Cleaner module for web configuration

docker/data.tf

@@ -12,10 +12,6 @@ data "docker_registry_image" "ubooquity" {
   name = "linuxserver/ubooquity:latest"
 }
 
-data "docker_registry_image" "headerdebug" {
-  name = "jmalloc/echo-server:latest"
-}
-
 data "docker_registry_image" "lychee" {
   name = "linuxserver/lychee:latest"
 }

docker/debug.tf

@@ -1,23 +1,11 @@
-resource "docker_container" "headerdebug" {
+module "echo-server" {
-  name                  = "headerdebug"
+  source = "../modules/container"
-  image                 = "${docker_image.headerdebug.latest}"
+  name   = "echo-server"
-  restart               = "unless-stopped"
+  image  = "jmalloc/echo-server:latest"
-  destroy_grace_seconds = 30
-  must_run              = true
-  memory                = 16
 
-  labels = "${merge(
+  web {
-    local.traefik_common_labels,
+    expose = true
-    map(
+    port   = 8080
-      "traefik.frontend.rule", "Host:debug.in.${var.domain},debug.${var.domain}",
+    domain = "debug.${var.domain},debug.in.${var.domain}"
-      "traefik.port", 8080,
+  }
-      "traefik.enable", "true",
-    ))}"
-}
-
-# Helps debug traefik reverse proxy headers
-# Highly recommended!
-resource "docker_image" "headerdebug" {
-  name          = "${data.docker_registry_image.headerdebug.name}"
-  pull_triggers = ["${data.docker_registry_image.headerdebug.sha256_digest}"]
 }

heimdall.tf

@@ -0,0 +1,20 @@
+module "heimdall" {
+  name   = "heimdall"
+  source = "modules/container"
+  image  = "linuxserver/heimdall:latest"
+
+  // Default is port 80
+  web {
+    expose    = true
+    port      = 443
+    protocol  = "https"
+    basicauth = "true"
+    host      = "home.bb8.fun"
+  }
+
+  networks = "${list(module.docker.traefik-network-id)}"
+
+  env = [
+    "TZ=Asia/Kolkata",
+  ]
+}

heimdall/main.tf

@@ -1,36 +0,0 @@
-data "docker_registry_image" "heimdall" {
-  name = "linuxserver/heimdall:latest"
-}
-
-resource "docker_image" "heimdall" {
-  name          = "${data.docker_registry_image.heimdall.name}"
-  pull_triggers = ["${data.docker_registry_image.heimdall.sha256_digest}"]
-}
-
-resource "docker_container" "heimdall" {
-  name  = "heimdall"
-  image = "${docker_image.heimdall.latest}"
-
-  labels = "${merge(
-    var.traefik-labels, map(
-      "traefik.port", "443",
-      "traefik.protocol", "https",
-      "traefik.frontend.rule","Host:${var.domain}",
-      "traefik.frontend.auth.basic", "${var.auth-header}",
-  ))}"
-
-  networks = ["${var.traefik-network-id}"]
-
-  volumes {
-    host_path      = "/mnt/xwing/config/heimdall"
-    container_path = "/config"
-  }
-
-  env = [
-    "TZ=Asia/Kolkata",
-  ]
-
-  restart               = "unless-stopped"
-  destroy_grace_seconds = 10
-  must_run              = true
-}

heimdall/variables.tf

@@ -1,13 +0,0 @@
-variable "domain" {
-  type = "string"
-}
-
-variable "auth-header" {
-  type = "string"
-}
-
-variable "traefik-labels" {
-  type = "map"
-}
-
-variable "traefik-network-id" {}

miniflux.tf

@@ -3,9 +3,11 @@ module "miniflux-container" {
   source = "modules/container"
   image  = "miniflux/miniflux:2.0.10"
 
-  expose-web = true
+  web {
-  web-port   = 8080
+    expose = true
-  web-domain = "rss.captnemo.in"
+    port   = 8080
+    host   = "rss.captnemo.in"
+  }
 
   networks = "${list(module.docker.traefik-network-id,module.db.postgres-network-id)}"
 

modules/container/main.tf

@@ -17,12 +17,18 @@ resource "docker_container" "container" {
   entrypoint = "${var.entrypoint}"
   user       = "${var.user}"
   networks   = ["${var.networks}"]
+  memory     = "${lookup(var.resource, "memory")}"
 
-  labels = "${merge(var.labels, var.expose-web ?
+  // Only add traefik labels if web.expose=true
+  // Only add basicauth config if web.basicauth=true
+  labels = "${merge(var.labels, lookup(var.web, "expose", "false") ?
     merge(local.traefik-common-labels, map(
-      "traefik.port", var.web-port,
+      "traefik.port", lookup(var.web, "port", "80"),
-      "traefik.frontend.rule", "Host:${var.web-domain}",
+      "traefik.frontend.rule", "Host:${lookup(var.web, "host", "")}",
-    )) : map())}"
+      "traefik.protocol", lookup(var.web, "protocol", "http"),
+    )) : map(), lookup(var.web, "basicauth", "false") ? map(
+      "traefik.frontend.auth.basic", var.auth-header
+    ) : map())}"
 
   destroy_grace_seconds = "${var.destroy_grace_seconds}"
   must_run              = "${var.must_run}"

modules/container/vars.tf

@@ -64,24 +64,26 @@ variable "xpoweredby" {
   default = "X-Powered-By:Allomancy||X-Server:Blackbox"
 }
 
-variable "expose-web" {
+variable "web" {
-  description = "Whether to expose the application on the web"
+  description = "Web Configuration"
-  default     = "false"
+
+  default = {
+    expose    = "false"
+    port      = "80"
+    host      = ""
+    protocol  = "http"
+    basicauth = "false"
+  }
 }
 
-variable "web-port" {
+variable "auth-header" {
-  description = "Port to expose using traefik"
+  default = "tatooine:$2y$05$iPbatint3Gulbs6kUtyALO9Yq5sBJ..aiF82bcIziH4ytz9nFoPr6,reddit:$2y$05$ghKxSydYCpAT8r2VVMDmWO/BBecghGfLsRJUkr3ii7XxPyxBqp8Oy"
-  default     = "80"
-  type        = "string"
 }
 
-variable "web-domain" {
+variable "resource" {
-  description = "Domain to use while exposing the application"
+  description = "Resource usage for the container"
-  default     = ""
-  type        = "string"
-}
 
-variable "web-basicauth" {
+  default = {
-  description = "Whether to add basic auth check on the application"
+    memory = ""
-  default     = "false"
+  }
 }

monicahq.tf

@@ -3,9 +3,10 @@ module "monicahq-container" {
   source = "modules/container"
   image  = "monicahq/monicahq:latest"
 
-  // Default is port 80
+  web {
-  expose-web = true
+    expose = true
-  web-domain = "monica.${var.root-domain}"
+    host   = "monica.${var.root-domain}"
+  }
 
   networks = "${list(module.docker.traefik-network-id,module.db.postgres-network-id)}"
 

requestbin.tf

@@ -4,11 +4,12 @@ module "requestbin" {
   image  = "jankysolutions/requestbin:latest"
 
   // Default is port 80
-  expose-web = true
+  web {
-  web-domain = "requestbin.${var.root-domain}"
+    expose = true
-
+    host   = "requestbin.${var.root-domain}"
-  networks = "${list(module.docker.traefik-network-id)}"
+  }
 
+  networks              = "${list(module.docker.traefik-network-id)}"
   destroy_grace_seconds = 10
   must_run              = true
 }