb_data_volume_filesystem = {
device = "${local.data_device_path}3"
format = "ext4"
label = local.mariadb_data_volume_name
options = [
"-E", "root_owner=999:999",
]
}
mariadb_data_volume_file = {
path = "/etc/containers/systemd/${local.mariadb_data_volume_name}.volume"
user = {id = 0}
group = {id = 0}
mode = 420 # 0644
contents = {
source = format(
"data:text/plain;base64,%s",
base64encode(
templatefile(
"${path.module}/files/mariadb-data.volume.tftpl",
{
mariadb_data_volume_name = local.mariadb_data_volume_name
}
)
)
)
}
}
mariadb_container_file = {
path = "/etc/containers/systemd/${local.mariadb_container_name}.container"
user = {id = 0}
group = {id = 0}
mode = 420 # 0644
contents = {
source = format(
"data:text/plain;base64,%s",
base64encode(
templatefile(
"${path.module}/files/mariadb.container.tftpl",
{
mariadb_container_name = local.mariadb_container_name
mariadb_version = local.mariadb_version
mariadb_data_volume_name = local.mariadb_data_volume_name
castopod_backend_network_name = local.castopod_backend_network_name
castopod_db_name = local.castopod_db_name
castopod_db_user = local.castopod_db_user
secrets_path = local.secrets_path
}
)
)
)
}
}
valkey_cache_volume_filesystem = {
device = "${local.data_device_path}4"
format = "ext4"
label = local.valkey_cache_volume_name
options = [
"-E", "root_owner=999:999",
]
}
valkey_cache_volume_file = {
path = "/etc/containers/systemd/${local.valkey_cache_volume_name}.volume"
user = {id = 0}
group = {id = 0}
mode = 420 # 0644
contents = {
source = format(
"data:text/plain;base64,%s",
base64encode(
templatefile(
"${path.module}/files/valkey.volume.tftpl",
{
valkey_cache_volume_name = local.valkey_cache_volume_name
}
)
)
)
}
}
valkey_container_file = {
path = "/etc/containers/systemd/${local.valkey_container_name}.container"
user = {id = 0}
group = {id = 0}
mode = 420 # 0644
contents = {
source = format(
"data:text/plain;base64,%s",
base64encode(
templatefile(
"${path.module}/files/valkey.container.tftpl",
{
valkey_container_name = local.valkey_container_name
valkey_version = "8.0-alpine"
valkey_cache_volume_name = local.valkey_cache_volume_name
castopod_backend_network_name = local.castopod_backend_network_name
secrets_path = local.secrets_path
}
)
)
)
}
}
castopod_container_file = {
path = "/etc/containers/systemd/${local.castopod_container_name}.container"
user = {id = 0}
group = {id = 0}
mode = 420 # 0644
contents = {
source = format(
"data:text/plain;base64,%s",
base64encode(
templatefile("${path.module}/files/castopod.container.tftpl", {
castopod_version = "1.13.2",
castopod_container_name = local.castopod_container_name
castopod_frontend_network_name = local.castopod_frontend_network_name
castopod_backend_network_name = local.castopod_backend_network_name
castopod_media_volume_name = local.castopod_media_volume_name
castopod_db_name = local.castopod_db_name
castopod_db_user = local.castopod_db_user
castopod_base_url = var.base_url
mariadb_container_name = local.mariadb_container_name
valkey_container_name = local.valkey_container_name
secrets_path = local.secrets_path
})
)
)
}
}
ignition_config = jsonencode({
ignition = {
version = "3.4.0"
}
storage = {
disks = [
local.data_disk,
]
filesystems = [
local.castopod_secrets_filesystem,
local.castopod_media_volume_filesystem,
local.mariadb_data_volume_filesystem,
local.valkey_cache_volume_filesystem,
]
files = [
local.caddy_config_file,
local.caddy_frontend_network_file,
local.caddy_container_file,
local.castopod_generate_secrets_script_file,
local.castopod_frontend_network_file,
local.castopod_backend_network_file,
local.castopod_media_volume_file,
local.mariadb_data_volume_file,
local.mariadb_container_file,
local.valkey_cache_volume_file,
local.valkey_container_file,
local.castopod_container_file,
]
directories = [
local.caddy_config_directory,
local.castopod_secrets_directory,
]
}
systemd = {
units = [
local.castopod_secrets_mount_unit,
local.castopod_generate_secrets_service_unit,
]
}
passwd = {
users = [
{
name = "core"
sshAuthorizedKeys = var.ssh_authorized_keys
}
]
}
})
}