Make link dependencies explicit

README.md

@@ -41,7 +41,6 @@ Currently running the following (all links are to the `store.docker.com` links f
 
 - [Emby](https://store.docker.com/community/images/emby/embyserver) Media Server
 - [CouchPotato](https://store.docker.com/community/images/linuxserver/couchpotato), auto-download movies
-- [SickRage](https://store.docker.com/community/images/linuxserver/sickrage), auto-download TV shows
 - [Transmission](https://store.docker.com/community/images/linuxserver/transmission), to download torrents
 - [AirSonic](https://store.docker.com/community/images/airsonic/airsonic), for a music server
 - [Ubooquity](https://store.docker.com/community/images/linuxserver/ubooquity), EBooks server with OPDS support

digitalocean/firewall.tf

@@ -1,37 +1,38 @@
 resource "digitalocean_firewall" "web" {
   name = "web-inbound"
+
   inbound_rule = [
     {
-      protocol           = "tcp"
-      port_range         = "80"
-      source_addresses   = ["0.0.0.0/0", "::/0"]
+      protocol         = "tcp"
+      port_range       = "80"
+      source_addresses = ["0.0.0.0/0", "::/0"]
     },
     {
-      protocol           = "tcp"
-      port_range         = "443"
-      source_addresses   = ["0.0.0.0/0", "::/0"]
+      protocol         = "tcp"
+      port_range       = "443"
+      source_addresses = ["0.0.0.0/0", "::/0"]
     },
   ]
 }
 
 resource "digitalocean_firewall" "ssh" {
   name = "ssh-inbound"
+
   inbound_rule = [
     {
-      protocol           = "tcp"
-      port_range         = "22"
-      source_addresses   = ["0.0.0.0/0", "::/0"]
+      protocol         = "tcp"
+      port_range       = "22"
+      source_addresses = ["0.0.0.0/0", "::/0"]
     },
     {
-      protocol           = "tcp"
-      port_range         = "222"
-      source_addresses   = ["0.0.0.0/0", "::/0"]
+      protocol         = "tcp"
+      port_range       = "222"
+      source_addresses = ["0.0.0.0/0", "::/0"]
     },
     {
-      protocol           = "tcp"
-      port_range         = "24"
-      source_addresses   = ["0.0.0.0/0", "::/0"]
+      protocol         = "tcp"
+      port_range       = "24"
+      source_addresses = ["0.0.0.0/0", "::/0"]
     },
-
   ]
 }

docker/data.tf

@@ -31,10 +31,6 @@ data "docker_registry_image" "gitea" {
   name = "gitea/gitea:1.4"
 }
 
-data "docker_registry_image" "sickrage" {
-  name = "linuxserver/sickrage:latest"
-}
-
 data "docker_registry_image" "airsonic" {
   name = "linuxserver/airsonic:latest"
 }
@@ -59,10 +55,6 @@ data "docker_registry_image" "headerdebug" {
   name = "brndnmtthws/nginx-echo-headers:latest"
 }
 
-data "docker_registry_image" "cadvisor" {
-  name = "google/cadvisor:latest"
-}
-
 data "docker_registry_image" "lychee" {
   name = "linuxserver/lychee:latest"
 }

docker/gitea.tf

@@ -3,15 +3,15 @@ resource docker_container "gitea" {
   image = "${docker_image.gitea.latest}"
 
   labels {
-    "traefik.port"                                     = 3000
-    "traefik.enable"                                   = "true"
-    "traefik.frontend.rule"                            = "Host:git.captnemo.in"
-    "traefik.frontend.headers.STSSeconds"              = "2592000"
-    "traefik.frontend.headers.browserXSSFilter"        = "true"
-    "traefik.frontend.headers.contentTypeNosniff"      = "true"
-    "traefik.frontend.headers.SSLTemporaryRedirect"    = "true"
-    "traefik.frontend.headers.STSIncludeSubdomains"    = "false"
-    "traefik.frontend.headers.customResponseHeaders"   = "${var.xpoweredby}"
+    "traefik.port"                                   = 3000
+    "traefik.enable"                                 = "true"
+    "traefik.frontend.rule"                          = "Host:git.captnemo.in"
+    "traefik.frontend.headers.STSSeconds"            = "2592000"
+    "traefik.frontend.headers.browserXSSFilter"      = "true"
+    "traefik.frontend.headers.contentTypeNosniff"    = "true"
+    "traefik.frontend.headers.SSLTemporaryRedirect"  = "true"
+    "traefik.frontend.headers.STSIncludeSubdomains"  = "false"
+    "traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
   }
 
   ports {
@@ -51,19 +51,16 @@ resource docker_container "gitea" {
     content = "${file("${path.module}/conf/humans.txt")}"
     file    = "/data/gitea/public/humans.txt"
   }
-
   # Extra Links in header
   upload {
     content = "${file("${path.module}/conf/gitea/extra_links.tmpl")}"
     file    = "/data/gitea/templates/custom/extra_links.tmpl"
   }
-
   # This is the main configuration file
   upload {
     content = "${data.template_file.gitea-config-file.rendered}"
     file    = "/data/gitea/conf/app.ini"
   }
-
   memory                = 256
   restart               = "unless-stopped"
   destroy_grace_seconds = 10

docker/images.tf

@@ -28,11 +28,6 @@ resource "docker_image" "gitea" {
   pull_triggers = ["${data.docker_registry_image.gitea.sha256_digest}"]
 }
 
-resource "docker_image" "sickrage" {
-  name          = "${data.docker_registry_image.sickrage.name}"
-  pull_triggers = ["${data.docker_registry_image.sickrage.sha256_digest}"]
-}
-
 resource "docker_image" "airsonic" {
   name          = "${data.docker_registry_image.airsonic.name}"
   pull_triggers = ["${data.docker_registry_image.airsonic.sha256_digest}"]
@@ -73,11 +68,6 @@ resource "docker_image" "headerdebug" {
   pull_triggers = ["${data.docker_registry_image.headerdebug.sha256_digest}"]
 }
 
-resource "docker_image" "cadvisor" {
-  name          = "${data.docker_registry_image.cadvisor.name}"
-  pull_triggers = ["${data.docker_registry_image.cadvisor.sha256_digest}"]
-}
-
 resource "docker_image" "lychee" {
   name          = "${data.docker_registry_image.lychee.name}"
   pull_triggers = ["${data.docker_registry_image.lychee.sha256_digest}"]

docker/lychee.tf

@@ -40,5 +40,5 @@ resource "docker_container" "lychee" {
     "PGID=984",
   ]
 
-  links = ["mariadb"]
+  links = ["${docker_container.mariadb.name}"]
 }

docker/main.tf

@@ -124,7 +124,7 @@ resource "docker_container" "couchpotato" {
     "TZ=Asia/Kolkata",
   ]
 
-  links = ["transmission"]
+  links = ["{docker_container.transmission.name}"]
 }
 
 # resource "docker_container" "airsonic" {
@@ -191,50 +191,6 @@ resource "docker_container" "headerdebug" {
     ))}"
 }
 
-resource "docker_container" "sickrage" {
-  name  = "sickrage"
-  image = "${docker_image.sickrage.latest}"
-
-  restart               = "unless-stopped"
-  destroy_grace_seconds = 10
-  must_run              = true
-
-  memory = 512
-
-  volumes {
-    host_path      = "/mnt/xwing/config/sickrage"
-    container_path = "/config"
-  }
-
-  volumes {
-    host_path      = "/mnt/xwing/media/DL"
-    container_path = "/downloads"
-  }
-
-  volumes {
-    host_path      = "/mnt/xwing/media/TV"
-    container_path = "/tv"
-  }
-
-  labels = "${merge(
-    local.traefik_common_labels,
-    map(
-      "traefik.frontend.passHostHeader", "false",
-      "traefik.frontend.auth.basic", "${var.basic_auth}",
-      "traefik.port", 8081,
-    ))}"
-
-  env = [
-    "PUID=1004",
-    "PGID=1003",
-    "TZ=Asia/Kolkata",
-  ]
-
-  links = [
-    "transmission",
-  ]
-}
-
 resource "docker_container" "headphones" {
   name  = "headphones"
   image = "${docker_image.headphones.latest}"
@@ -384,7 +340,7 @@ resource "docker_container" "wiki" {
       "traefik.port", 9999,
       "traefik.frontend.headers.customResponseHeaders", "${var.xpoweredby}||Referrer-Policy:${var.refpolicy}||X-Frame-Options:${var.xfo_allow}",
     ))}"
-  links = ["mongorocks"]
+  links = ["${docker_container.mongorocks.name}"]
   env = [
     "WIKI_ADMIN_EMAIL=me@captnemo.in",
     "SESSION_SECRET=${var.wiki_session_secret}",
@@ -422,51 +378,3 @@ resource "docker_container" "muximux" {
     "TZ=Asia/Kolkata",
   ]
 }
-
-resource "docker_container" "cadvisor" {
-  name   = "cadvisor"
-  image  = "${docker_image.cadvisor.latest}"
-  memory = 512
-
-  restart               = "unless-stopped"
-  destroy_grace_seconds = 10
-  must_run              = true
-
-  volumes {
-    host_path      = "/"
-    container_path = "/rootfs"
-    read_only      = true
-  }
-
-  volumes {
-    host_path      = "/sys"
-    container_path = "/sys"
-    read_only      = true
-  }
-
-  volumes {
-    host_path      = "/var/lib/docker"
-    container_path = "/var/lib/docker"
-    read_only      = true
-  }
-
-  volumes {
-    host_path      = "/dev/disk"
-    container_path = "/dev/disk"
-    read_only      = true
-  }
-
-  volumes {
-    host_path      = "/var/run"
-    container_path = "/var/run"
-  }
-
-  labels = "${merge(
-    local.traefik_common_labels,
-    map(
-
-      "traefik.frontend.passHostHeader", "true",
-      "traefik.frontend.auth.basic", "${var.basic_auth}",
-      "traefik.port", 8080,
-    ))}"
-}

docker/outputs.tf

@@ -1,3 +1,15 @@
 output "lychee-ip" {
   value = "${docker_container.lychee.ip_address}"
 }
+
+output "names-transmission" {
+  value = "${docker_container.transmission.name}"
+}
+
+output "names-emby" {
+  value = "${docker_container.emby.name}"
+}
+
+output "names-mariadb" {
+  value = "${docker_container.mariadb.name}"
+}

main.tf

@@ -34,20 +34,24 @@ module "radicale" {
 }
 
 module "tt-rss" {
-  source = "tt-rss"
-  domain = "rss.captnemo.in"
+  source         = "tt-rss"
+  domain         = "rss.captnemo.in"
   mysql_password = "${var.mysql-ttrss-password}"
+  links-db       = "${module.docker.names-mariadb}"
 }
 
 module "media" {
-  source = "media"
-  domain = "bb8.fun"
+  source             = "media"
+  domain             = "bb8.fun"
+  links-emby         = "${module.docker.names-emby}"
+  links-transmission = "${module.docker.names-transmission}"
 }
 
 module "monitoring" {
   source                     = "monitoring"
   gf-security-admin-password = "${var.gf-security-admin-password}"
   domain                     = "bb8.fun"
+  transmission               = "${module.docker.names-transmission}"
 }
 
 module "digitalocean" {

media/ombi.tf

@@ -36,5 +36,5 @@ resource docker_container "ombi" {
     "TZ=Asia/Kolkata",
   ]
 
-  links = ["emby"]
+  links = ["${var.links-emby}"]
 }

media/radarr.tf

@@ -51,5 +51,5 @@ resource docker_container "radarr" {
     "TZ=Asia/Kolkata",
   ]
 
-  links = ["emby", "transmission"]
+  links = ["${var.links-emby}", "${var.links-transmission}"]
 }

media/sonarr.tf

@@ -49,5 +49,5 @@ resource docker_container "sonarr" {
     "TZ=Asia/Kolkata",
   ]
 
-  links = ["emby", "transmission"]
+  links = ["${var.links-emby}", "${var.links-transmission}"]
 }

media/variables.tf

@@ -1,3 +1,6 @@
 variable "domain" {
   type = "string"
 }
+
+variable "links-emby" {}
+variable "links-transmission" {}

monitoring/cadvisor.tf

@@ -0,0 +1,52 @@
+resource "docker_container" "cadvisor" {
+  name   = "cadvisor"
+  image  = "${docker_image.cadvisor.latest}"
+  memory = 512
+
+  restart               = "unless-stopped"
+  destroy_grace_seconds = 10
+  must_run              = true
+
+  volumes {
+    host_path      = "/"
+    container_path = "/rootfs"
+    read_only      = true
+  }
+
+  volumes {
+    host_path      = "/sys"
+    container_path = "/sys"
+    read_only      = true
+  }
+
+  volumes {
+    host_path      = "/var/lib/docker"
+    container_path = "/var/lib/docker"
+    read_only      = true
+  }
+
+  volumes {
+    host_path      = "/dev/disk"
+    container_path = "/dev/disk"
+    read_only      = true
+  }
+
+  volumes {
+    host_path      = "/var/run"
+    container_path = "/var/run"
+  }
+
+  labels {
+    "traefik.frontend.auth.basic"                      = "${var.basic_auth}"
+    "traefik.port"                                     = 8080
+    "traefik.enable"                                   = "true"
+    "traefik.frontend.headers.SSLTemporaryRedirect"    = "true"
+    "traefik.frontend.headers.STSSeconds"              = "2592000"
+    "traefik.frontend.headers.STSIncludeSubdomains"    = "false"
+    "traefik.frontend.headers.contentTypeNosniff"      = "true"
+    "traefik.frontend.headers.browserXSSFilter"        = "true"
+    "traefik.frontend.passHostHeader"                  = "true"
+    "traefik.frontend.headers.customFrameOptionsValue" = "ALLOW-FROM https://home.bb8.fun/"
+    "traefik.frontend.headers.customResponseHeaders"   = "X-Powered-By:Allomancy||X-Server:Blackbox"
+  }
+}

monitoring/data.tf

@@ -17,3 +17,7 @@ data "docker_registry_image" "nodeexporter" {
 data "docker_registry_image" "transmission-exporter" {
   name = "metalmatze/transmission-exporter"
 }
+
+data "docker_registry_image" "cadvisor" {
+  name = "google/cadvisor:latest"
+}

monitoring/images.tf

@@ -17,3 +17,8 @@ resource "docker_image" "transmission-exporter" {
   name          = "${data.docker_registry_image.transmission-exporter.name}"
   pull_triggers = ["${data.docker_registry_image.transmission-exporter.sha256_digest}"]
 }
+
+resource "docker_image" "cadvisor" {
+  name          = "${data.docker_registry_image.cadvisor.name}"
+  pull_triggers = ["${data.docker_registry_image.cadvisor.sha256_digest}"]
+}

monitoring/main.tf

@@ -21,7 +21,7 @@ resource docker_container "grafana" {
     container_path = "/var/lib/grafana"
   }
 
-  links = ["prometheus"]
+  links = ["${docker_container.prometheus.name}"]
 
   env = [
     "GF_SECURITY_ADMIN_PASSWORD=${var.gf-security-admin-password}",
@@ -52,7 +52,7 @@ resource docker_container "prometheus" {
     file    = "/etc/prometheus/prometheus.yml"
   }
 
-  links = ["nodeexporter", "cadvisor"]
+  links = ["${docker_container.nodeexporter.name}", "${docker_container.cadvisor.name}"]
 
   restart               = "unless-stopped"
   destroy_grace_seconds = 10

monitoring/transmission.tf

@@ -4,7 +4,7 @@ resource docker_container "transmission-exporter" {
   name  = "transmission-exporter"
   image = "${docker_image.transmission-exporter.latest}"
 
-  links = ["transmission"]
+  links = ["${var.transmission}"]
 
   env = [
     "TRANSMISSION_ADDR=http://transmission:9091",

monitoring/variables.tf

@@ -6,6 +6,10 @@ variable "domain" {
   type = "string"
 }
 
+variable "transmission" {
+  type = "string"
+}
+
 variable "alert-slack-username" {
   default = "Prometheus"
 }
@@ -17,3 +21,7 @@ variable "alert-slack-channel" {
 variable "alert-slack-incoming-webhook" {
   default = "https://hooks.slack.com/whatever"
 }
+
+variable "basic_auth" {
+  default = "tatooine:$2y$05$iPbatint3Gulbs6kUtyALO9Yq5sBJ..aiF82bcIziH4ytz9nFoPr6"
+}

radicale/config

@@ -24,7 +24,6 @@ filesystem_folder = /data/collections
 # http://docs.python.org/library/logging.config.html
 # config = /config/logging
 
-
 [headers]
 
 # Additional HTTP headers

tt-rss/variables.tf

@@ -3,3 +3,4 @@ variable "domain" {
 }
 
 variable "mysql_password" {}
+variable "links-db" {}