diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..13275b0 --- /dev/null +++ b/.gitignore @@ -0,0 +1,6 @@ +.terraform/ +*.tfstate +*.tfstate.backup +*.tfplan +backend.tf +.terragrunt-cache/ diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..646cd65 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,24 @@ +repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.4.0 + hooks: + - id: end-of-file-fixer + types: [yaml] + - id: trailing-whitespace + types: [yaml] + - repo: https://github.com/gruntwork-io/pre-commit + rev: v0.1.30 + hooks: + - id: tofu-fmt + - id: tofu-validate + - id: tflint + - id: terragrunt-hcl-fmt + - repo: https://github.com/adrienverge/yamllint.git + rev: v1.37.1 + hooks: + - id: yamllint + args: + [ + "-d {extends: relaxed, rules: {line-length: disable}, ignore: chart}", + "-s", + ] diff --git a/.woodpecker/apply.yaml b/.woodpecker/apply.yaml new file mode 100644 index 0000000..9c27ca9 --- /dev/null +++ b/.woodpecker/apply.yaml @@ -0,0 +1,23 @@ +when: + - event: push + branch: main + +steps: + - name: apply + image: git.unkin.net/unkin/almalinux9-opentofu:20260606 + environment: + VAULT_AUTH_METHOD: kubernetes + commands: + - dnf install vault -y + - make plan + - make apply + backend_options: + kubernetes: + serviceAccountName: terraform-prowlarr + resources: + requests: + memory: 512Mi + cpu: 1 + limits: + memory: 2Gi + cpu: 2 diff --git a/.woodpecker/plan.yaml b/.woodpecker/plan.yaml new file mode 100644 index 0000000..56dd8db --- /dev/null +++ b/.woodpecker/plan.yaml @@ -0,0 +1,21 @@ +when: + - event: pull_request + +steps: + - name: plan + image: git.unkin.net/unkin/almalinux9-opentofu:20260606 + environment: + VAULT_AUTH_METHOD: kubernetes + commands: + - dnf install vault -y + - make plan + backend_options: + kubernetes: + serviceAccountName: terraform-prowlarr + resources: + requests: + memory: 512Mi + cpu: 1 + limits: + memory: 2Gi + cpu: 2 diff --git a/.woodpecker/pre-commit.yaml b/.woodpecker/pre-commit.yaml new file mode 100644 index 0000000..5c5738f --- /dev/null +++ b/.woodpecker/pre-commit.yaml @@ -0,0 +1,18 @@ +when: + - event: pull_request + +steps: + - name: pre-commit + image: git.unkin.net/unkin/almalinux9-opentofu:20260606 + commands: + - uvx pre-commit run --all-files + backend_options: + kubernetes: + serviceAccountName: default + resources: + requests: + memory: 512Mi + cpu: 1 + limits: + memory: 2Gi + cpu: 2 diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..0480d82 --- /dev/null +++ b/Makefile @@ -0,0 +1,35 @@ +.PHONY: init plan apply format + +VAULT_AUTH_METHOD ?= approle +VAULT_K8S_ROLE ?= woodpecker_terraform_prowlarr +VAULT_K8S_MOUNT ?= auth/k8s/au/syd1 +VAULT_K8S_JWT_PATH ?= /var/run/secrets/kubernetes.io/serviceaccount/token + +define vault_env + @export VAULT_ADDR="https://vault.service.consul:8200" && \ + if [ "$(VAULT_AUTH_METHOD)" = "kubernetes" ]; then \ + export VAULT_TOKEN=$$(vault write -field=token $(VAULT_K8S_MOUNT)/login role=$(VAULT_K8S_ROLE) jwt=$$(cat $(VAULT_K8S_JWT_PATH))); \ + else \ + export VAULT_TOKEN=$$(vault write -field=token auth/approle/login role_id=$$VAULT_ROLEID); \ + fi && \ + export CONSUL_HTTP_TOKEN=$$(vault read -field=token consul_root/au/syd1/creds/terraform-prowlarr) && \ + export PROWLARR_API_KEY=$$(vault kv get -field=apitoken kv/service/media-apps/prowlarr) +endef + +init: + @$(call vault_env) && \ + terragrunt