From 1aaf4e5c4b3032f4abd3e29ecfd71617f4b374c5 Mon Sep 17 00:00:00 2001
From: Nemo <me@captnemo.in>
Date: Sun, 04 Feb 2018 16:06:20 +0530
Subject: [PATCH] Make link dependencies explicit
---
README.md | 1 -
main.tf | 12 ++++++++----
digitalocean/firewall.tf | 33 ++++++++++++++++++---------------
docker/data.tf | 8 --------
docker/gitea.tf | 21 +++++++++------------
docker/images.tf | 10 ----------
docker/lychee.tf | 2 +-
docker/main.tf | 96 ++------------------------------------------------------------------------------
docker/outputs.tf | 12 ++++++++++++
media/ombi.tf | 2 +-
media/radarr.tf | 2 +-
media/sonarr.tf | 2 +-
media/variables.tf | 3 +++
monitoring/cadvisor.tf | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
monitoring/data.tf | 4 ++++
monitoring/images.tf | 5 +++++
monitoring/main.tf | 4 ++--
monitoring/transmission.tf | 2 +-
monitoring/variables.tf | 8 ++++++++
radicale/config | 1 -
tt-rss/variables.tf | 1 +
21 files changed, 128 insertions(+), 153 deletions(-)
diff --git a/README.md b/README.md
index 32af9d3..7142736 100644
--- a/README.md
+++ a/README.md
@@ -41,7 +41,6 @@
- [Emby](https://store.docker.com/community/images/emby/embyserver) Media Server
- [CouchPotato](https://store.docker.com/community/images/linuxserver/couchpotato), auto-download movies
-- [SickRage](https://store.docker.com/community/images/linuxserver/sickrage), auto-download TV shows
- [Transmission](https://store.docker.com/community/images/linuxserver/transmission), to download torrents
- [AirSonic](https://store.docker.com/community/images/airsonic/airsonic), for a music server
- [Ubooquity](https://store.docker.com/community/images/linuxserver/ubooquity), EBooks server with OPDS support
diff --git a/main.tf b/main.tf
index 633924b..be76f6a 100644
--- a/main.tf
+++ a/main.tf
@@ -34,20 +34,24 @@
}
module "tt-rss" {
- source = "tt-rss"
- domain = "rss.captnemo.in"
+ source = "tt-rss"
+ domain = "rss.captnemo.in"
mysql_password = "${var.mysql-ttrss-password}"
+ links-db = "${module.docker.names-mariadb}"
}
module "media" {
- source = "media"
- domain = "bb8.fun"
+ source = "media"
+ domain = "bb8.fun"
+ links-emby = "${module.docker.names-emby}"
+ links-transmission = "${module.docker.names-transmission}"
}
module "monitoring" {
source = "monitoring"
gf-security-admin-password = "${var.gf-security-admin-password}"
domain = "bb8.fun"
+ transmission = "${module.docker.names-transmission}"
}
module "digitalocean" {
diff --git a/digitalocean/firewall.tf b/digitalocean/firewall.tf
index 1f42ad3..919e8a9 100644
--- a/digitalocean/firewall.tf
+++ a/digitalocean/firewall.tf
@@ -1,37 +1,38 @@
resource "digitalocean_firewall" "web" {
name = "web-inbound"
+
inbound_rule = [
{
- protocol = "tcp"
- port_range = "80"
- source_addresses = ["0.0.0.0/0", "::/0"]
+ protocol = "tcp"
+ port_range = "80"
+ source_addresses = ["0.0.0.0/0", "::/0"]
},
{
- protocol = "tcp"
- port_range = "443"
- source_addresses = ["0.0.0.0/0", "::/0"]
+ protocol = "tcp"
+ port_range = "443"
+ source_addresses = ["0.0.0.0/0", "::/0"]
},
]
}
