From 1aaf4e5c4b3032f4abd3e29ecfd71617f4b374c5 Mon Sep 17 00:00:00 2001 From: Nemo Date: Sun, 4 Feb 2018 16:06:20 +0530 Subject: [PATCH] Make link dependencies explicit --- README.md | 1 - digitalocean/firewall.tf | 33 ++++++------- docker/data.tf | 8 ---- docker/gitea.tf | 21 ++++----- docker/images.tf | 10 ---- docker/lychee.tf | 2 +- docker/main.tf | 96 +------------------------------------- docker/outputs.tf | 12 +++++ main.tf | 12 +++-- media/ombi.tf | 2 +- media/radarr.tf | 2 +- media/sonarr.tf | 2 +- media/variables.tf | 3 ++ monitoring/cadvisor.tf | 52 +++++++++++++++++++++ monitoring/data.tf | 4 ++ monitoring/images.tf | 5 ++ monitoring/main.tf | 4 +- monitoring/transmission.tf | 2 +- monitoring/variables.tf | 8 ++++ radicale/config | 1 - tt-rss/variables.tf | 1 + 21 files changed, 128 insertions(+), 153 deletions(-) create mode 100644 monitoring/cadvisor.tf diff --git a/README.md b/README.md index 32af9d3..7142736 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,6 @@ Currently running the following (all links are to the `store.docker.com` links f - [Emby](https://store.docker.com/community/images/emby/embyserver) Media Server - [CouchPotato](https://store.docker.com/community/images/linuxserver/couchpotato), auto-download movies -- [SickRage](https://store.docker.com/community/images/linuxserver/sickrage), auto-download TV shows - [Transmission](https://store.docker.com/community/images/linuxserver/transmission), to download torrents - [AirSonic](https://store.docker.com/community/images/airsonic/airsonic), for a music server - [Ubooquity](https://store.docker.com/community/images/linuxserver/ubooquity), EBooks server with OPDS support diff --git a/digitalocean/firewall.tf b/digitalocean/firewall.tf index 1f42ad3..919e8a9 100644 --- a/digitalocean/firewall.tf +++ b/digitalocean/firewall.tf @@ -1,37 +1,38 @@ resource "digitalocean_firewall" "web" { name = "web-inbound" + inbound_rule = [ { - protocol = "tcp" - port_range = "80" - source_addresses = ["0.0.0.0/0", "::/0"] + protocol = "tcp" + port_range = "80" + source_addresses = ["0.0.0.0/0", "::/0"] }, { - protocol = "tcp" - port_range = "443" - source_addresses = ["0.0.0.0/0", "::/0"] + protocol = "tcp" + port_range = "443" + source_addresses = ["0.0.0.0/0", "::/0"] }, ] } resource "digitalocean_firewall" "ssh" { name = "ssh-inbound" + inbound_rule = [ { - protocol = "tcp" - port_range = "22" - source_addresses = ["0.0.0.0/0", "::/0"] + protocol = "tcp" + port_range = "22" + source_addresses = ["0.0.0.0/0", "::/0"] }, { - protocol = "tcp" - port_range = "222" - source_addresses = ["0.0.0.0/0", "::/0"] + protocol = "tcp" + port_range = "222" + source_addresses = ["0.0.0.0/0", "::/0"] }, { - protocol = "tcp" - port_range = "24" - source_addresses = ["0.0.0.0/0", "::/0"] + protocol = "tcp" + port_range = "24" + source_addresses = ["0.0.0.0/0", "::/0"] }, - ] } diff --git a/docker/data.tf b/docker/data.tf index f8d0500..a7437fa 100644 --- a/docker/data.tf +++ b/docker/data.tf @@ -31,10 +31,6 @@ data "docker_registry_image" "gitea" { name = "gitea/gitea:1.4" } -data "docker_registry_image" "sickrage" { - name = "linuxserver/sickrage:latest" -} - data "docker_registry_image" "airsonic" { name = "linuxserver/airsonic:latest" } @@ -59,10 +55,6 @@ data "docker_registry_image" "headerdebug" { name = "brndnmtthws/nginx-echo-headers:latest" } -data "docker_registry_image" "cadvisor" { - name = "google/cadvisor:latest" -} - data "docker_registry_image" "lychee" { name = "linuxserver/lychee:latest" } diff --git a/docker/gitea.tf b/docker/gitea.tf index e1df694..732cf0d 100644 --- a/docker/gitea.tf +++ b/docker/gitea.tf @@ -3,15 +3,15 @@ resource docker_container "gitea" { image = "${docker_image.gitea.latest}" labels { - "traefik.port" = 3000 - "traefik.enable" = "true" - "traefik.frontend.rule" = "Host:git.captnemo.in" - "traefik.frontend.headers.STSSeconds" = "2592000" - "traefik.frontend.headers.browserXSSFilter" = "true" - "traefik.frontend.headers.contentTypeNosniff" = "true" - "traefik.frontend.headers.SSLTemporaryRedirect" = "true" - "traefik.frontend.headers.STSIncludeSubdomains" = "false" - "traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}" + "traefik.port" = 3000 + "traefik.enable" = "true" + "traefik.frontend.rule" = "Host:git.captnemo.in" + "traefik.frontend.headers.STSSeconds" = "2592000" + "traefik.frontend.headers.browserXSSFilter" = "true" + "traefik.frontend.headers.contentTypeNosniff" = "true" + "traefik.frontend.headers.SSLTemporaryRedirect" = "true" + "traefik.frontend.headers.STSIncludeSubdomains" = "false" + "traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}" } ports { @@ -51,19 +51,16 @@ resource docker_container "gitea" { content = "${file("${path.module}/conf/humans.txt")}" file = "/data/gitea/public/humans.txt" } - # Extra Links in header upload { content = "${file("${path.module}/conf/gitea/extra_links.tmpl")}" file = "/data/gitea/templates/custom/extra_links.tmpl" } - # This is the main configuration file upload { content = "${data.template_file.gitea-config-file.rendered}" file = "/data/gitea/conf/app.ini" } - memory = 256 restart = "unless-stopped" destroy_grace_seconds = 10 diff --git a/docker/images.tf b/docker/images.tf index 1ee1c53..8888695 100644 --- a/docker/images.tf +++ b/docker/images.tf @@ -28,11 +28,6 @@ resource "docker_image" "gitea" { pull_triggers = ["${data.docker_registry_image.gitea.sha256_digest}"] } -resource "docker_image" "sickrage" { - name = "${data.docker_registry_image.sickrage.name}" - pull_triggers = ["${data.docker_registry_image.sickrage.sha256_digest}"] -} - resource "docker_image" "airsonic" { name = "${data.docker_registry_image.airsonic.name}" pull_triggers = ["${data.docker_registry_image.airsonic.sha256_digest}"] @@ -73,11 +68,6 @@ resource "docker_image" "headerdebug" { pull_triggers = ["${data.docker_registry_image.headerdebug.sha256_digest}"] } -resource "docker_image" "cadvisor" { - name = "${data.docker_registry_image.cadvisor.name}" - pull_triggers = ["${data.docker_registry_image.cadvisor.sha256_digest}"] -} - resource "docker_image" "lychee" { name = "${data.docker_registry_image.lychee.name}" pull_triggers = ["${data.docker_registry_image.lychee.sha256_digest}"] diff --git a/docker/lychee.tf b/docker/lychee.tf index 074a902..4f40ae8 100644 --- a/docker/lychee.tf +++ b/docker/lychee.tf @@ -40,5 +40,5 @@ resource "docker_container" "lychee" { "PGID=984", ] - links = ["mariadb"] + links = ["${docker_container.mariadb.name}"] } diff --git a/docker/main.tf b/docker/main.tf index 892d86f..a4d1020 100644 --- a/docker/main.tf +++ b/docker/main.tf @@ -124,7 +124,7 @@ resource "docker_container" "couchpotato" { "TZ=Asia/Kolkata", ] - links = ["transmission"] + links = ["{docker_container.transmission.name}"] } # resource "docker_container" "airsonic" { @@ -191,50 +191,6 @@ resource "docker_container" "headerdebug" { ))}" } -resource "docker_container" "sickrage" { - name = "sickrage" - image = "${docker_image.sickrage.latest}" - - restart = "unless-stopped" - destroy_grace_seconds = 10 - must_run = true - - memory = 512 - - volumes { - host_path = "/mnt/xwing/config/sickrage" - container_path = "/config" - } - - volumes { - host_path = "/mnt/xwing/media/DL" - container_path = "/downloads" - } - - volumes { - host_path = "/mnt/xwing/media/TV" - container_path = "/tv" - } - - labels = "${merge( - local.traefik_common_labels, - map( - "traefik.frontend.passHostHeader", "false", - "traefik.frontend.auth.basic", "${var.basic_auth}", - "traefik.port", 8081, - ))}" - - env = [ - "PUID=1004", - "PGID=1003", - "TZ=Asia/Kolkata", - ] - - links = [ - "transmission", - ] -} - resource "docker_container" "headphones" { name = "headphones" image = "${docker_image.headphones.latest}" @@ -384,7 +340,7 @@ resource "docker_container" "wiki" { "traefik.port", 9999, "traefik.frontend.headers.customResponseHeaders", "${var.xpoweredby}||Referrer-Policy:${var.refpolicy}||X-Frame-Options:${var.xfo_allow}", ))}" - links = ["mongorocks"] + links = ["${docker_container.mongorocks.name}"] env = [ "WIKI_ADMIN_EMAIL=me@captnemo.in", "SESSION_SECRET=${var.wiki_session_secret}", @@ -422,51 +378,3 @@ resource "docker_container" "muximux" { "TZ=Asia/Kolkata", ] } - -resource "docker_container" "cadvisor" { - name = "cadvisor" - image = "${docker_image.cadvisor.latest}" - memory = 512 - - restart = "unless-stopped" - destroy_grace_seconds = 10 - must_run = true - - volumes { - host_path = "/" - container_path = "/rootfs" - read_only = true - } - - volumes { - host_path = "/sys" - container_path = "/sys" - read_only = true - } - - volumes { - host_path = "/var/lib/docker" - container_path = "/var/lib/docker" - read_only = true - } - - volumes { - host_path = "/dev/disk" - container_path = "/dev/disk" - read_only = true - } - - volumes { - host_path = "/var/run" - container_path = "/var/run" - } - - labels = "${merge( - local.traefik_common_labels, - map( - - "traefik.frontend.passHostHeader", "true", - "traefik.frontend.auth.basic", "${var.basic_auth}", - "traefik.port", 8080, - ))}" -} diff --git a/docker/outputs.tf b/docker/outputs.tf index 2cdad4b..0551305 100644 --- a/docker/outputs.tf +++ b/docker/outputs.tf @@ -1,3 +1,15 @@ output "lychee-ip" { value = "${docker_container.lychee.ip_address}" } + +output "names-transmission" { + value = "${docker_container.transmission.name}" +} + +output "names-emby" { + value = "${docker_container.emby.name}" +} + +output "names-mariadb" { + value = "${docker_container.mariadb.name}" +} diff --git a/main.tf b/main.tf index 633924b..be76f6a 100644 --- a/main.tf +++ b/main.tf @@ -34,20 +34,24 @@ module "radicale" { } module "tt-rss" { - source = "tt-rss" - domain = "rss.captnemo.in" + source = "tt-rss" + domain = "rss.captnemo.in" mysql_password = "${var.mysql-ttrss-password}" + links-db = "${module.docker.names-mariadb}" } module "media" { - source = "media" - domain = "bb8.fun" + source = "media" + domain = "bb8.fun" + links-emby = "${module.docker.names-emby}" + links-transmission = "${module.docker.names-transmission}" } module "monitoring" { source = "monitoring" gf-security-admin-password = "${var.gf-security-admin-password}" domain = "bb8.fun" + transmission = "${module.docker.names-transmission}" } module "digitalocean" { diff --git a/media/ombi.tf b/media/ombi.tf index 9d387dc..656b128 100644 --- a/media/ombi.tf +++ b/media/ombi.tf @@ -36,5 +36,5 @@ resource docker_container "ombi" { "TZ=Asia/Kolkata", ] - links = ["emby"] + links = ["${var.links-emby}"] } diff --git a/media/radarr.tf b/media/radarr.tf index b198e4d..6ee7596 100644 --- a/media/radarr.tf +++ b/media/radarr.tf @@ -51,5 +51,5 @@ resource docker_container "radarr" { "TZ=Asia/Kolkata", ] - links = ["emby", "transmission"] + links = ["${var.links-emby}", "${var.links-transmission}"] } diff --git a/media/sonarr.tf b/media/sonarr.tf index 6c9a451..d464286 100644 --- a/media/sonarr.tf +++ b/media/sonarr.tf @@ -49,5 +49,5 @@ resource docker_container "sonarr" { "TZ=Asia/Kolkata", ] - links = ["emby", "transmission"] + links = ["${var.links-emby}", "${var.links-transmission}"] } diff --git a/media/variables.tf b/media/variables.tf index 10fc457..fe92903 100644 --- a/media/variables.tf +++ b/media/variables.tf @@ -1,3 +1,6 @@ variable "domain" { type = "string" } + +variable "links-emby" {} +variable "links-transmission" {} diff --git a/monitoring/cadvisor.tf b/monitoring/cadvisor.tf new file mode 100644 index 0000000..9383f1c --- /dev/null +++ b/monitoring/cadvisor.tf @@ -0,0 +1,52 @@ +resource "docker_container" "cadvisor" { + name = "cadvisor" + image = "${docker_image.cadvisor.latest}" + memory = 512 + + restart = "unless-stopped" + destroy_grace_seconds = 10 + must_run = true + + volumes { + host_path = "/" + container_path = "/rootfs" + read_only = true + } + + volumes { + host_path = "/sys" + container_path = "/sys" + read_only = true + } + + volumes { + host_path = "/var/lib/docker" + container_path = "/var/lib/docker" + read_only = true + } + + volumes { + host_path = "/dev/disk" + container_path = "/dev/disk" + read_only = true + } + + volumes { + host_path = "/var/run" + container_path = "/var/run" + } + + labels { + "traefik.frontend.auth.basic" = "${var.basic_auth}" + "traefik.port" = 8080 + "traefik.enable" = "true" + "traefik.frontend.headers.SSLTemporaryRedirect" = "true" + "traefik.frontend.headers.STSSeconds" = "2592000" + "traefik.frontend.headers.STSIncludeSubdomains" = "false" + "traefik.frontend.headers.contentTypeNosniff" = "true" + "traefik.frontend.headers.browserXSSFilter" = "true" + "traefik.frontend.passHostHeader" = "true" + "traefik.frontend.headers.customFrameOptionsValue" = "ALLOW-FROM https://home.bb8.fun/" + "traefik.frontend.headers.customResponseHeaders" = "X-Powered-By:Allomancy||X-Server:Blackbox" + } +} diff --git a/monitoring/data.tf b/monitoring/data.tf index 344dcc3..06318f0 100644 --- a/monitoring/data.tf +++ b/monitoring/data.tf @@ -17,3 +17,7 @@ data "docker_registry_image" "nodeexporter" { data "docker_registry_image" "transmission-exporter" { name = "metalmatze/transmission-exporter" } + +data "docker_registry_image" "cadvisor" { + name = "google/cadvisor:latest" +} diff --git a/monitoring/images.tf b/monitoring/images.tf index 46b903d..ff88514 100644 --- a/monitoring/images.tf +++ b/monitoring/images.tf @@ -17,3 +17,8 @@ resource "docker_image" "transmission-exporter" { name = "${data.docker_registry_image.transmission-exporter.name}" pull_triggers = ["${data.docker_registry_image.transmission-exporter.sha256_digest}"] } + +resource "docker_image" "cadvisor" { + name = "${data.docker_registry_image.cadvisor.name}" + pull_triggers = ["${data.docker_registry_image.cadvisor.sha256_digest}"] +} diff --git a/monitoring/main.tf b/monitoring/main.tf index 9ed8ac5..22b8600 100644 --- a/monitoring/main.tf +++ b/monitoring/main.tf @@ -21,7 +21,7 @@ resource docker_container "grafana" { container_path = "/var/lib/grafana" } - links = ["prometheus"] + links = ["${docker_container.prometheus.name}"] env = [ "GF_SECURITY_ADMIN_PASSWORD=${var.gf-security-admin-password}", @@ -52,7 +52,7 @@ resource docker_container "prometheus" { file = "/etc/prometheus/prometheus.yml" } - links = ["nodeexporter", "cadvisor"] + links = ["${docker_container.nodeexporter.name}", "${docker_container.cadvisor.name}"] restart = "unless-stopped" destroy_grace_seconds = 10 diff --git a/monitoring/transmission.tf b/monitoring/transmission.tf index 2019849..0ef474b 100644 --- a/monitoring/transmission.tf +++ b/monitoring/transmission.tf @@ -4,7 +4,7 @@ resource docker_container "transmission-exporter" { name = "transmission-exporter" image = "${docker_image.transmission-exporter.latest}" - links = ["transmission"] + links = ["${var.transmission}"] env = [ "TRANSMISSION_ADDR=http://transmission:9091", diff --git a/monitoring/variables.tf b/monitoring/variables.tf index 7f698e3..5190320 100644 --- a/monitoring/variables.tf +++ b/monitoring/variables.tf @@ -6,6 +6,10 @@ variable "domain" { type = "string" } +variable "transmission" { + type = "string" +} + variable "alert-slack-username" { default = "Prometheus" } @@ -17,3 +21,7 @@ variable "alert-slack-channel" { variable "alert-slack-incoming-webhook" { default = "https://hooks.slack.com/whatever" } + +variable "basic_auth" { + default = "tatooine:$2y$05$iPbatint3Gulbs6kUtyALO9Yq5sBJ..aiF82bcIziH4ytz9nFoPr6" +} diff --git a/radicale/config b/radicale/config index 6e9e73f..f0a9a1a 100644 --- a/radicale/config +++ b/radicale/config @@ -24,7 +24,6 @@ filesystem_folder = /data/collections # http://docs.python.org/library/logging.config.html # config = /config/logging - [headers] # Additional HTTP headers diff --git a/tt-rss/variables.tf b/tt-rss/variables.tf index 882c3d4..d7b9562 100644 --- a/tt-rss/variables.tf +++ b/tt-rss/variables.tf @@ -3,3 +3,4 @@ variable "domain" { } variable "mysql_password" {} +variable "links-db" {}