Compare commits
2 commits
dc7a80889f
...
7a4f608d2e
| Author | SHA1 | Date | |
|---|---|---|---|
|
7a4f608d2e |
|||
|
1ce70d911f |
8 changed files with 213 additions and 6 deletions
48
docker/ganymede/docker-compose.yml
Normal file
48
docker/ganymede/docker-compose.yml
Normal file
|
|
@ -0,0 +1,48 @@
|
|||
---
|
||||
services:
|
||||
ganymede:
|
||||
container_name: ganymede
|
||||
image: ghcr.io/zibbp/ganymede:4.11.3
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
DEBUG: ${GANYMEDE_DEBUG:-false}
|
||||
TZ: ${GANYMEDE_TZ:-Europe/Madrid}
|
||||
VIDEOS_DIR: ${GANYMEDE_VIDEOS_DIR:-/data/videos}
|
||||
TEMP_DIR: ${GANYMEDE_TEMP_DIR:-/data/temp}
|
||||
LOGS_DIR: ${GANYMEDE_LOGS_DIR:-/data/logs}
|
||||
CONFIG_DIR: ${GANYMEDE_CONFIG_DIR:-/data/config}
|
||||
DB_HOST: ${GANYMEDE_DB_HOST:-192.168.1.3}
|
||||
DB_PORT: ${GANYMEDE_DB_PORT:-5432}
|
||||
DB_USER: ${GANYMEDE_DB_USER:-ganymede}
|
||||
DB_PASS: ${GANYMEDE_DB_PASS}
|
||||
DB_NAME: ${GANYMEDE_DB_NAME:-ganymede}
|
||||
DB_SSL: ${GANYMEDE_DB_SSL:-disable}
|
||||
TWITCH_CLIENT_ID: ${GANYMEDE_TWITCH_CLIENT_ID}
|
||||
TWITCH_CLIENT_SECRET: ${GANYMEDE_TWITCH_CLIENT_SECRET}
|
||||
MAX_CHAT_DOWNLOAD_EXECUTIONS: ${GANYMEDE_MAX_CHAT_DOWNLOAD_EXECUTIONS:-3}
|
||||
MAX_CHAT_RENDER_EXECUTIONS: ${GANYMEDE_MAX_CHAT_RENDER_EXECUTIONS:-2}
|
||||
MAX_VIDEO_DOWNLOAD_EXECUTIONS: ${GANYMEDE_MAX_VIDEO_DOWNLOAD_EXECUTIONS:-2}
|
||||
MAX_VIDEO_CONVERT_EXECUTIONS: ${GANYMEDE_MAX_VIDEO_CONVERT_EXECUTIONS:-3}
|
||||
MAX_VIDEO_SPRITE_THUMBNAIL_EXECUTIONS: ${GANYMEDE_MAX_VIDEO_SPRITE_THUMBNAIL_EXECUTIONS:-2}
|
||||
OAUTH_ENABLED: ${GANYMEDE_OAUTH_ENABLED:-true}
|
||||
OAUTH_PROVIDER_URL: ${GANYMEDE_OAUTH_PROVIDER_URL:-https://auth.fukurokuju.dev/application/o/ganymede/}
|
||||
OAUTH_CLIENT_ID: ${GANYMEDE_OAUTH_CLIENT_ID}
|
||||
OAUTH_CLIENT_SECRET: ${GANYMEDE_OAUTH_CLIENT_SECRET}
|
||||
OAUTH_REDIRECT_URL: ${GANYMEDE_OAUTH_REDIRECT_URL:-https://vods.roboces.dev/api/v1/auth/oauth/callback}
|
||||
SHOW_SSO_LOGIN_BUTTON: ${GANYMEDE_SHOW_SSO_LOGIN_BUTTON:-true}
|
||||
FORCE_SSO_AUTH: ${GANYMEDE_FORCE_SSO_AUTH:-true}
|
||||
REQUIRE_LOGIN: ${GANYMEDE_REQUIRE_LOGIN:-true}
|
||||
volumes:
|
||||
- ${GANYMEDE_VIDEOS:-/mnt/vods/ganymede/videos}:/data/videos
|
||||
- ${GANYMEDE_TEMP:-/mnt/vods/ganymede/temp}:/data/temp
|
||||
- ${GANYMEDE_CACHE:-/mnt/vods/ganymede/cache}:/data/.cache
|
||||
- ${GANYMEDE_LOGS:-/mnt/vods/ganymede/logs}:/data/logs
|
||||
- ${GANYMEDE_CONFIG:-/mnt/vods/ganymede/config}:/data/config
|
||||
ports:
|
||||
- "4800:4000"
|
||||
healthcheck:
|
||||
test: curl --fail http://localhost:4000/health || exit 1
|
||||
interval: 60s
|
||||
retries: 5
|
||||
start_period: 60s
|
||||
timeout: 10s
|
||||
27
docker/ganymede/sample.env
Normal file
27
docker/ganymede/sample.env
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
GANYMEDE_DEBUG=false
|
||||
GANYMEDE_TZ=Europe/Madrid
|
||||
GANYMEDE_VIDEOS_DIR=/data/videos
|
||||
GANYMEDE_TEMP_DIR=/data/temp
|
||||
