🏡 index : github.com/captn3m0/nebula.git

author Nemo <me@captnemo.in> 2019-02-16 13:52:48.0 +05:30:00
committer Nemo <me@captnemo.in> 2019-02-16 13:52:48.0 +05:30:00
commit 
e4b3620de5ccae069f41a9d2a78654d9efca8846 [patch]
tree 
88d843bf6eb1d3f5c1a1905b9bfefc2667610334
parent 
53f3c876005e454f633a8b241362f227ab64ec62
parent 
83eb97c8dbc4ea2fa375b7fb7a58f92c6a8684d0
download 
e4b3620de5ccae069f41a9d2a78654d9efca8846.tar.gz

Merge branch 'kubernetes'




Diff


 .gitignore                |  1 +
 .terraform-version        |  2 +-
 kayak.tf                  | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 kube-test.tf              | 22 ++++++++++++++++++++++
 main.tf                   | 11 +++++------
 providers.tf              | 10 +++++-----
 state.tf                  |  8 ++++++++
 variables.tf              |  1 +
 cloudflare/main.tf        | 32 ++++++++++++++++++++++++++++++++
 media/airsonic.tf         | 30 +++++++++++++++++++++++-------
 media/jackett.tf          |  2 --
 media/radarr.tf           |  2 --
 media/variables.tf        |  2 +-
 modules/container/main.tf |  3 ++-
 modules/container/vars.tf |  6 ++++++
 15 files changed, 148 insertions(+), 31 deletions(-)

diff --git a/.gitignore b/.gitignore
index d2ef326..e1e2930 100644
--- a/.gitignore
+++ a/.gitignore
@@ -7,3 +7,4 @@
*.backup
secrets
k8s/
k8s2/
diff --git a/.terraform-version b/.terraform-version
index 1ee43fc..e6adeaa 100644
--- a/.terraform-version
+++ a/.terraform-version
@@ -1,1 +1,1 @@
0.11.8
0.11.12-beta1
diff --git a/kayak.tf b/kayak.tf
new file mode 100644
index 0000000..a15ea2d 100644
--- /dev/null
+++ a/kayak.tf
@@ -1,0 +1,47 @@
// Points to the local working directory instead of
// the published version
module "kayak" {

  source    = "../terraform-digitalocean-kayak"
  cert_path = "${path.root}/secrets/kayak"
  domain    = "kayak.${var.root-domain}"
  ssh_key   = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0Getey8585AqdgIl9mqQ3SH9w6z7NZUW4HXdOqZwC7sYEaDrLOBV014gtFS8h8ymm4dcw6xEGUkaavcHC8W9ChTLKBMK4N1/sUS/umLy+Wi/K//g13y0VHSdvcc+gMQ27b9n/DwDY4ZKkaf6t+4HWyFWNh6gp0cT1WCyLNlsER55KUdy+C1lCOpv1SMepOaYc7uyBlC9FfgewJho/OfxnoTztQV6QeSGfr2Xr94Ip1FUPoLoBLLilh4ZbCe6F6bqn0kNgVBTkrVwWJv5Z0jCJpUjER69cqjASRao9KCHkyPtybzKKhCLZIlB3QMggEv0xnlHMpeeuDWcGrBVPKI8V"

  asset_dir = "${path.root}/k8s"

  providers {

    docker = "docker.kayak"
  }
}

provider "docker" {

  host          = "tcp://${cloudflare_record.kayak-docker.hostname}:2376"
  version       = "~> 2.0.0"
  alias         = "kayak"
  ca_material   = "${module.kayak.docker_ca_cert}"
  cert_material = "${module.kayak.docker_client_cert}"
  key_material  = "${module.kayak.docker_client_key}"
}

resource "cloudflare_record" "kayak-docker" {

  name   = "docker.kayak"
  value  = "${module.kayak.droplet_ipv4}"
  domain = "${var.root-domain}"
  type   = "A"
  ttl    = 120
}

resource "cloudflare_record" "kayak" {

  name   = "kayak"
  value  = "${module.kayak.droplet_ipv4}"
  domain = "${var.root-domain}"
  type   = "A"
  ttl    = 120
}

