From 21df4ceea61a9bf930902ffb4df726a4eaab9b5b Mon Sep 17 00:00:00 2001
From: Nemo <me@captnemo.in>
Date: Mon, 04 Jun 2018 13:39:55 +0530
Subject: [PATCH] Create and use a single traefik network everywhere
---
main.tf | 83 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--------------
abstruse/main.tf | 2 ++
abstruse/variables.tf | 2 ++
docker/lychee.tf | 2 +-
docker/network.tf | 9 ++++-----
docker/outputs.tf | 4 ++++
docker/traefik.tf | 4 ++++
docker/variables.tf | 2 +-
gitea/main.tf | 5 +----
gitea/mysql.tf | 15 ---------------
gitea/redis.tf | 1 +
gitea/variables.tf | 2 ++
heimdall/main.tf | 2 ++
heimdall/variables.tf | 2 ++
media/airsonic.tf | 3 ++-
media/emby.tf | 2 ++
media/jackett.tf | 4 ++--
media/lidarr.tf | 2 +-
media/radarr.tf | 2 +-
media/sonarr.tf | 2 +-
media/transmission.tf | 2 +-
media/variables.tf | 5 ++++-
monitoring/cadvisor.tf | 2 ++
monitoring/grafana.tf | 3 ++-
monitoring/variables.tf | 2 ++
opml/main.tf | 2 +-
opml/redis.tf | 1 +
opml/variables.tf | 2 ++
radicale/main.tf | 2 ++
radicale/variables.tf | 2 ++
requestbin/main.tf | 2 ++
requestbin/variables.tf | 2 ++
resilio/main.tf | 2 ++
resilio/variables.tf | 2 ++
tt-rss/main.tf | 2 ++
tt-rss/variables.tf | 2 ++
gitea/conf/conf.ini.tpl | 2 +-
37 files changed, 115 insertions(+), 72 deletions(-)
diff --git a/main.tf b/main.tf
index ebee876..c8e3bf3 100644
--- a/main.tf
+++ a/main.tf
@@ -20,7 +20,8 @@
cloudflare_key = "${var.cloudflare_key}"
cloudflare_email = "bb8@captnemo.in"
wiki_session_secret = "${var.wiki_session_secret}"
- links-mariadb = "${module.db.names-mariadb}"
+
+ # links-mariadb = "${module.db.names-mariadb}"
networks-mongorocks = "${module.db.networks-mongorocks}"
ips = "${var.ips}"
domain = "bb8.fun"
@@ -51,58 +52,68 @@
smtp-password = "${var.gitea-smtp-password}"
lfs-jwt-secret = "${var.gitea-lfs-jwt-secret}"
mysql-password = "${var.gitea-mysql-password}"
+
+ traefik-network-id = "${module.docker.traefik-network-id}"
}
module "opml" {
- source = "opml"
- domain = "opml.bb8.fun"
- client-id = "${var.opml-github-client-id}"
- client-secret = "${var.opml-github-client-secret}"
- traefik-labels = "${var.traefik-common-labels}"
+ source = "opml"
+ domain = "opml.bb8.fun"
+ client-id = "${var.opml-github-client-id}"
+ client-secret = "${var.opml-github-client-secret}"
+ traefik-labels = "${var.traefik-common-labels}"
+ traefik-network-id = "${module.docker.traefik-network-id}"
}
module "radicale" {
- source = "radicale"
- domain = "radicale.bb8.fun"
- traefik-labels = "${var.traefik-common-labels}"
+ source = "radicale"
+ domain = "radicale.bb8.fun"
+ traefik-labels = "${var.traefik-common-labels}"
+ traefik-network-id = "${module.docker.traefik-network-id}"
}
module "tt-rss" {
- source = "tt-rss"
- domain = "rss.captnemo.in"
- mysql_password = "${var.mysql-ttrss-password}"
- links-db = "${module.db.names-mariadb}"
- traefik-labels = "${var.traefik-common-labels}"
+ source = "tt-rss"
+ domain = "rss.captnemo.in"
+ mysql_password = "${var.mysql-ttrss-password}"
+ links-db = "${module.db.names-mariadb}"
+ traefik-labels = "${var.traefik-common-labels}"
+ traefik-network-id = "${module.docker.traefik-network-id}"
}
module "requestbin" {
- source = "requestbin"
- domain = "requestbin.bb8.fun"
- traefik-labels = "${var.traefik-common-labels}"
+ source = "requestbin"
+ domain = "requestbin.bb8.fun"
+ traefik-labels = "${var.traefik-common-labels}"
+ traefik-network-id = "${module.docker.traefik-network-id}"
}
module "resilio" {
- source = "resilio"
- domain = "sync.bb8.fun"
- traefik-labels = "${var.traefik-common-labels}"
- ips = "${var.ips}"
+ source = "resilio"
+ domain = "sync.bb8.fun"
+ traefik-labels = "${var.traefik-common-labels}"
+ ips = "${var.ips}"
+ traefik-network-id = "${module.docker.traefik-network-id}"
}
module "heimdall" {
- source = "heimdall"
- domain = "bb8.fun"
- traefik-labels = "${var.traefik-common-labels}"
- auth-header = "${module.docker.auth-header}"
+ source = "heimdall"
+ domain = "bb8.fun"
+ traefik-labels = "${var.traefik-common-labels}"
+ auth-header = "${module.docker.auth-header}"
+ traefik-network-id = "${module.docker.traefik-network-id}"
}
module "media" {
- source = "media"
- domain = "bb8.fun"
- links-mariadb = "${module.db.names-mariadb}"
+ source = "media"
+ domain = "bb8.fun"
+
+ # links-mariadb = "${module.db.names-mariadb}"
traefik-labels = "${var.traefik-common-labels}"
airsonic-smtp-password = "${var.airsonic-smtp-password}"
airsonic-db-password = "${var.mysql_airsonic_password}"
ips = "${var.ips}"
+ traefik-network-id = "${module.docker.traefik-network-id}"
}
module "monitoring" {
@@ -113,6 +124,7 @@
traefik-labels = "${var.traefik-common-labels}"
ips = "${var.ips}"
links-traefik = "${module.docker.names-traefik}"
+ traefik-network-id = "${module.docker.traefik-network-id}"
}
module "digitalocean" {
@@ -120,13 +132,14 @@
}
// Used to force access to ISP related resources
-module "tinyproxy" {
- source = "tinyproxy"
- ips = "${var.ips}"
-}
+# module "tinyproxy" {
+# source = "tinyproxy"
+# ips = "${var.ips}"
+# }
module "abstruse" {
- source = "abstruse"
- domain = "ci.bb8.fun"
- traefik-labels = "${var.traefik-common-labels}"
+ source = "abstruse"
+ domain = "ci.bb8.fun"
+ traefik-labels = "${var.traefik-common-labels}"
+ traefik-network-id = "${module.docker.traefik-network-id}"
}
diff --git a/abstruse/main.tf b/abstruse/main.tf
index d2974cf..52b4351 100644
--- a/abstruse/main.tf
+++ a/abstruse/main.tf
@@ -17,6 +17,8 @@
"traefik.frontend.rule","Host:${var.domain}"
))}"
+ networks = ["${var.traefik-network-id}"]
+
volumes {
host_path = "/var/run/docker.sock"
container_path = "/var/run/docker.sock"
diff --git a/abstruse/variables.tf b/abstruse/variables.tf
index a214480..7fc62b1 100644
--- a/abstruse/variables.tf
+++ a/abstruse/variables.tf
@@ -5,3 +5,5 @@
variable "traefik-labels" {
type = "map"
}
+
+variable "traefik-network-id" {}
diff --git a/docker/lychee.tf b/docker/lychee.tf
index 1d60020..079dcc5 100644
--- a/docker/lychee.tf
+++ a/docker/lychee.tf
@@ -33,5 +33,5 @@
"PGID=984",
]
- links = ["${var.links-mariadb}"]
+ # links = ["${var.links-mariadb}"]
}
diff --git a/docker/network.tf b/docker/network.tf
index 8ea0161..c2b6e0a 100644
--- a/docker/network.tf
+++ a/docker/network.tf
@@ -1,6 +1,5 @@
-// This is the default network we use
-// for any new container
-resource "docker_network" "bb8-default" {
- name = "bb8"
- driver = "bridge"
+resource "docker_network" "traefik" {
+ name = "traefik"
+ driver = "bridge"
+ internal = true
}
diff --git a/docker/outputs.tf b/docker/outputs.tf
index a143190..d0fa477 100644
