From e06a21286a7a0d0b8f2243b74fbf2e13d3040020 Mon Sep 17 00:00:00 2001
From: Nemo <me@captnemo.in>
Date: Tue, 30 Jan 2018 01:39:36 +0530
Subject: [PATCH] Adds tt-rss and radarr

---
 docker/conf/traefik.toml |  3 +++
 docker/traefik.tf        | 10 ++++++++
 main.tf                  |  6 +++++
 media/radarr.tf          | 55 ++++++++++++++++++++++++++++++++++++++++
 media/sonarr.tf          |  2 ++
 mysql/main.tf            |  4 ---
 tt-rss/db.tf             | 16 ++++++++++++
 tt-rss/main.tf           | 40 +++++++++++++++++++++++++++++
 tt-rss/variables.tf      |  5 ++++
 variables.tf             |  2 ++
 10 files changed, 139 insertions(+), 4 deletions(-)
 create mode 100644 media/radarr.tf
 create mode 100644 tt-rss/db.tf
 create mode 100644 tt-rss/main.tf
 create mode 100644 tt-rss/variables.tf

diff --git a/docker/conf/traefik.toml b/docker/conf/traefik.toml
index d9f6805..a016f92 100644
--- a/docker/conf/traefik.toml
+++ b/docker/conf/traefik.toml
@@ -11,6 +11,9 @@ defaultEntryPoints = ["http", "https"]
   [[entryPoints.https.tls.certificates]]
     certFile = "/etc/traefik/git.captnemo.in.crt"
     keyFile  = "/etc/traefik/git.captnemo.in.key"
+  [[entryPoints.https.tls.certificates]]
+    certFile = "/etc/traefik/rss.captnemo.in.crt"
+    keyFile  = "/etc/traefik/rss.captnemo.in.key"
 
 [docker]
   # Make sure you mount this as readonly
diff --git a/docker/traefik.tf b/docker/traefik.tf
index 678ad37..2867786 100644
--- a/docker/traefik.tf
+++ b/docker/traefik.tf
@@ -57,6 +57,16 @@ resource "docker_container" "traefik" {
     file    = "/etc/traefik/git.captnemo.in.key"
   }
 
+  upload {
+    content = "${file("/home/nemo/projects/personal/certs/rss.captnemo.in/fullchain.pem")}"
+    file    = "/etc/traefik/rss.captnemo.in.crt"
+  }
+
+  upload {
+    content = "${file("/home/nemo/projects/personal/certs/rss.captnemo.in/privkey.pem")}"
+    file    = "/etc/traefik/rss.captnemo.in.key"
+  }
+
   volumes {
     host_path      = "/var/run/docker.sock"
     container_path = "/var/run/docker.sock"
diff --git a/main.tf b/main.tf
index 60a41bd..318b7a7 100644
--- a/main.tf
+++ b/main.tf
@@ -32,6 +32,12 @@ module "radicale" {
   domain = "radicale.bb8.fun"
 }
 
+module "tt-rss" {
+  source = "tt-rss"
+  domain = "rss.captnemo.in"
+  mysql_password = "${var.mysql-ttrss-password}"
+}
+
 module "media" {
   source = "media"
   domain = "bb8.fun"
diff --git a/media/radarr.tf b/media/radarr.tf
new file mode 100644
index 0000000..b198e4d
--- /dev/null
+++ b/media/radarr.tf
@@ -0,0 +1,55 @@
+data "docker_registry_image" "radarr" {
+  name = "linuxserver/radarr:latest"
+}
+
+resource "docker_image" "radarr" {
+  name          = "${data.docker_registry_image.radarr.name}"
+  pull_triggers = ["${data.docker_registry_image.radarr.sha256_digest}"]
+}
+
+resource docker_container "radarr" {
+  name  = "radarr"
+  image = "${docker_image.radarr.latest}"
+
+  labels {
+    "traefik.port"                                  = 7878
+    "traefik.enable"                                = "true"
+    "traefik.frontend.headers.SSLTemporaryRedirect" = "true"
+    "traefik.frontend.headers.STSSeconds"           = "2592000"
+    "traefik.frontend.headers.STSIncludeSubdomains" = "false"
+    "traefik.frontend.headers.contentTypeNosniff"   = "true"
+    "traefik.frontend.headers.browserXSSFilter"     = "true"
+    "traefik.frontend.passHostHeader"               = "true"
+
+    # TODO: wildcard certs needed!
+    "traefik.frontend.rule" = "Host:git.${var.domain}"
+  }
+
+  memory                = 512
+  restart               = "unless-stopped"
+  destroy_grace_seconds = 10
+  must_run              = true
+
+  volumes {
+    host_path      = "/mnt/xwing/config/radarr"
+    container_path = "/config"
+  }
+
+  volumes {
+    host_path      = "/mnt/xwing/media/DL"
+    container_path = "/downloads"
+  }
+
+  volumes {
+    host_path      = "/mnt/xwing/media/Movies"
+    container_path = "/movies"
+  }
+
+  env = [
+    "PUID=1004",
+    "PGID=1003",
+    "TZ=Asia/Kolkata",
+  ]
+
+  links = ["emby", "transmission"]
+}
diff --git a/media/sonarr.tf b/media/sonarr.tf
index fdda9e5..6c9a451 100644
--- a/media/sonarr.tf
+++ b/media/sonarr.tf
@@ -48,4 +48,6 @@ resource docker_container "sonarr" {
     "PGID=1003",
     "TZ=Asia/Kolkata",
   ]
+
+  links = ["emby", "transmission"]
 }
diff --git a/mysql/main.tf b/mysql/main.tf
index d94e904..d3e0200 100644
--- a/mysql/main.tf
+++ b/mysql/main.tf
@@ -1,6 +1,3 @@
-# # This is pending on https://github.com/hashicorp/go-version/pull/34
-
-# Create a Database
 resource "mysql_database" "lychee" {
   name = "lychee"
 }
@@ -18,7 +15,6 @@ resource "mysql_grant" "lychee" {
   privileges = ["ALL"]
 }
 
