Upgrade trunk

.trunk/trunk.yaml

@@ -49,7 +49,7 @@ tools:
     - gh@2.49.2
     - jq@jq-1.7.1
     - yq@4.44.1
-    - awscli@1.33.18
+    - awscli@1.33.22
     - action-validator@0.6.0
     - act@0.2.64
     - shellcheck@0.10.0

modules/vigil/vigil.toml.tpl

@@ -7,7 +7,6 @@
 log_level = "debug"
 inet = "0.0.0.0:8080"
 workers = 4
-
 manager_token = "${manager_token}"
 reporter_token = "${reporter_token}"
 

netbox.tf

@@ -0,0 +1,301 @@
+# Docker images in use
+data "docker_registry_image" "netbox" {
+  name = "docker.io/netboxcommunity/netbox:v4.0-2.9.1"
+}
+data "docker_registry_image" "netbox_postgres" {
+  name = "docker.io/postgres:16-alpine"
+}
+data "docker_registry_image" "netbox_redis" {
+  name = "docker.io/redis:7-alpine"
+}
+
+# Docker Network
+resource "docker_network" "netbox" {
+  name = "netbox"
+}
+
+# Docker Volumes
+resource "docker_volume" "netbox_config" {
+  name = "netbox_config"
+}
+resource "docker_volume" "netbox_media" {
+  name = "netbox_media"
+}
+resource "docker_volume" "netbox_reports" {
+  name = "netbox_reports"
+}
+resource "docker_volume" "netbox_scripts" {
+  name = "netbox_scripts"
+}
+resource "docker_volume" "netbox_database" {
+  name = "netbox_database"
+}
+resource "docker_volume" "netbox_redis" {
+  name = "netbox_redis"
+}
+resource "docker_volume" "netbox_cache" {
+  name = "netbox_cache"
+}
+
+# Configs
+resource "random_password" "postgres_password" {
+  length = 32
+  special = false
+}
+resource "random_password" "redis_password" {
+  length = 32
+  special = false
+}
+locals {
+  CORS_ORIGIN_ALLOW_ALL = true
+
+  DB_HOST=docker_service.netbox_postgres.name
+  DB_NAME="netbox"
+  DB_PASSWORD = nonsensitive(random_password.postgres_password.result)
+  DB_USER="netbox"
+
+  EMAIL_FROM="netbox@bar.com"
+  EMAIL_PASSWORD=""
+  EMAIL_PORT=25
+  EMAIL_SERVER="localhost"
+  EMAIL_SSL_CERTFILE=""
+  EMAIL_SSL_KEYFILE=""
+  EMAIL_TIMEOUT=5
+  EMAIL_USERNAME="netbox"
+  # EMAIL_USE_SSL and EMAIL_USE_TLS are mutually exclusive, i.e. they can't both be `true`!
+  EMAIL_USE_SSL=false
+  EMAIL_USE_TLS=false
+
+  GRAPHQL_ENABLED=true
+  HOUSEKEEPING_INTERVAL=86400
+  MEDIA_ROOT="/opt/netbox/netbox/media"
+  METRICS_ENABLED=false
+
+  REDIS_CACHE_DATABASE=1
+  REDIS_CACHE_HOST=docker_service.netbox_redis_cache.name
+  REDIS_CACHE_INSECURE_SKIP_TLS_VERIFY=false
+  REDIS_CACHE_PASSWORD=nonsensitive(random_password.redis_password.result)
+  REDIS_CACHE_SSL=false
+
+  REDIS_DATABASE=0
+  REDIS_HOST=docker_service.netbox_redis.name
+  REDIS_INSECURE_SKIP_TLS_VERIFY=false
+  REDIS_PASSWORD=nonsensitive(random_password.redis_password.result)
+  REDIS_SSL=false
+
+  RELEASE_CHECK_URL="https://api.github.com/repos/netbox-community/netbox/releases"
+  SECRET_KEY="r(m)9nLGnz$(_q3N4z1k(EFsMCjjjzx08x9VhNVcfd%6RF#r!6DE@+V5Zk2X"
+  SKIP_SUPERUSER=true
+  WEBHOOKS_ENABLED=true
+}
+
+# Services
+resource "docker_service" "netbox" {
+  name = "netbox-app"
+  task_spec {
+    container_spec {
+      image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}"
+      user = "unit:root"
+      healthcheck {
+        test = ["CMD-SHELL", "curl -f http://localhost:8080/login/ || exit 1"]
+        interval = "15s"
+        timeout = "3s"
+        start_period = "60s"
+      }
+      mounts {
+        target = "/etc/netbox/config"
+        type   = "volume"
+        source = docker_volume.netbox_config.name
+      }
+      mounts {
+        target = "/opt/netbox/netbox/media"
+        type   = "volume"
+        source = docker_volume.netbox_media.name
+      }
+      mounts {
+        target = "/opt/netbox/netbox/reports"
+        type   = "volume"
+        source = docker_volume.netbox_reports.name
+      }
+      mounts {
+        target = "/opt/netbox/netbox/scripts"
+        type   = "volume"
+        source = docker_volume.netbox_scripts.name
+      }
+    }
+    networks_advanced {
+      name = docker_network.loadbalancer.id
+    }
+    networks_advanced {
+      name = docker_network.netbox.id
+    }
+    restart_policy {
+      condition = "any"
+      delay     = "0s"
+      window    = "0s"
+    }
+  }
+}
+resource "docker_service" "netbox_worker" {
+  name = "netbox-worker"
+  task_spec {
+    container_spec {
+      image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}"
+      user = "unit:root"
+      command = ["/opt/netbox/venv/bin/python", "/opt/netbox/netbox/manage.py", "rqworker",]