--- a/docker/outputs.tf
+++ a/docker/outputs.tf
@@ -6,6 +6,10 @@
value = "${docker_container.traefik.name}"
}
+output "traefik-network-id" {
+ value = "${docker_network.traefik.id}"
+}
+
output "auth-header" {
value = "${var.basic_auth}"
}
diff --git a/docker/traefik.tf b/docker/traefik.tf
index 00c95e7..add985a 100644
--- a/docker/traefik.tf
+++ a/docker/traefik.tf
@@ -93,6 +93,10 @@
destroy_grace_seconds = 10
must_run = true
+ // `bridge` is auto-connected for now
+ // https://github.com/terraform-providers/terraform-provider-docker/issues/10
+ networks = ["${docker_network.traefik.id}"]
+
env = [
"CLOUDFLARE_EMAIL=${var.cloudflare_email}",
"CLOUDFLARE_API_KEY=${var.cloudflare_key}",
diff --git a/docker/variables.tf b/docker/variables.tf
index 0e0a339..6addbd4 100644
--- a/docker/variables.tf
+++ a/docker/variables.tf
@@ -50,6 +50,6 @@
type = "map"
}
-variable "links-mariadb" {}
+# variable "links-mariadb" {}
variable "networks-mongorocks" {}
diff --git a/gitea/main.tf b/gitea/main.tf
index 7a6026c..ddc8ecf 100644
--- a/gitea/main.tf
+++ a/gitea/main.tf
@@ -59,10 +59,7 @@
restart = "unless-stopped"
destroy_grace_seconds = 10
must_run = true
- links = [
- "mariadb",
- ]
- networks = ["${docker_network.gitea.id}"]
+ networks = ["${docker_network.gitea.id}", "${var.traefik-network-id}"]
}
resource "docker_image" "gitea" {
diff --git a/gitea/mysql.tf b/gitea/mysql.tf
index 719cde2..8b13789 100644
--- a/gitea/mysql.tf
+++ a/gitea/mysql.tf
@@ -1,16 +1,1 @@
-resource "mysql_database" "gitea" {
- name = "gitea"
-}
-resource "mysql_user" "gitea" {
- user = "gitea"
- host = "%"
- plaintext_password = "${var.mysql-password}"
-}
-
-resource "mysql_grant" "gitea" {
- user = "${mysql_user.gitea.user}"
- host = "${mysql_user.gitea.host}"
- database = "${mysql_database.gitea.name}"
- privileges = ["ALL"]
-}
diff --git a/gitea/redis.tf b/gitea/redis.tf
index 5156245..27f11ee 100644
--- a/gitea/redis.tf
+++ a/gitea/redis.tf
@@ -18,4 +18,5 @@
resource "docker_image" "redis" {
name = "${data.docker_registry_image.redis.name}"
pull_triggers = ["${data.docker_registry_image.redis.sha256_digest}"]
+ keep_locally = true
}
diff --git a/gitea/variables.tf b/gitea/variables.tf
index 824d462..093e8dc 100644
--- a/gitea/variables.tf
+++ a/gitea/variables.tf
@@ -13,3 +13,5 @@
variable "smtp-password" {}
variable "lfs-jwt-secret" {}
variable "mysql-password" {}
+
+variable "traefik-network-id" {}
diff --git a/heimdall/main.tf b/heimdall/main.tf
index 4ce20e8..61028aa 100644
--- a/heimdall/main.tf
+++ a/heimdall/main.tf
@@ -19,6 +19,8 @@
"traefik.frontend.auth.basic", "${var.auth-header}",
))}"
+ networks = ["${var.traefik-network-id}"]
+
volumes {
host_path = "/mnt/xwing/config/heimdall"
container_path = "/config"
diff --git a/heimdall/variables.tf b/heimdall/variables.tf
index cb679bf..c3f4e61 100644
--- a/heimdall/variables.tf
+++ a/heimdall/variables.tf
@@ -9,3 +9,5 @@
variable "traefik-labels" {
type = "map"
}
+
+variable "traefik-network-id" {}
diff --git a/media/airsonic.tf b/media/airsonic.tf
index c399499..ec2f644 100644
--- a/media/airsonic.tf
+++ a/media/airsonic.tf
@@ -47,7 +47,8 @@
"TZ=Asia/Kolkata",
"JAVA_OPTS=-Xmx512m",
]
- links = ["${var.links-mariadb}"]
+
+ # links = ["${var.links-mariadb}"]
}
resource "docker_image" "airsonic" {
diff --git a/media/emby.tf b/media/emby.tf
index 0581bcf..a27ceb4 100644
--- a/media/emby.tf
+++ a/media/emby.tf
@@ -20,6 +20,8 @@
"traefik.port", 8096,
))}"
+ networks = ["${docker_network.media.id}", "${var.traefik-network-id}"]
+
memory = 2048
restart = "unless-stopped"
destroy_grace_seconds = 10
diff --git a/media/jackett.tf b/media/jackett.tf
index 1cff5d0..4ebd32d 100644
--- a/media/jackett.tf
+++ a/media/jackett.tf
@@ -26,11 +26,11 @@
container_path = "/config"
}
+ networks = ["${docker_network.media.id}", "${var.traefik-network-id}"]
+
env = [
"PUID=1004",
"PGID=1003",
"TZ=Asia/Kolkata",
]
-
- # links = ["${var.links-emby}"]
}
diff --git a/media/lidarr.tf b/media/lidarr.tf
index ba1b500..c0e02fb 100644
--- a/media/lidarr.tf
+++ a/media/lidarr.tf
@@ -43,5 +43,5 @@
"TZ=Asia/Kolkata",
]
- networks = ["${docker_network.media.id}"]
+ networks = ["${docker_network.media.id}", "${var.traefik-network-id}"]
}
diff --git a/media/radarr.tf b/media/radarr.tf
index f0a3b4f..ad0744c 100644
--- a/media/radarr.tf
+++ a/media/radarr.tf
@@ -44,5 +44,5 @@
"TZ=Asia/Kolkata",
]
- networks = ["${docker_network.media.id}"]
+ networks = ["${docker_network.media.id}", "${var.traefik-network-id}"]
}
diff --git a/media/sonarr.tf b/media/sonarr.tf
index 7cc80b0..8539276 100644
--- a/media/sonarr.tf
+++ a/media/sonarr.tf
@@ -43,5 +43,5 @@
"TZ=Asia/Kolkata",
]
- networks = ["${docker_network.media.id}"]
+ networks = ["${docker_network.media.id}", "${var.traefik-network-id}"]
}
diff --git a/media/transmission.tf b/media/transmission.tf
index c6a4d92..197e92a 100644
--- a/media/transmission.tf
+++ a/media/transmission.tf
@@ -42,7 +42,7 @@
"TZ=Asia/Kolkata",
]
- networks = ["${docker_network.media.id}"]
+ networks = ["${docker_network.media.id}", "${var.traefik-network-id}"]
memory = 1024
restart = "unless-stopped"
diff --git a/media/variables.tf b/media/variables.tf
index 6c6d903..89d4cca 100644
--- a/media/variables.tf
+++ a/media/variables.tf
@@ -1,9 +1,10 @@
variable "domain" {
type = "string"
}
-variable "links-mariadb" {}
+# variable "links-mariadb" {}
variable "airsonic-smtp-password" {}
+
variable "airsonic-db-password" {}
variable "traefik-labels" {
@@ -18,3 +19,5 @@
variable "ips" {
type = "map"
}
+
+variable "traefik-network-id" {}
diff --git a/monitoring/cadvisor.tf b/monitoring/cadvisor.tf
index c062b2b..d18c872 100644
--- a/monitoring/cadvisor.tf
+++ a/monitoring/cadvisor.tf
@@ -36,6 +36,8 @@
container_path = "/var/run"
}
+ networks = ["${var.traefik-network-id}"]
+
labels = "${merge(
var.traefik-labels, map(
"traefik.port", 8080,
diff --git a/monitoring/grafana.tf b/monitoring/grafana.tf
index 1f281dd..5b1b631 100644
--- a/monitoring/grafana.tf
+++ a/monitoring/grafana.tf
@@ -13,7 +13,8 @@
container_path = "/var/lib/grafana"
}
- links = ["${docker_container.prometheus.name}"]
+ links = ["${docker_container.prometheus.name}"]
+ networks = ["${var.traefik-network-id}"]
env = [
# Keep this disabled unless bringing up a new grafana instance
diff --git a/monitoring/variables.tf b/monitoring/variables.tf
index 95b3dcd..57b0281 100644
--- a/monitoring/variables.tf
+++ a/monitoring/variables.tf
@@ -37,3 +37,5 @@
variable "ips" {
type = "map"
}
+
+variable "traefik-network-id" {}
diff --git a/opml/main.tf b/opml/main.tf
index dd7563c..bd495b0 100644
--- a/opml/main.tf