GANYMEDE_LOGS_DIR=/data/logs
|
||||
GANYMEDE_CONFIG_DIR=/data/config
|
||||
GANYMEDE_DB_HOST=192.168.1.3
|
||||
GANYMEDE_DB_PORT=5432
|
||||
GANYMEDE_DB_USER=ganymede
|
||||
GANYMEDE_DB_PASS=
|
||||
GANYMEDE_DB_NAME=ganymede
|
||||
GANYMEDE_DB_SSL=disable
|
||||
GANYMEDE_TWITCH_CLIENT_ID=
|
||||
GANYMEDE_TWITCH_CLIENT_SECRET=
|
||||
GANYMEDE_MAX_CHAT_DOWNLOAD_EXECUTIONS=3
|
||||
GANYMEDE_MAX_CHAT_RENDER_EXECUTIONS=2
|
||||
GANYMEDE_MAX_VIDEO_DOWNLOAD_EXECUTIONS=2
|
||||
GANYMEDE_MAX_VIDEO_CONVERT_EXECUTIONS=3
|
||||
GANYMEDE_MAX_VIDEO_SPRITE_THUMBNAIL_EXECUTIONS=2
|
||||
GANYMEDE_OAUTH_ENABLED=true
|
||||
GANYMEDE_OAUTH_PROVIDER_URL=https://auth.fukurokuju.dev/application/o/ganymede/
|
||||
GANYMEDE_OAUTH_CLIENT_ID=
|
||||
GANYMEDE_OAUTH_CLIENT_SECRET=
|
||||
GANYMEDE_OAUTH_REDIRECT_URL=https://vods.roboces.dev/api/v1/auth/oauth/callback
|
||||
GANYMEDE_SHOW_SSO_LOGIN_BUTTON=true
|
||||
GANYMEDE_FORCE_SSO_AUTH=false
|
||||
GANYMEDE_REQUIRE_LOGIN=false
|
||||
|
|
@ -13,7 +13,7 @@ spec:
|
|||
source:
|
||||
chart: kured
|
||||
repoURL: https://kubereboot.github.io/charts
|
||||
targetRevision: 5.11.*
|
||||
targetRevision: 5.10.*
|
||||
helm:
|
||||
valuesObject:
|
||||
configuration.rebootDays:
|
||||
|
|
|
|||
|
|
@ -22,6 +22,11 @@ resource "authentik_group" "ci" {
|
|||
users = [data.authentik_user.catalin.id]
|
||||
}
|
||||
|
||||
resource "authentik_group" "vods" {
|
||||
name = "vods"
|
||||
users = [data.authentik_user.catalin.id]
|
||||
}
|
||||
|
||||
resource "authentik_group" "admins" {
|
||||
name = "authentik Admins"
|
||||
is_superuser = true
|
||||
|
|
@ -47,6 +52,7 @@ resource "authentik_group" "mediamanager" {
|
|||
is_superuser = false
|
||||
}
|
||||
|
||||
|
||||
module "gitea" {
|
||||
source = "../modules/authentik-oidc"
|
||||
app_name = "Gitea"
|
||||
|
|
@ -128,7 +134,7 @@ module "sonarr" {
|
|||
app_slug = "sonarr"
|
||||
app_access_group_id = authentik_group.arrs.id
|
||||
app_url = "https://sonarr.fukurokuju.dev"
|
||||
internal_host = "http://192.168.1.3:38013/"
|
||||
internal_host = "http://192.168.1.3:30113/"
|
||||
internal_host_ssl_validation = false
|
||||
app_icon = "https://sonarr.tv/img/logo.png"
|
||||
}
|
||||
|
|
@ -139,7 +145,7 @@ module "radarr" {
|
|||
app_slug = "radarr"
|
||||
app_access_group_id = authentik_group.arrs.id
|
||||
app_url = "https://radarr.fukurokuju.dev"
|
||||
internal_host = "http://192.168.1.3:38012/"
|
||||
internal_host = "http://192.168.1.3:30025/"
|
||||
internal_host_ssl_validation = false
|
||||
app_icon = "https://radarr.video/img/background/logo.png"
|
||||
}
|
||||
|
|
@ -150,7 +156,7 @@ module "lidarr" {
|
|||
app_slug = "lidarr"
|
||||
app_access_group_id = authentik_group.arrs.id
|
||||
app_url = "https://lidarr.fukurokuju.dev"
|
||||
internal_host = "http://192.168.1.3:38010/"
|
||||
internal_host = "http://192.168.1.3:30071/"
|
||||
internal_host_ssl_validation = false
|
||||
app_icon = "https://lidarr.audio/img/background/logo.png"
