github.com/captn3m0/nebula.git

author	Nemo <me@captnemo.in>	2018-02-07 1:15:41.0 +05:30:00
committer	Nemo <me@captnemo.in>	2018-02-07 1:15:41.0 +05:30:00
commit	6275e7773d01b2634f1802cbaebc28674ace1b59 [patch]
tree	e0c839fe08c1d8e96014a7ba60dbeb040c93206c
parent	b4345810f57a38a567095e198416bab51d5f1108
download	6275e7773d01b2634f1802cbaebc28674ace1b59.tar.gz

Move docker containers to own files

- Will be easier to refactor later

Diff

 main.tf                 |   1 +
 docker/airsonic.tf      |  44 ++++++++++++++++++++++++++++++++++++++++++++
 docker/couchpotato.tf   |  40 ++++++++++++++++++++++++++++++++++++++++
 docker/data.tf          |   2 --
 docker/debug.tf         |  18 ++++++++++++++++++
 docker/emby.tf          |  36 ++++++++++++++++++++++++++++++++++++
 docker/headphones.tf    |  43 +++++++++++++++++++++++++++++++++++++++++++
 docker/lychee.tf        |  18 +++++-------------
 docker/main.tf          | 379 --------------------------------------------------------------------------------
 docker/muximux.tf       |  31 +++++++++++++++++++++++++++++++
 docker/transmission.tf  |  49 +++++++++++++++++++++++++++++++++++++++++++++++++
 docker/ubooquity.tf     |  59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 docker/wiki.tf          |  53 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 monitoring/cadvisor.tf  |  19 ++++++-------------
 monitoring/main.tf      |  18 +++++-------------
 monitoring/variables.tf |   4 ++++
 docker/conf/humans.txt  |   2 +-
 17 files changed, 395 insertions(+), 421 deletions(-)

diff --git a/main.tf b/main.tf
index 4ef5466..ad566d2 100644
--- a/main.tf
+++ a/main.tf
@@ -62,6 +62,7 @@
  gf-security-admin-password = "${var.gf-security-admin-password}"
  domain                     = "bb8.fun"
  transmission               = "${module.docker.names-transmission}"
  traefik-labels     = "${var.traefik-common-labels}"
}

module "digitalocean" {

diff --git a/docker/airsonic.tf b/docker/airsonic.tf
new file mode 100644
index 0000000..c246119 100644
--- /dev/null
+++ a/docker/airsonic.tf
@@ -1,0 +1,44 @@
# resource "docker_container" "airsonic" {
#   name  = "airsonic"
#   image = "${docker_image.airsonic.latest}"

#   restart               = "unless-stopped"
#   destroy_grace_seconds = 30
#   must_run              = true
#   memory                = 800

#   volumes {
#     host_path      = "/mnt/xwing/config/airsonic/data"
#     container_path = "/config"
#   }

#   volumes {
#     host_path      = "/mnt/xwing/media/Music"
#     container_path = "/music"
#   }

#   volumes {
#     host_path      = "/mnt/xwing/config/airsonic/playlists"
#     container_path = "/playlists"
#   }

#   volumes {
#     host_path      = "/mnt/xwing/config/airsonic/podcasts"
#     container_path = "/podcasts"
#   }

#   labels {
#     "traefik.enable"                  = "true"
#     "traefik.port"                    = "4040"
#     "traefik.frontend.rule"           = "Host:airsonic.in.${var.domain},airsonic.${var.domain}"
#     "traefik.frontend.passHostHeader" = "true"
#   }

#   # lounge:tatooine
#   env = [
#     "PUID=1004",
#     "PGID=1003",
#     "TZ=Asia/Kolkata",
#     "CONTEXT_PATH=https://airsonic.bb8.fun",
#   ]
# }
diff --git a/docker/couchpotato.tf b/docker/couchpotato.tf
new file mode 100644
index 0000000..0fcc605 100644
--- /dev/null
+++ a/docker/couchpotato.tf
@@ -1,0 +1,40 @@
resource "docker_container" "couchpotato" {

  name  = "couchpotato"
  image = "${docker_image.couchpotato.latest}"

  volumes {

    host_path      = "/mnt/xwing/config/couchpotato"
    container_path = "/config"
  }

  volumes {

    host_path      = "/mnt/xwing/media/DL"
    container_path = "/downloads"
  }

  volumes {

    host_path      = "/mnt/xwing/media/Movies"
    container_path = "/movies"
  }

  labels = "${merge(

    local.traefik_common_labels,
    map(
      "traefik.frontend.auth.basic", "${var.basic_auth}",
      "traefik.port", 5050,
    ))}"

  memory                = 256
  restart               = "unless-stopped"
  destroy_grace_seconds = 10
  must_run              = true

