[refactor] Use traefik_common_labels everywhere

2018-01-02 22:22:24 +05:30 · 2018-01-02 22:22:24 +05:30 · 7b521e20bc
parent 63225a89e2
commit 7b521e20bc
3 changed files with 85 additions and 132 deletions
--- a/docker/locals.tf
+++ b/docker/locals.tf
@ -1,10 +1,13 @@
 locals {
-  traefik_common_labels = {
+  traefik_common_labels {
-    "traefik.frontend.passHostHeader" = "true"
+    "traefik.enable"                                   = "true"
-    "traefik.frontend.headers.SSLTemporaryRedirect" = "true"
+    "traefik.frontend.passHostHeader"                  = "true"
-    "traefik.frontend.headers.STSSeconds" = "2592000"
+    "traefik.frontend.headers.SSLTemporaryRedirect"    = "true"
-    "traefik.frontend.headers.STSIncludeSubdomains" = "false"
+    "traefik.frontend.headers.STSSeconds"              = "2592000"
-    # "traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
+    "traefik.frontend.headers.STSIncludeSubdomains"    = "false"
-    # "traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
+    "traefik.frontend.headers.customResponseHeaders"   = "${var.xpoweredby}"
    "traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
    "traefik.frontend.headers.contentTypeNosniff"      = "true"
    "traefik.frontend.headers.browserXSSFilter"        = "true"
  }
 }
--- a/docker/main.tf
+++ b/docker/main.tf
@ -2,18 +2,11 @@ resource docker_container "transmission" {
  name  = "transmission"
  image = "${docker_image.transmission.latest}"
-  labels {
+  labels = "${merge(
-    "traefik.frontend.auth.basic"                      = "${var.basic_auth}"
+    local.traefik_common_labels,
-    "traefik.port"                                     = 9091
+    map(
-    "traefik.enable"                                   = "true"
+      "traefik.port", 9091,
-    "traefik.frontend.headers.SSLTemporaryRedirect"    = "true"
+    ))}"
    "traefik.frontend.headers.STSSeconds"              = "2592000"
    "traefik.frontend.headers.STSIncludeSubdomains"    = "false"
    "traefik.frontend.headers.contentTypeNosniff"      = "true"
    "traefik.frontend.headers.browserXSSFilter"        = "true"
    "traefik.frontend.headers.customResponseHeaders"   = "${var.xpoweredby}"
    "traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
  }
  ports {
    internal = 51413
@ -68,20 +61,14 @@ resource "docker_container" "emby" {
    container_path = "/media"
  }
-  labels {
+  labels = "${merge(
-    "traefik.frontend.rule"                            = "Host:emby.in.${var.domain},emby.${var.domain}"
+    local.traefik_common_labels,
-    "traefik.frontend.passHostHeader"                  = "true"
+    map(
-    "traefik.frontend.auth.basic"                      = "${var.basic_auth}"
+      "traefik.frontend.rule", "Host:emby.in.${var.domain},emby.${var.domain}",
-    "traefik.port"                                     = 8096
+      "traefik.frontend.passHostHeader", "true",
-    "traefik.enable"                                   = "true"
+      "traefik.frontend.auth.basic", "${var.basic_auth}",
-    "traefik.frontend.headers.SSLTemporaryRedirect"    = "true"
+      "traefik.port", 8096,
-    "traefik.frontend.headers.STSSeconds"              = "2592000"
+    ))}"
    "traefik.frontend.headers.STSIncludeSubdomains"    = "false"
    "traefik.frontend.headers.contentTypeNosniff"      = "true"
    "traefik.frontend.headers.browserXSSFilter"        = "true"
    "traefik.frontend.headers.customResponseHeaders"   = "${var.xpoweredby}"
    "traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
  }
  memory                = 2048
  restart               = "unless-stopped"
@ -117,18 +104,12 @@ resource "docker_container" "couchpotato" {
    container_path = "/movies"
  }
-  labels {
+  labels = "${merge(
-    "traefik.frontend.auth.basic"                      = "${var.basic_auth}"
+    local.traefik_common_labels,
-    "traefik.port"                                     = 5050
+    map(
-    "traefik.enable"                                   = "true"
+      "traefik.frontend.auth.basic", "${var.basic_auth}",
-    "traefik.frontend.headers.SSLTemporaryRedirect"    = "true"
+      "traefik.port", 5050,
-    "traefik.frontend.headers.STSSeconds"              = "2592000"
+    ))}"
    "traefik.frontend.headers.STSIncludeSubdomains"    = "false"
    "traefik.frontend.headers.contentTypeNosniff"      = "true"
    "traefik.frontend.headers.browserXSSFilter"        = "true"
    "traefik.frontend.headers.customResponseHeaders"   = "${var.xpoweredby}"
    "traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
  }
  memory                = 256
  restart               = "unless-stopped"
@ -175,17 +156,13 @@ resource "docker_container" "airsonic" {
    container_path = "/airsonic/podcasts"
  }
-  labels {
+  labels = "${merge(
-    "traefik.frontend.rule" = "Host:airsonic.in.bb8.fun,airsonic.bb8.fun"
+    local.traefik_common_labels,
-    "traefik.frontend.passHostHeader" = "false"
+    map(
-    "traefik.port" = 4040
+      "traefik.frontend.rule", "Host:airsonic.in.${var.domain},airsonic.${var.domain}",
-    "traefik.enable" = "true"
+      "traefik.frontend.passHostHeader", "true",
-    "traefik.frontend.headers.SSLTemporaryRedirect" = "true"
+      "traefik.port", 4040,
-    "traefik.frontend.headers.STSSeconds" = "2592000"
+    ))}"
    "traefik.frontend.headers.STSIncludeSubdomains" = "false"
    "traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
    "traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
  }
 }
 resource "docker_container" "headerdebug" {
@ -198,16 +175,13 @@ resource "docker_container" "headerdebug" {
  memory = 16
-  labels {
+  labels = "${merge(
-    "${merge(
+    local.traefik_common_labels,
-      local.traefik_common_labels,
+    map(
-      map(
+      "traefik.frontend.rule", "Host:debug.in.${var.domain},debug.${var.domain}",
-        "traefik.frontend.rule", "Host:debug.in.bb8.fun",
+      "traefik.port", 8080,
-        "traefik.port", 8080,
+      "traefik.enable", "true",
-        "traefik.enable", "true"
+    ))}"
      )
    )}"
  }
 }
 resource "docker_container" "sickrage" {
@ -235,19 +209,13 @@ resource "docker_container" "sickrage" {
    container_path = "/tv"
  }
-  labels {
+  labels = "${merge(
-    "traefik.frontend.passHostHeader"                  = "false"
+    local.traefik_common_labels,
-    "traefik.frontend.auth.basic"                      = "${var.basic_auth}"
+    map(
-    "traefik.port"                                     = 8081
+      "traefik.frontend.passHostHeader", "false",
-    "traefik.enable"                                   = "true"
+      "traefik.frontend.auth.basic", "${var.basic_auth}",
-    "traefik.frontend.headers.SSLTemporaryRedirect"    = "true"
+      "traefik.port", 8081,
-    "traefik.frontend.headers.STSSeconds"              = "2592000"
+    ))}"
    "traefik.frontend.headers.STSIncludeSubdomains"    = "false"
    "traefik.frontend.headers.contentTypeNosniff"      = "true"
    "traefik.frontend.headers.browserXSSFilter"        = "true"
    "traefik.frontend.headers.customResponseHeaders"   = "${var.xpoweredby}"
    "traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
  }
  env = [
    "PUID=1004",
@ -285,18 +253,12 @@ resource "docker_container" "headphones" {
    file    = "/config/config.ini"
  }
-  labels {
+  labels = "${merge(
-    "traefik.frontend.auth.basic"                      = "${var.basic_auth}"
+    local.traefik_common_labels,
-    "traefik.port"                                     = 8181
+    map(
-    "traefik.enable"                                   = "true"
+      "traefik.frontend.auth.basic", "${var.basic_auth}",
-    "traefik.frontend.headers.SSLTemporaryRedirect"    = "true"
+      "traefik.port", 8181,
-    "traefik.frontend.headers.STSSeconds"              = "2592000"
+    ))}"
    "traefik.frontend.headers.STSIncludeSubdomains"    = "false"
    "traefik.frontend.headers.contentTypeNosniff"      = "true"
    "traefik.frontend.headers.browserXSSFilter"        = "true"
    "traefik.frontend.headers.customResponseHeaders"   = "${var.xpoweredby}"
    "traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
  }
  # lounge:tatooine
  env = [
@ -395,19 +357,17 @@ resource "docker_container" "wiki" {
    container_path = "/data"
  }
-  labels {
+  // The last header is a workaround for double header traefik bug
    "traefik.frontend.rule"                          = "Host:wiki.${var.domain}"
    "traefik.frontend.passHostHeader"                = "true"
    "traefik.port"                                   = 9999
    "traefik.enable"                                 = "true"
    "traefik.frontend.headers.SSLTemporaryRedirect"  = "true"
    "traefik.frontend.headers.STSSeconds"            = "2592000"
    "traefik.frontend.headers.STSIncludeSubdomains"  = "false"
    "traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}||Referrer-Policy:${var.refpolicy}||X-Frame-Options:${var.xfo_allow}"
  }
  labels = "${merge(
    local.traefik_common_labels,
    map(
      "traefik.frontend.rule", "Host:wiki.${var.domain}",
      "traefik.frontend.passHostHeader", "true",
      "traefik.port", 9999,
      "traefik.frontend.headers.customResponseHeaders", "${var.xpoweredby}||Referrer-Policy:${var.refpolicy}||X-Frame-Options:${var.xfo_allow}",
    ))}"
  links = ["mongorocks"]
  env = [
    "WIKI_ADMIN_EMAIL=me@captnemo.in",
    "SESSION_SECRET=${var.wiki_session_secret}",
@ -428,20 +388,15 @@ resource "docker_container" "muximux" {
    container_path = "/config"
  }
-  labels {
+  labels = "${merge(
-    "traefik.frontend.rule"                          = "Host:home.in.${var.domain},home.${var.domain}"
+    local.traefik_common_labels,
-    "traefik.frontend.passHostHeader"                = "false"
+    map(
-    "traefik.frontend.auth.basic"                    = "${var.basic_auth}"
+      "traefik.port", 80,
-    "traefik.port"                                   = 80
+      "traefik.frontend.headers.frameDeny", "true",
-    "traefik.enable"                                 = "true"
+      "traefik.frontend.passHostHeader", "false",
-    "traefik.frontend.headers.SSLTemporaryRedirect"  = "true"
+      "traefik.frontend.auth.basic", "${var.basic_auth}",
-    "traefik.frontend.headers.STSSeconds"            = "2592000"
+      "traefik.frontend.rule", "Host:home.in.${var.domain},home.${var.domain}",
-    "traefik.frontend.headers.STSIncludeSubdomains"  = "false"
+    ))}"
    "traefik.frontend.headers.contentTypeNosniff"    = "true"
    "traefik.frontend.headers.browserXSSFilter"      = "true"
    "traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
    "traefik.frontend.headers.frameDeny"             = "true"
  }
  # lounge:tatooine
  env = [
@ -489,17 +444,12 @@ resource "docker_container" "cadvisor" {
    container_path = "/var/run"
  }
-  labels {
+  labels = "${merge(
-    "traefik.frontend.rule"                            = "Host:cadvisor.${var.domain}"
+    local.traefik_common_labels,
-    "traefik.frontend.auth.basic"                      = "${var.basic_auth}"
+    map(
-    "traefik.port"                                     = 8080
+
-    "traefik.enable"                                   = "true"
+      "traefik.frontend.passHostHeader", "true",
-    "traefik.frontend.headers.SSLTemporaryRedirect"    = "true"
+      "traefik.frontend.auth.basic", "${var.basic_auth}",
-    "traefik.frontend.headers.STSSeconds"              = "2592000"
+      "traefik.port", 8080,
-    "traefik.frontend.headers.STSIncludeSubdomains"    = "false"
+    ))}"
    "traefik.frontend.headers.contentTypeNosniff"      = "true"
    "traefik.frontend.headers.browserXSSFilter"        = "true"
    "traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
    "traefik.frontend.headers.customResponseHeaders"   = "${var.xpoweredby}"
  }
 }
--- a/docker/traefik.tf
+++ b/docker/traefik.tf
@ -10,9 +10,9 @@ resource "docker_container" "traefik" {
  }
  ports {
-    internal  = 1111
+    internal = 1111
-    external  = 1111
+    external = 1111
-    ip        = "${var.ips["tun0"]}"
+    ip       = "${var.ips["tun0"]}"
  }
  # Local Web Server