Really complicated terraform labelling
This commit is contained in:
parent
dea37a5319
commit
6ef8783ba3
|
@ -3,7 +3,6 @@ module "heimdall" {
|
|||
source = "modules/container"
|
||||
image = "linuxserver/heimdall:latest"
|
||||
|
||||
// Default is port 80
|
||||
web {
|
||||
expose = true
|
||||
port = 443
|
||||
|
|
8
main.tf
8
main.tf
|
@ -76,14 +76,6 @@ module "resilio" {
|
|||
traefik-network-id = "${module.docker.traefik-network-id}"
|
||||
}
|
||||
|
||||
module "heimdall" {
|
||||
source = "heimdall"
|
||||
domain = "home.bb8.fun"
|
||||
traefik-labels = "${var.traefik-common-labels}"
|
||||
auth-header = "${module.docker.auth-header}"
|
||||
traefik-network-id = "${module.docker.traefik-network-id}"
|
||||
}
|
||||
|
||||
module "media" {
|
||||
source = "media"
|
||||
domain = "bb8.fun"
|
||||
|
|
|
@ -15,9 +15,6 @@ module "miniflux-container" {
|
|||
"DATABASE_URL=postgres://miniflux:${var.miniflux-db-password}@postgres/miniflux?sslmode=disable",
|
||||
"RUN_MIGRATIONS=1",
|
||||
]
|
||||
|
||||
destroy_grace_seconds = 10
|
||||
must_run = true
|
||||
}
|
||||
|
||||
module "miniflux-db" {
|
||||
|
|
|
@ -1,5 +1,15 @@
|
|||
locals {
|
||||
traefik-common-labels {
|
||||
default_labels {
|
||||
"managed.by" = "nebula"
|
||||
}
|
||||
|
||||
web {
|
||||
"traefik.port" = "${lookup(var.web, "port", "80")}"
|
||||
"traefik.frontend.rule" = "Host:${lookup(var.web, "host")}"
|
||||
"traefik.protocol" = "${lookup(var.web, "protocol", "http")}"
|
||||
}
|
||||
|
||||
traefik_common_labels {
|
||||
"traefik.enable" = "true"
|
||||
|
||||
// HSTS
|
||||
|
@ -14,4 +24,8 @@ locals {
|
|||
|
||||
"traefik.docker.network" = "traefik"
|
||||
}
|
||||
|
||||
traefik_auth_labels {
|
||||
"traefik.frontend.auth.basic" = "${var.auth_header}"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -17,19 +17,86 @@ resource "docker_container" "container" {
|
|||
entrypoint = "${var.entrypoint}"
|
||||
user = "${var.user}"
|
||||
networks = ["${var.networks}"]
|
||||
memory = "${lookup(var.resource, "memory")}"
|
||||
|
||||
// Only add traefik labels if web.expose=true
|
||||
// Only add basicauth config if web.basicauth=true
|
||||
labels = "${merge(var.labels, lookup(var.web, "expose", "false") ?
|
||||
merge(local.traefik-common-labels, map(
|
||||
"traefik.port", lookup(var.web, "port", "80"),
|
||||
"traefik.frontend.rule", "Host:${lookup(var.web, "host", "")}",
|
||||
"traefik.protocol", lookup(var.web, "protocol", "http"),
|
||||
)) : map(), lookup(var.web, "basicauth", "false") ? map(
|
||||
"traefik.frontend.auth.basic", var.auth-header
|
||||
) : map())}"
|
||||
# memory = "${lookup(var.resource, "memory", "64")}"
|
||||
|
||||
|
||||
# Look at this monstrosity
|
||||
# And then https://github.com/hashicorp/terraform/issues/12453#issuecomment-365569618
|
||||
# for why this is needed
|
||||
|
||||
labels = "${merge(local.default_labels,
|
||||
zipmap(
|
||||
concat(
|
||||
keys(local.traefik_common_labels),
|
||||
split(",",
|
||||
lookup(var.web, "expose", "false") == "false" ?
|
||||
"" :
|
||||
join(",", keys(local.traefik_common_labels))
|
||||
)
|
||||
),concat(
|
||||
values(local.traefik_common_labels),
|
||||
split(",",
|
||||
lookup(var.web, "expose", "false") == "false" ?
|
||||
"" :
|
||||
join(",", values(local.traefik_common_labels))
|
||||
)
|
||||
)
|
||||
),
|
||||
|
||||
zipmap(
|
||||
concat(
|
||||
keys(local.web),
|
||||
split(",",
|
||||
lookup(var.web, "expose", "false") == "false" ?
|
||||
"" :
|
||||
join(",", keys(local.web))
|
||||
)
|
||||
),concat(
|
||||
values(local.web),
|
||||
split(",",
|
||||
lookup(var.web, "expose", "false") == "false" ?
|
||||
"" :
|
||||
join(",", values(local.web))
|
||||
)
|
||||
)
|
||||
),
|
||||
|
||||
zipmap(
|
||||
concat(
|
||||
keys(local.traefik_common_labels),
|
||||
split(",",
|
||||
lookup(var.web, "expose", "false") == "false" ?
|
||||
"" :
|
||||
join(",", keys(local.traefik_common_labels))
|
||||
)
|
||||
),concat(
|
||||
values(local.traefik_common_labels),
|
||||
split(",",
|
||||
lookup(var.web, "expose", "false") == "false" ?
|
||||
"" :
|
||||
join(",", values(local.traefik_common_labels))
|
||||
)
|
||||
)
|
||||
),
|
||||
zipmap(
|
||||
concat(
|
||||
keys(local.traefik_auth_labels),
|
||||
split(",",
|
||||
lookup(var.web, "auth", "false") == "false" ?
|
||||
"" :
|
||||
join(",", keys(local.traefik_auth_labels))
|
||||
)
|
||||
),concat(
|
||||
values(local.traefik_auth_labels),
|
||||
split(",",
|
||||
lookup(var.web, "auth", "false") == "false" ?
|
||||
"" :
|
||||
join(",", values(local.traefik_auth_labels))
|
||||
)
|
||||
)
|
||||
)
|
||||
)}"
|
||||
destroy_grace_seconds = "${var.destroy_grace_seconds}"
|
||||
must_run = "${var.must_run}"
|
||||
}
|
||||
|
|
|
@ -69,14 +69,11 @@ variable "web" {
|
|||
|
||||
default = {
|
||||
expose = "false"
|
||||
port = "80"
|
||||
host = ""
|
||||
protocol = "http"
|
||||
basicauth = "false"
|
||||
}
|
||||
}
|
||||
|
||||
variable "auth-header" {
|
||||
variable "auth_header" {
|
||||
default = "tatooine:$2y$05$iPbatint3Gulbs6kUtyALO9Yq5sBJ..aiF82bcIziH4ytz9nFoPr6,reddit:$2y$05$ghKxSydYCpAT8r2VVMDmWO/BBecghGfLsRJUkr3ii7XxPyxBqp8Oy"
|
||||
}
|
||||
|
||||
|
|
|
@ -9,7 +9,5 @@ module "requestbin" {
|
|||
host = "requestbin.${var.root-domain}"
|
||||
}
|
||||
|
||||
networks = "${list(module.docker.traefik-network-id)}"
|
||||
destroy_grace_seconds = 10
|
||||
must_run = true
|
||||
networks = "${list(module.docker.traefik-network-id)}"
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue