diff --git a/abstruse/main.tf b/abstruse/main.tf index d2974cf..52b4351 100644 --- a/abstruse/main.tf +++ b/abstruse/main.tf @@ -17,6 +17,8 @@ resource "docker_container" "abstruse" { "traefik.frontend.rule","Host:${var.domain}" ))}" + networks = ["${var.traefik-network-id}"] + volumes { host_path = "/var/run/docker.sock" container_path = "/var/run/docker.sock" diff --git a/abstruse/variables.tf b/abstruse/variables.tf index a214480..7fc62b1 100644 --- a/abstruse/variables.tf +++ b/abstruse/variables.tf @@ -5,3 +5,5 @@ variable "domain" { variable "traefik-labels" { type = "map" } + +variable "traefik-network-id" {} diff --git a/docker/lychee.tf b/docker/lychee.tf index 1d60020..079dcc5 100644 --- a/docker/lychee.tf +++ b/docker/lychee.tf @@ -33,5 +33,5 @@ resource "docker_container" "lychee" { "PGID=984", ] - links = ["${var.links-mariadb}"] + # links = ["${var.links-mariadb}"] } diff --git a/docker/network.tf b/docker/network.tf index 8ea0161..c2b6e0a 100644 --- a/docker/network.tf +++ b/docker/network.tf @@ -1,6 +1,5 @@ -// This is the default network we use -// for any new container -resource "docker_network" "bb8-default" { - name = "bb8" - driver = "bridge" +resource "docker_network" "traefik" { + name = "traefik" + driver = "bridge" + internal = true } diff --git a/docker/outputs.tf b/docker/outputs.tf index a143190..d0fa477 100644 --- a/docker/outputs.tf +++ b/docker/outputs.tf @@ -6,6 +6,10 @@ output "names-traefik" { value = "${docker_container.traefik.name}" } +output "traefik-network-id" { + value = "${docker_network.traefik.id}" +} + output "auth-header" { value = "${var.basic_auth}" } diff --git a/docker/traefik.tf b/docker/traefik.tf index 00c95e7..add985a 100644 --- a/docker/traefik.tf +++ b/docker/traefik.tf @@ -93,6 +93,10 @@ resource "docker_container" "traefik" { destroy_grace_seconds = 10 must_run = true + // `bridge` is auto-connected for now + // https://github.com/terraform-providers/terraform-provider-docker/issues/10 + networks = ["${docker_network.traefik.id}"] + env = [ "CLOUDFLARE_EMAIL=${var.cloudflare_email}", "CLOUDFLARE_API_KEY=${var.cloudflare_key}", diff --git a/docker/variables.tf b/docker/variables.tf index 0e0a339..6addbd4 100644 --- a/docker/variables.tf +++ b/docker/variables.tf @@ -50,6 +50,6 @@ variable "ips" { type = "map" } -variable "links-mariadb" {} +# variable "links-mariadb" {} variable "networks-mongorocks" {} diff --git a/gitea/conf/conf.ini.tpl b/gitea/conf/conf.ini.tpl index 4ea0c08..81bb090 100644 --- a/gitea/conf/conf.ini.tpl +++ b/gitea/conf/conf.ini.tpl @@ -87,7 +87,7 @@ DB_TYPE = sqlite3 HOST = mariadb:3306 NAME = gitea USER = gitea -; PASSWD = "${mysql-password}" +; PASSWD = "mysql-password" ; ; For "postgres" only, either "disable", "require" or "verify-full" ; SSL_MODE = disable ; ; For "sqlite3" and "tidb", use absolute path when you start as service diff --git a/gitea/main.tf b/gitea/main.tf index 7a6026c..ddc8ecf 100644 --- a/gitea/main.tf +++ b/gitea/main.tf @@ -59,10 +59,7 @@ resource "docker_container" "gitea" { restart = "unless-stopped" destroy_grace_seconds = 10 must_run = true - links = [ - "mariadb", - ] - networks = ["${docker_network.gitea.id}"] + networks = ["${docker_network.gitea.id}", "${var.traefik-network-id}"] } resource "docker_image" "gitea" { diff --git a/gitea/mysql.tf b/gitea/mysql.tf index 719cde2..8b13789 100644 --- a/gitea/mysql.tf +++ b/gitea/mysql.tf @@ -1,16 +1 @@ -resource "mysql_database" "gitea" { - name = "gitea" -} -resource "mysql_user" "gitea" { - user = "gitea" - host = "%" - plaintext_password = "${var.mysql-password}" -} - -resource "mysql_grant" "gitea" { - user = "${mysql_user.gitea.user}" - host = "${mysql_user.gitea.host}" - database = "${mysql_database.gitea.name}" - privileges = ["ALL"] -} diff --git a/gitea/redis.tf b/gitea/redis.tf index 5156245..27f11ee 100644 --- a/gitea/redis.tf +++ b/gitea/redis.tf @@ -18,4 +18,5 @@ resource "docker_container" "redis" { resource "docker_image" "redis" { name = "${data.docker_registry_image.redis.name}" pull_triggers = ["${data.docker_registry_image.redis.sha256_digest}"] + keep_locally = true } diff --git a/gitea/variables.tf b/gitea/variables.tf index 824d462..093e8dc 100644 --- a/gitea/variables.tf +++ b/gitea/variables.tf @@ -13,3 +13,5 @@ variable "internal-token" {} variable "smtp-password" {} variable "lfs-jwt-secret" {} variable "mysql-password" {} + +variable "traefik-network-id" {} diff --git a/heimdall/main.tf b/heimdall/main.tf index 4ce20e8..61028aa 100644 --- a/heimdall/main.tf +++ b/heimdall/main.tf @@ -19,6 +19,8 @@ resource "docker_container" "heimdall" { "traefik.frontend.auth.basic", "${var.auth-header}", ))}" + networks = ["${var.traefik-network-id}"] + volumes { host_path = "/mnt/xwing/config/heimdall" container_path = "/config" diff --git a/heimdall/variables.tf b/heimdall/variables.tf index cb679bf..c3f4e61 100644 --- a/heimdall/variables.tf +++ b/heimdall/variables.tf @@ -9,3 +9,5 @@ variable "auth-header" { variable "traefik-labels" { type = "map" } + +variable "traefik-network-id" {} diff --git a/main.tf b/main.tf index ebee876..c8e3bf3 100644 --- a/main.tf +++ b/main.tf @@ -20,7 +20,8 @@ module "docker" { cloudflare_key = "${var.cloudflare_key}" cloudflare_email = "bb8@captnemo.in" wiki_session_secret = "${var.wiki_session_secret}" - links-mariadb = "${module.db.names-mariadb}" + + # links-mariadb = "${module.db.names-mariadb}" networks-mongorocks = "${module.db.networks-mongorocks}" ips = "${var.ips}" domain = "bb8.fun" @@ -51,58 +52,68 @@ module "gitea" { smtp-password = "${var.gitea-smtp-password}" lfs-jwt-secret = "${var.gitea-lfs-jwt-secret}" mysql-password = "${var.gitea-mysql-password}" + + traefik-network-id = "${module.docker.traefik-network-id}" } module "opml" { - source = "opml" - domain = "opml.bb8.fun" - client-id = "${var.opml-github-client-id}" - client-secret = "${var.opml-github-client-secret}" - traefik-labels = "${var.traefik-common-labels}" + source = "opml" + domain = "opml.bb8.fun" + client-id = "${var.opml-github-client-id}" + client-secret = "${var.opml-github-client-secret}" + traefik-labels = "${var.traefik-common-labels}" + traefik-network-id = "${module.docker.traefik-network-id}" } module "radicale" { - source = "radicale" - domain = "radicale.bb8.fun" - traefik-labels = "${var.traefik-common-labels}" + source = "radicale" + domain = "radicale.bb8.fun" + traefik-labels = "${var.traefik-common-labels}" + traefik-network-id = "${module.docker.traefik-network-id}" } module "tt-rss" { - source = "tt-rss" - domain = "rss.captnemo.in" - mysql_password = "${var.mysql-ttrss-password}" - links-db = "${module.db.names-mariadb}" - traefik-labels = "${var.traefik-common-labels}" + source = "tt-rss" + domain = "rss.captnemo.in" + mysql_password = "${var.mysql-ttrss-password}" + links-db = "${module.db.names-mariadb}" + traefik-labels = "${var.traefik-common-labels}" + traefik-network-id = "${module.docker.traefik-network-id}" } module "requestbin" { - source = "requestbin" - domain = "requestbin.bb8.fun" - traefik-labels = "${var.traefik-common-labels}" + source = "requestbin" + domain = "requestbin.bb8.fun" + traefik-labels = "${var.traefik-common-labels}" + traefik-network-id = "${module.docker.traefik-network-id}" } module "resilio" { - source = "resilio" - domain = "sync.bb8.fun" - traefik-labels = "${var.traefik-common-labels}" - ips = "${var.ips}" + source = "resilio" + domain = "sync.bb8.fun" + traefik-labels = "${var.traefik-common-labels}" + ips = "${var.ips}" + traefik-network-id = "${module.docker.traefik-network-id}" } module "heimdall" { - source = "heimdall" - domain = "bb8.fun" - traefik-labels = "${var.traefik-common-labels}" - auth-header = "${module.docker.auth-header}" + source = "heimdall" + domain = "bb8.fun" + traefik-labels = "${var.traefik-common-labels}" + auth-header = "${module.docker.auth-header}" + traefik-network-id = "${module.docker.traefik-network-id}" } module "media" { - source = "media" - domain = "bb8.fun" - links-mariadb = "${module.db.names-mariadb}" + source = "media" + domain = "bb8.fun" + + # links-mariadb = "${module.db.names-mariadb}" traefik-labels = "${var.traefik-common-labels}" airsonic-smtp-password = "${var.airsonic-smtp-password}" airsonic-db-password = "${var.mysql_airsonic_password}" ips = "${var.ips}" + traefik-network-id = "${module.docker.traefik-network-id}" } module "monitoring" { @@ -113,6 +124,7 @@ module "monitoring" { traefik-labels = "${var.traefik-common-labels}" ips = "${var.ips}" links-traefik = "${module.docker.names-traefik}" + traefik-network-id = "${module.docker.traefik-network-id}" } module "digitalocean" { @@ -120,13 +132,14 @@ module "digitalocean" { } // Used to force access to ISP related resources -module "tinyproxy" { - source = "tinyproxy" - ips = "${var.ips}" -} +# module "tinyproxy" { +# source = "tinyproxy" +# ips = "${var.ips}" +# } module "abstruse" { - source = "abstruse" - domain = "ci.bb8.fun" - traefik-labels = "${var.traefik-common-labels}" + source = "abstruse" + domain = "ci.bb8.fun" + traefik-labels = "${var.traefik-common-labels}" + traefik-network-id = "${module.docker.traefik-network-id}" } diff --git a/media/airsonic.tf b/media/airsonic.tf index c399499..ec2f644 100644 --- a/media/airsonic.tf +++ b/media/airsonic.tf @@ -47,7 +47,8 @@ resource "docker_container" "airsonic" { "TZ=Asia/Kolkata", "JAVA_OPTS=-Xmx512m", ] - links = ["${var.links-mariadb}"] + + # links = ["${var.links-mariadb}"] } resource "docker_image" "airsonic" { diff --git a/media/emby.tf b/media/emby.tf index 0581bcf..a27ceb4 100644 --- a/media/emby.tf +++ b/media/emby.tf @@ -20,6 +20,8 @@ resource "docker_container" "emby" { "traefik.port", 8096, ))}" + networks = ["${docker_network.media.id}", "${var.traefik-network-id}"] + memory = 2048 restart = "unless-stopped" destroy_grace_seconds = 10 diff --git a/media/jackett.tf b/media/jackett.tf index 1cff5d0..4ebd32d 100644 --- a/media/jackett.tf +++ b/media/jackett.tf @@ -26,11 +26,11 @@ resource "docker_container" "jackett" { container_path = "/config" } + networks = ["${docker_network.media.id}", "${var.traefik-network-id}"] + env = [ "PUID=1004", "PGID=1003", "TZ=Asia/Kolkata", ] - - # links = ["${var.links-emby}"] } diff --git a/media/lidarr.tf b/media/lidarr.tf index ba1b500..c0e02fb 100644 --- a/media/lidarr.tf +++ b/media/lidarr.tf @@ -43,5 +43,5 @@ resource "docker_container" "lidarr" { "TZ=Asia/Kolkata", ] - networks = ["${docker_network.media.id}"] + networks = ["${docker_network.media.id}", "${var.traefik-network-id}"] } diff --git a/media/radarr.tf b/media/radarr.tf index f0a3b4f..ad0744c 100644 --- a/media/radarr.tf +++ b/media/radarr.tf @@ -44,5 +44,5 @@ resource "docker_container" "radarr" { "TZ=Asia/Kolkata", ] - networks = ["${docker_network.media.id}"] + networks = ["${docker_network.media.id}", "${var.traefik-network-id}"] } diff --git a/media/sonarr.tf b/media/sonarr.tf index 7cc80b0..8539276 100644 --- a/media/sonarr.tf +++ b/media/sonarr.tf @@ -43,5 +43,5 @@ resource "docker_container" "sonarr" { "TZ=Asia/Kolkata", ] - networks = ["${docker_network.media.id}"] + networks = ["${docker_network.media.id}", "${var.traefik-network-id}"] } diff --git a/media/transmission.tf b/media/transmission.tf index c6a4d92..197e92a 100644 --- a/media/transmission.tf +++ b/media/transmission.tf @@ -42,7 +42,7 @@ resource "docker_container" "transmission" { "TZ=Asia/Kolkata", ] - networks = ["${docker_network.media.id}"] + networks = ["${docker_network.media.id}", "${var.traefik-network-id}"] memory = 1024 restart = "unless-stopped" diff --git a/media/variables.tf b/media/variables.tf index 6c6d903..89d4cca 100644 --- a/media/variables.tf +++ b/media/variables.tf @@ -2,8 +2,9 @@ variable "domain" { type = "string" } -variable "links-mariadb" {} +# variable "links-mariadb" {} variable "airsonic-smtp-password" {} + variable "airsonic-db-password" {} variable "traefik-labels" { @@ -18,3 +19,5 @@ variable "basic_auth" { variable "ips" { type = "map" } + +variable "traefik-network-id" {} diff --git a/monitoring/cadvisor.tf b/monitoring/cadvisor.tf index c062b2b..d18c872 100644 --- a/monitoring/cadvisor.tf +++ b/monitoring/cadvisor.tf @@ -36,6 +36,8 @@ resource "docker_container" "cadvisor" { container_path = "/var/run" } + networks = ["${var.traefik-network-id}"] + labels = "${merge( var.traefik-labels, map( "traefik.port", 8080, diff --git a/monitoring/grafana.tf b/monitoring/grafana.tf index 1f281dd..5b1b631 100644 --- a/monitoring/grafana.tf +++ b/monitoring/grafana.tf @@ -13,7 +13,8 @@ resource "docker_container" "grafana" { container_path = "/var/lib/grafana" } - links = ["${docker_container.prometheus.name}"] + links = ["${docker_container.prometheus.name}"] + networks = ["${var.traefik-network-id}"] env = [ # Keep this disabled unless bringing up a new grafana instance diff --git a/monitoring/variables.tf b/monitoring/variables.tf index 95b3dcd..57b0281 100644 --- a/monitoring/variables.tf +++ b/monitoring/variables.tf @@ -37,3 +37,5 @@ variable "traefik-labels" { variable "ips" { type = "map" } + +variable "traefik-network-id" {} diff --git a/opml/main.tf b/opml/main.tf index dd7563c..bd495b0 100644 --- a/opml/main.tf +++ b/opml/main.tf @@ -19,7 +19,7 @@ resource "docker_container" "opml" { destroy_grace_seconds = 10 must_run = true - networks = ["${docker_network.opml.id}"] + networks = ["${docker_network.opml.id}", "${var.traefik-network-id}"] } resource "docker_image" "opml" { diff --git a/opml/redis.tf b/opml/redis.tf index 4b5e176..15bf489 100644 --- a/opml/redis.tf +++ b/opml/redis.tf @@ -18,4 +18,5 @@ resource "docker_container" "redis" { resource "docker_image" "redis" { name = "${data.docker_registry_image.redis.name}" pull_triggers = ["${data.docker_registry_image.redis.sha256_digest}"] + keep_locally = true } diff --git a/opml/variables.tf b/opml/variables.tf index 11b5f6f..91e8677 100644 --- a/opml/variables.tf +++ b/opml/variables.tf @@ -5,3 +5,5 @@ variable "traefik-labels" { variable "domain" {} variable "client-id" {} variable "client-secret" {} + +variable "traefik-network-id" {} diff --git a/radicale/main.tf b/radicale/main.tf index 89942f7..490c5b4 100644 --- a/radicale/main.tf +++ b/radicale/main.tf @@ -42,6 +42,8 @@ resource "docker_container" "radicale" { file = "/config/users" } + networks = ["${var.traefik-network-id}"] + restart = "unless-stopped" destroy_grace_seconds = 10 must_run = true diff --git a/radicale/variables.tf b/radicale/variables.tf index 697b9ef..500e0e6 100644 --- a/radicale/variables.tf +++ b/radicale/variables.tf @@ -5,3 +5,5 @@ variable "domain" { variable "traefik-labels" { type = "map" } + +variable "traefik-network-id" {} diff --git a/requestbin/main.tf b/requestbin/main.tf index bb10f44..ce8d936 100644 --- a/requestbin/main.tf +++ b/requestbin/main.tf @@ -17,6 +17,8 @@ resource "docker_container" "requestbin" { "traefik.frontend.rule","Host:${var.domain}" ))}" + networks = ["${var.traefik-network-id}"] + restart = "unless-stopped" destroy_grace_seconds = 10 must_run = true diff --git a/requestbin/variables.tf b/requestbin/variables.tf index 697b9ef..500e0e6 100644 --- a/requestbin/variables.tf +++ b/requestbin/variables.tf @@ -5,3 +5,5 @@ variable "domain" { variable "traefik-labels" { type = "map" } + +variable "traefik-network-id" {} diff --git a/resilio/main.tf b/resilio/main.tf index f3c4576..f8b1789 100644 --- a/resilio/main.tf +++ b/resilio/main.tf @@ -42,6 +42,8 @@ resource "docker_container" "resilio-sync" { container_path = "/downloads" } + networks = ["${var.traefik-network-id}"] + labels = "${merge( var.traefik-labels, map( diff --git a/resilio/variables.tf b/resilio/variables.tf index 4ba20d6..55757ae 100644 --- a/resilio/variables.tf +++ b/resilio/variables.tf @@ -7,3 +7,5 @@ variable "ips" { } variable "domain" {} + +variable "traefik-network-id" {} diff --git a/tt-rss/main.tf b/tt-rss/main.tf index 42f7296..d209401 100644 --- a/tt-rss/main.tf +++ b/tt-rss/main.tf @@ -22,6 +22,8 @@ resource "docker_container" "tt-rss" { container_path = "/config" } + networks = ["${var.traefik-network-id}"] + links = ["mariadb"] env = [ diff --git a/tt-rss/variables.tf b/tt-rss/variables.tf index b053af5..d47b922 100644 --- a/tt-rss/variables.tf +++ b/tt-rss/variables.tf @@ -8,3 +8,5 @@ variable "links-db" {} variable "traefik-labels" { type = "map" } + +variable "traefik-network-id" {}