resource "digitalocean_firewall" "ssh" {
name = "ssh-inbound"
+
inbound_rule = [
{
- protocol = "tcp"
- port_range = "22"
- source_addresses = ["0.0.0.0/0", "::/0"]
+ protocol = "tcp"
+ port_range = "22"
+ source_addresses = ["0.0.0.0/0", "::/0"]
},
{
- protocol = "tcp"
- port_range = "222"
- source_addresses = ["0.0.0.0/0", "::/0"]
+ protocol = "tcp"
+ port_range = "222"
+ source_addresses = ["0.0.0.0/0", "::/0"]
},
{
- protocol = "tcp"
- port_range = "24"
- source_addresses = ["0.0.0.0/0", "::/0"]
+ protocol = "tcp"
+ port_range = "24"
+ source_addresses = ["0.0.0.0/0", "::/0"]
},
-
]
}
diff --git a/docker/data.tf b/docker/data.tf
index f8d0500..a7437fa 100644
--- a/docker/data.tf
+++ a/docker/data.tf
@@ -31,10 +31,6 @@
name = "gitea/gitea:1.4"
}
-data "docker_registry_image" "sickrage" {
- name = "linuxserver/sickrage:latest"
-}
-
data "docker_registry_image" "airsonic" {
name = "linuxserver/airsonic:latest"
}
@@ -57,10 +53,6 @@
data "docker_registry_image" "headerdebug" {
name = "brndnmtthws/nginx-echo-headers:latest"
-}
-
-data "docker_registry_image" "cadvisor" {
- name = "google/cadvisor:latest"
}
data "docker_registry_image" "lychee" {
diff --git a/docker/gitea.tf b/docker/gitea.tf
index e1df694..732cf0d 100644
--- a/docker/gitea.tf
+++ a/docker/gitea.tf
@@ -1,17 +1,17 @@
resource docker_container "gitea" {
name = "gitea"
image = "${docker_image.gitea.latest}"
labels {
- "traefik.port" = 3000
- "traefik.enable" = "true"
- "traefik.frontend.rule" = "Host:git.captnemo.in"
- "traefik.frontend.headers.STSSeconds" = "2592000"
- "traefik.frontend.headers.browserXSSFilter" = "true"
- "traefik.frontend.headers.contentTypeNosniff" = "true"
- "traefik.frontend.headers.SSLTemporaryRedirect" = "true"
- "traefik.frontend.headers.STSIncludeSubdomains" = "false"
- "traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
+ "traefik.port" = 3000
+ "traefik.enable" = "true"
+ "traefik.frontend.rule" = "Host:git.captnemo.in"
+ "traefik.frontend.headers.STSSeconds" = "2592000"
+ "traefik.frontend.headers.browserXSSFilter" = "true"
+ "traefik.frontend.headers.contentTypeNosniff" = "true"
+ "traefik.frontend.headers.SSLTemporaryRedirect" = "true"
+ "traefik.frontend.headers.STSIncludeSubdomains" = "false"
+ "traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
}
ports {
@@ -51,19 +51,16 @@
content = "${file("${path.module}/conf/humans.txt")}"
file = "/data/gitea/public/humans.txt"
}
-
# Extra Links in header
upload {
content = "${file("${path.module}/conf/gitea/extra_links.tmpl")}"
file = "/data/gitea/templates/custom/extra_links.tmpl"
}
-
# This is the main configuration file
upload {
content = "${data.template_file.gitea-config-file.rendered}"
file = "/data/gitea/conf/app.ini"
}
-
memory = 256
restart = "unless-stopped"
destroy_grace_seconds = 10
diff --git a/docker/images.tf b/docker/images.tf
index 1ee1c53..8888695 100644
--- a/docker/images.tf
+++ a/docker/images.tf
@@ -28,11 +28,6 @@
pull_triggers = ["${data.docker_registry_image.gitea.sha256_digest}"]
}
-resource "docker_image" "sickrage" {
