feat: initial prowlarr terraform configuration
ci/woodpecker/pr/pre-commit Pipeline failed
ci/woodpecker/pr/plan Pipeline failed

This commit is contained in:
2026-06-28 22:14:21 +10:00
parent 93a9dbd07f
commit 40c1366f38
14 changed files with 314 additions and 0 deletions
+6
View File
@@ -0,0 +1,6 @@
.terraform/
*.tfstate
*.tfstate.backup
*.tfplan
backend.tf
.terragrunt-cache/
+24
View File
@@ -0,0 +1,24 @@
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.4.0
hooks:
- id: end-of-file-fixer
types: [yaml]
- id: trailing-whitespace
types: [yaml]
- repo: https://github.com/gruntwork-io/pre-commit
rev: v0.1.30
hooks:
- id: tofu-fmt
- id: tofu-validate
- id: tflint
- id: terragrunt-hcl-fmt
- repo: https://github.com/adrienverge/yamllint.git
rev: v1.37.1
hooks:
- id: yamllint
args:
[
"-d {extends: relaxed, rules: {line-length: disable}, ignore: chart}",
"-s",
]
+23
View File
@@ -0,0 +1,23 @@
when:
- event: push
branch: main
steps:
- name: apply
image: git.unkin.net/unkin/almalinux9-opentofu:20260606
environment:
VAULT_AUTH_METHOD: kubernetes
commands:
- dnf install vault -y
- make plan
- make apply
backend_options:
kubernetes:
serviceAccountName: terraform-prowlarr
resources:
requests:
memory: 512Mi
cpu: 1
limits:
memory: 2Gi
cpu: 2
+21
View File
@@ -0,0 +1,21 @@
when:
- event: pull_request
steps:
- name: plan
image: git.unkin.net/unkin/almalinux9-opentofu:20260606
environment:
VAULT_AUTH_METHOD: kubernetes
commands:
- dnf install vault -y
- make plan
backend_options:
kubernetes:
serviceAccountName: terraform-prowlarr
resources:
requests:
memory: 512Mi
cpu: 1
limits:
memory: 2Gi
cpu: 2
+18
View File
@@ -0,0 +1,18 @@
when:
- event: pull_request
steps:
- name: pre-commit
image: git.unkin.net/unkin/almalinux9-opentofu:20260606
commands:
- uvx pre-commit run --all-files
backend_options:
kubernetes:
serviceAccountName: default
resources:
requests:
memory: 512Mi
cpu: 1
limits:
memory: 2Gi
cpu: 2
+35
View File
@@ -0,0 +1,35 @@
.PHONY: init plan apply format
VAULT_AUTH_METHOD ?= approle
VAULT_K8S_ROLE ?= woodpecker_terraform_prowlarr
VAULT_K8S_MOUNT ?= auth/k8s/au/syd1
VAULT_K8S_JWT_PATH ?= /var/run/secrets/kubernetes.io/serviceaccount/token
define vault_env
@export VAULT_ADDR="https://vault.service.consul:8200" && \
if [ "$(VAULT_AUTH_METHOD)" = "kubernetes" ]; then \
export VAULT_TOKEN=$$(vault write -field=token $(VAULT_K8S_MOUNT)/login role=$(VAULT_K8S_ROLE) jwt=$$(cat $(VAULT_K8S_JWT_PATH))); \
else \
export VAULT_TOKEN=$$(vault write -field=token auth/approle/login role_id=$$VAULT_ROLEID); \
fi && \
export CONSUL_HTTP_TOKEN=$$(vault read -field=token consul_root/au/syd1/creds/terraform-prowlarr) && \
export PROWLARR_API_KEY=$$(vault kv get -field=apitoken kv/service/media-apps/prowlarr)
endef
init:
@$(call vault_env) && \
terragrunt run --all --non-interactive init -- -upgrade
plan: init
@$(call vault_env) && \
terragrunt run --all --parallelism 4 --non-interactive plan
apply: init
@$(call vault_env) && \
terragrunt run --all --parallelism 2 --non-interactive apply
format:
@echo "Formatting OpenTofu files..."
@tofu fmt -recursive .
@echo "Formatting Terragrunt files..."
