homelab/terraform
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Quite a bit
All checks were successful
/ non-lab (push) Successful in 5m20s
Details

Browse source
This commit is contained in:
Chris Cowley 2025-04-01 08:01:18 +00:00
parent d908078ee6
commit ca415c6959
15 changed files with 10601 additions and 64 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

82
authentik/dashy.tf Normal file
View file

@ -0,0 +1,82 @@
resource "random_id" "dashy_client_id" {
byte_length = 16
}
resource "authentik_provider_oauth2" "dashy" {
name = "Dashy"
# Required. You can use the output of:
# $ openssl rand -hex 16
client_id = random_id.dashy_client_id.id
authorization_flow = data.authentik_flow.default-provider-authorization-implicit-consent.id
invalidation_flow = data.authentik_flow.default-invalidation-flow.id
sub_mode = "user_email"
client_type = "public"
allowed_redirect_uris = [
{
matching_mode = "strict",
url = "https://dash.lab.cowley.tech/"
},
{
"matching_mode" = "regex"
"url" = ".*"
},
]
property_mappings = [
data.authentik_property_mapping_provider_scope.scope-email.id,
data.authentik_property_mapping_provider_scope.scope-profile.id,
data.authentik_property_mapping_provider_scope.scope-openid.id,
]
lifecycle {
ignore_changes = [
signing_key,
authentication_flow,
]
}
}
#resource "authentik_provider_oauth2" "dashy" {
# name = "Dashy"
# # Required. You can use the output of:
# # $ openssl rand -hex 16
# client_id = random_id.dashy_client_id.id
# #authentication_flow = data.authentik_flow.default-authentication-flow.id
# authorization_flow = data.authentik_flow.default-provider-authorization-implicit-consent.id
# invalidation_flow = data.authentik_flow.default-invalidation-flow.id
#
# client_type = "public"
#
# allowed_redirect_uris = [
# {
# matched_mode = "strict",
# url = "https://dash.lab.cowley.tech/",
# },
# # {
# # matched_mode = "regex",
# # url = ".*"
# # }
# ]
#
# sub_mode = "user_email"
#
# property_mappings = [
# data.authentik_property_mapping_provider_scope.scope-email.id,
# data.authentik_property_mapping_provider_scope.scope-profile.id,
# data.authentik_property_mapping_provider_scope.scope-openid.id,
# ]
# lifecycle {
# ignore_changes = [
# signing_key,
# authentication_flow,
# ]
# }
#}
#
resource "authentik_application" "dashy" {
name = "Dashy"
slug = "dashy"
protocol_provider = authentik_provider_oauth2.dashy.id
open_in_new_tab = true
}

76
authentik/nextcloud.tf
View file

@ -31,44 +31,44 @@ resource "random_id" "nextcloud_client_id" {
byte_length = 16
}
resource "authentik_provider_oauth2" "nextcloud" {
name = "Nextcloud"
# Required. You can use the output of:
# $ openssl rand -hex 16
client_id = random_id.nextcloud_client_id.id
# Optional: will be generated if not provided
# client_secret = "my_client_secret"
sub_mode = "user_uuid"
authorization_flow = data.authentik_flow.default-provider-authorization-implicit-consent.id
invalidation_flow = data.authentik_flow.default-invalidation-flow.id
allowed_redirect_uris = [
{
matching_mode = "strict"
url = "https://cloud.lab.cowley.tech/apps/user_oidc/code",
}
]
property_mappings = [
data.authentik_property_mapping_provider_scope.scope-email.id,
authentik_property_mapping_provider_scope.nextcloud-scope.id
]
lifecycle {
ignore_changes = [
signing_key,
authentication_flow,
]
}
}
resource "authentik_application" "nextcloud" {
name = "Nextcloud"
slug = "nextcloud"
protocol_provider = authentik_provider_oauth2.nextcloud.id
}
#resource "authentik_provider_oauth2" "nextcloud" {
# name = "Nextcloud"
# # Required. You can use the output of:
# # $ openssl rand -hex 16
# client_id = random_id.nextcloud_client_id.id
#
# # Optional: will be generated if not provided
# # client_secret = "my_client_secret"
#
# sub_mode = "user_uuid"
# authorization_flow = data.authentik_flow.default-provider-authorization-implicit-consent.id
# invalidation_flow = data.authentik_flow.default-invalidation-flow.id
#
# allowed_redirect_uris = [
# {
# matching_mode = "strict"
# url = "https://cloud.lab.cowley.tech/apps/user_oidc/code",
# }
# ]
#
# property_mappings = [
# data.authentik_property_mapping_provider_scope.scope-email.id,
# authentik_property_mapping_provider_scope.nextcloud-scope.id
# ]
#
# lifecycle {
# ignore_changes = [
# signing_key,
# authentication_flow,
# ]
# }
#}
#
#resource "authentik_application" "nextcloud" {
# name = "Nextcloud"
# slug = "nextcloud"
# protocol_provider = authentik_provider_oauth2.nextcloud.id
#}
resource "authentik_group" "nextcloud_admins" {
name = "Nextcloud Admins"

