feat: initial radarr terraform configuration #1

Merged
benvin merged 7 commits from feat/initial-config into main 2026-06-30 00:12:27 +10:00
24 changed files with 634 additions and 0 deletions
Showing only changes of commit a00affbf46 - Show all commits
+6
View File
@@ -0,0 +1,6 @@
.terraform/
*.tfstate
*.tfstate.backup
*.tfplan
backend.tf
.terragrunt-cache/
+24
View File
@@ -0,0 +1,24 @@
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.4.0
hooks:
- id: end-of-file-fixer
types: [yaml]
- id: trailing-whitespace
types: [yaml]
- repo: https://github.com/gruntwork-io/pre-commit
rev: v0.1.30
hooks:
- id: tofu-fmt
- id: tofu-validate
- id: tflint
- id: terragrunt-hcl-fmt
- repo: https://github.com/adrienverge/yamllint.git
rev: v1.37.1
hooks:
- id: yamllint
args:
[
"-d {extends: relaxed, rules: {line-length: disable}, ignore: chart}",
"-s",
]
+23
View File
@@ -0,0 +1,23 @@
when:
- event: push
branch: main
steps:
- name: apply
image: git.unkin.net/unkin/almalinux9-opentofu:20260606
environment:
VAULT_AUTH_METHOD: kubernetes
commands:
- dnf install vault -y
- make plan
- make apply
backend_options:
kubernetes:
serviceAccountName: terraform-radarr
resources:
requests:
memory: 512Mi
cpu: 1
limits:
memory: 2Gi
cpu: 2
+21
View File
@@ -0,0 +1,21 @@
when:
- event: pull_request
steps:
- name: plan
image: git.unkin.net/unkin/almalinux9-opentofu:20260606
environment:
VAULT_AUTH_METHOD: kubernetes
commands:
- dnf install vault -y
- make plan
backend_options:
kubernetes:
serviceAccountName: terraform-radarr
resources:
requests:
memory: 512Mi
cpu: 1
limits:
memory: 2Gi
cpu: 2
+18
View File
@@ -0,0 +1,18 @@
when:
- event: pull_request
steps:
- name: pre-commit
image: git.unkin.net/unkin/almalinux9-opentofu:20260606
commands:
- uvx pre-commit run --all-files
backend_options:
kubernetes:
serviceAccountName: default
resources:
requests:
memory: 512Mi
cpu: 1
limits:
memory: 2Gi
cpu: 2
+35
View File
@@ -0,0 +1,35 @@
.PHONY: init plan apply format
VAULT_AUTH_METHOD ?= approle
VAULT_K8S_ROLE ?= woodpecker_terraform_radarr
VAULT_K8S_MOUNT ?= auth/k8s/au/syd1
VAULT_K8S_JWT_PATH ?= /var/run/secrets/kubernetes.io/serviceaccount/token
define vault_env
@export VAULT_ADDR="https://vault.service.consul:8200" && \
if [ "$(VAULT_AUTH_METHOD)" = "kubernetes" ]; then \
export VAULT_TOKEN=$$(vault write -field=token $(VAULT_K8S_MOUNT)/login role=$(VAULT_K8S_ROLE) jwt=$$(cat $(VAULT_K8S_JWT_PATH))); \
else \
export VAULT_TOKEN=$$(vault write -field=token auth/approle/login role_id=$$VAULT_ROLEID); \
fi && \
export CONSUL_HTTP_TOKEN=$$(vault read -field=token consul_root/au/syd1/creds/terraform-radarr) && \
export RADARR_API_KEY=$$(vault kv get -field=apitoken kv/service/media-apps/radarr)
endef
init:
@$(call vault_env) && \
terragrunt run --all --non-interactive init -- -upgrade
plan: init
@$(call vault_env) && \
terragrunt run --all --parallelism 4 --non-interactive plan
apply: init
@$(call vault_env) && \
terragrunt run --all --parallelism 2 --non-interactive apply
format:
@echo "Formatting OpenTofu files..."
@tofu fmt -recursive .
@echo "Formatting Terragrunt files..."
