Really complicated terraform labelling

2018-08-02 23:59:39 +05:30 · 2018-08-02 23:59:39 +05:30 · 6ef8783ba3
parent dea37a5319
commit 6ef8783ba3
7 changed files with 95 additions and 31 deletions
--- a/heimdall.tf
+++ b/heimdall.tf
@ -3,7 +3,6 @@ module "heimdall" {
  source = "modules/container"
  image  = "linuxserver/heimdall:latest"

-  // Default is port 80
  web {
    expose    = true
    port      = 443
--- a/main.tf
+++ b/main.tf
@ -76,14 +76,6 @@ module "resilio" {
  traefik-network-id = "${module.docker.traefik-network-id}"
 }

-module "heimdall" {
-  source             = "heimdall"
-  domain             = "home.bb8.fun"
-  traefik-labels     = "${var.traefik-common-labels}"
-  auth-header        = "${module.docker.auth-header}"
-  traefik-network-id = "${module.docker.traefik-network-id}"
-}
-
 module "media" {
  source                 = "media"
  domain                 = "bb8.fun"
--- a/miniflux.tf
+++ b/miniflux.tf
@ -15,9 +15,6 @@ module "miniflux-container" {
    "DATABASE_URL=postgres://miniflux:${var.miniflux-db-password}@postgres/miniflux?sslmode=disable",
    "RUN_MIGRATIONS=1",
  ]
-
-  destroy_grace_seconds = 10
-  must_run              = true
 }

 module "miniflux-db" {
--- a/modules/container/locals.tf
+++ b/modules/container/locals.tf
@ -1,5 +1,15 @@
 locals {
-  traefik-common-labels {
+  default_labels {
+    "managed.by" = "nebula"
+  }
+
+  web {
+    "traefik.port"          = "${lookup(var.web, "port", "80")}"
+    "traefik.frontend.rule" = "Host:${lookup(var.web, "host")}"
+    "traefik.protocol"      = "${lookup(var.web, "protocol", "http")}"
+  }
+
+  traefik_common_labels {
    "traefik.enable" = "true"

    // HSTS
@ -14,4 +24,8 @@ locals {

    "traefik.docker.network" = "traefik"
  }
+
+  traefik_auth_labels {
+    "traefik.frontend.auth.basic" = "${var.auth_header}"
+  }
 }
--- a/modules/container/main.tf
+++ b/modules/container/main.tf
@ -17,19 +17,86 @@ resource "docker_container" "container" {
  entrypoint = "${var.entrypoint}"
  user       = "${var.user}"
  networks   = ["${var.networks}"]
-  memory     = "${lookup(var.resource, "memory")}"

-  // Only add traefik labels if web.expose=true
-  // Only add basicauth config if web.basicauth=true
-  labels = "${merge(var.labels, lookup(var.web, "expose", "false") ?
-    merge(local.traefik-common-labels, map(
-      "traefik.port", lookup(var.web, "port", "80"),
-      "traefik.frontend.rule", "Host:${lookup(var.web, "host", "")}",
-      "traefik.protocol", lookup(var.web, "protocol", "http"),
-    )) : map(), lookup(var.web, "basicauth", "false") ? map(
-      "traefik.frontend.auth.basic", var.auth-header
-    ) : map())}"
+  # memory     = "${lookup(var.resource, "memory", "64")}"

+
+  # Look at this monstrosity
+  # And then https://github.com/hashicorp/terraform/issues/12453#issuecomment-365569618
+  # for why this is needed
+
+  labels = "${merge(local.default_labels,
+    zipmap(
+      concat(
+        keys(local.traefik_common_labels),
+        split(",",
+          lookup(var.web, "expose", "false") == "false" ?
+            "" :
+            join(",", keys(local.traefik_common_labels))
+        )
+      ),concat(
+        values(local.traefik_common_labels),
+        split(",",
+          lookup(var.web, "expose", "false") == "false" ?
+            "" :
+            join(",", values(local.traefik_common_labels))
+        )
+      )
+    ),
+
+    zipmap(
+      concat(
+        keys(local.web),
+        split(",",
+          lookup(var.web, "expose", "false") == "false" ?
+            "" :
+            join(",", keys(local.web))
+        )
+      ),concat(
+        values(local.web),
+        split(",",
+          lookup(var.web, "expose", "false") == "false" ?
+            "" :
+            join(",", values(local.web))
+        )
+      )
+    ),
+
+    zipmap(
+      concat(
+        keys(local.traefik_common_labels),
+        split(",",
+          lookup(var.web, "expose", "false") == "false" ?
+            "" :
+            join(",", keys(local.traefik_common_labels))
+        )
+      ),concat(
+        values(local.traefik_common_labels),
+        split(",",
+          lookup(var.web, "expose", "false") == "false" ?
+            "" :
+            join(",", values(local.traefik_common_labels))
+        )
+      )
+    ),
+    zipmap(
+      concat(
+        keys(local.traefik_auth_labels),
+        split(",",
+          lookup(var.web, "auth", "false") == "false" ?
+            "" :
+            join(",", keys(local.traefik_auth_labels))
+        )
+      ),concat(
+        values(local.traefik_auth_labels),
+        split(",",
+          lookup(var.web, "auth", "false") == "false" ?
+            "" :
+            join(",", values(local.traefik_auth_labels))
+        )
+      )
+    )
+  )}"
  destroy_grace_seconds = "${var.destroy_grace_seconds}"
  must_run              = "${var.must_run}"
 }
--- a/modules/container/vars.tf
+++ b/modules/container/vars.tf
@ -69,14 +69,11 @@ variable "web" {

  default = {
    expose    = "false"
-    port      = "80"
-    host      = ""
-    protocol  = "http"
    basicauth = "false"
  }
 }

-variable "auth-header" {
+variable "auth_header" {
  default = "tatooine:$2y$05$iPbatint3Gulbs6kUtyALO9Yq5sBJ..aiF82bcIziH4ytz9nFoPr6,reddit:$2y$05$ghKxSydYCpAT8r2VVMDmWO/BBecghGfLsRJUkr3ii7XxPyxBqp8Oy"
 }

--- a/requestbin.tf
+++ b/requestbin.tf
@ -9,7 +9,5 @@ module "requestbin" {
    host   = "requestbin.${var.root-domain}"
  }

-  networks              = "${list(module.docker.traefik-network-id)}"
-  destroy_grace_seconds = 10
-  must_run              = true
+  networks = "${list(module.docker.traefik-network-id)}"
 }