@terragrunt hcl fmt
+26
View File
@@ -0,0 +1,26 @@
locals {
config_files = fileset(".", "**/*.yaml")
all_configs = {
for file_path in local.config_files :
file_path => yamldecode(file(file_path))
}
config = {
indexers = {
for file_path, content in local.all_configs :
trimsuffix(basename(file_path), ".yaml") => content
if startswith(file_path, "indexer/")
}
download_clients = {
for file_path, content in local.all_configs :
trimsuffix(basename(file_path), ".yaml") => content
if startswith(file_path, "download_client/")
}
tags = {
for file_path, content in local.all_configs :
trimsuffix(basename(file_path), ".yaml") => content
if startswith(file_path, "tag/")
}
}
}
+26
View File
@@ -0,0 +1,26 @@
enable: true
priority: 1
host: nzbget.service.consul
port: 443
use_ssl: true
username: ""
password: ""
category: unknown
tags: []
categories:
- name: tvseries
categories:
- 5000
- name: movies
categories:
- 2000
- name: books
categories:
- 3030
- 7000
- name: music
categories:
- 3010
- 3040
- 3050
- 3060
+17
View File
@@ -0,0 +1,17 @@
enable: true
app_profile_id: 1
implementation: Newznab
config_contract: NewznabSettings
protocol: usenet
tags: []
fields:
- name: baseUrl
text_value: "https://api.nzbgeek.info"
- name: apiPath
text_value: "/api"
- name: apiKey
sensitive_value: ""
- name: vipExpiration
text_value: ""
- name: baseSettings.limitsUnit
number_value: 0
+1
View File
@@ -0,0 +1 @@
label: nzb
@@ -0,0 +1,23 @@
include "root" {
path = find_in_parent_folders("root.hcl")
expose = true
}
include "config" {
path = "${get_repo_root()}/config/config.hcl"
expose = true
}
locals {
config = include.config.locals.config
}
terraform {
source = "../../modules/prowlarr"
}
inputs = {
indexers = local.config.indexers
download_clients = local.config.download_clients
tags = local.config.tags
}
+32
View File
@@ -0,0 +1,32 @@
generate "backend" {
path = "backend.tf"
if_exists = "overwrite"
contents = <<EOF
provider "prowlarr" {
url = "https://${path_relative_to_include()}"
api_key = var.prowlarr_api_key
}
variable "prowlarr_api_key" {
type = string
sensitive = true
}
terraform {
backend "consul" {
address = "https://consul.service.consul"
path = "infra/terraform/prowlarr/${path_relative_to_include()}/state"
scheme = "https"
lock = true
ca_file = "/etc/pki/tls/certs/ca-bundle.crt"
}
required_version = ">= 1.10"
required_providers {
prowlarr = {
source = "devopsarr/prowlarr"
version = "3.2.1"
}
}
}
EOF
}
+48
View File
@@ -0,0 +1,48 @@
resource "prowlarr_tag" "this" {
for_each = var.tags
label = each.value.label
}
resource "prowlarr_indexer" "this" {
for_each = var.indexers
name = each.key
enable = lookup(each.value, "enable", true)
app_profile_id = lookup(each.value, "app_profile_id", 1)
implementation = each.value.implementation
config_contract = each.value.config_contract
protocol = each.value.protocol
tags = lookup(each.value, "tags", [])
dynamic "fields" {
for_each = each.value.fields
content {
name = fields.value.name
text_value = lookup(fields.value, "text_value", null)
number_value = lookup(fields.value, "number_value", null)
bool_value = lookup(fields.value, "bool_value", null)
sensitive_value = lookup(fields.value, "sensitive_value", null)
}
}
}
resource "prowlarr_download_client_nzbget" "this" {
for_each = var.download_clients
name = each.key
enable = lookup(each.value, "enable", true)
priority = lookup(each.value, "priority", 1)
host = each.value.host
port = each.value.port
use_ssl = lookup(each.value, "use_ssl", false)
username = lookup(each.value, "username", "")
password = lookup(each.value, "password", "")
category = lookup(each.value, "category", "")
tags = lookup(each.value, "tags", [])
dynamic "categories" {
for_each = lookup(each.value, "categories", [])
content {
name = categories.value.name
categories = categories.value.categories
}
}
}
+14
View File
@@ -0,0 +1,14 @@
variable "indexers" {
type = map(any)
default = {}
}
variable "download_clients" {
type = map(any)
default = {}
}
variable "tags" {
type = map(any)
default = {}
}