From dea37a5319999e4f4a66e81cbbad1cfe037b760d Mon Sep 17 00:00:00 2001 From: Nemo Date: Tue, 31 Jul 2018 14:07:08 +0530 Subject: [PATCH] Cleaner module for web configuration --- docker/data.tf | 4 ---- docker/debug.tf | 30 +++++++++--------------------- heimdall.tf | 20 ++++++++++++++++++++ heimdall/main.tf | 36 ------------------------------------ heimdall/variables.tf | 13 ------------- miniflux.tf | 8 +++++--- modules/container/main.tf | 14 ++++++++++---- modules/container/vars.tf | 32 +++++++++++++++++--------------- monicahq.tf | 7 ++++--- requestbin.tf | 9 +++++---- 10 files changed, 70 insertions(+), 103 deletions(-) create mode 100644 heimdall.tf delete mode 100644 heimdall/main.tf delete mode 100644 heimdall/variables.tf diff --git a/docker/data.tf b/docker/data.tf index 5571d19..eb7a06d 100644 --- a/docker/data.tf +++ b/docker/data.tf @@ -12,10 +12,6 @@ data "docker_registry_image" "ubooquity" { name = "linuxserver/ubooquity:latest" } -data "docker_registry_image" "headerdebug" { - name = "jmalloc/echo-server:latest" -} - data "docker_registry_image" "lychee" { name = "linuxserver/lychee:latest" } diff --git a/docker/debug.tf b/docker/debug.tf index c9b34a6..40011ef 100644 --- a/docker/debug.tf +++ b/docker/debug.tf @@ -1,23 +1,11 @@ -resource "docker_container" "headerdebug" { - name = "headerdebug" - image = "${docker_image.headerdebug.latest}" - restart = "unless-stopped" - destroy_grace_seconds = 30 - must_run = true - memory = 16 +module "echo-server" { + source = "../modules/container" + name = "echo-server" + image = "jmalloc/echo-server:latest" - labels = "${merge( - local.traefik_common_labels, - map( - "traefik.frontend.rule", "Host:debug.in.${var.domain},debug.${var.domain}", - "traefik.port", 8080, - "traefik.enable", "true", - ))}" -} - -# Helps debug traefik reverse proxy headers -# Highly recommended! -resource "docker_image" "headerdebug" { - name = "${data.docker_registry_image.headerdebug.name}" - pull_triggers = ["${data.docker_registry_image.headerdebug.sha256_digest}"] + web { + expose = true + port = 8080 + domain = "debug.${var.domain},debug.in.${var.domain}" + } } diff --git a/heimdall.tf b/heimdall.tf new file mode 100644 index 0000000..ac18600 --- /dev/null +++ b/heimdall.tf @@ -0,0 +1,20 @@ +module "heimdall" { + name = "heimdall" + source = "modules/container" + image = "linuxserver/heimdall:latest" + + // Default is port 80 + web { + expose = true + port = 443 + protocol = "https" + basicauth = "true" + host = "home.bb8.fun" + } + + networks = "${list(module.docker.traefik-network-id)}" + + env = [ + "TZ=Asia/Kolkata", + ] +} diff --git a/heimdall/main.tf b/heimdall/main.tf deleted file mode 100644 index 61028aa..0000000 --- a/heimdall/main.tf +++ /dev/null @@ -1,36 +0,0 @@ -data "docker_registry_image" "heimdall" { - name = "linuxserver/heimdall:latest" -} - -resource "docker_image" "heimdall" { - name = "${data.docker_registry_image.heimdall.name}" - pull_triggers = ["${data.docker_registry_image.heimdall.sha256_digest}"] -} - -resource "docker_container" "heimdall" { - name = "heimdall" - image = "${docker_image.heimdall.latest}" - - labels = "${merge( - var.traefik-labels, map( - "traefik.port", "443", - "traefik.protocol", "https", - "traefik.frontend.rule","Host:${var.domain}", - "traefik.frontend.auth.basic", "${var.auth-header}", - ))}" - - networks = ["${var.traefik-network-id}"] - - volumes { - host_path = "/mnt/xwing/config/heimdall" - container_path = "/config" - } - - env = [ - "TZ=Asia/Kolkata", - ] - - restart = "unless-stopped" - destroy_grace_seconds = 10 - must_run = true -} diff --git a/heimdall/variables.tf b/heimdall/variables.tf deleted file mode 100644 index c3f4e61..0000000 --- a/heimdall/variables.tf +++ /dev/null @@ -1,13 +0,0 @@ -variable "domain" { - type = "string" -} - -variable "auth-header" { - type = "string" -} - -variable "traefik-labels" { - type = "map" -} - -variable "traefik-network-id" {} diff --git a/miniflux.tf b/miniflux.tf index 6e44ed3..49a3967 100644 --- a/miniflux.tf +++ b/miniflux.tf @@ -3,9 +3,11 @@ module "miniflux-container" { source = "modules/container" image = "miniflux/miniflux:2.0.10" - expose-web = true - web-port = 8080 - web-domain = "rss.captnemo.in" + web { + expose = true + port = 8080 + host = "rss.captnemo.in" + } networks = "${list(module.docker.traefik-network-id,module.db.postgres-network-id)}" diff --git a/modules/container/main.tf b/modules/container/main.tf index e67b3af..00e07dd 100644 --- a/modules/container/main.tf +++ b/modules/container/main.tf @@ -17,12 +17,18 @@ resource "docker_container" "container" { entrypoint = "${var.entrypoint}" user = "${var.user}" networks = ["${var.networks}"] + memory = "${lookup(var.resource, "memory")}" - labels = "${merge(var.labels, var.expose-web ? + // Only add traefik labels if web.expose=true + // Only add basicauth config if web.basicauth=true + labels = "${merge(var.labels, lookup(var.web, "expose", "false") ? merge(local.traefik-common-labels, map( - "traefik.port", var.web-port, - "traefik.frontend.rule", "Host:${var.web-domain}", - )) : map())}" + "traefik.port", lookup(var.web, "port", "80"), + "traefik.frontend.rule", "Host:${lookup(var.web, "host", "")}", + "traefik.protocol", lookup(var.web, "protocol", "http"), + )) : map(), lookup(var.web, "basicauth", "false") ? map( + "traefik.frontend.auth.basic", var.auth-header + ) : map())}" destroy_grace_seconds = "${var.destroy_grace_seconds}" must_run = "${var.must_run}" diff --git a/modules/container/vars.tf b/modules/container/vars.tf index d987f54..685c6f5 100644 --- a/modules/container/vars.tf +++ b/modules/container/vars.tf @@ -64,24 +64,26 @@ variable "xpoweredby" { default = "X-Powered-By:Allomancy||X-Server:Blackbox" } -variable "expose-web" { - description = "Whether to expose the application on the web" - default = "false" +variable "web" { + description = "Web Configuration" + + default = { + expose = "false" + port = "80" + host = "" + protocol = "http" + basicauth = "false" + } } -variable "web-port" { - description = "Port to expose using traefik" - default = "80" - type = "string" +variable "auth-header" { + default = "tatooine:$2y$05$iPbatint3Gulbs6kUtyALO9Yq5sBJ..aiF82bcIziH4ytz9nFoPr6,reddit:$2y$05$ghKxSydYCpAT8r2VVMDmWO/BBecghGfLsRJUkr3ii7XxPyxBqp8Oy" } -variable "web-domain" { - description = "Domain to use while exposing the application" - default = "" - type = "string" -} +variable "resource" { + description = "Resource usage for the container" -variable "web-basicauth" { - description = "Whether to add basic auth check on the application" - default = "false" + default = { + memory = "" + } } diff --git a/monicahq.tf b/monicahq.tf index d3df47a..fdd2be3 100644 --- a/monicahq.tf +++ b/monicahq.tf @@ -3,9 +3,10 @@ module "monicahq-container" { source = "modules/container" image = "monicahq/monicahq:latest" - // Default is port 80 - expose-web = true - web-domain = "monica.${var.root-domain}" + web { + expose = true + host = "monica.${var.root-domain}" + } networks = "${list(module.docker.traefik-network-id,module.db.postgres-network-id)}" diff --git a/requestbin.tf b/requestbin.tf index ebfd84a..596d1fd 100644 --- a/requestbin.tf +++ b/requestbin.tf @@ -4,11 +4,12 @@ module "requestbin" { image = "jankysolutions/requestbin:latest" // Default is port 80 - expose-web = true - web-domain = "requestbin.${var.root-domain}" - - networks = "${list(module.docker.traefik-network-id)}" + web { + expose = true + host = "requestbin.${var.root-domain}" + } + networks = "${list(module.docker.traefik-network-id)}" destroy_grace_seconds = 10 must_run = true }