feat: initial prowlarr terraform configuration #1
@@ -0,0 +1,6 @@
|
||||
.terraform/
|
||||
*.tfstate
|
||||
*.tfstate.backup
|
||||
*.tfplan
|
||||
backend.tf
|
||||
.terragrunt-cache/
|
||||
@@ -0,0 +1,26 @@
|
||||
repos:
|
||||
- repo: https://github.com/pre-commit/pre-commit-hooks
|
||||
rev: v4.4.0
|
||||
hooks:
|
||||
- id: end-of-file-fixer
|
||||
types: [yaml]
|
||||
- id: trailing-whitespace
|
||||
types: [yaml]
|
||||
- repo: https://github.com/gruntwork-io/pre-commit
|
||||
rev: v0.1.30
|
||||
hooks:
|
||||
- id: tofu-fmt
|
||||
- id: tofu-validate
|
||||
exclude: ^modules/
|
||||
- id: tflint
|
||||
exclude: ^modules/
|
||||
- id: terragrunt-hcl-fmt
|
||||
- repo: https://github.com/adrienverge/yamllint.git
|
||||
rev: v1.37.1
|
||||
hooks:
|
||||
- id: yamllint
|
||||
args:
|
||||
[
|
||||
"-d {extends: relaxed, rules: {line-length: disable}, ignore: chart}",
|
||||
"-s",
|
||||
]
|
||||
@@ -0,0 +1,23 @@
|
||||
when:
|
||||
- event: push
|
||||
branch: main
|
||||
|
||||
steps:
|
||||
- name: apply
|
||||
image: git.unkin.net/unkin/almalinux9-opentofu:20260606
|
||||
environment:
|
||||
VAULT_AUTH_METHOD: kubernetes
|
||||
commands:
|
||||
- dnf install vault -y
|
||||
- make plan
|
||||
- make apply
|
||||
backend_options:
|
||||
kubernetes:
|
||||
serviceAccountName: terraform-prowlarr
|
||||
resources:
|
||||
requests:
|
||||
memory: 512Mi
|
||||
cpu: 1
|
||||
limits:
|
||||
memory: 2Gi
|
||||
cpu: 2
|
||||
@@ -0,0 +1,21 @@
|
||||
when:
|
||||
- event: pull_request
|
||||
|
||||
steps:
|
||||
- name: plan
|
||||
image: git.unkin.net/unkin/almalinux9-opentofu:20260606
|
||||
environment:
|
||||
VAULT_AUTH_METHOD: kubernetes
|
||||
commands:
|
||||
- dnf install vault -y
|
||||
- make plan
|
||||
backend_options:
|
||||
kubernetes:
|
||||
serviceAccountName: terraform-prowlarr
|
||||
resources:
|
||||
requests:
|
||||
memory: 512Mi
|
||||
cpu: 1
|
||||
limits:
|
||||
memory: 2Gi
|
||||
cpu: 2
|
||||
@@ -0,0 +1,18 @@
|
||||
when:
|
||||
- event: pull_request
|
||||
|
||||
steps:
|
||||
- name: pre-commit
|
||||
image: git.unkin.net/unkin/almalinux9-opentofu:20260606
|
||||
commands:
|
||||
- uvx pre-commit run --all-files
|
||||
backend_options:
|
||||
kubernetes:
|
||||
serviceAccountName: default
|
||||
resources:
|
||||
requests:
|
||||
memory: 512Mi
|
||||
cpu: 1
|
||||
limits:
|
||||
memory: 2Gi
|
||||
cpu: 2
|
||||
@@ -0,0 +1,35 @@
|
||||
.PHONY: init plan apply format
|
||||
|
||||
VAULT_AUTH_METHOD ?= approle
|
||||
VAULT_K8S_ROLE ?= woodpecker_terraform_prowlarr
|
||||
VAULT_K8S_MOUNT ?= auth/k8s/au/syd1
|
||||
VAULT_K8S_JWT_PATH ?= /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
|
||||
define vault_env
|
||||
@export VAULT_ADDR="https://vault.service.consul:8200" && \
|
||||
if [ "$(VAULT_AUTH_METHOD)" = "kubernetes" ]; then \
|
||||
export VAULT_TOKEN=$$(vault write -field=token $(VAULT_K8S_MOUNT)/login role=$(VAULT_K8S_ROLE) jwt=$$(cat $(VAULT_K8S_JWT_PATH))); \
|
||||
else \
|
||||
export VAULT_TOKEN=$$(vault write -field=token auth/approle/login role_id=$$VAULT_ROLEID); \
|
||||
fi && \
|
||||
export CONSUL_HTTP_TOKEN=$$(vault read -field=token consul_root/au/syd1/creds/terraform-prowlarr) && \
|
||||
export TF_VAR_prowlarr_api_key=$$(vault kv get -field=apitoken kv/service/media-apps/prowlarr)
|
||||
endef
|
||||
|
||||
init:
|
||||
@$(call vault_env) && \
|
||||
terragrunt run --all --non-interactive init -- -upgrade
|
||||
|
||||
plan: init
|
||||
@$(call vault_env) && \
|
||||
terragrunt run --all --parallelism 4 --non-interactive plan
|
||||
|
||||
apply: init
|
||||
@$(call vault_env) && \
|
||||
terragrunt run --all --parallelism 2 --non-interactive apply
|
||||
|
||||
format:
|
||||
@echo "Formatting OpenTofu files..."
