Switches to locals for common traefik variables

commit 3fc9b585f1
Author: Nemo <me@captnemo.in>
Date:   Sat Jan 6 13:09:21 2018 +0530

    minor comments

commit 57ffe866a3
Author: Nemo <me@captnemo.in>
Date:   Wed Jan 3 14:42:11 2018 +0530

    minor changesg

commit 9e7e169ed5
Author: Nemo <me@captnemo.in>
Date:   Tue Jan 2 22:26:01 2018 +0530

    Adds note about traefik bug

commit 7b521e20bc
Author: Nemo <me@captnemo.in>
Date:   Tue Jan 2 22:22:24 2018 +0530

    [refactor] Use traefik_common_labels everywhere

commit 63225a89e2
Author: Nemo <me@captnemo.in>
Date:   Tue Dec 26 19:17:21 2017 +0530

    More attempts

commit 69040999db
Author: Nemo <me@captnemo.in>
Date:   Tue Dec 26 19:02:50 2017 +0530

    fix trailing comma

commit 99a3637308
Author: Nemo <me@captnemo.in>
Date:   Tue Dec 26 18:57:57 2017 +0530

    Attempt at using locals for labels

    - See
    https://stackoverflow.com/questions/47973324/how-to-use-locals-in-terraform-to-repeat-and-merge-blocks
    and HELP
This commit is contained in:
Nemo 2018-01-06 13:10:29 +05:30
parent 37d61599c9
commit 0727981d59
3 changed files with 89 additions and 124 deletions

15
docker/locals.tf Normal file
View File

@ -0,0 +1,15 @@
locals {
traefik_common_labels {
"traefik.enable" = "true"
// HSTS
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
"traefik.frontend.headers.STSSeconds" = "2592000"
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
// X-Powered-By, Server headers
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
// X-Frame-Options
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
"traefik.frontend.headers.contentTypeNosniff" = "true"
"traefik.frontend.headers.browserXSSFilter" = "true"
}
}

