Switches to locals for common traefik variables
commit3fc9b585f1
Author: Nemo <me@captnemo.in> Date: Sat Jan 6 13:09:21 2018 +0530 minor comments commit57ffe866a3
Author: Nemo <me@captnemo.in> Date: Wed Jan 3 14:42:11 2018 +0530 minor changesg commit9e7e169ed5
Author: Nemo <me@captnemo.in> Date: Tue Jan 2 22:26:01 2018 +0530 Adds note about traefik bug commit7b521e20bc
Author: Nemo <me@captnemo.in> Date: Tue Jan 2 22:22:24 2018 +0530 [refactor] Use traefik_common_labels everywhere commit63225a89e2
Author: Nemo <me@captnemo.in> Date: Tue Dec 26 19:17:21 2017 +0530 More attempts commit69040999db
Author: Nemo <me@captnemo.in> Date: Tue Dec 26 19:02:50 2017 +0530 fix trailing comma commit99a3637308
Author: Nemo <me@captnemo.in> Date: Tue Dec 26 18:57:57 2017 +0530 Attempt at using locals for labels - See https://stackoverflow.com/questions/47973324/how-to-use-locals-in-terraform-to-repeat-and-merge-blocks and HELP
This commit is contained in:
parent
37d61599c9
commit
0727981d59
|
@ -0,0 +1,15 @@
|
|||
locals {
|
||||
traefik_common_labels {
|
||||
"traefik.enable" = "true"
|
||||
// HSTS
|
||||
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
||||
"traefik.frontend.headers.STSSeconds" = "2592000"
|
||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||
// X-Powered-By, Server headers
|
||||
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
|
||||
// X-Frame-Options
|
||||
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
||||
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
||||
"traefik.frontend.headers.browserXSSFilter" = "true"
|
||||
}
|
||||
}
|
197
docker/main.tf
197
docker/main.tf
|
@ -2,18 +2,12 @@ resource docker_container "transmission" {
|
|||
name = "transmission"
|
||||
image = "${docker_image.transmission.latest}"
|
||||
|
||||
labels {
|
||||
"traefik.frontend.auth.basic" = "${var.basic_auth}"
|
||||
"traefik.port" = 9091
|
||||
"traefik.enable" = "true"
|
||||
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
||||
"traefik.frontend.headers.STSSeconds" = "2592000"
|
||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
||||
"traefik.frontend.headers.browserXSSFilter" = "true"
|
||||
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
|
||||
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
||||
}
|
||||
labels = "${merge(
|
||||
local.traefik_common_labels,
|
||||
map(
|
||||
"traefik.frontend.auth.basic", "${var.basic_auth}",
|
||||
"traefik.port", 9091,
|
||||
))}"
|
||||
|
||||
ports {
|
||||
internal = 51413
|
||||
|
@ -68,20 +62,14 @@ resource "docker_container" "emby" {
|
|||
container_path = "/media"
|
||||
}
|
||||
|
||||
labels {
|
||||
"traefik.frontend.rule" = "Host:emby.in.${var.domain},emby.${var.domain}"
|
||||
"traefik.frontend.passHostHeader" = "true"
|
||||
"traefik.frontend.auth.basic" = "${var.basic_auth}"
|
||||
"traefik.port" = 8096
|
||||
"traefik.enable" = "true"
|
||||
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
||||
"traefik.frontend.headers.STSSeconds" = "2592000"
|
||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
||||
"traefik.frontend.headers.browserXSSFilter" = "true"
|
||||
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
|
||||
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
||||
}
|
||||
labels = "${merge(
|
||||
local.traefik_common_labels,
|
||||
map(
|
||||
"traefik.frontend.rule", "Host:emby.in.${var.domain},emby.${var.domain}",
|
||||
"traefik.frontend.passHostHeader", "true",
|
||||
"traefik.frontend.auth.basic", "${var.basic_auth}",
|
||||
"traefik.port", 8096,
|
||||
))}"
|
||||
|
||||
memory = 2048
|
||||
restart = "unless-stopped"
|
||||
|
@ -117,18 +105,12 @@ resource "docker_container" "couchpotato" {
|
|||
container_path = "/movies"
|
||||
}
|
||||
|
||||
labels {
|
||||
"traefik.frontend.auth.basic" = "${var.basic_auth}"
|
||||
"traefik.port" = 5050
|
||||
"traefik.enable" = "true"
|
||||
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
||||
"traefik.frontend.headers.STSSeconds" = "2592000"
|
||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
||||
"traefik.frontend.headers.browserXSSFilter" = "true"
|
||||
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
|
||||
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
||||
}
|
||||
labels = "${merge(
|
||||
local.traefik_common_labels,
|
||||
map(
|
||||
"traefik.frontend.auth.basic", "${var.basic_auth}",
|
||||
"traefik.port", 5050,
|
||||
))}"
|
||||
|
||||
memory = 256
|
||||
restart = "unless-stopped"
|
||||
|
@ -175,17 +157,13 @@ resource "docker_container" "airsonic" {
|
|||
container_path = "/airsonic/podcasts"
|
||||
}
|
||||
|
||||
labels {
|
||||
"traefik.frontend.rule" = "Host:airsonic.in.${var.domain},airsonic.${var.domain}"
|
||||
"traefik.frontend.passHostHeader" = "true"
|
||||
"traefik.port" = 4040
|
||||
"traefik.enable" = "true"
|
||||
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
||||
"traefik.frontend.headers.STSSeconds" = "2592000"
|
||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
|
||||
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
||||
}
|
||||
labels = "${merge(
|
||||
local.traefik_common_labels,
|
||||
map(
|
||||
"traefik.frontend.rule", "Host:airsonic.in.${var.domain},airsonic.${var.domain}",
|
||||
"traefik.frontend.passHostHeader", "true",
|
||||
"traefik.port", 4040,
|
||||
))}"
|
||||
}
|
||||
|
||||
resource "docker_container" "headerdebug" {
|
||||
|
@ -198,17 +176,13 @@ resource "docker_container" "headerdebug" {
|
|||
|
||||
memory = 16
|
||||
|
||||
labels {
|
||||
"traefik.frontend.rule" = "Host:debug.in.${var.domain}"
|
||||
"traefik.frontend.passHostHeader" = "true"
|
||||
"traefik.port" = 8080
|
||||
"traefik.enable" = "true"
|
||||
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
||||
"traefik.frontend.headers.STSSeconds" = "2592000"
|
||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
|
||||
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
||||
}
|
||||
labels = "${merge(
|
||||
local.traefik_common_labels,
|
||||
map(
|
||||
"traefik.frontend.rule", "Host:debug.in.${var.domain},debug.${var.domain}",
|
||||
"traefik.port", 8080,
|
||||
"traefik.enable", "true",
|
||||
))}"
|
||||
}
|
||||
|
||||
resource "docker_container" "sickrage" {
|
||||
|
@ -236,19 +210,13 @@ resource "docker_container" "sickrage" {
|
|||
container_path = "/tv"
|
||||
}
|
||||
|
||||
labels {
|
||||
"traefik.frontend.passHostHeader" = "false"
|
||||
"traefik.frontend.auth.basic" = "${var.basic_auth}"
|
||||
"traefik.port" = 8081
|
||||
"traefik.enable" = "true"
|
||||
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
||||
"traefik.frontend.headers.STSSeconds" = "2592000"
|
||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
||||
"traefik.frontend.headers.browserXSSFilter" = "true"
|
||||
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
|
||||
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
||||
}
|
||||
labels = "${merge(
|
||||
local.traefik_common_labels,
|
||||
map(
|
||||
"traefik.frontend.passHostHeader", "false",
|
||||
"traefik.frontend.auth.basic", "${var.basic_auth}",
|
||||
"traefik.port", 8081,
|
||||
))}"
|
||||
|
||||
env = [
|
||||
"PUID=1004",
|
||||
|
@ -286,18 +254,12 @@ resource "docker_container" "headphones" {
|
|||
file = "/config/config.ini"
|
||||
}
|
||||
|
||||
labels {
|
||||
"traefik.frontend.auth.basic" = "${var.basic_auth}"
|
||||
"traefik.port" = 8181
|
||||
"traefik.enable" = "true"
|
||||
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
||||
"traefik.frontend.headers.STSSeconds" = "2592000"
|
||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
||||
"traefik.frontend.headers.browserXSSFilter" = "true"
|
||||
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
|
||||
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
||||
}
|
||||
labels = "${merge(
|
||||
local.traefik_common_labels,
|
||||
map(
|
||||
"traefik.frontend.auth.basic", "${var.basic_auth}",
|
||||
"traefik.port", 8181,
|
||||
))}"
|
||||
|
||||
# lounge:tatooine
|
||||
env = [
|
||||
|
@ -396,19 +358,18 @@ resource "docker_container" "wiki" {
|
|||
container_path = "/data"
|
||||
}
|
||||
|
||||
labels {
|
||||
"traefik.frontend.rule" = "Host:wiki.${var.domain}"
|
||||
"traefik.frontend.passHostHeader" = "true"
|
||||
"traefik.port" = 9999
|
||||
"traefik.enable" = "true"
|
||||
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
||||
"traefik.frontend.headers.STSSeconds" = "2592000"
|
||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}||Referrer-Policy:${var.refpolicy}||X-Frame-Options:${var.xfo_allow}"
|
||||
}
|
||||
// The last header is a workaround for double header traefik bug
|
||||
// This might be actually breaking iframe till the 1.5 Final release.