+      healthcheck {
+        test = ["CMD-SHELL", "ps -aux | grep -v grep | grep -q rqworker || exit 1"]
+        interval = "15s"
+        timeout = "3s"
+        start_period = "20s"
+      }
+      mounts {
+        target = "/etc/netbox/config"
+        type   = "volume"
+        source = docker_volume.netbox_config.name
+      }
+      mounts {
+        target = "/opt/netbox/netbox/media"
+        type   = "volume"
+        source = docker_volume.netbox_media.name
+      }
+      mounts {
+        target = "/opt/netbox/netbox/reports"
+        type   = "volume"
+        source = docker_volume.netbox_reports.name
+      }
+      mounts {
+        target = "/opt/netbox/netbox/scripts"
+        type   = "volume"
+        source = docker_volume.netbox_scripts.name
+      }
+    }
+    networks_advanced {
+      name = docker_network.netbox.id
+    }
+    restart_policy {
+      condition = "any"
+      delay     = "0s"
+      window    = "0s"
+    }
+  }
+}
+resource "docker_service" "netbox_housekeeping" {
+  name = "netbox-housekeeping"
+  task_spec {
+    container_spec {
+      image = "${data.docker_registry_image.netbox.name}@${data.docker_registry_image.netbox.sha256_digest}"
+      user = "unit:root"
+      command = ["/opt/netbox/housekeeping.sh",]
+      healthcheck {
+        test = ["CMD-SHELL", "ps -aux | grep -v grep | grep -q housekeeping || exit 1"]
+        interval = "15s"
+        timeout = "3s"
+        start_period = "20s"
+      }
+      mounts {
+        target = "/etc/netbox/config"
+        type   = "volume"
+        source = docker_volume.netbox_config.name
+      }
+      mounts {
+        target = "/opt/netbox/netbox/media"
+        type   = "volume"
+        source = docker_volume.netbox_media.name
+      }
+      mounts {
+        target = "/opt/netbox/netbox/reports"
+        type   = "volume"
+        source = docker_volume.netbox_reports.name
+      }
+      mounts {
+        target = "/opt/netbox/netbox/scripts"
+        type   = "volume"
+        source = docker_volume.netbox_scripts.name
+      }
+    }
+    networks_advanced {
+      name = docker_network.netbox.id
+    }
+    restart_policy {
+      condition = "any"
+      delay     = "0s"
+      window    = "0s"
+    }
+  }
+}
+
+# Netbox Postgres Database
+resource "docker_service" "netbox_postgres" {
+  name = "netbox-postgres"
+  task_spec {
+    container_spec {
+      image = "${data.docker_registry_image.netbox_postgres.name}@${data.docker_registry_image.netbox_postgres.sha256_digest}"
+      mounts {
+        target = "/var/lib/postgresql/data"
+        type   = "volume"
+        source = docker_volume.netbox_database.name
+      }
+      env = {
+        POSTGRES_DB       = "netbox"
+        POSTGRES_USER     = "netbox"
+        POSTGRES_PASSWORD = random_password.postgres_password.result
+
+      }
+    }
+    networks_advanced {
+      name = docker_network.netbox.id
+    }
+    restart_policy {
+      condition = "any"
+      delay     = "0s"
+      window    = "0s"
+    }
+  }
+}
+
+# Netbox Redis
+resource "docker_service" "netbox_redis" {
+  name = "netbox-redis"
+  task_spec {
+    container_spec {
+      image = "${data.docker_registry_image.netbox_redis.name}@${data.docker_registry_image.netbox_redis.sha256_digest}"
+      command = ["sh", "-c", "redis-server","--appendonly","yes", "--requirepass", random_password.redis_password.result, ]
+      mounts {
+        target = "/data"
+        type   = "volume"
+        source = docker_volume.netbox_database.name
+      }
+    }
+    networks_advanced {
+      name = docker_network.netbox.id
+    }
+    restart_policy {
+      condition = "any"
+      delay     = "0s"
+      window    = "0s"
+    }
+  }
+}
+resource "docker_service" "netbox_redis_cache" {
+  name = "netbox-redis-cache"
+  task_spec {
+    container_spec {
+      image = "${data.docker_registry_image.netbox_redis.name}@${data.docker_registry_image.netbox_redis.sha256_digest}"
+      command = ["sh", "-c", "redis-server", "--requirepass", random_password.redis_password.result, ]
+      mounts {
+        target = "/data"
+        type   = "volume"
+        source = docker_volume.netbox_database.name
+      }
+    }
+    networks_advanced {
+      name = docker_network.netbox.id
+    }
+    restart_policy {
+      condition = "any"
+      delay     = "0s"
+      window    = "0s"
+    }
+  }
+}

nginx.tf

@@ -16,6 +16,7 @@ module "nginx" {
   configs = concat(
     module.minio.nginx_files,
     module.vigil_nginx_config.files,
+    module.videobucket_nginx_config.files,
   )
   networks = [
     docker_network.loadbalancer,

printers.tf

@@ -12,9 +12,13 @@ resource "docker_volume" "ender5plus" {
   provider = docker.printi
   name     = "ender5plus_config"
 }
+resource "scratch_string" "arse" {
+  in = yamlencode(docker_image.octoprint)
+}
 
 resource "docker_container" "ender5plus" {
   image    = "${docker_image.octoprint.name}:latest"
+  #image = docker_image.octoprint.image_id
   provider = docker.printi
   name     = "ender5plus"
   env = [

terraform.tf

@@ -13,5 +13,9 @@ terraform {
       source  = "matthewbaggett/ssh"
       version = "~> 0.1.0"
     }
+    scratch = {
+      source = "BrendanThompson/scratch"
+      version = "0.4.0"
+    }
   }
 }

video-bucket.tf

@@ -0,0 +1,47 @@
+data "docker_registry_image" "video_bucket" {
+  name = "ghcr.io/matthewbaggett/bucket-serve:latest"
+}
+resource "docker_service" "video_bucket" {
+  name = "video-bucket"
+  task_spec {
+    container_spec {
+      image = "${data.docker_registry_image.video_bucket.name}@${data.docker_registry_image.video_bucket.sha256_digest}"
+      configs {
+        config_id = docker_config.video_bucket_config.id
+        config_name = docker_config.video_bucket_config.name
+        file_name = "/app/.env"
+      }
+    }
+    networks_advanced {
+      name = docker_network.loadbalancer.id
+    }
+    restart_policy {
+      condition = "any"
+      delay     = "0s"
+      window    = "0s"
+    }
+  }
+}
+locals{
+    video_bucket_config = <<EOF
+S3_ENDPOINT=http://s3.california.ti
+S3_BUCKET=video
+S3_KEY=Ipi5Xh1b2UgcGiLSLLpQ
+S3_SECRET=E4xMwB44MT4tGLStJnZTwQbuDNHL1KR9M4I8taBT
+EOF
+}
+resource "docker_config" "video_bucket_config" {
+  name = "video_bucket_config_${substr(md5(local.video_bucket_config),0,7)}"
+  data = base64encode(local.video_bucket_config)
+}
+module "videobucket_nginx_config" {
+  # tflint-ignore: terraform_module_pinned_source
+  source   = "git::https://code.techinc.nl/grey/terraform-nginx.git//nginx-site-available"
+  hostname = "video.california.ti"
+  //certificate   = acme_certificate.ooo_grey["s3"]
+  service_name  = docker_service.video_bucket.name
+  upstream_host = "${docker_service.video_bucket.name}:80"
+  config_prefix = "nginx"
+  allow_non_ssl = true
+  allow_ssl     = false
+}