  # Running as lounge:tatooine
  env = [

    "PUID=1004",
    "PGID=1003",
    "TZ=Asia/Kolkata",
  ]

  links = ["{docker_container.transmission.name}"]
}
diff --git a/docker/data.tf b/docker/data.tf
index 0362f29..37d2827 100644
--- a/docker/data.tf
+++ a/docker/data.tf
@@ -8,8 +8,6 @@
  name = "jadsonlourenco/mongo-rocks:latest"
}

# Leave all other apps at latesst

data "docker_registry_image" "emby" {

  name = "emby/embyserver:latest"
}
diff --git a/docker/debug.tf b/docker/debug.tf
new file mode 100644
index 0000000..c14bc65 100644
--- /dev/null
+++ a/docker/debug.tf
@@ -1,0 +1,18 @@
resource "docker_container" "headerdebug" {

  name  = "headerdebug"
  image = "${docker_image.headerdebug.latest}"

  restart               = "unless-stopped"
  destroy_grace_seconds = 30
  must_run              = true

  memory = 16

  labels = "${merge(

    local.traefik_common_labels,
    map(
      "traefik.frontend.rule", "Host:debug.in.${var.domain},debug.${var.domain}",
      "traefik.port", 8080,
      "traefik.enable", "true",
    ))}"
}
diff --git a/docker/emby.tf b/docker/emby.tf
new file mode 100644
index 0000000..c3f09e1 100644
--- /dev/null
+++ a/docker/emby.tf
@@ -1,0 +1,36 @@
resource "docker_container" "emby" {

  name  = "emby"
  image = "${docker_image.emby.latest}"

  volumes {

    host_path      = "/mnt/xwing/config/emby"
    container_path = "/config"
  }

  volumes {

    host_path      = "/mnt/xwing/media"
    container_path = "/media"
  }

  labels = "${merge(

    local.traefik_common_labels,
    map(
      "traefik.frontend.rule", "Host:emby.in.${var.domain},emby.${var.domain}",
      "traefik.frontend.passHostHeader", "true",
      "traefik.port", 8096,
    ))}"

  memory                = 2048
  restart               = "unless-stopped"
  destroy_grace_seconds = 10
  must_run              = true

  # Running as lounge:tatooine
  env = [

    "APP_USER=lounge",
    "APP_UID=1004",
    "APP_GID=1003",
    "APP_CONFIG=/mnt/xwing/config",
    "TZ=Asia/Kolkata",
  ]
}
diff --git a/docker/headphones.tf b/docker/headphones.tf
new file mode 100644
index 0000000..bda2c44 100644
--- /dev/null
+++ a/docker/headphones.tf
@@ -1,0 +1,43 @@
resource "docker_container" "headphones" {

  name  = "headphones"
  image = "${docker_image.headphones.latest}"

  restart               = "unless-stopped"
  destroy_grace_seconds = 10
  must_run              = true
  memory                = 128

  volumes {

    host_path      = "/mnt/xwing/config/headphones"
    container_path = "/config"
  }

  volumes {

    host_path      = "/mnt/xwing/media/DL"
    container_path = "/downloads"
  }

  volumes {

    host_path      = "/mnt/xwing/media/Music"
    container_path = "/music"
  }

  upload {

    content = "${file("${path.module}/conf/headphones.ini")}"
    file    = "/config/config.ini"
  }

  labels = "${merge(

    local.traefik_common_labels,
    map(
      "traefik.frontend.auth.basic", "${var.basic_auth}",
      "traefik.port", 8181,
    ))}"

  # lounge:tatooine
  env = [

    "PUID=1004",
    "PGID=1003",
    "TZ=Asia/Kolkata",
  ]
}
diff --git a/docker/lychee.tf b/docker/lychee.tf
index 4f40ae8..3f5476b 100644
--- a/docker/lychee.tf
+++ a/docker/lychee.tf
@@ -21,19 +21,11 @@
    file    = "/config/lychee/user.ini"
  }

  labels {

    "traefik.port"                                     = 80

    "traefik.frontend.passHostHeader"                  = "false"

