diff --git a/docker/homControl/app/pages/Applications.py b/docker/homControl/app/pages/Applications.py index 072c1203..7c6f58c4 100644 --- a/docker/homControl/app/pages/Applications.py +++ b/docker/homControl/app/pages/Applications.py @@ -88,6 +88,7 @@ def main(): with st.expander("**Settings**"): st.text_input("Namespace", app_details.get('namespace', ''), key=f"{app_name}-namespace") # st.text_input("GPU", app_details.get('gpu', ''), key=f"{app_name}-gpu") + st.checkbox("MFA", app_details.get('mfa', True), key=f"{app_name}-mfa") st.radio("Pass GPU",gpu_types, key=f"{app_name}-gpu", index=gpu_types.index(app_details.get('gpu', 'none'))) st.text_input("Priority", app_details.get('priority', ''), key=f"{app_name}-priority") @@ -104,6 +105,7 @@ def main(): st.write("No PVCs for this app") st.session_state.apps_data[app_name]['deploy'] = st.session_state[app_name] st.session_state.apps_data[app_name]['namespace'] = st.session_state[f"{app_name}-namespace"] + st.session_state.apps_data[app_name]['mfa'] = st.session_state[f"{app_name}-mfa"] st.session_state.apps_data[app_name]['gpu'] = st.session_state[f"{app_name}-gpu"].lower() if st.session_state.apps_data[app_name]['gpu'] not in ["","none","amd","intel"]: st.error("GPU Type must be one of: none, amd, intel") diff --git a/terraform/applications.yaml b/terraform/applications.yaml index 3112de6c..219c1ad7 100644 --- a/terraform/applications.yaml +++ b/terraform/applications.yaml @@ -4,6 +4,7 @@ amd-gpu: deploy: true gpu: none + mfa: true name: amd-gpu namespace: kube-system override: @@ -15,6 +16,7 @@ amd-gpu: authelia: deploy: true gpu: none + mfa: true name: authelia namespace: authelia override: @@ -53,6 +55,7 @@ authelia: authentik: deploy: false gpu: none + mfa: true name: authentik namespace: authentik override: @@ -71,6 +74,7 @@ authentik: bazarr: deploy: true gpu: none + mfa: true name: bazarr namespace: services override: @@ -95,6 +99,7 @@ bazarr: crowdsec: deploy: false gpu: none + mfa: true name: crowdsec namespace: crowdsec override: @@ -126,6 +131,7 @@ crowdsec: dex: deploy: false gpu: none + mfa: true name: dex namespace: services override: @@ -137,6 +143,7 @@ dex: filebrowser: deploy: false gpu: none + mfa: true name: filebrowser namespace: services override: @@ -154,6 +161,7 @@ filebrowser: flood: deploy: true gpu: none + mfa: false name: flood namespace: services override: @@ -181,6 +189,7 @@ flood: goldilocks: deploy: false gpu: none + mfa: true name: goldilocks namespace: kube-system override: @@ -192,6 +201,7 @@ goldilocks: gow: deploy: false gpu: amd + mfa: true name: gow namespace: services override: @@ -210,6 +220,7 @@ gow: grafana: deploy: true gpu: none + mfa: true name: grafana namespace: monitoring override: @@ -228,6 +239,7 @@ grafana: home-assistant: deploy: false gpu: none + mfa: true name: home-assistant namespace: services override: @@ -248,6 +260,7 @@ home-assistant: homepage: deploy: true gpu: none + mfa: true name: homepage namespace: services override: @@ -265,6 +278,7 @@ intel-gpu: - .metadata.annotations - .spec.resourceManager kind: GpuDevicePlugin + mfa: true name: intel-gpu namespace: kube-system override: @@ -276,6 +290,7 @@ intel-gpu: jellyfin: deploy: true gpu: none + mfa: false name: jellyfin namespace: services override: @@ -302,6 +317,7 @@ jellyfin: jellyseerr: deploy: true gpu: none + mfa: false name: jellyseerr namespace: services override: @@ -319,6 +335,7 @@ jellyseerr: kavita: deploy: false gpu: none + mfa: true name: kavita namespace: services override: @@ -341,6 +358,7 @@ kavita: kube-prometheus-stack: deploy: true gpu: none + mfa: false name: kube-prometheus-stack namespace: monitoring override: @@ -355,6 +373,7 @@ kube-prometheus-stack: kubeview: deploy: false gpu: none + mfa: true name: kubeview namespace: services override: @@ -371,6 +390,7 @@ kubeview: kwatch: deploy: false gpu: none + mfa: true name: kwatch namespace: monitoring override: @@ -385,6 +405,7 @@ kwatch: loki: deploy: false gpu: none + mfa: true name: loki namespace: monitoring override: @@ -396,6 +417,7 @@ loki: mylar: deploy: false gpu: none + mfa: true name: mylar namespace: services override: @@ -412,6 +434,7 @@ mylar: nextcloud: deploy: false gpu: none + mfa: true name: nextcloud namespace: services override: @@ -441,6 +464,7 @@ nextcloud: node-feature-discovery: deploy: true gpu: none + mfa: true name: node-feature-discovery namespace: node-feature-discovery override: @@ -452,6 +476,7 @@ node-feature-discovery: nzbget: deploy: false gpu: none + mfa: true name: nzbget namespace: services override: @@ -470,6 +495,7 @@ nzbget: plex: deploy: true gpu: intel + mfa: false name: plex namespace: services override: @@ -496,6 +522,7 @@ plex: portainer: deploy: false gpu: none + mfa: true name: portainer namespace: kube-system override: @@ -513,6 +540,7 @@ portainer: promtail: deploy: false gpu: none + mfa: true name: promtail namespace: monitoring override: @@ -524,6 +552,7 @@ promtail: prowlarr: deploy: true gpu: none + mfa: true name: prowlarr namespace: services override: @@ -542,6 +571,7 @@ prowlarr: radarr: deploy: true gpu: none + mfa: true name: radarr namespace: services override: @@ -566,6 +596,7 @@ radarr: rancher: deploy: true gpu: none + mfa: false name: rancher namespace: cattle-system override: @@ -584,6 +615,7 @@ rancher: readarr: deploy: false gpu: none + mfa: true name: readarr namespace: services override: @@ -600,6 +632,7 @@ readarr: renovate: deploy: false gpu: none + mfa: true name: renovate namespace: services override: @@ -618,6 +651,7 @@ renovate: sabnzbd: deploy: true gpu: none + mfa: true name: sabnzbd namespace: services override: @@ -641,6 +675,7 @@ sabnzbd: samba: deploy: false gpu: none + mfa: true name: samba namespace: services override: @@ -657,6 +692,7 @@ samba: sonarr: deploy: true gpu: none + mfa: true name: sonarr namespace: services override: @@ -677,6 +713,7 @@ sonarr: tautulli: deploy: true gpu: none + mfa: false name: tautulli namespace: services override: diff --git a/terraform/gitops.tf b/terraform/gitops.tf index f1e1f6f1..9014eb61 100644 --- a/terraform/gitops.tf +++ b/terraform/gitops.tf @@ -25,6 +25,7 @@ module "argocd_application" { project = module.gitops.project server_side = try(each.value.server_side, "false") ignore_differences = try(each.value.ignore, []) + mfa = try(each.value.mfa, true) depends_on = [ module.gitops ] diff --git a/terraform/modules/argocd_application/applications/bazarr/values.yaml b/terraform/modules/argocd_application/applications/bazarr/values.yaml index 2c33c99a..37568950 100644 --- a/terraform/modules/argocd_application/applications/bazarr/values.yaml +++ b/terraform/modules/argocd_application/applications/bazarr/values.yaml @@ -19,8 +19,10 @@ bazarr: ingressClassName: traefik annotations: cert-manager.io/cluster-issuer: letsencrypt + %{~ if mfa ~} + traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} traefik.ingress.kubernetes.io/router.entrypoints: websecure-ext - traefik.ingress.kubernetes.io/router.middlewares: authentik-ak-outpost-authentik-embedded-outpost@kubernetescrd gethomepage.dev/enabled: "true" gethomepage.dev/name: "Bazarr" gethomepage.dev/description: "Bazarr is a companion application to Sonarr and Radarr that manages and downloads subtitles" diff --git a/terraform/modules/argocd_application/applications/crowdsec/values.yaml b/terraform/modules/argocd_application/applications/crowdsec/values.yaml index 05c7f49c..7a73f356 100644 --- a/terraform/modules/argocd_application/applications/crowdsec/values.yaml +++ b/terraform/modules/argocd_application/applications/crowdsec/values.yaml @@ -124,6 +124,9 @@ crowdsec: annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure-ext + %{~ if mfa ~} + traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} # labels: {} ingressClassName: "traefik" # nginx host: "crowdsec.${domain}" # metabase.example.com diff --git a/terraform/modules/argocd_application/applications/dex/values.yaml b/terraform/modules/argocd_application/applications/dex/values.yaml index 301cdbc3..28fdd93f 100644 --- a/terraform/modules/argocd_application/applications/dex/values.yaml +++ b/terraform/modules/argocd_application/applications/dex/values.yaml @@ -64,6 +64,9 @@ dex: annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure + %{~ if mfa ~} + traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} gethomepage.dev/enabled: "true" gethomepage.dev/name: "Dex" gethomepage.dev/description: "Dex OIDC Provider" diff --git a/terraform/modules/argocd_application/applications/duplicati/values.yaml b/terraform/modules/argocd_application/applications/duplicati/values.yaml index 603add03..6dfd128b 100644 --- a/terraform/modules/argocd_application/applications/duplicati/values.yaml +++ b/terraform/modules/argocd_application/applications/duplicati/values.yaml @@ -9,6 +9,9 @@ duplicati: annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure + %{~ if mfa ~} + traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} gethomepage.dev/enabled: "true" gethomepage.dev/name: "Duplicati" gethomepage.dev/description: "https://duplicati.readthedocs.io/en/latest/" diff --git a/terraform/modules/argocd_application/applications/filebrowser/values.yaml b/terraform/modules/argocd_application/applications/filebrowser/values.yaml index e839940b..9ec74b67 100644 --- a/terraform/modules/argocd_application/applications/filebrowser/values.yaml +++ b/terraform/modules/argocd_application/applications/filebrowser/values.yaml @@ -11,7 +11,9 @@ filebrowser: annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure-ext + %{~ if mfa ~} traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} gethomepage.dev/enabled: "true" gethomepage.dev/name: "File Browser" gethomepage.dev/description: "" diff --git a/terraform/modules/argocd_application/applications/flood/values.yaml b/terraform/modules/argocd_application/applications/flood/values.yaml index e835041f..d6948ccd 100644 --- a/terraform/modules/argocd_application/applications/flood/values.yaml +++ b/terraform/modules/argocd_application/applications/flood/values.yaml @@ -136,6 +136,9 @@ app-template: annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure-ext + %{~ if mfa ~} + traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} gethomepage.dev/enabled: "true" gethomepage.dev/name: "Flood" gethomepage.dev/group: "Aggregators" diff --git a/terraform/modules/argocd_application/applications/goldilocks/values.yaml b/terraform/modules/argocd_application/applications/goldilocks/values.yaml index c8f46f2d..3f868e08 100644 --- a/terraform/modules/argocd_application/applications/goldilocks/values.yaml +++ b/terraform/modules/argocd_application/applications/goldilocks/values.yaml @@ -14,6 +14,9 @@ goldilocks: annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure-ext + %{~ if mfa ~} + traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} gethomepage.dev/enabled: "true" gethomepage.dev/name: "Goldilocks" gethomepage.dev/group: "Internal" diff --git a/terraform/modules/argocd_application/applications/gow/values.yaml b/terraform/modules/argocd_application/applications/gow/values.yaml index d2a3ff3d..73c81d0e 100644 --- a/terraform/modules/argocd_application/applications/gow/values.yaml +++ b/terraform/modules/argocd_application/applications/gow/values.yaml @@ -11,7 +11,9 @@ games-on-whales: annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure-ext - # traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ if mfa ~} + traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} gethomepage.dev/enabled: "true" gethomepage.dev/name: "GOW" gethomepage.dev/description: "Streams graphic applications/games" @@ -58,7 +60,7 @@ games-on-whales: # See Custom configuration section in the Readme graphic_resources: - %{ if gpu == "amd" } + %{~ if gpu == "amd" ~} resources: # requests: # cpu: 10m @@ -67,8 +69,8 @@ games-on-whales: amd.com/gpu: 1 # cpu: 44m # memory: 513M - %{ endif } - %{ if gpu == "intel" } + %{~ endif ~} + %{~ if gpu == "intel" ~} resources: # requests: # cpu: 10m @@ -77,6 +79,6 @@ games-on-whales: gpu.intel.com/i915: "1" # cpu: 44m # memory: 513M - %{ endif } + %{~ endif ~} # Generating persistence config from applications.yaml ${indent(2,yamlencode({persistence: { for key, value in storage: key => {"enabled":true,"existingClaim":try(value.name,null),"mountPath": try(value.mountPath,null),"subpath": try(value.subpath,null)}}}))} \ No newline at end of file diff --git a/terraform/modules/argocd_application/applications/grafana/values.yaml b/terraform/modules/argocd_application/applications/grafana/values.yaml index 08346d73..7ab5ee4f 100644 --- a/terraform/modules/argocd_application/applications/grafana/values.yaml +++ b/terraform/modules/argocd_application/applications/grafana/values.yaml @@ -14,7 +14,9 @@ grafana: annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure-ext + %{~ if mfa ~} traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} gethomepage.dev/enabled: "true" gethomepage.dev/name: "Grafana" gethomepage.dev/description: "Grafana is the open source analytics & monitoring solution for every database" diff --git a/terraform/modules/argocd_application/applications/home-assistant/values.yaml b/terraform/modules/argocd_application/applications/home-assistant/values.yaml index 3938ac29..2a7f985c 100644 --- a/terraform/modules/argocd_application/applications/home-assistant/values.yaml +++ b/terraform/modules/argocd_application/applications/home-assistant/values.yaml @@ -14,7 +14,9 @@ home-assistant: annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure-ext + %{~ if mfa ~} traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} gethomepage.dev/enabled: "true" gethomepage.dev/name: "Home Assistant" gethomepage.dev/description: "" @@ -42,6 +44,9 @@ home-assistant: annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure + %{~ if mfa ~} + traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} gethomepage.dev/enabled: "true" gethomepage.dev/name: "HA Code Server" gethomepage.dev/description: "" diff --git a/terraform/modules/argocd_application/applications/homepage/values.yaml b/terraform/modules/argocd_application/applications/homepage/values.yaml index 8fcfe2d7..e824a954 100644 --- a/terraform/modules/argocd_application/applications/homepage/values.yaml +++ b/terraform/modules/argocd_application/applications/homepage/values.yaml @@ -15,7 +15,9 @@ homepage: annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure-ext + %{~ if mfa ~} traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} enabled: true hosts: diff --git a/terraform/modules/argocd_application/applications/jellyfin/values.yaml b/terraform/modules/argocd_application/applications/jellyfin/values.yaml index c7197096..168e4fd9 100644 --- a/terraform/modules/argocd_application/applications/jellyfin/values.yaml +++ b/terraform/modules/argocd_application/applications/jellyfin/values.yaml @@ -28,7 +28,7 @@ app-template: enabled: false startup: enabled: false - %{ if gpu == "amd" } + %{~ if gpu == "amd" ~} resources: # requests: # cpu: 15m @@ -37,8 +37,8 @@ app-template: amd.com/gpu: 1 # cpu: 21m # memory: 1687M - %{ endif } - %{ if gpu == "intel" } + %{~ endif ~} + %{~ if gpu == "intel" ~} resources: # requests: # cpu: 15m @@ -47,7 +47,7 @@ app-template: gpu.intel.com/i915: "1" # cpu: 21m # memory: 1687M - %{ endif } + %{~ endif ~} initContainers: update-volume-permission: image: @@ -73,6 +73,9 @@ app-template: annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure-ext + %{~ if mfa ~} + traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} gethomepage.dev/enabled: "true" gethomepage.dev/name: "Jellyfin" gethomepage.dev/group: "Media" diff --git a/terraform/modules/argocd_application/applications/jellyseerr/values.yaml b/terraform/modules/argocd_application/applications/jellyseerr/values.yaml index 3abbb250..bca20b71 100644 --- a/terraform/modules/argocd_application/applications/jellyseerr/values.yaml +++ b/terraform/modules/argocd_application/applications/jellyseerr/values.yaml @@ -15,7 +15,9 @@ jellyseerr: annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure-ext - # traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ if mfa ~} + traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} gethomepage.dev/enabled: "true" gethomepage.dev/name: "Jellyseerr" gethomepage.dev/description: "Free and open source software application for managing requests for your media library" diff --git a/terraform/modules/argocd_application/applications/kargo/values.yaml b/terraform/modules/argocd_application/applications/kargo/values.yaml index 3cbd4ace..4fed9735 100644 --- a/terraform/modules/argocd_application/applications/kargo/values.yaml +++ b/terraform/modules/argocd_application/applications/kargo/values.yaml @@ -193,6 +193,9 @@ api: annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure-ext + %{~ if mfa ~} + traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} gethomepage.dev/enabled: "true" gethomepage.dev/name: "Kargo" gethomepage.dev/description: "" diff --git a/terraform/modules/argocd_application/applications/kavita/values.yaml b/terraform/modules/argocd_application/applications/kavita/values.yaml index 17878234..9f8858ff 100644 --- a/terraform/modules/argocd_application/applications/kavita/values.yaml +++ b/terraform/modules/argocd_application/applications/kavita/values.yaml @@ -52,6 +52,9 @@ app-template: annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure-ext + %{~ if mfa ~} + traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} gethomepage.dev/enabled: "true" gethomepage.dev/name: "Kavita" gethomepage.dev/group: "Home Services" diff --git a/terraform/modules/argocd_application/applications/kube-prometheus-stack/values.yaml b/terraform/modules/argocd_application/applications/kube-prometheus-stack/values.yaml index c9a108c1..9d6eac08 100644 --- a/terraform/modules/argocd_application/applications/kube-prometheus-stack/values.yaml +++ b/terraform/modules/argocd_application/applications/kube-prometheus-stack/values.yaml @@ -165,6 +165,9 @@ kube-prometheus-stack: annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure + %{~ if mfa ~} + traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} gethomepage.dev/enabled: "true" gethomepage.dev/name: "Alertmanager" gethomepage.dev/description: "The Alertmanager handles alerts sent by client applications such as the Prometheus server" @@ -185,6 +188,9 @@ kube-prometheus-stack: annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure + %{~ if mfa ~} + traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} gethomepage.dev/enabled: "true" gethomepage.dev/name: "Prometheus" gethomepage.dev/description: "Monitoring system with a dimensional data model, flexible query language, efficient time series database and modern alerting approach" diff --git a/terraform/modules/argocd_application/applications/kubeview/values.yaml b/terraform/modules/argocd_application/applications/kubeview/values.yaml index 207e2201..2d1232b4 100644 --- a/terraform/modules/argocd_application/applications/kubeview/values.yaml +++ b/terraform/modules/argocd_application/applications/kubeview/values.yaml @@ -8,6 +8,9 @@ kubeview: annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure + %{~ if mfa ~} + traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} gethomepage.dev/enabled: "true" gethomepage.dev/name: "Kubeview" gethomepage.dev/description: "Plex combines free movies & TV with your favorite streaming services and personal media" diff --git a/terraform/modules/argocd_application/applications/mylar/values.yaml b/terraform/modules/argocd_application/applications/mylar/values.yaml index 530968cd..fdb4b0c3 100644 --- a/terraform/modules/argocd_application/applications/mylar/values.yaml +++ b/terraform/modules/argocd_application/applications/mylar/values.yaml @@ -9,6 +9,9 @@ mylar: annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure-ext + %{~ if mfa ~} + traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} gethomepage.dev/enabled: "true" gethomepage.dev/name: "Mylar" gethomepage.dev/description: "Automated Comic Book (cbr/cbz) downloader for use with NZB and torrents " diff --git a/terraform/modules/argocd_application/applications/nextcloud/values.yaml b/terraform/modules/argocd_application/applications/nextcloud/values.yaml index 3864eced..098650ca 100644 --- a/terraform/modules/argocd_application/applications/nextcloud/values.yaml +++ b/terraform/modules/argocd_application/applications/nextcloud/values.yaml @@ -8,7 +8,9 @@ nextcloud: annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure-ext + %{~ if mfa ~} traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} # traefik.ingress.kubernetes.io/router.middlewares: services-nextcloud-redirect-caldav@kubernetescrd gethomepage.dev/enabled: "true" gethomepage.dev/name: "Nextcloud" diff --git a/terraform/modules/argocd_application/applications/nzbget/values.yaml b/terraform/modules/argocd_application/applications/nzbget/values.yaml index e5191415..56608e33 100644 --- a/terraform/modules/argocd_application/applications/nzbget/values.yaml +++ b/terraform/modules/argocd_application/applications/nzbget/values.yaml @@ -13,7 +13,9 @@ nzbget: annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure-ext + %{~ if mfa ~} traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} gethomepage.dev/enabled: "true" gethomepage.dev/name: "NZBGet" gethomepage.dev/description: "NZBGet is a Usenet downloader client" diff --git a/terraform/modules/argocd_application/applications/plex/values.yaml b/terraform/modules/argocd_application/applications/plex/values.yaml index 18039dbd..6091d121 100644 --- a/terraform/modules/argocd_application/applications/plex/values.yaml +++ b/terraform/modules/argocd_application/applications/plex/values.yaml @@ -19,7 +19,9 @@ plex: annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure-ext,websecure - # traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ if mfa ~} + traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} gethomepage.dev/enabled: "true" gethomepage.dev/name: "Plex" gethomepage.dev/description: "Plex combines free movies & TV with your favorite streaming services and personal media" @@ -51,15 +53,15 @@ plex: # existingClaim: media-radarr # mountPath: /downloads/radarr # subpath: radarr - %{ if gpu == "amd" } + %{~ if gpu == "amd" ~} resources: limits: amd.com/gpu: 1 - %{ endif } - %{ if gpu == "intel" } + %{~ endif ~} + %{~ if gpu == "intel" ~} resources: limits: gpu.intel.com/i915: "1" - %{ endif } + %{~ endif ~} # Generating persistence config from applications.yaml ${indent(2,yamlencode({persistence: { for key, value in storage: key => {"enabled":true,"existingClaim":value.name,"mountPath": try(value.mountPath,null),"subpath": try(value.subpath,null)}}}))} \ No newline at end of file diff --git a/terraform/modules/argocd_application/applications/portainer/values.yaml b/terraform/modules/argocd_application/applications/portainer/values.yaml index a365aac3..c20d074a 100644 --- a/terraform/modules/argocd_application/applications/portainer/values.yaml +++ b/terraform/modules/argocd_application/applications/portainer/values.yaml @@ -10,7 +10,9 @@ portainer: annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure + %{~ if mfa ~} traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} gethomepage.dev/enabled: "true" gethomepage.dev/name: "Portainer" gethomepage.dev/description: "" diff --git a/terraform/modules/argocd_application/applications/prowlarr/values.yaml b/terraform/modules/argocd_application/applications/prowlarr/values.yaml index e1a4c1c5..732715e5 100644 --- a/terraform/modules/argocd_application/applications/prowlarr/values.yaml +++ b/terraform/modules/argocd_application/applications/prowlarr/values.yaml @@ -9,7 +9,9 @@ prowlarr: annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure-ext + %{~ if mfa ~} traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} gethomepage.dev/enabled: "true" gethomepage.dev/name: "Prowlarr" gethomepage.dev/description: "Prowlarr is an indexer manager/proxy for use with NZB and torrents" diff --git a/terraform/modules/argocd_application/applications/radarr/values.yaml b/terraform/modules/argocd_application/applications/radarr/values.yaml index a31f17a3..702bb311 100644 --- a/terraform/modules/argocd_application/applications/radarr/values.yaml +++ b/terraform/modules/argocd_application/applications/radarr/values.yaml @@ -15,7 +15,9 @@ radarr: annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure-ext + %{~ if mfa ~} traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} gethomepage.dev/enabled: "true" gethomepage.dev/name: "Radarr" gethomepage.dev/description: "Radarr is a movie collection manager for Usenet and BitTorrent users." diff --git a/terraform/modules/argocd_application/applications/rancher/values.yaml b/terraform/modules/argocd_application/applications/rancher/values.yaml index f3081e4e..2e9ebcf3 100644 --- a/terraform/modules/argocd_application/applications/rancher/values.yaml +++ b/terraform/modules/argocd_application/applications/rancher/values.yaml @@ -14,6 +14,9 @@ rancher: includeDefaultExtraAnnotations: true extraAnnotations: traefik.ingress.kubernetes.io/router.entrypoints: websecure + %{~ if mfa ~} + traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} gethomepage.dev/enabled: "true" gethomepage.dev/name: "Rancher" gethomepage.dev/description: "" diff --git a/terraform/modules/argocd_application/applications/readarr/values.yaml b/terraform/modules/argocd_application/applications/readarr/values.yaml index 8060c689..21aa9f53 100644 --- a/terraform/modules/argocd_application/applications/readarr/values.yaml +++ b/terraform/modules/argocd_application/applications/readarr/values.yaml @@ -9,7 +9,9 @@ readarr: annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure-ext + %{~ if mfa ~} traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} gethomepage.dev/enabled: "true" gethomepage.dev/name: "Readarr" gethomepage.dev/description: "Ebook and audiobook collection manager for Usenet and BitTorrent users" diff --git a/terraform/modules/argocd_application/applications/sabnzbd/values.yaml b/terraform/modules/argocd_application/applications/sabnzbd/values.yaml index 60506050..e744d0ea 100644 --- a/terraform/modules/argocd_application/applications/sabnzbd/values.yaml +++ b/terraform/modules/argocd_application/applications/sabnzbd/values.yaml @@ -21,7 +21,9 @@ sabnzbd: annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure-ext + %{~ if mfa ~} traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} gethomepage.dev/enabled: "true" gethomepage.dev/name: "SABnzbd" gethomepage.dev/description: "Free and easy binary newsreader" diff --git a/terraform/modules/argocd_application/applications/samba/values.yaml b/terraform/modules/argocd_application/applications/samba/values.yaml index 29e924a2..bab5f397 100644 --- a/terraform/modules/argocd_application/applications/samba/values.yaml +++ b/terraform/modules/argocd_application/applications/samba/values.yaml @@ -18,7 +18,9 @@ samba: annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure-ext + %{~ if mfa ~} traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} enabled: true hosts: - host: "samba.${domain}" diff --git a/terraform/modules/argocd_application/applications/sonarr/values.yaml b/terraform/modules/argocd_application/applications/sonarr/values.yaml index c5bae30b..a6e7b75d 100644 --- a/terraform/modules/argocd_application/applications/sonarr/values.yaml +++ b/terraform/modules/argocd_application/applications/sonarr/values.yaml @@ -16,7 +16,9 @@ sonarr: annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure-ext + %{~ if mfa ~} traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} gethomepage.dev/enabled: "true" gethomepage.dev/name: "Sonarr" gethomepage.dev/description: "Sonarr is an internet PVR for Usenet and Torrents." diff --git a/terraform/modules/argocd_application/applications/tautulli/values.yaml b/terraform/modules/argocd_application/applications/tautulli/values.yaml index ec82e77a..7806182b 100644 --- a/terraform/modules/argocd_application/applications/tautulli/values.yaml +++ b/terraform/modules/argocd_application/applications/tautulli/values.yaml @@ -17,6 +17,9 @@ tautulli: annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure-ext + %{~ if mfa ~} + traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} gethomepage.dev/enabled: "true" gethomepage.dev/name: "Tautulli" gethomepage.dev/description: "A Python based monitoring and tracking tool for Plex" diff --git a/terraform/modules/argocd_application/applications/whisparr/values.yaml b/terraform/modules/argocd_application/applications/whisparr/values.yaml index dd6d1893..f470f2fc 100644 --- a/terraform/modules/argocd_application/applications/whisparr/values.yaml +++ b/terraform/modules/argocd_application/applications/whisparr/values.yaml @@ -9,7 +9,9 @@ radarr: annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure-ext + %{~ if mfa ~} traefik.ingress.kubernetes.io/router.middlewares: authelia-forwardauth-authelia@kubernetescrd + %{~ endif ~} gethomepage.dev/enabled: "true" gethomepage.dev/name: "Whisparr" gethomepage.dev/description: "Adult movie collection manager for Usenet and BitTorrent users." diff --git a/terraform/modules/argocd_application/main.tf b/terraform/modules/argocd_application/main.tf index a3c363b6..8a9ec54a 100644 --- a/terraform/modules/argocd_application/main.tf +++ b/terraform/modules/argocd_application/main.tf @@ -20,7 +20,15 @@ resource "argocd_application" "application" { helm { value_files = local.values_files - values = templatefile("${path.module}/applications/${var.name}/values.yaml",merge(var.override_values,{"namespace":var.namespace,"priority":var.priority,"storage":var.storage_definitions,"gpu":var.gpu})) + values = templatefile("${path.module}/applications/${var.name}/values.yaml",merge( + var.override_values, + { + "namespace":var.namespace, + "priority":var.priority, + "storage":var.storage_definitions, + "gpu":var.gpu, + "mfa":var.mfa + })) } } diff --git a/terraform/modules/argocd_application/variables.tf b/terraform/modules/argocd_application/variables.tf index cc87df61..da17c8ba 100644 --- a/terraform/modules/argocd_application/variables.tf +++ b/terraform/modules/argocd_application/variables.tf @@ -59,6 +59,11 @@ variable "priority" { } +variable "mfa" { + type = bool + description = "If true, the service should be protected by MFA" + +} variable "gpu" { type = string description = "Determines which GPU your application will use"