View File

@ -2,18 +2,12 @@ resource docker_container "transmission" {
name = "transmission"
image = "${docker_image.transmission.latest}"
labels {
"traefik.frontend.auth.basic" = "${var.basic_auth}"
"traefik.port" = 9091
"traefik.enable" = "true"
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
"traefik.frontend.headers.STSSeconds" = "2592000"
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
"traefik.frontend.headers.contentTypeNosniff" = "true"
"traefik.frontend.headers.browserXSSFilter" = "true"
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
}
labels = "${merge(
local.traefik_common_labels,
map(
"traefik.frontend.auth.basic", "${var.basic_auth}",
"traefik.port", 9091,
))}"
ports {
internal = 51413
@ -68,20 +62,14 @@ resource "docker_container" "emby" {
container_path = "/media"
}
labels {
"traefik.frontend.rule" = "Host:emby.in.${var.domain},emby.${var.domain}"
"traefik.frontend.passHostHeader" = "true"
"traefik.frontend.auth.basic" = "${var.basic_auth}"
"traefik.port" = 8096
"traefik.enable" = "true"
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
"traefik.frontend.headers.STSSeconds" = "2592000"
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
"traefik.frontend.headers.contentTypeNosniff" = "true"
"traefik.frontend.headers.browserXSSFilter" = "true"
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
}
labels = "${merge(
local.traefik_common_labels,
map(
"traefik.frontend.rule", "Host:emby.in.${var.domain},emby.${var.domain}",
"traefik.frontend.passHostHeader", "true",
"traefik.frontend.auth.basic", "${var.basic_auth}",
"traefik.port", 8096,
))}"
memory = 2048
restart = "unless-stopped"
@ -117,18 +105,12 @@ resource "docker_container" "couchpotato" {
container_path = "/movies"
}
labels {
"traefik.frontend.auth.basic" = "${var.basic_auth}"
"traefik.port" = 5050
"traefik.enable" = "true"
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
"traefik.frontend.headers.STSSeconds" = "2592000"
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
"traefik.frontend.headers.contentTypeNosniff" = "true"
"traefik.frontend.headers.browserXSSFilter" = "true"
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
}
labels = "${merge(
local.traefik_common_labels,
map(
"traefik.frontend.auth.basic", "${var.basic_auth}",
"traefik.port", 5050,
))}"
memory = 256
restart = "unless-stopped"
@ -175,17 +157,13 @@ resource "docker_container" "airsonic" {
container_path = "/airsonic/podcasts"
}
labels {
"traefik.frontend.rule" = "Host:airsonic.in.${var.domain},airsonic.${var.domain}"
"traefik.frontend.passHostHeader" = "true"
"traefik.port" = 4040
"traefik.enable" = "true"
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
"traefik.frontend.headers.STSSeconds" = "2592000"
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
}
labels = "${merge(
local.traefik_common_labels,
map(
"traefik.frontend.rule", "Host:airsonic.in.${var.domain},airsonic.${var.domain}",
"traefik.frontend.passHostHeader", "true",
"traefik.port", 4040,
))}"
}
resource "docker_container" "headerdebug" {
@ -198,17 +176,13 @@ resource "docker_container" "headerdebug" {
memory = 16
labels {
"traefik.frontend.rule" = "Host:debug.in.${var.domain}"
"traefik.frontend.passHostHeader" = "true"
"traefik.port" = 8080
"traefik.enable" = "true"
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
"traefik.frontend.headers.STSSeconds" = "2592000"
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
}
labels = "${merge(
local.traefik_common_labels,
map(
"traefik.frontend.rule", "Host:debug.in.${var.domain},debug.${var.domain}",
"traefik.port", 8080,
"traefik.enable", "true",
))}"
}
resource "docker_container" "sickrage" {
@ -236,19 +210,13 @@ resource "docker_container" "sickrage" {
container_path = "/tv"
}
labels {
"traefik.frontend.passHostHeader" = "false"
"traefik.frontend.auth.basic" = "${var.basic_auth}"
"traefik.port" = 8081
"traefik.enable" = "true"
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
"traefik.frontend.headers.STSSeconds" = "2592000"
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
"traefik.frontend.headers.contentTypeNosniff" = "true"
"traefik.frontend.headers.browserXSSFilter" = "true"
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
}
labels = "${merge(
local.traefik_common_labels,
map(
"traefik.frontend.passHostHeader", "false",
"traefik.frontend.auth.basic", "${var.basic_auth}",
"traefik.port", 8081,
))}"
env = [
"PUID=1004",
@ -286,18 +254,12 @@ resource "docker_container" "headphones" {
file = "/config/config.ini"
}
labels {
"traefik.frontend.auth.basic" = "${var.basic_auth}"
"traefik.port" = 8181
"traefik.enable" = "true"
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
"traefik.frontend.headers.STSSeconds" = "2592000"
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
"traefik.frontend.headers.contentTypeNosniff" = "true"
"traefik.frontend.headers.browserXSSFilter" = "true"
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
}
labels = "${merge(
local.traefik_common_labels,
map(
"traefik.frontend.auth.basic", "${var.basic_auth}",
"traefik.port", 8181,
))}"
# lounge:tatooine
env = [
@ -396,19 +358,18 @@ resource "docker_container" "wiki" {
container_path = "/data"
}
labels {
"traefik.frontend.rule" = "Host:wiki.${var.domain}"
"traefik.frontend.passHostHeader" = "true"
"traefik.port" = 9999
"traefik.enable" = "true"
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
"traefik.frontend.headers.STSSeconds" = "2592000"
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}||Referrer-Policy:${var.refpolicy}||X-Frame-Options:${var.xfo_allow}"
}
// The last header is a workaround for double header traefik bug
// This might be actually breaking iframe till the 1.5 Final release.
labels = "${merge(
local.traefik_common_labels,
map(
"traefik.frontend.rule", "Host:wiki.${var.domain}",
"traefik.frontend.passHostHeader", "true",
"traefik.port", 9999,
"traefik.frontend.headers.customResponseHeaders", "${var.xpoweredby}||Referrer-Policy:${var.refpolicy}||X-Frame-Options:${var.xfo_allow}",
))}"
links = ["mongorocks"]
env = [
"WIKI_ADMIN_EMAIL=me@captnemo.in",
"SESSION_SECRET=${var.wiki_session_secret}",
@ -429,20 +390,15 @@ resource "docker_container" "muximux" {
container_path = "/config"
}
labels {
"traefik.frontend.rule" = "Host:home.in.${var.domain},home.${var.domain}"
"traefik.frontend.passHostHeader" = "false"
"traefik.frontend.auth.basic" = "${var.basic_auth}"
"traefik.port" = 80
"traefik.enable" = "true"
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
"traefik.frontend.headers.STSSeconds" = "2592000"
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
"traefik.frontend.headers.contentTypeNosniff" = "true"
"traefik.frontend.headers.browserXSSFilter" = "true"
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
"traefik.frontend.headers.frameDeny" = "true"
}
labels = "${merge(
local.traefik_common_labels,
map(
"traefik.port", 80,
"traefik.frontend.headers.frameDeny", "true",
"traefik.frontend.passHostHeader", "false",
"traefik.frontend.auth.basic", "${var.basic_auth}",
"traefik.frontend.rule", "Host:home.in.${var.domain},home.${var.domain}",
))}"
# lounge:tatooine
env = [
@ -490,17 +446,12 @@ resource "docker_container" "cadvisor" {
container_path = "/var/run"
}
labels {
"traefik.frontend.rule" = "Host:cadvisor.${var.domain}"
"traefik.frontend.auth.basic" = "${var.basic_auth}"
"traefik.port" = 8080
"traefik.enable" = "true"
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
"traefik.frontend.headers.STSSeconds" = "2592000"
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
"traefik.frontend.headers.contentTypeNosniff" = "true"
"traefik.frontend.headers.browserXSSFilter" = "true"
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
}
labels = "${merge(
local.traefik_common_labels,
map(
"traefik.frontend.passHostHeader", "true",
"traefik.frontend.auth.basic", "${var.basic_auth}",
"traefik.port", 8080,
))}"
}

View File

@ -9,7 +9,6 @@ resource "docker_container" "traefik" {
ip = "${var.ips["eth0"]}"
}
# Admin Backend
ports {
internal = 1111
external = 1111