    "traefik.enable"                                   = "true"

    "traefik.frontend.headers.SSLTemporaryRedirect"    = "true"

    "traefik.frontend.headers.STSIncludeSubdomains"    = "false"

    "traefik.frontend.headers.contentTypeNosniff"      = "true"

    "traefik.frontend.headers.browserXSSFilter"        = "true"

    "traefik.frontend.headers.STSSeconds"              = "2592000"

    "traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"

    "traefik.frontend.headers.customResponseHeaders"   = "${var.xpoweredby}"

    "traefik.frontend.rule"                            = "Host:pics.${var.domain},pics.in.${var.domain}"

  }
  labels = "${merge(

    locals.traefik_common_labels, map(
      "traefik.port", 80,
      "traefik.frontend.rule","Host:pics.${var.domain},pics.in.${var.domain}"
  ))}"

  env = [

    "PUID=986",
diff --git a/docker/main.tf b/docker/main.tf
index 1436b3a..e69de29 100644
--- a/docker/main.tf
+++ a/docker/main.tf
@@ -1,379 +1,0 @@
resource docker_container "transmission" {

  name  = "transmission"
  image = "${docker_image.transmission.latest}"

  labels = "${merge(

    local.traefik_common_labels,
    map(
      "traefik.frontend.auth.basic", "${var.basic_auth}",
      "traefik.port", 9091,
    ))}"

  ports {

    internal = 51413
    external = 51413
    ip       = "${var.ips["eth0"]}"
    protocol = "udp"
  }

  volumes {

    host_path      = "/mnt/xwing/config/transmission"
    container_path = "/config"
  }

  volumes {

    host_path      = "/mnt/xwing/media/DL"
    container_path = "/downloads"
  }

  volumes {

    host_path      = "/mnt/xwing/data/watch/transmission"
    container_path = "/watch"
  }

  upload {

    content = "${file("${path.module}/conf/transmission.json")}"
    file    = "/config/settings.json"
  }

  env = [

    "PGID=1003",
    "PUID=1000",
    "TZ=Asia/Kolkata",
  ]

  memory                = 1024
  restart               = "unless-stopped"
  destroy_grace_seconds = 10
  must_run              = true
}

resource "docker_container" "emby" {

  name  = "emby"
  image = "${docker_image.emby.latest}"

  volumes {

    host_path      = "/mnt/xwing/config/emby"
    container_path = "/config"
  }

  volumes {

    host_path      = "/mnt/xwing/media"
    container_path = "/media"
  }

  labels = "${merge(

    local.traefik_common_labels,
    map(
      "traefik.frontend.rule", "Host:emby.in.${var.domain},emby.${var.domain}",
      "traefik.frontend.passHostHeader", "true",
      "traefik.port", 8096,
    ))}"

  memory                = 2048
  restart               = "unless-stopped"
  destroy_grace_seconds = 10
  must_run              = true

  # Running as lounge:tatooine
  env = [

    "APP_USER=lounge",
    "APP_UID=1004",
    "APP_GID=1003",
    "APP_CONFIG=/mnt/xwing/config",
    "TZ=Asia/Kolkata",
  ]
}

resource "docker_container" "couchpotato" {

  name  = "couchpotato"
  image = "${docker_image.couchpotato.latest}"

  volumes {

    host_path      = "/mnt/xwing/config/couchpotato"
    container_path = "/config"
  }

  volumes {

    host_path      = "/mnt/xwing/media/DL"
    container_path = "/downloads"
  }

  volumes {

    host_path      = "/mnt/xwing/media/Movies"
    container_path = "/movies"
  }

  labels = "${merge(

    local.traefik_common_labels,
    map(
      "traefik.frontend.auth.basic", "${var.basic_auth}",
      "traefik.port", 5050,
    ))}"

  memory                = 256
  restart               = "unless-stopped"
  destroy_grace_seconds = 10
  must_run              = true