@terragrunt hcl fmt
+46
View File
@@ -0,0 +1,46 @@
locals {
config_files = fileset(".", "**/*.yaml")
all_configs = {
for file_path in local.config_files :
file_path => yamldecode(file(file_path))
}
config = {
custom_formats = {
for file_path, content in local.all_configs :
trimsuffix(basename(file_path), ".yaml") => content
if startswith(file_path, "custom_format/")
}
quality_profiles = {
for file_path, content in local.all_configs :
trimsuffix(basename(file_path), ".yaml") => content
if startswith(file_path, "quality_profile/")
}
download_clients = {
for file_path, content in local.all_configs :
trimsuffix(basename(file_path), ".yaml") => content
if startswith(file_path, "download_client/")
}
indexers = {
for file_path, content in local.all_configs :
trimsuffix(basename(file_path), ".yaml") => content
if startswith(file_path, "indexer/")
}
notifications = {
for file_path, content in local.all_configs :
trimsuffix(basename(file_path), ".yaml") => content
if startswith(file_path, "notification/")
}
delay_profiles = {
for file_path, content in local.all_configs :
trimsuffix(basename(file_path), ".yaml") => content
if startswith(file_path, "delay_profile/")
}
root_folders = {
for file_path, content in local.all_configs :
trimsuffix(basename(file_path), ".yaml") => content
if startswith(file_path, "root_folder/")
}
}
}
+9
View File
@@ -0,0 +1,9 @@
include_custom_format_when_renaming: false
specifications:
- name: 1080p
implementation: ResolutionSpecification
negate: false
required: false
fields:
- name: value
value: "1080"
+9
View File
@@ -0,0 +1,9 @@
include_custom_format_when_renaming: false
specifications:
- name: 2160p
implementation: ResolutionSpecification
negate: false
required: false
fields:
- name: value
value: "2160"
+9
View File
@@ -0,0 +1,9 @@
include_custom_format_when_renaming: false
specifications:
- name: 720p
implementation: ResolutionSpecification
negate: false
required: false
fields:
- name: value
value: "720"
+9
View File
@@ -0,0 +1,9 @@
include_custom_format_when_renaming: false
specifications:
- name: x264
implementation: ReleaseTitleSpecification
negate: false
required: false
fields:
- name: value
value: "(x|h)\\.?264"
+9
View File
@@ -0,0 +1,9 @@
include_custom_format_when_renaming: false
specifications:
- name: x265
implementation: ReleaseTitleSpecification
negate: false
required: false
fields:
- name: value
value: "(((x|h)\\.?265)|(HEVC))"
+9
View File
@@ -0,0 +1,9 @@
enable_usenet: true
enable_torrent: true
preferred_protocol: usenet
usenet_delay: 0
torrent_delay: 0
bypass_if_highest_quality: true
bypass_if_above_custom_format_score: false
minimum_custom_format_score: 0
tags: []
+10
View File
@@ -0,0 +1,10 @@
enable: true
priority: 1
host: nzbget.service.consul
port: 443
use_ssl: true
username: ""
password: ""
movie_category: movies
remove_completed_downloads: true
remove_failed_downloads: true
+17
View File
@@ -0,0 +1,17 @@
enable_automatic_search: true
enable_interactive_search: true
enable_rss: true
priority: 25
base_url: "https://prowlarr.service.consul/1/"
api_path: "/api"
api_key: ""
categories:
- 2000
- 2010
- 2020
- 2030
- 2040
- 2045
- 2050
- 2060
download_client_id: 0
+14
View File
@@ -0,0 +1,14 @@
host: jellyfin.service.consul
port: 443
use_ssl: true
api_key: ""
notify: false
update_library: true
on_grab: true
on_download: true
on_upgrade: true
on_rename: true
on_movie_delete: true
on_movie_file_delete: true
on_movie_file_delete_for_upgrade: true
on_application_update: true
@@ -0,0 +1,78 @@
upgrade_allowed: true
cutoff: 7
cutoff_format_score: 5000
min_format_score: 0
quality_groups:
- id: 20
qualities:
- id: 20
name: Bluray-480p
source: bluray
resolution: 480
- id: 21
qualities:
- id: 21
name: Bluray-576p
source: bluray
resolution: 576
- id: 4
qualities:
- id: 4
name: HDTV-720p
source: tv
resolution: 720
- id: 5
qualities:
- id: 5