4
authentik/outposts.tf
View file

@ -1,9 +1,11 @@
resource "authentik_outpost" "embedded_outpost" {
name = "authentik Embedded Outpost"
protocol_providers = [
authentik_provider_proxy.spotizerr.id,
authentik_provider_proxy.esphome.id,
authentik_provider_proxy.pinchflat.id,
authentik_provider_proxy.paperless-gpt.id,
#authentik_provider_proxy.tubearchivist.id,
#authentik_provider_proxy.spotizerr.id,
]
service_connection = authentik_service_connection_kubernetes.local.id

20
authentik/paperless-gpt.tf Normal file
View file

@ -0,0 +1,20 @@
resource "authentik_provider_proxy" "paperless-gpt" {
name = "Paperless-gpt"
internal_host = "http://paperless-gpt.paperless-ngx:8080"
external_host = "https://paperless-gpt.lab.cowley.tech"
internal_host_ssl_validation = false
authentication_flow = data.authentik_flow.default-authentication-flow.id
authorization_flow = data.authentik_flow.default-provider-authorization-implicit-consent.id
invalidation_flow = data.authentik_flow.default-provider-invalidation-flow.id
access_token_validity = "hours=24"
}
resource "authentik_application" "paperless-gpt" {
name = "Paperless-gpt"
slug = "paperless-gpt"
protocol_provider = authentik_provider_proxy.paperless-gpt.id
}

20
authentik/pinchflat.tf Normal file
View file

@ -0,0 +1,20 @@
resource "authentik_provider_proxy" "pinchflat" {
name = "Pinchflat"
internal_host = "http://pinchflat.jellyfin:8945"
external_host = "https://pinchflat.lab.cowley.tech"
internal_host_ssl_validation = false
authentication_flow = data.authentik_flow.default-authentication-flow.id
authorization_flow = data.authentik_flow.default-provider-authorization-implicit-consent.id
invalidation_flow = data.authentik_flow.default-provider-invalidation-flow.id
access_token_validity = "hours=24"
}
resource "authentik_application" "pinchflat" {
name = "Pinchflat"
slug = "pinchflat"
protocol_provider = authentik_provider_proxy.pinchflat.id
}

44
authentik/spotizerr.tf
View file

@ -1,22 +1,22 @@
resource "authentik_provider_proxy" "spotizerr" {
name = "Spotizerr"
internal_host = "http://spotizerr.jellyfin:7171"
external_host = "https://spotizerr.lab.cowley.tech"
internal_host_ssl_validation = false
authentication_flow = data.authentik_flow.default-authentication-flow.id
authorization_flow = data.authentik_flow.default-provider-authorization-implicit-consent.id
invalidation_flow = data.authentik_flow.default-provider-invalidation-flow.id
access_token_validity = "hours=24"
}
resource "authentik_application" "spotizerr" {
name = "Spotizerr"
slug = "spotizerr"
protocol_provider = authentik_provider_proxy.spotizerr.id
}
#resource "authentik_provider_proxy" "spotizerr" {
# name = "Spotizerr"
# internal_host = "http://spotizerr.jellyfin:7171"
# external_host = "https://spotizerr.lab.cowley.tech"
#
# internal_host_ssl_validation = false
#
# authentication_flow = data.authentik_flow.default-authentication-flow.id
# authorization_flow = data.authentik_flow.default-provider-authorization-implicit-consent.id
# invalidation_flow = data.authentik_flow.default-provider-invalidation-flow.id
#
# access_token_validity = "hours=24"
#}
#
#resource "authentik_application" "spotizerr" {
# name = "Spotizerr"
# slug = "spotizerr"
#
# protocol_provider = authentik_provider_proxy.spotizerr.id
#}
#
#

2
authentik/tubearchivist.tf
View file

@ -18,5 +18,3 @@
#
# protocol_provider = authentik_provider_proxy.tubearchivist.id
#}
#
#

9
grafana/dashboards.tf
View file

@ -18,3 +18,12 @@ resource "grafana_dashboard" "Kubernetes" {
config_json = file("${path.module}/dashboards/kubernetes/${each.key}")
folder = grafana_folder.Kubernetes.id
}
resource "grafana_folder" "pinchflat" {
title = "Pinchflat"
}
resource "grafana_dashboard" "pinchflat" {
for_each = fileset("${path.module}/dashboards/pinchflat", "*.json")
config_json = file("${path.module}/dashboards/pinchflat/${each.key}")
folder = grafana_folder.pinchflat.id
}

2
grafana/dashboards/HASS/energy.json
View file

@ -282,7 +282,7 @@
"uid": "prometheus"
},
"editorMode": "code",
"expr": "homeassistant_sensor_temperature_celsius{entity!~\".*garage.*\"}",
"expr": "homeassistant_sensor_temperature_celsius{entity!~\".*garage.*|.*shelly1.*\"}",
"instant": false,
"interval": "5m",
"legendFormat": "{{friendly_name}}",

