diff --git a/roles/authentik/vars/main.yml b/roles/authentik/vars/main.yml index 178b0e1..f0e9877 100644 --- a/roles/authentik/vars/main.yml +++ b/roles/authentik/vars/main.yml @@ -6,9 +6,9 @@ authentik_svc: image_tag: 2024.8 db: host: "{{ postgres.host }}" - database: authentik - user: "{{ vault_authentik.db.user }}" - pass: "{{ vault_authentik.db.pass }}" + user: "{{ opentofu.postgresql_data.authentik.user }}" + pass: "{{ opentofu.postgresql_data.authentik.pass }}" + database: "{{ opentofu.postgresql_data.authentik.database }}" authentik_env: AUTHENTIK_SECRET_KEY: "{{ vault_authentik.secret_key }}" diff --git a/roles/shlink/vars/main.yml b/roles/shlink/vars/main.yml index beda88e..0ba249d 100644 --- a/roles/shlink/vars/main.yml +++ b/roles/shlink/vars/main.yml @@ -20,9 +20,9 @@ shlink_env: DB_DRIVER: postgres DB_HOST: "{{ postgres.host }}" DB_PORT: "{{ postgres.port }}" - DB_NAME: shlink - DB_USER: "{{ vault_shlink.db.user }}" - DB_PASSWORD: "{{ vault_shlink.db.pass }}" + DB_NAME: "{{ opentofu.postgresql_data.shlink.database }}" + DB_USER: "{{ opentofu.postgresql_data.shlink.user }}" + DB_PASSWORD: "{{ opentofu.postgresql_data.shlink.pass }}" GEOLITE_LICENSE_KEY: "{{ vault_shlink.geolite_key }}" diff --git a/roles/synapse/vars/main.yml b/roles/synapse/vars/main.yml index 3e615d6..a0dfdb1 100644 --- a/roles/synapse/vars/main.yml +++ b/roles/synapse/vars/main.yml @@ -19,9 +19,9 @@ synapse_svc: port: 8008 db: host: "{{ postgres.host }}" - database: synapse - user: "{{ vault_synapse.db.user }}" - pass: "{{ vault_synapse.db.pass }}" + user: "{{ opentofu.postgresql_data.synapse.user }}" + pass: "{{ opentofu.postgresql_data.synapse.pass }}" + database: "{{ opentofu.postgresql_data.synapse.database }}" config_path: config synapse_env: @@ -80,9 +80,9 @@ synapse_yml: oidc_providers: - idp_id: auth_serguzim_me idp_name: auth.serguzim.me - issuer: https://auth.serguzim.me/application/o/matrix_serguzim_me/ - client_id: "{{ vault_synapse.oidc_client.id }}" - client_secret: "{{ vault_synapse.oidc_client.secret }}" + issuer: "{{ opentofu.authentik_data.synapse.base_url }}" + client_id: "{{ opentofu.authentik_data.synapse.client_id }}" + client_secret: "{{ opentofu.authentik_data.synapse.client_secret }}" scopes: - openid - profile diff --git a/roles/tandoor/vars/main.yml b/roles/tandoor/vars/main.yml index 0694ebd..939e385 100644 --- a/roles/tandoor/vars/main.yml +++ b/roles/tandoor/vars/main.yml @@ -6,9 +6,9 @@ tandoor_svc: db: host: "{{ postgres.host }}" port: "{{ postgres.port }}" - database: tandoor - user: "{{ vault_tandoor.db.user }}" - pass: "{{ vault_tandoor.db.pass }}" + user: "{{ opentofu.postgresql_data.tandoor.user }}" + pass: "{{ opentofu.postgresql_data.tandoor.pass }}" + database: "{{ opentofu.postgresql_data.tandoor.database }}" tandoor_env: DEBUG: 0 diff --git a/roles/telegraf/vars/main.yml b/roles/telegraf/vars/main.yml index 363ed13..178938d 100644 --- a/roles/telegraf/vars/main.yml +++ b/roles/telegraf/vars/main.yml @@ -19,11 +19,11 @@ telegraf_svc: - https://git.serguzim.me/metrics bearer_token: "{{ vault_metrics_token }}" postgresql: - user: "{{ vault_telegraf.db.user }}" - pass: "{{ vault_telegraf.db.pass }}" host: "{{ postgres.host }}" port: "{{ postgres.port }}" - database: telegraf + user: "{{ opentofu.postgresql_data.telegraf.user }}" + pass: "{{ opentofu.postgresql_data.telegraf.pass }}" + database: "{{ opentofu.postgresql_data.telegraf.database }}" docker_log: endpoint: unix:///var/run/docker.sock source_tag: false diff --git a/roles/woodpecker/vars/main.yml b/roles/woodpecker/vars/main.yml index ddb85e1..694fd4b 100644 --- a/roles/woodpecker/vars/main.yml +++ b/roles/woodpecker/vars/main.yml @@ -10,9 +10,9 @@ woodpecker_svc: db: host: "{{ postgres.host }}" port: "{{ postgres.port }}" - database: woodpecker - user: "{{ vault_woodpecker.db.user }}" - pass: "{{ vault_woodpecker.db.pass }}" + database: "{{ opentofu.postgresql_data.woodpecker.database }}" + user: "{{ opentofu.postgresql_data.woodpecker.user }}" + pass: "{{ opentofu.postgresql_data.woodpecker.pass }}" woodpecker_env: WOODPECKER_OPEN: true diff --git a/services.auto.tfvars b/services.auto.tfvars index 0215915..4bdd510 100644 --- a/services.auto.tfvars +++ b/services.auto.tfvars @@ -6,6 +6,13 @@ services = { database = true s3 = false }, + "authentik" = { + name = "authentik" + subdomain = "auth" + auth = false + database = true + s3 = false + }, "forgejo" = { name = "forgejo" subdomain = "git" @@ -14,6 +21,14 @@ services = { database = true s3 = true }, + "immich" = { + name = "immich" + subdomain = "gallery" + auth = true + auth_redirects = ["https://gallery.serguzim.me/auth/login"] + database = false + s3 = false + }, "linkwarden" = { name = "linkwarden" subdomain = "bookmarks" @@ -22,6 +37,35 @@ services = { database = true s3 = true }, + "shlink" = { + name = "shlink" + subdomain = "redirect" # not really. It's msrg.cc + auth = false + database = true + s3 = false + }, + "synapse" = { + name = "synapse" + subdomain = "matrix" + auth = true + auth_redirects = ["https://matrix.serguzim.me/_synapse/client/oidc/callback"] + database = true + s3 = false + }, + "tandoor" = { + name = "tandoor" + subdomain = "recipes" + auth = false + database = true + s3 = false + }, + "telegraf" = { + name = "telegraf" + subdomain = "telegraf" # actually no subdomain + auth = false + database = true + s3 = false + }, "tinytinyrss" = { name = "tinytinyrss" subdomain = "rss" @@ -36,6 +80,13 @@ services = { database = true s3 = false }, + "uptime_kuma" = { + name = "uptime_kuma" + subdomain = "status" + auth = false + database = true + s3 = false + }, "vikunja" = { name = "vikunja" subdomain = "todo" @@ -48,6 +99,14 @@ services = { name = "wiki_js" subdomain = "wiki" auth = true + auth_redirects = ["https://wiki.serguzim.me/login/f792bc7d-1a25-4437-944e-55eaf0111102/callback"] + database = true + s3 = false + }, + "woodpecker" = { + name = "woodpecker" + subdomain = "ci" + auth = false database = true s3 = false },