Make link dependencies explicit
Diff
README.md | 1 -
main.tf | 12 ++++++++----
digitalocean/firewall.tf | 33 ++++++++++++++++++---------------
docker/data.tf | 8 --------
docker/gitea.tf | 21 +++++++++------------
docker/images.tf | 10 ----------
docker/lychee.tf | 2 +-
docker/main.tf | 96 ++------------------------------------------------------------------------------
docker/outputs.tf | 12 ++++++++++++
media/ombi.tf | 2 +-
media/radarr.tf | 2 +-
media/sonarr.tf | 2 +-
media/variables.tf | 3 +++
monitoring/cadvisor.tf | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
monitoring/data.tf | 4 ++++
monitoring/images.tf | 5 +++++
monitoring/main.tf | 4 ++--
monitoring/transmission.tf | 2 +-
monitoring/variables.tf | 8 ++++++++
radicale/config | 1 -
tt-rss/variables.tf | 1 +
21 files changed, 128 insertions(+), 153 deletions(-)
@@ -41,7 +41,6 @@
- [Emby](https://store.docker.com/community/images/emby/embyserver) Media Server
- [CouchPotato](https://store.docker.com/community/images/linuxserver/couchpotato), auto-download movies
- [SickRage](https://store.docker.com/community/images/linuxserver/sickrage), auto-download TV shows
- [Transmission](https://store.docker.com/community/images/linuxserver/transmission), to download torrents
- [AirSonic](https://store.docker.com/community/images/airsonic/airsonic), for a music server
- [Ubooquity](https://store.docker.com/community/images/linuxserver/ubooquity), EBooks server with OPDS support
@@ -34,20 +34,24 @@
}
module "tt-rss" {
source = "tt-rss"
domain = "rss.captnemo.in"
source = "tt-rss"
domain = "rss.captnemo.in"
mysql_password = "${var.mysql-ttrss-password}"
links-db = "${module.docker.names-mariadb}"
}
module "media" {
source = "media"
domain = "bb8.fun"
source = "media"
domain = "bb8.fun"
links-emby = "${module.docker.names-emby}"
links-transmission = "${module.docker.names-transmission}"
}
module "monitoring" {
source = "monitoring"
gf-security-admin-password = "${var.gf-security-admin-password}"
domain = "bb8.fun"
transmission = "${module.docker.names-transmission}"
}
module "digitalocean" {
@@ -1,37 +1,38 @@
resource "digitalocean_firewall" "web" {
name = "web-inbound"
inbound_rule = [
{
protocol = "tcp"
port_range = "80"
source_addresses = ["0.0.0.0/0", "::/0"]
protocol = "tcp"
port_range = "80"
source_addresses = ["0.0.0.0/0", "::/0"]
},
{
protocol = "tcp"
port_range = "443"
source_addresses = ["0.0.0.0/0", "::/0"]
protocol = "tcp"
port_range = "443"
source_addresses = ["0.0.0.0/0", "::/0"]
},
]
}
resource "digitalocean_firewall" "ssh" {
name = "ssh-inbound"
inbound_rule = [
{
protocol = "tcp"
port_range = "22"
source_addresses = ["0.0.0.0/0", "::/0"]
protocol = "tcp"
port_range = "22"
source_addresses = ["0.0.0.0/0", "::/0"]
},
{
protocol = "tcp"
port_range = "222"
source_addresses = ["0.0.0.0/0", "::/0"]
protocol = "tcp"
port_range = "222"
source_addresses = ["0.0.0.0/0", "::/0"]
},
{
protocol = "tcp"
port_range = "24"
source_addresses = ["0.0.0.0/0", "::/0"]
protocol = "tcp"
port_range = "24"
source_addresses = ["0.0.0.0/0", "::/0"]
},
]
}
@@ -31,10 +31,6 @@
name = "gitea/gitea:1.4"
}
data "docker_registry_image" "sickrage" {
name = "linuxserver/sickrage:latest"
}
data "docker_registry_image" "airsonic" {
name = "linuxserver/airsonic:latest"
}
@@ -57,10 +53,6 @@
data "docker_registry_image" "headerdebug" {
name = "brndnmtthws/nginx-echo-headers:latest"
}
data "docker_registry_image" "cadvisor" {
name = "google/cadvisor:latest"
}
data "docker_registry_image" "lychee" {
@@ -1,17 +1,17 @@
resource docker_container "gitea" {
name = "gitea"
image = "${docker_image.gitea.latest}"
labels {
"traefik.port" = 3000
"traefik.enable" = "true"
"traefik.frontend.rule" = "Host:git.captnemo.in"
"traefik.frontend.headers.STSSeconds" = "2592000"
"traefik.frontend.headers.browserXSSFilter" = "true"
