Browse Source

Create and use a single traefik network everywhere

monicahq
Nemo 2 years ago
parent
commit
21df4ceea6
37 changed files with 115 additions and 72 deletions
  1. +2
    -0
      abstruse/main.tf
  2. +2
    -0
      abstruse/variables.tf
  3. +1
    -1
      docker/lychee.tf
  4. +4
    -5
      docker/network.tf
  5. +4
    -0
      docker/outputs.tf
  6. +4
    -0
      docker/traefik.tf
  7. +1
    -1
      docker/variables.tf
  8. +1
    -1
      gitea/conf/conf.ini.tpl
  9. +1
    -4
      gitea/main.tf
  10. +0
    -15
      gitea/mysql.tf
  11. +1
    -0
      gitea/redis.tf
  12. +2
    -0
      gitea/variables.tf
  13. +2
    -0
      heimdall/main.tf
  14. +2
    -0
      heimdall/variables.tf
  15. +48
    -35
      main.tf
  16. +2
    -1
      media/airsonic.tf
  17. +2
    -0
      media/emby.tf
  18. +2
    -2
      media/jackett.tf
  19. +1
    -1
      media/lidarr.tf
  20. +1
    -1
      media/radarr.tf
  21. +1
    -1
      media/sonarr.tf
  22. +1
    -1
      media/transmission.tf
  23. +4
    -1
      media/variables.tf
  24. +2
    -0
      monitoring/cadvisor.tf
  25. +2
    -1
      monitoring/grafana.tf
  26. +2
    -0
      monitoring/variables.tf
  27. +1
    -1
      opml/main.tf
  28. +1
    -0
      opml/redis.tf
  29. +2
    -0
      opml/variables.tf
  30. +2
    -0
      radicale/main.tf
  31. +2
    -0
      radicale/variables.tf
  32. +2
    -0
      requestbin/main.tf
  33. +2
    -0
      requestbin/variables.tf
  34. +2
    -0
      resilio/main.tf
  35. +2
    -0
      resilio/variables.tf
  36. +2
    -0
      tt-rss/main.tf
  37. +2
    -0
      tt-rss/variables.tf

+ 2
- 0
abstruse/main.tf View File

@ -17,6 +17,8 @@ resource "docker_container" "abstruse" {
"traefik.frontend.rule","Host:${var.domain}"
))}"
networks = ["${var.traefik-network-id}"]
volumes {
host_path = "/var/run/docker.sock"
container_path = "/var/run/docker.sock"


+ 2
- 0
abstruse/variables.tf View File

@ -5,3 +5,5 @@ variable "domain" {
variable "traefik-labels" {
type = "map"
}
variable "traefik-network-id" {}

+ 1
- 1
docker/lychee.tf View File

@ -33,5 +33,5 @@ resource "docker_container" "lychee" {
"PGID=984",
]
links = ["${var.links-mariadb}"]
# links = ["${var.links-mariadb}"]
}

+ 4
- 5
docker/network.tf View File

@ -1,6 +1,5 @@
// This is the default network we use
// for any new container
resource "docker_network" "bb8-default" {
name = "bb8"
driver = "bridge"
resource "docker_network" "traefik" {
name = "traefik"
driver = "bridge"
internal = true
}

+ 4
- 0
docker/outputs.tf View File

@ -6,6 +6,10 @@ output "names-traefik" {
value = "${docker_container.traefik.name}"
}
output "traefik-network-id" {
value = "${docker_network.traefik.id}"
}
output "auth-header" {
value = "${var.basic_auth}"
}

+ 4
- 0
docker/traefik.tf View File

@ -93,6 +93,10 @@ resource "docker_container" "traefik" {
destroy_grace_seconds = 10
must_run = true
// `bridge` is auto-connected for now
// https://github.com/terraform-providers/terraform-provider-docker/issues/10
networks = ["${docker_network.traefik.id}"]
env = [
"CLOUDFLARE_EMAIL=${var.cloudflare_email}",
"CLOUDFLARE_API_KEY=${var.cloudflare_key}",


+ 1
- 1
docker/variables.tf View File

@ -50,6 +50,6 @@ variable "ips" {
type = "map"
}
variable "links-mariadb" {}
# variable "links-mariadb" {}
variable "networks-mongorocks" {}

+ 1
- 1
gitea/conf/conf.ini.tpl View File

@ -87,7 +87,7 @@ DB_TYPE = sqlite3
HOST = mariadb:3306
NAME = gitea
USER = gitea
; PASSWD = "${mysql-password}"
; PASSWD = "mysql-password"
; ; For "postgres" only, either "disable", "require" or "verify-full"
; SSL_MODE = disable
; ; For "sqlite3" and "tidb", use absolute path when you start as service


+ 1
- 4
gitea/main.tf View File

@ -59,10 +59,7 @@ resource "docker_container" "gitea" {
restart = "unless-stopped"
destroy_grace_seconds = 10
must_run = true
links = [
"mariadb",
]
networks = ["${docker_network.gitea.id}"]
networks = ["${docker_network.gitea.id}", "${var.traefik-network-id}"]
}
resource "docker_image" "gitea" {


+ 0
- 15
gitea/mysql.tf View File

@ -1,16 +1 @@
resource "mysql_database" "gitea" {
name = "gitea"
}
resource "mysql_user" "gitea" {
user = "gitea"
host = "%"
plaintext_password = "${var.mysql-password}"
}
resource "mysql_grant" "gitea" {
user = "${mysql_user.gitea.user}"
host = "${mysql_user.gitea.host}"
database = "${mysql_database.gitea.name}"
privileges = ["ALL"]
}

+ 1
- 0
gitea/redis.tf View File

@ -18,4 +18,5 @@ resource "docker_container" "redis" {
resource "docker_image" "redis" {
name = "${data.docker_registry_image.redis.name}"
pull_triggers = ["${data.docker_registry_image.redis.sha256_digest}"]
keep_locally = true
}

+ 2
- 0
gitea/variables.tf View File

@ -13,3 +13,5 @@ variable "internal-token" {}
variable "smtp-password" {}
variable "lfs-jwt-secret" {}
variable "mysql-password" {}
variable "traefik-network-id" {}

+ 2
- 0
heimdall/main.tf View File

@ -19,6 +19,8 @@ resource "docker_container" "heimdall" {
"traefik.frontend.auth.basic", "${var.auth-header}",
))}"
networks = ["${var.traefik-network-id}"]
volumes {
host_path = "/mnt/xwing/config/heimdall"
container_path = "/config"


+ 2
- 0
heimdall/variables.tf View File

@ -9,3 +9,5 @@ variable "auth-header" {
variable "traefik-labels" {
type = "map"
}
variable "traefik-network-id" {}

