🏡 index : github.com/captn3m0/nebula.git

author Nemo <me@captnemo.in> 2018-08-02 23:59:39.0 +05:30:00
committer Nemo <me@captnemo.in> 2018-08-07 2:12:55.0 +05:30:00
commit
6ef8783ba31cf97098f6af6a72f568241d98fc5f [patch]
tree
02b59d13d1371207bc957432b5afbdf9ccde6c4c
parent
dea37a5319999e4f4a66e81cbbad1cfe037b760d
download
6ef8783ba31cf97098f6af6a72f568241d98fc5f.tar.gz

Really complicated terraform labelling



Diff

 heimdall.tf                 |  1 -
 main.tf                     |  8 --------
 miniflux.tf                 |  3 ---
 requestbin.tf               |  4 +---
 modules/container/locals.tf | 16 ++++++++++++++++
 modules/container/main.tf   | 91 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------
 modules/container/vars.tf   |  5 +----
 7 files changed, 96 insertions(+), 32 deletions(-)

diff --git a/heimdall.tf b/heimdall.tf
index ac18600..b1c3747 100644
--- a/heimdall.tf
+++ a/heimdall.tf
@@ -1,9 +1,8 @@
module "heimdall" {

  name   = "heimdall"
  source = "modules/container"
  image  = "linuxserver/heimdall:latest"

  // Default is port 80
  web {

    expose    = true
    port      = 443
diff --git a/main.tf b/main.tf
index a865440..0053f56 100644
--- a/main.tf
+++ a/main.tf
@@ -76,14 +76,6 @@
  traefik-network-id = "${module.docker.traefik-network-id}"
}

module "heimdall" {

  source             = "heimdall"
  domain             = "home.bb8.fun"
  traefik-labels     = "${var.traefik-common-labels}"
  auth-header        = "${module.docker.auth-header}"
  traefik-network-id = "${module.docker.traefik-network-id}"
}

module "media" {

  source                 = "media"
  domain                 = "bb8.fun"
diff --git a/miniflux.tf b/miniflux.tf
index 49a3967..74299fa 100644
--- a/miniflux.tf
+++ a/miniflux.tf
@@ -15,9 +15,6 @@
    "DATABASE_URL=postgres://miniflux:${var.miniflux-db-password}@postgres/miniflux?sslmode=disable",
    "RUN_MIGRATIONS=1",
  ]

  destroy_grace_seconds = 10
  must_run              = true
}

module "miniflux-db" {

diff --git a/requestbin.tf b/requestbin.tf
index 596d1fd..9fac647 100644
--- a/requestbin.tf
+++ a/requestbin.tf
@@ -9,7 +9,5 @@
    host   = "requestbin.${var.root-domain}"
  }

  networks              = "${list(module.docker.traefik-network-id)}"
  destroy_grace_seconds = 10
  must_run              = true
  networks = "${list(module.docker.traefik-network-id)}"
}
diff --git a/modules/container/locals.tf b/modules/container/locals.tf
index 1cb8155..03d6daa 100644
--- a/modules/container/locals.tf
+++ a/modules/container/locals.tf
@@ -1,5 +1,15 @@
locals {

  traefik-common-labels {

  default_labels {

    "managed.by" = "nebula"

  }

  web {

    "traefik.port"          = "${lookup(var.web, "port", "80")}"

    "traefik.frontend.rule" = "Host:${lookup(var.web, "host")}"

    "traefik.protocol"      = "${lookup(var.web, "protocol", "http")}"

  }

  traefik_common_labels {

    "traefik.enable" = "true"


    // HSTS
@@ -13,5 +23,9 @@
    "traefik.frontend.headers.browserXSSFilter"      = "true"


    "traefik.docker.network" = "traefik"

  }

  traefik_auth_labels {

    "traefik.frontend.auth.basic" = "${var.auth_header}"

  }
}
diff --git a/modules/container/main.tf b/modules/container/main.tf
index 00e07dd..0cc2b01 100644
--- a/modules/container/main.tf
+++ a/modules/container/main.tf
@@ -17,19 +17,86 @@
  entrypoint = "${var.entrypoint}"
  user       = "${var.user}"
  networks   = ["${var.networks}"]
  memory     = "${lookup(var.resource, "memory")}"

  // Only add traefik labels if web.expose=true
  // Only add basicauth config if web.basicauth=true
  labels = "${merge(var.labels, lookup(var.web, "expose", "false") ?

    merge(local.traefik-common-labels, map(
      "traefik.port", lookup(var.web, "port", "80"),
      "traefik.frontend.rule", "Host:${lookup(var.web, "host", "")}",
      "traefik.protocol", lookup(var.web, "protocol", "http"),
    )) : map(), lookup(var.web, "basicauth", "false") ? map(
      "traefik.frontend.auth.basic", var.auth-header
    ) : map())}"

  # memory     = "${lookup(var.resource, "memory", "64")}"


  # Look at this monstrosity
  # And then https://github.com/hashicorp/terraform/issues/12453#issuecomment-365569618
  # for why this is needed

  labels = "${merge(local.default_labels,

    zipmap(
      concat(
        keys(local.traefik_common_labels),
        split(",",
          lookup(var.web, "expose", "false") == "false" ?
            "" :
            join(",", keys(local.traefik_common_labels))
        )
      ),concat(
        values(local.traefik_common_labels),
        split(",",
          lookup(var.web, "expose", "false") == "false" ?
            "" :
            join(",", values(local.traefik_common_labels))
        )
      )
    ),

    zipmap(
      concat(
        keys(local.web),
        split(",",
          lookup(var.web, "expose", "false") == "false" ?
            "" :
            join(",", keys(local.web))
        )
      ),concat(
        values(local.web),
        split(",",
          lookup(var.web, "expose", "false") == "false" ?
            "" :
            join(",", values(local.web))
        )
      )
    ),

    zipmap(
      concat(
        keys(local.traefik_common_labels),
        split(",",
          lookup(var.web, "expose", "false") == "false" ?
            "" :
            join(",", keys(local.traefik_common_labels))
        )
      ),concat(
        values(local.traefik_common_labels),
        split(",",
          lookup(var.web, "expose", "false") == "false" ?
            "" :
            join(",", values(local.traefik_common_labels))
        )
      )
    ),
    zipmap(
      concat(
        keys(local.traefik_auth_labels),
        split(",",
          lookup(var.web, "auth", "false") == "false" ?
            "" :
            join(",", keys(local.traefik_auth_labels))
        )
      ),concat(
        values(local.traefik_auth_labels),
        split(",",
          lookup(var.web, "auth", "false") == "false" ?
            "" :
            join(",", values(local.traefik_auth_labels))
        )
      )
    )
  )}"
  destroy_grace_seconds = "${var.destroy_grace_seconds}"
  must_run              = "${var.must_run}"
}
diff --git a/modules/container/vars.tf b/modules/container/vars.tf
index 685c6f5..e53865f 100644
--- a/modules/container/vars.tf
+++ a/modules/container/vars.tf
@@ -69,14 +69,11 @@

  default = {

    expose    = "false"
    port      = "80"
    host      = ""
    protocol  = "http"
    basicauth = "false"
  }
}

variable "auth-header" {

variable "auth_header" {

  default = "tatooine:$2y$05$iPbatint3Gulbs6kUtyALO9Yq5sBJ..aiF82bcIziH4ytz9nFoPr6,reddit:$2y$05$ghKxSydYCpAT8r2VVMDmWO/BBecghGfLsRJUkr3ii7XxPyxBqp8Oy"
}