"traefik.frontend.headers.contentTypeNosniff" = "true"
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
"traefik.port" = 3000
"traefik.enable" = "true"
"traefik.frontend.rule" = "Host:git.captnemo.in"
"traefik.frontend.headers.STSSeconds" = "2592000"
"traefik.frontend.headers.browserXSSFilter" = "true"
"traefik.frontend.headers.contentTypeNosniff" = "true"
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
}
ports {
@@ -51,19 +51,16 @@
content = "${file("${path.module}/conf/humans.txt")}"
file = "/data/gitea/public/humans.txt"
}
upload {
content = "${file("${path.module}/conf/gitea/extra_links.tmpl")}"
file = "/data/gitea/templates/custom/extra_links.tmpl"
}
upload {
content = "${data.template_file.gitea-config-file.rendered}"
file = "/data/gitea/conf/app.ini"
}
memory = 256
restart = "unless-stopped"
destroy_grace_seconds = 10
@@ -28,11 +28,6 @@
pull_triggers = ["${data.docker_registry_image.gitea.sha256_digest}"]
}
resource "docker_image" "sickrage" {
name = "${data.docker_registry_image.sickrage.name}"
pull_triggers = ["${data.docker_registry_image.sickrage.sha256_digest}"]
}
resource "docker_image" "airsonic" {
name = "${data.docker_registry_image.airsonic.name}"
pull_triggers = ["${data.docker_registry_image.airsonic.sha256_digest}"]
@@ -71,11 +66,6 @@
resource "docker_image" "headerdebug" {
name = "${data.docker_registry_image.headerdebug.name}"
pull_triggers = ["${data.docker_registry_image.headerdebug.sha256_digest}"]
}
resource "docker_image" "cadvisor" {
name = "${data.docker_registry_image.cadvisor.name}"
pull_triggers = ["${data.docker_registry_image.cadvisor.sha256_digest}"]
}
resource "docker_image" "lychee" {
@@ -40,5 +40,5 @@
"PGID=984",
]
links = ["mariadb"]
links = ["${docker_container.mariadb.name}"]
}
@@ -124,7 +124,7 @@
"TZ=Asia/Kolkata",
]
links = ["transmission"]
links = ["{docker_container.transmission.name}"]
}
@@ -191,50 +191,6 @@
))}"
}
resource "docker_container" "sickrage" {
name = "sickrage"
image = "${docker_image.sickrage.latest}"
restart = "unless-stopped"
destroy_grace_seconds = 10
must_run = true
memory = 512
volumes {
host_path = "/mnt/xwing/config/sickrage"
container_path = "/config"
}
volumes {
host_path = "/mnt/xwing/media/DL"
container_path = "/downloads"
}
volumes {
host_path = "/mnt/xwing/media/TV"
container_path = "/tv"
}
labels = "${merge(
local.traefik_common_labels,
map(
"traefik.frontend.passHostHeader", "false",
"traefik.frontend.auth.basic", "${var.basic_auth}",
"traefik.port", 8081,
))}"
env = [
"PUID=1004",
"PGID=1003",
"TZ=Asia/Kolkata",
]
links = [
"transmission",
]
}
resource "docker_container" "headphones" {
name = "headphones"
image = "${docker_image.headphones.latest}"
@@ -384,7 +340,7 @@
"traefik.port", 9999,
"traefik.frontend.headers.customResponseHeaders", "${var.xpoweredby}||Referrer-Policy:${var.refpolicy}||X-Frame-Options:${var.xfo_allow}",
))}"
links = ["mongorocks"]
links = ["${docker_container.mongorocks.name}"]
env = [
"WIKI_ADMIN_EMAIL=me@captnemo.in",
"SESSION_SECRET=${var.wiki_session_secret}",
@@ -421,52 +377,4 @@
"PGID=1003",
"TZ=Asia/Kolkata",
]
}
resource "docker_container" "cadvisor" {
name = "cadvisor"
image = "${docker_image.cadvisor.latest}"
memory = 512
restart = "unless-stopped"
destroy_grace_seconds = 10
must_run = true
volumes {
host_path = "/"
container_path = "/rootfs"
read_only = true
}
volumes {
host_path = "/sys"
container_path = "/sys"
read_only = true
}
volumes {
host_path = "/var/lib/docker"
container_path = "/var/lib/docker"
read_only = true
}
volumes {
host_path = "/dev/disk"
container_path = "/dev/disk"
read_only = true
}
volumes {
host_path = "/var/run"
container_path = "/var/run"
}
labels = "${merge(
local.traefik_common_labels,
map(
"traefik.frontend.passHostHeader", "true",
"traefik.frontend.auth.basic", "${var.basic_auth}",
"traefik.port", 8080,
))}"
}
@@ -1,3 +1,15 @@
output "lychee-ip" {
value = "${docker_container.lychee.ip_address}"
}
output "names-transmission" {
value = "${docker_container.transmission.name}"
}
output "names-emby" {
value = "${docker_container.emby.name}"
}
output "names-mariadb" {
value = "${docker_container.mariadb.name}"
}
@@ -36,5 +36,5 @@
"TZ=Asia/Kolkata",
]
links = ["emby"]
links = ["${var.links-emby}"]
}
@@ -51,5 +51,5 @@
"TZ=Asia/Kolkata",
]
links = ["emby", "transmission"]
links = ["${var.links-emby}", "${var.links-transmission}"]
}
@@ -49,5 +49,5 @@
"TZ=Asia/Kolkata",
]
links = ["emby", "transmission"]
links = ["${var.links-emby}", "${var.links-transmission}"]
}
@@ -1,3 +1,6 @@
variable "domain" {
type = "string"
}
variable "links-emby" {}
variable "links-transmission" {}
@@ -1,0 +1,52 @@
resource "docker_container" "cadvisor" {
name = "cadvisor"
image = "${docker_image.cadvisor.latest}"
memory = 512
restart = "unless-stopped"
destroy_grace_seconds = 10
must_run = true
volumes {
host_path = "/"
container_path = "/rootfs"
read_only = true
}
volumes {
host_path = "/sys"
container_path = "/sys"
read_only = true
}
volumes {
host_path = "/var/lib/docker"
container_path = "/var/lib/docker"
read_only = true
}
volumes {
host_path = "/dev/disk"
container_path = "/dev/disk"
read_only = true
}
volumes {
host_path = "/var/run"
container_path = "/var/run"
}
labels {
"traefik.frontend.auth.basic" = "${var.basic_auth}"
"traefik.port" = 8080
"traefik.enable" = "true"
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
"traefik.frontend.headers.STSSeconds" = "2592000"
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
"traefik.frontend.headers.contentTypeNosniff" = "true"
"traefik.frontend.headers.browserXSSFilter" = "true"
"traefik.frontend.passHostHeader" = "true"
"traefik.frontend.headers.customFrameOptionsValue" = "ALLOW-FROM https://home.bb8.fun/"
"traefik.frontend.headers.customResponseHeaders" = "X-Powered-By:Allomancy||X-Server:Blackbox"
}
}
@@ -17,3 +17,7 @@
data "docker_registry_image" "transmission-exporter" {
name = "metalmatze/transmission-exporter"
}
data "docker_registry_image" "cadvisor" {
name = "google/cadvisor:latest"
}
@@ -17,3 +17,8 @@
name = "${data.docker_registry_image.transmission-exporter.name}"
pull_triggers = ["${data.docker_registry_image.transmission-exporter.sha256_digest}"]
}
resource "docker_image" "cadvisor" {
name = "${data.docker_registry_image.cadvisor.name}"
pull_triggers = ["${data.docker_registry_image.cadvisor.sha256_digest}"]
}
@@ -21,7 +21,7 @@
container_path = "/var/lib/grafana"
}
links = ["prometheus"]
links = ["${docker_container.prometheus.name}"]
env = [
"GF_SECURITY_ADMIN_PASSWORD=${var.gf-security-admin-password}",
@@ -52,7 +52,7 @@
file = "/etc/prometheus/prometheus.yml"
}
links = ["nodeexporter", "cadvisor"]
links = ["${docker_container.nodeexporter.name}", "${docker_container.cadvisor.name}"]
restart = "unless-stopped"
destroy_grace_seconds = 10
@@ -1,10 +1,10 @@
resource docker_container "transmission-exporter" {
name = "transmission-exporter"
image = "${docker_image.transmission-exporter.latest}"
links = ["transmission"]
links = ["${var.transmission}"]
env = [
"TRANSMISSION_ADDR=http://transmission:9091",
@@ -6,6 +6,10 @@
type = "string"
}
variable "transmission" {
type = "string"
}
variable "alert-slack-username" {
default = "Prometheus"
}
@@ -16,4 +20,8 @@
variable "alert-slack-incoming-webhook" {
default = "https://hooks.slack.com/whatever"
}
variable "basic_auth" {
default = "tatooine:$2y$05$iPbatint3Gulbs6kUtyALO9Yq5sBJ..aiF82bcIziH4ytz9nFoPr6"
}
@@ -24,7 +24,6 @@
# http://docs.python.org/library/logging.config.html
# config = /config/logging
[headers]
# Additional HTTP headers
@@ -1,5 +1,6 @@
variable "domain" {
type = "string"
}
variable "mysql_password" {}
variable "links-db" {}