|
||||
@tofu fmt -recursive .
|
||||
@echo "Formatting Terragrunt files..."
|
||||
@terragrunt hcl fmt
|
||||
@@ -0,0 +1,26 @@
|
||||
locals {
|
||||
config_files = fileset(".", "**/*.yaml")
|
||||
|
||||
all_configs = {
|
||||
for file_path in local.config_files :
|
||||
file_path => yamldecode(file(file_path))
|
||||
}
|
||||
|
||||
config = {
|
||||
indexers = {
|
||||
for file_path, content in local.all_configs :
|
||||
trimsuffix(basename(file_path), ".yaml") => content
|
||||
if startswith(file_path, "indexer/")
|
||||
}
|
||||
download_clients = {
|
||||
for file_path, content in local.all_configs :
|
||||
trimsuffix(basename(file_path), ".yaml") => content
|
||||
if startswith(file_path, "download_client/")
|
||||
}
|
||||
tags = {
|
||||
for file_path, content in local.all_configs :
|
||||
trimsuffix(basename(file_path), ".yaml") => content
|
||||
if startswith(file_path, "tag/")
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,26 @@
|
||||
enable: true
|
||||
priority: 1
|
||||
host: nzbget.service.consul
|
||||
port: 443
|
||||
use_ssl: true
|
||||
username: "svc_nzbsubmit"
|
||||
password: ""
|
||||
category: unknown
|
||||
tags: []
|
||||
categories:
|
||||
- name: tvseries
|
||||
categories:
|
||||
- 5000
|
||||
- name: movies
|
||||
categories:
|
||||
- 2000
|
||||
- name: books
|
||||
categories:
|
||||
- 3030
|
||||
- 7000
|
||||
- name: music
|
||||
categories:
|
||||
- 3010
|
||||
- 3040
|
||||
- 3050
|
||||
- 3060
|
||||
@@ -0,0 +1,18 @@
|
||||
enable: true
|
||||
app_profile_id: 1
|
||||
implementation: Newznab
|
||||
config_contract: NewznabSettings
|
||||
protocol: usenet
|
||||
tags:
|
||||
- nzb
|
||||
fields:
|
||||
- name: baseUrl
|
||||
text_value: "https://api.nzbgeek.info"
|
||||
- name: apiPath
|
||||
text_value: "/api"
|
||||
- name: apiKey
|
||||
sensitive_value: ""
|
||||
- name: vipExpiration
|
||||
text_value: ""