name: WEBDL-720p
source: webdl
resolution: 720
- id: 14
qualities:
- id: 14
name: WEBRip-720p
source: webrip
resolution: 720
- id: 6
qualities:
- id: 6
name: Bluray-720p
source: bluray
resolution: 720
- id: 9
qualities:
- id: 9
name: HDTV-1080p
source: tv
resolution: 1080
- id: 3
qualities:
- id: 3
name: WEBDL-1080p
source: webdl
resolution: 1080
- id: 15
qualities:
- id: 15
name: WEBRip-1080p
source: webrip
resolution: 1080
- id: 7
qualities:
- id: 7
name: Bluray-1080p
source: bluray
resolution: 1080
format_items:
- name: x264
format: x264
score: -200
- name: x265
format: x265
score: 1000
- name: 1080p
format: 1080p
score: 500
- name: 720p
format: 720p
score: 200
@@ -0,0 +1,36 @@
upgrade_allowed: true
cutoff: 19
cutoff_format_score: 5000
min_format_score: 0
quality_groups:
- id: 18
qualities:
- id: 18
name: WEBDL-2160p
source: webdl
resolution: 2160
- id: 17
qualities:
- id: 17
name: WEBRip-2160p
source: webrip
resolution: 2160
- id: 19
qualities:
- id: 19
name: Bluray-2160p
source: bluray
resolution: 2160
format_items:
- name: 2160p
format: 2160p
score: 2000
- name: 1080p
format: 1080p
score: 500
- name: x265
format: x265
score: 2000
- name: x264
format: x264
score: -5000
@@ -0,0 +1,32 @@
upgrade_allowed: true
cutoff: 1002
cutoff_format_score: 300
min_format_score: 300
quality_groups:
- id: 1002
name: "WEB 1080p"
qualities:
- id: 3
name: WEBDL-1080p
source: webdl
resolution: 1080
- id: 15
name: WEBRip-1080p
source: webrip
resolution: 1080
format_items:
- name: 2160p
format: 2160p
score: -300
- name: x264
format: x264
score: -200
- name: x265
format: x265
score: -200
- name: 1080p
format: 1080p
score: -200
- name: 720p
format: 720p
score: 300
+1
View File
@@ -0,0 +1 @@
path: "/shared/media/movies"
@@ -0,0 +1,27 @@
include "root" {
path = find_in_parent_folders("root.hcl")
expose = true
}
include "config" {
path = "${get_repo_root()}/config/config.hcl"
expose = true
}
locals {
config = include.config.locals.config
}
terraform {
source = "../../modules/radarr"
}
inputs = {
custom_formats = local.config.custom_formats
quality_profiles = local.config.quality_profiles
download_clients = local.config.download_clients
indexers = local.config.indexers
notifications = local.config.notifications
delay_profiles = local.config.delay_profiles
root_folders = local.config.root_folders
}
+32
View File
@@ -0,0 +1,32 @@
generate "backend" {
path = "backend.tf"
if_exists = "overwrite"
contents = <<EOF
provider "radarr" {
url = "https://${path_relative_to_include()}"
api_key = var.radarr_api_key
}
variable "radarr_api_key" {
type = string
sensitive = true
}
terraform {
backend "consul" {
address = "https://consul.service.consul"
path = "infra/terraform/radarr/${path_relative_to_include()}/state"
scheme = "https"
lock = true
ca_file = "/etc/pki/tls/certs/ca-bundle.crt"
}
required_version = ">= 1.10"
required_providers {
radarr = {
source = "devopsarr/radarr"
version = "2.3.5"
}
}
}
EOF
}
+126
View File
@@ -0,0 +1,126 @@
resource "radarr_custom_format" "this" {
for_each = var.custom_formats
name = each.key
include_custom_format_when_renaming = lookup(each.value, "include_custom_format_when_renaming", false)
dynamic "specifications" {
for_each = each.value.specifications
content {
name = specifications.value.name
implementation = specifications.value.implementation
negate = lookup(specifications.value, "negate", false)
required = lookup(specifications.value, "required", false)
dynamic "fields" {
for_each = lookup(specifications.value, "fields", [])
content {
name = fields.value.name
value = tostring(lookup(fields.value, "value", ""))
}
}
}
}
}
resource "radarr_quality_profile" "this" {
for_each = var.quality_profiles
name = each.key
upgrade_allowed = lookup(each.value, "upgrade_allowed", false)
cutoff = each.value.cutoff
cutoff_format_score = lookup(each.value, "cutoff_format_score", 0)
min_format_score = lookup(each.value, "min_format_score", 0)
dynamic "quality_groups" {
for_each = each.value.quality_groups
content {
id = quality_groups.value.id
name = lookup(quality_groups.value, "name", null)
dynamic "qualities" {
for_each = quality_groups.value.qualities
content {
id = qualities.value.id
name = qualities.value.name
source = qualities.value.source
resolution = qualities.value.resolution
}
}
}
}
dynamic "format_items" {
for_each = lookup(each.value, "format_items", [])
content {
name = format_items.value.name
format = format_items.value.format
score = format_items.value.score
}
}
}
resource "radarr_download_client_nzbget" "this" {
for_each = var.download_clients
name = each.key
enable = lookup(each.value, "enable", true)
priority = lookup(each.value, "priority", 1)
host = each.value.host
port = each.value.port
use_ssl = lookup(each.value, "use_ssl", false)
username = lookup(each.value, "username", "")
password = lookup(each.value, "password", "")
movie_category = lookup(each.value, "movie_category", "")
remove_completed_downloads = lookup(each.value, "remove_completed_downloads", true)
remove_failed_downloads = lookup(each.value, "remove_failed_downloads", true)
}
resource "radarr_indexer_newznab" "this" {
for_each = var.indexers
name = each.key
enable_automatic_search = lookup(each.value, "enable_automatic_search", true)
enable_interactive_search = lookup(each.value, "enable_interactive_search", true)
enable_rss = lookup(each.value, "enable_rss", true)
priority = lookup(each.value, "priority", 25)
base_url = each.value.base_url
api_path = lookup(each.value, "api_path", "/api")
api_key = lookup(each.value, "api_key", "")
categories = lookup(each.value, "categories", [])
download_client_id = lookup(each.value, "download_client_id", 0)
}
resource "radarr_notification_emby" "this" {
for_each = var.notifications
name = each.key
host = each.value.host
port = each.value.port
use_ssl = lookup(each.value, "use_ssl", false)
api_key = lookup(each.value, "api_key", "")
notify = lookup(each.value, "notify", false)
update_library = lookup(each.value, "update_library", true)
on_grab = lookup(each.value, "on_grab", true)
on_download = lookup(each.value, "on_download", true)
on_upgrade = lookup(each.value, "on_upgrade", true)
on_rename = lookup(each.value, "on_rename", true)
on_movie_delete = lookup(each.value, "on_movie_delete", true)
on_movie_file_delete = lookup(each.value, "on_movie_file_delete", true)
on_movie_file_delete_for_upgrade = lookup(each.value, "on_movie_file_delete_for_upgrade", true)
on_application_update = lookup(each.value, "on_application_update", true)
}
resource "radarr_delay_profile" "this" {
for_each = var.delay_profiles
enable_usenet = lookup(each.value, "enable_usenet", true)
enable_torrent = lookup(each.value, "enable_torrent", true)
preferred_protocol = lookup(each.value, "preferred_protocol", "usenet")
usenet_delay = lookup(each.value, "usenet_delay", 0)
torrent_delay = lookup(each.value, "torrent_delay", 0)
bypass_if_highest_quality = lookup(each.value, "bypass_if_highest_quality", true)
bypass_if_above_custom_format_score = lookup(each.value, "bypass_if_above_custom_format_score", false)
minimum_custom_format_score = lookup(each.value, "minimum_custom_format_score", 0)
tags = lookup(each.value, "tags", [])
}
resource "radarr_root_folder" "this" {
for_each = var.root_folders
path = each.value.path
}
+34
View File
@@ -0,0 +1,34 @@
variable "custom_formats" {
type = map(any)
default = {}
}
variable "quality_profiles" {
type = map(any)
default = {}
}
variable "download_clients" {
type = map(any)
default = {}
}
variable "indexers" {
type = map(any)
default = {}
}
variable "notifications" {
type = map(any)
default = {}
}
variable "delay_profiles" {
type = map(any)
default = {}
}
variable "root_folders" {
type = map(any)
default = {}
}