+ 48
- 35
main.tf View File

@ -20,7 +20,8 @@ module "docker" {
cloudflare_key = "${var.cloudflare_key}"
cloudflare_email = "bb8@captnemo.in"
wiki_session_secret = "${var.wiki_session_secret}"
links-mariadb = "${module.db.names-mariadb}"
# links-mariadb = "${module.db.names-mariadb}"
networks-mongorocks = "${module.db.networks-mongorocks}"
ips = "${var.ips}"
domain = "bb8.fun"
@ -51,58 +52,68 @@ module "gitea" {
smtp-password = "${var.gitea-smtp-password}"
lfs-jwt-secret = "${var.gitea-lfs-jwt-secret}"
mysql-password = "${var.gitea-mysql-password}"
traefik-network-id = "${module.docker.traefik-network-id}"
}
module "opml" {
source = "opml"
domain = "opml.bb8.fun"
client-id = "${var.opml-github-client-id}"
client-secret = "${var.opml-github-client-secret}"
traefik-labels = "${var.traefik-common-labels}"
source = "opml"
domain = "opml.bb8.fun"
client-id = "${var.opml-github-client-id}"
client-secret = "${var.opml-github-client-secret}"
traefik-labels = "${var.traefik-common-labels}"
traefik-network-id = "${module.docker.traefik-network-id}"
}
module "radicale" {
source = "radicale"
domain = "radicale.bb8.fun"
traefik-labels = "${var.traefik-common-labels}"
source = "radicale"
domain = "radicale.bb8.fun"
traefik-labels = "${var.traefik-common-labels}"
traefik-network-id = "${module.docker.traefik-network-id}"
}
module "tt-rss" {
source = "tt-rss"
domain = "rss.captnemo.in"
mysql_password = "${var.mysql-ttrss-password}"
links-db = "${module.db.names-mariadb}"
traefik-labels = "${var.traefik-common-labels}"
source = "tt-rss"
domain = "rss.captnemo.in"
mysql_password = "${var.mysql-ttrss-password}"
links-db = "${module.db.names-mariadb}"
traefik-labels = "${var.traefik-common-labels}"
traefik-network-id = "${module.docker.traefik-network-id}"
}
module "requestbin" {
source = "requestbin"
domain = "requestbin.bb8.fun"
traefik-labels = "${var.traefik-common-labels}"
source = "requestbin"
domain = "requestbin.bb8.fun"
traefik-labels = "${var.traefik-common-labels}"
traefik-network-id = "${module.docker.traefik-network-id}"
}
module "resilio" {
source = "resilio"
domain = "sync.bb8.fun"
traefik-labels = "${var.traefik-common-labels}"
ips = "${var.ips}"
source = "resilio"
domain = "sync.bb8.fun"
traefik-labels = "${var.traefik-common-labels}"
ips = "${var.ips}"
traefik-network-id = "${module.docker.traefik-network-id}"
}
module "heimdall" {
source = "heimdall"
domain = "bb8.fun"
traefik-labels = "${var.traefik-common-labels}"
auth-header = "${module.docker.auth-header}"
source = "heimdall"
domain = "bb8.fun"
traefik-labels = "${var.traefik-common-labels}"
auth-header = "${module.docker.auth-header}"
traefik-network-id = "${module.docker.traefik-network-id}"
}
module "media" {
source = "media"
domain = "bb8.fun"
links-mariadb = "${module.db.names-mariadb}"
source = "media"
domain = "bb8.fun"
# links-mariadb = "${module.db.names-mariadb}"
traefik-labels = "${var.traefik-common-labels}"
airsonic-smtp-password = "${var.airsonic-smtp-password}"
airsonic-db-password = "${var.mysql_airsonic_password}"
ips = "${var.ips}"
traefik-network-id = "${module.docker.traefik-network-id}"
}
module "monitoring" {
@ -113,6 +124,7 @@ module "monitoring" {
traefik-labels = "${var.traefik-common-labels}"
ips = "${var.ips}"
links-traefik = "${module.docker.names-traefik}"
traefik-network-id = "${module.docker.traefik-network-id}"
}
module "digitalocean" {
@ -120,13 +132,14 @@ module "digitalocean" {
}
// Used to force access to ISP related resources
module "tinyproxy" {
source = "tinyproxy"
ips = "${var.ips}"
}
# module "tinyproxy" {
# source = "tinyproxy"
# ips = "${var.ips}"
# }
module "abstruse" {
source = "abstruse"
domain = "ci.bb8.fun"
traefik-labels = "${var.traefik-common-labels}"
source = "abstruse"
domain = "ci.bb8.fun"
traefik-labels = "${var.traefik-common-labels}"
traefik-network-id = "${module.docker.traefik-network-id}"
}

+ 2
- 1
media/airsonic.tf View File

@ -47,7 +47,8 @@ resource "docker_container" "airsonic" {
"TZ=Asia/Kolkata",
"JAVA_OPTS=-Xmx512m",
]
links = ["${var.links-mariadb}"]
# links = ["${var.links-mariadb}"]
}
resource "docker_image" "airsonic" {


+ 2
- 0
media/emby.tf View File

@ -20,6 +20,8 @@ resource "docker_container" "emby" {
"traefik.port", 8096,
))}"
networks = ["${docker_network.media.id}", "${var.traefik-network-id}"]
memory = 2048
restart = "unless-stopped"
destroy_grace_seconds = 10


+ 2
- 2
media/jackett.tf View File

@ -26,11 +26,11 @@ resource "docker_container" "jackett" {
container_path = "/config"
}
networks = ["${docker_network.media.id}", "${var.traefik-network-id}"]
env = [
"PUID=1004",
"PGID=1003",
"TZ=Asia/Kolkata",
]
# links = ["${var.links-emby}"]
}

+ 1
- 1
media/lidarr.tf View File

@ -43,5 +43,5 @@ resource "docker_container" "lidarr" {
"TZ=Asia/Kolkata",
]
networks = ["${docker_network.media.id}"]
networks = ["${docker_network.media.id}", "${var.traefik-network-id}"]
}

+ 1
- 1
media/radarr.tf View File

@ -44,5 +44,5 @@ resource "docker_container" "radarr" {
"TZ=Asia/Kolkata",
]
networks = ["${docker_network.media.id}"]
networks = ["${docker_network.media.id}", "${var.traefik-network-id}"]
}

+ 1
- 1
media/sonarr.tf View File

@ -43,5 +43,5 @@ resource "docker_container" "sonarr" {
"TZ=Asia/Kolkata",
]
networks = ["${docker_network.media.id}"]
networks = ["${docker_network.media.id}", "${var.traefik-network-id}"]
}

