diff --git a/apps/nextcloud/collabora.tf b/apps/nextcloud/collabora.tf new file mode 100644 index 0000000..0d0f283 --- /dev/null +++ b/apps/nextcloud/collabora.tf @@ -0,0 +1,145 @@ +locals { + collabora-labels = merge(local.common-labels, { + "app.kubernetes.io/component" = "collabora" + }) + dns-collabora = "collabora.${local.dns-names}" + collabora-middlewares = ["${var.instance}-https"] + collabora-service = { + "name" = "${var.instance}-collabora" + "port" = { + "number" = 80 + } + } + collabora-rules = [ for v in [local.dns-collabora] : { + "host" = "${v}" + "http" = { + "paths" = [{ + "backend" = { + "service" = local.collabora-service + } + "path" = "/" + "pathType" = "Prefix" + }] + } + }] +} + +resource "kubectl_manifest" "collabora_deploy" { + count = var.apps.collabora ? 1 : 0 + yaml_body = <<-EOF + kind: Deployment + apiVersion: apps/v1 + metadata: + name: "${var.instance}-collabora" + namespace: "${var.namespace}" + labels: ${jsonencode(local.collabora-labels)} + spec: + replicas: 1 + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + selector: + matchLabels: ${jsonencode(local.collabora-labels)} + template: + metadata: + labels: ${jsonencode(local.collabora-labels)} + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: 9980 + prometheus.io/path: "/cool/getMetrics" + spec: + containers: + - name: collabora + image: "${var.images.collabora.registry}/${var.images.collabora.repository}:${var.images.collabora.tag}" + imagePullPolicy: "${var.images.collabora.pullPolicy}" + env: + - name: aliasgroup1 + value: "https://${local.dns-name}" + - name: username + value: vynil + - name: DONT_GEN_SSL_CERT + value: "true" + - name: extra_params + value: | + --o:ssl.enable=false + --o:ssl.termination=true + - name: password + valueFrom: + secretKeyRef: + name: ${var.component} + key: collabora-password + ports: + - name: http + containerPort: 9980 + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + EOF +} + +resource "kubectl_manifest" "collabora_svc" { + count = var.apps.collabora ? 1 : 0 + yaml_body = <<-EOF + apiVersion: v1 + kind: Service + metadata: + name: "${var.instance}-collabora" + namespace: "${var.namespace}" + labels: ${jsonencode(local.collabora-labels)} + spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 9980 + protocol: TCP + name: http + selector: ${jsonencode(local.collabora-labels)} + EOF +} + +resource "kubectl_manifest" "collabora_certificate" { + count = var.apps.collabora ? 1 : 0 + yaml_body = <<-EOF + apiVersion: "cert-manager.io/v1" + kind: "Certificate" + metadata: + name: "${var.instance}-collabora" + namespace: "${var.namespace}" + labels: ${jsonencode(local.collabora-labels)} + spec: + secretName: "${var.instance}-collabora-cert" + dnsNames: ${jsonencode(local.dns-collabora)} + issuerRef: + name: "${var.issuer}" + kind: "ClusterIssuer" + group: "cert-manager.io" + EOF +} + +resource "kubectl_manifest" "collabora_ing" { + count = var.apps.collabora ? 1 : 0 + yaml_body = <<-EOF + apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + name: "${var.instance}-collabora" + namespace: "${var.namespace}" + labels: ${jsonencode(local.collabora-labels)} + annotations: + "traefik.ingress.kubernetes.io/router.middlewares": "${join(",", [for m in local.collabora-middlewares : format("%s-%s@kubernetescrd", var.namespace, m)])}" + spec: + ingressClassName: "${var.ingress-class}" + rules: ${jsonencode(local.collabora-rules)} + tls: + - hosts: ${jsonencode(local.dns-collabora)} + secretName: "${var.instance}-collabora-cert" + EOF +} + diff --git a/apps/nextcloud/onlyoffice.tf b/apps/nextcloud/onlyoffice.tf new file mode 100644 index 0000000..93ee467 --- /dev/null +++ b/apps/nextcloud/onlyoffice.tf @@ -0,0 +1,142 @@ +locals { + onlyoffice-labels = merge(local.common-labels, { + "app.kubernetes.io/component" = "onlyoffice" + }) + dns-onlyoffice = "onlyoffice.