Add borg, crawl4ai en open-webui

core-os-podman/authelia.tf

@@ -0,0 +1,120 @@
+
+data "docker_registry_image" "authelia" {
+  name = "ghcr.io/authelia/authelia:latest"
+}
+
+data "docker_registry_image" "authelia-redis" {
+  name = "redis:8"
+}
+
+resource "docker_image" "authelia" {
+  name = data.docker_registry_image.authelia.name
+  pull_triggers = [data.docker_registry_image.authelia.sha256_digest]
+}
+
+
+resource "docker_image" "authelia-redis" {
+  name = data.docker_registry_image.authelia-redis.name
+  pull_triggers = [data.docker_registry_image.authelia-redis.sha256_digest]
+}
+
+resource "docker_network" "authelia-redis" {
+  name = "authelia-redis"
+}
+
+resource "docker_network" "authelia" {
+  name = "authelia"
+}
+
+resource "docker_container" "authelia" {
+  image = docker_image.authelia.image_id
+  name = "authelia"
+  restart = "always"
+
+  env = [
+    "PUID=1000",
+    "PGID=1000",
+    "AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE=/secrets/JWT_SECRET",
+    "AUTHELIA_SESSION_SECRET_FILE=/secrets/SESSION_SECRET",
+    "AUTHELIA_SESSION_REDIS_PASSWORD_FILE=/secrets/REDIS_PASSWORD",
+    "AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE=/secrets/STORAGE_PASSWORD",
+    "AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE=/secrets/STORAGE_ENCRYPTION_KEY",
+    "AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE=/secrets/NOTIFIER_SMTP_PASSWORD"
+  ]
+
+  mounts {
+    target = "/config"
+    source = "/var/lib/containers/authelia/config"
+    type = "bind"
+  }
+
+  mounts {
+    target = "/secrets"
+    source = "/var/lib/containers/authelia/secrets"
+    type = "bind"
+  }
+
+  networks_advanced {
+    name = docker_network.container-public.name
+    ipv4_address = "192.168.3.58"
+  }
+
+  networks_advanced {
+    name = docker_network.authelia.name
+  }
+
+  networks_advanced {
+    name = docker_network.authelia-redis.name
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}
+
+
+resource "docker_container" "authelia-redis" {
+  image = docker_image.authelia-redis.image_id
+  name = "authelia-redis"
+  restart = "always"
+
+  env = [
+    "REDIS_ARGS=--requirepass kI9FkH2gpTlhUQsmWTC7wqb3"
+  ]
+
+  command = [
+    "redis-server",
+    "--save", "900", "1",       # RDB: save after 900s if ≥1 change
+    "--save", "300", "10",      # RDB: save after 300s if ≥10 changes
+    "--save", "60",  "10000",   # RDB: save after 60s if ≥10k changes
+    "--dbfilename", "dump.rdb",
+    "--dir", "/data",
+    "--appendonly", "no",       # Optional: disable AOF to prioritize RDB as requested
+    "--maxmemory", "256mb",
+    "--maxmemory-policy", "allkeys-lru",
+    "--protected-mode", "no",   # Only safe inside isolated Docker network!
+    "--bind", "0.0.0.0",
+    "--port", "6379"
+  ]
+
+  mounts {
+    target = "/data"
+    source = "/var/lib/containers/authelia/redis"
+    type = "bind"
+  }
+
+
+  networks_advanced {
+    name = docker_network.authelia-redis.name
+  }
+
+  lifecycle {
+    ignore_changes = [
+      ulimit,
+      log_opts
+    ]
+  }
+}

core-os-podman/borg.tf

@@ -1,6 +1,6 @@
 
 data "docker_registry_image" "borg" {
-  name = "pschiffe/borg:latest"
+  name = "borgwarehouse/borgwarehouse:latest"
 }
 
 resource "docker_image" "borg" {
@@ -8,27 +8,50 @@ resource "docker_image" "borg" {
   pull_triggers = [data.docker_registry_image.borg.sha256_digest]
 }
 
-
 resource "docker_container" "borg" {
   image = docker_image.borg.image_id
   name = "borg"
   restart = "always"
 
   env = [
-    "BORG_REPO=/borg/repo"
+      "WEB_SERVER_PORT=3000",
+      "SSH_SERVER_PORT=2222",
+      "FQDN=borg.rescla.me",
+      "FQDN_LAN=192.168.3.56",
+      "NEXTAUTH_URL=https://borg.rescla.me",
+      "NEXTAUTH_SECRET=BO/oRBi7pGunZIgNdlaJgmA/+TVc57q4yZUi3mbF4NE=",
+      "UNIX_USER=borgwarehouse",
+      "PUID=3006",
+      "PGID=3006",
+      "CONFIG_PATH=/home/borgwarehouse/app/config",
+      "BORG_REPOSITORY_PATH=/home/borgwarehouse/repos",
+      "SSH_PATH=/home/borgwarehouse/.ssh",
+      "SSH_HOST=/etc/ssh",
+      "NEXT_TELEMETRY_DISABLED=1"
   ]
 
   mounts {
-    target = "/root"
+    target = "/home/borgwarehouse/app/config"
     source = "/var/lib/containers/borg/config"
     type = "bind"
   }
 
-  volumes {
+  mounts {
-    container_path = "/borg/repo"
+    target = "/home/borgwarehouse/.ssh"
-    volume_name = docker_volume.truenas-borg.name
+    source = "/var/lib/containers/borg/sshkeys/clients"
+    type = "bind"
   }
 
+  mounts {
+    target = "/etc/ssh"
+    source = "/var/lib/containers/borg/sshkeys/host"
+    type = "bind"
+  }
+
+  volumes {
+    container_path = "/home/borgwarehouse/repos"
+    volume_name = docker_volume.truenas-borg.name
+  }
 
   lifecycle {
     ignore_changes = [

core-os-podman/open-webui.tf

@@ -36,6 +36,10 @@ resource "docker_container" "open-webui" {
     ipv4_address = "192.168.3.14"
   }
 
+  networks_advanced {
+    name = docker_network.nginx-lb.name
+  }
+
   networks_advanced {
     name = docker_network.ai.name
   }