Add rest of database services to terraform

roles/authentik/vars/main.yml

@@ -6,9 +6,9 @@ authentik_svc:
   image_tag: 2024.8
   db:
     host: "{{ postgres.host }}"
-    database: authentik
+    user: "{{ opentofu.postgresql_data.authentik.user }}"
-    user: "{{ vault_authentik.db.user }}"
+    pass: "{{ opentofu.postgresql_data.authentik.pass }}"
-    pass: "{{ vault_authentik.db.pass }}"
+    database: "{{ opentofu.postgresql_data.authentik.database }}"
 
 authentik_env:
   AUTHENTIK_SECRET_KEY: "{{ vault_authentik.secret_key }}"

roles/shlink/vars/main.yml

@@ -20,9 +20,9 @@ shlink_env:
   DB_DRIVER: postgres
   DB_HOST: "{{ postgres.host }}"
   DB_PORT: "{{ postgres.port }}"
-  DB_NAME: shlink
+  DB_NAME: "{{ opentofu.postgresql_data.shlink.database }}"
-  DB_USER: "{{ vault_shlink.db.user }}"
+  DB_USER: "{{ opentofu.postgresql_data.shlink.user }}"
-  DB_PASSWORD: "{{ vault_shlink.db.pass }}"
+  DB_PASSWORD: "{{ opentofu.postgresql_data.shlink.pass }}"
 
   GEOLITE_LICENSE_KEY: "{{ vault_shlink.geolite_key }}"
 

roles/synapse/vars/main.yml

@@ -19,9 +19,9 @@ synapse_svc:
       port: 8008
   db:
     host: "{{ postgres.host }}"
-    database: synapse
+    user: "{{ opentofu.postgresql_data.synapse.user }}"
-    user: "{{ vault_synapse.db.user }}"
+    pass: "{{ opentofu.postgresql_data.synapse.pass }}"
-    pass: "{{ vault_synapse.db.pass }}"
+    database: "{{ opentofu.postgresql_data.synapse.database }}"
   config_path: config
 
 synapse_env:
@@ -80,9 +80,9 @@ synapse_yml:
   oidc_providers:
     - idp_id: auth_serguzim_me
       idp_name: auth.serguzim.me
-      issuer: https://auth.serguzim.me/application/o/matrix_serguzim_me/
+      issuer: "{{ opentofu.authentik_data.synapse.base_url }}"
-      client_id: "{{ vault_synapse.oidc_client.id }}"
+      client_id: "{{ opentofu.authentik_data.synapse.client_id }}"
-      client_secret: "{{ vault_synapse.oidc_client.secret }}"
+      client_secret: "{{ opentofu.authentik_data.synapse.client_secret }}"
       scopes:
         - openid
         - profile

roles/tandoor/vars/main.yml

@@ -6,9 +6,9 @@ tandoor_svc:
   db:
     host: "{{ postgres.host }}"
     port: "{{ postgres.port }}"
-    database: tandoor
+    user: "{{ opentofu.postgresql_data.tandoor.user }}"
-    user: "{{ vault_tandoor.db.user }}"
+    pass: "{{ opentofu.postgresql_data.tandoor.pass }}"
-    pass: "{{ vault_tandoor.db.pass }}"
+    database: "{{ opentofu.postgresql_data.tandoor.database }}"
 
 tandoor_env:
   DEBUG: 0

roles/telegraf/vars/main.yml

@@ -19,11 +19,11 @@ telegraf_svc:
       - https://git.serguzim.me/metrics
     bearer_token: "{{ vault_metrics_token }}"
   postgresql:
-    user: "{{ vault_telegraf.db.user }}"
-    pass: "{{ vault_telegraf.db.pass }}"
     host: "{{ postgres.host }}"
     port: "{{ postgres.port }}"
-    database: telegraf
+    user: "{{ opentofu.postgresql_data.telegraf.user }}"
+    pass: "{{ opentofu.postgresql_data.telegraf.pass }}"
+    database: "{{ opentofu.postgresql_data.telegraf.database }}"
   docker_log:
     endpoint: unix:///var/run/docker.sock
     source_tag: false

roles/woodpecker/vars/main.yml

@@ -10,9 +10,9 @@ woodpecker_svc:
   db:
     host: "{{ postgres.host }}"
     port: "{{ postgres.port }}"
-    database: woodpecker
+    database: "{{ opentofu.postgresql_data.woodpecker.database }}"
-    user: "{{ vault_woodpecker.db.user }}"
+    user: "{{ opentofu.postgresql_data.woodpecker.user }}"
-    pass: "{{ vault_woodpecker.db.pass }}"
+    pass: "{{ opentofu.postgresql_data.woodpecker.pass }}"
 
 woodpecker_env:
   WOODPECKER_OPEN: true

services.auto.tfvars

@@ -6,6 +6,13 @@ services = {
     database = true
     s3 = false
   },
+  "authentik" = {
+    name = "authentik"
+    subdomain = "auth"
+    auth = false
+    database = true
+    s3 = false
+  },
   "forgejo" = {
     name = "forgejo"
     subdomain = "git"
@@ -14,6 +21,14 @@ services = {
     database = true
     s3 = true
   },
+  "immich" = {
+    name = "immich"
+    subdomain = "gallery"
+    auth = true
+    auth_redirects = ["https://gallery.serguzim.me/auth/login"]
+    database = false
+    s3 = false
+  },
   "linkwarden" = {
     name = "linkwarden"
     subdomain = "bookmarks"
@@ -22,6 +37,35 @@ services = {
     database = true
     s3 = true
   },
+  "shlink" = {
+    name = "shlink"
+    subdomain = "redirect" # not really. It's msrg.cc
+    auth = false
+    database = true
+    s3 = false
+  },
+  "synapse" = {
+    name = "synapse"
+    subdomain = "matrix"
+    auth = true
+    auth_redirects = ["https://matrix.serguzim.me/_synapse/client/oidc/callback"]
+    database = true
+    s3 = false
+  },
+  "tandoor" = {
+    name = "tandoor"
+    subdomain = "recipes"
+    auth = false
+    database = true
+    s3 = false
+  },
+  "telegraf" = {
+    name = "telegraf"
+    subdomain = "telegraf" # actually no subdomain
+    auth = false
+    database = true
+    s3 = false
+  },
   "tinytinyrss" = {
     name = "tinytinyrss"
     subdomain = "rss"
@@ -36,6 +80,13 @@ services = {
     database = true
     s3 = false
   },
+  "uptime_kuma" = {
+    name = "uptime_kuma"
+    subdomain = "status"
+    auth = false
+    database = true
+    s3 = false
+  },
   "vikunja" = {
     name = "vikunja"
     subdomain = "todo"
@@ -48,6 +99,14 @@ services = {
     name = "wiki_js"
     subdomain = "wiki"
     auth = true
+    auth_redirects = ["https://wiki.serguzim.me/login/f792bc7d-1a25-4437-944e-55eaf0111102/callback"]
+    database = true
+    s3 = false
+  },
+  "woodpecker" = {
+    name = "woodpecker"
+    subdomain = "ci"
+    auth = false
     database = true
     s3 = false
   },