Really complicated terraform labelling
This commit is contained in:
parent
dea37a5319
commit
6ef8783ba3
|
@ -3,7 +3,6 @@ module "heimdall" {
|
||||||
source = "modules/container"
|
source = "modules/container"
|
||||||
image = "linuxserver/heimdall:latest"
|
image = "linuxserver/heimdall:latest"
|
||||||
|
|
||||||
// Default is port 80
|
|
||||||
web {
|
web {
|
||||||
expose = true
|
expose = true
|
||||||
port = 443
|
port = 443
|
||||||
|
|
8
main.tf
8
main.tf
|
@ -76,14 +76,6 @@ module "resilio" {
|
||||||
traefik-network-id = "${module.docker.traefik-network-id}"
|
traefik-network-id = "${module.docker.traefik-network-id}"
|
||||||
}
|
}
|
||||||
|
|
||||||
module "heimdall" {
|
|
||||||
source = "heimdall"
|
|
||||||
domain = "home.bb8.fun"
|
|
||||||
traefik-labels = "${var.traefik-common-labels}"
|
|
||||||
auth-header = "${module.docker.auth-header}"
|
|
||||||
traefik-network-id = "${module.docker.traefik-network-id}"
|
|
||||||
}
|
|
||||||
|
|
||||||
module "media" {
|
module "media" {
|
||||||
source = "media"
|
source = "media"
|
||||||
domain = "bb8.fun"
|
domain = "bb8.fun"
|
||||||
|
|
|
@ -15,9 +15,6 @@ module "miniflux-container" {
|
||||||
"DATABASE_URL=postgres://miniflux:${var.miniflux-db-password}@postgres/miniflux?sslmode=disable",
|
"DATABASE_URL=postgres://miniflux:${var.miniflux-db-password}@postgres/miniflux?sslmode=disable",
|
||||||
"RUN_MIGRATIONS=1",
|
"RUN_MIGRATIONS=1",
|
||||||
]
|
]
|
||||||
|
|
||||||
destroy_grace_seconds = 10
|
|
||||||
must_run = true
|
|
||||||
}
|
}
|
||||||
|
|
||||||
module "miniflux-db" {
|
module "miniflux-db" {
|
||||||
|
|
|
@ -1,5 +1,15 @@
|
||||||
locals {
|
locals {
|
||||||
traefik-common-labels {
|
default_labels {
|
||||||
|
"managed.by" = "nebula"
|
||||||
|
}
|
||||||
|
|
||||||
|
web {
|
||||||
|
"traefik.port" = "${lookup(var.web, "port", "80")}"
|
||||||
|
"traefik.frontend.rule" = "Host:${lookup(var.web, "host")}"
|
||||||
|
"traefik.protocol" = "${lookup(var.web, "protocol", "http")}"
|
||||||
|
}
|
||||||
|
|
||||||
|
traefik_common_labels {
|
||||||
"traefik.enable" = "true"
|
"traefik.enable" = "true"
|
||||||
|
|
||||||
// HSTS
|
// HSTS
|
||||||
|
@ -14,4 +24,8 @@ locals {
|
||||||
|
|
||||||
"traefik.docker.network" = "traefik"
|
"traefik.docker.network" = "traefik"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
traefik_auth_labels {
|
||||||
|
"traefik.frontend.auth.basic" = "${var.auth_header}"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,19 +17,86 @@ resource "docker_container" "container" {
|
||||||
entrypoint = "${var.entrypoint}"
|
entrypoint = "${var.entrypoint}"
|
||||||
user = "${var.user}"
|
user = "${var.user}"
|
||||||
networks = ["${var.networks}"]
|
networks = ["${var.networks}"]
|
||||||
memory = "${lookup(var.resource, "memory")}"
|
|
||||||
|
|
||||||
// Only add traefik labels if web.expose=true
|
# memory = "${lookup(var.resource, "memory", "64")}"
|
||||||
// Only add basicauth config if web.basicauth=true
|
|
||||||
labels = "${merge(var.labels, lookup(var.web, "expose", "false") ?
|
|
||||||
merge(local.traefik-common-labels, map(
|
|
||||||
"traefik.port", lookup(var.web, "port", "80"),
|
|
||||||
"traefik.frontend.rule", "Host:${lookup(var.web, "host", "")}",
|
|
||||||
"traefik.protocol", lookup(var.web, "protocol", "http"),
|
|
||||||
)) : map(), lookup(var.web, "basicauth", "false") ? map(
|
|
||||||
"traefik.frontend.auth.basic", var.auth-header
|
|
||||||
) : map())}"
|
|
||||||
|
|
||||||
|
|
||||||
|
# Look at this monstrosity
|
||||||
|
# And then https://github.com/hashicorp/terraform/issues/12453#issuecomment-365569618
|
||||||
|
# for why this is needed
|
||||||
|
|
||||||
|
labels = "${merge(local.default_labels,
|
||||||
|
zipmap(
|
||||||
|
concat(
|
||||||
|
keys(local.traefik_common_labels),
|
||||||
|
split(",",
|
||||||
|
lookup(var.web, "expose", "false") == "false" ?
|
||||||
|
"" :
|
||||||
|
join(",", keys(local.traefik_common_labels))
|
||||||
|
)
|
||||||
|
),concat(
|
||||||
|
values(local.traefik_common_labels),
|
||||||
|
split(",",
|
||||||
|
lookup(var.web, "expose", "false") == "false" ?
|
||||||
|
"" :
|
||||||
|
join(",", values(local.traefik_common_labels))
|
||||||
|
)
|
||||||
|
)
|
||||||
|
),
|
||||||
|
|
||||||
|
zipmap(
|
||||||
|
concat(
|
||||||
|
keys(local.web),
|
||||||
|
split(",",
|
||||||
|
lookup(var.web, "expose", "false") == "false" ?
|
||||||
|
"" :
|
||||||
|
join(",", keys(local.web))
|
||||||
|
)
|
||||||
|
),concat(
|
||||||
|
values(local.web),
|
||||||
|
split(",",
|
||||||
|
lookup(var.web, "expose", "false") == "false" ?
|
||||||
|
"" :
|
||||||
|
join(",", values(local.web))
|
||||||
|
)
|
||||||
|
)
|
||||||
|
),
|
||||||
|
|
||||||
|
zipmap(
|
||||||
|
concat(
|
||||||
|
keys(local.traefik_common_labels),
|
||||||
|
split(",",
|
||||||
|
lookup(var.web, "expose", "false") == "false" ?
|
||||||
|
"" :
|
||||||
|
join(",", keys(local.traefik_common_labels))
|
||||||
|
)
|
||||||
|
),concat(
|
||||||
|
values(local.traefik_common_labels),
|
||||||
|
split(",",
|
||||||
|
lookup(var.web, "expose", "false") == "false" ?
|
||||||
|
"" :
|
||||||
|
join(",", values(local.traefik_common_labels))
|
||||||
|
)
|
||||||
|
)
|
||||||
|
),
|
||||||
|
zipmap(
|
||||||
|
concat(
|
||||||
|
keys(local.traefik_auth_labels),
|
||||||
|
split(",",
|
||||||
|
lookup(var.web, "auth", "false") == "false" ?
|
||||||
|
"" :
|
||||||
|
join(",", keys(local.traefik_auth_labels))
|
||||||
|
)
|
||||||
|
),concat(
|
||||||
|
values(local.traefik_auth_labels),
|
||||||
|
split(",",
|
||||||
|
lookup(var.web, "auth", "false") == "false" ?
|
||||||
|
"" :
|
||||||
|
join(",", values(local.traefik_auth_labels))
|
||||||
|
)
|
||||||
|
)
|
||||||
|
)
|
||||||
|
)}"
|
||||||
destroy_grace_seconds = "${var.destroy_grace_seconds}"
|
destroy_grace_seconds = "${var.destroy_grace_seconds}"
|
||||||
must_run = "${var.must_run}"
|
must_run = "${var.must_run}"
|
||||||
}
|
}
|
||||||
|
|
|
@ -69,14 +69,11 @@ variable "web" {
|
||||||
|
|
||||||
default = {
|
default = {
|
||||||
expose = "false"
|
expose = "false"
|
||||||
port = "80"
|
|
||||||
host = ""
|
|
||||||
protocol = "http"
|
|
||||||
basicauth = "false"
|
basicauth = "false"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "auth-header" {
|
variable "auth_header" {
|
||||||
default = "tatooine:$2y$05$iPbatint3Gulbs6kUtyALO9Yq5sBJ..aiF82bcIziH4ytz9nFoPr6,reddit:$2y$05$ghKxSydYCpAT8r2VVMDmWO/BBecghGfLsRJUkr3ii7XxPyxBqp8Oy"
|
default = "tatooine:$2y$05$iPbatint3Gulbs6kUtyALO9Yq5sBJ..aiF82bcIziH4ytz9nFoPr6,reddit:$2y$05$ghKxSydYCpAT8r2VVMDmWO/BBecghGfLsRJUkr3ii7XxPyxBqp8Oy"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -9,7 +9,5 @@ module "requestbin" {
|
||||||
host = "requestbin.${var.root-domain}"
|
host = "requestbin.${var.root-domain}"
|
||||||
}
|
}
|
||||||
|
|
||||||
networks = "${list(module.docker.traefik-network-id)}"
|
networks = "${list(module.docker.traefik-network-id)}"
|
||||||
destroy_grace_seconds = 10
|
|
||||||
must_run = true
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue