Merge pull request 'feat: initial radarr terraform configuration' (#1) from feat/initial-config into main
ci/woodpecker/push/apply Pipeline was successful

Reviewed-on: #1
This commit was merged in pull request #1.
This commit is contained in:
2026-06-30 00:12:26 +10:00
25 changed files with 625 additions and 0 deletions
+6
View File
@@ -0,0 +1,6 @@
.terraform/
*.tfstate
*.tfstate.backup
*.tfplan
backend.tf
.terragrunt-cache/
+26
View File
@@ -0,0 +1,26 @@
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.4.0
hooks:
- id: end-of-file-fixer
types: [yaml]
- id: trailing-whitespace
types: [yaml]
- repo: https://github.com/gruntwork-io/pre-commit
rev: v0.1.30
hooks:
- id: tofu-fmt
- id: tofu-validate
exclude: ^modules/
- id: tflint
exclude: ^modules/
- id: terragrunt-hcl-fmt
- repo: https://github.com/adrienverge/yamllint.git
rev: v1.37.1
hooks:
- id: yamllint
args:
[
"-d {extends: relaxed, rules: {line-length: disable}, ignore: chart}",
"-s",
]
+23
View File
@@ -0,0 +1,23 @@
when:
- event: push
branch: main
steps:
- name: apply
image: git.unkin.net/unkin/almalinux9-opentofu:20260606
environment:
VAULT_AUTH_METHOD: kubernetes
commands:
- dnf install vault -y
- make plan
- make apply
backend_options:
kubernetes:
serviceAccountName: terraform-radarr
resources:
requests:
memory: 512Mi
cpu: 1
limits:
memory: 2Gi
cpu: 2
+21
View File
@@ -0,0 +1,21 @@
when:
- event: pull_request
steps:
- name: plan
image: git.unkin.net/unkin/almalinux9-opentofu:20260606
environment:
VAULT_AUTH_METHOD: kubernetes
commands:
- dnf install vault -y
- make plan
backend_options:
kubernetes:
serviceAccountName: terraform-radarr
resources:
requests:
memory: 512Mi
cpu: 1
limits:
memory: 2Gi
cpu: 2
+18
View File
@@ -0,0 +1,18 @@
when:
- event: pull_request
steps:
- name: pre-commit
image: git.unkin.net/unkin/almalinux9-opentofu:20260606
commands:
- uvx pre-commit run --all-files
backend_options:
kubernetes:
serviceAccountName: default
resources:
requests:
memory: 512Mi
cpu: 1
limits:
memory: 2Gi
cpu: 2
+35
View File
@@ -0,0 +1,35 @@
.PHONY: init plan apply format
VAULT_AUTH_METHOD ?= approle
VAULT_K8S_ROLE ?= woodpecker_terraform_radarr
VAULT_K8S_MOUNT ?= auth/k8s/au/syd1
VAULT_K8S_JWT_PATH ?= /var/run/secrets/kubernetes.io/serviceaccount/token
define vault_env
@export VAULT_ADDR="https://vault.service.consul:8200" && \
if [ "$(VAULT_AUTH_METHOD)" = "kubernetes" ]; then \
export VAULT_TOKEN=$$(vault write -field=token $(VAULT_K8S_MOUNT)/login role=$(VAULT_K8S_ROLE) jwt=$$(cat $(VAULT_K8S_JWT_PATH))); \
else \
export VAULT_TOKEN=$$(vault write -field=token auth/approle/login role_id=$$VAULT_ROLEID); \
fi && \
export CONSUL_HTTP_TOKEN=$$(vault read -field=token consul_root/au/syd1/creds/terraform-radarr) && \
export TF_VAR_radarr_api_key=$$(vault kv get -field=apitoken kv/service/media-apps/radarr)
endef
init:
@$(call vault_env) && \
terragrunt run --all --non-interactive init -- -upgrade
plan: init
@$(call vault_env) && \
terragrunt run --all --parallelism 4 --non-interactive plan
apply: init
@$(call vault_env) && \
terragrunt run --all --parallelism 2 --non-interactive apply
format:
@echo "Formatting OpenTofu files..."
@tofu fmt -recursive .
@echo "Formatting Terragrunt files..."
@terragrunt hcl fmt
+46
View File
@@ -0,0 +1,46 @@
locals {
config_files = fileset(".", "**/*.yaml")
all_configs = {
for file_path in local.config_files :
file_path => yamldecode(file(file_path))
}
config = {
custom_formats = {
for file_path, content in local.all_configs :
trimsuffix(basename(file_path), ".yaml") => content
if startswith(file_path, "custom_format/")
}
quality_profiles = {
for file_path, content in local.all_configs :
trimsuffix(basename(file_path), ".yaml") => content
if startswith(file_path, "quality_profile/")
}
download_clients = {
for file_path, content in local.all_configs :
trimsuffix(basename(file_path), ".yaml") => content
if startswith(file_path, "download_client/")
}
indexers = {
for file_path, content in local.all_configs :
trimsuffix(basename(file_path), ".yaml") => content
if startswith(file_path, "indexer/")
}
notifications = {
for file_path, content in local.all_configs :
trimsuffix(basename(file_path), ".yaml") => content
if startswith(file_path, "notification/")
}
delay_profiles = {
for file_path, content in local.all_configs :
trimsuffix(basename(file_path), ".yaml") => content
if startswith(file_path, "delay_profile/")
}
root_folders = {
for file_path, content in local.all_configs :
trimsuffix(basename(file_path), ".yaml") => content
if startswith(file_path, "root_folder/")
}
}
}
+7
View File
@@ -0,0 +1,7 @@
include_custom_format_when_renaming: false
specifications:
- name: 1080p
implementation: ResolutionSpecification
negate: false
required: false
value: '1080'
+7
View File
@@ -0,0 +1,7 @@
include_custom_format_when_renaming: false
specifications:
- name: 2160p
implementation: ResolutionSpecification
negate: false
required: false
value: '2160'
+7
View File
@@ -0,0 +1,7 @@
include_custom_format_when_renaming: false
specifications:
- name: 720p
implementation: ResolutionSpecification
negate: false
required: false
value: '720'
+7
View File
@@ -0,0 +1,7 @@
include_custom_format_when_renaming: false
specifications:
- name: x264
implementation: ReleaseTitleSpecification
negate: false
required: false
value: (x|h)\.?264
+7
View File
@@ -0,0 +1,7 @@
include_custom_format_when_renaming: false
specifications:
- name: x265
implementation: ReleaseTitleSpecification
negate: false
required: false
value: (((x|h)\.?265)|(HEVC))
+7
View File
@@ -0,0 +1,7 @@
enable_usenet: true
enable_torrent: true
preferred_protocol: usenet
usenet_delay: 0
torrent_delay: 0
bypass_if_highest_quality: true
tags: []
+10
View File
@@ -0,0 +1,10 @@
enable: true
priority: 1
host: nzbget.service.consul
port: 443
use_ssl: true
username: "svc_nzbsubmit"
password: ""
movie_category: movies
remove_completed_downloads: true
remove_failed_downloads: true
+17
View File
@@ -0,0 +1,17 @@
name: "NZBgeek (Prowlarr)"
enable_automatic_search: true
enable_interactive_search: true
enable_rss: true
priority: 25
base_url: "https://prowlarr.service.consul/1/"
api_path: "/api"
api_key: ""
categories:
- 2000
- 2010
- 2020
- 2030
- 2040
- 2045
- 2050
- 2060
+15
View File
@@ -0,0 +1,15 @@
name: "Emby / Jellyfin"
host: jellyfin.service.consul
port: 443
use_ssl: true
api_key: ""
notify: false
update_library: true
on_grab: true
on_download: true
on_upgrade: true
on_rename: true
on_movie_delete: true
on_movie_file_delete: true
on_movie_file_delete_for_upgrade: true
on_application_update: true
@@ -0,0 +1,73 @@
upgrade_allowed: true
cutoff: 7
cutoff_format_score: 5000
min_format_score: 0
language:
id: -2
name: Original
quality_groups:
- qualities:
- id: 7
name: Bluray-1080p
source: bluray
resolution: 1080
- id: 1002
name: "WEB 1080p"
qualities:
- id: 3
name: WEBDL-1080p
source: webdl
resolution: 1080
- id: 15
name: WEBRip-1080p
source: webrip
resolution: 1080
- qualities:
- id: 9
name: HDTV-1080p
source: tv
resolution: 1080
- qualities:
- id: 6
name: Bluray-720p
source: bluray
resolution: 720
- id: 1001
name: "WEB 720p"
qualities:
- id: 5
name: WEBDL-720p
source: webdl
resolution: 720
- id: 14
name: WEBRip-720p
source: webrip
resolution: 720
- qualities:
- id: 4
name: HDTV-720p
source: tv
resolution: 720
- qualities:
- id: 21
name: Bluray-576p
source: bluray
resolution: 576
- qualities:
- id: 20
name: Bluray-480p
source: bluray
resolution: 480
format_items:
- name: x264
format: x264
score: -200
- name: x265
format: x265
score: 1000
- name: 1080p
format: 1080p
score: 500
- name: 720p
format: 720p
score: 200
@@ -0,0 +1,37 @@
upgrade_allowed: true
cutoff: 19
cutoff_format_score: 5000
min_format_score: 0
language:
id: -2
name: Original
quality_groups:
- qualities:
- id: 19
name: Bluray-2160p
source: bluray
resolution: 2160
- id: 1003
name: "WEB 2160p"
qualities:
- id: 18
name: WEBDL-2160p
source: webdl
resolution: 2160
- id: 17
name: WEBRip-2160p
source: webrip
resolution: 2160
format_items:
- name: 2160p
format: 2160p
score: 2000
- name: 1080p
format: 1080p
score: 500
- name: x265
format: x265
score: 2000
- name: x264
format: x264
score: -5000
@@ -0,0 +1,35 @@
upgrade_allowed: true
cutoff: 1002
cutoff_format_score: 300
min_format_score: 300
language:
id: 1
name: English
quality_groups:
- id: 1002
name: "WEB 1080p"
qualities:
- id: 3
name: WEBDL-1080p
source: webdl
resolution: 1080
- id: 15
name: WEBRip-1080p
source: webrip
resolution: 1080
format_items:
- name: 2160p
format: 2160p
score: -300
- name: x264
format: x264
score: -200
- name: x265
format: x265
score: -200
- name: 1080p
format: 1080p
score: -200
- name: 720p
format: 720p
score: 300
+1
View File
@@ -0,0 +1 @@
path: "/shared/media/movies"
+25
View File
@@ -0,0 +1,25 @@
# This file is maintained automatically by "tofu init".
# Manual edits may be lost in future updates.
provider "registry.opentofu.org/devopsarr/radarr" {
version = "2.3.5"
constraints = "2.3.5"
hashes = [
"h1:wrU8A9nJHJ1W1VUSGC9O/J7AUJQOyY1OvKMDuL4W4Kw=",
"zh:18cb2579f9312aee8d17ffa938664f71c9376abea0a6da3d053ebdaef66a2f62",
"zh:19dbdff678f6f5b90da2f61ef4b1afed619a317474b344f9de15db35c57e2e47",
"zh:21af82e9cdd7b85f6a943655675bae1d330d225e6c4c683f9bbabfc938280228",
"zh:26bebd01c85d457dbe7e80978456695f00396ed830878b0151d495a4ce7ef4ba",
"zh:66eba536cf2b5de49c62386e65910347cb4deac6cdf9bec920a1090db6a8a5a4",
"zh:6905bbfbec2b7d67cab381c6491c018163e7cb410e55bfedc598ada378643c56",
"zh:78bdf398fe1db2c63c2ccc9da1b8fc27fb711ae831bef91e3ea198d7d684dc98",
"zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
"zh:8cff19564bf543894fbbca5c936f47fa9446724cefbaa2f63dedd79feb3ca52a",
"zh:94be12c4165d5fda164aff3e7b600e9dab40528563a0758dd198c9ace69437b6",
"zh:9c22c104248cb8022935df1674404bded46a4f4f54daf6ba96ee800316eb95b9",
"zh:a5d217038373d605531537ebaecae8ba136b8c7198a50c6a47c6932cb8485737",
"zh:c244be13b67eecbd395b123986343e77f168dc07eaaf888bc8206db2ba4a6cfc",
"zh:cee38aa1920f5d37ea56421b0ea57ebcefde87b0c57a61c5aa6476d4f185291a",
"zh:e95c3c4caad13cf1e4e37b721205d09564978d514f42ccb56d7ea94a498dad7e",
]
}
@@ -0,0 +1,27 @@
include "root" {
path = find_in_parent_folders("root.hcl")
expose = true
}
include "config" {
path = "${get_repo_root()}/config/config.hcl"
expose = true
}
locals {
config = include.config.locals.config
}
terraform {
source = "../../modules/radarr"
}
inputs = {
custom_formats = local.config.custom_formats
quality_profiles = local.config.quality_profiles
download_clients = local.config.download_clients
indexers = local.config.indexers
notifications = local.config.notifications
delay_profiles = local.config.delay_profiles
root_folders = local.config.root_folders
}
+32
View File
@@ -0,0 +1,32 @@
generate "backend" {
path = "backend.tf"
if_exists = "overwrite"
contents = <<EOF
provider "radarr" {
url = "https://${path_relative_to_include()}"
api_key = var.radarr_api_key
}
variable "radarr_api_key" {
type = string
sensitive = true
}
terraform {
backend "consul" {
address = "https://consul.service.consul"
path = "infra/terraform/radarr/${path_relative_to_include()}/state"
scheme = "https"
lock = true
ca_file = "/etc/pki/tls/certs/ca-bundle.crt"
}
required_version = ">= 1.10"
required_providers {
radarr = {
source = "devopsarr/radarr"
version = "2.3.5"
}
}
}
EOF
}
+102
View File
@@ -0,0 +1,102 @@
resource "radarr_custom_format" "this" {
for_each = var.custom_formats
name = each.key
include_custom_format_when_renaming = lookup(each.value, "include_custom_format_when_renaming", false)
specifications = each.value.specifications
}
resource "radarr_quality_profile" "this" {
for_each = var.quality_profiles
name = each.key
upgrade_allowed = lookup(each.value, "upgrade_allowed", false)
cutoff = each.value.cutoff
cutoff_format_score = lookup(each.value, "cutoff_format_score", 0)
min_format_score = lookup(each.value, "min_format_score", 0)
min_upgrade_format_score = lookup(each.value, "min_upgrade_format_score", 0)
quality_groups = each.value.quality_groups
language = each.value.language
format_items = [
for fi in lookup(each.value, "format_items", []) : {
name = fi.name
format = radarr_custom_format.this[fi.format].id
score = fi.score
}
]
}
resource "radarr_download_client_nzbget" "this" {
for_each = var.download_clients
name = lookup(each.value, "name", each.key)
enable = lookup(each.value, "enable", true)
priority = lookup(each.value, "priority", 1)
host = each.value.host
port = each.value.port
use_ssl = lookup(each.value, "use_ssl", false)
username = lookup(each.value, "username", "")
password = lookup(each.value, "password", "")
movie_category = lookup(each.value, "movie_category", "")
remove_completed_downloads = lookup(each.value, "remove_completed_downloads", true)
remove_failed_downloads = lookup(each.value, "remove_failed_downloads", true)
lifecycle {
ignore_changes = [password]
}
}
resource "radarr_indexer_newznab" "this" {
for_each = var.indexers
name = lookup(each.value, "name", each.key)
enable_automatic_search = lookup(each.value, "enable_automatic_search", true)
enable_interactive_search = lookup(each.value, "enable_interactive_search", true)
enable_rss = lookup(each.value, "enable_rss", true)
priority = lookup(each.value, "priority", 25)
base_url = each.value.base_url
api_path = lookup(each.value, "api_path", "/api")
api_key = lookup(each.value, "api_key", "")
categories = lookup(each.value, "categories", [])
lifecycle {
ignore_changes = [api_key]
}
}
resource "radarr_notification_emby" "this" {
for_each = var.notifications
name = lookup(each.value, "name", each.key)
host = each.value.host
port = each.value.port
use_ssl = lookup(each.value, "use_ssl", false)
api_key = lookup(each.value, "api_key", "")
notify = lookup(each.value, "notify", false)
update_library = lookup(each.value, "update_library", true)
on_grab = lookup(each.value, "on_grab", true)
on_download = lookup(each.value, "on_download", true)
on_upgrade = lookup(each.value, "on_upgrade", true)
on_rename = lookup(each.value, "on_rename", true)
on_movie_delete = each.value.on_movie_delete
on_movie_file_delete = lookup(each.value, "on_movie_file_delete", true)
on_movie_file_delete_for_upgrade = lookup(each.value, "on_movie_file_delete_for_upgrade", true)
on_application_update = lookup(each.value, "on_application_update", true)
lifecycle {
ignore_changes = [api_key]
}
}
resource "radarr_delay_profile" "this" {
for_each = var.delay_profiles
enable_usenet = lookup(each.value, "enable_usenet", true)
enable_torrent = lookup(each.value, "enable_torrent", true)
preferred_protocol = lookup(each.value, "preferred_protocol", "usenet")
usenet_delay = lookup(each.value, "usenet_delay", 0)
torrent_delay = lookup(each.value, "torrent_delay", 0)
bypass_if_highest_quality = lookup(each.value, "bypass_if_highest_quality", true)
tags = each.value.tags
}
resource "radarr_root_folder" "this" {
for_each = var.root_folders
path = each.value.path
}
+34
View File
@@ -0,0 +1,34 @@
variable "custom_formats" {
type = any
default = {}
}
variable "quality_profiles" {
type = any
default = {}
}
variable "download_clients" {
type = any
default = {}
}
variable "indexers" {
type = any
default = {}
}
variable "notifications" {
type = any
default = {}
}
variable "delay_profiles" {
type = any
default = {}
}
variable "root_folders" {
type = any
default = {}
}