+++ a/opml/main.tf
@@ -19,7 +19,7 @@
destroy_grace_seconds = 10
must_run = true
- networks = ["${docker_network.opml.id}"]
+ networks = ["${docker_network.opml.id}", "${var.traefik-network-id}"]
}
resource "docker_image" "opml" {
diff --git a/opml/redis.tf b/opml/redis.tf
index 4b5e176..15bf489 100644
--- a/opml/redis.tf
+++ a/opml/redis.tf
@@ -18,4 +18,5 @@
resource "docker_image" "redis" {
name = "${data.docker_registry_image.redis.name}"
pull_triggers = ["${data.docker_registry_image.redis.sha256_digest}"]
+ keep_locally = true
}
diff --git a/opml/variables.tf b/opml/variables.tf
index 11b5f6f..91e8677 100644
--- a/opml/variables.tf
+++ a/opml/variables.tf
@@ -5,3 +5,5 @@
variable "domain" {}
variable "client-id" {}
variable "client-secret" {}
+
+variable "traefik-network-id" {}
diff --git a/radicale/main.tf b/radicale/main.tf
index 89942f7..490c5b4 100644
--- a/radicale/main.tf
+++ a/radicale/main.tf
@@ -42,6 +42,8 @@
file = "/config/users"
}
+ networks = ["${var.traefik-network-id}"]
+
restart = "unless-stopped"
destroy_grace_seconds = 10
must_run = true
diff --git a/radicale/variables.tf b/radicale/variables.tf
index 697b9ef..500e0e6 100644
--- a/radicale/variables.tf
+++ a/radicale/variables.tf
@@ -5,3 +5,5 @@
variable "traefik-labels" {
type = "map"
}
+
+variable "traefik-network-id" {}
diff --git a/requestbin/main.tf b/requestbin/main.tf
index bb10f44..ce8d936 100644
--- a/requestbin/main.tf
+++ a/requestbin/main.tf
@@ -17,6 +17,8 @@
"traefik.frontend.rule","Host:${var.domain}"
))}"
+ networks = ["${var.traefik-network-id}"]
+
restart = "unless-stopped"
destroy_grace_seconds = 10
must_run = true
diff --git a/requestbin/variables.tf b/requestbin/variables.tf
index 697b9ef..500e0e6 100644
--- a/requestbin/variables.tf
+++ a/requestbin/variables.tf
@@ -5,3 +5,5 @@
variable "traefik-labels" {
type = "map"
}
+
+variable "traefik-network-id" {}
diff --git a/resilio/main.tf b/resilio/main.tf
index f3c4576..f8b1789 100644
--- a/resilio/main.tf
+++ a/resilio/main.tf
@@ -42,6 +42,8 @@
container_path = "/downloads"
}
+ networks = ["${var.traefik-network-id}"]
+
labels = "${merge(
var.traefik-labels,
map(
diff --git a/resilio/variables.tf b/resilio/variables.tf
index 4ba20d6..55757ae 100644
--- a/resilio/variables.tf
+++ a/resilio/variables.tf
@@ -7,3 +7,5 @@
}
variable "domain" {}
+
+variable "traefik-network-id" {}
diff --git a/tt-rss/main.tf b/tt-rss/main.tf
index 42f7296..d209401 100644
--- a/tt-rss/main.tf
+++ a/tt-rss/main.tf
@@ -22,6 +22,8 @@
container_path = "/config"
}
+ networks = ["${var.traefik-network-id}"]
+
links = ["mariadb"]
env = [
diff --git a/tt-rss/variables.tf b/tt-rss/variables.tf
index b053af5..d47b922 100644
--- a/tt-rss/variables.tf
+++ a/tt-rss/variables.tf
@@ -8,3 +8,5 @@
variable "traefik-labels" {
type = "map"
}
+
+variable "traefik-network-id" {}
diff --git a/gitea/conf/conf.ini.tpl b/gitea/conf/conf.ini.tpl
index 4ea0c08..81bb090 100644
--- a/gitea/conf/conf.ini.tpl
+++ a/gitea/conf/conf.ini.tpl
@@ -87,7 +87,7 @@
HOST = mariadb:3306
NAME = gitea
USER = gitea
-; PASSWD = "${mysql-password}"
+; PASSWD = "mysql-password"
; ; For "postgres" only, either "disable", "require" or "verify-full"
; SSL_MODE = disable
; ; For "sqlite3" and "tidb", use absolute path when you start as service
--
rgit 0.1.5