run --all --non-interactive init -- -upgrade + +plan: init + @$(call vault_env) && \ + terragrunt run --all --parallelism 4 --non-interactive plan + +apply: init + @$(call vault_env) && \ + terragrunt run --all --parallelism 2 --non-interactive apply + +format: + @echo "Formatting OpenTofu files..." + @tofu fmt -recursive . + @echo "Formatting Terragrunt files..." + @terragrunt hcl fmt diff --git a/config/config.hcl b/config/config.hcl new file mode 100644 index 0000000..0908112 --- /dev/null +++ b/config/config.hcl @@ -0,0 +1,26 @@ +locals { + config_files = fileset(".", "**/*.yaml") + + all_configs = { + for file_path in local.config_files : + file_path => yamldecode(file(file_path)) + } + + config = { + indexers = { + for file_path, content in local.all_configs : + trimsuffix(basename(file_path), ".yaml") => content + if startswith(file_path, "indexer/") + } + download_clients = { + for file_path, content in local.all_configs : + trimsuffix(basename(file_path), ".yaml") => content + if startswith(file_path, "download_client/") + } + tags = { + for file_path, content in local.all_configs : + trimsuffix(basename(file_path), ".yaml") => content + if startswith(file_path, "tag/") + } + } +} diff --git a/config/download_client/NZBGet.yaml b/config/download_client/NZBGet.yaml new file mode 100644 index 0000000..4dcbffc --- /dev/null +++ b/config/download_client/NZBGet.yaml @@ -0,0 +1,26 @@ +enable: true +priority: 1 +host: nzbget.service.consul +port: 443 +use_ssl: true +username: "" +password: "" +category: unknown +tags: [] +categories: + - name: tvseries + categories: + - 5000 + - name: movies + categories: + - 2000 + - name: books + categories: + - 3030 + - 7000 + - name: music + categories: + - 3010 + - 3040 + - 3050 + - 3060 diff --git a/config/indexer/NZBgeek.yaml b/config/indexer/NZBgeek.yaml new file mode 100644 index 0000000..9a4ecac --- /dev/null +++ b/config/indexer/NZBgeek.yaml @@ -0,0 +1,17 @@ +enable: true +app_profile_id: 1 +implementation: Newznab +config_contract: NewznabSettings +protocol: usenet +tags: [] +fields: + - name: baseUrl + text_value: "https://api.nzbgeek.info" + - name: apiPath + text_value: "/api" + - name: apiKey + sensitive_value: "" + - name: vipExpiration + text_value: "" + - name: baseSettings.limitsUnit + number_value: 0 diff --git a/config/tag/nzb.yaml b/config/tag/nzb.yaml new file mode 100644 index 0000000..fb67b83 --- /dev/null +++ b/config/tag/nzb.yaml @@ -0,0 +1 @@ +label: nzb diff --git a/environments/prowlarr.service.consul/terragrunt.hcl b/environments/prowlarr.service.consul/terragrunt.hcl new file mode 100644 index 0000000..2936f66 --- /dev/null +++ b/environments/prowlarr.service.consul/terragrunt.hcl @@ -0,0 +1,23 @@ +include "root" { + path = find_in_parent_folders("root.hcl") + expose = true +} + +include "config" { + path = "${get_repo_root()}/config/config.hcl" + expose = true +} + +locals { + config = include.config.locals.config +} + +terraform { + source = "../../modules/prowlarr" +} + +inputs = { + indexers = local.config.indexers + download_clients = local.config.download_clients + tags = local.config.tags +} diff --git a/environments/root.hcl b/environments/root.hcl new file mode 100644 index 0000000..d5e0a7a --- /dev/null +++ b/environments/root.hcl @@ -0,0 +1,32 @@ +generate "backend" { + path = "backend.tf" + if_exists = "overwrite" + contents = <