- name = "${data.docker_registry_image.sickrage.name}"
- pull_triggers = ["${data.docker_registry_image.sickrage.sha256_digest}"]
-}
-
resource "docker_image" "airsonic" {
name = "${data.docker_registry_image.airsonic.name}"
pull_triggers = ["${data.docker_registry_image.airsonic.sha256_digest}"]
@@ -71,11 +66,6 @@
resource "docker_image" "headerdebug" {
name = "${data.docker_registry_image.headerdebug.name}"
pull_triggers = ["${data.docker_registry_image.headerdebug.sha256_digest}"]
-}
-
-resource "docker_image" "cadvisor" {
- name = "${data.docker_registry_image.cadvisor.name}"
- pull_triggers = ["${data.docker_registry_image.cadvisor.sha256_digest}"]
}
resource "docker_image" "lychee" {
diff --git a/docker/lychee.tf b/docker/lychee.tf
index 074a902..4f40ae8 100644
--- a/docker/lychee.tf
+++ a/docker/lychee.tf
@@ -40,5 +40,5 @@
"PGID=984",
]
- links = ["mariadb"]
+ links = ["${docker_container.mariadb.name}"]
}
diff --git a/docker/main.tf b/docker/main.tf
index 892d86f..a4d1020 100644
--- a/docker/main.tf
+++ a/docker/main.tf
@@ -124,7 +124,7 @@
"TZ=Asia/Kolkata",
]
- links = ["transmission"]
+ links = ["{docker_container.transmission.name}"]
}
# resource "docker_container" "airsonic" {
@@ -191,50 +191,6 @@
))}"
}
-resource "docker_container" "sickrage" {
- name = "sickrage"
- image = "${docker_image.sickrage.latest}"
-
- restart = "unless-stopped"
- destroy_grace_seconds = 10
- must_run = true
-
- memory = 512
-
- volumes {
- host_path = "/mnt/xwing/config/sickrage"
- container_path = "/config"
- }
-
- volumes {
- host_path = "/mnt/xwing/media/DL"
- container_path = "/downloads"
- }
-
- volumes {
- host_path = "/mnt/xwing/media/TV"
- container_path = "/tv"
- }
-
- labels = "${merge(
- local.traefik_common_labels,
- map(
- "traefik.frontend.passHostHeader", "false",
- "traefik.frontend.auth.basic", "${var.basic_auth}",
- "traefik.port", 8081,
- ))}"
-
- env = [
- "PUID=1004",
- "PGID=1003",
- "TZ=Asia/Kolkata",
- ]
-
- links = [
- "transmission",
- ]
-}
-
resource "docker_container" "headphones" {
name = "headphones"
image = "${docker_image.headphones.latest}"
@@ -384,7 +340,7 @@
"traefik.port", 9999,
"traefik.frontend.headers.customResponseHeaders", "${var.xpoweredby}||Referrer-Policy:${var.refpolicy}||X-Frame-Options:${var.xfo_allow}",
))}"
- links = ["mongorocks"]
+ links = ["${docker_container.mongorocks.name}"]
env = [
"WIKI_ADMIN_EMAIL=me@captnemo.in",
"SESSION_SECRET=${var.wiki_session_secret}",
@@ -421,52 +377,4 @@
"PGID=1003",
"TZ=Asia/Kolkata",
]
-}
-
-resource "docker_container" "cadvisor" {
- name = "cadvisor"
- image = "${docker_image.cadvisor.latest}"
- memory = 512
-
- restart = "unless-stopped"
- destroy_grace_seconds = 10
- must_run = true
-
- volumes {
- host_path = "/"
- container_path = "/rootfs"
- read_only = true
- }
-
- volumes {
- host_path = "/sys"
- container_path = "/sys"
- read_only = true
- }
-
- volumes {
- host_path = "/var/lib/docker"
- container_path = "/var/lib/docker"
- read_only = true
- }
-
- volumes {
- host_path = "/dev/disk"
- container_path = "/dev/disk"
- read_only = true
- }
-
- volumes {
- host_path = "/var/run"
- container_path = "/var/run"
- }
-
- labels = "${merge(
- local.traefik_common_labels,
- map(
-
- "traefik.frontend.passHostHeader", "true",
- "traefik.frontend.auth.basic", "${var.basic_auth}",
- "traefik.port", 8080,
- ))}"
}
diff --git a/docker/outputs.tf b/docker/outputs.tf
index 2cdad4b..0551305 100644
--- a/docker/outputs.tf
+++ a/docker/outputs.tf
@@ -1,3 +1,15 @@
output "lychee-ip" {
value = "${docker_container.lychee.ip_address}"
}
+
+output "names-transmission" {
+ value = "${docker_container.transmission.name}"
+}
+
+output "names-emby" {
+ value = "${docker_container.emby.name}"
+}
+
+output "names-mariadb" {
+ value = "${docker_container.mariadb.name}"
+}
diff --git a/media/ombi.tf b/media/ombi.tf
index 9d387dc..656b128 100644
--- a/media/ombi.tf
+++ a/media/ombi.tf
@@ -36,5 +36,5 @@
"TZ=Asia/Kolkata",
]
- links = ["emby"]
+ links = ["${var.links-emby}"]
}
diff --git a/media/radarr.tf b/media/radarr.tf
index b198e4d..6ee7596 100644
--- a/media/radarr.tf
+++ a/media/radarr.tf
@@ -51,5 +51,5 @@
"TZ=Asia/Kolkata",
]
- links = ["emby", "transmission"]
+ links = ["${var.links-emby}", "${var.links-transmission}"]
}
diff --git a/media/sonarr.tf b/media/sonarr.tf
index 6c9a451..d464286 100644
--- a/media/sonarr.tf
+++ a/media/sonarr.tf
@@ -49,5 +49,5 @@
"TZ=Asia/Kolkata",
]
- links = ["emby", "transmission"]
+ links = ["${var.links-emby}", "${var.links-transmission}"]
}
diff --git a/media/variables.tf b/media/variables.tf
index 10fc457..fe92903 100644
--- a/media/variables.tf
+++ a/media/variables.tf
@@ -1,3 +1,6 @@
variable "domain" {
type = "string"
}
+
+variable "links-emby" {}
+variable "links-transmission" {}
diff --git a/monitoring/cadvisor.tf b/monitoring/cadvisor.tf
new file mode 100644
index 0000000..9383f1c 100644
--- /dev/null
+++ a/monitoring/cadvisor.tf
@@ -1,0 +1,52 @@
+resource "docker_container" "cadvisor" {
+ name = "cadvisor"
+ image = "${docker_image.cadvisor.latest}"
+ memory = 512
+
+ restart = "unless-stopped"
+ destroy_grace_seconds = 10
+ must_run = true
+
+ volumes {
+ host_path = "/"
+ container_path = "/rootfs"
+ read_only = true
+ }
+
+ volumes {
+ host_path = "/sys"
+ container_path = "/sys"
+ read_only = true
+ }
+
+ volumes {
+ host_path = "/var/lib/docker"
+ container_path = "/var/lib/docker"
+ read_only = true
+ }
+
+ volumes {
+ host_path = "/dev/disk"
+ container_path = "/dev/disk"
+ read_only = true
+ }
+
+ volumes {
+ host_path = "/var/run"
+ container_path = "/var/run"
+ }
+
+ labels {
+ "traefik.frontend.auth.basic" = "${var.basic_auth}"
+ "traefik.port" = 8080
+ "traefik.enable" = "true"
+ "traefik.frontend.headers.SSLTemporaryRedirect" = "true"
+ "traefik.frontend.headers.STSSeconds" = "2592000"
+ "traefik.frontend.headers.STSIncludeSubdomains" = "false"
+ "traefik.frontend.headers.contentTypeNosniff" = "true"
+ "traefik.frontend.headers.browserXSSFilter" = "true"
+ "traefik.frontend.passHostHeader" = "true"
+ "traefik.frontend.headers.customFrameOptionsValue" = "ALLOW-FROM https://home.bb8.fun/"
+ "traefik.frontend.headers.customResponseHeaders" = "X-Powered-By:Allomancy||X-Server:Blackbox"
+ }
+}
diff --git a/monitoring/data.tf b/monitoring/data.tf
index 344dcc3..06318f0 100644
--- a/monitoring/data.tf
+++ a/monitoring/data.tf
@@ -17,3 +17,7 @@
data "docker_registry_image" "transmission-exporter" {
name = "metalmatze/transmission-exporter"
}
+
+data "docker_registry_image" "cadvisor" {
+ name = "google/cadvisor:latest"
+}
diff --git a/monitoring/images.tf b/monitoring/images.tf
index 46b903d..ff88514 100644
--- a/monitoring/images.tf
+++ a/monitoring/images.tf
@@ -17,3 +17,8 @@
name = "${data.docker_registry_image.transmission-exporter.name}"
pull_triggers = ["${data.docker_registry_image.transmission-exporter.sha256_digest}"]
}
+
+resource "docker_image" "cadvisor" {
+ name = "${data.docker_registry_image.cadvisor.name}"
+ pull_triggers = ["${data.docker_registry_image.cadvisor.sha256_digest}"]
+}
diff --git a/monitoring/main.tf b/monitoring/main.tf
index 9ed8ac5..22b8600 100644
--- a/monitoring/main.tf
+++ a/monitoring/main.tf
@@ -21,7 +21,7 @@
container_path = "/var/lib/grafana"
}
- links = ["prometheus"]
+ links = ["${docker_container.prometheus.name}"]
env = [
"GF_SECURITY_ADMIN_PASSWORD=${var.gf-security-admin-password}",
@@ -52,7 +52,7 @@
file = "/etc/prometheus/prometheus.yml"
}
- links = ["nodeexporter", "cadvisor"]
+ links = ["${docker_container.nodeexporter.name}", "${docker_container.cadvisor.name}"]
restart = "unless-stopped"
destroy_grace_seconds = 10
diff --git a/monitoring/transmission.tf b/monitoring/transmission.tf
index 2019849..0ef474b 100644
--- a/monitoring/transmission.tf
+++ a/monitoring/transmission.tf
@@ -1,10 +1,10 @@
# Transmission Exporter for prometheus
# https://github.com/metalmatze/transmission-exporter
resource docker_container "transmission-exporter" {
name = "transmission-exporter"
image = "${docker_image.transmission-exporter.latest}"
- links = ["transmission"]
+ links = ["${var.transmission}"]
env = [
"TRANSMISSION_ADDR=http://transmission:9091",
diff --git a/monitoring/variables.tf b/monitoring/variables.tf
index 7f698e3..5190320 100644
--- a/monitoring/variables.tf
+++ a/monitoring/variables.tf
@@ -6,6 +6,10 @@
type = "string"
}
+variable "transmission" {
+ type = "string"
+}
+
variable "alert-slack-username" {
default = "Prometheus"
}
@@ -16,4 +20,8 @@
variable "alert-slack-incoming-webhook" {
default = "https://hooks.slack.com/whatever"
+}
+
+variable "basic_auth" {
+ default = "tatooine:$2y$05$iPbatint3Gulbs6kUtyALO9Yq5sBJ..aiF82bcIziH4ytz9nFoPr6"
}
diff --git a/radicale/config b/radicale/config
index 6e9e73f..f0a9a1a 100644
--- a/radicale/config
+++ a/radicale/config
@@ -24,7 +24,6 @@
# http://docs.python.org/library/logging.config.html
# config = /config/logging
-
[headers]
# Additional HTTP headers
diff --git a/tt-rss/variables.tf b/tt-rss/variables.tf
index 882c3d4..d7b9562 100644
--- a/tt-rss/variables.tf
+++ a/tt-rss/variables.tf
@@ -1,5 +1,6 @@
variable "domain" {
type = "string"
}
variable "mysql_password" {}
+variable "links-db" {}
--
rgit 0.1.5