607
grafana/dashboards/pinchflat/application.json Normal file
View file

@ -0,0 +1,607 @@
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": "-- Grafana --",
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
},
{
"datasource": "-- Grafana --",
"enable": true,
"hide": true,
"iconColor": "#73BF69",
"limit": 100,
"name": "PromEx service start",
"showIn": 0,
"tags": ["prom_ex", "pinchflat", "start"],
"type": "tags"
},
{
"datasource": "-- Grafana --",
"enable": true,
"hide": true,
"iconColor": "#FF9830",
"limit": 100,
"name": "PromEx service stop",
"showIn": 0,
"tags": ["prom_ex", "pinchflat", "stop"],
"type": "tags"
}
]
},
"description": "All the data that is presented here is captured by the PromEx Application plugin (https://github.com/akoutmos/prom_ex/blob/master/lib/prom_ex/plugins/application.ex)",
"editable": false,
"gnetId": null,
"graphTooltip": 1,
"id": null,
"links": [
{
"asDropdown": false,
"icon": "bolt",
"includeVars": false,
"keepTime": false,
"tags": [],
"targetBlank": true,
"title": "Sponsor PromEx",
"tooltip": "",
"type": "link",
"url": "https://github.com/sponsors/akoutmos"
},
{
"asDropdown": false,
"icon": "doc",
"includeVars": false,
"keepTime": false,
"tags": [],
"targetBlank": true,
"title": "Application Plugin Docs",
"tooltip": "",
"type": "link",
"url": "https://hexdocs.pm/prom_ex/PromEx.Plugins.Application.html"
}
],
"panels": [
{
"datasource": "prometheus",
"description": "The amount of time that the application has been running.",
"fieldConfig": {
"defaults": {
"custom": {},
"decimals": 1,
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
}
]
},
"unit": "dtdurationms"
},
"overrides": []
},
"gridPos": {
"h": 6,
"w": 8,
"x": 0,
"y": 0
},
"id": 6,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": ["last"],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "7.1.3",
"targets": [
{
"expr": "pinchflat_prom_ex_application_uptime_milliseconds_count{job=\"$job\", instance=\"$instance\"}",
"format": "table",
"instant": true,
"interval": "",
"legendFormat": "",
"refId": "A"
}
],
"timeFrom": null,
"timeShift": null,
"title": "Application Uptime",
"type": "stat"
},
{
"datasource": "prometheus",
"description": "The data is populated by the PromEx Application plugin and provides information regarding your application's dependencies.",
"fieldConfig": {
"defaults": {
"custom": {
"align": "left",
"displayMode": "auto"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Status"
},
"properties": [
{
"id": "custom.displayMode",
"value": "color-background"
},
{
"id": "mappings",
"value": [
{
"from": "",
"id": 0,
"text": "Started",
"to": "",
"type": 1,
"value": "1"
},
{
"from": "",
"id": 1,
"text": "Loaded",
"to": "",
"type": 1,
"value": "0"
}
]
},
{
"id": "custom.align",
"value": "center"
},
{
"id": "custom.width",
"value": 202
}
]
},
{
"matcher": {
"id": "byName",
"options": "Name"
},
"properties": [
{
"id": "custom.width",
"value": 349
}
]
},
{
"matcher": {
"id": "byName",
"options": "Version"
},
"properties": [
{
"id": "custom.width",
"value": 187
}
]
}
]
},
"gridPos": {
"h": 36,
"w": 16,
"x": 8,
"y": 0
},
"id": 2,
"options": {
"showHeader": true,
"sortBy": [
{
"desc": false,
"displayName": "Name"
}
]
},
"pluginVersion": "7.1.3",
"targets": [
{
"expr": "pinchflat_prom_ex_application_dependency_info{job=\"$job\", instance=\"$instance\"}",
"format": "table",
"instant": true,
"interval": "",
"legendFormat": "",
"refId": "A"
}
],
"timeFrom": null,
"timeShift": null,
"title": "Dependency Information",
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"Time": true,
"__name__": true,
"instance": true,
"job": true,
"Value": true
},
"indexByName": {
"Time": 0,
"Value": 4,
"__name__": 1,
"instance": 2,
"job": 3,
"modules": 7,
"name": 5,
"version": 6
},
"renameByName": {
"Value": "Status",
"modules": "Number of Modules Loaded",
"name": "Name",
"version": "Version"
}
}
}
],
"type": "table"
},
{
"datasource": "prometheus",
"description": "The name of the primary application that is running.",
"fieldConfig": {
"defaults": {
"custom": {},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 6,
"w": 8,
"x": 0,
"y": 6
},
"id": 11,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": ["last"],
"fields": "/^name$/",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "7.1.3",
"targets": [
{
"expr": "pinchflat_prom_ex_application_primary_info{job=\"$job\", instance=\"$instance\"}",
"format": "table",
"instant": true,
"interval": "",
"legendFormat": "",
"refId": "A"
}
],
"timeFrom": null,
"timeShift": null,
"title": "Application Name",
"type": "stat"
},
{
