From 6ef8783ba31cf97098f6af6a72f568241d98fc5f Mon Sep 17 00:00:00 2001 From: Nemo Date: Thu, 2 Aug 2018 23:59:39 +0530 Subject: [PATCH] Really complicated terraform labelling --- heimdall.tf | 1 - main.tf | 8 ---- miniflux.tf | 3 -- modules/container/locals.tf | 16 ++++++- modules/container/main.tf | 89 ++++++++++++++++++++++++++++++++----- modules/container/vars.tf | 5 +-- requestbin.tf | 4 +- 7 files changed, 95 insertions(+), 31 deletions(-) diff --git a/heimdall.tf b/heimdall.tf index ac18600..b1c3747 100644 --- a/heimdall.tf +++ b/heimdall.tf @@ -3,7 +3,6 @@ module "heimdall" { source = "modules/container" image = "linuxserver/heimdall:latest" - // Default is port 80 web { expose = true port = 443 diff --git a/main.tf b/main.tf index a865440..0053f56 100644 --- a/main.tf +++ b/main.tf @@ -76,14 +76,6 @@ module "resilio" { traefik-network-id = "${module.docker.traefik-network-id}" } -module "heimdall" { - source = "heimdall" - domain = "home.bb8.fun" - traefik-labels = "${var.traefik-common-labels}" - auth-header = "${module.docker.auth-header}" - traefik-network-id = "${module.docker.traefik-network-id}" -} - module "media" { source = "media" domain = "bb8.fun" diff --git a/miniflux.tf b/miniflux.tf index 49a3967..74299fa 100644 --- a/miniflux.tf +++ b/miniflux.tf @@ -15,9 +15,6 @@ module "miniflux-container" { "DATABASE_URL=postgres://miniflux:${var.miniflux-db-password}@postgres/miniflux?sslmode=disable", "RUN_MIGRATIONS=1", ] - - destroy_grace_seconds = 10 - must_run = true } module "miniflux-db" { diff --git a/modules/container/locals.tf b/modules/container/locals.tf index 1cb8155..03d6daa 100644 --- a/modules/container/locals.tf +++ b/modules/container/locals.tf @@ -1,5 +1,15 @@ locals { - traefik-common-labels { + default_labels { + "managed.by" = "nebula" + } + + web { + "traefik.port" = "${lookup(var.web, "port", "80")}" + "traefik.frontend.rule" = "Host:${lookup(var.web, "host")}" + "traefik.protocol" = "${lookup(var.web, "protocol", "http")}" + } + + traefik_common_labels { "traefik.enable" = "true" // HSTS @@ -14,4 +24,8 @@ locals { "traefik.docker.network" = "traefik" } + + traefik_auth_labels { + "traefik.frontend.auth.basic" = "${var.auth_header}" + } } diff --git a/modules/container/main.tf b/modules/container/main.tf index 00e07dd..0cc2b01 100644 --- a/modules/container/main.tf +++ b/modules/container/main.tf @@ -17,19 +17,86 @@ resource "docker_container" "container" { entrypoint = "${var.entrypoint}" user = "${var.user}" networks = ["${var.networks}"] - memory = "${lookup(var.resource, "memory")}" - // Only add traefik labels if web.expose=true - // Only add basicauth config if web.basicauth=true - labels = "${merge(var.labels, lookup(var.web, "expose", "false") ? - merge(local.traefik-common-labels, map( - "traefik.port", lookup(var.web, "port", "80"), - "traefik.frontend.rule", "Host:${lookup(var.web, "host", "")}", - "traefik.protocol", lookup(var.web, "protocol", "http"), - )) : map(), lookup(var.web, "basicauth", "false") ? map( - "traefik.frontend.auth.basic", var.auth-header - ) : map())}" + # memory = "${lookup(var.resource, "memory", "64")}" + + # Look at this monstrosity + # And then https://github.com/hashicorp/terraform/issues/12453#issuecomment-365569618 + # for why this is needed + + labels = "${merge(local.default_labels, + zipmap( + concat( + keys(local.traefik_common_labels), + split(",", + lookup(var.web, "expose", "false") == "false" ? + "" : + join(",", keys(local.traefik_common_labels)) + ) + ),concat( + values(local.traefik_common_labels), + split(",", + lookup(var.web, "expose", "false") == "false" ? + "" : + join(",", values(local.traefik_common_labels)) + ) + ) + ), + + zipmap( + concat( + keys(local.web), + split(",", + lookup(var.web, "expose", "false") == "false" ? + "" : + join(",", keys(local.web)) + ) + ),concat( + values(local.web), + split(",", + lookup(var.web, "expose", "false") == "false" ? + "" : + join(",", values(local.web)) + ) + ) + ), + + zipmap( + concat( + keys(local.traefik_common_labels), + split(",", + lookup(var.web, "expose", "false") == "false" ? + "" : + join(",", keys(local.traefik_common_labels)) + ) + ),concat( + values(local.traefik_common_labels), + split(",", + lookup(var.web, "expose", "false") == "false" ? + "" : + join(",", values(local.traefik_common_labels)) + ) + ) + ), + zipmap( + concat( + keys(local.traefik_auth_labels), + split(",", + lookup(var.web, "auth", "false") == "false" ? + "" : + join(",", keys(local.traefik_auth_labels)) + ) + ),concat( + values(local.traefik_auth_labels), + split(",", + lookup(var.web, "auth", "false") == "false" ? + "" : + join(",", values(local.traefik_auth_labels)) + ) + ) + ) + )}" destroy_grace_seconds = "${var.destroy_grace_seconds}" must_run = "${var.must_run}" } diff --git a/modules/container/vars.tf b/modules/container/vars.tf index 685c6f5..e53865f 100644 --- a/modules/container/vars.tf +++ b/modules/container/vars.tf @@ -69,14 +69,11 @@ variable "web" { default = { expose = "false" - port = "80" - host = "" - protocol = "http" basicauth = "false" } } -variable "auth-header" { +variable "auth_header" { default = "tatooine:$2y$05$iPbatint3Gulbs6kUtyALO9Yq5sBJ..aiF82bcIziH4ytz9nFoPr6,reddit:$2y$05$ghKxSydYCpAT8r2VVMDmWO/BBecghGfLsRJUkr3ii7XxPyxBqp8Oy" } diff --git a/requestbin.tf b/requestbin.tf index 596d1fd..9fac647 100644 --- a/requestbin.tf +++ b/requestbin.tf @@ -9,7 +9,5 @@ module "requestbin" { host = "requestbin.${var.root-domain}" } - networks = "${list(module.docker.traefik-network-id)}" - destroy_grace_seconds = 10 - must_run = true + networks = "${list(module.docker.traefik-network-id)}" }