🏡 index : github.com/captn3m0/nebula.git

author Nemo <me@captnemo.in> 2018-02-04 16:06:20.0 +05:30:00
committer Nemo <me@captnemo.in> 2018-02-04 16:06:20.0 +05:30:00
commit
1aaf4e5c4b3032f4abd3e29ecfd71617f4b374c5 [patch]
tree
ecca7d5e39439899f48ad56c97c2a9163ea5fede
parent
db3879358476f6e9845f17e3c8cf6ba8a51ccde9
download
1aaf4e5c4b3032f4abd3e29ecfd71617f4b374c5.tar.gz

Make link dependencies explicit



Diff

 README.md                  |  1 -
 main.tf                    | 12 ++++++++----
 digitalocean/firewall.tf   | 33 ++++++++++++++++++---------------
 docker/data.tf             |  8 --------
 docker/gitea.tf            | 21 +++++++++------------
 docker/images.tf           | 10 ----------
 docker/lychee.tf           |  2 +-
 docker/main.tf             | 96 ++------------------------------------------------------------------------------
 docker/outputs.tf          | 12 ++++++++++++
 media/ombi.tf              |  2 +-
 media/radarr.tf            |  2 +-
 media/sonarr.tf            |  2 +-
 media/variables.tf         |  3 +++
 monitoring/cadvisor.tf     | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 monitoring/data.tf         |  4 ++++
 monitoring/images.tf       |  5 +++++
 monitoring/main.tf         |  4 ++--
 monitoring/transmission.tf |  2 +-
 monitoring/variables.tf    |  8 ++++++++
 radicale/config            |  1 -
 tt-rss/variables.tf        |  1 +
 21 files changed, 128 insertions(+), 153 deletions(-)

diff --git a/README.md b/README.md
index 32af9d3..7142736 100644
--- a/README.md
+++ a/README.md
@@ -41,7 +41,6 @@

- [Emby](https://store.docker.com/community/images/emby/embyserver) Media Server
- [CouchPotato](https://store.docker.com/community/images/linuxserver/couchpotato), auto-download movies
- [SickRage](https://store.docker.com/community/images/linuxserver/sickrage), auto-download TV shows
- [Transmission](https://store.docker.com/community/images/linuxserver/transmission), to download torrents
- [AirSonic](https://store.docker.com/community/images/airsonic/airsonic), for a music server
- [Ubooquity](https://store.docker.com/community/images/linuxserver/ubooquity), EBooks server with OPDS support
diff --git a/main.tf b/main.tf
index 633924b..be76f6a 100644
--- a/main.tf
+++ a/main.tf
@@ -34,20 +34,24 @@
}

module "tt-rss" {

  source = "tt-rss"
  domain = "rss.captnemo.in"
  source         = "tt-rss"
  domain         = "rss.captnemo.in"
  mysql_password = "${var.mysql-ttrss-password}"
  links-db       = "${module.docker.names-mariadb}"
}

module "media" {

  source = "media"
  domain = "bb8.fun"
  source             = "media"
  domain             = "bb8.fun"
  links-emby         = "${module.docker.names-emby}"
  links-transmission = "${module.docker.names-transmission}"
}

module "monitoring" {

  source                     = "monitoring"
  gf-security-admin-password = "${var.gf-security-admin-password}"
  domain                     = "bb8.fun"
  transmission               = "${module.docker.names-transmission}"
}

module "digitalocean" {

diff --git a/digitalocean/firewall.tf b/digitalocean/firewall.tf
index 1f42ad3..919e8a9 100644
--- a/digitalocean/firewall.tf
+++ a/digitalocean/firewall.tf
@@ -1,37 +1,38 @@
resource "digitalocean_firewall" "web" {

  name = "web-inbound"

  inbound_rule = [

    {
      protocol           = "tcp"
      port_range         = "80"
      source_addresses   = ["0.0.0.0/0", "::/0"]
      protocol         = "tcp"
      port_range       = "80"
      source_addresses = ["0.0.0.0/0", "::/0"]
    },
    {
      protocol           = "tcp"
      port_range         = "443"
      source_addresses   = ["0.0.0.0/0", "::/0"]
      protocol         = "tcp"
      port_range       = "443"
      source_addresses = ["0.0.0.0/0", "::/0"]
    },
  ]
}

resource "digitalocean_firewall" "ssh" {

  name = "ssh-inbound"

  inbound_rule = [

    {
      protocol           = "tcp"
      port_range         = "22"
      source_addresses   = ["0.0.0.0/0", "::/0"]
      protocol         = "tcp"
      port_range       = "22"
      source_addresses = ["0.0.0.0/0", "::/0"]
    },
    {
      protocol           = "tcp"
      port_range         = "222"
      source_addresses   = ["0.0.0.0/0", "::/0"]
      protocol         = "tcp"
      port_range       = "222"
      source_addresses = ["0.0.0.0/0", "::/0"]
    },
    {
      protocol           = "tcp"
      port_range         = "24"
      source_addresses   = ["0.0.0.0/0", "::/0"]
      protocol         = "tcp"
      port_range       = "24"
      source_addresses = ["0.0.0.0/0", "::/0"]
    },

  ]
}
diff --git a/docker/data.tf b/docker/data.tf
index f8d0500..a7437fa 100644
--- a/docker/data.tf
+++ a/docker/data.tf
@@ -31,10 +31,6 @@
  name = "gitea/gitea:1.4"
}

data "docker_registry_image" "sickrage" {

  name = "linuxserver/sickrage:latest"
}

data "docker_registry_image" "airsonic" {

  name = "linuxserver/airsonic:latest"
}
@@ -57,10 +53,6 @@

data "docker_registry_image" "headerdebug" {

  name = "brndnmtthws/nginx-echo-headers:latest"
}

data "docker_registry_image" "cadvisor" {

  name = "google/cadvisor:latest"
}

data "docker_registry_image" "lychee" {

diff --git a/docker/gitea.tf b/docker/gitea.tf
index e1df694..732cf0d 100644
--- a/docker/gitea.tf
+++ a/docker/gitea.tf
@@ -1,17 +1,17 @@
resource docker_container "gitea" {

  name  = "gitea"
  image = "${docker_image.gitea.latest}"

  labels {

    "traefik.port"                                     = 3000

    "traefik.enable"                                   = "true"

    "traefik.frontend.rule"                            = "Host:git.captnemo.in"

    "traefik.frontend.headers.STSSeconds"              = "2592000"

    "traefik.frontend.headers.browserXSSFilter"        = "true"

    "traefik.frontend.headers.contentTypeNosniff"      = "true"

    "traefik.frontend.headers.SSLTemporaryRedirect"    = "true"

    "traefik.frontend.headers.STSIncludeSubdomains"    = "false"

    "traefik.frontend.headers.customResponseHeaders"   = "${var.xpoweredby}"

    "traefik.port"                                   = 3000

    "traefik.enable"                                 = "true"

    "traefik.frontend.rule"                          = "Host:git.captnemo.in"

    "traefik.frontend.headers.STSSeconds"            = "2592000"

    "traefik.frontend.headers.browserXSSFilter"      = "true"

    "traefik.frontend.headers.contentTypeNosniff"    = "true"

    "traefik.frontend.headers.SSLTemporaryRedirect"  = "true"

    "traefik.frontend.headers.STSIncludeSubdomains"  = "false"

    "traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"

  }

  ports {

@@ -51,19 +51,16 @@
    content = "${file("${path.module}/conf/humans.txt")}"
    file    = "/data/gitea/public/humans.txt"
  }

  # Extra Links in header
  upload {

    content = "${file("${path.module}/conf/gitea/extra_links.tmpl")}"
    file    = "/data/gitea/templates/custom/extra_links.tmpl"
  }

  # This is the main configuration file
  upload {

    content = "${data.template_file.gitea-config-file.rendered}"
    file    = "/data/gitea/conf/app.ini"
  }

  memory                = 256
  restart               = "unless-stopped"
  destroy_grace_seconds = 10
diff --git a/docker/images.tf b/docker/images.tf
index 1ee1c53..8888695 100644
--- a/docker/images.tf
+++ a/docker/images.tf
@@ -28,11 +28,6 @@
  pull_triggers = ["${data.docker_registry_image.gitea.sha256_digest}"]
}

resource "docker_image" "sickrage" {

  name          = "${data.docker_registry_image.sickrage.name}"
  pull_triggers = ["${data.docker_registry_image.sickrage.sha256_digest}"]
}

resource "docker_image" "airsonic" {

  name          = "${data.docker_registry_image.airsonic.name}"
  pull_triggers = ["${data.docker_registry_image.airsonic.sha256_digest}"]
@@ -71,11 +66,6 @@
resource "docker_image" "headerdebug" {

  name          = "${data.docker_registry_image.headerdebug.name}"
  pull_triggers = ["${data.docker_registry_image.headerdebug.sha256_digest}"]
}

resource "docker_image" "cadvisor" {

  name          = "${data.docker_registry_image.cadvisor.name}"
  pull_triggers = ["${data.docker_registry_image.cadvisor.sha256_digest}"]
}

resource "docker_image" "lychee" {

diff --git a/docker/lychee.tf b/docker/lychee.tf
index 074a902..4f40ae8 100644
--- a/docker/lychee.tf
+++ a/docker/lychee.tf
@@ -40,5 +40,5 @@
    "PGID=984",
  ]

  links = ["mariadb"]
  links = ["${docker_container.mariadb.name}"]
}
diff --git a/docker/main.tf b/docker/main.tf
index 892d86f..a4d1020 100644
--- a/docker/main.tf
+++ a/docker/main.tf
@@ -124,7 +124,7 @@
    "TZ=Asia/Kolkata",
  ]

  links = ["transmission"]
  links = ["{docker_container.transmission.name}"]
}

# resource "docker_container" "airsonic" {
@@ -191,50 +191,6 @@
    ))}"
}

resource "docker_container" "sickrage" {

  name  = "sickrage"
  image = "${docker_image.sickrage.latest}"

  restart               = "unless-stopped"
  destroy_grace_seconds = 10
  must_run              = true

  memory = 512

  volumes {

    host_path      = "/mnt/xwing/config/sickrage"
    container_path = "/config"
  }

  volumes {

    host_path      = "/mnt/xwing/media/DL"
    container_path = "/downloads"
  }

  volumes {

    host_path      = "/mnt/xwing/media/TV"
    container_path = "/tv"
  }

  labels = "${merge(

    local.traefik_common_labels,
    map(
      "traefik.frontend.passHostHeader", "false",
      "traefik.frontend.auth.basic", "${var.basic_auth}",
      "traefik.port", 8081,
    ))}"

  env = [

    "PUID=1004",
    "PGID=1003",
    "TZ=Asia/Kolkata",
  ]

  links = [

    "transmission",
  ]
}

resource "docker_container" "headphones" {

  name  = "headphones"
  image = "${docker_image.headphones.latest}"
@@ -384,7 +340,7 @@
      "traefik.port", 9999,
      "traefik.frontend.headers.customResponseHeaders", "${var.xpoweredby}||Referrer-Policy:${var.refpolicy}||X-Frame-Options:${var.xfo_allow}",
    ))}"
  links = ["mongorocks"]
  links = ["${docker_container.mongorocks.name}"]
  env = [

    "WIKI_ADMIN_EMAIL=me@captnemo.in",
    "SESSION_SECRET=${var.wiki_session_secret}",
@@ -421,52 +377,4 @@
    "PGID=1003",
    "TZ=Asia/Kolkata",
  ]
}

resource "docker_container" "cadvisor" {

  name   = "cadvisor"
  image  = "${docker_image.cadvisor.latest}"
  memory = 512

  restart               = "unless-stopped"
  destroy_grace_seconds = 10
  must_run              = true

  volumes {

    host_path      = "/"
    container_path = "/rootfs"
    read_only      = true
  }

  volumes {

    host_path      = "/sys"
    container_path = "/sys"
    read_only      = true
  }

