From 6ef8783ba31cf97098f6af6a72f568241d98fc5f Mon Sep 17 00:00:00 2001
From: Nemo <me@captnemo.in>
Date: Thu, 02 Aug 2018 23:59:39 +0530
Subject: [PATCH] Really complicated terraform labelling
---
heimdall.tf | 1 -
main.tf | 8 --------
miniflux.tf | 3 ---
requestbin.tf | 4 +---
modules/container/locals.tf | 16 ++++++++++++++++
modules/container/main.tf | 91 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------
modules/container/vars.tf | 5 +----
7 files changed, 96 insertions(+), 32 deletions(-)
diff --git a/heimdall.tf b/heimdall.tf
index ac18600..b1c3747 100644
--- a/heimdall.tf
+++ a/heimdall.tf
@@ -1,9 +1,8 @@
module "heimdall" {
name = "heimdall"
source = "modules/container"
image = "linuxserver/heimdall:latest"
- // Default is port 80
web {
expose = true
port = 443
diff --git a/main.tf b/main.tf
index a865440..0053f56 100644
--- a/main.tf
+++ a/main.tf
@@ -76,14 +76,6 @@
traefik-network-id = "${module.docker.traefik-network-id}"
}
-module "heimdall" {
- source = "heimdall"
- domain = "home.bb8.fun"
- traefik-labels = "${var.traefik-common-labels}"
- auth-header = "${module.docker.auth-header}"
- traefik-network-id = "${module.docker.traefik-network-id}"
-}
-
module "media" {
source = "media"
domain = "bb8.fun"
diff --git a/miniflux.tf b/miniflux.tf
index 49a3967..74299fa 100644
--- a/miniflux.tf
+++ a/miniflux.tf
@@ -15,9 +15,6 @@
"DATABASE_URL=postgres://miniflux:${var.miniflux-db-password}@postgres/miniflux?sslmode=disable",
"RUN_MIGRATIONS=1",
]
-
- destroy_grace_seconds = 10
- must_run = true
}
module "miniflux-db" {
diff --git a/requestbin.tf b/requestbin.tf
index 596d1fd..9fac647 100644
--- a/requestbin.tf
+++ a/requestbin.tf
@@ -9,7 +9,5 @@
host = "requestbin.${var.root-domain}"
}
- networks = "${list(module.docker.traefik-network-id)}"
- destroy_grace_seconds = 10
- must_run = true
+ networks = "${list(module.docker.traefik-network-id)}"
}
diff --git a/modules/container/locals.tf b/modules/container/locals.tf
index 1cb8155..03d6daa 100644
--- a/modules/container/locals.tf
+++ a/modules/container/locals.tf
@@ -1,5 +1,15 @@
locals {
- traefik-common-labels {
+ default_labels {
+ "managed.by" = "nebula"
+ }
+
+ web {
+ "traefik.port" = "${lookup(var.web, "port", "80")}"
+ "traefik.frontend.rule" = "Host:${lookup(var.web, "host")}"
+ "traefik.protocol" = "${lookup(var.web, "protocol", "http")}"
+ }
+
+ traefik_common_labels {
"traefik.enable" = "true"
// HSTS
@@ -13,5 +23,9 @@
"traefik.frontend.headers.browserXSSFilter" = "true"
"traefik.docker.network" = "traefik"
+ }
+
+ traefik_auth_labels {
+ "traefik.frontend.auth.basic" = "${var.auth_header}"
}
}
diff --git a/modules/container/main.tf b/modules/container/main.tf
index 00e07dd..0cc2b01 100644
--- a/modules/container/main.tf
+++ a/modules/container/main.tf
@@ -17,19 +17,86 @@
entrypoint = "${var.entrypoint}"
user = "${var.user}"
networks = ["${var.networks}"]
- memory = "${lookup(var.resource, "memory")}"
-
- // Only add traefik labels if web.expose=true
- // Only add basicauth config if web.basicauth=true
- labels = "${merge(var.labels, lookup(var.web, "expose", "false") ?
- merge(local.traefik-common-labels, map(
- "traefik.port", lookup(var.web, "port", "80"),
- "traefik.frontend.rule", "Host:${lookup(var.web, "host", "")}",
- "traefik.protocol", lookup(var.web, "protocol", "http"),
- )) : map(), lookup(var.web, "basicauth", "false") ? map(
- "traefik.frontend.auth.basic", var.auth-header
- ) : map())}"
+ # memory = "${lookup(var.resource, "memory", "64")}"
+
+
+ # Look at this monstrosity
+ # And then https://github.com/hashicorp/terraform/issues/12453#issuecomment-365569618
+ # for why this is needed
+
+ labels = "${merge(local.default_labels,
+ zipmap(
+ concat(
+ keys(local.traefik_common_labels),
+ split(",",
+ lookup(var.web, "expose", "false") == "false" ?
+ "" :
+ join(",", keys(local.traefik_common_labels))
+ )
+ ),concat(
+ values(local.traefik_common_labels),
+ split(",",
+ lookup(var.web, "expose", "false") == "false" ?
+ "" :
+ join(",", values(local.traefik_common_labels))
+ )
+ )
+ ),
+
+ zipmap(
+ concat(
+ keys(local.web),
+ split(",",
+ lookup(var.web, "expose", "false") == "false" ?
+ "" :
+ join(",", keys(local.web))
+ )
+ ),concat(
+ values(local.web),
+ split(",",
+ lookup(var.web, "expose", "false") == "false" ?
+ "" :
+ join(",", values(local.web))
+ )
+ )
+ ),
+
+ zipmap(
+ concat(
+ keys(local.traefik_common_labels),
+ split(",",
+ lookup(var.web, "expose", "false") == "false" ?
+ "" :
+ join(",", keys(local.traefik_common_labels))
+ )
+ ),concat(
+ values(local.traefik_common_labels),
+ split(",",
+ lookup(var.web, "expose", "false") == "false" ?
+ "" :
+ join(",", values(local.traefik_common_labels))
+ )
+ )
+ ),
+ zipmap(
+ concat(
+ keys(local.traefik_auth_labels),
+ split(",",
+ lookup(var.web, "auth", "false") == "false" ?
+ "" :
+ join(",", keys(local.traefik_auth_labels))
+ )
+ ),concat(
+ values(local.traefik_auth_labels),
+ split(",",
+ lookup(var.web, "auth", "false") == "false" ?
+ "" :
+ join(",", values(local.traefik_auth_labels))
+ )
+ )
+ )
+ )}"
destroy_grace_seconds = "${var.destroy_grace_seconds}"
must_run = "${var.must_run}"
}
diff --git a/modules/container/vars.tf b/modules/container/vars.tf
index 685c6f5..e53865f 100644
--- a/modules/container/vars.tf
+++ a/modules/container/vars.tf
@@ -69,14 +69,11 @@
default = {
expose = "false"
- port = "80"
- host = ""
- protocol = "http"
basicauth = "false"
}
}
-variable "auth-header" {
+variable "auth_header" {
default = "tatooine:$2y$05$iPbatint3Gulbs6kUtyALO9Yq5sBJ..aiF82bcIziH4ytz9nFoPr6,reddit:$2y$05$ghKxSydYCpAT8r2VVMDmWO/BBecghGfLsRJUkr3ii7XxPyxBqp8Oy"
}
--
rgit 0.1.5