From 59f5f49271da9e138662fd357ea80c06bc3386b6 Mon Sep 17 00:00:00 2001
From: Nemo <me@captnemo.in>
Date: Mon, 25 Dec 2017 17:58:13 +0530
Subject: [PATCH] Switches gitea to git.captnemo.in

---
 cloudflare/main.tf       |  7 +++++++
 docker/conf/traefik.toml |  6 +++++-
 docker/main.tf           |  7 ++++---
 docker/traefik.tf        | 10 ++++++++++
 4 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/cloudflare/main.tf b/cloudflare/main.tf
index f7346e2..660a000 100644
--- a/cloudflare/main.tf
+++ b/cloudflare/main.tf
@@ -20,6 +20,13 @@ resource "cloudflare_record" "docker" {
   type   = "A"
 }
 
+resource "cloudflare_record" "debug" {
+  domain = "${var.domain}"
+  name   = "debug.in"
+  value  = "10.8.0.14"
+  type   = "A"
+}
+
 resource "cloudflare_record" "internet" {
   domain = "${var.domain}"
   name   = "@"
diff --git a/docker/conf/traefik.toml b/docker/conf/traefik.toml
index 8617b02..92c3146 100644
--- a/docker/conf/traefik.toml
+++ b/docker/conf/traefik.toml
@@ -8,6 +8,9 @@ defaultEntryPoints = ["http", "https"]
   address = ":443"
   # This is required for ACME support
   [entryPoints.https.tls]
+  [[entryPoints.https.tls.certificates]]
+    certFile = "/etc/traefik/git.captnemo.in.crt"
+    keyFile  = "/etc/traefik/git.captnemo.in.key"
 
 [docker]
   # Make sure you mount this as readonly
@@ -78,7 +81,8 @@ sans = [
   "emby.in.bb8.fun",
   "debug.in.bb8.fun",
   "flexget.bb8.fun",
-  # "gitea.bb8.fun",
+  "git.bb8.fun",
+  "gitea.bb8.fun",
   "headphones.bb8.fun",
   "home.bb8.fun",
   "home.in.bb8.fun",
diff --git a/docker/main.tf b/docker/main.tf
index b472769..0078cbb 100644
--- a/docker/main.tf
+++ b/docker/main.tf
@@ -61,11 +61,12 @@ resource docker_container "gitea" {
   labels {
     "traefik.port" = 3000
     "traefik.enable" = "true"
-    "traefik.frontend.headers.SSLTemporaryRedirect" = "true"
+    "traefik.frontend.rule" = "Host:git.captnemo.in"
     "traefik.frontend.headers.STSSeconds" = "2592000"
-    "traefik.frontend.headers.STSIncludeSubdomains" = "false"
-    "traefik.frontend.headers.contentTypeNosniff" = "true"
     "traefik.frontend.headers.browserXSSFilter" = "true"
+    "traefik.frontend.headers.contentTypeNosniff" = "true"
+    "traefik.frontend.headers.SSLTemporaryRedirect" = "true"
+    "traefik.frontend.headers.STSIncludeSubdomains" = "false"
     "traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
     "traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
   }
diff --git a/docker/traefik.tf b/docker/traefik.tf
index 2997ae3..aa01c36 100644
--- a/docker/traefik.tf
+++ b/docker/traefik.tf
@@ -48,6 +48,16 @@ resource "docker_container" "traefik" {
     file    = "/etc/traefik/traefik.toml"
   }
 
+  upload {
+    content = "${file("/home/nemo/projects/personal/certs/git.captnemo.in/fullchain.pem")}"
+    file    = "/etc/traefik/git.captnemo.in.crt"
+  }
+
+  upload {
+    content = "${file("/home/nemo/projects/personal/certs/git.captnemo.in/privkey.pem")}"
+    file    = "/etc/traefik/git.captnemo.in.key"
+  }
+
   volumes {
     host_path         = "/var/run/docker.sock"
     container_path    = "/var/run/docker.sock"