${local.dns-names}" + onlyoffice-middlewares = ["${var.instance}-https"] + onlyoffice-service = { + "name" = "${var.instance}-onlyoffice" + "port" = { + "number" = 80 + } + } + onlyoffice-rules = [ for v in [local.dns-onlyoffice] : { + "host" = "${v}" + "http" = { + "paths" = [{ + "backend" = { + "service" = local.onlyoffice-service + } + "path" = "/" + "pathType" = "Prefix" + }] + } + }] +} + +resource "kubectl_manifest" "onlyoffice_deploy" { + count = var.apps.onlyoffice ? 1 : 0 + yaml_body = <<-EOF + apiVersion: apps/v1 + kind: Deployment + metadata: + name: "${var.instance}-onlyoffice" + labels: ${jsonencode(local.onlyoffice-labels)} + spec: + replicas: 1 + strategy: + type: RollingUpdate + selector: + matchLabels: ${jsonencode(local.onlyoffice-labels)} + template: + metadata: + labels: ${jsonencode(local.onlyoffice-labels)} + spec: + containers: + - name: "onlyoffice" + image: "${var.images.onlyoffice.registry}/${var.images.onlyoffice.repository}:${var.images.onlyoffice.tag}" + imagePullPolicy: "${var.images.onlyoffice.pullPolicy}" + env: + - name: JWT_ENABLED + value: "true" + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: ${var.component} + key: collabora-password + livenessProbe: + httpGet: + path: /healthcheck + port: http + scheme: HTTP + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + readinessProbe: + httpGet: + path: /healthcheck + port: http + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 2 + successThreshold: 1 + failureThreshold: 3 + ports: + - name: http + containerPort: 80 + protocol: TCP + EOF +} + +resource "kubectl_manifest" "onlyoffice_svc" { + count = var.apps.onlyoffice ? 1 : 0 + yaml_body = <<-EOF + apiVersion: v1 + kind: Service + metadata: + name: "${var.instance}-onlyoffice" + namespace: "${var.namespace}" + labels: ${jsonencode(local.onlyoffice-labels)} + spec: + type: ClusterIP + ports: + - port: 80 + targetPort: http + protocol: TCP + name: http + selector: ${jsonencode(local.onlyoffice-labels)} + EOF +} + +resource "kubectl_manifest" "onlyoffice_certificate" { + count = var.apps.onlyoffice ? 1 : 0 + yaml_body = <<-EOF + apiVersion: "cert-manager.io/v1" + kind: "Certificate" + metadata: + name: "${var.instance}-onlyoffice" + namespace: "${var.namespace}" + labels: ${jsonencode(local.onlyoffice-labels)} + spec: + secretName: "${var.instance}-onlyoffice-cert" + dnsNames: ${jsonencode(local.dns-onlyoffice)} + issuerRef: + name: "${var.issuer}" + kind: "ClusterIssuer" + group: "cert-manager.io" + EOF +} + +resource "kubectl_manifest" "onlyoffice_ing" { + count = var.apps.onlyoffice ? 1 : 0 + yaml_body = <<-EOF + apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + name: "${var.instance}-onlyoffice" + namespace: "${var.namespace}" + labels: ${jsonencode(local.onlyoffice-labels)} + annotations: + "traefik.ingress.kubernetes.io/router.middlewares": "${join(",", [for m in local.onlyoffice-middlewares : format("%s-%s@kubernetescrd", var.namespace, m)])}" + spec: + ingressClassName: "${var.ingress-class}" + rules: ${jsonencode(local.onlyoffice-rules)} + tls: + - hosts: ${jsonencode(local.dns-onlyoffice)} + secretName: "${var.instance}-onlyoffice-cert" + EOF +} +