"datasource": "prometheus",
"description": "The Git SHA of the application.",
"fieldConfig": {
"defaults": {
"custom": {},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 6,
"w": 8,
"x": 0,
"y": 12
},
"id": 10,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": ["last"],
"fields": "/^sha$/",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "7.1.3",
"targets": [
{
"expr": "pinchflat_prom_ex_application_git_sha_info{job=\"$job\", instance=\"$instance\"}",
"format": "table",
"instant": true,
"interval": "",
"legendFormat": "",
"refId": "A"
}
],
"timeFrom": null,
"timeShift": null,
"title": "Application Git SHA",
"type": "stat"
},
{
"datasource": "prometheus",
"description": "The author of the application's last Git commit.",
"fieldConfig": {
"defaults": {
"custom": {},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 6,
"w": 8,
"x": 0,
"y": 18
},
"id": 12,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": ["last"],
"fields": "/^author$/",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "7.1.3",
"targets": [
{
"expr": "pinchflat_prom_ex_application_git_author_info{job=\"$job\", instance=\"$instance\"}",
"format": "table",
"instant": true,
"interval": "",
"legendFormat": "",
"refId": "A"
}
],
"timeFrom": null,
"timeShift": null,
"title": "Application Git Author",
"type": "stat"
},
{
"datasource": "prometheus",
"description": "The version of the primary application that is running.",
"fieldConfig": {
"defaults": {
"custom": {},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 6,
"w": 8,
"x": 0,
"y": 24
},
"id": 7,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": ["last"],
"fields": "/^version$/",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "7.1.3",
"targets": [
{
"expr": "pinchflat_prom_ex_application_primary_info{job=\"$job\", instance=\"$instance\"}",
"format": "table",
"instant": true,
"interval": "",
"legendFormat": "",
"refId": "A"
}
],
"timeFrom": null,
"timeShift": null,
"title": "Application Version",
"type": "stat"
},
{
"datasource": "prometheus",
"description": "The number of modules loaded by the primary application that is running.",
"fieldConfig": {
"defaults": {
"custom": {},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 6,
"w": 8,
"x": 0,
"y": 30
},
"id": 9,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": ["last"],
"fields": "/^modules$/",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "7.1.3",
"targets": [
{
"expr": "pinchflat_prom_ex_application_primary_info{job=\"$job\", instance=\"$instance\"}",
"format": "table",
"instant": true,
"interval": "",
"legendFormat": "",
"refId": "A"
}
],
"timeFrom": null,
"timeShift": null,
"title": "Application Modules Loaded",
"type": "stat"
}
],
"refresh": "5s",
"schemaVersion": 26,
"style": "dark",
"tags": ["PromEx", "Application", "pinchflat"],
"templating": {
"list": [
{
"allValue": null,
"datasource": "prometheus",
"definition": "label_values(pinchflat_prom_ex_prom_ex_status_info, job)",
"hide": 0,
"includeAll": false,
"label": "Prometheus Job",
"multi": false,
"name": "job",
"options": [],
"query": "label_values(pinchflat_prom_ex_prom_ex_status_info, job)",
"refresh": 2,
"regex": "",
"skipUrlSync": false,
"sort": 6,
"tagValuesQuery": "",
"tags": [],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": null,
"datasource": "prometheus",
"definition": "label_values(pinchflat_prom_ex_prom_ex_status_info, instance)",
"hide": 0,
"includeAll": false,
"label": "Application Instance",
"multi": false,
"name": "instance",
"options": [],
"query": "label_values(pinchflat_prom_ex_prom_ex_status_info{job=\"$job\"}, instance)",
"refresh": 2,
"regex": "",
"skipUrlSync": false,
"sort": 0,
"tagValuesQuery": "",
"tags": [],
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {
"refresh_intervals": ["5s", "10s", "30s", "1m", "5m"]
},
"timezone": "",
"title": "Pinchflat - PromEx Application Dashboard",
"uid": "7DBBC471C5775585391E8F24D1E62319",
"version": 1
}

2328
grafana/dashboards/pinchflat/beam.json Normal file
View file

File diff suppressed because it is too large Load diff

1247
grafana/dashboards/pinchflat/ecto.json Normal file
View file

File diff suppressed because it is too large Load diff

2866
grafana/dashboards/pinchflat/oban.json Normal file
View file

File diff suppressed because it is too large Load diff

1978
grafana/dashboards/pinchflat/phoenix.json Normal file
View file

File diff suppressed because it is too large Load diff

1380
grafana/dashboards/pinchflat/phoenix_live_view.json Normal file
View file

File diff suppressed because it is too large Load diff