From 85832d4ad0e038c8c9c3c96e0d3fbeeb1fa2eb6a Mon Sep 17 00:00:00 2001
From: Nemo <me@captnemo.in>
Date: Tue, 06 Feb 2018 20:02:25 +0530
Subject: [PATCH] Switch to common traefik labels for radicale

---
 main.tf               |  5 +++--
 variables.tf          | 21 +++++++++++++++++++++
 radicale/main.tf      | 16 ++++++----------
 radicale/variables.tf |  4 ++++
 4 files changed, 33 insertions(+), 13 deletions(-)

diff --git a/main.tf b/main.tf
index be76f6a..e4abdc9 100644
--- a/main.tf
+++ a/main.tf
@@ -29,8 +29,9 @@
 }
 
 module "radicale" {
-  source = "radicale"
-  domain = "radicale.bb8.fun"
+  source         = "radicale"
+  domain         = "radicale.bb8.fun"
+  traefik-labels = "${var.traefik-common-labels}"
 }
 
 module "tt-rss" {
diff --git a/variables.tf b/variables.tf
index e70b152..e10fad1 100644
--- a/variables.tf
+++ a/variables.tf
@@ -45,3 +45,24 @@
 variable "gitea-internal-token" {}
 variable "gitea-smtp-password" {}
 variable "digitalocean-token" {}
+
+variable "traefik-common-labels" {
+  type = "map"
+
+  default = {
+    "traefik.enable" = "true"
+
+    // HSTS
+    "traefik.frontend.headers.SSLTemporaryRedirect" = "true"
+    "traefik.frontend.headers.STSSeconds"           = "2592000"
+    "traefik.frontend.headers.STSIncludeSubdomains" = "false"
+
+    // X-Powered-By, Server headers
+    "traefik.frontend.headers.customResponseHeaders" = "X-Powered-By:Allomancy||X-Server:Blackbox"
+
+    // X-Frame-Options
+    "traefik.frontend.headers.customFrameOptionsValue" = "ALLOW-FROM https://home.bb8.fun/"
+    "traefik.frontend.headers.contentTypeNosniff"      = "true"
+    "traefik.frontend.headers.browserXSSFilter"        = "true"
+  }
+}
diff --git a/radicale/main.tf b/radicale/main.tf
index b21bb1a..18761fb 100644
--- a/radicale/main.tf
+++ a/radicale/main.tf
@@ -11,17 +11,11 @@
   name  = "radicale"
   image = "${docker_image.radicale.latest}"
 
-  labels {
-    "traefik.port"                                  = 5232
-    "traefik.enable"                                = "true"
-    "traefik.frontend.headers.SSLTemporaryRedirect" = "true"
-    "traefik.frontend.headers.STSSeconds"           = "2592000"
-    "traefik.frontend.headers.STSIncludeSubdomains" = "false"
-    "traefik.frontend.headers.contentTypeNosniff"   = "true"
-    "traefik.frontend.headers.browserXSSFilter"     = "true"
-    "traefik.frontend.passHostHeader"               = "true"
-    "traefik.frontend.rule"                         = "Host:${var.domain}"
-  }
+  labels = "${merge(
+    var.traefik-labels, map(
+      "traefik.port", 5232,
+      "traefik.frontend.rule","Host:${var.domain}"
+  ))}"
 
   volumes {
     host_path      = "/mnt/xwing/data/radicale"
diff --git a/radicale/variables.tf b/radicale/variables.tf
index 10fc457..697b9ef 100644
--- a/radicale/variables.tf
+++ a/radicale/variables.tf
@@ -1,3 +1,7 @@
 variable "domain" {
   type = "string"
 }
+
+variable "traefik-labels" {
+  type = "map"
+}
--
rgit 0.1.5