  # Running as lounge:tatooine
  env = [

    "PUID=1004",
    "PGID=1003",
    "TZ=Asia/Kolkata",
  ]

  links = ["{docker_container.transmission.name}"]
}

# resource "docker_container" "airsonic" {
#   name  = "airsonic"
#   image = "${docker_image.airsonic.latest}"

#   restart               = "unless-stopped"
#   destroy_grace_seconds = 30
#   must_run              = true
#   memory                = 800

#   volumes {
#     host_path      = "/mnt/xwing/config/airsonic/data"
#     container_path = "/config"
#   }

#   volumes {
#     host_path      = "/mnt/xwing/media/Music"
#     container_path = "/music"
#   }

#   volumes {
#     host_path      = "/mnt/xwing/config/airsonic/playlists"
#     container_path = "/playlists"
#   }

#   volumes {
#     host_path      = "/mnt/xwing/config/airsonic/podcasts"
#     container_path = "/podcasts"
#   }

#   labels {
#     "traefik.enable"                  = "true"
#     "traefik.port"                    = "4040"
#     "traefik.frontend.rule"           = "Host:airsonic.in.${var.domain},airsonic.${var.domain}"
#     "traefik.frontend.passHostHeader" = "true"
#   }

#   # lounge:tatooine
#   env = [
#     "PUID=1004",
#     "PGID=1003",
#     "TZ=Asia/Kolkata",
#     "CONTEXT_PATH=https://airsonic.bb8.fun",
#   ]
# }

resource "docker_container" "headerdebug" {

  name  = "headerdebug"
  image = "${docker_image.headerdebug.latest}"

  restart               = "unless-stopped"
  destroy_grace_seconds = 30
  must_run              = true

  memory = 16

  labels = "${merge(

    local.traefik_common_labels,
    map(
      "traefik.frontend.rule", "Host:debug.in.${var.domain},debug.${var.domain}",
      "traefik.port", 8080,
      "traefik.enable", "true",
    ))}"
}

resource "docker_container" "headphones" {

  name  = "headphones"
  image = "${docker_image.headphones.latest}"

  restart               = "unless-stopped"
  destroy_grace_seconds = 10
  must_run              = true
  memory                = 128

  volumes {

    host_path      = "/mnt/xwing/config/headphones"
    container_path = "/config"
  }

  volumes {

    host_path      = "/mnt/xwing/media/DL"
    container_path = "/downloads"
  }

  volumes {

    host_path      = "/mnt/xwing/media/Music"
    container_path = "/music"
  }

  upload {

    content = "${file("${path.module}/conf/headphones.ini")}"
    file    = "/config/config.ini"
  }

  labels = "${merge(

    local.traefik_common_labels,
    map(
      "traefik.frontend.auth.basic", "${var.basic_auth}",
      "traefik.port", 8181,
    ))}"

  # lounge:tatooine
  env = [

    "PUID=1004",
    "PGID=1003",
    "TZ=Asia/Kolkata",
  ]
}

resource "docker_container" "ubooquity" {

  name  = "ubooquity"
  image = "${docker_image.ubooquity.latest}"

  restart               = "unless-stopped"
  destroy_grace_seconds = 30
  must_run              = true

  volumes {

    host_path      = "/mnt/xwing/config/ubooquity"
    container_path = "/config"
  }

  volumes {

    host_path      = "/mnt/xwing/media/EBooks"
    container_path = "/books"
  }

  volumes {

    host_path      = "/mnt/xwing/media/EBooks"
    container_path = "/files"
  }

  volumes {

    host_path      = "/mnt/xwing/media/EBooks/Comics"
    container_path = "/comics"
  }

  labels {

    "traefik.enable" = "true"


    "traefik.admin.port"                = 2203

    "traefik.admin.frontend.rule"       = "Host:library.${var.domain}"

    "traefik.admin.frontend.auth.basic" = "${var.basic_auth}"


    "traefik.read.port"          = 2202

    "traefik.read.frontend.rule" = "Host:read.${var.domain}"


    "traefik.read.frontend.headers.SSLTemporaryRedirect"  = "true"

    "traefik.read.frontend.headers.STSSeconds"            = "2592000"

    "traefik.read.frontend.headers.STSIncludeSubdomains"  = "false"

    "traefik.read.frontend.headers.contentTypeNosniff"    = "true"

    "traefik.read.frontend.headers.browserXSSFilter"      = "true"

    "traefik.read.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"

    "traefik.frontend.headers.customFrameOptionsValue"    = "${var.xfo_allow}"

  }

  upload {

    content = "${file("${path.module}/conf/ubooquity.json")}"
    file    = "/config/preferences.json"
  }

  # lounge:tatooine
  env = [

    "PUID=1004",
    "PGID=1003",
    "MAXMEM=800",
  ]
}

resource "docker_container" "wiki" {

  name  = "wiki"
  image = "${docker_image.wikijs.latest}"

  restart               = "unless-stopped"
  destroy_grace_seconds = 30
  must_run              = true
  memory                = 300

  upload {

    content = "${file("${path.module}/conf/wiki.yml")}"
    file    = "/var/wiki/config.yml"
  }

  volumes {

    host_path      = "/mnt/xwing/logs/wiki"
    container_path = "/logs"
  }

  volumes {

    host_path      = "/mnt/xwing/data/wiki/repo"
    container_path = "/repo"
  }

  volumes {

    host_path      = "/mnt/xwing/data/wiki/data"
    container_path = "/data"
  }

  upload {

    content = "${file("${path.module}/conf/humans.txt")}"
    file    = "/var/wiki/assets/humans.txt"
  }

  // The last header is a workaround for double header traefik bug
  // This might be actually breaking iframe till the 1.5 Final release.

  labels = "${merge(

    local.traefik_common_labels,
    map(
      "traefik.frontend.rule", "Host:wiki.${var.domain}",
      "traefik.frontend.passHostHeader", "true",
      "traefik.port", 9999,
      "traefik.frontend.headers.customResponseHeaders", "${var.xpoweredby}||Referrer-Policy:${var.refpolicy}||X-Frame-Options:${var.xfo_allow}",
    ))}"
  links = ["${docker_container.mongorocks.name}"]
  env = [

    "WIKI_ADMIN_EMAIL=me@captnemo.in",
    "SESSION_SECRET=${var.wiki_session_secret}",
  ]
}

resource "docker_container" "muximux" {

  name   = "muximux"
  image  = "${docker_image.muximux.latest}"
  memory = 64

  restart               = "unless-stopped"
  destroy_grace_seconds = 10
  must_run              = true

  volumes {

    host_path      = "/mnt/xwing/config/muximux"
    container_path = "/config"
  }

  labels = "${merge(

    local.traefik_common_labels,
    map(
      "traefik.port", 80,
      "traefik.frontend.headers.frameDeny", "true",
      "traefik.frontend.passHostHeader", "false",
      "traefik.frontend.auth.basic", "${var.basic_auth}",
      "traefik.frontend.rule", "Host:home.in.${var.domain},home.${var.domain}",
    ))}"

  # lounge:tatooine
  env = [

    "PUID=1004",
    "PGID=1003",
    "TZ=Asia/Kolkata",
  ]
}
diff --git a/docker/muximux.tf b/docker/muximux.tf
new file mode 100644
index 0000000..8a7b5bb 100644
--- /dev/null
+++ a/docker/muximux.tf
@@ -1,0 +1,31 @@
resource "docker_container" "muximux" {

  name   = "muximux"
  image  = "${docker_image.muximux.latest}"
  memory = 64

  restart               = "unless-stopped"
  destroy_grace_seconds = 10
  must_run              = true

  volumes {

    host_path      = "/mnt/xwing/config/muximux"
    container_path = "/config"
  }

  labels = "${merge(

    local.traefik_common_labels,
    map(
      "traefik.port", 80,
      "traefik.frontend.headers.frameDeny", "true",
      "traefik.frontend.passHostHeader", "false",
      "traefik.frontend.auth.basic", "${var.basic_auth}",
      "traefik.frontend.rule", "Host:home.in.${var.domain},home.${var.domain}",
    ))}"

  # lounge:tatooine
  env = [

    "PUID=1004",
    "PGID=1003",
    "TZ=Asia/Kolkata",
  ]
}
diff --git a/docker/transmission.tf b/docker/transmission.tf
new file mode 100644
index 0000000..d7afb62 100644
--- /dev/null
+++ a/docker/transmission.tf
@@ -1,0 +1,49 @@
resource docker_container "transmission" {

  name  = "transmission"
  image = "${docker_image.transmission.latest}"

  labels = "${merge(

    local.traefik_common_labels,
    map(
      "traefik.frontend.auth.basic", "${var.basic_auth}",
      "traefik.port", 9091,
    ))}"

  ports {

    internal = 51413
    external = 51413
    ip       = "${var.ips["eth0"]}"
    protocol = "udp"
  }

  volumes {

    host_path      = "/mnt/xwing/config/transmission"
    container_path = "/config"
  }

  volumes {

    host_path      = "/mnt/xwing/media/DL"
    container_path = "/downloads"
  }

  volumes {

    host_path      = "/mnt/xwing/data/watch/transmission"
    container_path = "/watch"
  }

  upload {

    content = "${file("${path.module}/conf/transmission.json")}"
    file    = "/config/settings.json"
  }

  env = [

    "PGID=1003",
    "PUID=1000",
    "TZ=Asia/Kolkata",
  ]

  memory                = 1024
  restart               = "unless-stopped"
  destroy_grace_seconds = 10
  must_run              = true
}
diff --git a/docker/ubooquity.tf b/docker/ubooquity.tf
new file mode 100644
index 0000000..bd30ad1 100644
--- /dev/null
+++ a/docker/ubooquity.tf
@@ -1,0 +1,59 @@
resource "docker_container" "ubooquity" {

  name  = "ubooquity"
  image = "${docker_image.ubooquity.latest}"

  restart               = "unless-stopped"
  destroy_grace_seconds = 30
  must_run              = true

  volumes {

    host_path      = "/mnt/xwing/config/ubooquity"
    container_path = "/config"
  }

  volumes {

    host_path      = "/mnt/xwing/media/EBooks"
    container_path = "/books"
  }

  volumes {

    host_path      = "/mnt/xwing/media/EBooks"
    container_path = "/files"
  }

  volumes {

    host_path      = "/mnt/xwing/media/EBooks/Comics"
    container_path = "/comics"
  }

  labels {

    "traefik.enable" = "true"


    "traefik.admin.port"                = 2203

    "traefik.admin.frontend.rule"       = "Host:library.${var.domain}"

    "traefik.admin.frontend.auth.basic" = "${var.basic_auth}"


    "traefik.read.port"          = 2202

    "traefik.read.frontend.rule" = "Host:read.${var.domain}"


    "traefik.read.frontend.headers.SSLTemporaryRedirect"  = "true"

    "traefik.read.frontend.headers.STSSeconds"            = "2592000"

    "traefik.read.frontend.headers.STSIncludeSubdomains"  = "false"

    "traefik.read.frontend.headers.contentTypeNosniff"    = "true"

    "traefik.read.frontend.headers.browserXSSFilter"      = "true"

    "traefik.read.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"

    "traefik.frontend.headers.customFrameOptionsValue"    = "${var.xfo_allow}"

  }

  upload {

    content = "${file("${path.module}/conf/ubooquity.json")}"
    file    = "/config/preferences.json"
  }

  # lounge:tatooine
  env = [

    "PUID=1004",
    "PGID=1003",
    "MAXMEM=800",
  ]
}
diff --git a/docker/wiki.tf b/docker/wiki.tf
new file mode 100644
index 0000000..7f54901 100644
--- /dev/null
+++ a/docker/wiki.tf
@@ -1,0 +1,53 @@
resource "docker_container" "wiki" {

  name  = "wiki"
  image = "${docker_image.wikijs.latest}"

  restart               = "unless-stopped"
  destroy_grace_seconds = 30
  must_run              = true
  memory                = 300

  upload {

    content = "${file("${path.module}/conf/wiki.yml")}"
    file    = "/var/wiki/config.yml"
  }

  volumes {

    host_path      = "/mnt/xwing/logs/wiki"
    container_path = "/logs"
  }

  volumes {

    host_path      = "/mnt/xwing/data/wiki/repo"
    container_path = "/repo"
  }

  volumes {

    host_path      = "/mnt/xwing/data/wiki/data"
    container_path = "/data"
  }

  upload {

    content = "${file("${path.module}/conf/humans.txt")}"
    file    = "/var/wiki/assets/humans.txt"
  }

  // The last header is a workaround for double header traefik bug
  // This might be actually breaking iframe till the 1.5 Final release.