-# Create a Database
 resource "mysql_database" "airsonic" {
   name = "airsonic"
 }
diff --git a/tt-rss/db.tf b/tt-rss/db.tf
new file mode 100644
index 0000000..d790d1e
--- /dev/null
+++ b/tt-rss/db.tf
@@ -0,0 +1,16 @@
+resource "mysql_database" "ttrss" {
+  name = "ttrss"
+}
+
+resource "mysql_user" "ttrss" {
+  user               = "ttrss"
+  host               = "%"
+  plaintext_password = "${var.mysql_password}"
+}
+
+resource "mysql_grant" "ttrss" {
+  user       = "${mysql_user.ttrss.user}"
+  host       = "${mysql_user.ttrss.host}"
+  database   = "${mysql_database.ttrss.name}"
+  privileges = ["ALL"]
+}
diff --git a/tt-rss/main.tf b/tt-rss/main.tf
new file mode 100644
index 0000000..572ad6c
--- /dev/null
+++ b/tt-rss/main.tf
@@ -0,0 +1,40 @@
+data "docker_registry_image" "tt-rss" {
+  name = "linuxserver/tt-rss:latest"
+}
+
+resource "docker_image" "tt-rss" {
+  name          = "${data.docker_registry_image.tt-rss.name}"
+  pull_triggers = ["${data.docker_registry_image.tt-rss.sha256_digest}"]
+}
+
+resource docker_container "tt-rss" {
+  name  = "tt-rss"
+  image = "${docker_image.tt-rss.latest}"
+
+  labels {
+    "traefik.port"                                  = 80
+    "traefik.enable"                                = "true"
+    "traefik.frontend.headers.SSLTemporaryRedirect" = "true"
+    "traefik.frontend.headers.STSSeconds"           = "2592000"
+    "traefik.frontend.headers.STSIncludeSubdomains" = "false"
+    "traefik.frontend.headers.contentTypeNosniff"   = "true"
+    "traefik.frontend.headers.browserXSSFilter"     = "true"
+    "traefik.frontend.passHostHeader"               = "true"
+    "traefik.frontend.rule"                         = "Host:${var.domain}"
+  }
+
+  volumes {
+    host_path      = "/mnt/xwing/config/tt-rss"
+    container_path = "/config"
+  }
+
+  links = ["mariadb"]
+
+  env = [
+    "TZ=Asia/Kolkata",
+  ]
+
+  restart               = "unless-stopped"
+  destroy_grace_seconds = 10
+  must_run              = true
+}
diff --git a/tt-rss/variables.tf b/tt-rss/variables.tf
new file mode 100644
index 0000000..882c3d4
--- /dev/null
+++ b/tt-rss/variables.tf
@@ -0,0 +1,5 @@
+variable "domain" {
+  type = "string"
+}
+
+variable "mysql_password" {}
diff --git a/variables.tf b/variables.tf
index 8a91d9d..7def103 100644
--- a/variables.tf
+++ b/variables.tf
@@ -21,6 +21,8 @@ variable "mysql_airsonic_password" {}
 
 variable "mysql_kodi_password" {}
 
+variable "mysql-ttrss-password" {}
+
 variable "wiki_session_secret" {
   type = "string"
 }