|
||||
|
||||
labels = "${merge(
|
||||
local.traefik_common_labels,
|
||||
map(
|
||||
"traefik.frontend.rule", "Host:wiki.${var.domain}",
|
||||
"traefik.frontend.passHostHeader", "true",
|
||||
"traefik.port", 9999,
|
||||
"traefik.frontend.headers.customResponseHeaders", "${var.xpoweredby}||Referrer-Policy:${var.refpolicy}||X-Frame-Options:${var.xfo_allow}",
|
||||
))}"
|
||||
links = ["mongorocks"]
|
||||
|
||||
env = [
|
||||
"WIKI_ADMIN_EMAIL=me@captnemo.in",
|
||||
"SESSION_SECRET=${var.wiki_session_secret}",
|
||||
|
@ -429,20 +390,15 @@ resource "docker_container" "muximux" {
|
|||
container_path = "/config"
|
||||
}
|
||||
|
||||
labels {
|
||||
"traefik.frontend.rule" = "Host:home.in.${var.domain},home.${var.domain}"
|
||||
"traefik.frontend.passHostHeader" = "false"
|
||||
"traefik.frontend.auth.basic" = "${var.basic_auth}"
|
||||
"traefik.port" = 80
|
||||
"traefik.enable" = "true"
|
||||
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
||||
"traefik.frontend.headers.STSSeconds" = "2592000"
|
||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
||||
"traefik.frontend.headers.browserXSSFilter" = "true"
|
||||
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
|
||||
"traefik.frontend.headers.frameDeny" = "true"
|
||||
}
|
||||
labels = "${merge(
|
||||
local.traefik_common_labels,
|
||||
map(
|
||||
"traefik.port", 80,
|
||||
"traefik.frontend.headers.frameDeny", "true",
|
||||
"traefik.frontend.passHostHeader", "false",
|
||||
"traefik.frontend.auth.basic", "${var.basic_auth}",
|
||||
"traefik.frontend.rule", "Host:home.in.${var.domain},home.${var.domain}",
|
||||
))}"
|
||||
|
||||
# lounge:tatooine
|
||||
env = [
|
||||
|
@ -490,17 +446,12 @@ resource "docker_container" "cadvisor" {
|
|||
container_path = "/var/run"
|
||||
}
|
||||
|
||||
labels {
|
||||
"traefik.frontend.rule" = "Host:cadvisor.${var.domain}"
|
||||
"traefik.frontend.auth.basic" = "${var.basic_auth}"
|
||||
"traefik.port" = 8080
|
||||
"traefik.enable" = "true"
|
||||
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
||||
"traefik.frontend.headers.STSSeconds" = "2592000"
|
||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
||||
"traefik.frontend.headers.browserXSSFilter" = "true"
|
||||
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
||||
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
|
||||
}
|
||||
labels = "${merge(
|
||||
local.traefik_common_labels,
|
||||
map(
|
||||
|
||||
"traefik.frontend.passHostHeader", "true",
|
||||
"traefik.frontend.auth.basic", "${var.basic_auth}",
|
||||
"traefik.port", 8080,
|
||||
))}"
|
||||
}
|
||||
|
|
|
@ -9,7 +9,6 @@ resource "docker_container" "traefik" {
|
|||
ip = "${var.ips["eth0"]}"
|
||||
}
|
||||
|
||||
# Admin Backend
|
||||
ports {
|
||||
internal = 1111
|
||||
external = 1111
|
||||
|
|
Loading…
Reference in New Issue