  labels = "${merge(

    local.traefik_common_labels,
    map(
      "traefik.frontend.rule", "Host:wiki.${var.domain}",
      "traefik.frontend.passHostHeader", "true",
      "traefik.port", 9999,
      "traefik.frontend.headers.customResponseHeaders", "${var.xpoweredby}||Referrer-Policy:${var.refpolicy}||X-Frame-Options:${var.xfo_allow}",
    ))}"

  links = ["${docker_container.mongorocks.name}"]

  env = [

    "WIKI_ADMIN_EMAIL=me@captnemo.in",
    "SESSION_SECRET=${var.wiki_session_secret}",
  ]
}
diff --git a/monitoring/cadvisor.tf b/monitoring/cadvisor.tf
index 9383f1c..c062b2b 100644
--- a/monitoring/cadvisor.tf
+++ a/monitoring/cadvisor.tf
@@ -36,17 +36,10 @@
    container_path = "/var/run"
  }

  labels {

    "traefik.frontend.auth.basic"                      = "${var.basic_auth}"

    "traefik.port"                                     = 8080

    "traefik.enable"                                   = "true"

    "traefik.frontend.headers.SSLTemporaryRedirect"    = "true"

    "traefik.frontend.headers.STSSeconds"              = "2592000"

    "traefik.frontend.headers.STSIncludeSubdomains"    = "false"

    "traefik.frontend.headers.contentTypeNosniff"      = "true"

    "traefik.frontend.headers.browserXSSFilter"        = "true"

    "traefik.frontend.passHostHeader"                  = "true"

    "traefik.frontend.headers.customFrameOptionsValue" = "ALLOW-FROM https://home.bb8.fun/"

    "traefik.frontend.headers.customResponseHeaders"   = "X-Powered-By:Allomancy||X-Server:Blackbox"

  }
  labels = "${merge(

    var.traefik-labels, map(
      "traefik.port", 8080,
      "traefik.frontend.rule","Host:cadvisor.${var.domain}",
      "traefik.frontend.auth.basic", "${var.basic_auth}"
  ))}"
}
diff --git a/monitoring/main.tf b/monitoring/main.tf
index 22b8600..eea6909 100644
--- a/monitoring/main.tf
+++ a/monitoring/main.tf
@@ -1,20 +1,12 @@
resource docker_container "grafana" {

  name  = "grafana"
  image = "${docker_image.grafana.latest}"

  labels {

    # "traefik.frontend.auth.basic"                      = "${var.basic_auth}"
    "traefik.port"                                  = 3000

    "traefik.enable"                                = "true"

    "traefik.frontend.headers.SSLTemporaryRedirect" = "true"

    "traefik.frontend.headers.STSSeconds"           = "2592000"

    "traefik.frontend.headers.STSIncludeSubdomains" = "false"

    "traefik.frontend.headers.contentTypeNosniff"   = "true"

    "traefik.frontend.headers.browserXSSFilter"     = "true"


    # "traefik.frontend.headers.customResponseHeaders"   = "${var.xpoweredby}"
    # "traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
  }
  labels = "${merge(

    var.traefik-labels, map(
      "traefik.port", 3000,
      "traefik.frontend.rule","Host:grafana.${var.domain}"
  ))}"

  volumes {

    host_path      = "/mnt/xwing/data/grafana"
diff --git a/monitoring/variables.tf b/monitoring/variables.tf
index 5190320..b203384 100644
--- a/monitoring/variables.tf
+++ a/monitoring/variables.tf
@@ -25,3 +25,7 @@
variable "basic_auth" {

  default = "tatooine:$2y$05$iPbatint3Gulbs6kUtyALO9Yq5sBJ..aiF82bcIziH4ytz9nFoPr6"
}

variable "traefik-labels" {

  type = "map"
}
diff --git a/docker/conf/humans.txt b/docker/conf/humans.txt
index 5929a94..e82208f 100644
--- a/docker/conf/humans.txt
+++ a/docker/conf/humans.txt
@@ -1,10 +1,10 @@
/* TEAM */
  Captain: Nemo (Abhay Rana)
  Contact: git [at] captnemo.in
  Twitter: @captn3m0

/* SITE */
  Last update: Jan 2018
  Last update: Feb 2018
  Language: English
  IDE: Sublime Text, Vim
  Runs-On: Docker