resource "cloudflare_record" "kayak-etcd" {

  name   = "etcd.kayak"
  value  = "${module.kayak.droplet_ipv4_private}"
  domain = "${var.root-domain}"
  type   = "A"
  ttl    = 120
}
diff --git a/kube-test.tf b/kube-test.tf
new file mode 100644
index 0000000..fae4802 100644
--- /dev/null
+++ a/kube-test.tf
@@ -1,0 +1,22 @@
// Bring up a simple test container
// In the controller node

resource "kubernetes_pod" "nginx" {

  metadata {

    name      = "terraform-example"
    namespace = "default"
  }

  spec {

    toleration {

      key      = "node-role.kubernetes.io/master"
      operator = "Exists"
      effect   = "NoSchedule"
    }

    container {

      image = "nginx:latest"
      name  = "nginx"
    }
  }
}
diff --git a/main.tf b/main.tf
index 1b3d938..1329e2f 100644
--- a/main.tf
+++ a/main.tf
@@ -67,12 +67,11 @@
}

module "media" {

  source                 = "media"
  domain                 = "bb8.fun"
  traefik-labels         = "${var.traefik-common-labels}"
  airsonic-smtp-password = "${var.airsonic-smtp-password}"
  ips                    = "${var.ips}"
  traefik-network-id     = "${module.docker.traefik-network-id}"
  source             = "media"
  domain             = "bb8.fun"
  traefik-labels     = "${var.traefik-common-labels}"
  ips                = "${var.ips}"
  traefik-network-id = "${module.docker.traefik-network-id}"
}

module "monitoring" {

diff --git a/providers.tf b/providers.tf
index 95afb20..c9eedb8 100644
--- a/providers.tf
+++ a/providers.tf
@@ -1,14 +1,14 @@
provider "docker" {

  host      = "tcp://docker.vpn.bb8.fun:2376"
  cert_path = "./secrets/tatooine"
  version   = "~> 2.0.0"
}

provider "docker" {

  host      = "tcp://dovpn.vpn.bb8.fun:2376"
  cert_path = "./secrets/sydney"
  alias     = "sydney"
  version   = "~> 2.0.0"
provider "kubernetes" {

  version = "1.3.0-custom"
  host    = "https://k8s.bb8.fun:6443"

  config_path = "${path.root}/k8s/auth/kubeconfig"
}

provider "cloudflare" {

diff --git a/state.tf b/state.tf
new file mode 100644
index 0000000..91d84e1 100644
--- /dev/null
+++ a/state.tf
@@ -1,0 +1,8 @@
terraform {

  backend "s3" {

    bucket  = "rmx-nemo"
    key     = "terraform/nebula.tfstate"
    region  = "ap-south-1"
    profile = "nebula"
  }
}
diff --git a/variables.tf b/variables.tf
index 1f50bdc..7a4dce8 100644
--- a/variables.tf
+++ a/variables.tf
@@ -27,6 +27,7 @@
  default = {

    eth0   = "192.168.1.111"
    tun0   = "10.8.0.14"
    dovpn  = "10.8.0.1"
    static = "139.59.48.222"
  }
}
diff --git a/cloudflare/main.tf b/cloudflare/main.tf
index 40e71f6..9fb6ab6 100644
--- a/cloudflare/main.tf
+++ a/cloudflare/main.tf
@@ -64,6 +64,32 @@
  ttl    = 3600
}

/**
 *   vpn.bb8.fun
 * *.vpn.bb8.fun
 */
resource "cloudflare_record" "dovpn" {

  domain = "${var.domain}"
  name   = "dovpn"
  value  = "${var.ips["dovpn"]}"
  type   = "A"
}

resource "cloudflare_record" "dovpn_wildcard" {

  domain = "${var.domain}"
  name   = "*.dovpn.${var.domain}"
  value  = "${cloudflare_record.dovpn.hostname}"
  type   = "CNAME"
  ttl    = 3600
}

resource "cloudflare_record" "etcd" {

  domain = "${var.domain}"
  name   = "etcd"
  value  = "${var.ips["dovpn"]}"
  type   = "A"
}

########################
## Mailgun Mailing Lists
########################
@@ -98,10 +124,10 @@
  priority = 20
}

resource "cloudflare_record" "k8s-talk" {

resource "cloudflare_record" "k8s" {

  domain = "${var.domain}"
  name   = "k8s"
  value  = "lightsaber.captnemo.in"
  type   = "CNAME"
  value  = "10.8.0.1"
  type   = "A"
  ttl    = 3600
}
diff --git a/media/airsonic.tf b/media/airsonic.tf
index 74986bf..8de3640 100644
--- a/media/airsonic.tf
+++ a/media/airsonic.tf
@@ -1,10 +1,10 @@
module "airsonic" {

  source = "../modules/container"
  image  = "linuxserver/airsonic:latest"
  name   = "airsonic"

  resource {

    memory = "256"
    memory = "1024"
  }

  web {

@@ -13,14 +13,17 @@
    expose = true
  }

  user = "lounge:audio"

  env = [

    "PUID=1004",
    "PGID=1003",
    "TZ=Asia/Kolkata",
    "JAVA_OPTS=-Xmx512m -Dserver.use-forward-headers=true -Dserver.context-path=/",
  ]

  devices = [{

    host_path      = "/dev/snd"
    container_path = "/dev/snd"
  }]

  # files = [
  #   "/usr/lib/jvm/java-1.8-openjdk/jre/lib/airsonic.properties",
@@ -49,16 +52,23 @@
    {
      host_path      = "/mnt/xwing/config/airsonic/podcasts"
      container_path = "/podcasts"
    },
    {
      host_path      = "/mnt/xwing/config/airsonic/jre"
      container_path = "/usr/lib/jvm/java-1.8-openjdk/jre/lib/"
    },
  ]
}

data "template_file" "airsonic-properties-file" {

  template = "${file("${path.module}/conf/airsonic.properties.tpl")}"
# data "template_file" "airsonic-properties-file" {
#   template = "${file("${path.module}/conf/airsonic.properties.tpl")}"

  vars {

    smtp-password = "${var.airsonic-smtp-password}"

    # db-password   = "${var.airsonic-db-password}"
  }
}
#   vars {
#     smtp-password = "${var.airsonic-smtp-password}"


#     # db-password   = "${var.airsonic-db-password}"
#   }
# }

diff --git a/media/jackett.tf b/media/jackett.tf
index 07b5b4d..5ed6256 100644
--- a/media/jackett.tf
+++ a/media/jackett.tf
@@ -11,8 +11,6 @@
    host   = "jackett.${var.domain}"
  }

  networks = ["${docker_network.media.id}", "${var.traefik-network-id}"]

  volumes = [{

    host_path      = "/mnt/xwing/config/jackett"
    container_path = "/config"
diff --git a/media/radarr.tf b/media/radarr.tf
index 16c6d32..d7b7095 100644
--- a/media/radarr.tf
+++ a/media/radarr.tf
@@ -16,8 +16,6 @@
    memory_swap = 1024
  }

  networks = ["${docker_network.media.id}", "${var.traefik-network-id}"]

  volumes = [

    {
      host_path      = "/mnt/xwing/config/radarr"
diff --git a/media/variables.tf b/media/variables.tf
index 0fdd605..1d66838 100644
--- a/media/variables.tf
+++ a/media/variables.tf
@@ -1,8 +1,8 @@
variable "domain" {

  type = "string"
}

variable "airsonic-smtp-password" {}
# variable "airsonic-smtp-password" {}

variable "traefik-labels" {

  type = "map"
diff --git a/modules/container/main.tf b/modules/container/main.tf
index 2c9d59c..248bb55 100644
--- a/modules/container/main.tf
+++ a/modules/container/main.tf
@@ -1,9 +1,9 @@
data "docker_registry_image" "image" {

  name = "${var.image}"
}

resource "docker_image" "image" {

  name          = "${data.docker_registry_image.image.name}"
  name          = "${var.image}"
  pull_triggers = ["${data.docker_registry_image.image.sha256_digest}"]
}

@@ -31,6 +31,7 @@
  memory_swap = "${local.resource["memory_swap"]}"

  volumes = ["${var.volumes}"]
  devices = ["${var.devices}"]

  # Look at this monstrosity
  # And then https://github.com/hashicorp/terraform/issues/12453#issuecomment-365569618
diff --git a/modules/container/vars.tf b/modules/container/vars.tf
index 0540ab0..b77fda6 100644
--- a/modules/container/vars.tf
+++ a/modules/container/vars.tf
@@ -88,3 +88,9 @@
  type        = "list"
  default     = []
}

variable "devices" {

  description = "volumes"
  type        = "list"
  default     = []
}