Switch to common traefik labels for radicale

2018-02-06 20:02:25 +05:30 · 2018-02-06 20:02:25 +05:30 · 85832d4ad0
parent b89320a185
commit 85832d4ad0
4 changed files with 33 additions and 13 deletions
--- a/main.tf
+++ b/main.tf
@ -29,8 +29,9 @@ module "docker" {
 }

 module "radicale" {
-  source = "radicale"
-  domain = "radicale.bb8.fun"
+  source         = "radicale"
+  domain         = "radicale.bb8.fun"
+  traefik-labels = "${var.traefik-common-labels}"
 }

 module "tt-rss" {
--- a/radicale/main.tf
+++ b/radicale/main.tf
@ -11,17 +11,11 @@ resource docker_container "radicale" {
  name  = "radicale"
  image = "${docker_image.radicale.latest}"

-  labels {
-    "traefik.port"                                  = 5232
-    "traefik.enable"                                = "true"
-    "traefik.frontend.headers.SSLTemporaryRedirect" = "true"
-    "traefik.frontend.headers.STSSeconds"           = "2592000"
-    "traefik.frontend.headers.STSIncludeSubdomains" = "false"
-    "traefik.frontend.headers.contentTypeNosniff"   = "true"
-    "traefik.frontend.headers.browserXSSFilter"     = "true"
-    "traefik.frontend.passHostHeader"               = "true"
-    "traefik.frontend.rule"                         = "Host:${var.domain}"
-  }
+  labels = "${merge(
+    var.traefik-labels, map(
+      "traefik.port", 5232,
+      "traefik.frontend.rule","Host:${var.domain}"
+  ))}"

  volumes {
    host_path      = "/mnt/xwing/data/radicale"
--- a/radicale/variables.tf
+++ b/radicale/variables.tf
@ -1,3 +1,7 @@
 variable "domain" {
  type = "string"
 }
+
+variable "traefik-labels" {
+  type = "map"
+}
--- a/variables.tf
+++ b/variables.tf
@ -45,3 +45,24 @@ variable "gitea-secret-key" {}
 variable "gitea-internal-token" {}
 variable "gitea-smtp-password" {}
 variable "digitalocean-token" {}
+
+variable "traefik-common-labels" {
+  type = "map"
+
+  default = {
+    "traefik.enable" = "true"
+
+    // HSTS
+    "traefik.frontend.headers.SSLTemporaryRedirect" = "true"
+    "traefik.frontend.headers.STSSeconds"           = "2592000"
+    "traefik.frontend.headers.STSIncludeSubdomains" = "false"
+
+    // X-Powered-By, Server headers
+    "traefik.frontend.headers.customResponseHeaders" = "X-Powered-By:Allomancy||X-Server:Blackbox"
+
+    // X-Frame-Options
+    "traefik.frontend.headers.customFrameOptionsValue" = "ALLOW-FROM https://home.bb8.fun/"
+    "traefik.frontend.headers.contentTypeNosniff"      = "true"
+    "traefik.frontend.headers.browserXSSFilter"        = "true"
+  }
+}