|
||||
- name: baseSettings.limitsUnit
|
||||
number_value: 0
|
||||
@@ -0,0 +1 @@
|
||||
label: nzb
|
||||
@@ -0,0 +1,25 @@
|
||||
# This file is maintained automatically by "tofu init".
|
||||
# Manual edits may be lost in future updates.
|
||||
|
||||
provider "registry.opentofu.org/devopsarr/prowlarr" {
|
||||
version = "3.2.1"
|
||||
constraints = "3.2.1"
|
||||
hashes = [
|
||||
"h1:tM7MtXkm2tPiG7mWV6wcVkQaqdo0Yeu/8BCpL2MCqek=",
|
||||
"zh:0d37e70e3104e69ed38f22675ef893df445fc1988da99a928bd576e181db5fb6",
|
||||
"zh:0d776682ef78ef01b5542e69138e55d3b53b67fa3faaa3db5a4319799944d39a",
|
||||
"zh:1ff54720bb754c5b24e577eb22d8756edee779e7c764188e6f53f5a6432931c6",
|
||||
"zh:30d13d0246db3962d159f0a6c71cb1fb5215eb205905e3b3d507c28a55b0e929",
|
||||
"zh:619f7051634693a482741cfe9c6f2bce138662cad9b305c7dbeea8742eea0ab8",
|
||||
"zh:6c57ac508eb4418229f45e28f04706b2b72fdb835ea060443a8000b5b12ce3c9",
|
||||
"zh:6e8d10c7048fe72e58c37bf8fb7b1f9e5980f67ae46bae77d34ae381f4aed241",
|
||||
"zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
|
||||
"zh:8c00ba84caf8714e9e03bd148a9423d4d2e22570c8bf00c3c50fb3735fa57c08",
|
||||
"zh:95d52ba75e28c785a7a19393540d4e1b9b1d3480f31a376f875038c1078ef7fa",
|
||||
"zh:96df6af86047fe43dd6496034d1025be70e2fd953f3389b7219db459b91379b6",
|
||||
"zh:a552da4a984865e59cf9127c372cd46435ad2c6eaa3128d493119330047b2323",
|
||||
"zh:b0b5b9dc4f70b5e2df814c78d4996a5376ac9f48e5968461a0dbefb7966ea1d5",
|
||||
"zh:bf6bdfd73308609e3ffc93a426635d505a8e99bb33b7f51e6197b5f74c31c3c9",
|
||||
"zh:dd369ae9029cb57538ca99b3d86e9d679a731c2c8ab1e3b20cee380ab1a95b56",
|
||||
]
|
||||
}
|
||||
@@ -0,0 +1,23 @@
|
||||
include "root" {
|
||||
path = find_in_parent_folders("root.hcl")
|
||||
expose = true
|
||||
}
|
||||
|
||||
include "config" {
|
||||
path = "${get_repo_root()}/config/config.hcl"
|
||||
expose = true
|
||||
}
|
||||
|
||||
locals {
|
||||
config = include.config.locals.config
|
||||
}
|
||||
|
||||
terraform {
|
||||
source = "../../modules/prowlarr"
|
||||
}
|
||||
|
||||
inputs = {
|
||||
indexers = local.config.indexers
|
||||
download_clients = local.config.download_clients
|
||||
tags = local.config.tags
|
||||
}
|
||||
@@ -0,0 +1,32 @@
|
||||
generate "backend" {
|
||||
path = "backend.tf"
|
||||
if_exists = "overwrite"
|
||||
contents = <<EOF
|
||||
provider "prowlarr" {
|
||||
url = "https://${path_relative_to_include()}"
|
||||
api_key = var.prowlarr_api_key
|
||||
}
|
||||
|
||||
variable "prowlarr_api_key" {
|
||||
type = string
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
terraform {
|
||||
backend "consul" {
|
||||
address = "https://consul.service.consul"
|
||||
path = "infra/terraform/prowlarr/${path_relative_to_include()}/state"
|
||||
scheme = "https"
|
||||
lock = true
|
||||
ca_file = "/etc/pki/tls/certs/ca-bundle.crt"
|
||||
}
|
||||
required_version = ">= 1.10"
|
||||
required_providers {
|
||||
prowlarr = {
|
||||
source = "devopsarr/prowlarr"
|
||||
version = "3.2.1"
|
||||
}
|
||||
}
|
||||
}
|
||||
EOF
|
||||
}
|
||||
@@ -0,0 +1,43 @@
|
||||
resource "prowlarr_tag" "this" {
|
||||
for_each = var.tags
|
||||
label = each.value.label
|
||||
}
|
||||
|
||||
locals {
|
||||
tag_ids = { for k, v in prowlarr_tag.this : v.label => v.id }
|
||||
}
|
||||
|
||||
resource "prowlarr_indexer" "this" {
|
||||
for_each = var.indexers
|
||||
name = each.key
|
||||
enable = lookup(each.value, "enable", true)
|
||||
app_profile_id = each.value.app_profile_id
|
||||
implementation = each.value.implementation
|
||||
config_contract = each.value.config_contract
|
||||
protocol = each.value.protocol
|
||||
tags = [for t in lookup(each.value, "tags", []) : local.tag_ids[t]]
|
||||
fields = each.value.fields
|
||||
|
||||
lifecycle {
|
||||
ignore_changes = [fields]
|
||||
}
|
||||
}
|
||||
|
||||
resource "prowlarr_download_client_nzbget" "this" {
|
||||
for_each = var.download_clients
|
||||
name = lookup(each.value, "name", each.key)
|
||||
enable = lookup(each.value, "enable", true)
|
||||
priority = lookup(each.value, "priority", 1)
|
||||
host = each.value.host
|
||||
port = each.value.port
|
||||
use_ssl = lookup(each.value, "use_ssl", false)
|
||||
username = lookup(each.value, "username", "")
|
||||
password = lookup(each.value, "password", "")
|
||||
category = lookup(each.value, "category", "")
|
||||
tags = lookup(each.value, "tags", [])
|
||||
categories = lookup(each.value, "categories", [])
|
||||
|
||||
lifecycle {
|
||||
ignore_changes = [password]
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,14 @@
|
||||
variable "indexers" {
|
||||
type = any
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "download_clients" {
|
||||
type = any
|
||||
default = {}
|
||||
}
|
||||
|
||||
variable "tags" {
|
||||
type = any
|
||||
default = {}
|
||||
}
|
||||
Reference in New Issue
Block a user