+ 1
- 1
media/transmission.tf View File

@ -42,7 +42,7 @@ resource "docker_container" "transmission" {
"TZ=Asia/Kolkata",
]
networks = ["${docker_network.media.id}"]
networks = ["${docker_network.media.id}", "${var.traefik-network-id}"]
memory = 1024
restart = "unless-stopped"


+ 4
- 1
media/variables.tf View File

@ -2,8 +2,9 @@ variable "domain" {
type = "string"
}
variable "links-mariadb" {}
# variable "links-mariadb" {}
variable "airsonic-smtp-password" {}
variable "airsonic-db-password" {}
variable "traefik-labels" {
@ -18,3 +19,5 @@ variable "basic_auth" {
variable "ips" {
type = "map"
}
variable "traefik-network-id" {}

+ 2
- 0
monitoring/cadvisor.tf View File

@ -36,6 +36,8 @@ resource "docker_container" "cadvisor" {
container_path = "/var/run"
}
networks = ["${var.traefik-network-id}"]
labels = "${merge(
var.traefik-labels, map(
"traefik.port", 8080,


+ 2
- 1
monitoring/grafana.tf View File

@ -13,7 +13,8 @@ resource "docker_container" "grafana" {
container_path = "/var/lib/grafana"
}
links = ["${docker_container.prometheus.name}"]
links = ["${docker_container.prometheus.name}"]
networks = ["${var.traefik-network-id}"]
env = [
# Keep this disabled unless bringing up a new grafana instance


+ 2
- 0
monitoring/variables.tf View File

@ -37,3 +37,5 @@ variable "traefik-labels" {
variable "ips" {
type = "map"
}
variable "traefik-network-id" {}

+ 1
- 1
opml/main.tf View File

@ -19,7 +19,7 @@ resource "docker_container" "opml" {
destroy_grace_seconds = 10
must_run = true
networks = ["${docker_network.opml.id}"]
networks = ["${docker_network.opml.id}", "${var.traefik-network-id}"]
}
resource "docker_image" "opml" {


+ 1
- 0
opml/redis.tf View File

@ -18,4 +18,5 @@ resource "docker_container" "redis" {
resource "docker_image" "redis" {
name = "${data.docker_registry_image.redis.name}"
pull_triggers = ["${data.docker_registry_image.redis.sha256_digest}"]
keep_locally = true
}

+ 2
- 0
opml/variables.tf View File

@ -5,3 +5,5 @@ variable "traefik-labels" {
variable "domain" {}
variable "client-id" {}
variable "client-secret" {}
variable "traefik-network-id" {}

+ 2
- 0
radicale/main.tf View File

@ -42,6 +42,8 @@ resource "docker_container" "radicale" {
file = "/config/users"
}
networks = ["${var.traefik-network-id}"]
restart = "unless-stopped"
destroy_grace_seconds = 10
must_run = true


+ 2
- 0
radicale/variables.tf View File

@ -5,3 +5,5 @@ variable "domain" {
variable "traefik-labels" {
type = "map"
}
variable "traefik-network-id" {}

+ 2
- 0
requestbin/main.tf View File

@ -17,6 +17,8 @@ resource "docker_container" "requestbin" {
"traefik.frontend.rule","Host:${var.domain}"
))}"
networks = ["${var.traefik-network-id}"]
restart = "unless-stopped"
destroy_grace_seconds = 10
must_run = true


+ 2
- 0
requestbin/variables.tf View File

@ -5,3 +5,5 @@ variable "domain" {
variable "traefik-labels" {
type = "map"
}
variable "traefik-network-id" {}

+ 2
- 0
resilio/main.tf View File

@ -42,6 +42,8 @@ resource "docker_container" "resilio-sync" {
container_path = "/downloads"
}
networks = ["${var.traefik-network-id}"]
labels = "${merge(
var.traefik-labels,
map(


+ 2
- 0
resilio/variables.tf View File

@ -7,3 +7,5 @@ variable "ips" {
}
variable "domain" {}
variable "traefik-network-id" {}

+ 2
- 0
tt-rss/main.tf View File

@ -22,6 +22,8 @@ resource "docker_container" "tt-rss" {
container_path = "/config"
}
networks = ["${var.traefik-network-id}"]
links = ["mariadb"]
env = [


+ 2
- 0
tt-rss/variables.tf View File

@ -8,3 +8,5 @@ variable "links-db" {}
variable "traefik-labels" {
type = "map"
}
variable "traefik-network-id" {}

Loading…
Cancel
Save