  volumes {

    host_path      = "/var/lib/docker"
    container_path = "/var/lib/docker"
    read_only      = true
  }

  volumes {

    host_path      = "/dev/disk"
    container_path = "/dev/disk"
    read_only      = true
  }

  volumes {

    host_path      = "/var/run"
    container_path = "/var/run"
  }

  labels = "${merge(

    local.traefik_common_labels,
    map(

      "traefik.frontend.passHostHeader", "true",
      "traefik.frontend.auth.basic", "${var.basic_auth}",
      "traefik.port", 8080,
    ))}"
}
diff --git a/docker/outputs.tf b/docker/outputs.tf
index 2cdad4b..0551305 100644
--- a/docker/outputs.tf
+++ a/docker/outputs.tf
@@ -1,3 +1,15 @@
output "lychee-ip" {

  value = "${docker_container.lychee.ip_address}"
}

output "names-transmission" {

  value = "${docker_container.transmission.name}"
}

output "names-emby" {

  value = "${docker_container.emby.name}"
}

output "names-mariadb" {

  value = "${docker_container.mariadb.name}"
}
diff --git a/media/ombi.tf b/media/ombi.tf
index 9d387dc..656b128 100644
--- a/media/ombi.tf
+++ a/media/ombi.tf
@@ -36,5 +36,5 @@
    "TZ=Asia/Kolkata",
  ]

  links = ["emby"]
  links = ["${var.links-emby}"]
}
diff --git a/media/radarr.tf b/media/radarr.tf
index b198e4d..6ee7596 100644
--- a/media/radarr.tf
+++ a/media/radarr.tf
@@ -51,5 +51,5 @@
    "TZ=Asia/Kolkata",
  ]

  links = ["emby", "transmission"]
  links = ["${var.links-emby}", "${var.links-transmission}"]
}
diff --git a/media/sonarr.tf b/media/sonarr.tf
index 6c9a451..d464286 100644
--- a/media/sonarr.tf
+++ a/media/sonarr.tf
@@ -49,5 +49,5 @@
    "TZ=Asia/Kolkata",
  ]

  links = ["emby", "transmission"]
  links = ["${var.links-emby}", "${var.links-transmission}"]
}
diff --git a/media/variables.tf b/media/variables.tf
index 10fc457..fe92903 100644
--- a/media/variables.tf
+++ a/media/variables.tf
@@ -1,3 +1,6 @@
variable "domain" {

  type = "string"
}

variable "links-emby" {}
variable "links-transmission" {}
diff --git a/monitoring/cadvisor.tf b/monitoring/cadvisor.tf
new file mode 100644
index 0000000..9383f1c 100644
--- /dev/null
+++ a/monitoring/cadvisor.tf
@@ -1,0 +1,52 @@
resource "docker_container" "cadvisor" {

  name   = "cadvisor"
  image  = "${docker_image.cadvisor.latest}"
  memory = 512

  restart               = "unless-stopped"
  destroy_grace_seconds = 10
  must_run              = true

  volumes {

    host_path      = "/"
    container_path = "/rootfs"
    read_only      = true
  }

  volumes {

    host_path      = "/sys"
    container_path = "/sys"
    read_only      = true
  }

  volumes {

    host_path      = "/var/lib/docker"
    container_path = "/var/lib/docker"
    read_only      = true
  }

  volumes {

    host_path      = "/dev/disk"
    container_path = "/dev/disk"
    read_only      = true
  }

  volumes {

    host_path      = "/var/run"
    container_path = "/var/run"
  }

  labels {

    "traefik.frontend.auth.basic"                      = "${var.basic_auth}"

    "traefik.port"                                     = 8080

    "traefik.enable"                                   = "true"

    "traefik.frontend.headers.SSLTemporaryRedirect"    = "true"

    "traefik.frontend.headers.STSSeconds"              = "2592000"

    "traefik.frontend.headers.STSIncludeSubdomains"    = "false"

    "traefik.frontend.headers.contentTypeNosniff"      = "true"

    "traefik.frontend.headers.browserXSSFilter"        = "true"

    "traefik.frontend.passHostHeader"                  = "true"

    "traefik.frontend.headers.customFrameOptionsValue" = "ALLOW-FROM https://home.bb8.fun/"

    "traefik.frontend.headers.customResponseHeaders"   = "X-Powered-By:Allomancy||X-Server:Blackbox"

  }
}
diff --git a/monitoring/data.tf b/monitoring/data.tf
index 344dcc3..06318f0 100644
--- a/monitoring/data.tf
+++ a/monitoring/data.tf
@@ -17,3 +17,7 @@
data "docker_registry_image" "transmission-exporter" {

  name = "metalmatze/transmission-exporter"
}

data "docker_registry_image" "cadvisor" {

  name = "google/cadvisor:latest"
}
diff --git a/monitoring/images.tf b/monitoring/images.tf
index 46b903d..ff88514 100644
--- a/monitoring/images.tf
+++ a/monitoring/images.tf
@@ -17,3 +17,8 @@
  name          = "${data.docker_registry_image.transmission-exporter.name}"
  pull_triggers = ["${data.docker_registry_image.transmission-exporter.sha256_digest}"]
}

resource "docker_image" "cadvisor" {

  name          = "${data.docker_registry_image.cadvisor.name}"
  pull_triggers = ["${data.docker_registry_image.cadvisor.sha256_digest}"]
}
diff --git a/monitoring/main.tf b/monitoring/main.tf
index 9ed8ac5..22b8600 100644
--- a/monitoring/main.tf
+++ a/monitoring/main.tf
@@ -21,7 +21,7 @@
    container_path = "/var/lib/grafana"
  }

  links = ["prometheus"]
  links = ["${docker_container.prometheus.name}"]

  env = [

    "GF_SECURITY_ADMIN_PASSWORD=${var.gf-security-admin-password}",
@@ -52,7 +52,7 @@
    file    = "/etc/prometheus/prometheus.yml"
  }

  links = ["nodeexporter", "cadvisor"]
  links = ["${docker_container.nodeexporter.name}", "${docker_container.cadvisor.name}"]

  restart               = "unless-stopped"
  destroy_grace_seconds = 10
diff --git a/monitoring/transmission.tf b/monitoring/transmission.tf
index 2019849..0ef474b 100644
--- a/monitoring/transmission.tf
+++ a/monitoring/transmission.tf
@@ -1,10 +1,10 @@
# Transmission Exporter for prometheus
# https://github.com/metalmatze/transmission-exporter
resource docker_container "transmission-exporter" {

  name  = "transmission-exporter"
  image = "${docker_image.transmission-exporter.latest}"

  links = ["transmission"]
  links = ["${var.transmission}"]

  env = [

    "TRANSMISSION_ADDR=http://transmission:9091",
diff --git a/monitoring/variables.tf b/monitoring/variables.tf
index 7f698e3..5190320 100644
--- a/monitoring/variables.tf
+++ a/monitoring/variables.tf
@@ -6,6 +6,10 @@
  type = "string"
}

variable "transmission" {

  type = "string"
}

variable "alert-slack-username" {

  default = "Prometheus"
}
@@ -16,4 +20,8 @@

variable "alert-slack-incoming-webhook" {

  default = "https://hooks.slack.com/whatever"
}

variable "basic_auth" {

  default = "tatooine:$2y$05$iPbatint3Gulbs6kUtyALO9Yq5sBJ..aiF82bcIziH4ytz9nFoPr6"
}
diff --git a/radicale/config b/radicale/config
index 6e9e73f..f0a9a1a 100644
--- a/radicale/config
+++ a/radicale/config
@@ -24,7 +24,6 @@
# http://docs.python.org/library/logging.config.html
# config = /config/logging


[headers]

# Additional HTTP headers
diff --git a/tt-rss/variables.tf b/tt-rss/variables.tf
index 882c3d4..d7b9562 100644
--- a/tt-rss/variables.tf
+++ a/tt-rss/variables.tf
@@ -1,5 +1,6 @@
variable "domain" {

  type = "string"
}

variable "mysql_password" {}
variable "links-db" {}