|
||||
}
|
||||
|
|
@ -171,7 +177,7 @@ module "prowlarr" {
|
|||
app_slug = "prowlarr"
|
||||
app_access_group_id = authentik_group.admins.id
|
||||
app_url = "https://prowlarr.fukurokuju.dev"
|
||||
internal_host = "http://192.168.1.3:38014"
|
||||
internal_host = "http://192.168.1.3:30050"
|
||||
internal_host_ssl_validation = false
|
||||
}
|
||||
|
||||
|
|
@ -199,11 +205,11 @@ module "sftpgo" {
|
|||
sub_mode = "user_username"
|
||||
}
|
||||
|
||||
|
||||
module "rustical" {
|
||||
source = "../modules/authentik-oidc"
|
||||
app_name = "rustical"
|
||||
app_slug = "rustical"
|
||||
app_url = "https://cal.roboces.dev"
|
||||
client_id = var.rustical_client_id
|
||||
client_secret = var.rustical_client_secret
|
||||
redirect_uris = [{ matching_mode = "strict", url = "https://cal.roboces.dev/frontend/login/oidc/callback" }]
|
||||
|
|
@ -216,6 +222,8 @@ module "jellyfin" {
|
|||
app_slug = "jellyfin"
|
||||
base_dn = "DC=ldap,DC=fukurokuju,DC=dev"
|
||||
name = "jellyfin"
|
||||
app_url = "https://jelly.roboces.dev"
|
||||
app_icon = "https://jelly.roboces.dev/web/touchicon.f5bbb798cb2c65908633.png"
|
||||
app_access_group_id = authentik_group.arrs.id
|
||||
}
|
||||
|
||||
|
|
@ -224,7 +232,31 @@ module "tandoor" {
|
|||
app_name = "Tandoor"
|
||||
app_slug = "tandoor"
|
||||
app_access_group_id = ""
|
||||
app_url = "https://recipes.roboces.dev"
|
||||
redirect_uris = [{ matching_mode = "strict", url = "https://recipes.roboces.dev/accounts/oidc/authentik/login/callback/" }]
|
||||
app_icon = "https://recipes.roboces.dev/static/assets/logo_color_192.c9b9177ff941.png"
|
||||
client_id = var.tandoor_client_id
|
||||
client_secret = var.tandoor_client_secret
|
||||
}
|
||||
|
||||
module "ganymede" {
|
||||
source = "../modules/authentik-oidc"
|
||||
app_name = "Ganymede"
|
||||
app_slug = "ganymede"
|
||||
redirect_uris = [{ matching_mode = "strict", url = "https://vods.roboces.dev/api/v1/auth/oauth/callback" }]
|
||||
client_id = var.ganymede_client_id
|
||||
client_secret = var.ganymede_client_secret
|
||||
app_url = "https://vods.roboces.dev"
|
||||
app_icon = "https://vods.roboces.dev/favicon.ico"
|
||||
app_access_group_id = authentik_group.vods.id
|
||||
}
|
||||
|
||||
module "jellyseerr" {
|
||||
source = "../modules/authentik-app"
|
||||
app_name = "Solicitudes Jelly"
|
||||
app_slug = "jellyseer"
|
||||
app_url = "https://requests.roboces.dev"
|
||||
app_icon = "https://requests.roboces.dev/os_icon.svg"
|
||||
app_description = "Solicita series, animes y pelis para ser añadidas automáticamente a Jellyfin"
|
||||
app_access_group_id = authentik_group.arrs.id
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,3 +14,5 @@ TF_VAR_rustical_client_id=
|
|||
TF_VAR_rustical_client_secret=
|
||||
TF_VAR_tandoor_client_id=
|
||||
TF_VAR_tandoor_client_secret=
|
||||
TF_VAR_ganymede_client_id=
|
||||
TF_VAR_ganymede_client_secret=
|
||||
|
|
|
|||
|
|
@ -68,3 +68,13 @@ variable "tandoor_client_secret" {
|
|||
description = "Tandoor client secret"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "ganymede_client_id" {
|
||||
description = "Ganymede client ID"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "ganymede_client_secret" {
|
||||
description = "Ganymede client secret"
|
||||
type = string
|
||||
}
|
||||
|
|
|
|||
26
tofu/modules/authentik-app/main.tf
Normal file
26
tofu/modules/authentik-app/main.tf
Normal file
|
|
@ -0,0 +1,26 @@
|
|||
terraform {
|
||||
required_version = ">= 1.6"
|
||||
required_providers {
|
||||
authentik = {
|
||||
source = "goauthentik/authentik"
|
||||
version = "2025.12.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource "authentik_application" "app" {
|
||||
name = var.app_name
|
||||
slug = var.app_slug
|
||||
open_in_new_tab = var.open_in_new_tab
|
||||
meta_icon = var.app_icon
|
||||
meta_description = var.app_description
|
||||
meta_publisher = var.app_publisher
|
||||
meta_launch_url = var.app_url
|
||||
}
|
||||
|
||||
resource "authentik_policy_binding" "app_access" {
|
||||
target = authentik_application.app.uuid
|
||||
group = var.app_access_group_id
|
||||
order = 0
|
||||
count = var.app_access_group_id != "" ? 1 : 0 # only add it if the group's name exists
|
||||
}
|
||||
62
tofu/modules/authentik-app/vars.tf
Normal file
62
tofu/modules/authentik-app/vars.tf
Normal file
|
|
@ -0,0 +1,62 @@
|
|||
variable "app_name" {
|
||||
description = "App name"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "app_slug" {
|
||||
description = "App slug, a human-readable URL identifier, e.g.: Google -> google"
|
||||
type = string
|
||||
}
|
||||
|
||||
|
||||
variable "client_type" {
|
||||
type = string
|
||||
default = "confidential"
|
||||
|
||||
validation {
|
||||
condition = contains(["confidential", "public"], var.client_type)
|
||||
error_message = "client_type must be 'confidential' or 'public'"
|
||||
}
|
||||
}
|
||||
|
||||
variable "app_access_group_id" {
|
||||
description = "ID of a group which will have access to the app"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "sub_mode" {
|
||||
type = string
|
||||
default = "user_username"
|
||||
|
||||
validation {
|
||||
condition = contains(["user_id", "user_username", "hashed_user_id"], var.sub_mode)
|
||||
error_message = "sub_mode must be 'user_id', 'user_username' or 'hashed_user_id'"
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
variable "open_in_new_tab" {
|
||||
type = bool
|
||||
description = "Open apps in a new tab"
|
||||
default = true
|
||||
}
|
||||
|
||||
variable "app_icon" {
|
||||
type = string
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "app_description" {
|
||||
type = string
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "app_publisher" {
|
||||
type = string
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "app_url" {
|
||||
type = string
|
||||
default = ""
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue