module "websites" { source = "../../modules/apps/nginx" persistent_folder = local.persistent_folder websites = local.websites } module "rustdesk" { source = "../../modules/apps/rustdesk" persistent_folder = local.persistent_folder fqdn = local.rustdesk_fqdn public_key = var.rustdesk_public_key private_key = var.rustdesk_private_key } module "m3uproxy" { source = "../../modules/apps/m3uproxy" persistent_folder = local.persistent_folder tag = local.m3uproxy_version fqdn = local.m3uproxy_fqdn # Secret and password for M3UProxy secret = var.m3uproxy_secret admin_password = var.m3uproxy_admin_password # GeoIP settings maxmind_account_id = var.maxmind_account_id maxmind_license_key = var.maxmind_license_key geoip_cron_schedule = local.geoip_cron_schedule geoip_editions = local.geoip_editions # Wireguard settings (VPN) wireguard_private_key = var.wireguard_private_key wireguard_public_key = var.wireguard_public_key } module "mail" { source = "../../modules/apps/mail" persistent_folder = local.persistent_folder primary_domain = local.primary_domain email_accounts = local.email_accounts relay_smtp_host = local.scaleway_smtp_host relay_smtp_port = 465 relay_smtp_username = var.scaleway_project_id relay_smtp_password = local.mail_app_api_secret_key fetch_emails_schedule = local.fetch_emails_schedule mail_crypt_private_key = var.mail_crypt_private_key mail_crypt_public_key = var.mail_crypt_public_key ca_pem = var.root_ca_pem # For now we need to use host networking because of the fail2ban integration postfix_use_host_networking = true dovecot_use_host_networking = true } module "gitea" { source = "../../modules/apps/gitea" persistent_folder = local.persistent_folder database_folder = local.database_folder backup_folder = local.gitea_backup_path backup_retention_days = local.local_backup_retention_days backup_cron_schedule = local.gitea_sql_backup_cron_schedule db_root_password = var.mysql_root_password tag = local.gitea_version fqdn = local.gitea_fqdn app_config = { app_name = "A13Labs git repository" domain = local.gitea_fqdn lfs_jwt_secret = var.gitea_lfs_jwt_secret db_passwd = var.gitea_mysql_password jwt_secret = var.gitea_jwt_secret mail_from = "gitea@${local.primary_domain}" no_reply_address = "no-reply@${local.primary_domain}" smtp_user = var.scaleway_project_id db_password = var.gitea_mysql_password smtp_host = local.scaleway_smtp_host smtp_port = local.scaleway_smtp_port smtp_user = var.scaleway_project_id smtp_passwd = local.mail_app_api_secret_key secret_key = var.gitea_secret_key internal_token = var.gitea_internal_token disable_registration = true } } module "trivy" { source = "../../modules/utils/trivy" persistent_folder = local.persistent_folder cron_schedule = local.trivy_cronjob_schedule smtp_host = local.scaleway_smtp_host smtp_port = local.scaleway_smtp_port smtp_username = var.scaleway_project_id smtp_password = local.mail_app_api_secret_key from_email = "trivy@${local.primary_domain}" to_email = "c.alexandre.pires@${local.primary_domain}" } module "ssh_locker_web" { source = "../../modules/apps/ssh_locker_web" duo_client_id = var.server_api_duo_client_id duo_client_secret = var.server_api_duo_client_secret access_token = var.server_api_access_token duo_api_host = "api-7cda1654.duosecurity.com" redirect_uri = "https://alexpires.me/api/ssh_locker/duo-callback" socket_path = "/var/run/ssh_locker/provision.sock" } module "proxy" { source = "../../modules/utils/proxy" auth_token = var.nginx_token_bearer services = local.proxy_services streams = local.streams wireguard_config = local.wireguard_config } module "prometheus" { source = "../../modules/utils/prometheus" persistent_folder = "${local.persistent_folder}/monitoring" config = file("${path.module}/resources/prometheus.yml") } module "fail2ban_exporter" { source = "../../modules/utils/fail2ban-exporter" } module "node_exporter" { source = "../../modules/utils/node-exporter" }