Compare commits
247 Commits
timemachin
...
master
Author | SHA1 | Date | |
---|---|---|---|
bd95967113 | |||
3f3f0fd55c | |||
1b1bbcabbc | |||
dfd0f94662 | |||
09c1094fc5 | |||
29368acfed | |||
e18d8b11b1 | |||
1feaf2e4f6 | |||
2c52cd0cb7 | |||
b83dd37365 | |||
af2be53caa | |||
9e8c5710f2 | |||
e4858d5d05 | |||
d59512c625 | |||
4a4504447f | |||
9b316b036b | |||
f9b52957a8 | |||
9b79cab3af | |||
5bd44d411f | |||
406f4557fe | |||
938ed017c9 | |||
4f2a5b2cb4 | |||
ecaacaf3a5 | |||
af20a4efb9 | |||
18f32691f6 | |||
eb1c40df6e | |||
4b6b07c09a | |||
48b93bf25d | |||
8a894175a9 | |||
30fd75ae52 | |||
9f6048a971 | |||
442ec2d5d3 | |||
9f04ebe4c4 | |||
587b6258bb | |||
da4fc888ef | |||
10ba57590b | |||
8a0ead5bb0 | |||
36996a0ace | |||
24079f41a2 | |||
51dd19cdc8 | |||
1235775ed0 | |||
ffa2517903 | |||
ba763d585c | |||
f6b1954e8f | |||
137eb3469f | |||
8d7875d174 | |||
9273447567 | |||
eae805e596 | |||
c6ebee47d7 | |||
1a0021fb31 | |||
42a264c7bd | |||
09baca2819 | |||
d25573f4b0 | |||
6cb2ffa736 | |||
d90a67539f | |||
a532831de9 | |||
2d2348f34f | |||
114bb27349 | |||
add21ccdac | |||
c3584a8f56 | |||
20cd656e04 | |||
373793fcb5 | |||
4922bd098f | |||
735279b0c1 | |||
86db1b2da9 | |||
1a234f5025 | |||
f02ee532ad | |||
557a0af80d | |||
2b617967a3 | |||
cce99c0b6a | |||
42ab949caf | |||
d4370f2b56 | |||
0633f6113f | |||
4336814bac | |||
975c48094f | |||
8900b2d2be | |||
2b2b68f722 | |||
da53ac8f1a | |||
125f4cecaf | |||
273b75841c | |||
c890430913 | |||
1617061f51 | |||
63facbde70 | |||
c5677d0fa4 | |||
77afa90a64 | |||
bd27db6aa6 | |||
ae073752a1 | |||
b862c78ec9 | |||
c066e62ee0 | |||
c152ec65df | |||
4c55f5dd0f | |||
d748e65a37 | |||
3bc9e40b61 | |||
1bc37d72a6 | |||
37bb59eda3 | |||
07d44ca39a | |||
c9b9205496 | |||
071a16dc94 | |||
d9ef272286 | |||
114487fc1e | |||
c2e029fb4f | |||
0ce0753d5f | |||
ff3b56231b | |||
ace703fc1f | |||
d7a6d06ec2 | |||
6362702c51 | |||
4fe34b183a | |||
16a5a26123 | |||
2b53a6a512 | |||
6ec37264dc | |||
995fb96611 | |||
435e166cd9 | |||
ae985e01a7 | |||
e4b3620de5 | |||
83eb97c8db | |||
40b967edce | |||
f85692da9e | |||
97300459fd | |||
80ce34d52f | |||
86f2edc112 | |||
53f3c87600 | |||
23cf15b8a9 | |||
ff8efd3139 | |||
6586244fa8 | |||
0956877ac7 | |||
a3dec142ad | |||
94f9a23b4f | |||
5949a9448a | |||
6f6c4f974e | |||
2a12c17948 | |||
6deddebe48 | |||
524949c8e5 | |||
7214355a89 | |||
97ef9179e4 | |||
789c9c5d3f | |||
86c0613d28 | |||
9b40bfd341 | |||
6eceb1d6c9 | |||
0792c36f64 | |||
4b5747abd3 | |||
fa99d0de64 | |||
96545fe564 | |||
66a7e8cc46 | |||
9aadf62b5d | |||
54bcb8b8a9 | |||
93af050523 | |||
d1d3506e7b | |||
1b61a07c55 | |||
245806ca8d | |||
18164d175e | |||
87ce9743b3 | |||
3b1a7a52e8 | |||
7d7ea22b31 | |||
c57b4b2c72 | |||
809755e10d | |||
7a3f456feb | |||
b1ddd5e562 | |||
a7c9a3fe3c | |||
167e58f8de | |||
2fb18878ca | |||
aff21bf142 | |||
47a34095c6 | |||
6646320d74 | |||
840ce49e98 | |||
2f08ef00a4 | |||
ebe3ecbd9e | |||
9a5bf0a8b9 | |||
cbd36ca1e7 | |||
ef26f51613 | |||
e8dcd00e87 | |||
6ef8783ba3 | |||
dea37a5319 | |||
30853ee5aa | |||
1c75fe486b | |||
8356ebd672 | |||
3322870a53 | |||
1f545f3117 | |||
40efbf6504 | |||
5eecce56a3 | |||
aa7c9047e9 | |||
97ff4a28a5 | |||
3ab14e79e5 | |||
1353fd2c61 | |||
7e76f319a7 | |||
25d5a86d22 | |||
53bfd99ad5 | |||
c44c8f0249 | |||
cd33034826 | |||
757c52622a | |||
393a956fbf | |||
0dd428e4dc | |||
453e976d85 | |||
259aa69f8f | |||
04281c5702 | |||
2198faf77b | |||
1487d1e129 | |||
b4447c7b8d | |||
022f8f7ce6 | |||
3f9d4b6e9d | |||
c7e2cc043f | |||
d91ae4d87d | |||
21df4ceea6 | |||
fb6688a3b4 | |||
22245839ce | |||
ee54248ae0 | |||
76343d991d | |||
b9965f2092 | |||
c3c5c7d0bc | |||
bde455f0c3 | |||
d9a6c5fdf1 | |||
1a714d87b2 | |||
8efb575290 | |||
66ae57a3c5 | |||
4c8486f6b9 | |||
39d8d5f966 | |||
3a111b6c32 | |||
abe774561e | |||
92083c7e8a | |||
b52875d3fb | |||
0c7a43b646 | |||
99beeb57e3 | |||
161f1991f6 | |||
ec5ee3debc | |||
5f47a08bb5 | |||
47e27ee658 | |||
05c0a9e6e5 | |||
8fe2d16fb7 | |||
636f3c534e | |||
47073f4f7b | |||
a74efc6fba | |||
b05bd3bd8b | |||
452c7d5b79 | |||
c1dc9c86c7 | |||
19dc775c5c | |||
bfe493c794 | |||
67620b75c1 | |||
aa70016612 | |||
479faf6863 | |||
9b1c4d9055 | |||
fd1c7f1dcc | |||
1be61eadae | |||
36c04c5ad3 | |||
ac8aa32ef3 | |||
1f515b36f0 | |||
5cbc438ff6 | |||
3fef15503e | |||
3dae8f3a27 |
5
.gitignore
vendored
5
.gitignore
vendored
@ -3,6 +3,11 @@
|
|||||||
.terraform
|
.terraform
|
||||||
*.tfstate
|
*.tfstate
|
||||||
*.tfstate.backup
|
*.tfstate.backup
|
||||||
|
*.terraform.lock.hcl
|
||||||
*.out
|
*.out
|
||||||
*.backup
|
*.backup
|
||||||
secrets
|
secrets
|
||||||
|
k8s/
|
||||||
|
k8s2/
|
||||||
|
docker/conf/wiki.yml
|
||||||
|
plan
|
||||||
|
1
.terraform-version
Normal file
1
.terraform-version
Normal file
@ -0,0 +1 @@
|
|||||||
|
1.3.6
|
18
HACKING.md
Normal file
18
HACKING.md
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
# Hacking on the thing
|
||||||
|
|
||||||
|
Generate certs as per:
|
||||||
|
|
||||||
|
https://gist.github.com/captn3m0/2c2e723b2dcd5cdaad733aad12be59a2
|
||||||
|
|
||||||
|
Copy ca.pem, server-cert.pem, server-key.pem to /etc/docker/certs.
|
||||||
|
|
||||||
|
Make sure server-key.pem is 0400 in permissions.
|
||||||
|
|
||||||
|
Run `systemctl edit docker`
|
||||||
|
|
||||||
|
````
|
||||||
|
/etc/systemd/system/docker.service.d/override.conf
|
||||||
|
[Service]
|
||||||
|
ExecStart=
|
||||||
|
ExecStart=/usr/bin/dockerd --tlsverify --tlscacert=/etc/docker/certs/ca.pem --tlscert=/etc/docker/certs/server-cert.pem --tlskey=/etc/docker/certs/server-key.pem -H=0.0.0.0:2376 -H unix:///var/run/docker.sock
|
||||||
|
````
|
147
README.md
147
README.md
@ -2,109 +2,106 @@
|
|||||||
|
|
||||||
![Nebula header image](https://cdn.spacetelescope.org/archives/images/thumb700x/heic0707a.jpg)
|
![Nebula header image](https://cdn.spacetelescope.org/archives/images/thumb700x/heic0707a.jpg)
|
||||||
|
|
||||||
>Where stars are born.
|
> Where stars are born.
|
||||||
|
|
||||||
Manages the local infrastructure of my home server. I'm also doing blog posts around the same:
|
Manages the local infrastructure of my home server. I'm also doing blog posts around the same:
|
||||||
|
|
||||||
1. [Part 1, Hardware](https://captnemo.in/blog/2017/09/17/home-server-build/)
|
1. [Part 1, Hardware](https://captnemo.in/blog/2017/09/17/home-server-build/)
|
||||||
2. [Part 2, Terraform/Docker](https://captnemo.in/blog/2017/11/09/home-server-update/)
|
2. [Part 2, Terraform/Docker](https://captnemo.in/blog/2017/11/09/home-server-update/)
|
||||||
3. [Part 3, Learnings](https://captnemo.in/blog/2017/12/18/home-server-learnings/)
|
3. [Part 3, Learnings](https://captnemo.in/blog/2017/12/18/home-server-learnings/)
|
||||||
4. [Part 4, Migrating from Google (and more)](https://captnemo.in/blog/2017/12/31/migrating-from-google/)
|
4. [Part 4, Migrating from Google (and more)](https://captnemo.in/blog/2017/12/31/migrating-from-google/)
|
||||||
|
5. [Part 5, Networking](https://captnemo.in/blog/2018/04/22/home-server-networking/)
|
||||||
|
6. [Part 6, RAID](https://captnemo.in/blog/2019/02/24/btrfs-raid-device-replacement-story/)
|
||||||
|
|
||||||
The canonical URL for this repo is https://git.captnemo.in/nemo/nebula/. A mirror is maintained on GitHub.
|
The canonical URL for this repo is https://git.captnemo.in/nemo/nebula/. A mirror is maintained on GitHub at <https://github.com/captn3m0/nebula>
|
||||||
|
|
||||||
# modules
|
# modules
|
||||||
|
|
||||||
1. docker: to actually run the services. Catch-all for miscellaneous containers
|
1. docker: to actually run the services. Catch-all for miscellaneous containers
|
||||||
2. cloudflare: to manage the DNS.
|
2. cloudflare: to manage the DNS.
|
||||||
3. mysql: to create mysql users and databases.
|
3. mysql: to create mysql users and databases.
|
||||||
4. media: Media related containers (Jackett, Lidarr, Radarr, Sonarr, Daapd)
|
4. media: Media related containers (Jackett, Lidarr, Radarr, Sonarr)
|
||||||
5. Monitoring: Monitoring related resources (Cadvisor, Grafana, NodeExporter, Prometheus, Transmission-Exporter)
|
5. Monitoring: Monitoring related resources (Cadvisor, Grafana, NodeExporter, Prometheus, Transmission-Exporter)
|
||||||
6. Gitea: Just git.captnemo.in
|
6. Gitea: Just git.captnemo.in
|
||||||
7. tt-rss: Tiny-Tiny RSS Web reader
|
7. miniflux: RSS Web reader
|
||||||
8. Radicale: CardDav/CalDav webserver
|
8. Radicale: CardDav/CalDav webserver
|
||||||
|
|
||||||
Self-learning project for terraform/docker.
|
Self-learning project for terraform/docker.
|
||||||
|
|
||||||
# Planned
|
# Planned
|
||||||
|
|
||||||
1. ~Setup DigitalOcean~
|
1. ~Setup DigitalOcean~
|
||||||
2. Add DO infrastructure via ansible
|
2. Add DO infrastructure via ansible
|
||||||
3. ~Add traefik for proper proxying~
|
3. ~Add traefik for proper proxying~
|
||||||
4. Maybe add docker swarm (or k8s?) across both the servers. Might setup the k8s API on the Raspberry Pi.
|
4. Maybe add docker swarm (or k8s?) across both the servers. Might setup the k8s API on the Raspberry Pi.
|
||||||
|
|
||||||
# Service List
|
# Service List
|
||||||
|
|
||||||
Currently running the following (all links are to the `store.docker.com` links for the docker images that I'm using:
|
Currently running the following (all links are to the `store.docker.com` links for the docker images that I'm using:
|
||||||
|
|
||||||
## Databases
|
| image | tag | module/link |
|
||||||
|
| -------------------------------- | ---------- | ---------------------------------------------------- |
|
||||||
|
| captn3m0/opml-gen | latest | https://opml.bb8.fun |
|
||||||
|
| captn3m0/rss-bridge | latest | https://github.com/RSS-Bridge/rss-bridge |
|
||||||
|
| captn3m0/speedtest-exporter | alpine | https://github.com/stefanwalther/speedtest-exporter |
|
||||||
|
| emby/embyserver | latest | https://emby.media |
|
||||||
|
| gitea/gitea | 1.5.0-rc1 | services |
|
||||||
|
| google/cadvisor | latest | monitoring |
|
||||||
|
| grafana/grafana | latest | monitoring |
|
||||||
|
| jankysolutions/requestbin | latest | tools |
|
||||||
|
| linuxserver/airsonic | latest | media |
|
||||||
|
| linuxserver/jackett | latest | media |
|
||||||
|
| linuxserver/lidarr | latest | media |
|
||||||
|
| linuxserver/lychee | latest | media |
|
||||||
|
| linuxserver/radarr | latest | media |
|
||||||
|
| linuxserver/sonarr | latest | media |
|
||||||
|
| linuxserver/transmission | latest | media |
|
||||||
|
| linuxserver/ubooquity | latest | media |
|
||||||
|
| miniflux/miniflux | 2.0.9 | tools |
|
||||||
|
| postgres | 10-alpine | database |
|
||||||
|
| prom/node-exporter | v0.15.2 | monitoring |
|
||||||
|
| prom/prometheus | latest | monitoring |
|
||||||
|
| requarks/wiki | latest | services |
|
||||||
|
| serjs/go-socks5-proxy | latest | tools |
|
||||||
|
| tocttou/gotviz | latest | na |
|
||||||
|
| tomsquest/docker-radicale | latest | services |
|
||||||
|
| traefik | 1.6-alpine | plumbing |
|
||||||
|
|
||||||
- [MariaDB](https://store.docker.com/images/mariadb) for a simple database backend
|
## Docker Notes
|
||||||
- [MongoRocks](https://store.docker.com/community/images/jadsonlourenco/mongo-rocks) as a mongoDB server. Uses RocksDB as the backend
|
|
||||||
|
|
||||||
## Media
|
- Lots of the above images are from the excellent [LinuxServer.io](https://www.linuxserver.io), and they're doing great work :+1:
|
||||||
|
- Most images are running the latest beta (if available) or stable versions.
|
||||||
- [Emby](https://store.docker.com/community/images/emby/embyserver) Media Server
|
- Traefik is running with wildcard certificates.
|
||||||
- ~[CouchPotato](https://store.docker.com/community/images/linuxserver/couchpotato), auto-download movies~
|
|
||||||
- [Radarr](https://store.docker.com/community/images/linuxserver/radarr), auto-download movies
|
|
||||||
- [Sonarr](https://store.docker.com/community/images/linuxserver/sonarr), auto-download TV Shows
|
|
||||||
- [Transmission](https://store.docker.com/community/images/linuxserver/transmission), to download torrents
|
|
||||||
- [AirSonic](https://store.docker.com/community/images/airsonic/airsonic), for a music server
|
|
||||||
- [Ubooquity](https://store.docker.com/community/images/linuxserver/ubooquity), EBooks server with OPDS support
|
|
||||||
- [Lychee](https://store.docker.com/community/images/linuxserver/lychee), as a simple image-sharing/hosting service
|
|
||||||
|
|
||||||
## Plumbing
|
|
||||||
|
|
||||||
- [Traefik](https://store.docker.com/images/traefik) as a reverse-proxy server, and TLS termination
|
|
||||||
- [CAdvisor](https://store.docker.com/community/images/google/cadvisor), for basic monitoring
|
|
||||||
|
|
||||||
## Misc
|
|
||||||
|
|
||||||
- [Wiki.JS](https://store.docker.com/community/images/requarks/wiki) as a simple home-wiki
|
|
||||||
- [Radicale](https://store.docker.com/community/images/tomsquest/docker-radicale), for a CalDav/Carddav server
|
|
||||||
- [Gitea](https://store.docker.com/community/images/gitea/gitea), git server
|
|
||||||
|
|
||||||
Lots of the above images are from the excellent [LinuxServer.io](https://www.linuxserver.io), and they're doing great work :+1:
|
|
||||||
|
|
||||||
## Security Headers Note
|
|
||||||
|
|
||||||
The following security headers are applied using traefik on all traefik frontend docker backends:
|
|
||||||
|
|
||||||
- HSTS
|
|
||||||
- Redirect HTTP->HTTPS
|
|
||||||
- contentTypeNosniff: true
|
|
||||||
- browserXSSFilter: true
|
|
||||||
- XFO: Allow-From home.bb8.fun
|
|
||||||
- referrerPolicy: no-referrer
|
|
||||||
- X-Powered-By: Allomancy
|
|
||||||
- X-Server: BlackBox
|
|
||||||
- X-Clacks-Overhead "GNU Terry Pratchett" (On some domains)
|
|
||||||
|
|
||||||
~~Currently waiting on traefik 1.5.0-rc2 to fix security specific headers issue (marked as TODO above).~~ (Now resolved with new traefik release)
|
|
||||||
|
|
||||||
## Upstream
|
## Upstream
|
||||||
|
|
||||||
Issues I've faced/reported as a result of this project:
|
I've been using this as a contributing opportunity and reporting/fixing issues upstream:
|
||||||
|
|
||||||
1. Airsonic HTTPS proxying is broken. Reported: https://github.com/airsonic/airsonic/issues/641. Turned out to be a known issue: https://github.com/airsonic/airsonic/issues/594.
|
1. Airsonic HTTPS proxying is broken. Reported: https://github.com/airsonic/airsonic/issues/641. Turned out to be a known issue: https://github.com/airsonic/airsonic/issues/594. Now fixed.
|
||||||
2. Traefik docker backend security headers were broken with dashes. Reported at https://github.com/containous/traefik/issues/2493, and fixed by https://github.com/containous/traefik/pull/2496 :white_check_mark:
|
2. Traefik docker backend security headers were broken with dashes. I [reported it here](https://github.com/containous/traefik/issues/2493), and fixed by https://github.com/containous/traefik/pull/2496 :white_check_mark:
|
||||||
3. Headphones dies repeatedly with no error logs. Yet-to-report. (Already reported, fails due to classical artists)
|
3. Headphones dies repeatedly with no error logs. Yet-to-report. (Already reported, fails due to classical artists)
|
||||||
4. Terraform doesn't parse mariadb version numbers. Report: https://github.com/terraform-providers/terraform-provider-mysql/issues/6. Got this fixed myself by filing a PR: https://github.com/hashicorp/go-version/pull/34. Another PR pending in the [provider](https://github.com/terraform-providers/terraform-provider-mysql/pull/27) to bump the go-version dependency. :white_check_mark:
|
4. Terraform doesn't parse mariadb version numbers. Report: https://github.com/terraform-providers/terraform-provider-mysql/issues/6. Filed a [PR to fix](https://github.com/hashicorp/go-version/pull/34) and [to bump the go-version dependency](https://github.com/terraform-providers/terraform-provider-mysql/pull/27) :white_check_mark:
|
||||||
5. `elibsrv` didn't support ebook-convert, only mobigen. PR is at https://github.com/captn3m0/elibsrv/pull/1. I've to get this merged upstream for the next release.
|
5. `elibsrv` didn't support ebook-convert, only mobigen. PR is at https://github.com/captn3m0/elibsrv/pull/1. Merged to `elibsrv` trunk, will be part of next release.
|
||||||
6. `ubooquity` docker container doesn't let you set admin password: https://github.com/linuxserver/docker-ubooquity/issues/17. (Couldn't reproduce, closed) :white_check_mark:
|
6. `ubooquity` docker container doesn't let you set admin password: https://github.com/linuxserver/docker-ubooquity/issues/17. (Couldn't reproduce, closed) :white_check_mark:
|
||||||
7. Traefik customresponseheaders can't contain colons on the docker backend: https://github.com/containous/traefik/issues/2517. Fixed with https://github.com/containous/traefik/pull/2509 :white_check_mark:
|
7. Traefik customresponseheaders can't contain colons on the docker backend: https://github.com/containous/traefik/issues/2517. Fixed with https://github.com/containous/traefik/pull/2509 :white_check_mark:
|
||||||
8. Traefik Security headers don't overwrite upstream headers: https://github.com/containous/traefik/issues/2618
|
8. Traefik Security headers don't overwrite upstream headers: https://github.com/containous/traefik/issues/2618 :white_check_mark:
|
||||||
9. Transmission exporter broke with different data types while unmarshalling JSON in go. I filed a PR https://github.com/metalmatze/transmission-exporter/pull/2
|
9. Transmission exporter broke with different data types while unmarshalling JSON in go. I filed a PR https://github.com/metalmatze/transmission-exporter/pull/2 :white_check_mark:
|
||||||
|
10. Radarr official docker container was [running a very old `mediainfo`](https://github.com/Radarr/Radarr/issues/2668#issuecomment-376310514). [Filed a fix to upgrade `mediainfo` on the official radarr image](https://github.com/linuxserver/docker-baseimage-mono/pull/3) :white_check_mark:
|
||||||
|
11. Patched the [speedtest-exporter](https://github.com/stefanwalther/speedtest-exporter/pull/7) to use Alpine and upgraded Node.JS for a smaller updated build.
|
||||||
|
12. Faced (4) above again because mariadb decided to add `:` in the version response. [Workaround was to force set `--version=10.3-mariadb`](https://git.captnemo.in/nemo/nebula/commit/5f47a08bb55eea2c708c41668657ac1efa84c72a)
|
||||||
|
13. Reported [2 critical security issues in Abstruse CI](https://github.com/bleenco/abstruse/issues/363). :white_check_mark:
|
||||||
|
14. Faced (13) above again with postgres, thankfully [someone already fixed version parsing](https://github.com/terraform-providers/terraform-provider-postgresql/pull/31) :white_check_mark:
|
||||||
|
15. RSS Bridge was missing an official Docker Image. [I Filed a PR](https://github.com/RSS-Bridge/rss-bridge/pull/720) :white_check_mark:
|
||||||
|
|
||||||
# Plumbing
|
# Plumbing
|
||||||
|
|
||||||
Their is a lot of additional infrastructure that is _not-yet_ part of this repo. This includes:
|
Their is a lot of additional infrastructure that is _not-yet_ part of this repo. This includes:
|
||||||
|
|
||||||
1. The Digital Ocean droplet running DNSCrypt and simpleproxy to proxy over a openvpn connection to this box.
|
1. The Digital Ocean droplet running DNSCrypt and simpleproxy to proxy over a openvpn connection to this box.
|
||||||
2. openbox, kodi configuration to run on boot along with the Steam Controller for the HTPC setup
|
2. openbox, kodi configuration to run on boot along with the Steam Controller for the HTPC setup
|
||||||
3. Docker main configuration with half-baked CA setup
|
3. Docker main configuration with half-baked CA setup
|
||||||
4. btrfs-backed subvolumes and snapshotting for most things in /mnt/xwing/ (in-progress)
|
4. btrfs-backed subvolumes and snapshotting for most things in /mnt/xwing/ (in-progress)
|
||||||
5. User-creation on the main server. (I'm using a common user for media applications and specific users for other applications)
|
5. User-creation on the main server. (I'm using a common user for media applications and specific users for other applications)
|
||||||
|
|
||||||
# License
|
# License
|
||||||
|
|
||||||
|
5
_scripts/ubooquity.php
Normal file
5
_scripts/ubooquity.php
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
// Generates the Ubooquity preferences.json file
|
||||||
|
|
||||||
|
$template = "ubooquity.tpl.json";
|
@ -4,18 +4,18 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
resource "cloudflare_record" "home" {
|
resource "cloudflare_record" "home" {
|
||||||
domain = "${var.domain}"
|
zone_id = var.zone_id
|
||||||
name = "in"
|
name = "in"
|
||||||
value = "${var.ips["eth0"]}"
|
value = var.ips["eth0"]
|
||||||
type = "A"
|
type = "A"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "cloudflare_record" "home-wildcard" {
|
resource "cloudflare_record" "home-wildcard" {
|
||||||
domain = "${var.domain}"
|
zone_id = var.zone_id
|
||||||
name = "*.in"
|
name = "*.in"
|
||||||
value = "${cloudflare_record.home.hostname}"
|
value = cloudflare_record.home.hostname
|
||||||
type = "CNAME"
|
type = "CNAME"
|
||||||
ttl = 3600
|
ttl = 3600
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -23,26 +23,42 @@ resource "cloudflare_record" "home-wildcard" {
|
|||||||
* *.bb8.fun -> bb8.fun
|
* *.bb8.fun -> bb8.fun
|
||||||
*/
|
*/
|
||||||
resource "cloudflare_record" "internet" {
|
resource "cloudflare_record" "internet" {
|
||||||
domain = "${var.domain}"
|
zone_id = var.zone_id
|
||||||
name = "@"
|
name = "@"
|
||||||
value = "${var.ips["static"]}"
|
value = var.droplet_ip
|
||||||
type = "A"
|
type = "A"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "cloudflare_record" "internet-wildcard" {
|
resource "cloudflare_record" "internet-wildcard" {
|
||||||
domain = "${var.domain}"
|
zone_id = var.zone_id
|
||||||
name = "*.${var.domain}"
|
name = var.domain
|
||||||
value = "${cloudflare_record.internet.hostname}"
|
value = cloudflare_record.internet.hostname
|
||||||
type = "CNAME"
|
type = "CNAME"
|
||||||
ttl = 3600
|
ttl = 3600
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "cloudflare_record" "dns" {
|
||||||
|
zone_id = var.zone_id
|
||||||
|
name = "dns"
|
||||||
|
value = var.ips["static"]
|
||||||
|
type = "A"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "cloudflare_record" "doh" {
|
||||||
|
zone_id = var.zone_id
|
||||||
|
name = "doh"
|
||||||
|
value = var.ips["static"]
|
||||||
|
type = "A"
|
||||||
|
}
|
||||||
|
|
||||||
|
// This ensures that _acme-challenge is not a CNAME
|
||||||
|
// alongside the above wildcard CNAME entry.
|
||||||
resource "cloudflare_record" "acme-no-cname-1" {
|
resource "cloudflare_record" "acme-no-cname-1" {
|
||||||
domain = "${var.domain}"
|
zone_id = var.zone_id
|
||||||
name = "_acme-challenge.${var.domain}"
|
name = "_acme-challenge.${var.domain}"
|
||||||
type = "A"
|
type = "A"
|
||||||
value = "127.0.0.1"
|
value = "127.0.0.1"
|
||||||
ttl = "300"
|
ttl = "300"
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -50,18 +66,44 @@ resource "cloudflare_record" "acme-no-cname-1" {
|
|||||||
* *.vpn.bb8.fun
|
* *.vpn.bb8.fun
|
||||||
*/
|
*/
|
||||||
resource "cloudflare_record" "vpn" {
|
resource "cloudflare_record" "vpn" {
|
||||||
domain = "${var.domain}"
|
zone_id = var.zone_id
|
||||||
name = "vpn"
|
name = "vpn"
|
||||||
value = "${var.ips["tun0"]}"
|
value = var.ips["tun0"]
|
||||||
type = "A"
|
type = "A"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "cloudflare_record" "vpn_wildcard" {
|
resource "cloudflare_record" "vpn_wildcard" {
|
||||||
domain = "${var.domain}"
|
zone_id = var.zone_id
|
||||||
name = "*.vpn.${var.domain}"
|
name = "*.vpn.${var.domain}"
|
||||||
value = "${cloudflare_record.vpn.hostname}"
|
value = cloudflare_record.vpn.hostname
|
||||||
type = "CNAME"
|
type = "CNAME"
|
||||||
ttl = 3600
|
ttl = 3600
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* vpn.bb8.fun
|
||||||
|
* *.vpn.bb8.fun
|
||||||
|
*/
|
||||||
|
resource "cloudflare_record" "dovpn" {
|
||||||
|
zone_id = var.zone_id
|
||||||
|
name = "dovpn"
|
||||||
|
value = var.ips["dovpn"]
|
||||||
|
type = "A"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "cloudflare_record" "dovpn_wildcard" {
|
||||||
|
zone_id = var.zone_id
|
||||||
|
name = "*.dovpn.${var.domain}"
|
||||||
|
value = cloudflare_record.dovpn.hostname
|
||||||
|
type = "CNAME"
|
||||||
|
ttl = 3600
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "cloudflare_record" "etcd" {
|
||||||
|
zone_id = var.zone_id
|
||||||
|
name = "etcd"
|
||||||
|
value = var.ips["dovpn"]
|
||||||
|
type = "A"
|
||||||
}
|
}
|
||||||
|
|
||||||
########################
|
########################
|
||||||
@ -69,21 +111,21 @@ resource "cloudflare_record" "vpn_wildcard" {
|
|||||||
########################
|
########################
|
||||||
|
|
||||||
resource "cloudflare_record" "mailgun-spf" {
|
resource "cloudflare_record" "mailgun-spf" {
|
||||||
domain = "${var.domain}"
|
zone_id = var.zone_id
|
||||||
name = "l"
|
name = "l"
|
||||||
value = "v=spf1 include:mailgun.org ~all"
|
value = "v=spf1 include:mailgun.org ~all"
|
||||||
type = "TXT"
|
type = "TXT"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "cloudflare_record" "mailgun-dkim" {
|
resource "cloudflare_record" "mailgun-dkim" {
|
||||||
domain = "${var.domain}"
|
zone_id = var.zone_id
|
||||||
name = "k1._domainkey.l"
|
name = "k1._domainkey.l"
|
||||||
value = "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnbP+IQkuPkgmUhpqCKzIdDSZ0HazaMp+cdBH++LBed8oY8/jmV8BhxMp5JwyePzRTxneT8ASsRtcp7CQ3z4nMC7aFX0kH6Bnu2v+u2JWudxs8x0I02OrPbSaQ5QVQdbAaCUCEfCQ06LJsn8aqPNrRIOWEMnxln+ebFJ0wKGscFQIDAQAB"
|
value = "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCnbP+IQkuPkgmUhpqCKzIdDSZ0HazaMp+cdBH++LBed8oY8/jmV8BhxMp5JwyePzRTxneT8ASsRtcp7CQ3z4nMC7aFX0kH6Bnu2v+u2JWudxs8x0I02OrPbSaQ5QVQdbAaCUCEfCQ06LJsn8aqPNrRIOWEMnxln+ebFJ0wKGscFQIDAQAB"
|
||||||
type = "TXT"
|
type = "TXT"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "cloudflare_record" "mailgun-mxa" {
|
resource "cloudflare_record" "mailgun-mxa" {
|
||||||
domain = "${var.domain}"
|
zone_id = var.zone_id
|
||||||
name = "l"
|
name = "l"
|
||||||
value = "mxa.mailgun.org"
|
value = "mxa.mailgun.org"
|
||||||
type = "MX"
|
type = "MX"
|
||||||
@ -91,9 +133,17 @@ resource "cloudflare_record" "mailgun-mxa" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
resource "cloudflare_record" "mailgun-mxb" {
|
resource "cloudflare_record" "mailgun-mxb" {
|
||||||
domain = "${var.domain}"
|
zone_id = var.zone_id
|
||||||
name = "l"
|
name = "l"
|
||||||
value = "mxb.mailgun.org"
|
value = "mxb.mailgun.org"
|
||||||
type = "MX"
|
type = "MX"
|
||||||
priority = 20
|
priority = 20
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "cloudflare_record" "k8s" {
|
||||||
|
zone_id = var.zone_id
|
||||||
|
name = "k8s"
|
||||||
|
value = "10.8.0.1"
|
||||||
|
type = "A"
|
||||||
|
ttl = 3600
|
||||||
|
}
|
||||||
|
7
cloudflare/providers.tf
Normal file
7
cloudflare/providers.tf
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
terraform {
|
||||||
|
required_providers {
|
||||||
|
cloudflare = {
|
||||||
|
source = "cloudflare/cloudflare"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
@ -1,7 +1,10 @@
|
|||||||
variable "domain" {
|
variable "domain" {
|
||||||
type = "string"
|
type = string
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "ips" {
|
variable "ips" {
|
||||||
type = "map"
|
type = map
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "droplet_ip" {}
|
||||||
|
variable "zone_id" {}
|
||||||
|
11
data.tf
Normal file
11
data.tf
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
data "docker_network" "bridge" {
|
||||||
|
name = "bridge"
|
||||||
|
}
|
||||||
|
|
||||||
|
data "cloudflare_zones" "bb8" {
|
||||||
|
filter {
|
||||||
|
name = "bb8"
|
||||||
|
lookup_type = "exact"
|
||||||
|
match = "bb8.fun"
|
||||||
|
}
|
||||||
|
}
|
10
db/network.tf
Normal file
10
db/network.tf
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
resource "docker_network" "postgres" {
|
||||||
|
name = "postgres"
|
||||||
|
driver = "bridge"
|
||||||
|
internal = true
|
||||||
|
|
||||||
|
ipam_config {
|
||||||
|
subnet = "172.20.0.8/27"
|
||||||
|
gateway = "172.20.0.9"
|
||||||
|
}
|
||||||
|
}
|
4
db/outputs.tf
Normal file
4
db/outputs.tf
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
output "postgres-network-id" {
|
||||||
|
value = docker_network.postgres.name
|
||||||
|
}
|
||||||
|
|
58
db/postgres.tf
Normal file
58
db/postgres.tf
Normal file
@ -0,0 +1,58 @@
|
|||||||
|
resource "docker_container" "postgres" {
|
||||||
|
name = "postgres"
|
||||||
|
image = docker_image.postgres.image_id
|
||||||
|
|
||||||
|
command = [
|
||||||
|
"postgres",
|
||||||
|
"-c",
|
||||||
|
"max_connections=250",
|
||||||
|
"-c",
|
||||||
|
"shared_buffers=500MB",
|
||||||
|
]
|
||||||
|
|
||||||
|
volumes {
|
||||||
|
volume_name = docker_volume.pg_data.name
|
||||||
|
container_path = "/var/lib/postgresql/data"
|
||||||
|
read_only = false
|
||||||
|
}
|
||||||
|
|
||||||
|
// This is so that other host-only services can share this
|
||||||
|
ports {
|
||||||
|
internal = 5432
|
||||||
|
external = 5432
|
||||||
|
ip = var.ips["eth0"]
|
||||||
|
}
|
||||||
|
|
||||||
|
// This is a not-so-great idea
|
||||||
|
// TODO: Figure out a better way to make terraform SSH and then connect to localhost
|
||||||
|
ports {
|
||||||
|
internal = 5432
|
||||||
|
external = 5432
|
||||||
|
ip = var.ips["tun0"]
|
||||||
|
}
|
||||||
|
|
||||||
|
memory = 2048
|
||||||
|
memory_swap = 2048
|
||||||
|
restart = "unless-stopped"
|
||||||
|
destroy_grace_seconds = 10
|
||||||
|
must_run = true
|
||||||
|
|
||||||
|
env = [
|
||||||
|
"POSTGRES_PASSWORD=${var.postgres-root-password}",
|
||||||
|
]
|
||||||
|
|
||||||
|
networks = [docker_network.postgres.id, data.docker_network.bridge.id]
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "docker_image" "postgres" {
|
||||||
|
name = data.docker_registry_image.postgres.name
|
||||||
|
pull_triggers = [data.docker_registry_image.postgres.sha256_digest]
|
||||||
|
}
|
||||||
|
|
||||||
|
data "docker_registry_image" "postgres" {
|
||||||
|
name = "postgres:${var.postgres-version}"
|
||||||
|
}
|
||||||
|
|
||||||
|
data "docker_network" "bridge" {
|
||||||
|
name = "bridge"
|
||||||
|
}
|
10
db/providers.tf
Normal file
10
db/providers.tf
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
terraform {
|
||||||
|
required_providers {
|
||||||
|
postgresql = {
|
||||||
|
source = "cyrilgdn/postgresql"
|
||||||
|
}
|
||||||
|
docker = {
|
||||||
|
source = "kreuzwerker/docker"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
11
db/variables.tf
Normal file
11
db/variables.tf
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
variable "postgres-version" {
|
||||||
|
description = "postgres version to use for fetching the docker image"
|
||||||
|
default = "14-alpine"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "ips" {
|
||||||
|
type = map(string)
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "postgres-root-password" {
|
||||||
|
}
|
3
db/volumes.tf
Normal file
3
db/volumes.tf
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
resource "docker_volume" "pg_data" {
|
||||||
|
name = "pg_data"
|
||||||
|
}
|
@ -1,12 +1,14 @@
|
|||||||
resource "digitalocean_droplet" "sydney" {
|
resource "digitalocean_droplet" "sydney" {
|
||||||
image = ""
|
image = "??"
|
||||||
name = "sydney.captnemo.in"
|
name = "sydney.captnemo.in"
|
||||||
region = "blr1"
|
region = "blr1"
|
||||||
size = "1gb"
|
size = "s-1vcpu-2gb"
|
||||||
ipv6 = true
|
ipv6 = true
|
||||||
private_networking = true
|
private_networking = true
|
||||||
resize_disk = true
|
resize_disk = true
|
||||||
|
|
||||||
|
volume_ids = ["eae03502-9279-11e8-ab31-0242ac11470b"]
|
||||||
|
|
||||||
tags = [
|
tags = [
|
||||||
"bangalore",
|
"bangalore",
|
||||||
"proxy",
|
"proxy",
|
||||||
@ -14,3 +16,8 @@ resource "digitalocean_droplet" "sydney" {
|
|||||||
"vpn",
|
"vpn",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
output "droplet_ipv4" {
|
||||||
|
value = digitalocean_droplet.sydney.ipv4_address
|
||||||
|
}
|
||||||
|
|
||||||
|
@ -1,38 +1,35 @@
|
|||||||
resource "digitalocean_firewall" "web" {
|
resource "digitalocean_firewall" "web" {
|
||||||
name = "web-inbound"
|
name = "web-inbound"
|
||||||
|
|
||||||
inbound_rule = [
|
inbound_rule {
|
||||||
{
|
protocol = "tcp"
|
||||||
protocol = "tcp"
|
port_range = "80"
|
||||||
port_range = "80"
|
source_addresses = ["0.0.0.0/0", "::/0"]
|
||||||
source_addresses = ["0.0.0.0/0", "::/0"]
|
}
|
||||||
},
|
inbound_rule {
|
||||||
{
|
protocol = "tcp"
|
||||||
protocol = "tcp"
|
port_range = "443"
|
||||||
port_range = "443"
|
source_addresses = ["0.0.0.0/0", "::/0"]
|
||||||
source_addresses = ["0.0.0.0/0", "::/0"]
|
}
|
||||||
},
|
|
||||||
]
|
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "digitalocean_firewall" "ssh" {
|
resource "digitalocean_firewall" "ssh" {
|
||||||
name = "ssh-inbound"
|
name = "ssh-inbound"
|
||||||
|
|
||||||
inbound_rule = [
|
inbound_rule {
|
||||||
{
|
protocol = "tcp"
|
||||||
protocol = "tcp"
|
port_range = "22"
|
||||||
port_range = "22"
|
source_addresses = ["0.0.0.0/0", "::/0"]
|
||||||
source_addresses = ["0.0.0.0/0", "::/0"]
|
}
|
||||||
},
|
inbound_rule {
|
||||||
{
|
protocol = "tcp"
|
||||||
protocol = "tcp"
|
port_range = "222"
|
||||||
port_range = "222"
|
source_addresses = ["0.0.0.0/0", "::/0"]
|
||||||
source_addresses = ["0.0.0.0/0", "::/0"]
|
}
|
||||||
},
|
inbound_rule {
|
||||||
{
|
protocol = "tcp"
|
||||||
protocol = "tcp"
|
port_range = "24"
|
||||||
port_range = "24"
|
source_addresses = ["0.0.0.0/0", "::/0"]
|
||||||
source_addresses = ["0.0.0.0/0", "::/0"]
|
}
|
||||||
},
|
|
||||||
]
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
resource "digitalocean_floating_ip" "sydney" {
|
resource "digitalocean_floating_ip" "sydney" {
|
||||||
droplet_id = "${digitalocean_droplet.sydney.id}"
|
droplet_id = digitalocean_droplet.sydney.id
|
||||||
region = "${digitalocean_droplet.sydney.region}"
|
region = digitalocean_droplet.sydney.region
|
||||||
}
|
}
|
||||||
|
|
||||||
|
19
digitalocean/providers.tf
Normal file
19
digitalocean/providers.tf
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
terraform {
|
||||||
|
required_providers {
|
||||||
|
pass = {
|
||||||
|
source = "camptocamp/pass"
|
||||||
|
}
|
||||||
|
digitalocean = {
|
||||||
|
source = "digitalocean/digitalocean"
|
||||||
|
}
|
||||||
|
postgresql = {
|
||||||
|
source = "cyrilgdn/postgresql"
|
||||||
|
}
|
||||||
|
cloudflare = {
|
||||||
|
source = "cloudflare/cloudflare"
|
||||||
|
}
|
||||||
|
docker = {
|
||||||
|
source = "kreuzwerker/docker"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
@ -1 +0,0 @@
|
|||||||
|
|
72
docker/conf/static/new-traefik.toml
Normal file
72
docker/conf/static/new-traefik.toml
Normal file
@ -0,0 +1,72 @@
|
|||||||
|
# Web must be converted manually. See https://docs.traefik.io/operations/api/
|
||||||
|
# Redirect on entry point "http" must be converted manually. See https://docs.traefik.io/middlewares/http/redirectscheme/
|
||||||
|
# TLS on entry point "https" must be converted manually. See https://docs.traefik.io/routing/routers/#tls
|
||||||
|
# The domain (bb8.fun) defined in the Docker provider must be converted manually. See https://docs.traefik.io/providers/docker/#defaultrule
|
||||||
|
# All the elements related to dynamic configuration (backends, frontends, ...) must be converted manually. See https://docs.traefik.io/routing/overview/
|
||||||
|
# The entry point (https) defined in the ACME configuration must be converted manually. See https://docs.traefik.io/routing/routers/#certresolver
|
||||||
|
|
||||||
|
[global]
|
||||||
|
sendAnonymousUsage = true
|
||||||
|
|
||||||
|
[tls.options]
|
||||||
|
[tls.options.default]
|
||||||
|
minVersion = "VersionTLS12"
|
||||||
|
|
||||||
|
[[tls.certificates]]
|
||||||
|
certFile = "/etc/traefik/git.captnemo.in.crt"
|
||||||
|
keyFile = "/etc/traefik/git.captnemo.in.key"
|
||||||
|
[[tls.certificates]]
|
||||||
|
certFile = "/etc/traefik/rss.captnemo.in.crt"
|
||||||
|
keyFile = "/etc/traefik/rss.captnemo.in.key"
|
||||||
|
|
||||||
|
# This forces port 8080
|
||||||
|
[api]
|
||||||
|
# https://doc.traefik.io/traefik/operations/dashboard/#insecure-mode
|
||||||
|
dashboard = true
|
||||||
|
# Enable the API in insecure mode, which means that the API will be available directly on the entryPoint named traefik.
|
||||||
|
insecure = true
|
||||||
|
|
||||||
|
[entryPoints]
|
||||||
|
[entryPoints.http]
|
||||||
|
address = ":80"
|
||||||
|
[entryPoints.http.http]
|
||||||
|
[entryPoints.https]
|
||||||
|
address = ":443"
|
||||||
|
[entryPoints.https.http]
|
||||||
|
|
||||||
|
[providers]
|
||||||
|
providersThrottleDuration = "2s"
|
||||||
|
[providers.docker]
|
||||||
|
watch = true
|
||||||
|
endpoint = "unix:///var/run/docker.sock"
|
||||||
|
swarmModeRefreshSeconds = "15s"
|
||||||
|
httpClientTimeout = "0s"
|
||||||
|
[providers.file]
|
||||||
|
|
||||||
|
[log]
|
||||||
|
|
||||||
|
[accessLog]
|
||||||
|
bufferingSize = 0
|
||||||
|
|
||||||
|
[certificatesResolvers]
|
||||||
|
[certificatesResolvers.default]
|
||||||
|
[certificatesResolvers.default.acme]
|
||||||
|
email = "acme@captnemo.in"
|
||||||
|
storage = "/acme/acme.json"
|
||||||
|
certificatesDuration = 0
|
||||||
|
[certificatesResolvers.default.acme.dnsChallenge]
|
||||||
|
provider = "cloudflare"
|
||||||
|
delayBeforeCheck = "2m0s"
|
||||||
|
[certificatesResolvers.default.acme.httpChallenge]
|
||||||
|
entryPoint = "http"
|
||||||
|
[certificatesResolvers.t]
|
||||||
|
[certificatesResolvers.t.acme]
|
||||||
|
email = "acme@captnemo.in"
|
||||||
|
storage = "/acme/acme.json"
|
||||||
|
[certificatesResolvers.myresolver.acme.tlsChallenge]
|
||||||
|
|
||||||
|
|
||||||
|
[http.middlewares]
|
||||||
|
[http.middlewares.test-redirectscheme.redirectScheme]
|
||||||
|
scheme = "https"
|
||||||
|
permanent = true
|
26
docker/conf/static/new-traefik.yml
Normal file
26
docker/conf/static/new-traefik.yml
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
global:
|
||||||
|
sendAnonymousUsage: true
|
||||||
|
entryPoints:
|
||||||
|
http:
|
||||||
|
address: :80
|
||||||
|
https:
|
||||||
|
address: :443
|
||||||
|
providers:
|
||||||
|
providersThrottleDuration: 2s
|
||||||
|
docker:
|
||||||
|
watch: true
|
||||||
|
endpoint: unix:///var/run/docker.sock
|
||||||
|
swarmModeRefreshSeconds: 15s
|
||||||
|
file: {}
|
||||||
|
log: {}
|
||||||
|
accessLog: {}
|
||||||
|
certificatesResolvers:
|
||||||
|
default:
|
||||||
|
acme:
|
||||||
|
email: acme@captnemo.in
|
||||||
|
storage: /acme/acme.json
|
||||||
|
dnsChallenge:
|
||||||
|
provider: cloudflare
|
||||||
|
delayBeforeCheck: 2m0s
|
||||||
|
httpChallenge:
|
||||||
|
entryPoint: http
|
@ -1,15 +1,11 @@
|
|||||||
defaultEntryPoints = ["http", "https"]
|
defaultEntryPoints = ["http", "https"]
|
||||||
|
|
||||||
# Have to enable this because of heimdall
|
|
||||||
InsecureSkipVerify = true
|
|
||||||
|
|
||||||
sendAnonymousUsage = true
|
sendAnonymousUsage = true
|
||||||
|
checkNewVersion = false
|
||||||
|
|
||||||
|
[traefikLog]
|
||||||
|
[accessLog]
|
||||||
|
|
||||||
[entryPoints]
|
[entryPoints]
|
||||||
[entryPoints.http]
|
|
||||||
address = ":80"
|
|
||||||
[entryPoints.http.redirect]
|
|
||||||
entryPoint = "https"
|
|
||||||
[entryPoints.https]
|
[entryPoints.https]
|
||||||
address = ":443"
|
address = ":443"
|
||||||
# This is required for ACME support
|
# This is required for ACME support
|
||||||
@ -20,13 +16,15 @@ sendAnonymousUsage = true
|
|||||||
[[entryPoints.https.tls.certificates]]
|
[[entryPoints.https.tls.certificates]]
|
||||||
certFile = "/etc/traefik/rss.captnemo.in.crt"
|
certFile = "/etc/traefik/rss.captnemo.in.crt"
|
||||||
keyFile = "/etc/traefik/rss.captnemo.in.key"
|
keyFile = "/etc/traefik/rss.captnemo.in.key"
|
||||||
# This contains 2 domains: {emby|airsonic}.bb8.fun
|
|
||||||
[[entryPoints.https.tls.certificates]]
|
[[entryPoints.https.tls.certificates]]
|
||||||
certFile = "/etc/traefik/emby.in.bb8.fun.crt"
|
certFile = "/etc/traefik/tatooine.club.crt"
|
||||||
keyFile = "/etc/traefik/emby.in.bb8.fun.key"
|
keyFile = "/etc/traefik/tatooine.club.key"
|
||||||
|
|
||||||
[docker]
|
[docker]
|
||||||
# Make sure you mount this as readonly
|
# Make sure you mount this as readonly
|
||||||
|
# NOTE: readonly doesn't reduce the risk because
|
||||||
|
# it is a unix socket - it doesn't automatically translate
|
||||||
|
# read|write perms to GET/POST requests.
|
||||||
endpoint = "unix:///var/run/docker.sock"
|
endpoint = "unix:///var/run/docker.sock"
|
||||||
domain = "bb8.fun"
|
domain = "bb8.fun"
|
||||||
watch = true
|
watch = true
|
||||||
@ -39,33 +37,6 @@ sendAnonymousUsage = true
|
|||||||
# Since I can't apply a authentication
|
# Since I can't apply a authentication
|
||||||
# on this yet
|
# on this yet
|
||||||
|
|
||||||
[backends.elibsrv]
|
|
||||||
[backends.elibsrv.servers.default]
|
|
||||||
url = "http://elibsrv.captnemo.in:90"
|
|
||||||
|
|
||||||
[backends.scan]
|
|
||||||
[backends.scan.servers.default]
|
|
||||||
url = "http://scan.in.bb8.fun:90"
|
|
||||||
|
|
||||||
[frontends]
|
|
||||||
|
|
||||||
[frontends.scan]
|
|
||||||
backend = "scan"
|
|
||||||
[frontends.scan.headers]
|
|
||||||
SSLRedirect = true
|
|
||||||
SSLTemporaryRedirect = true
|
|
||||||
STSSeconds = 2592000
|
|
||||||
FrameDeny = true
|
|
||||||
ContentTypeNosniff = true
|
|
||||||
BrowserXssFilter = true
|
|
||||||
ReferrerPolicy = "no-referrer"
|
|
||||||
[frontends.scan.headers.customresponseheaders]
|
|
||||||
X-Powered-By = "Allomancy"
|
|
||||||
Server = "BlackBox"
|
|
||||||
X-Clacks-Overhead = "GNU Terry Pratchett"
|
|
||||||
[frontends.scan.routes.domain]
|
|
||||||
rule = "Host:scan.bb8.fun"
|
|
||||||
|
|
||||||
[web]
|
[web]
|
||||||
address = ":1111"
|
address = ":1111"
|
||||||
readOnly = true
|
readOnly = true
|
||||||
@ -74,7 +45,6 @@ sendAnonymousUsage = true
|
|||||||
[web.metrics.prometheus]
|
[web.metrics.prometheus]
|
||||||
|
|
||||||
[acme]
|
[acme]
|
||||||
|
|
||||||
email = "acme@captnemo.in"
|
email = "acme@captnemo.in"
|
||||||
storage = "/acme/acme.json"
|
storage = "/acme/acme.json"
|
||||||
entryPoint = "https"
|
entryPoint = "https"
|
||||||
@ -87,45 +57,9 @@ acmelogging = true
|
|||||||
|
|
||||||
[acme.dnsChallenge]
|
[acme.dnsChallenge]
|
||||||
provider = "cloudflare"
|
provider = "cloudflare"
|
||||||
delayBeforeCheck = 30
|
delayBeforeCheck = 120
|
||||||
|
resolvers = ["1.1.1.1:53", "8.8.8.8:53"]
|
||||||
|
|
||||||
# This is a legacy certificate
|
|
||||||
# From when traefik did not support
|
|
||||||
# wildcard certs
|
|
||||||
[[acme.domains]]
|
|
||||||
main = "bb8.fun"
|
|
||||||
sans = [
|
|
||||||
"ads.bb8.fun",
|
|
||||||
"airsonic.bb8.fun",
|
|
||||||
"apps.bb8.fun",
|
|
||||||
"cadvisor.bb8.fun",
|
|
||||||
"dns.bb8.fun",
|
|
||||||
"emby.bb8.fun",
|
|
||||||
"falcon.bb8.fun", # Temporarily used for lidarr
|
|
||||||
"ghost.bb8.fun",
|
|
||||||
"grafana.bb8.fun", # Unused
|
|
||||||
"headphones.bb8.fun",
|
|
||||||
"home.bb8.fun",
|
|
||||||
"info.bb8.fun",
|
|
||||||
"jackett.bb8.fun",
|
|
||||||
"library.bb8.fun",
|
|
||||||
"luke.bb8.fun",
|
|
||||||
"monitoring.bb8.fun",
|
|
||||||
# "lidarr.bb8.fun", (TBA)
|
|
||||||
"ombi.bb8.fun", # Unused
|
|
||||||
"pics.bb8.fun",
|
|
||||||
"radarr.bb8.fun",
|
|
||||||
"read.bb8.fun",
|
|
||||||
"rey.bb8.fun",
|
|
||||||
"scan.bb8.fun",
|
|
||||||
"sonarr.bb8.fun",
|
|
||||||
"tatooine.bb8.fun",
|
|
||||||
"tie.bb8.fun",
|
|
||||||
"traefik.bb8.fun",
|
|
||||||
"transmission.bb8.fun",
|
|
||||||
"wifi.bb8.fun",
|
|
||||||
"wiki.bb8.fun"
|
|
||||||
]
|
|
||||||
# Primary 2 wildcard certs
|
# Primary 2 wildcard certs
|
||||||
[[acme.domains]]
|
[[acme.domains]]
|
||||||
main = "*.bb8.fun"
|
main = "*.bb8.fun"
|
||||||
|
@ -3,8 +3,22 @@
|
|||||||
{
|
{
|
||||||
"pathString": "/files",
|
"pathString": "/files",
|
||||||
"userName": [
|
"userName": [
|
||||||
|
"arvind",
|
||||||
|
"diya",
|
||||||
|
"gappan",
|
||||||
|
"himanshu",
|
||||||
|
"konarak",
|
||||||
|
"pratyush",
|
||||||
"reddit",
|
"reddit",
|
||||||
"tatooine"
|
"riccu",
|
||||||
|
"sankalp",
|
||||||
|
"shreyas",
|
||||||
|
"tatooine",
|
||||||
|
"vignesh",
|
||||||
|
"harman",
|
||||||
|
"pranav",
|
||||||
|
"swapnil",
|
||||||
|
"noopur"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
@ -12,8 +26,22 @@
|
|||||||
{
|
{
|
||||||
"pathString": "/comics",
|
"pathString": "/comics",
|
||||||
"userName": [
|
"userName": [
|
||||||
|
"arvind",
|
||||||
|
"diya",
|
||||||
|
"gappan",
|
||||||
|
"himanshu",
|
||||||
|
"konarak",
|
||||||
|
"pratyush",
|
||||||
"reddit",
|
"reddit",
|
||||||
"tatooine"
|
"riccu",
|
||||||
|
"sankalp",
|
||||||
|
"shreyas",
|
||||||
|
"tatooine",
|
||||||
|
"vignesh",
|
||||||
|
"harman",
|
||||||
|
"pranav",
|
||||||
|
"swapnil",
|
||||||
|
"noopur"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
@ -21,51 +49,139 @@
|
|||||||
{
|
{
|
||||||
"pathString": "/books",
|
"pathString": "/books",
|
||||||
"userName": [
|
"userName": [
|
||||||
|
"arvind",
|
||||||
|
"diya",
|
||||||
|
"gappan",
|
||||||
|
"himanshu",
|
||||||
|
"konarak",
|
||||||
|
"pratyush",
|
||||||
"reddit",
|
"reddit",
|
||||||
"tatooine"
|
"riccu",
|
||||||
|
"sankalp",
|
||||||
|
"shreyas",
|
||||||
|
"tatooine",
|
||||||
|
"vignesh",
|
||||||
|
"harman",
|
||||||
|
"pranav",
|
||||||
|
"swapnil",
|
||||||
|
"noopur"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"users": [
|
"users": [
|
||||||
{
|
{
|
||||||
"name": "reddit",
|
"name": "reddit",
|
||||||
"passwordHash": "396731fff7f1931aeba6e69d3443d5ef7971569e3b9d64a3a4deca655789917a"
|
"passwordHash":
|
||||||
|
"396731fff7f1931aeba6e69d3443d5ef7971569e3b9d64a3a4deca655789917a"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "tatooine",
|
"name": "tatooine",
|
||||||
"passwordHash": "ca0c540641a9e34c47cbd1866443ca181202aaa422fcc5ad4cbf75095aab7da0"
|
"passwordHash":
|
||||||
|
"ca0c540641a9e34c47cbd1866443ca181202aaa422fcc5ad4cbf75095aab7da0"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "riccu",
|
||||||
|
"passwordHash":
|
||||||
|
"ff66d15e21624763cb2d65a21a7aa275ae65219d6f5ed0e5c5583c9be2fc3b12"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "sankalp",
|
||||||
|
"passwordHash":
|
||||||
|
"b3c219dffa8a379c4daaed75c63141ebefa2a6f0a872e9cd7f328ad6511fb863"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "pratyush",
|
||||||
|
"passwordHash":
|
||||||
|
"e63af1a184949abfd3666ef2c60c462191619fdcefadf9021a5d24f236d302fe"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "arvind",
|
||||||
|
"passwordHash":
|
||||||
|
"126f31712138ea8e5f77c0e2565be848ec87a4057dfe1c4070a6c9d1f3de8ded"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "harman",
|
||||||
|
"passwordHash":
|
||||||
|
"f9bd71d0a8cee05a724efae4f5636123f18d8c9c531c470892f8681375726bd2"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "shreyas",
|
||||||
|
"passwordHash":
|
||||||
|
"ee4501f0aa63453f4360e974c3220c2c7a4c58d2125d989b80ef855e1471535d"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "himanshu",
|
||||||
|
"passwordHash":
|
||||||
|
"c8da693b24c20921b16a55b8bd21b9e0c76e3bdfba81df20f1a0e6b010e0c3a5"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "diya",
|
||||||
|
"passwordHash":
|
||||||
|
"96d39fafe6c1cfb8504ba8f438ab3e11a972f7a3bb3908287b9e3fa5bd28e19a"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "vignesh",
|
||||||
|
"passwordHash":
|
||||||
|
"a1589cab7d5123af4fb19ccaea31e586348756944b1dca759a16a4a0b8e1243d"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "konarak",
|
||||||
|
"passwordHash":
|
||||||
|
"49afa1013d2be0498107e12fc755f27edb90787161f00a2ef579bb6ad8c59b63"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "gappan",
|
||||||
|
"passwordHash":
|
||||||
|
"681825c273d75dce4151f6c61358038e099fec2c3540369267f1fa28d607ce1d"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "swapnil",
|
||||||
|
"passwordHash":
|
||||||
|
"f916f120f09ec561ff1d76e19e2749d1a6078e92051f1f5fcca884489fd43745"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "noopur",
|
||||||
|
"passwordHash":
|
||||||
|
"f49e49db9893a187773fb08e8671ff2f9cd83b8d43b657fbf0abe67b3dfc0e9d"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "pranav",
|
||||||
|
"passwordHash":
|
||||||
|
"9df97ced8b4de090c469244230ca64f5164ff37e9fde2314cf8c2e87db6d033b"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"isFilesProviderEnabled": true,
|
"isFilesProviderEnabled" : true,
|
||||||
"isComicsProviderEnabled": true,
|
"isComicsProviderEnabled" : true,
|
||||||
"isBooksProviderEnabled": true,
|
"isBooksProviderEnabled" : true,
|
||||||
"isUserManagementEnabled": true,
|
"isUserManagementEnabled" : true,
|
||||||
"libraryPortNumber": 2202,
|
"libraryPortNumber" : 2202,
|
||||||
"adminPortNumber": 2203,
|
"adminPortNumber" : 2203,
|
||||||
"comicWidth": 160,
|
"comicWidth" : 160,
|
||||||
"comicHeight": 230,
|
"comicHeight" : 230,
|
||||||
"comicsPaginationNumber": 30,
|
"comicsPaginationNumber" : 30,
|
||||||
"bookWidth": 160,
|
"bookWidth" : 160,
|
||||||
"bookHeight": 230,
|
"bookHeight" : 230,
|
||||||
"booksPaginationNumber": 30,
|
"booksPaginationNumber" : 30,
|
||||||
"minimizeToTray": false,
|
"minimizeToTray" : false,
|
||||||
"minimizeOnStartup": false,
|
"minimizeOnStartup" : false,
|
||||||
"autoscanPeriod": 0,
|
"autoscanPeriod" : 1440,
|
||||||
"isRemoteAdminEnabled": true,
|
"isRemoteAdminEnabled" : true,
|
||||||
"theme": "default",
|
"theme" : "default",
|
||||||
"isShrinkingCacheEnabled": false,
|
"isShrinkingCacheEnabled" : false,
|
||||||
"shrunkPageWidth": 1536,
|
"shrunkPageWidth" : 1536,
|
||||||
"shrunkPageHeight": 2500,
|
"shrunkPageHeight" : 2500,
|
||||||
"shrinkingCachePath": "",
|
"shrinkingCachePath" : "",
|
||||||
"autoScanAtLaunch": false,
|
"autoScanAtLaunch" : false,
|
||||||
"reverseProxyPrefix": "",
|
"reverseProxyPrefix" : "",
|
||||||
"keystorePath": "",
|
"keystorePath" : "",
|
||||||
"keystorePassword": "",
|
"keystorePassword" : "",
|
||||||
"isOpdsProviderEnabled": true,
|
"isOpdsProviderEnabled" : true,
|
||||||
"folderExclusionPattern": "",
|
"folderExclusionPattern" : "",
|
||||||
"bypassSingleRootFolder": false,
|
"bypassSingleRootFolder" : false,
|
||||||
"enableFolderMetadataDisplay": true,
|
"enableFolderMetadataDisplay" : true,
|
||||||
"bookmarkUsingCookies": false,
|
"bookmarkUsingCookies" : false,
|
||||||
"displayTitleInsteadOfFileName": true,
|
"displayTitleInsteadOfFileName" : true,
|
||||||
"keepUnreachableSharedFolders": false
|
"keepUnreachableSharedFolders" : false,
|
||||||
|
"isCalibreLibrary" : false,
|
||||||
|
"instanceId" : "3a0e4425a8e14c719ca2eb382f85292e"
|
||||||
}
|
}
|
||||||
|
15
docker/conf/wiki.tpl
Normal file
15
docker/conf/wiki.tpl
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
port: 3000
|
||||||
|
db:
|
||||||
|
type: postgres
|
||||||
|
host: postgres
|
||||||
|
port: 5432
|
||||||
|
user: wikijs
|
||||||
|
db: wikijs
|
||||||
|
pass: ${DB_PASSWORD}
|
||||||
|
ssl:
|
||||||
|
enabled: false
|
||||||
|
bindIP: 0.0.0.0
|
||||||
|
logLevel: silly
|
||||||
|
offline: true
|
||||||
|
ha: false
|
||||||
|
dataPath: /data
|
@ -1,141 +0,0 @@
|
|||||||
#######################################################################
|
|
||||||
# Wiki.js - CONFIGURATION #
|
|
||||||
#######################################################################
|
|
||||||
# Full explanation + examples in the documentation:
|
|
||||||
# https://docs.requarks.io/wiki/install
|
|
||||||
# You can use an ENV variable by using $(ENV_VAR_NAME) as the value
|
|
||||||
|
|
||||||
# ---------------------------------------------------------------------
|
|
||||||
# Title of this site
|
|
||||||
# ---------------------------------------------------------------------
|
|
||||||
|
|
||||||
title: Scarif Wiki
|
|
||||||
|
|
||||||
# ---------------------------------------------------------------------
|
|
||||||
# Full public path to the site, without the trailing slash
|
|
||||||
# ---------------------------------------------------------------------
|
|
||||||
# INCLUDE CLIENT PORT IF NOT 80/443!
|
|
||||||
|
|
||||||
host: https://wiki.bb8.fun
|
|
||||||
|
|
||||||
# ---------------------------------------------------------------------
|
|
||||||
# Port the main server should listen to (80 by default)
|
|
||||||
# ---------------------------------------------------------------------
|
|
||||||
# To use process.env.PORT, comment the line below:
|
|
||||||
|
|
||||||
port: 9999
|
|
||||||
|
|
||||||
# ---------------------------------------------------------------------
|
|
||||||
# Data Directories
|
|
||||||
# ---------------------------------------------------------------------
|
|
||||||
|
|
||||||
paths:
|
|
||||||
repo: /repo
|
|
||||||
data: /data
|
|
||||||
|
|
||||||
# ---------------------------------------------------------------------
|
|
||||||
# Upload Limits
|
|
||||||
# ---------------------------------------------------------------------
|
|
||||||
# In megabytes (MB)
|
|
||||||
|
|
||||||
uploads:
|
|
||||||
maxImageFileSize: 5
|
|
||||||
maxOtherFileSize: 100
|
|
||||||
|
|
||||||
# ---------------------------------------------------------------------
|
|
||||||
# Site Language
|
|
||||||
# ---------------------------------------------------------------------
|
|
||||||
# Possible values: en, de, es, fa, fr, ja, ko, nl, pt, ru, sr, tr or zh
|
|
||||||
|
|
||||||
lang: en
|
|
||||||
|
|
||||||
# Enable for right to left languages (e.g. arabic):
|
|
||||||
langRtl: false
|
|
||||||
|
|
||||||
# ---------------------------------------------------------------------
|
|
||||||
# Site Authentication
|
|
||||||
# ---------------------------------------------------------------------
|
|
||||||
|
|
||||||
public: true
|
|
||||||
|
|
||||||
auth:
|
|
||||||
defaultReadAccess: false
|
|
||||||
local:
|
|
||||||
enabled: true
|
|
||||||
google:
|
|
||||||
enabled: false
|
|
||||||
clientId: GOOGLE_CLIENT_ID
|
|
||||||
clientSecret: GOOGLE_CLIENT_SECRET
|
|
||||||
|
|
||||||
# ---------------------------------------------------------------------
|
|
||||||
# Secret key to use when encrypting sessions
|
|
||||||
# ---------------------------------------------------------------------
|
|
||||||
# Use a long and unique random string (256-bit keys are perfect!)
|
|
||||||
|
|
||||||
sessionSecret: $(SESSION_SECRET)
|
|
||||||
|
|
||||||
# ---------------------------------------------------------------------
|
|
||||||
# Database Connection String
|
|
||||||
# ---------------------------------------------------------------------
|
|
||||||
|
|
||||||
db: mongodb://mongorocks:27017/wiki
|
|
||||||
|
|
||||||
# ---------------------------------------------------------------------
|
|
||||||
# Git Connection Info
|
|
||||||
# ---------------------------------------------------------------------
|
|
||||||
|
|
||||||
# git:
|
|
||||||
# url: https://github.com/Organization/Repo
|
|
||||||
# branch: master
|
|
||||||
# auth:
|
|
||||||
|
|
||||||
# # Type: basic or ssh
|
|
||||||
# type: ssh
|
|
||||||
|
|
||||||
# # Only for Basic authentication:
|
|
||||||
# username: marty
|
|
||||||
# password: MartyMcFly88
|
|
||||||
|
|
||||||
# # Only for SSH authentication:
|
|
||||||
# privateKey: /etc/wiki/keys/git.pem
|
|
||||||
|
|
||||||
# sslVerify: true
|
|
||||||
|
|
||||||
# # Default email to use as commit author
|
|
||||||
# serverEmail: marty@example.com
|
|
||||||
|
|
||||||
# # Whether to use user email as author in commits
|
|
||||||
# showUserEmail: true
|
|
||||||
|
|
||||||
# ---------------------------------------------------------------------
|
|
||||||
# Features
|
|
||||||
# ---------------------------------------------------------------------
|
|
||||||
# You can enable / disable specific features below
|
|
||||||
|
|
||||||
features:
|
|
||||||
linebreaks: true
|
|
||||||
mathjax: false
|
|
||||||
|
|
||||||
# ---------------------------------------------------------------------
|
|
||||||
# External Logging
|
|
||||||
# ---------------------------------------------------------------------
|
|
||||||
|
|
||||||
externalLogging:
|
|
||||||
bugsnag: false
|
|
||||||
loggly: false
|
|
||||||
papertrail: false
|
|
||||||
rollbar: false
|
|
||||||
sentry: false
|
|
||||||
|
|
||||||
# ---------------------------------------------------------------------
|
|
||||||
# Color Theme
|
|
||||||
# ---------------------------------------------------------------------
|
|
||||||
|
|
||||||
theme:
|
|
||||||
primary: indigo
|
|
||||||
alt: blue-grey
|
|
||||||
viewSource: all # all | write | false
|
|
||||||
footer: blue-grey
|
|
||||||
code:
|
|
||||||
dark: true
|
|
||||||
colorize: true
|
|
@ -1,37 +1,12 @@
|
|||||||
# Database versions shouldn't be upgraded
|
|
||||||
|
|
||||||
data "docker_registry_image" "mariadb" {
|
|
||||||
name = "mariadb:10.3"
|
|
||||||
}
|
|
||||||
|
|
||||||
data "docker_registry_image" "mongorocks" {
|
|
||||||
name = "jadsonlourenco/mongo-rocks:latest"
|
|
||||||
}
|
|
||||||
|
|
||||||
data "docker_registry_image" "emby" {
|
|
||||||
name = "emby/embyserver:latest"
|
|
||||||
}
|
|
||||||
|
|
||||||
data "docker_registry_image" "transmission" {
|
|
||||||
name = "linuxserver/transmission:latest"
|
|
||||||
}
|
|
||||||
|
|
||||||
data "docker_registry_image" "traefik" {
|
data "docker_registry_image" "traefik" {
|
||||||
name = "traefik:1.6"
|
name = "traefik:1.7"
|
||||||
}
|
|
||||||
|
|
||||||
data "docker_registry_image" "wikijs" {
|
|
||||||
name = "requarks/wiki:latest"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
data "docker_registry_image" "ubooquity" {
|
data "docker_registry_image" "ubooquity" {
|
||||||
name = "linuxserver/ubooquity:latest"
|
name = "linuxserver/ubooquity:latest"
|
||||||
}
|
}
|
||||||
|
|
||||||
data "docker_registry_image" "headerdebug" {
|
|
||||||
name = "brndnmtthws/nginx-echo-headers:latest"
|
|
||||||
}
|
|
||||||
|
|
||||||
data "docker_registry_image" "lychee" {
|
data "docker_registry_image" "lychee" {
|
||||||
name = "linuxserver/lychee:latest"
|
name = "linuxserver/lychee:latest"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
56
docker/db.tf
56
docker/db.tf
@ -1,56 +0,0 @@
|
|||||||
resource "docker_container" "mongorocks" {
|
|
||||||
name = "mongorocks"
|
|
||||||
image = "${docker_image.mongorocks.latest}"
|
|
||||||
|
|
||||||
restart = "unless-stopped"
|
|
||||||
destroy_grace_seconds = 30
|
|
||||||
must_run = true
|
|
||||||
memory = 256
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
volume_name = "${docker_volume.mongorocks_data_volume.name}"
|
|
||||||
container_path = "/data/db"
|
|
||||||
host_path = "${docker_volume.mongorocks_data_volume.mountpoint}"
|
|
||||||
}
|
|
||||||
|
|
||||||
env = [
|
|
||||||
"AUTH=no",
|
|
||||||
"DATABASE=wiki",
|
|
||||||
"OPLOG_SIZE=50",
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "docker_container" "mariadb" {
|
|
||||||
name = "mariadb"
|
|
||||||
image = "${docker_image.mariadb.latest}"
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
volume_name = "${docker_volume.mariadb_volume.name}"
|
|
||||||
container_path = "/var/lib/mysql"
|
|
||||||
host_path = "${docker_volume.mariadb_volume.mountpoint}"
|
|
||||||
}
|
|
||||||
|
|
||||||
// This is so that other host-only services can share this
|
|
||||||
ports {
|
|
||||||
internal = 3306
|
|
||||||
external = 3306
|
|
||||||
ip = "${var.ips["eth0"]}"
|
|
||||||
}
|
|
||||||
|
|
||||||
// This is a not-so-great idea
|
|
||||||
// TODO: Figure out a better way to make terraform SSH and then connect to localhost
|
|
||||||
ports {
|
|
||||||
internal = 3306
|
|
||||||
external = 3306
|
|
||||||
ip = "${var.ips["tun0"]}"
|
|
||||||
}
|
|
||||||
|
|
||||||
memory = 512
|
|
||||||
restart = "unless-stopped"
|
|
||||||
destroy_grace_seconds = 10
|
|
||||||
must_run = true
|
|
||||||
|
|
||||||
env = [
|
|
||||||
"MYSQL_ROOT_PASSWORD=${var.mysql_root_password}",
|
|
||||||
]
|
|
||||||
}
|
|
@ -1,16 +0,0 @@
|
|||||||
# resource "docker_container" "headerdebug" {
|
|
||||||
# name = "headerdebug"
|
|
||||||
# image = "${docker_image.headerdebug.latest}"
|
|
||||||
# restart = "unless-stopped"
|
|
||||||
# destroy_grace_seconds = 30
|
|
||||||
# must_run = true
|
|
||||||
# memory = 16
|
|
||||||
# labels = "${merge(
|
|
||||||
# local.traefik_common_labels,
|
|
||||||
# map(
|
|
||||||
# "traefik.frontend.rule", "Host:debug.in.${var.domain},debug.${var.domain}",
|
|
||||||
# "traefik.port", 8080,
|
|
||||||
# "traefik.enable", "true",
|
|
||||||
# ))}"
|
|
||||||
# }
|
|
||||||
|
|
@ -1,36 +0,0 @@
|
|||||||
resource "docker_container" "emby" {
|
|
||||||
name = "emby"
|
|
||||||
image = "${docker_image.emby.latest}"
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
host_path = "/mnt/xwing/config/emby"
|
|
||||||
container_path = "/config"
|
|
||||||
}
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
host_path = "/mnt/xwing/media"
|
|
||||||
container_path = "/media"
|
|
||||||
}
|
|
||||||
|
|
||||||
labels = "${merge(
|
|
||||||
local.traefik_common_labels,
|
|
||||||
map(
|
|
||||||
"traefik.frontend.rule", "Host:emby.in.${var.domain},emby.${var.domain}",
|
|
||||||
"traefik.frontend.passHostHeader", "true",
|
|
||||||
"traefik.port", 8096,
|
|
||||||
))}"
|
|
||||||
|
|
||||||
memory = 2048
|
|
||||||
restart = "unless-stopped"
|
|
||||||
destroy_grace_seconds = 10
|
|
||||||
must_run = true
|
|
||||||
|
|
||||||
# Running as lounge:tatooine
|
|
||||||
env = [
|
|
||||||
"APP_USER=lounge",
|
|
||||||
"APP_UID=1004",
|
|
||||||
"APP_GID=1003",
|
|
||||||
"APP_CONFIG=/mnt/xwing/config",
|
|
||||||
"TZ=Asia/Kolkata",
|
|
||||||
]
|
|
||||||
}
|
|
20
docker/got.tf
Normal file
20
docker/got.tf
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
data "docker_registry_image" "gotviz" {
|
||||||
|
name = "tocttou/gotviz:latest"
|
||||||
|
}
|
||||||
|
|
||||||
|
# resource "docker_image" "gotviz" {
|
||||||
|
# name = "${data.docker_registry_image.gotviz.name}"
|
||||||
|
# pull_triggers = ["${data.docker_registry_image.gotviz.sha256_digest}"]
|
||||||
|
# }
|
||||||
|
# resource "docker_container" "gotviz" {
|
||||||
|
# name = "gotviz"
|
||||||
|
# image = "${docker_image.gotviz.image_id}"
|
||||||
|
# labels = "${merge(
|
||||||
|
# local.traefik_common_labels, map(
|
||||||
|
# "traefik.port", 8080,
|
||||||
|
# "traefik.frontend.rule","Host:got-relationships.${var.domain}"
|
||||||
|
# ))}"
|
||||||
|
# restart = "unless-stopped"
|
||||||
|
# destroy_grace_seconds = 60
|
||||||
|
# must_run = true
|
||||||
|
# }
|
@ -1,49 +1,14 @@
|
|||||||
resource "docker_image" "emby" {
|
resource "docker_image" "traefik17" {
|
||||||
name = "${data.docker_registry_image.emby.name}"
|
name = data.docker_registry_image.traefik.name
|
||||||
pull_triggers = ["${data.docker_registry_image.emby.sha256_digest}"]
|
pull_triggers = [data.docker_registry_image.traefik.sha256_digest]
|
||||||
}
|
|
||||||
|
|
||||||
resource "docker_image" "mariadb" {
|
|
||||||
name = "${data.docker_registry_image.mariadb.name}"
|
|
||||||
pull_triggers = ["${data.docker_registry_image.mariadb.sha256_digest}"]
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "docker_image" "transmission" {
|
|
||||||
name = "${data.docker_registry_image.transmission.name}"
|
|
||||||
pull_triggers = ["${data.docker_registry_image.transmission.sha256_digest}"]
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "docker_image" "traefik" {
|
|
||||||
name = "${data.docker_registry_image.traefik.name}"
|
|
||||||
pull_triggers = ["${data.docker_registry_image.traefik.sha256_digest}"]
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "docker_image" "wikijs" {
|
|
||||||
name = "${data.docker_registry_image.wikijs.name}"
|
|
||||||
pull_triggers = ["${data.docker_registry_image.wikijs.sha256_digest}"]
|
|
||||||
}
|
|
||||||
|
|
||||||
# Attempting to use mongorocks to work around reboot issue
|
|
||||||
# Hoping that this will not face reboot-recovery issues
|
|
||||||
# Wrote about this: https://captnemo.in/blog/2017/12/18/home-server-learnings/
|
|
||||||
resource "docker_image" "mongorocks" {
|
|
||||||
name = "${data.docker_registry_image.mongorocks.name}"
|
|
||||||
pull_triggers = ["${data.docker_registry_image.mongorocks.sha256_digest}"]
|
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "docker_image" "ubooquity" {
|
resource "docker_image" "ubooquity" {
|
||||||
name = "${data.docker_registry_image.ubooquity.name}"
|
name = data.docker_registry_image.ubooquity.name
|
||||||
pull_triggers = ["${data.docker_registry_image.ubooquity.sha256_digest}"]
|
pull_triggers = [data.docker_registry_image.ubooquity.sha256_digest]
|
||||||
}
|
}
|
||||||
|
|
||||||
# Helps debug traefik reverse proxy headers
|
# resource "docker_image" "lychee" {
|
||||||
# Highly recommended!
|
# name = "${data.docker_registry_image.lychee.name}"
|
||||||
# resource "docker_image" "headerdebug" {
|
# pull_triggers = ["${data.docker_registry_image.lychee.sha256_digest}"]
|
||||||
# name = "${data.docker_registry_image.headerdebug.name}"
|
|
||||||
# pull_triggers = ["${data.docker_registry_image.headerdebug.sha256_digest}"]
|
|
||||||
# }
|
# }
|
||||||
|
|
||||||
resource "docker_image" "lychee" {
|
|
||||||
name = "${data.docker_registry_image.lychee.name}"
|
|
||||||
pull_triggers = ["${data.docker_registry_image.lychee.sha256_digest}"]
|
|
||||||
}
|
|
||||||
|
@ -1,18 +1,17 @@
|
|||||||
locals {
|
locals {
|
||||||
traefik_common_labels {
|
traefik_common_labels = {
|
||||||
"traefik.enable" = "true"
|
"traefik.enable" = "true"
|
||||||
|
|
||||||
// HSTS
|
// HSTS
|
||||||
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
||||||
"traefik.frontend.headers.STSSeconds" = "2592000"
|
"traefik.frontend.headers.STSSeconds" = "2592000"
|
||||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||||
|
|
||||||
// X-Powered-By, Server headers
|
// X-Powered-By, Server headers
|
||||||
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
|
"traefik.frontend.headers.customResponseHeaders" = var.xpoweredby
|
||||||
|
|
||||||
// X-Frame-Options
|
// X-Frame-Options
|
||||||
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
"traefik.frontend.headers.customFrameOptionsValue" = var.xfo_allow
|
||||||
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
||||||
"traefik.frontend.headers.browserXSSFilter" = "true"
|
"traefik.frontend.headers.browserXSSFilter" = "true"
|
||||||
|
"traefik.docker.network" = "traefik"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,37 +1,30 @@
|
|||||||
resource "docker_container" "lychee" {
|
# resource "docker_container" "lychee" {
|
||||||
name = "lychee"
|
# name = "lychee"
|
||||||
image = "${docker_image.lychee.latest}"
|
# image = "${docker_image.lychee.image_id}"
|
||||||
|
# restart = "unless-stopped"
|
||||||
restart = "unless-stopped"
|
# destroy_grace_seconds = 10
|
||||||
destroy_grace_seconds = 10
|
# must_run = true
|
||||||
must_run = true
|
# volumes {
|
||||||
|
# host_path = "/mnt/xwing/config/lychee"
|
||||||
volumes {
|
# container_path = "/config"
|
||||||
host_path = "/mnt/xwing/config/lychee"
|
# }
|
||||||
container_path = "/config"
|
# volumes {
|
||||||
}
|
# host_path = "/mnt/xwing/data/lychee"
|
||||||
|
# container_path = "/pictures"
|
||||||
volumes {
|
# }
|
||||||
host_path = "/mnt/xwing/data/lychee"
|
# upload {
|
||||||
container_path = "/pictures"
|
# content = "${file("${path.module}/conf/lychee.php.ini")}"
|
||||||
}
|
# file = "/config/lychee/user.ini"
|
||||||
|
# }
|
||||||
upload {
|
# labels = "${merge(
|
||||||
content = "${file("${path.module}/conf/lychee.php.ini")}"
|
# local.traefik_common_labels,
|
||||||
file = "/config/lychee/user.ini"
|
# map(
|
||||||
}
|
# "traefik.port", 80,
|
||||||
|
# "traefik.frontend.rule", "Host:pics.${var.domain}",
|
||||||
labels = "${merge(
|
# ))}"
|
||||||
local.traefik_common_labels,
|
# env = [
|
||||||
map(
|
# "PUID=986",
|
||||||
"traefik.port", 80,
|
# "PGID=984",
|
||||||
"traefik.frontend.rule", "Host:pics.${var.domain}",
|
# ]
|
||||||
))}"
|
# # links = ["${var.links-mariadb}"]
|
||||||
|
# }
|
||||||
env = [
|
|
||||||
"PUID=986",
|
|
||||||
"PGID=984",
|
|
||||||
]
|
|
||||||
|
|
||||||
links = ["${docker_container.mariadb.name}"]
|
|
||||||
}
|
|
||||||
|
@ -1 +0,0 @@
|
|||||||
|
|
6
docker/network.tf
Normal file
6
docker/network.tf
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
resource "docker_network" "traefik" {
|
||||||
|
name = "traefik"
|
||||||
|
driver = "bridge"
|
||||||
|
internal = true
|
||||||
|
}
|
||||||
|
|
@ -1,23 +1,16 @@
|
|||||||
output "lychee-ip" {
|
# output "lychee-ip" {
|
||||||
value = "${docker_container.lychee.ip_address}"
|
# value = "${docker_container.lychee.ip_address}"
|
||||||
}
|
# }
|
||||||
|
|
||||||
output "names-transmission" {
|
|
||||||
value = "${docker_container.transmission.name}"
|
|
||||||
}
|
|
||||||
|
|
||||||
output "names-emby" {
|
|
||||||
value = "${docker_container.emby.name}"
|
|
||||||
}
|
|
||||||
|
|
||||||
output "names-mariadb" {
|
|
||||||
value = "${docker_container.mariadb.name}"
|
|
||||||
}
|
|
||||||
|
|
||||||
output "names-traefik" {
|
output "names-traefik" {
|
||||||
value = "${docker_container.traefik.name}"
|
value = docker_container.traefik.name
|
||||||
|
}
|
||||||
|
|
||||||
|
output "traefik-network-id" {
|
||||||
|
value = docker_network.traefik.id
|
||||||
}
|
}
|
||||||
|
|
||||||
output "auth-header" {
|
output "auth-header" {
|
||||||
value = "${var.basic_auth}"
|
value = var.basic_auth
|
||||||
}
|
}
|
||||||
|
|
||||||
|
19
docker/providers.tf
Normal file
19
docker/providers.tf
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
terraform {
|
||||||
|
required_providers {
|
||||||
|
pass = {
|
||||||
|
source = "camptocamp/pass"
|
||||||
|
}
|
||||||
|
digitalocean = {
|
||||||
|
source = "digitalocean/digitalocean"
|
||||||
|
}
|
||||||
|
postgresql = {
|
||||||
|
source = "cyrilgdn/postgresql"
|
||||||
|
}
|
||||||
|
cloudflare = {
|
||||||
|
source = "cloudflare/cloudflare"
|
||||||
|
}
|
||||||
|
docker = {
|
||||||
|
source = "kreuzwerker/docker"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
@ -1,80 +1,95 @@
|
|||||||
resource "docker_container" "traefik" {
|
resource "docker_container" "traefik" {
|
||||||
name = "traefik"
|
name = "traefik"
|
||||||
image = "${docker_image.traefik.latest}"
|
image = docker_image.traefik17.image_id
|
||||||
|
|
||||||
# Admin Backend
|
|
||||||
ports {
|
labels {
|
||||||
internal = 1111
|
label = "traefik.enable"
|
||||||
external = 1111
|
value = "true"
|
||||||
ip = "${var.ips["eth0"]}"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
ports {
|
labels {
|
||||||
internal = 1111
|
label = "traefik.http.routers.api.rule"
|
||||||
external = 1111
|
value = "Host('traefik.in.bb8.fun')"
|
||||||
ip = "${var.ips["tun0"]}"
|
}
|
||||||
|
|
||||||
|
labels {
|
||||||
|
label = "traefik.http.routers.api.service"
|
||||||
|
value = "api@internal"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Local Web Server
|
# Local Web Server
|
||||||
ports {
|
ports {
|
||||||
internal = 80
|
internal = 80
|
||||||
external = 80
|
external = 80
|
||||||
ip = "${var.ips["eth0"]}"
|
ip = var.ips["eth0"]
|
||||||
}
|
}
|
||||||
|
|
||||||
# Local Web Server (HTTPS)
|
# Local Web Server (HTTPS)
|
||||||
ports {
|
ports {
|
||||||
internal = 443
|
internal = 443
|
||||||
external = 443
|
external = 443
|
||||||
ip = "${var.ips["eth0"]}"
|
ip = var.ips["eth0"]
|
||||||
}
|
}
|
||||||
|
|
||||||
# Proxied via sydney.captnemo.in
|
# Proxied via sydney.captnemo.in
|
||||||
ports {
|
ports {
|
||||||
internal = 443
|
internal = 443
|
||||||
external = 443
|
external = 443
|
||||||
ip = "${var.ips["tun0"]}"
|
ip = var.ips["tun0"]
|
||||||
}
|
}
|
||||||
|
|
||||||
ports {
|
ports {
|
||||||
internal = 80
|
internal = 80
|
||||||
external = 80
|
external = 80
|
||||||
ip = "${var.ips["tun0"]}"
|
ip = var.ips["tun0"]
|
||||||
}
|
}
|
||||||
|
|
||||||
upload {
|
upload {
|
||||||
content = "${file("${path.module}/conf/traefik.toml")}"
|
content = file("${path.module}/conf/traefik.toml")
|
||||||
file = "/etc/traefik/traefik.toml"
|
file = "/etc/traefik/traefik.toml"
|
||||||
}
|
}
|
||||||
|
|
||||||
upload {
|
upload {
|
||||||
content = "${file("/home/nemo/projects/personal/certs/git.captnemo.in/fullchain.pem")}"
|
content = file(
|
||||||
file = "/etc/traefik/git.captnemo.in.crt"
|
"/home/nemo/projects/personal/certs/git.captnemo.in/fullchain.pem",
|
||||||
|
)
|
||||||
|
file = "/etc/traefik/git.captnemo.in.crt"
|
||||||
}
|
}
|
||||||
|
|
||||||
upload {
|
upload {
|
||||||
content = "${file("/home/nemo/projects/personal/certs/git.captnemo.in/privkey.pem")}"
|
content = file(
|
||||||
file = "/etc/traefik/git.captnemo.in.key"
|
"/home/nemo/projects/personal/certs/git.captnemo.in/privkey.pem",
|
||||||
|
)
|
||||||
|
file = "/etc/traefik/git.captnemo.in.key"
|
||||||
}
|
}
|
||||||
|
|
||||||
upload {
|
upload {
|
||||||
content = "${file("/home/nemo/projects/personal/certs/rss.captnemo.in/fullchain.pem")}"
|
content = file(
|
||||||
file = "/etc/traefik/rss.captnemo.in.crt"
|
"/home/nemo/projects/personal/certs/lego/certificates/tatooine.club.key",
|
||||||
|
)
|
||||||
|
file = "/etc/traefik/tatooine.club.key"
|
||||||
}
|
}
|
||||||
|
|
||||||
upload {
|
upload {
|
||||||
content = "${file("/home/nemo/projects/personal/certs/rss.captnemo.in/privkey.pem")}"
|
content = file(
|
||||||
file = "/etc/traefik/rss.captnemo.in.key"
|
"/home/nemo/projects/personal/certs/lego/certificates/tatooine.club.crt",
|
||||||
|
)
|
||||||
|
file = "/etc/traefik/tatooine.club.crt"
|
||||||
}
|
}
|
||||||
|
|
||||||
upload {
|
upload {
|
||||||
content = "${file("/home/nemo/projects/personal/certs/emby.in.bb8.fun/privkey.pem")}"
|
content = file(
|
||||||
file = "/etc/traefik/emby.in.bb8.fun.key"
|
"/home/nemo/projects/personal/certs/rss.captnemo.in/fullchain.pem",
|
||||||
|
)
|
||||||
|
file = "/etc/traefik/rss.captnemo.in.crt"
|
||||||
}
|
}
|
||||||
|
|
||||||
upload {
|
upload {
|
||||||
content = "${file("/home/nemo/projects/personal/certs/emby.in.bb8.fun/fullchain.pem")}"
|
content = file(
|
||||||
file = "/etc/traefik/emby.in.bb8.fun.crt"
|
"/home/nemo/projects/personal/certs/rss.captnemo.in/privkey.pem",
|
||||||
|
)
|
||||||
|
file = "/etc/traefik/rss.captnemo.in.key"
|
||||||
}
|
}
|
||||||
|
|
||||||
volumes {
|
volumes {
|
||||||
@ -89,10 +104,20 @@ resource "docker_container" "traefik" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
memory = 256
|
memory = 256
|
||||||
restart = "unless-stopped"
|
restart = "always"
|
||||||
destroy_grace_seconds = 10
|
destroy_grace_seconds = 10
|
||||||
must_run = true
|
must_run = true
|
||||||
|
|
||||||
|
// `bridge` is auto-connected for now
|
||||||
|
// https://github.com/terraform-providers/terraform-provider-docker/issues/10
|
||||||
|
networks_advanced {
|
||||||
|
name = "traefik"
|
||||||
|
}
|
||||||
|
|
||||||
|
networks_advanced {
|
||||||
|
name = "bridge"
|
||||||
|
}
|
||||||
|
|
||||||
env = [
|
env = [
|
||||||
"CLOUDFLARE_EMAIL=${var.cloudflare_email}",
|
"CLOUDFLARE_EMAIL=${var.cloudflare_email}",
|
||||||
"CLOUDFLARE_API_KEY=${var.cloudflare_key}",
|
"CLOUDFLARE_API_KEY=${var.cloudflare_key}",
|
||||||
|
@ -1,49 +0,0 @@
|
|||||||
resource docker_container "transmission" {
|
|
||||||
name = "transmission"
|
|
||||||
image = "${docker_image.transmission.latest}"
|
|
||||||
|
|
||||||
labels = "${merge(
|
|
||||||
local.traefik_common_labels,
|
|
||||||
map(
|
|
||||||
"traefik.frontend.auth.basic", "${var.basic_auth}",
|
|
||||||
"traefik.port", 9091,
|
|
||||||
))}"
|
|
||||||
|
|
||||||
ports {
|
|
||||||
internal = 51413
|
|
||||||
external = 51413
|
|
||||||
ip = "${var.ips["eth0"]}"
|
|
||||||
protocol = "udp"
|
|
||||||
}
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
host_path = "/mnt/xwing/config/transmission"
|
|
||||||
container_path = "/config"
|
|
||||||
}
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
host_path = "/mnt/xwing/media/DL"
|
|
||||||
container_path = "/downloads"
|
|
||||||
}
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
host_path = "/mnt/xwing/data/watch/transmission"
|
|
||||||
container_path = "/watch"
|
|
||||||
}
|
|
||||||
|
|
||||||
upload {
|
|
||||||
content = "${file("${path.module}/conf/transmission.json")}"
|
|
||||||
file = "/config/settings.json"
|
|
||||||
}
|
|
||||||
|
|
||||||
env = [
|
|
||||||
"PGID=1003",
|
|
||||||
"PUID=1000",
|
|
||||||
"TZ=Asia/Kolkata",
|
|
||||||
]
|
|
||||||
|
|
||||||
memory = 1024
|
|
||||||
restart = "unless-stopped"
|
|
||||||
destroy_grace_seconds = 10
|
|
||||||
must_run = true
|
|
||||||
}
|
|
@ -1,6 +1,13 @@
|
|||||||
|
locals {
|
||||||
|
l = merge(local.traefik_common_labels, {
|
||||||
|
"traefik.port" = 3000
|
||||||
|
"traefik.frontend.rule" = "Host:${var.domain}"
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
resource "docker_container" "ubooquity" {
|
resource "docker_container" "ubooquity" {
|
||||||
name = "ubooquity"
|
name = "ubooquity"
|
||||||
image = "${docker_image.ubooquity.latest}"
|
image = docker_image.ubooquity.image_id
|
||||||
|
|
||||||
restart = "unless-stopped"
|
restart = "unless-stopped"
|
||||||
destroy_grace_seconds = 30
|
destroy_grace_seconds = 30
|
||||||
@ -25,28 +32,37 @@ resource "docker_container" "ubooquity" {
|
|||||||
host_path = "/mnt/xwing/media/EBooks/Comics"
|
host_path = "/mnt/xwing/media/EBooks/Comics"
|
||||||
container_path = "/comics"
|
container_path = "/comics"
|
||||||
}
|
}
|
||||||
|
|
||||||
labels {
|
labels {
|
||||||
"traefik.enable" = "true"
|
label = "traefik.enable"
|
||||||
|
value = "true"
|
||||||
"traefik.admin.port" = 2203
|
}
|
||||||
"traefik.admin.frontend.rule" = "Host:library.${var.domain}"
|
labels {
|
||||||
"traefik.admin.frontend.auth.basic" = "${var.basic_auth}"
|
label = "traefik.admin.port"
|
||||||
|
value = 2203
|
||||||
"traefik.read.port" = 2202
|
}
|
||||||
"traefik.read.frontend.rule" = "Host:read.${var.domain}"
|
labels {
|
||||||
|
label = "traefik.admin.frontend.rule"
|
||||||
"traefik.read.frontend.headers.SSLTemporaryRedirect" = "true"
|
value = "Host:library.${var.domain}"
|
||||||
"traefik.read.frontend.headers.STSSeconds" = "2592000"
|
}
|
||||||
"traefik.read.frontend.headers.STSIncludeSubdomains" = "false"
|
labels {
|
||||||
"traefik.read.frontend.headers.contentTypeNosniff" = "true"
|
label = "traefik.admin.frontend.auth.basic"
|
||||||
"traefik.read.frontend.headers.browserXSSFilter" = "true"
|
value = var.basic_auth
|
||||||
"traefik.read.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
|
}
|
||||||
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
labels {
|
||||||
|
label = "traefik.read.port"
|
||||||
|
value = 2202
|
||||||
|
}
|
||||||
|
labels {
|
||||||
|
label = "traefik.read.frontend.rule"
|
||||||
|
value = "Host:read.${var.domain},comics.${var.domain},books.${var.domain}"
|
||||||
|
}
|
||||||
|
labels {
|
||||||
|
label = "traefik.docker.network"
|
||||||
|
value = "traefik"
|
||||||
}
|
}
|
||||||
|
|
||||||
upload {
|
upload {
|
||||||
content = "${file("${path.module}/conf/ubooquity.json")}"
|
content = file("${path.module}/conf/ubooquity.json")
|
||||||
file = "/config/preferences.json"
|
file = "/config/preferences.json"
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -57,3 +73,4 @@ resource "docker_container" "ubooquity" {
|
|||||||
"MAXMEM=800",
|
"MAXMEM=800",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,22 +1,18 @@
|
|||||||
variable "web_username" {
|
variable "web_username" {
|
||||||
type = "string"
|
type = string
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "web_password" {
|
variable "web_password" {
|
||||||
type = "string"
|
type = string
|
||||||
}
|
|
||||||
|
|
||||||
variable "mysql_root_password" {
|
|
||||||
type = "string"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "cloudflare_key" {
|
variable "cloudflare_key" {
|
||||||
type = "string"
|
type = string
|
||||||
description = "cloudflare API Key"
|
description = "cloudflare API Key"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "cloudflare_email" {
|
variable "cloudflare_email" {
|
||||||
type = "string"
|
type = string
|
||||||
description = "cloudflare email address"
|
description = "cloudflare email address"
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -43,13 +39,15 @@ variable "refpolicy" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
variable "wiki_session_secret" {
|
variable "wiki_session_secret" {
|
||||||
type = "string"
|
type = string
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "domain" {
|
variable "domain" {
|
||||||
type = "string"
|
type = string
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "ips" {
|
variable "ips" {
|
||||||
type = "map"
|
type = map(string)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# variable "links-mariadb" {}
|
||||||
|
@ -1,7 +0,0 @@
|
|||||||
resource "docker_volume" "mariadb_volume" {
|
|
||||||
name = "mariadb_volume"
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "docker_volume" "mongorocks_data_volume" {
|
|
||||||
name = "mongorocks_data_volume"
|
|
||||||
}
|
|
@ -1,51 +0,0 @@
|
|||||||
resource "docker_container" "wiki" {
|
|
||||||
name = "wiki"
|
|
||||||
image = "${docker_image.wikijs.latest}"
|
|
||||||
|
|
||||||
restart = "unless-stopped"
|
|
||||||
destroy_grace_seconds = 30
|
|
||||||
must_run = true
|
|
||||||
memory = 300
|
|
||||||
|
|
||||||
upload {
|
|
||||||
content = "${file("${path.module}/conf/wiki.yml")}"
|
|
||||||
file = "/var/wiki/config.yml"
|
|
||||||
}
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
host_path = "/mnt/xwing/logs/wiki"
|
|
||||||
container_path = "/logs"
|
|
||||||
}
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
host_path = "/mnt/xwing/data/wiki/repo"
|
|
||||||
container_path = "/repo"
|
|
||||||
}
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
host_path = "/mnt/xwing/data/wiki/data"
|
|
||||||
container_path = "/data"
|
|
||||||
}
|
|
||||||
|
|
||||||
upload {
|
|
||||||
content = "${file("${path.module}/conf/humans.txt")}"
|
|
||||||
file = "/var/wiki/assets/humans.txt"
|
|
||||||
}
|
|
||||||
|
|
||||||
// The last header is a workaround for double header traefik bug
|
|
||||||
// This might be actually breaking iframe till the 1.5 Final release.
|
|
||||||
|
|
||||||
labels = "${merge(
|
|
||||||
local.traefik_common_labels,
|
|
||||||
map(
|
|
||||||
"traefik.frontend.rule", "Host:wiki.${var.domain}",
|
|
||||||
"traefik.frontend.passHostHeader", "true",
|
|
||||||
"traefik.port", 9999,
|
|
||||||
"traefik.frontend.headers.customResponseHeaders", "${var.xpoweredby}||Referrer-Policy:${var.refpolicy}||X-Frame-Options:${var.xfo_allow}",
|
|
||||||
))}"
|
|
||||||
links = ["${docker_container.mongorocks.name}"]
|
|
||||||
env = [
|
|
||||||
"WIKI_ADMIN_EMAIL=me@captnemo.in",
|
|
||||||
"SESSION_SECRET=${var.wiki_session_secret}",
|
|
||||||
]
|
|
||||||
}
|
|
12
echoserver.tf
Normal file
12
echoserver.tf
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
module "echo-server" {
|
||||||
|
source = "./modules/container"
|
||||||
|
name = "echo-server"
|
||||||
|
image = "jmalloc/echo-server:latest"
|
||||||
|
|
||||||
|
web = {
|
||||||
|
expose = "true"
|
||||||
|
port = 8080
|
||||||
|
host = "debug.${var.root-domain},debug.in.${var.root-domain}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
45
elibsrv.tf
Normal file
45
elibsrv.tf
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
module "elibsrv" {
|
||||||
|
name = "elibsrv"
|
||||||
|
source = "./modules/container"
|
||||||
|
image = "captn3m0/elibsrv"
|
||||||
|
|
||||||
|
resource = {
|
||||||
|
memory = 512
|
||||||
|
memory_swap = 512
|
||||||
|
}
|
||||||
|
|
||||||
|
web = {
|
||||||
|
expose = true
|
||||||
|
host = "ebooks.${var.root-domain}"
|
||||||
|
auth = true
|
||||||
|
}
|
||||||
|
|
||||||
|
volumes = [
|
||||||
|
{
|
||||||
|
host_path = "/mnt/xwing/media/EBooks"
|
||||||
|
container_path = "/books"
|
||||||
|
read_only = true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
host_path = "/mnt/xwing/config/elibsrv"
|
||||||
|
container_path = "/config"
|
||||||
|
read_only = true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
host_path = "/mnt/xwing/cache/elibsrv"
|
||||||
|
container_path = "/cache"
|
||||||
|
},
|
||||||
|
]
|
||||||
|
|
||||||
|
# The corresponding scan command is run using a cronjob
|
||||||
|
# `docker run --volume "/mnt/xwing/media/EBooks:/books:ro" --volume "/mnt/xwing/config/elibsrv:/config" --env "elibsrv_thumbheight=320" captn3m0/elibsrv scan
|
||||||
|
|
||||||
|
command = ["serve"]
|
||||||
|
keep_image = true
|
||||||
|
env = [
|
||||||
|
"elibsrv_thumbheight=320",
|
||||||
|
"elibsrv_title=Scarif Media Archives",
|
||||||
|
]
|
||||||
|
networks = ["bridge"]
|
||||||
|
}
|
||||||
|
|
@ -1,19 +1,27 @@
|
|||||||
; This file lists the default values used by Gitea
|
; This file lists the default values used by Gitea
|
||||||
; Copy required sections to your own app.ini (default is custom/conf/app.ini)
|
; Copy required sections to your own app.ini (default is custom/conf/app.ini)
|
||||||
; and modify as needed.
|
; and modify as needed.
|
||||||
|
; See the cheatsheet at https://docs.gitea.io/en-us/config-cheat-sheet/
|
||||||
|
; A sample file with all configuration documented is at https://github.com/go-gitea/gitea/blob/main/custom/conf/app.example.ini
|
||||||
|
|
||||||
; App name that shows on every page title
|
; App name that shows on every page title
|
||||||
APP_NAME = Nemo's code
|
APP_NAME = Nemo's code
|
||||||
RUN_MODE = prod
|
RUN_MODE = prod
|
||||||
RUN_USER = git
|
RUN_USER = git
|
||||||
|
WORK_PATH=/data/gitea
|
||||||
|
|
||||||
[repository]
|
[repository]
|
||||||
ROOT = /data/git/repositories
|
ROOT = /data/git/repositories
|
||||||
|
USE_COMPAT_SSH_URI = false
|
||||||
|
|
||||||
[repository.upload]
|
[repository.upload]
|
||||||
TEMP_PATH = /data/gitea/uploads
|
TEMP_PATH = /data/gitea/uploads
|
||||||
|
|
||||||
[ui]
|
[ui]
|
||||||
|
|
||||||
|
;; Number of issues that are displayed on one page
|
||||||
|
ISSUE_PAGING_NUM = 20
|
||||||
|
|
||||||
; Value of `theme-color` meta tag, used by Android >= 5.0
|
; Value of `theme-color` meta tag, used by Android >= 5.0
|
||||||
; An invalid color like "none" or "disable" will have the default style
|
; An invalid color like "none" or "disable" will have the default style
|
||||||
; More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android
|
; More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android
|
||||||
@ -33,6 +41,11 @@ NOTICE_PAGING_NUM = 25
|
|||||||
; Number of organization that are showed in one page
|
; Number of organization that are showed in one page
|
||||||
ORG_PAGING_NUM = 50
|
ORG_PAGING_NUM = 50
|
||||||
|
|
||||||
|
;; Whether to only show relevant repos on the explore page when no keyword is specified and default sorting is used.
|
||||||
|
;; A repo is considered irrelevant if it's a fork or if it has no metadata (no description, no icon, no topic).
|
||||||
|
|
||||||
|
ONLY_SHOW_RELEVANT_REPOS = true
|
||||||
|
|
||||||
[ui.user]
|
[ui.user]
|
||||||
; Number of repos that are showed in one page
|
; Number of repos that are showed in one page
|
||||||
REPO_PAGING_NUM = 15
|
REPO_PAGING_NUM = 15
|
||||||
@ -47,11 +60,12 @@ KEYWORDS = git, captnemo, git.captnemo.in, piratecoders
|
|||||||
ENABLE_HARD_LINE_BREAK = false
|
ENABLE_HARD_LINE_BREAK = false
|
||||||
; List of custom URL-Schemes that are allowed as links when rendering Markdown
|
; List of custom URL-Schemes that are allowed as links when rendering Markdown
|
||||||
; for example git,magnet
|
; for example git,magnet
|
||||||
CUSTOM_URL_SCHEMES = git,magnet,steam
|
CUSTOM_URL_SCHEMES = git,magnet,steam,irc,slack
|
||||||
; List of file extensions that should be rendered/edited as Markdown
|
|
||||||
; Separate extensions with a comma. To render files w/o extension as markdown, just put a comma
|
|
||||||
FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd
|
FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd
|
||||||
|
|
||||||
|
;; Enables math inline and block detection
|
||||||
|
ENABLE_MATH = true
|
||||||
|
|
||||||
; Define allowed algorithms and their minimum key length (use -1 to disable a type)
|
; Define allowed algorithms and their minimum key length (use -1 to disable a type)
|
||||||
[ssh.minimum_key_sizes]
|
[ssh.minimum_key_sizes]
|
||||||
ED25519 = 256
|
ED25519 = 256
|
||||||
@ -59,49 +73,48 @@ ECDSA = 256
|
|||||||
RSA = 2048
|
RSA = 2048
|
||||||
DSA = 1024
|
DSA = 1024
|
||||||
|
|
||||||
|
[lfs]
|
||||||
|
PATH=/data/gitea/lfs
|
||||||
|
|
||||||
[server]
|
[server]
|
||||||
APP_DATA_PATH = /data/gitea
|
APP_DATA_PATH = /data/gitea
|
||||||
SSH_DOMAIN = git.captnemo.in
|
|
||||||
HTTP_PORT = 3000
|
HTTP_PORT = 3000
|
||||||
ROOT_URL = https://git.captnemo.in/
|
ROOT_URL = https://git.captnemo.in/
|
||||||
DISABLE_SSH = false
|
DISABLE_SSH = true
|
||||||
SSH_PORT = 22
|
|
||||||
DOMAIN = git.captnemo.in
|
DOMAIN = git.captnemo.in
|
||||||
LFS_START_SERVER = true
|
LFS_START_SERVER = true
|
||||||
LFS_CONTENT_PATH = /data/gitea/lfs
|
LFS_JWT_SECRET = "${lfs-jwt-secret}"
|
||||||
LFS_JWT_SECRET = nsLco71Wn4iu_UzyDir0jzkCdJDya1L9N0KZfgew13E
|
|
||||||
OFFLINE_MODE = true
|
OFFLINE_MODE = true
|
||||||
|
LANDING_PAGE = explore
|
||||||
|
MINIMUM_KEY_SIZE_CHECK = true
|
||||||
|
|
||||||
|
# Uses the Mozilla Modern SSH Config params
|
||||||
|
SSH_SERVER_CIPHERS = chacha20-poly1305@openssh.com, aes256-gcm@openssh.com, aes128-gcm@openssh.com, aes256-ctr, aes192-ctr, aes128-ctr
|
||||||
|
SSH_SERVER_KEY_EXCHANGES = curve25519-sha256@libssh.org, ecdh-sha2-nistp521, ecdh-sha2-nistp384, ecdh-sha2-nistp256, diffie-hellman-group-exchange-sha256
|
||||||
|
SSH_SERVER_MACS = hmac-sha2-512-etm@openssh.com, hmac-sha2-256-etm@openssh.com, umac-128-etm@openssh.com, hmac-sha2-512, hmac-sha2-256, umac-128@openssh.com
|
||||||
|
|
||||||
|
DISABLE_ROUTER_LOG = true
|
||||||
|
ENABLE_GZIP = true
|
||||||
[database]
|
[database]
|
||||||
|
|
||||||
; TODO
|
; TODO
|
||||||
; ; Either "mysql", "postgres", "mssql" or "sqlite3", it's your choice
|
; ; Either "mysql", "postgres", "mssql" or "sqlite3", it's your choice
|
||||||
; DB_TYPE = mysql
|
DB_TYPE = sqlite3
|
||||||
; HOST = 127.0.0.1:3306
|
HOST = mariadb:3306
|
||||||
; NAME = gitea
|
NAME = gitea
|
||||||
; USER = root
|
USER = gitea
|
||||||
; PASSWD =
|
; PASSWD = "mysql-password"
|
||||||
; ; For "postgres" only, either "disable", "require" or "verify-full"
|
; ; For "postgres" only, either "disable", "require" or "verify-full"
|
||||||
; SSL_MODE = disable
|
; SSL_MODE = disable
|
||||||
; ; For "sqlite3" and "tidb", use absolute path when you start as service
|
; ; For "sqlite3" and "tidb", use absolute path when you start as service
|
||||||
; PATH = data/gitea.db
|
PATH = /data/gitea/gitea.db
|
||||||
; ; For "sqlite3" only. Query timeout
|
; ; For "sqlite3" only. Query timeout
|
||||||
; SQLITE_TIMEOUT = 500
|
SQLITE_TIMEOUT = 500
|
||||||
; ; For iterate buffer, default is 50
|
; ; For iterate buffer, default is 50
|
||||||
; ITERATE_BUFFER_SIZE = 50
|
; ITERATE_BUFFER_SIZE = 50
|
||||||
|
; Show the database generated SQL
|
||||||
PATH = /data/gitea/gitea.db
|
LOG_SQL = false
|
||||||
DB_TYPE = sqlite3
|
SQLITE_JOURNAL_MODE = WAL
|
||||||
HOST = localhost:3306
|
|
||||||
NAME = gitea
|
|
||||||
USER = root
|
|
||||||
PASSWD =
|
|
||||||
SSL_MODE = disable
|
|
||||||
|
|
||||||
[session]
|
|
||||||
PROVIDER_CONFIG = /data/gitea/sessions
|
|
||||||
PROVIDER = file
|
|
||||||
|
|
||||||
[picture]
|
[picture]
|
||||||
AVATAR_UPLOAD_PATH = /data/gitea/avatars
|
AVATAR_UPLOAD_PATH = /data/gitea/avatars
|
||||||
@ -111,33 +124,25 @@ ENABLE_FEDERATED_AVATAR = false
|
|||||||
[indexer]
|
[indexer]
|
||||||
ISSUE_INDEXER_PATH = indexers/issues.bleve
|
ISSUE_INDEXER_PATH = indexers/issues.bleve
|
||||||
; repo indexer by default disabled, since it uses a lot of disk space
|
; repo indexer by default disabled, since it uses a lot of disk space
|
||||||
REPO_INDEXER_ENABLED = false
|
REPO_INDEXER_ENABLED = true
|
||||||
REPO_INDEXER_PATH = indexers/repos.bleve
|
REPO_INDEXER_PATH = indexers/repos.bleve
|
||||||
UPDATE_BUFFER_LEN = 20
|
|
||||||
MAX_FILE_SIZE = 1048576
|
MAX_FILE_SIZE = 1048576
|
||||||
|
|
||||||
|
[queue.issue_indexer]
|
||||||
|
LENGTH = 100
|
||||||
|
|
||||||
[admin]
|
[admin]
|
||||||
; Disable regular (non-admin) users to create organizations
|
; Disable regular (non-admin) users to create organizations
|
||||||
DISABLE_REGULAR_ORG_CREATION = false
|
DISABLE_REGULAR_ORG_CREATION = false
|
||||||
|
|
||||||
[security]
|
[security]
|
||||||
; Whether the installer is disabled
|
|
||||||
INSTALL_LOCK = true
|
INSTALL_LOCK = true
|
||||||
; Auto-login remember days
|
|
||||||
LOGIN_REMEMBER_DAYS = 30
|
LOGIN_REMEMBER_DAYS = 30
|
||||||
; COOKIE_USERNAME = gitea_awesome
|
|
||||||
; COOKIE_REMEMBER_NAME = gitea_incredible
|
|
||||||
; Reverse proxy authentication header name of user name
|
|
||||||
; REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
|
|
||||||
; Sets the minimum password length for new Users
|
|
||||||
MIN_PASSWORD_LENGTH = 10
|
MIN_PASSWORD_LENGTH = 10
|
||||||
; True when users are allowed to import local server paths
|
IMPORT_LOCAL_PATHS = true
|
||||||
IMPORT_LOCAL_PATHS = false
|
|
||||||
; Prevent all users (including admin) from creating custom git hooks
|
|
||||||
DISABLE_GIT_HOOKS = true
|
DISABLE_GIT_HOOKS = true
|
||||||
|
SECRET_KEY = "${secret_key}"
|
||||||
SECRET_KEY = ${secret_key}
|
INTERNAL_TOKEN = "${internal_token}"
|
||||||
INTERNAL_TOKEN = ${internal_token}
|
|
||||||
|
|
||||||
[service]
|
[service]
|
||||||
; ; More detail: https://github.com/gogits/gogs/issues/165
|
; ; More detail: https://github.com/gogits/gogs/issues/165
|
||||||
@ -150,14 +155,16 @@ ACTIVE_CODE_LIVE_MINUTES = 15
|
|||||||
RESET_PASSWD_CODE_LIVE_MINUTES = 30
|
RESET_PASSWD_CODE_LIVE_MINUTES = 30
|
||||||
REGISTER_EMAIL_CONFIRM = true
|
REGISTER_EMAIL_CONFIRM = true
|
||||||
ENABLE_NOTIFY_MAIL = true
|
ENABLE_NOTIFY_MAIL = true
|
||||||
DISABLE_REGISTRATION = false
|
DISABLE_REGISTRATION = true
|
||||||
; ; Enable captcha validation for registration
|
; ; Enable captcha validation for registration
|
||||||
ENABLE_CAPTCHA = true
|
ENABLE_CAPTCHA = true
|
||||||
|
REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA = true
|
||||||
|
CAPTCHA_TYPE = image
|
||||||
; ; User must sign in to view anything.
|
; ; User must sign in to view anything.
|
||||||
REQUIRE_SIGNIN_VIEW = false
|
REQUIRE_SIGNIN_VIEW = false
|
||||||
; ; Default value for KeepEmailPrivate
|
; ; Default value for KeepEmailPrivate
|
||||||
; ; New user will get the value of this setting copied into their profile
|
; ; New user will get the value of this setting copied into their profile
|
||||||
DEFAULT_KEEP_EMAIL_PRIVATE = false
|
DEFAULT_KEEP_EMAIL_PRIVATE = true
|
||||||
; ; Default value for AllowCreateOrganization
|
; ; Default value for AllowCreateOrganization
|
||||||
; ; New user will have rights set to create organizations depending on this setting
|
; ; New user will have rights set to create organizations depending on this setting
|
||||||
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
|
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
|
||||||
@ -170,174 +177,59 @@ NO_REPLY_ADDRESS = noreply.example.org
|
|||||||
ENABLE_REVERSE_PROXY_AUTHENTICATION = false
|
ENABLE_REVERSE_PROXY_AUTHENTICATION = false
|
||||||
ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
|
ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
|
||||||
|
|
||||||
; [webhook]
|
|
||||||
; ; Hook task queue length, increase if webhook shooting starts hanging
|
|
||||||
; QUEUE_LENGTH = 1000
|
|
||||||
; ; Deliver timeout in seconds
|
|
||||||
; DELIVER_TIMEOUT = 5
|
|
||||||
; ; Allow insecure certification
|
|
||||||
; SKIP_TLS_VERIFY = false
|
|
||||||
; ; Number of history information in each page
|
|
||||||
; PAGING_NUM = 10
|
|
||||||
|
|
||||||
[mailer]
|
[mailer]
|
||||||
ENABLED = true
|
ENABLED = true
|
||||||
; ; Buffer length of channel, keep it as it is if you don't know what it is.
|
|
||||||
; SEND_BUFFER_LEN = 100
|
|
||||||
; ; Name displayed in mail title
|
|
||||||
; SUBJECT = %(APP_NAME)s
|
|
||||||
; ; Mail server
|
|
||||||
; ; Gmail: smtp.gmail.com:587
|
|
||||||
; ; QQ: smtp.qq.com:465
|
|
||||||
; ; Note, if the port ends with "465", SMTPS will be used. Using STARTTLS on port 587 is recommended per RFC 6409. If the server supports STARTTLS it will always be used.
|
|
||||||
HOST = smtp.migadu.com:587
|
|
||||||
; ; Disable HELO operation when hostname are different.
|
|
||||||
; DISABLE_HELO =
|
|
||||||
; ; Custom hostname for HELO operation, default is from system.
|
|
||||||
; HELO_HOSTNAME =
|
|
||||||
; ; Do not verify the certificate of the server. Only use this for self-signed certificates
|
|
||||||
; SKIP_VERIFY =
|
|
||||||
; ; Use client certificate
|
|
||||||
; USE_CERTIFICATE = false
|
|
||||||
; CERT_FILE = custom/mailer/cert.pem
|
|
||||||
; KEY_FILE = custom/mailer/key.pem
|
|
||||||
; ; Mail from address, RFC 5322. This can be just an email address, or the `"Name" <email@example.com>` format
|
|
||||||
FROM = git@captnemo.in
|
FROM = git@captnemo.in
|
||||||
; ; Mailer user name and password
|
|
||||||
USER = git@captnemo.in
|
USER = git@captnemo.in
|
||||||
PASSWD = ${smtp_password}
|
PASSWD = ${smtp_password}
|
||||||
; ; Send mails as plain text
|
PROTOCOL = smtps
|
||||||
|
SMTP_ADDR = smtp.migadu.com
|
||||||
|
SMTP_PORT = 465
|
||||||
SEND_AS_PLAIN_TEXT = true
|
SEND_AS_PLAIN_TEXT = true
|
||||||
; ; Enable sendmail (override SMTP)
|
SUBJECT_PREFIX = "[git.captnemo.in] "
|
||||||
; USE_SENDMAIL = false
|
|
||||||
; ; Specify an alternative sendmail binary
|
|
||||||
; SENDMAIL_PATH = sendmail
|
|
||||||
; ; Specify any extra sendmail arguments
|
|
||||||
; SENDMAIL_ARGS =
|
|
||||||
|
|
||||||
; [cache]
|
[cache]
|
||||||
; ; Either "memory", "redis", or "memcache", default is "memory"
|
ADAPTER = redis
|
||||||
; ADAPTER = memory
|
HOST = "network=tcp,addr=gitea-redis:6379,db=0,pool_size=100,idle_timeout=180"
|
||||||
; ; For "memory" only, GC interval in seconds, default is 60
|
|
||||||
; INTERVAL = 60
|
|
||||||
; ; For "redis" and "memcache", connection host address
|
|
||||||
; ; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
|
|
||||||
; ; memcache: `127.0.0.1:11211`
|
|
||||||
; HOST =
|
|
||||||
; ; Time to keep items in cache if not used, default is 16 hours.
|
|
||||||
; ; Setting it to 0 disables caching
|
|
||||||
; ITEM_TTL = 16h
|
|
||||||
|
|
||||||
[session]
|
[session]
|
||||||
; ; Either "memory", "file", or "redis", default is "memory"
|
; ; Either "memory", "file", or "redis", default is "memory"
|
||||||
; PROVIDER = memory
|
PROVIDER = redis
|
||||||
; ; Provider config options
|
; Provider config options
|
||||||
; ; memory: not have any config yet
|
; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
|
||||||
; ; file: session file path, e.g. `data/sessions`
|
PROVIDER_CONFIG = "network=tcp,addr=gitea-redis:6379,db=1,pool_size=100,idle_timeout=180"
|
||||||
; ; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
|
|
||||||
; ; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
|
|
||||||
; PROVIDER_CONFIG = data/sessions
|
|
||||||
; ; Session cookie name
|
|
||||||
COOKIE_NAME = i_like_gitea
|
|
||||||
; ; If you use session in https only, default is false
|
; ; If you use session in https only, default is false
|
||||||
COOKIE_SECURE = true
|
COOKIE_SECURE = true
|
||||||
; ; Enable set cookie, default is true
|
; SameSite settings. Either "none", "lax", or "strict"
|
||||||
ENABLE_SET_COOKIE = true
|
SAME_SITE = strict
|
||||||
; ; Session GC time interval in seconds, default is 86400 (1 day)
|
|
||||||
; GC_INTERVAL_TIME = 86400
|
[migrations]
|
||||||
; ; Session life time in seconds, default is 86400 (1 day)
|
ALLOWED_DOMAINS = github.com
|
||||||
SESSION_LIFE_TIME = 2592000
|
ALLOW_LOCALNETWORKS = false
|
||||||
|
|
||||||
; [picture]
|
|
||||||
; AVATAR_UPLOAD_PATH = data/avatars
|
|
||||||
; ; Chinese users can choose "duoshuo"
|
|
||||||
; ; or a custom avatar source, like: http://cn.gravatar.com/avatar/
|
|
||||||
; GRAVATAR_SOURCE = gravatar
|
|
||||||
; ; This value will be forced to be true in offline mode.
|
|
||||||
; DISABLE_GRAVATAR = false
|
|
||||||
; ; Federated avatar lookup uses DNS to discover avatar associated
|
|
||||||
; ; with emails, see https://www.libravatar.org
|
|
||||||
; ; This value will be forced to be false in offline mode or Gravatar is disabled.
|
|
||||||
; ENABLE_FEDERATED_AVATAR = false
|
|
||||||
|
|
||||||
[attachment]
|
[attachment]
|
||||||
; ; Whether attachments are enabled. Defaults to `true`
|
; ; Whether attachments are enabled. Defaults to `true`
|
||||||
ENABLE = true
|
ENABLE = true
|
||||||
; ; Path for attachments. Defaults to `data/attachments`
|
|
||||||
PATH = data/attachments
|
|
||||||
; ; One or more allowed types, e.g. image/jpeg|image/png
|
; ; One or more allowed types, e.g. image/jpeg|image/png
|
||||||
ALLOWED_TYPES = image/jpeg|image/png|application/zip|application/gzip|application/pdf|text/csv
|
ALLOWED_TYPES = image/jpeg|image/png|application/zip|application/gzip|application/pdf|text/csv
|
||||||
; ; Max size of each file. Defaults to 32MB
|
; ; Max size of each file. Defaults to 32MB
|
||||||
; MAX_SIZE = 4
|
MAX_SIZE = 200
|
||||||
; ; Max number of files per upload. Defaults to 10
|
; ; Max number of files per upload. Defaults to 10
|
||||||
; MAX_FILES = 5
|
MAX_FILES = 10
|
||||||
|
|
||||||
; [time]
|
[log]
|
||||||
; ; Specifies the format for fully outputted dates. Defaults to RFC1123
|
; Either "console", "file", "conn", "smtp" or "database", default is "console"
|
||||||
; ; Special supported values are ANSIC, UnixDate, RubyDate, RFC822, RFC822Z, RFC850, RFC1123, RFC1123Z, RFC3339, RFC3339Nano, Kitchen, Stamp, StampMilli, StampMicro and StampNano
|
; Use comma to separate multiple modes, e.g. "console, file"
|
||||||
; ; For more information about the format see http://golang.org/pkg/time/#pkg-constants
|
MODE = console
|
||||||
; FORMAT =
|
; Buffer length of the channel, keep it as it is if you don't know what it is.
|
||||||
|
BUFFER_LEN = 10000
|
||||||
; [log]
|
; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
|
||||||
; ROOT_PATH =
|
LEVEL = Warn
|
||||||
; ; Either "console", "file", "conn", "smtp" or "database", default is "console"
|
REDIRECT_MACARON_LOG = true
|
||||||
; ; Use comma to separate multiple modes, e.g. "console, file"
|
ROUTER_LOG_LEVEL = Critical
|
||||||
; MODE = console
|
logger.access.MODE=,
|
||||||
; ; Buffer length of channel, keep it as it is if you don't know what it is.
|
logger.xorm.MODE=,
|
||||||
; BUFFER_LEN = 10000
|
|
||||||
; ; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
|
|
||||||
LEVEL = Info
|
|
||||||
|
|
||||||
; ; For "console" mode only
|
|
||||||
; [log.console]
|
|
||||||
; LEVEL =
|
|
||||||
|
|
||||||
; ; For "file" mode only
|
|
||||||
; [log.file]
|
|
||||||
; LEVEL =
|
|
||||||
; ; This enables automated log rotate(switch of following options), default is true
|
|
||||||
; LOG_ROTATE = true
|
|
||||||
; ; Max line number of single file, default is 1000000
|
|
||||||
; MAX_LINES = 1000000
|
|
||||||
; ; Max size shift of single file, default is 28 means 1 << 28, 256MB
|
|
||||||
; MAX_SIZE_SHIFT = 28
|
|
||||||
; ; Segment log daily, default is true
|
|
||||||
; DAILY_ROTATE = true
|
|
||||||
; ; Expired days of log file(delete after max days), default is 7
|
|
||||||
; MAX_DAYS = 7
|
|
||||||
|
|
||||||
; ; For "conn" mode only
|
|
||||||
; [log.conn]
|
|
||||||
; LEVEL =
|
|
||||||
; ; Reconnect host for every single message, default is false
|
|
||||||
; RECONNECT_ON_MSG = false
|
|
||||||
; ; Try to reconnect when connection is lost, default is false
|
|
||||||
; RECONNECT = false
|
|
||||||
; ; Either "tcp", "unix" or "udp", default is "tcp"
|
|
||||||
; PROTOCOL = tcp
|
|
||||||
; ; Host address
|
|
||||||
; ADDR =
|
|
||||||
|
|
||||||
; ; For "smtp" mode only
|
|
||||||
; [log.smtp]
|
|
||||||
; LEVEL =
|
|
||||||
; ; Name displayed in mail title, default is "Diagnostic message from server"
|
|
||||||
; SUBJECT = Diagnostic message from server
|
|
||||||
; ; Mail server
|
|
||||||
; HOST =
|
|
||||||
; ; Mailer user name and password
|
|
||||||
; USER =
|
|
||||||
; PASSWD =
|
|
||||||
; ; Receivers, can be one or more, e.g. 1@example.com,2@example.com
|
|
||||||
; RECEIVERS =
|
|
||||||
|
|
||||||
; ; For "database" mode only
|
|
||||||
; [log.database]
|
|
||||||
; LEVEL =
|
|
||||||
; ; Either "mysql" or "postgres"
|
|
||||||
; DRIVER =
|
|
||||||
; ; Based on xorm, e.g.: root:root@localhost/gitea?charset=utf8
|
|
||||||
; CONN =
|
|
||||||
|
|
||||||
[cron]
|
[cron]
|
||||||
; Enable running cron tasks periodically.
|
; Enable running cron tasks periodically.
|
||||||
@ -345,107 +237,34 @@ ENABLED = true
|
|||||||
; ; Run cron tasks when Gitea starts.
|
; ; Run cron tasks when Gitea starts.
|
||||||
RUN_AT_START = false
|
RUN_AT_START = false
|
||||||
|
|
||||||
|
[cron.archive_cleanup]
|
||||||
|
RUN_AT_START = true
|
||||||
|
SCHEDULE = @midnight
|
||||||
|
; Archives created more than OLDER_THAN ago are subject to deletion
|
||||||
|
OLDER_THAN = 24h
|
||||||
|
|
||||||
; ; Update mirrors
|
; ; Update mirrors
|
||||||
[cron.update_mirrors]
|
[cron.update_mirrors]
|
||||||
SCHEDULE = @every 3h
|
SCHEDULE = @every 3h
|
||||||
|
|
||||||
; ; Repository health check
|
|
||||||
; [cron.repo_health_check]
|
|
||||||
; SCHEDULE = @every 24h
|
|
||||||
; TIMEOUT = 60s
|
|
||||||
; ; Arguments for command 'git fsck', e.g. "--unreachable --tags"
|
|
||||||
; ; see more on http://git-scm.com/docs/git-fsck/1.7.5
|
|
||||||
; ARGS =
|
|
||||||
|
|
||||||
; ; Check repository statistics
|
; Repository health check
|
||||||
; [cron.check_repo_stats]
|
[cron.repo_health_check]
|
||||||
; RUN_AT_START = true
|
SCHEDULE = @midnight
|
||||||
; SCHEDULE = @every 24h
|
TIMEOUT = 60s
|
||||||
|
; Arguments for command 'git fsck', e.g. "--unreachable --tags"
|
||||||
|
; see more on http://git-scm.com/docs/git-fsck
|
||||||
|
ARGS =
|
||||||
|
|
||||||
; ; Clean up old repository archives
|
; Check repository statistics
|
||||||
; [cron.archive_cleanup]
|
[cron.check_repo_stats]
|
||||||
; ; Whether to enable the job
|
RUN_AT_START = true
|
||||||
; ENABLED = true
|
SCHEDULE = @midnight
|
||||||
; ; Whether to always run at least once at start up time (if ENABLED)
|
|
||||||
; RUN_AT_START = true
|
|
||||||
; ; Time interval for job to run
|
|
||||||
; SCHEDULE = @every 24h
|
|
||||||
; ; Archives created more than OLDER_THAN ago are subject to deletion
|
|
||||||
; OLDER_THAN = 24h
|
|
||||||
|
|
||||||
; ; Synchronize external user data (only LDAP user synchronization is supported)
|
|
||||||
; [cron.sync_external_users]
|
|
||||||
; ; Synchronize external user data when starting server (default false)
|
|
||||||
; RUN_AT_START = false
|
|
||||||
; ; Interval as a duration between each synchronization (default every 24h)
|
|
||||||
; SCHEDULE = @every 24h
|
|
||||||
; ; Create new users, update existing user data and disable users that are not in external source anymore (default)
|
|
||||||
; ; or only create new users if UPDATE_EXISTING is set to false
|
|
||||||
; UPDATE_EXISTING = true
|
|
||||||
|
|
||||||
; [git]
|
|
||||||
; ; Disables highlight of added and removed changes
|
|
||||||
; DISABLE_DIFF_HIGHLIGHT = false
|
|
||||||
; ; Max number of lines allowed of a single file in diff view
|
|
||||||
; MAX_GIT_DIFF_LINES = 1000
|
|
||||||
; ; Max number of characters of a line allowed in diff view
|
|
||||||
; MAX_GIT_DIFF_LINE_CHARACTERS = 5000
|
|
||||||
; ; Max number of files shown in diff view
|
|
||||||
; MAX_GIT_DIFF_FILES = 100
|
|
||||||
; ; Arguments for command 'git gc', e.g. "--aggressive --auto"
|
|
||||||
; ; see more on http://git-scm.com/docs/git-gc/1.7.5
|
|
||||||
; GC_ARGS =
|
|
||||||
|
|
||||||
; ; Operation timeout in seconds
|
|
||||||
[git.timeout]
|
|
||||||
MIGRATE = 600
|
|
||||||
MIRROR = 300
|
|
||||||
CLONE = 300
|
|
||||||
PULL = 300
|
|
||||||
GC = 60
|
|
||||||
|
|
||||||
; [mirror]
|
|
||||||
; ; Default interval as a duration between each check
|
|
||||||
; DEFAULT_INTERVAL = 8h
|
|
||||||
; ; Min interval as a duration must be > 1m
|
|
||||||
; MIN_INTERVAL = 10m
|
|
||||||
|
|
||||||
[api]
|
[api]
|
||||||
; Max number of items will response in a page
|
; Max number of items will response in a page
|
||||||
MAX_RESPONSE_ITEMS = 100
|
MAX_RESPONSE_ITEMS = 100
|
||||||
|
|
||||||
; [i18n]
|
|
||||||
; LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,ja-JP,es-ES,pt-BR,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR
|
|
||||||
; NAMES = English,简体中文,繁體中文(香港),繁體中文(台灣),Deutsch,français,Nederlands,latviešu,русский,日本語,español,português do Brasil,polski,български,italiano,suomi,Türkçe,čeština,српски,svenska,한국어
|
|
||||||
|
|
||||||
; ; Used for datetimepicker
|
|
||||||
; [i18n.datelang]
|
|
||||||
; en-US = en
|
|
||||||
; zh-CN = zh
|
|
||||||
; zh-HK = zh-TW
|
|
||||||
; zh-TW = zh-TW
|
|
||||||
; de-DE = de
|
|
||||||
; fr-FR = fr
|
|
||||||
; nl-NL = nl
|
|
||||||
; lv-LV = lv
|
|
||||||
; ru-RU = ru
|
|
||||||
; ja-JP = ja
|
|
||||||
; es-ES = es
|
|
||||||
; pt-BR = pt-BR
|
|
||||||
; pl-PL = pl
|
|
||||||
; bg-BG = bg
|
|
||||||
; it-IT = it
|
|
||||||
; fi-FI = fi
|
|
||||||
; tr-TR = tr
|
|
||||||
; cs-CZ = cs-CZ
|
|
||||||
; sr-SP = sr
|
|
||||||
; sv-SE = sv
|
|
||||||
; ko-KR = ko
|
|
||||||
|
|
||||||
; ; Extension mapping to highlight class
|
|
||||||
; ; e.g. .toml=ini
|
|
||||||
; [highlight.mapping]
|
|
||||||
|
|
||||||
[other]
|
[other]
|
||||||
SHOW_FOOTER_BRANDING = false
|
SHOW_FOOTER_BRANDING = false
|
||||||
; Show version information about Gitea and Go in the footer
|
; Show version information about Gitea and Go in the footer
|
||||||
@ -453,16 +272,42 @@ SHOW_FOOTER_VERSION = true
|
|||||||
; Show time of template execution in the footer
|
; Show time of template execution in the footer
|
||||||
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false
|
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false
|
||||||
|
|
||||||
; [markup.asciidoc]
|
|
||||||
; ENABLED = false
|
|
||||||
; ; List of file extensions that should be rendered by an external command
|
|
||||||
; FILE_EXTENSIONS = .adoc,.asciidoc
|
|
||||||
; ; External command to render all matching extensions
|
|
||||||
; RENDER_COMMAND = "asciidoc --out-file=- -"
|
|
||||||
; ; Input is not a standard input but a file
|
|
||||||
; IS_INPUT_FILE = false
|
|
||||||
|
|
||||||
|
|
||||||
[openid]
|
[openid]
|
||||||
ENABLE_OPENID_SIGNIN = true
|
ENABLE_OPENID_SIGNIN = true
|
||||||
ENABLE_OPENID_SIGNUP = true
|
ENABLE_OPENID_SIGNUP = false
|
||||||
|
|
||||||
|
[metrics]
|
||||||
|
; Enables metrics endpoint. True or false; default is false.
|
||||||
|
ENABLED = true
|
||||||
|
|
||||||
|
[oauth2]
|
||||||
|
ENABLE = false
|
||||||
|
; this is same as JWT secret above
|
||||||
|
JWT_SECRET = "${oauth2-jwt-secret}"
|
||||||
|
|
||||||
|
[federation]
|
||||||
|
ENABLED=false
|
||||||
|
;; Enable/Disable user statistics for nodeinfo if federation is enabled
|
||||||
|
;SHARE_USER_STATISTICS = true
|
||||||
|
;;
|
||||||
|
;; Maximum federation request and response size (MB)
|
||||||
|
;MAX_SIZE = 4
|
||||||
|
;;
|
||||||
|
;; WARNING: Changing the settings below can break federation.
|
||||||
|
;;
|
||||||
|
;; HTTP signature algorithms
|
||||||
|
;ALGORITHMS = rsa-sha256, rsa-sha512, ed25519
|
||||||
|
;;
|
||||||
|
;; HTTP signature digest algorithm
|
||||||
|
;DIGEST_ALGORITHM = SHA-256
|
||||||
|
;;
|
||||||
|
;; GET headers for federation requests
|
||||||
|
;GET_HEADERS = (request-target), Date
|
||||||
|
;;
|
||||||
|
;; POST headers for federation requests
|
||||||
|
;POST_HEADERS = (request-target), Date, Digest
|
||||||
|
|
||||||
|
|
||||||
|
[packages]
|
||||||
|
;; Enable/Disable package registry capabilities
|
||||||
|
ENABLED = true
|
||||||
|
56
gitea/conf/public/img/favicon.svg
Normal file
56
gitea/conf/public/img/favicon.svg
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||||
|
<svg
|
||||||
|
version="1.0"
|
||||||
|
width="2000.000000pt"
|
||||||
|
height="2000.000000pt"
|
||||||
|
viewBox="0 0 2000.000000 2000.000000"
|
||||||
|
preserveAspectRatio="xMidYMid meet"
|
||||||
|
id="svg10"
|
||||||
|
sodipodi:docname="favicon.svg"
|
||||||
|
inkscape:version="1.2.2 (b0a8486541, 2022-12-01)"
|
||||||
|
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
|
||||||
|
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
|
||||||
|
xmlns="http://www.w3.org/2000/svg"
|
||||||
|
xmlns:svg="http://www.w3.org/2000/svg">
|
||||||
|
<defs
|
||||||
|
id="defs14" />
|
||||||
|
<sodipodi:namedview
|
||||||
|
id="namedview12"
|
||||||
|
pagecolor="#ffffff"
|
||||||
|
bordercolor="#666666"
|
||||||
|
borderopacity="1.0"
|
||||||
|
inkscape:showpageshadow="2"
|
||||||
|
inkscape:pageopacity="0.0"
|
||||||
|
inkscape:pagecheckerboard="0"
|
||||||
|
inkscape:deskcolor="#d1d1d1"
|
||||||
|
inkscape:document-units="pt"
|
||||||
|
showgrid="false"
|
||||||
|
inkscape:zoom="0.23281491"
|
||||||
|
inkscape:cx="1232.7389"
|
||||||
|
inkscape:cy="1415.2874"
|
||||||
|
inkscape:window-width="1920"
|
||||||
|
inkscape:window-height="1037"
|
||||||
|
inkscape:window-x="0"
|
||||||
|
inkscape:window-y="18"
|
||||||
|
inkscape:window-maximized="1"
|
||||||
|
inkscape:current-layer="g8" />
|
||||||
|
<metadata
|
||||||
|
id="metadata2">
|
||||||
|
Created by potrace 1.16, written by Peter Selinger 2001-2019
|
||||||
|
</metadata>
|
||||||
|
<g
|
||||||
|
transform="translate(0.000000,2000.000000) scale(0.100000,-0.100000)"
|
||||||
|
fill="#000000"
|
||||||
|
stroke="none"
|
||||||
|
id="g8"
|
||||||
|
style="fill:#000080">
|
||||||
|
<path
|
||||||
|
d="M0 10000 l0 -10000 10000 0 10000 0 0 10000 0 10000 -10000 0 -10000 0 0 -10000z m11852 5356 c553 -141 882 -698 738 -1251 -27 -102 -104 -261 -168 -346 -71 -94 -197 -207 -296 -265 -109 -65 -274 -121 -405 -136 l-100 -12 -90 -221 c-69 -169 -87 -222 -76 -227 12 -7 1420 -613 2145 -923 162 -69 310 -132 328 -140 31 -14 32 -16 20 -44 -7 -15 -55 -127 -107 -247 -52 -121 -96 -221 -98 -223 -4 -5 -131 48 -1385 585 -608 261 -1111 474 -1116 474 -5 0 -19 -24 -31 -52 -76 -181 -1440 -3576 -1474 -3667 -16 -43 -21 -81 -21 -166 -1 -99 2 -116 26 -167 38 -81 83 -133 158 -182 160 -104 244 -120 614 -113 383 7 564 38 731 125 90 47 218 173 263 258 67 128 79 306 32 471 -11 40 -20 75 -20 78 0 3 91 5 203 5 402 0 680 43 1017 156 226 76 540 218 768 348 35 20 66 36 68 36 9 0 3 -122 -11 -237 -57 -462 -214 -845 -470 -1152 -100 -119 -281 -291 -403 -383 -92 -70 -344 -228 -363 -228 -4 0 -35 29 -70 65 -105 109 -219 151 -345 125 -36 -7 -108 -38 -184 -78 -489 -261 -847 -376 -1345 -434 -180 -21 -653 -15 -955 11 -140 13 -338 25 -440 28 l-185 5 125 -126 125 -126 75 6 c97 8 170 -17 234 -82 65 -64 90 -137 82 -234 l-6 -75 206 -206 206 -207 83 6 c73 4 89 2 137 -20 184 -84 232 -302 100 -449 -67 -75 -110 -94 -212 -94 -68 0 -93 5 -125 22 -51 27 -119 100 -140 150 -19 43 -24 127 -12 188 l8 40 -201 200 -200 200 0 -531 0 -531 26 -14 c41 -22 101 -96 118 -146 38 -110 8 -222 -80 -302 -96 -88 -207 -103 -321 -45 -134 69 -192 232 -130 367 26 58 83 119 128 139 l29 13 0 531 0 532 -28 11 c-42 18 -108 89 -132 144 -24 53 -28 144 -10 191 11 30 9 32 -203 245 -117 119 -219 230 -226 246 -44 103 -170 239 -486 523 -412 371 -643 616 -819 865 -236 336 -397 688 -501 1092 -44 170 -80 249 -141 305 -76 70 -138 92 -263 95 l-106 2 -28 109 c-49 190 -70 366 -71 589 -1 220 10 324 54 505 61 246 161 471 308 691 134 200 315 410 326 378 3 -8 19 -68 36 -134 136 -520 354 -976 638 -1332 95 -119 277 -319 322 -354 l33 -25 -89 -49 c-166 -93 -288 -240 -324 -393 -15 -66 -15 -212 0 -289 24 -120 126 -300 267 -476 139 -172 374 -408 455 -456 181 -106 352 -125 492 -54 66 33 153 123 193 198 17 33 365 794 773 1690 408 897 760 1668 782 1715 72 154 120 262 116 265 -1 1 -91 40 -198 85 -321 136 -871 371 -935 400 -33 15 -161 70 -285 123 -735 312 -1076 459 -1082 466 -11 10 201 501 216 501 6 0 200 -81 431 -181 1489 -641 2052 -882 2070 -886 17 -3 33 24 118 212 l97 217 -48 61 c-96 122 -154 239 -194 392 -30 114 -36 323 -13 436 23 114 72 242 131 341 58 96 199 245 293 308 124 83 285 146 437 170 97 15 276 4 386 -24z"
|
||||||
|
id="path4"
|
||||||
|
style="fill:#192a56;fill-opacity:1" />
|
||||||
|
<path
|
||||||
|
d="M11496 14790 c-110 -28 -228 -126 -281 -234 -103 -210 -11 -470 203 -577 65 -33 71 -34 187 -34 116 0 122 1 187 34 82 41 169 128 204 206 99 217 11 466 -202 571 -66 33 -83 37 -166 40 -51 2 -110 -1 -132 -6z"
|
||||||
|
id="path6"
|
||||||
|
style="fill:#192a56;fill-opacity:1" />
|
||||||
|
</g>
|
||||||
|
</svg>
|
After Width: | Height: | Size: 4.1 KiB |
22
gitea/conf/public/robots.txt
Normal file
22
gitea/conf/public/robots.txt
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
User-agent: MJ12bot
|
||||||
|
Disallow: /
|
||||||
|
User-agent: SemrushBot
|
||||||
|
Disallow: /
|
||||||
|
User-agent: SemrushBot-SA
|
||||||
|
Disallow: /
|
||||||
|
User-agent: rogerbot
|
||||||
|
Disallow:/
|
||||||
|
User-agent: dotbot
|
||||||
|
Disallow:/
|
||||||
|
User-agent: AhrefsBot
|
||||||
|
Disallow: /
|
||||||
|
User-agent: Alexibot
|
||||||
|
Disallow: /
|
||||||
|
User-agent: SurveyBot
|
||||||
|
Disallow: /
|
||||||
|
User-agent: Xenu’s
|
||||||
|
Disallow: /
|
||||||
|
User-agent: Xenu’s Link Sleuth 1.1c
|
||||||
|
Disallow: /
|
||||||
|
User-agent: AhrefsBot
|
||||||
|
Disallow: /
|
22
gitea/conf/robots.txt
Normal file
22
gitea/conf/robots.txt
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
User-agent: MJ12bot
|
||||||
|
Disallow: /
|
||||||
|
User-agent: SemrushBot
|
||||||
|
Disallow: /
|
||||||
|
User-agent: SemrushBot-SA
|
||||||
|
Disallow: /
|
||||||
|
User-agent: rogerbot
|
||||||
|
Disallow:/
|
||||||
|
User-agent: dotbot
|
||||||
|
Disallow:/
|
||||||
|
User-agent: AhrefsBot
|
||||||
|
Disallow: /
|
||||||
|
User-agent: Alexibot
|
||||||
|
Disallow: /
|
||||||
|
User-agent: SurveyBot
|
||||||
|
Disallow: /
|
||||||
|
User-agent: Xenu’s
|
||||||
|
Disallow: /
|
||||||
|
User-agent: Xenu’s Link Sleuth 1.1c
|
||||||
|
Disallow: /
|
||||||
|
User-agent: AhrefsBot
|
||||||
|
Disallow: /
|
@ -1,14 +1,21 @@
|
|||||||
# https://github.com/go-gitea/gitea/releases
|
# https://github.com/go-gitea/gitea/releases
|
||||||
data "docker_registry_image" "gitea" {
|
data "docker_registry_image" "gitea" {
|
||||||
name = "gitea/gitea:1.4"
|
name = "gitea/gitea:1.21"
|
||||||
|
}
|
||||||
|
|
||||||
|
data "docker_registry_image" "redis" {
|
||||||
|
name = "redis:alpine"
|
||||||
}
|
}
|
||||||
|
|
||||||
data "template_file" "gitea-config-file" {
|
data "template_file" "gitea-config-file" {
|
||||||
template = "${file("${path.module}/conf/conf.ini.tpl")}"
|
template = file("${path.module}/conf/conf.ini.tpl")
|
||||||
|
|
||||||
vars {
|
vars = {
|
||||||
secret_key = "${var.secret-key}"
|
secret_key = var.secret-key
|
||||||
internal_token = "${var.internal-token}"
|
internal_token = var.internal-token
|
||||||
smtp_password = "${var.smtp-password}"
|
smtp_password = var.smtp-password
|
||||||
|
lfs-jwt-secret = var.lfs-jwt-secret
|
||||||
|
mysql-password = var.mysql-password
|
||||||
|
oauth2-jwt-secret = var.oauth2-jwt-secret
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,67 +1,89 @@
|
|||||||
resource docker_container "gitea" {
|
locals {
|
||||||
|
l = merge(var.traefik-labels, {
|
||||||
|
"traefik.port" = 3000
|
||||||
|
"traefik.frontend.rule" = "Host:${var.domain}"
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "docker_container" "gitea" {
|
||||||
name = "gitea"
|
name = "gitea"
|
||||||
image = "${docker_image.gitea.latest}"
|
image = docker_image.gitea.image_id
|
||||||
|
|
||||||
labels = "${merge(
|
dynamic "labels" {
|
||||||
var.traefik-labels, map(
|
for_each = local.l
|
||||||
"traefik.port", 3000,
|
content {
|
||||||
"traefik.frontend.rule","Host:${var.domain}"
|
label = labels.key
|
||||||
))}"
|
value = labels.value
|
||||||
|
}
|
||||||
ports {
|
|
||||||
internal = 22
|
|
||||||
external = 2222
|
|
||||||
ip = "${var.ips["eth0"]}"
|
|
||||||
}
|
|
||||||
|
|
||||||
ports {
|
|
||||||
internal = 22
|
|
||||||
external = 2222
|
|
||||||
ip = "${var.ips["tun0"]}"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
volumes {
|
volumes {
|
||||||
volume_name = "${docker_volume.gitea_volume.name}"
|
volume_name = docker_volume.gitea_volume.name
|
||||||
container_path = "/data"
|
container_path = "/data"
|
||||||
host_path = "${docker_volume.gitea_volume.mountpoint}"
|
host_path = docker_volume.gitea_volume.mountpoint
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# For the following uploads, note that
|
||||||
|
# /data/gitea is GITEA_CUSTOM_PATH
|
||||||
|
|
||||||
# Logos
|
# Logos
|
||||||
# TODO: Add svg
|
|
||||||
|
|
||||||
|
# https://docs.gitea.com/next/administration/customizing-gitea#changing-the-logo
|
||||||
|
# PNG images
|
||||||
upload {
|
upload {
|
||||||
content = "${file("${path.module}/conf/public/img/gitea-lg.png")}"
|
content_base64 = filebase64("${path.module}/conf/public/img/gitea-lg.png")
|
||||||
file = "/data/gitea/public/img/gitea-lg.png"
|
file = "/data/gitea/public/img/logo.png"
|
||||||
}
|
}
|
||||||
upload {
|
upload {
|
||||||
content = "${file("${path.module}/conf/public/img/gitea-sm.png")}"
|
content_base64 = filebase64("${path.module}/conf/public/img/gitea-lg.png")
|
||||||
file = "/data/gitea/public/img/gitea-sm.png"
|
file = "/data/gitea/public/img/apple-touch-icon.png"
|
||||||
}
|
}
|
||||||
upload {
|
upload {
|
||||||
content = "${file("${path.module}/conf/public/img/gitea-sm.png")}"
|
content_base64 = filebase64("${path.module}/conf/public/img/gitea-sm.png")
|
||||||
file = "/data/gitea/public/img/favicon.png"
|
file = "/data/gitea/public/img/favicon.png"
|
||||||
|
}
|
||||||
|
|
||||||
|
# SVG images
|
||||||
|
upload {
|
||||||
|
content_base64 = filebase64("${path.module}/conf/public/img/favicon.svg")
|
||||||
|
file = "/data/gitea/public/img/logo.svg"
|
||||||
}
|
}
|
||||||
upload {
|
upload {
|
||||||
content = "${file("${path.module}/../docker/conf/humans.txt")}"
|
content_base64 = filebase64("${path.module}/conf/public/img/favicon.svg")
|
||||||
file = "/data/gitea/public/humans.txt"
|
file = "/data/gitea/public/img/favicon.svg"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Some files at top-level
|
||||||
|
upload {
|
||||||
|
content = file("${path.module}/../docker/conf/humans.txt")
|
||||||
|
file = "/data/gitea/humans.txt"
|
||||||
|
}
|
||||||
|
upload {
|
||||||
|
content = file("${path.module}/conf/public/robots.txt")
|
||||||
|
file = "/data/gitea/robots.txt"
|
||||||
|
}
|
||||||
|
|
||||||
# Extra Links in header
|
# Extra Links in header
|
||||||
upload {
|
upload {
|
||||||
content = "${file("${path.module}/conf/extra_links.tmpl")}"
|
content = file("${path.module}/conf/extra_links.tmpl")
|
||||||
file = "/data/gitea/templates/custom/extra_links.tmpl"
|
file = "/data/gitea/templates/custom/extra_links.tmpl"
|
||||||
}
|
}
|
||||||
|
|
||||||
# This is the main configuration file
|
# This is the main configuration file
|
||||||
upload {
|
upload {
|
||||||
content = "${data.template_file.gitea-config-file.rendered}"
|
content = data.template_file.gitea-config-file.rendered
|
||||||
file = "/data/gitea/conf/app.ini"
|
file = "/data/gitea/conf/app.ini"
|
||||||
}
|
}
|
||||||
memory = 256
|
|
||||||
restart = "unless-stopped"
|
memory = 800
|
||||||
|
restart = "always"
|
||||||
destroy_grace_seconds = 10
|
destroy_grace_seconds = 10
|
||||||
must_run = true
|
must_run = true
|
||||||
|
networks = ["gitea", "traefik"]
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "docker_image" "gitea" {
|
resource "docker_image" "gitea" {
|
||||||
name = "${data.docker_registry_image.gitea.name}"
|
name = data.docker_registry_image.gitea.name
|
||||||
pull_triggers = ["${data.docker_registry_image.gitea.sha256_digest}"]
|
pull_triggers = [data.docker_registry_image.gitea.sha256_digest]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
5
gitea/network.tf
Normal file
5
gitea/network.tf
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
resource "docker_network" "gitea" {
|
||||||
|
name = "gitea"
|
||||||
|
driver = "bridge"
|
||||||
|
}
|
||||||
|
|
19
gitea/providers.tf
Normal file
19
gitea/providers.tf
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
terraform {
|
||||||
|
required_providers {
|
||||||
|
pass = {
|
||||||
|
source = "camptocamp/pass"
|
||||||
|
}
|
||||||
|
digitalocean = {
|
||||||
|
source = "digitalocean/digitalocean"
|
||||||
|
}
|
||||||
|
postgresql = {
|
||||||
|
source = "cyrilgdn/postgresql"
|
||||||
|
}
|
||||||
|
cloudflare = {
|
||||||
|
source = "cloudflare/cloudflare"
|
||||||
|
}
|
||||||
|
docker = {
|
||||||
|
source = "kreuzwerker/docker"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
23
gitea/redis.tf
Normal file
23
gitea/redis.tf
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
resource "docker_container" "redis" {
|
||||||
|
name = "gitea-redis"
|
||||||
|
image = docker_image.redis.image_id
|
||||||
|
|
||||||
|
volumes {
|
||||||
|
host_path = "/mnt/xwing/cache/gitea"
|
||||||
|
container_path = "/data"
|
||||||
|
}
|
||||||
|
|
||||||
|
memory = 64
|
||||||
|
restart = "always"
|
||||||
|
destroy_grace_seconds = 10
|
||||||
|
must_run = true
|
||||||
|
|
||||||
|
networks = [docker_network.gitea.id]
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "docker_image" "redis" {
|
||||||
|
name = data.docker_registry_image.redis.name
|
||||||
|
pull_triggers = [data.docker_registry_image.redis.sha256_digest]
|
||||||
|
keep_locally = true
|
||||||
|
}
|
||||||
|
|
@ -1,13 +1,32 @@
|
|||||||
variable "traefik-labels" {
|
variable "traefik-labels" {
|
||||||
type = "map"
|
type = map(string)
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "domain" {}
|
variable "domain" {
|
||||||
|
}
|
||||||
|
|
||||||
variable "ips" {
|
variable "ips" {
|
||||||
type = "map"
|
type = map(string)
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "secret-key" {
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "internal-token" {
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "smtp-password" {
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "lfs-jwt-secret" {
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "oauth2-jwt-secret" {
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "mysql-password" {
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "traefik-network-id" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "secret-key" {}
|
|
||||||
variable "internal-token" {}
|
|
||||||
variable "smtp-password" {}
|
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
resource "docker_volume" "gitea_volume" {
|
resource "docker_volume" "gitea_volume" {
|
||||||
name = "gitea_volume"
|
name = "gitea_volume"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,34 +0,0 @@
|
|||||||
data "docker_registry_image" "heimdall" {
|
|
||||||
name = "linuxserver/heimdall:latest"
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "docker_image" "heimdall" {
|
|
||||||
name = "${data.docker_registry_image.heimdall.name}"
|
|
||||||
pull_triggers = ["${data.docker_registry_image.heimdall.sha256_digest}"]
|
|
||||||
}
|
|
||||||
|
|
||||||
resource docker_container "heimdall" {
|
|
||||||
name = "heimdall"
|
|
||||||
image = "${docker_image.heimdall.latest}"
|
|
||||||
|
|
||||||
labels = "${merge(
|
|
||||||
var.traefik-labels, map(
|
|
||||||
"traefik.port", "443",
|
|
||||||
"traefik.protocol", "https",
|
|
||||||
"traefik.frontend.rule","Host:${var.domain}",
|
|
||||||
"traefik.frontend.auth.basic", "${var.auth-header}",
|
|
||||||
))}"
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
host_path = "/mnt/xwing/config/heimdall"
|
|
||||||
container_path = "/config"
|
|
||||||
}
|
|
||||||
|
|
||||||
env = [
|
|
||||||
"TZ=Asia/Kolkata",
|
|
||||||
]
|
|
||||||
|
|
||||||
restart = "unless-stopped"
|
|
||||||
destroy_grace_seconds = 10
|
|
||||||
must_run = true
|
|
||||||
}
|
|
@ -1,11 +0,0 @@
|
|||||||
variable "domain" {
|
|
||||||
type = "string"
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "auth-header" {
|
|
||||||
type = "string"
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "traefik-labels" {
|
|
||||||
type = "map"
|
|
||||||
}
|
|
24
home-assistant/main.tf
Normal file
24
home-assistant/main.tf
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
module "home-assistant" {
|
||||||
|
name = "home-assistant"
|
||||||
|
source = "../modules/container"
|
||||||
|
|
||||||
|
image = "ghcr.io/home-assistant/home-assistant:stable"
|
||||||
|
|
||||||
|
resource = {
|
||||||
|
memory = 1024
|
||||||
|
memory_swap = 1024
|
||||||
|
}
|
||||||
|
|
||||||
|
env = [
|
||||||
|
"TZ=Asia/Kolkata",
|
||||||
|
]
|
||||||
|
|
||||||
|
network_mode = "host"
|
||||||
|
|
||||||
|
volumes = [
|
||||||
|
{
|
||||||
|
container_path = "/config"
|
||||||
|
host_path = "/mnt/zwing/config/home-assistant"
|
||||||
|
},
|
||||||
|
]
|
||||||
|
}
|
16
jupyter.tf
Normal file
16
jupyter.tf
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
module "jupyter" {
|
||||||
|
name = "jupyter"
|
||||||
|
source = "./modules/container"
|
||||||
|
image = "jupyter/scipy-notebook"
|
||||||
|
resource = {
|
||||||
|
memory = 1024
|
||||||
|
memory_swap = 4096
|
||||||
|
}
|
||||||
|
web = {
|
||||||
|
expose = "true"
|
||||||
|
host = "j.${var.root-domain}"
|
||||||
|
port = 8888
|
||||||
|
}
|
||||||
|
networks = ["bridge"]
|
||||||
|
gpu = true
|
||||||
|
}
|
21
kaarana.tf
Normal file
21
kaarana.tf
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
# kaarana related stuff
|
||||||
|
|
||||||
|
# module "kaarana" {
|
||||||
|
# source = "./kaarana"
|
||||||
|
|
||||||
|
# root_db_password = data.pass_password.kaarana-root-db-password.password
|
||||||
|
# db_password = data.pass_password.kaarana-db-password.password
|
||||||
|
|
||||||
|
# providers = {
|
||||||
|
# docker = docker.sydney
|
||||||
|
# }
|
||||||
|
# }
|
||||||
|
|
||||||
|
data "pass_password" "kaarana-root-db-password" {
|
||||||
|
path = "KAARANA_DB_ROOT_PASSWORD"
|
||||||
|
}
|
||||||
|
|
||||||
|
data "pass_password" "kaarana-db-password" {
|
||||||
|
path = "KAARANA_DB_PASSWORD"
|
||||||
|
}
|
||||||
|
|
40
kaarana/database.tf
Normal file
40
kaarana/database.tf
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
// Create a small database network
|
||||||
|
resource "docker_network" "kaarana-db" {
|
||||||
|
name = "kaarana-db"
|
||||||
|
|
||||||
|
labels = {
|
||||||
|
internal = "true"
|
||||||
|
role = "database"
|
||||||
|
}
|
||||||
|
|
||||||
|
internal = true
|
||||||
|
|
||||||
|
ipam_config {
|
||||||
|
subnet = "172.20.0.0/29"
|
||||||
|
gateway = "172.20.0.1"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Run a small mySQL container in this subnet
|
||||||
|
|
||||||
|
resource "docker_container" "mysql" {
|
||||||
|
image = docker_image.db.image_id
|
||||||
|
name = "kaarana-mariadb"
|
||||||
|
restart = "always"
|
||||||
|
must_run = true
|
||||||
|
|
||||||
|
env = [
|
||||||
|
"MYSQL_ROOT_PASSWORD=${var.root_db_password}",
|
||||||
|
"MYSQL_USER=${local.username}",
|
||||||
|
"MYSQL_PASSWORD=${var.db_password}",
|
||||||
|
"MYSQL_DATABASE=${local.database}",
|
||||||
|
]
|
||||||
|
|
||||||
|
volumes {
|
||||||
|
host_path = "/mnt/disk/kaarana-db"
|
||||||
|
container_path = "/var/lib/mysql"
|
||||||
|
}
|
||||||
|
|
||||||
|
networks = ["kaarana-db"]
|
||||||
|
}
|
||||||
|
|
27
kaarana/images.tf
Normal file
27
kaarana/images.tf
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
data "docker_registry_image" "wp" {
|
||||||
|
name = "wordpress:latest"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "docker_image" "wp" {
|
||||||
|
name = "wordpress"
|
||||||
|
pull_triggers = [data.docker_registry_image.wp.sha256_digest]
|
||||||
|
}
|
||||||
|
|
||||||
|
data "docker_registry_image" "db" {
|
||||||
|
name = "mariadb:10.4"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "docker_image" "db" {
|
||||||
|
name = "mariadb"
|
||||||
|
pull_triggers = [data.docker_registry_image.db.sha256_digest]
|
||||||
|
}
|
||||||
|
|
||||||
|
data "docker_registry_image" "traefik" {
|
||||||
|
name = "traefik:v2.0"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "docker_image" "traefik" {
|
||||||
|
name = "traefik"
|
||||||
|
pull_triggers = [data.docker_registry_image.db.sha256_digest]
|
||||||
|
}
|
||||||
|
|
64
kaarana/traefik.tf
Normal file
64
kaarana/traefik.tf
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
// Create a small database network
|
||||||
|
resource "docker_network" "traefik" {
|
||||||
|
name = "traefik"
|
||||||
|
|
||||||
|
labels = {
|
||||||
|
internal = "true"
|
||||||
|
role = "ingress"
|
||||||
|
}
|
||||||
|
|
||||||
|
internal = true
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "docker_container" "traefik" {
|
||||||
|
name = "traefik"
|
||||||
|
image = docker_image.traefik.image_id
|
||||||
|
|
||||||
|
# Do not offer HTTP2
|
||||||
|
# https://community.containo.us/t/traefikv2-http-2-0/1199
|
||||||
|
env = [
|
||||||
|
"GODEBUG=http2client=0",
|
||||||
|
]
|
||||||
|
|
||||||
|
upload {
|
||||||
|
content = file("${path.module}/traefik.toml")
|
||||||
|
file = "/etc/traefik/traefik.toml"
|
||||||
|
}
|
||||||
|
|
||||||
|
volumes {
|
||||||
|
host_path = "/var/run/docker.sock"
|
||||||
|
container_path = "/var/run/docker.sock"
|
||||||
|
read_only = true
|
||||||
|
}
|
||||||
|
|
||||||
|
volumes {
|
||||||
|
host_path = "/mnt/disk/traefik"
|
||||||
|
container_path = "/acme"
|
||||||
|
}
|
||||||
|
|
||||||
|
ports {
|
||||||
|
internal = 443
|
||||||
|
external = 8443
|
||||||
|
ip = "139.59.22.234"
|
||||||
|
}
|
||||||
|
|
||||||
|
ports {
|
||||||
|
internal = 80
|
||||||
|
external = 80
|
||||||
|
ip = "139.59.22.234"
|
||||||
|
}
|
||||||
|
|
||||||
|
memory = 256
|
||||||
|
restart = "always"
|
||||||
|
destroy_grace_seconds = 10
|
||||||
|
must_run = true
|
||||||
|
|
||||||
|
networks_advanced {
|
||||||
|
name = "bridge"
|
||||||
|
}
|
||||||
|
|
||||||
|
networks_advanced {
|
||||||
|
name = "traefik"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
45
kaarana/traefik.toml
Normal file
45
kaarana/traefik.toml
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
# This configures docker service discovery
|
||||||
|
[providers.docker]
|
||||||
|
exposedByDefault = false
|
||||||
|
network = "traefik"
|
||||||
|
defaultRule = ""
|
||||||
|
|
||||||
|
[entryPoints]
|
||||||
|
[entryPoints.web]
|
||||||
|
address = ":80"
|
||||||
|
|
||||||
|
[entryPoints.web-secure]
|
||||||
|
address = ":443"
|
||||||
|
|
||||||
|
[http.middlewares]
|
||||||
|
[http.middlewares.everything.redirectScheme]
|
||||||
|
scheme = "https"
|
||||||
|
|
||||||
|
[tcp.routers]
|
||||||
|
[tcp.routers.forwardtohome]
|
||||||
|
entryPoints = ["web-secure"]
|
||||||
|
rule = "HostSNI(`emby.bb8.fun`, `git.captnemo.in`)"
|
||||||
|
service = "homeserver"
|
||||||
|
[tcp.routers.forwardtohome.tls]
|
||||||
|
passthrough = true
|
||||||
|
|
||||||
|
[tcp.services]
|
||||||
|
[tcp.services.homeserver.loadBalancer]
|
||||||
|
[[tcp.services.homeserver.loadBalancer.servers]]
|
||||||
|
address = "10.8.0.14:443"
|
||||||
|
|
||||||
|
[certificatesResolvers.default.acme]
|
||||||
|
email = "certs@captnemo.in"
|
||||||
|
storage = "/acme/acme.json"
|
||||||
|
[certificatesResolvers.default.acme.httpChallenge]
|
||||||
|
# used during the challenge
|
||||||
|
entryPoint = "web"
|
||||||
|
|
||||||
|
|
||||||
|
[tls.options]
|
||||||
|
[tls.options.foo]
|
||||||
|
minVersion = "VersionTLS12"
|
||||||
|
cipherSuites = [
|
||||||
|
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||||
|
"TLS_RSA_WITH_AES_256_GCM_SHA384"
|
||||||
|
]
|
12
kaarana/vars.tf
Normal file
12
kaarana/vars.tf
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
variable "root_db_password" {
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "db_password" {
|
||||||
|
}
|
||||||
|
|
||||||
|
locals {
|
||||||
|
username = "wordpress"
|
||||||
|
database = "wordpress"
|
||||||
|
db_hostname = "kaarana.db"
|
||||||
|
}
|
||||||
|
|
40
kaarana/wordpress.tf
Normal file
40
kaarana/wordpress.tf
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
resource "docker_container" "wp" {
|
||||||
|
image = docker_image.wp.image_id
|
||||||
|
name = "kaarana-wordpress"
|
||||||
|
|
||||||
|
restart = "always"
|
||||||
|
must_run = true
|
||||||
|
|
||||||
|
labels = {
|
||||||
|
"traefik.enable" = "true"
|
||||||
|
"traefik.tcp.routers.kaarana.rule" = "HostSNI(`kaarana.captnemo.in`)"
|
||||||
|
"traefik.tcp.routers.kaarana.tls" = "true"
|
||||||
|
# "traefik.tcp.routers.kaarana.tls.options" = "foo"
|
||||||
|
"traefik.tcp.services.wordpress.loadbalancer.server.port" = "80"
|
||||||
|
# "traefik.tcp.routers.kaarana.entrypoints" = "web-secure"
|
||||||
|
"traefik.tcp.routers.kaarana.tls.certResolver" = "default"
|
||||||
|
"traefik.tcp.routers.kaarana.tls.domains[0].main" = "kaarana.captnemo.in"
|
||||||
|
}
|
||||||
|
|
||||||
|
env = [
|
||||||
|
"WORDPRESS_DB_HOST=${local.db_hostname}",
|
||||||
|
"WORDPRESS_DB_USER=${local.username}",
|
||||||
|
"WORDPRESS_DB_PASSWORD=${var.db_password}",
|
||||||
|
"WORDPRESS_DB_NAME=${local.database}",
|
||||||
|
"WORDPRESS_TABLE_PREFIX=",
|
||||||
|
]
|
||||||
|
|
||||||
|
volumes {
|
||||||
|
host_path = "/mnt/disk/kaarana-wp"
|
||||||
|
container_path = "/var/www/html"
|
||||||
|
}
|
||||||
|
|
||||||
|
ports {
|
||||||
|
internal = 80
|
||||||
|
external = 8213
|
||||||
|
ip = "10.8.0.1"
|
||||||
|
}
|
||||||
|
|
||||||
|
networks = ["bridge", "kaarana-db"]
|
||||||
|
}
|
||||||
|
|
33
kavita.tf
Normal file
33
kavita.tf
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
# module "kavita" {
|
||||||
|
# name = "kavita"
|
||||||
|
# source = "./modules/container"
|
||||||
|
# image = "kizaing/kavita:latest"
|
||||||
|
|
||||||
|
# web = {
|
||||||
|
# expose = true
|
||||||
|
# port = 5000
|
||||||
|
# host = "kavita.bb8.fun"
|
||||||
|
# }
|
||||||
|
|
||||||
|
# resource = {
|
||||||
|
# memory = 1024
|
||||||
|
# memory_swap = 1024
|
||||||
|
# }
|
||||||
|
|
||||||
|
# volumes = [
|
||||||
|
# {
|
||||||
|
# host_path = "/mnt/xwing/media/EBooks"
|
||||||
|
# container_path = "/ebooks"
|
||||||
|
# },
|
||||||
|
# {
|
||||||
|
# host_path = "/mnt/xwing/config/kavita"
|
||||||
|
# container_path = "/kavita/config"
|
||||||
|
# }
|
||||||
|
# ]
|
||||||
|
|
||||||
|
# networks = ["traefik"]
|
||||||
|
|
||||||
|
# env = [
|
||||||
|
# "TZ=Asia/Kolkata",
|
||||||
|
# ]
|
||||||
|
# }
|
41
kayak.tf
Normal file
41
kayak.tf
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
# // Points to the local working directory instead of
|
||||||
|
# // the published version
|
||||||
|
# module "kayak" {
|
||||||
|
# source = "../terraform-digitalocean-kayak"
|
||||||
|
# cert_path = "${path.root}/secrets/kayak"
|
||||||
|
# domain = "kayak.${var.root-domain}"
|
||||||
|
# ssh_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0Getey8585AqdgIl9mqQ3SH9w6z7NZUW4HXdOqZwC7sYEaDrLOBV014gtFS8h8ymm4dcw6xEGUkaavcHC8W9ChTLKBMK4N1/sUS/umLy+Wi/K//g13y0VHSdvcc+gMQ27b9n/DwDY4ZKkaf6t+4HWyFWNh6gp0cT1WCyLNlsER55KUdy+C1lCOpv1SMepOaYc7uyBlC9FfgewJho/OfxnoTztQV6QeSGfr2Xr94Ip1FUPoLoBLLilh4ZbCe6F6bqn0kNgVBTkrVwWJv5Z0jCJpUjER69cqjASRao9KCHkyPtybzKKhCLZIlB3QMggEv0xnlHMpeeuDWcGrBVPKI8V"
|
||||||
|
# asset_dir = "${path.root}/k8s"
|
||||||
|
# providers {
|
||||||
|
# docker = "docker.kayak"
|
||||||
|
# }
|
||||||
|
# }
|
||||||
|
# provider "docker" {
|
||||||
|
# host = "tcp://${cloudflare_record.kayak-docker.hostname}:2376"
|
||||||
|
# version = "~> 2.0.0"
|
||||||
|
# alias = "kayak"
|
||||||
|
# ca_material = "${module.kayak.docker_ca_cert}"
|
||||||
|
# cert_material = "${module.kayak.docker_client_cert}"
|
||||||
|
# key_material = "${module.kayak.docker_client_key}"
|
||||||
|
# }
|
||||||
|
# resource "cloudflare_record" "kayak-docker" {
|
||||||
|
# name = "docker.kayak"
|
||||||
|
# value = "${module.kayak.droplet_ipv4}"
|
||||||
|
# domain = "${var.root-domain}"
|
||||||
|
# type = "A"
|
||||||
|
# ttl = 120
|
||||||
|
# }
|
||||||
|
# resource "cloudflare_record" "kayak" {
|
||||||
|
# name = "kayak"
|
||||||
|
# value = "${module.kayak.droplet_ipv4}"
|
||||||
|
# domain = "${var.root-domain}"
|
||||||
|
# type = "A"
|
||||||
|
# ttl = 120
|
||||||
|
# }
|
||||||
|
# resource "cloudflare_record" "kayak-etcd" {
|
||||||
|
# name = "etcd.kayak"
|
||||||
|
# value = "${module.kayak.droplet_ipv4_private}"
|
||||||
|
# domain = "${var.root-domain}"
|
||||||
|
# type = "A"
|
||||||
|
# ttl = 120
|
||||||
|
# }
|
40
klaxon.tf
Normal file
40
klaxon.tf
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
module "klaxon-db" {
|
||||||
|
source = "./modules/postgres"
|
||||||
|
name = "klaxon"
|
||||||
|
password = data.pass_password.klaxon-db-password.password
|
||||||
|
}
|
||||||
|
|
||||||
|
module "klaxon" {
|
||||||
|
name = "klaxon"
|
||||||
|
source = "./modules/container"
|
||||||
|
|
||||||
|
web = {
|
||||||
|
expose = true
|
||||||
|
port = "3000"
|
||||||
|
host = "klaxon.${var.root-domain}"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource = {
|
||||||
|
memory = 1024
|
||||||
|
memory_swap = 1024
|
||||||
|
}
|
||||||
|
|
||||||
|
env = [
|
||||||
|
"DATABASE_URL=postgres://klaxon:${data.pass_password.klaxon-db-password.password}@postgres/klaxon",
|
||||||
|
"ADMIN_EMAILS=klaxon.admin@captnemo.in",
|
||||||
|
"RAILS_ENV=production",
|
||||||
|
"SECRET_KEY_BASE=${data.pass_password.klaxon-secret-key.password}",
|
||||||
|
"SENDGRID_USERNAME=apikey",
|
||||||
|
"SENDGRID_PASSWORD=${data.pass_password.klaxon-sendgrid-password.password}",
|
||||||
|
"KLAXON_FORCE_SSL=false",
|
||||||
|
"KLAXON_COMPILE_ASSETS=true",
|
||||||
|
"ADMIN_EMAILS=klaxon@captnemo.in",
|
||||||
|
"MAILER_FROM_ADDRESS=klaxon@sendgrid.captnemo.in",
|
||||||
|
]
|
||||||
|
restart = "always"
|
||||||
|
|
||||||
|
image = "themarshallproject/klaxon"
|
||||||
|
|
||||||
|
networks = ["postgres", "external"]
|
||||||
|
}
|
||||||
|
|
19
kube-test.tf
Normal file
19
kube-test.tf
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
// Bring up a simple test container
|
||||||
|
// In the controller node
|
||||||
|
# resource "kubernetes_pod" "nginx" {
|
||||||
|
# metadata {
|
||||||
|
# name = "terraform-example"
|
||||||
|
# namespace = "default"
|
||||||
|
# }
|
||||||
|
# spec {
|
||||||
|
# toleration {
|
||||||
|
# key = "node-role.kubernetes.io/master"
|
||||||
|
# operator = "Exists"
|
||||||
|
# effect = "NoSchedule"
|
||||||
|
# }
|
||||||
|
# container {
|
||||||
|
# image = "nginx:latest"
|
||||||
|
# name = "nginx"
|
||||||
|
# }
|
||||||
|
# }
|
||||||
|
# }
|
152
main.tf
152
main.tf
@ -1,98 +1,112 @@
|
|||||||
module "cloudflare" {
|
module "cloudflare" {
|
||||||
source = "cloudflare"
|
source = "./cloudflare"
|
||||||
domain = "bb8.fun"
|
domain = "bb8.fun"
|
||||||
ips = "${var.ips}"
|
zone_id = lookup(data.cloudflare_zones.bb8.zones[0], "id")
|
||||||
}
|
ips = var.ips
|
||||||
|
|
||||||
module "mysql" {
|
droplet_ip = module.digitalocean.droplet_ipv4
|
||||||
source = "mysql"
|
|
||||||
mysql_root_password = "${var.mysql_root_password}"
|
|
||||||
mysql_lychee_password = "${var.mysql_lychee_password}"
|
|
||||||
mysql_airsonic_password = "${var.mysql_airsonic_password}"
|
|
||||||
mysql_kodi_password = "${var.mysql_kodi_password}"
|
|
||||||
lychee_ip = "${module.docker.lychee-ip}"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
module "docker" {
|
module "docker" {
|
||||||
source = "docker"
|
source = "./docker"
|
||||||
web_username = "${var.web_username}"
|
web_username = data.pass_password.web_username.password
|
||||||
web_password = "${var.web_password}"
|
web_password = data.pass_password.web_password.password
|
||||||
mysql_root_password = "${var.mysql_root_password}"
|
cloudflare_key = data.pass_password.cloudflare_key.password
|
||||||
cloudflare_key = "${var.cloudflare_key}"
|
|
||||||
cloudflare_email = "bb8@captnemo.in"
|
cloudflare_email = "bb8@captnemo.in"
|
||||||
wiki_session_secret = "${var.wiki_session_secret}"
|
wiki_session_secret = data.pass_password.wiki_session_secret.password
|
||||||
ips = "${var.ips}"
|
ips = var.ips
|
||||||
domain = "bb8.fun"
|
domain = "bb8.fun"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
module "db" {
|
||||||
|
source = "./db"
|
||||||
|
postgres-root-password = data.pass_password.postgres-root-password.password
|
||||||
|
ips = var.ips
|
||||||
|
}
|
||||||
|
|
||||||
module "timemachine" {
|
module "timemachine" {
|
||||||
source = "timemachine"
|
source = "./timemachine"
|
||||||
ips = "${var.ips}"
|
ips = var.ips
|
||||||
username-1 = "vikalp"
|
username-1 = "vikalp"
|
||||||
password-1 = "${var.timemachine-password-1}"
|
|
||||||
username-2 = "rishav"
|
username-2 = "rishav"
|
||||||
password-2 = "${var.timemachine-password-2}"
|
password-1 = data.pass_password.timemachine-password-1.password
|
||||||
|
password-2 = data.pass_password.timemachine-password-2.password
|
||||||
}
|
}
|
||||||
|
|
||||||
module "gitea" {
|
module "gitea" {
|
||||||
source = "gitea"
|
source = "./gitea"
|
||||||
domain = "git.captnemo.in"
|
domain = "git.captnemo.in"
|
||||||
traefik-labels = "${var.traefik-common-labels}"
|
traefik-labels = var.traefik-common-labels
|
||||||
ips = "${var.ips}"
|
ips = var.ips
|
||||||
secret-key = "${var.gitea-secret-key}"
|
secret-key = data.pass_password.gitea-secret-key.password
|
||||||
internal-token = "${var.gitea-internal-token}"
|
internal-token = data.pass_password.gitea-internal-token.password
|
||||||
smtp-password = "${var.gitea-smtp-password}"
|
smtp-password = data.pass_password.gitea-smtp-password.password
|
||||||
|
lfs-jwt-secret = data.pass_password.gitea-lfs-jwt-secret.password
|
||||||
|
oauth2-jwt-secret = data.pass_password.gitea-oauth2-jwt-secret.password
|
||||||
|
|
||||||
|
//passed, but not used
|
||||||
|
mysql-password = ""
|
||||||
|
|
||||||
|
traefik-network-id = module.docker.traefik-network-id
|
||||||
|
}
|
||||||
|
|
||||||
|
module "opml" {
|
||||||
|
source = "./opml"
|
||||||
|
domain = "opml.bb8.fun"
|
||||||
|
client-id = data.pass_password.opml-github-client-id.password
|
||||||
|
client-secret = data.pass_password.opml-github-client-secret.password
|
||||||
|
traefik-network-id = module.docker.traefik-network-id
|
||||||
}
|
}
|
||||||
|
|
||||||
module "radicale" {
|
module "radicale" {
|
||||||
source = "radicale"
|
source = "./radicale"
|
||||||
domain = "radicale.bb8.fun"
|
domain = "radicale.bb8.fun"
|
||||||
traefik-labels = "${var.traefik-common-labels}"
|
|
||||||
}
|
|
||||||
|
|
||||||
module "tt-rss" {
|
|
||||||
source = "tt-rss"
|
|
||||||
domain = "rss.captnemo.in"
|
|
||||||
mysql_password = "${var.mysql-ttrss-password}"
|
|
||||||
links-db = "${module.docker.names-mariadb}"
|
|
||||||
traefik-labels = "${var.traefik-common-labels}"
|
|
||||||
}
|
|
||||||
|
|
||||||
module "resilio" {
|
|
||||||
source = "resilio"
|
|
||||||
domain = "sync.bb8.fun"
|
|
||||||
traefik-labels = "${var.traefik-common-labels}"
|
|
||||||
ips = "${var.ips}"
|
|
||||||
}
|
|
||||||
|
|
||||||
module "heimdall" {
|
|
||||||
source = "heimdall"
|
|
||||||
domain = "bb8.fun"
|
|
||||||
traefik-labels = "${var.traefik-common-labels}"
|
|
||||||
auth-header = "${module.docker.auth-header}"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
module "media" {
|
module "media" {
|
||||||
source = "media"
|
source = "./media"
|
||||||
domain = "bb8.fun"
|
domain = "bb8.fun"
|
||||||
links-emby = "${module.docker.names-emby}"
|
traefik-labels = var.traefik-common-labels
|
||||||
links-transmission = "${module.docker.names-transmission}"
|
ips = var.ips
|
||||||
links-mariadb = "${module.docker.names-mariadb}"
|
# ToDO: Change this to lookup
|
||||||
traefik-labels = "${var.traefik-common-labels}"
|
traefik-network-id = "ffc1e366849e"
|
||||||
airsonic-smtp-password = "${var.airsonic-smtp-password}"
|
lastfm_api_key = data.pass_password.navidrome-lastfm-api-key.password
|
||||||
airsonic-db-password = "${var.mysql_airsonic_password}"
|
lastfm_secret = data.pass_password.navidrome-lastfm-secret.password
|
||||||
|
spotify_id = data.pass_password.navidrome-spotify-id.password
|
||||||
|
spotify_secret = data.pass_password.navidrome-spotify-secret.password
|
||||||
}
|
}
|
||||||
|
|
||||||
module "monitoring" {
|
module "monitoring" {
|
||||||
source = "monitoring"
|
source = "./monitoring"
|
||||||
gf-security-admin-password = "${var.gf-security-admin-password}"
|
gf-security-admin-password = data.pass_password.gf-security-admin-password.password
|
||||||
domain = "bb8.fun"
|
domain = "bb8.fun"
|
||||||
transmission = "${module.docker.names-transmission}"
|
transmission = module.media.names-transmission
|
||||||
traefik-labels = "${var.traefik-common-labels}"
|
traefik-labels = var.traefik-common-labels
|
||||||
ips = "${var.ips}"
|
ips = var.ips
|
||||||
links-traefik = "${module.docker.names-traefik}"
|
links-traefik = module.docker.names-traefik
|
||||||
|
traefik-network-id = module.docker.traefik-network-id
|
||||||
}
|
}
|
||||||
|
|
||||||
module "digitalocean" {
|
module "digitalocean" {
|
||||||
source = "digitalocean"
|
source = "./digitalocean"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
module "home-assistant" {
|
||||||
|
source = "./home-assistant"
|
||||||
|
}
|
||||||
|
|
||||||
|
module "mastodon" {
|
||||||
|
source = "./mastodon"
|
||||||
|
db-password = data.pass_password.mastodon-db-password.password
|
||||||
|
secret-key-base = data.pass_password.mastodon-secret-key-base.password
|
||||||
|
otp-secret = data.pass_password.mastodon-otp-secret.password
|
||||||
|
vapid-private-key = data.pass_password.mastodon-vapid-private-key.password
|
||||||
|
vapid-public-key = data.pass_password.mastodon-vapid-public-key.password
|
||||||
|
smtp-password = data.pass_password.mastodon-smtp-password.password
|
||||||
|
}
|
||||||
|
|
||||||
|
// Used to force access to ISP related resources
|
||||||
|
# module "tinyproxy" {
|
||||||
|
# source = "./tinyproxy"
|
||||||
|
# ips = "${var.ips}"
|
||||||
|
# }
|
||||||
|
29
mastodon/db.tf
Normal file
29
mastodon/db.tf
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
module "mastodon-redis" {
|
||||||
|
name = "mastodon-redis"
|
||||||
|
source = "../modules/container"
|
||||||
|
image = "redis:alpine"
|
||||||
|
networks = ["mastodon"]
|
||||||
|
keep_image = true
|
||||||
|
|
||||||
|
resource = {
|
||||||
|
memory = 256
|
||||||
|
memory_swap = 256
|
||||||
|
}
|
||||||
|
|
||||||
|
# In case the cache dies,
|
||||||
|
# tootctl feeds build
|
||||||
|
# regenerates the feeds, run it from
|
||||||
|
# inside a mastodon container
|
||||||
|
volumes = [
|
||||||
|
{
|
||||||
|
host_path = "/mnt/zwing/cache/mastodon-redis"
|
||||||
|
container_path = "/data"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
module "mastodon-db" {
|
||||||
|
source = "../modules/postgres"
|
||||||
|
name = "mastodon"
|
||||||
|
password = var.db-password
|
||||||
|
}
|
23
mastodon/locals.tf
Normal file
23
mastodon/locals.tf
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
locals {
|
||||||
|
version = "4.1.10"
|
||||||
|
env = [
|
||||||
|
"LOCAL_DOMAIN=tatooine.club",
|
||||||
|
"REDIS_HOST=mastodon-redis",
|
||||||
|
"REDIS_PORT=6379",
|
||||||
|
"DB_HOST=postgres",
|
||||||
|
"DB_USER=mastodon",
|
||||||
|
"DB_NAME=mastodon",
|
||||||
|
"DB_PASS=${var.db-password}",
|
||||||
|
"DB_PORT=5432",
|
||||||
|
"ES_ENABLED=false",
|
||||||
|
"SECRET_KEY_BASE=${var.secret-key-base}",
|
||||||
|
"OTP_SECRET=${var.otp-secret}",
|
||||||
|
"VAPID_PRIVATE_KEY=${var.vapid-private-key}",
|
||||||
|
"VAPID_PUBLIC_KEY=${var.vapid-public-key}",
|
||||||
|
"SMTP_SERVER=smtp.eu.mailgun.org",
|
||||||
|
"SMTP_PORT=587",
|
||||||
|
"SMTP_LOGIN=mastodon@mail.tatooine.club",
|
||||||
|
"SMTP_PASSWORD=${var.smtp-password}",
|
||||||
|
"SMTP_FROM_ADDRESS=mastodon@mail.tatooine.club",
|
||||||
|
]
|
||||||
|
}
|
103
mastodon/main.tf
Normal file
103
mastodon/main.tf
Normal file
@ -0,0 +1,103 @@
|
|||||||
|
module "mastodon-web" {
|
||||||
|
name = "mastodon-web"
|
||||||
|
source = "../modules/container"
|
||||||
|
image = "ghcr.io/mastodon/mastodon:v${local.version}"
|
||||||
|
keep_image = true
|
||||||
|
|
||||||
|
networks = ["mastodon", "traefik", "external", "postgres"]
|
||||||
|
|
||||||
|
labels = {
|
||||||
|
"traefik.frontend.headers.STSPreload" = "true"
|
||||||
|
"traefik.frontend.headers.STSIncludeSubdomains" = "true"
|
||||||
|
"traefik.frontend.headers.STSSeconds" = "31536000"
|
||||||
|
}
|
||||||
|
|
||||||
|
env = concat(local.env,[
|
||||||
|
"MAX_THREADS=4",
|
||||||
|
"WEB_CONCURRENCY=5"
|
||||||
|
])
|
||||||
|
|
||||||
|
command = [
|
||||||
|
"bash",
|
||||||
|
"-c",
|
||||||
|
"rm -f /mastodon/tmp/pids/server.pid; bundle exec rake db:migrate; bundle exec rails s -p 3000"
|
||||||
|
]
|
||||||
|
|
||||||
|
volumes = [{
|
||||||
|
container_path = "/mastodon/public/system"
|
||||||
|
host_path = "/mnt/xwing/data/mastodon"
|
||||||
|
}]
|
||||||
|
|
||||||
|
web = {
|
||||||
|
expose = "true"
|
||||||
|
host = "tatooine.club"
|
||||||
|
port = 3000
|
||||||
|
}
|
||||||
|
|
||||||
|
resource = {
|
||||||
|
memory = 2048
|
||||||
|
memory_swap = 2048
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
module "mastodon-streaming" {
|
||||||
|
name = "mastodon-streaming"
|
||||||
|
source = "../modules/container"
|
||||||
|
image = "ghcr.io/mastodon/mastodon:v${local.version}"
|
||||||
|
keep_image = true
|
||||||
|
|
||||||
|
# 24 threads for Streaming
|
||||||
|
env = concat(local.env,[
|
||||||
|
"DB_POOL=8",
|
||||||
|
"STREAMING_CLUSTER_NUM=4"
|
||||||
|
])
|
||||||
|
|
||||||
|
networks = ["postgres", "external", "mastodon"]
|
||||||
|
|
||||||
|
command = [
|
||||||
|
"node",
|
||||||
|
"./streaming"
|
||||||
|
]
|
||||||
|
|
||||||
|
web = {
|
||||||
|
expose = "false"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource = {
|
||||||
|
memory = 512
|
||||||
|
memory_swap = 512
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
module "mastodon-sidekiq" {
|
||||||
|
name = "mastodon-sidekiq"
|
||||||
|
source = "../modules/container"
|
||||||
|
image = "ghcr.io/mastodon/mastodon:v${local.version}"
|
||||||
|
keep_image = true
|
||||||
|
env = concat(local.env,[
|
||||||
|
"DB_POOL=50"
|
||||||
|
])
|
||||||
|
|
||||||
|
web = {
|
||||||
|
expose = "false"
|
||||||
|
}
|
||||||
|
|
||||||
|
networks = ["postgres", "external", "mastodon"]
|
||||||
|
|
||||||
|
command = [
|
||||||
|
"bundle",
|
||||||
|
"exec",
|
||||||
|
"sidekiq"
|
||||||
|
]
|
||||||
|
|
||||||
|
volumes = [{
|
||||||
|
container_path = "/mastodon/public/system"
|
||||||
|
host_path = "/mnt/xwing/data/mastodon"
|
||||||
|
}]
|
||||||
|
|
||||||
|
resource = {
|
||||||
|
memory = 2048
|
||||||
|
memory_swap = 2048
|
||||||
|
}
|
||||||
|
}
|
5
mastodon/network.tf
Normal file
5
mastodon/network.tf
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
resource "docker_network" "mastodon" {
|
||||||
|
name = "mastodon"
|
||||||
|
driver = "bridge"
|
||||||
|
internal = true
|
||||||
|
}
|
10
mastodon/provider.tf
Normal file
10
mastodon/provider.tf
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
terraform {
|
||||||
|
required_providers {
|
||||||
|
postgresql = {
|
||||||
|
source = "cyrilgdn/postgresql"
|
||||||
|
}
|
||||||
|
docker = {
|
||||||
|
source = "kreuzwerker/docker"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
18
mastodon/vars.tf
Normal file
18
mastodon/vars.tf
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
variable "db-password" {
|
||||||
|
type = string
|
||||||
|
}
|
||||||
|
variable "secret-key-base" {
|
||||||
|
type = string
|
||||||
|
}
|
||||||
|
variable "otp-secret" {
|
||||||
|
type = string
|
||||||
|
}
|
||||||
|
variable "vapid-private-key" {
|
||||||
|
type = string
|
||||||
|
}
|
||||||
|
variable "vapid-public-key" {
|
||||||
|
type = string
|
||||||
|
}
|
||||||
|
variable "smtp-password" {
|
||||||
|
type = string
|
||||||
|
}
|
@ -1,69 +1,62 @@
|
|||||||
resource "docker_container" "airsonic" {
|
# module "airsonic" {
|
||||||
name = "airsonic"
|
# source = "../modules/container"
|
||||||
image = "${docker_image.airsonic.latest}"
|
# image = "linuxserver/airsonic:latest"
|
||||||
restart = "unless-stopped"
|
# name = "airsonic"
|
||||||
destroy_grace_seconds = 30
|
# resource {
|
||||||
must_run = true
|
# memory = "1024"
|
||||||
|
# memory_swap = "1024"
|
||||||
# Unfortunately, the --device flag is not yet supported
|
# }
|
||||||
# in docker/terraform:
|
# web {
|
||||||
# https://github.com/terraform-providers/terraform-provider-docker/issues/30
|
# port = 4040
|
||||||
|
# host = "airsonic.bb8.fun"
|
||||||
upload {
|
# expose = true
|
||||||
content = "${data.template_file.airsonic-properties-file.rendered}"
|
# }
|
||||||
file = "/usr/lib/jvm/java-1.8-openjdk/jre/lib/airsonic.properties"
|
# networks = "${list(docker_network.media.id, data.docker_network.bridge.id)}"
|
||||||
}
|
# env = [
|
||||||
# This lets the Jukebox use ALSA
|
# "PUID=1004",
|
||||||
upload {
|
# "PGID=1003",
|
||||||
content = "${file("${path.module}/conf/airsonic.sound.properties")}"
|
# "TZ=Asia/Kolkata",
|
||||||
file = "/usr/lib/jvm/java-1.8-openjdk/jre/lib/sound.properties"
|
# "JAVA_OPTS=-Xmx512m -Dserver.use-forward-headers=true -Dserver.context-path=/",
|
||||||
}
|
# ]
|
||||||
volumes {
|
# devices = [{
|
||||||
host_path = "/mnt/xwing/config/airsonic/data"
|
# host_path = "/dev/snd"
|
||||||
container_path = "/config"
|
# container_path = "/dev/snd"
|
||||||
}
|
# }]
|
||||||
volumes {
|
# # files = [
|
||||||
host_path = "/mnt/xwing/media/Music"
|
# # "/usr/lib/jvm/java-1.8-openjdk/jre/lib/airsonic.properties",
|
||||||
container_path = "/music"
|
# # "/usr/lib/jvm/java-1.8-openjdk/jre/lib/sound.properties",
|
||||||
}
|
# # ]
|
||||||
volumes {
|
# # contents = [
|
||||||
host_path = "/mnt/xwing/config/airsonic/playlists"
|
# # "${data.template_file.airsonic-properties-file.rendered}",
|
||||||
container_path = "/playlists"
|
# # "${file("${path.module}/conf/airsonic.sound.properties")}",
|
||||||
}
|
# # ]
|
||||||
volumes {
|
# volumes = [
|
||||||
host_path = "/mnt/xwing/config/airsonic/podcasts"
|
# {
|
||||||
container_path = "/podcasts"
|
# host_path = "/mnt/xwing/config/airsonic2"
|
||||||
}
|
# container_path = "/config"
|
||||||
labels {
|
# },
|
||||||
"traefik.enable" = "true"
|
# {
|
||||||
"traefik.port" = "4040"
|
# host_path = "/mnt/xwing/media/Music"
|
||||||
"traefik.frontend.rule" = "Host:airsonic.in.${var.domain},airsonic.${var.domain}"
|
# container_path = "/music"
|
||||||
"traefik.frontend.passHostHeader" = "true"
|
# },
|
||||||
}
|
# {
|
||||||
# lounge:tatooine
|
# host_path = "/mnt/xwing/config/airsonic/playlists"
|
||||||
env = [
|
# container_path = "/playlists"
|
||||||
"PUID=1004",
|
# },
|
||||||
"PGID=1003",
|
# {
|
||||||
"TZ=Asia/Kolkata",
|
# host_path = "/mnt/xwing/config/airsonic/podcasts"
|
||||||
"JAVA_OPTS=-Xmx512m",
|
# container_path = "/podcasts"
|
||||||
]
|
# },
|
||||||
links = ["${var.links-mariadb}"]
|
# {
|
||||||
}
|
# host_path = "/mnt/xwing/config/airsonic/jre"
|
||||||
|
# container_path = "/usr/lib/jvm/java-1.8-openjdk/jre/lib/"
|
||||||
resource "docker_image" "airsonic" {
|
# },
|
||||||
name = "${data.docker_registry_image.airsonic.name}"
|
# ]
|
||||||
pull_triggers = ["${data.docker_registry_image.airsonic.sha256_digest}"]
|
# }
|
||||||
}
|
# data "template_file" "airsonic-properties-file" {
|
||||||
|
# template = "${file("${path.module}/conf/airsonic.properties.tpl")}"
|
||||||
data "docker_registry_image" "airsonic" {
|
# vars {
|
||||||
name = "linuxserver/airsonic:latest"
|
# smtp-password = "${var.airsonic-smtp-password}"
|
||||||
}
|
# # db-password = "${var.airsonic-db-password}"
|
||||||
|
# }
|
||||||
data "template_file" "airsonic-properties-file" {
|
# }
|
||||||
template = "${file("${path.module}/conf/airsonic.properties.tpl")}"
|
|
||||||
|
|
||||||
vars {
|
|
||||||
smtp-password = "${var.airsonic-smtp-password}"
|
|
||||||
db-password = "${var.airsonic-db-password}"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
@ -33,9 +33,3 @@ SmtpPort=465
|
|||||||
SmtpUser=airsonic@captnemo.in
|
SmtpUser=airsonic@captnemo.in
|
||||||
SmtpFrom=airsonic@captnemo.in
|
SmtpFrom=airsonic@captnemo.in
|
||||||
SmtpPassword=${smtp-password}
|
SmtpPassword=${smtp-password}
|
||||||
|
|
||||||
DatabaseConfigType=embed
|
|
||||||
DatabaseConfigEmbedDriver=org.hsqldb.jdbcDriver
|
|
||||||
DatabaseConfigEmbedUrl=jdbc:mysql://mariadb:3306/airsonic
|
|
||||||
DatabaseConfigEmbedUsername=airsonic
|
|
||||||
DatabaseConfigEmbedPassword=${db-password}
|
|
||||||
|
@ -10,17 +10,17 @@
|
|||||||
"bind-address-ipv6": "::",
|
"bind-address-ipv6": "::",
|
||||||
"blocklist-enabled": true,
|
"blocklist-enabled": true,
|
||||||
"blocklist-url": "http://john.bitsurge.net/public/biglist.p2p.gz",
|
"blocklist-url": "http://john.bitsurge.net/public/biglist.p2p.gz",
|
||||||
"cache-size-mb": 16,
|
"cache-size-mb": 256,
|
||||||
"dht-enabled": true,
|
"dht-enabled": true,
|
||||||
"download-dir": "/downloads",
|
"download-dir": "/downloads",
|
||||||
"download-queue-enabled": true,
|
"download-queue-enabled": false,
|
||||||
"download-queue-size": 5,
|
"download-queue-size": 5,
|
||||||
"encryption": 1,
|
"encryption": 1,
|
||||||
"idle-seeding-limit": 30,
|
"idle-seeding-limit": 30,
|
||||||
"idle-seeding-limit-enabled": false,
|
"idle-seeding-limit-enabled": false,
|
||||||
"incomplete-dir": "/downloads",
|
"incomplete-dir": "/downloads",
|
||||||
"incomplete-dir-enabled": true,
|
"incomplete-dir-enabled": true,
|
||||||
"lpd-enabled": false,
|
"lpd-enabled": true,
|
||||||
"message-level": 2,
|
"message-level": 2,
|
||||||
"peer-congestion-algorithm": "",
|
"peer-congestion-algorithm": "",
|
||||||
"peer-id-ttl-hours": 6,
|
"peer-id-ttl-hours": 6,
|
||||||
@ -31,13 +31,13 @@
|
|||||||
"peer-port-random-low": 49152,
|
"peer-port-random-low": 49152,
|
||||||
"peer-port-random-on-start": false,
|
"peer-port-random-on-start": false,
|
||||||
"peer-socket-tos": "default",
|
"peer-socket-tos": "default",
|
||||||
"pex-enabled": true,
|
"pex-enabled": false,
|
||||||
"port-forwarding-enabled": true,
|
"port-forwarding-enabled": true,
|
||||||
"preallocation": 1,
|
"preallocation": 1,
|
||||||
"prefetch-enabled": true,
|
"prefetch-enabled": true,
|
||||||
"queue-stalled-enabled": true,
|
"queue-stalled-enabled": false,
|
||||||
"queue-stalled-minutes": 30,
|
"queue-stalled-minutes": 30,
|
||||||
"ratio-limit": 0.2,
|
"ratio-limit": 1.2,
|
||||||
"ratio-limit-enabled": true,
|
"ratio-limit-enabled": true,
|
||||||
"rename-partial-files": true,
|
"rename-partial-files": true,
|
||||||
"rpc-host-whitelist": "transmission.bb8.fun,transmission",
|
"rpc-host-whitelist": "transmission.bb8.fun,transmission",
|
||||||
@ -51,19 +51,19 @@
|
|||||||
"rpc-username": "",
|
"rpc-username": "",
|
||||||
"rpc-whitelist": "127.0.0.1",
|
"rpc-whitelist": "127.0.0.1",
|
||||||
"rpc-whitelist-enabled": false,
|
"rpc-whitelist-enabled": false,
|
||||||
"scrape-paused-torrents-enabled": true,
|
"scrape-paused-torrents-enabled": false,
|
||||||
"script-torrent-done-enabled": false,
|
"script-torrent-done-enabled": false,
|
||||||
"script-torrent-done-filename": "",
|
"script-torrent-done-filename": "",
|
||||||
"seed-queue-enabled": false,
|
"seed-queue-enabled": true,
|
||||||
"seed-queue-size": 10,
|
"seed-queue-size": 50,
|
||||||
"speed-limit-down": 100,
|
"speed-limit-down": 100,
|
||||||
"speed-limit-down-enabled": false,
|
"speed-limit-down-enabled": false,
|
||||||
"speed-limit-up": 50,
|
"speed-limit-up": 50,
|
||||||
"speed-limit-up-enabled": true,
|
"speed-limit-up-enabled": false,
|
||||||
"start-added-torrents": true,
|
"start-added-torrents": true,
|
||||||
"trash-original-torrent-files": false,
|
"trash-original-torrent-files": false,
|
||||||
"umask": 2,
|
"umask": 2,
|
||||||
"upload-slots-per-torrent": 14,
|
"upload-slots-per-torrent": 10,
|
||||||
"utp-enabled": true,
|
"utp-enabled": true,
|
||||||
"watch-dir": "/watch",
|
"watch-dir": "/watch",
|
||||||
"watch-dir-enabled": true
|
"watch-dir-enabled": true
|
@ -1,34 +0,0 @@
|
|||||||
data "docker_registry_image" "daapd" {
|
|
||||||
name = "linuxserver/daapd:latest"
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "docker_image" "daapd" {
|
|
||||||
name = "${data.docker_registry_image.daapd.name}"
|
|
||||||
pull_triggers = ["${data.docker_registry_image.daapd.sha256_digest}"]
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "docker_container" "daapd" {
|
|
||||||
name = "daapd"
|
|
||||||
image = "${docker_image.daapd.latest}"
|
|
||||||
|
|
||||||
restart = "unless-stopped"
|
|
||||||
destroy_grace_seconds = 10
|
|
||||||
must_run = true
|
|
||||||
network_mode = "host"
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
host_path = "/mnt/xwing/config/daapd"
|
|
||||||
container_path = "/config"
|
|
||||||
}
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
host_path = "/mnt/xwing/media/Music"
|
|
||||||
container_path = "/music"
|
|
||||||
}
|
|
||||||
|
|
||||||
env = [
|
|
||||||
"PUID=1004",
|
|
||||||
"PGID=1003",
|
|
||||||
"TZ=Asia/Kolkata",
|
|
||||||
]
|
|
||||||
}
|
|
4
media/data.tf
Normal file
4
media/data.tf
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
data "docker_network" "bridge" {
|
||||||
|
name = "bridge"
|
||||||
|
}
|
||||||
|
|
74
media/emby.tf
Normal file
74
media/emby.tf
Normal file
@ -0,0 +1,74 @@
|
|||||||
|
|
||||||
|
locals {
|
||||||
|
emby_labels = merge(var.traefik-labels, {
|
||||||
|
"traefik.frontend.rule" = "Host:emby.in.${var.domain},emby.${var.domain}"
|
||||||
|
"traefik.frontend.passHostHeader" = "true"
|
||||||
|
"traefik.port" = 8096
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "docker_container" "emby" {
|
||||||
|
name = "emby"
|
||||||
|
image = docker_image.emby.image_id
|
||||||
|
|
||||||
|
# SSD holds both the cache and data
|
||||||
|
volumes {
|
||||||
|
host_path = "/mnt/zwing/config/emby"
|
||||||
|
container_path = "/config"
|
||||||
|
}
|
||||||
|
|
||||||
|
# We keep the cache separate
|
||||||
|
# So the config directory isn't bloated
|
||||||
|
volumes {
|
||||||
|
host_path = "/mnt/zwing/cache/emby"
|
||||||
|
container_path = "/config/cache"
|
||||||
|
}
|
||||||
|
|
||||||
|
# We want backups on the HDD
|
||||||
|
volumes {
|
||||||
|
host_path = "/mnt/xwing/backups/config/emby"
|
||||||
|
container_path = "/backups"
|
||||||
|
}
|
||||||
|
|
||||||
|
# And mount the media as well
|
||||||
|
volumes {
|
||||||
|
host_path = "/mnt/xwing/media"
|
||||||
|
container_path = "/media"
|
||||||
|
}
|
||||||
|
|
||||||
|
dynamic "labels" {
|
||||||
|
for_each = local.emby_labels
|
||||||
|
content {
|
||||||
|
label = labels.key
|
||||||
|
value = labels.value
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
networks = [docker_network.media.id, var.traefik-network-id]
|
||||||
|
|
||||||
|
memory = 2048
|
||||||
|
restart = "unless-stopped"
|
||||||
|
destroy_grace_seconds = 10
|
||||||
|
must_run = true
|
||||||
|
|
||||||
|
# This breaks every time we upgrade the kernel
|
||||||
|
# or the nvidia driver, and needs a reboot.
|
||||||
|
gpus = "all"
|
||||||
|
|
||||||
|
# Running as lounge:tatooine
|
||||||
|
env = [
|
||||||
|
"UID=1004",
|
||||||
|
"GID=1003",
|
||||||
|
"GIDLIST=1003"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "docker_image" "emby" {
|
||||||
|
name = data.docker_registry_image.emby.name
|
||||||
|
pull_triggers = [data.docker_registry_image.emby.sha256_digest]
|
||||||
|
}
|
||||||
|
|
||||||
|
data "docker_registry_image" "emby" {
|
||||||
|
name = "emby/embyserver:latest"
|
||||||
|
}
|
||||||
|
|
@ -1,29 +1,26 @@
|
|||||||
data "docker_registry_image" "jackett" {
|
module "jackett" {
|
||||||
name = "linuxserver/jackett:latest"
|
name = "jackett"
|
||||||
}
|
source = "../modules/container"
|
||||||
|
image = "linuxserver/jackett:latest"
|
||||||
|
# TODO FIXME
|
||||||
|
# networks = [data.docker_network.bridge.id]
|
||||||
|
|
||||||
resource "docker_image" "jackett" {
|
web = {
|
||||||
name = "${data.docker_registry_image.jackett.name}"
|
expose = true
|
||||||
pull_triggers = ["${data.docker_registry_image.jackett.sha256_digest}"]
|
port = 9117
|
||||||
}
|
host = "jackett.${var.domain}"
|
||||||
|
}
|
||||||
|
|
||||||
resource docker_container "jackett" {
|
volumes = [
|
||||||
name = "jackett"
|
{
|
||||||
image = "${docker_image.jackett.latest}"
|
host_path = "/mnt/xwing/config/jackett"
|
||||||
|
container_path = "/config"
|
||||||
|
},
|
||||||
|
]
|
||||||
|
|
||||||
labels = "${merge(
|
resource = {
|
||||||
var.traefik-labels, map(
|
memory = "256"
|
||||||
"traefik.port", 9117,
|
memory_swap = "512"
|
||||||
"traefik.frontend.rule","Host:jackett.${var.domain}"
|
|
||||||
))}"
|
|
||||||
|
|
||||||
restart = "unless-stopped"
|
|
||||||
destroy_grace_seconds = 10
|
|
||||||
must_run = true
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
host_path = "/mnt/xwing/config/jackett"
|
|
||||||
container_path = "/config"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
env = [
|
env = [
|
||||||
@ -31,6 +28,5 @@ resource docker_container "jackett" {
|
|||||||
"PGID=1003",
|
"PGID=1003",
|
||||||
"TZ=Asia/Kolkata",
|
"TZ=Asia/Kolkata",
|
||||||
]
|
]
|
||||||
|
|
||||||
# links = ["${var.links-emby}"]
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -3,19 +3,29 @@ data "docker_registry_image" "lidarr" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
resource "docker_image" "lidarr" {
|
resource "docker_image" "lidarr" {
|
||||||
name = "${data.docker_registry_image.lidarr.name}"
|
name = data.docker_registry_image.lidarr.name
|
||||||
pull_triggers = ["${data.docker_registry_image.lidarr.sha256_digest}"]
|
pull_triggers = [data.docker_registry_image.lidarr.sha256_digest]
|
||||||
}
|
}
|
||||||
|
|
||||||
resource docker_container "lidarr" {
|
locals {
|
||||||
name = "lidarr"
|
lidarr_labels = merge(var.traefik-labels, {
|
||||||
image = "${docker_image.lidarr.latest}"
|
"traefik.port" = 8686
|
||||||
|
"traefik.frontend.rule" = "Host:lidarr.${var.domain}"
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "docker_container" "lidarr" {
|
||||||
|
name = "lidarr"
|
||||||
|
image = docker_image.lidarr.image_id
|
||||||
|
|
||||||
|
dynamic "labels" {
|
||||||
|
for_each = local.lidarr_labels
|
||||||
|
content {
|
||||||
|
label = labels.key
|
||||||
|
value = labels.value
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
labels = "${merge(
|
|
||||||
var.traefik-labels, map(
|
|
||||||
"traefik.port", 8686,
|
|
||||||
"traefik.frontend.rule","Host:falcon.${var.domain}"
|
|
||||||
))}"
|
|
||||||
|
|
||||||
memory = 512
|
memory = 512
|
||||||
restart = "unless-stopped"
|
restart = "unless-stopped"
|
||||||
@ -43,5 +53,6 @@ resource docker_container "lidarr" {
|
|||||||
"TZ=Asia/Kolkata",
|
"TZ=Asia/Kolkata",
|
||||||
]
|
]
|
||||||
|
|
||||||
links = ["${var.links-emby}", "${var.links-transmission}"]
|
networks = [docker_network.media.id, var.traefik-network-id]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
50
media/navidrome.tf
Normal file
50
media/navidrome.tf
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
module "navidrome" {
|
||||||
|
source = "../modules/container"
|
||||||
|
image = "deluan/navidrome"
|
||||||
|
name = "navidrome"
|
||||||
|
|
||||||
|
user = 1004
|
||||||
|
|
||||||
|
resource = {
|
||||||
|
memory = "1024"
|
||||||
|
memory_swap = "1024"
|
||||||
|
}
|
||||||
|
|
||||||
|
web = {
|
||||||
|
port = 4533
|
||||||
|
host = "music.bb8.fun"
|
||||||
|
expose = true
|
||||||
|
}
|
||||||
|
|
||||||
|
env = [
|
||||||
|
"ND_SCANINTERVAL=6h",
|
||||||
|
"ND_LOGLEVEL=info",
|
||||||
|
"ND_SESSIONTIMEOUT=300h",
|
||||||
|
"ND_BASEURL=",
|
||||||
|
"ND_AUTOIMPORTPLAYLISTS=false",
|
||||||
|
"ND_LASTFM_APIKEY=${var.lastfm_api_key}",
|
||||||
|
"ND_LASTFM_SECRET=${var.lastfm_secret}",
|
||||||
|
"ND_SPOTIFY_ID=${var.spotify_id}",
|
||||||
|
"ND_SPOTIFY_SECRET=${var.spotify_secret}",
|
||||||
|
]
|
||||||
|
|
||||||
|
# TODO FIXME
|
||||||
|
# networks = [docker_network.media.id, data.docker_network.bridge.id]
|
||||||
|
|
||||||
|
# Keep cache and data config so we can do easier backups
|
||||||
|
volumes = [
|
||||||
|
{
|
||||||
|
host_path = "/mnt/zwing/config/navidrome"
|
||||||
|
container_path = "/data"
|
||||||
|
},{
|
||||||
|
host_path = "/mnt/zwing/cache/navidrome"
|
||||||
|
container_path = "/data/cache"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
host_path = "/mnt/xwing/media/Music"
|
||||||
|
container_path = "/music"
|
||||||
|
read_only = true
|
||||||
|
},
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
9
media/network.tf
Normal file
9
media/network.tf
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
resource "docker_network" "media" {
|
||||||
|
name = "media"
|
||||||
|
driver = "bridge"
|
||||||
|
|
||||||
|
ipam_config {
|
||||||
|
subnet = "172.18.0.0/24"
|
||||||
|
gateway = "172.18.0.1"
|
||||||
|
}
|
||||||
|
}
|
8
media/outputs.tf
Normal file
8
media/outputs.tf
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
output "names-transmission" {
|
||||||
|
value = docker_container.transmission.name
|
||||||
|
}
|
||||||
|
|
||||||
|
output "names-emby" {
|
||||||
|
value = docker_container.emby.name
|
||||||
|
}
|
||||||
|
|
19
media/providers.tf
Normal file
19
media/providers.tf
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
terraform {
|
||||||
|
required_providers {
|
||||||
|
pass = {
|
||||||
|
source = "camptocamp/pass"
|
||||||
|
}
|
||||||
|
digitalocean = {
|
||||||
|
source = "digitalocean/digitalocean"
|
||||||
|
}
|
||||||
|
postgresql = {
|
||||||
|
source = "cyrilgdn/postgresql"
|
||||||
|
}
|
||||||
|
cloudflare = {
|
||||||
|
source = "cloudflare/cloudflare"
|
||||||
|
}
|
||||||
|
docker = {
|
||||||
|
source = "kreuzwerker/docker"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
33
media/prowlarr.tf
Normal file
33
media/prowlarr.tf
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
module "prowlarr" {
|
||||||
|
name = "prowlarr"
|
||||||
|
source = "../modules/container"
|
||||||
|
image = "linuxserver/prowlarr:nightly"
|
||||||
|
|
||||||
|
web = {
|
||||||
|
expose = true
|
||||||
|
port = 9696
|
||||||
|
host = "prowlarr.${var.domain}"
|
||||||
|
auth = true
|
||||||
|
}
|
||||||
|
|
||||||
|
resource = {
|
||||||
|
memory = 512
|
||||||
|
memory_swap = 1024
|
||||||
|
}
|
||||||
|
|
||||||
|
volumes = [
|
||||||
|
{
|
||||||
|
host_path = "/mnt/xwing/config/prowlarr"
|
||||||
|
container_path = "/config"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
|
||||||
|
env = [
|
||||||
|
"PUID=1004",
|
||||||
|
"PGID=1003",
|
||||||
|
"TZ=Asia/Kolkata",
|
||||||
|
]
|
||||||
|
|
||||||
|
networks = [docker_network.media.id, data.docker_network.bridge.id]
|
||||||
|
}
|
||||||
|
|
@ -1,48 +1,45 @@
|
|||||||
data "docker_registry_image" "radarr" {
|
module "radarr" {
|
||||||
name = "linuxserver/radarr:latest"
|
name = "radarr"
|
||||||
}
|
source = "../modules/container"
|
||||||
|
image = "linuxserver/radarr:latest"
|
||||||
|
|
||||||
resource "docker_image" "radarr" {
|
networks = [docker_network.media.id, data.docker_network.bridge.id]
|
||||||
name = "${data.docker_registry_image.radarr.name}"
|
|
||||||
pull_triggers = ["${data.docker_registry_image.radarr.sha256_digest}"]
|
|
||||||
}
|
|
||||||
|
|
||||||
resource docker_container "radarr" {
|
web = {
|
||||||
name = "radarr"
|
expose = true
|
||||||
image = "${docker_image.radarr.latest}"
|
port = 7878
|
||||||
|
host = "radarr.${var.domain}"
|
||||||
# TODO: wildcard certs needed!
|
|
||||||
labels = "${merge(
|
|
||||||
var.traefik-labels, map(
|
|
||||||
"traefik.port", 7878,
|
|
||||||
"traefik.frontend.rule","Host:radarr.${var.domain}"
|
|
||||||
))}"
|
|
||||||
|
|
||||||
memory = 512
|
|
||||||
restart = "unless-stopped"
|
|
||||||
destroy_grace_seconds = 10
|
|
||||||
must_run = true
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
host_path = "/mnt/xwing/config/radarr"
|
|
||||||
container_path = "/config"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
volumes {
|
resource = {
|
||||||
host_path = "/mnt/xwing/media/DL"
|
memory = 512
|
||||||
container_path = "/downloads"
|
memory_swap = 1024
|
||||||
}
|
}
|
||||||
|
|
||||||
volumes {
|
volumes = [
|
||||||
host_path = "/mnt/xwing/media/Movies"
|
{
|
||||||
container_path = "/movies"
|
host_path = "/mnt/zwing/config/radarr"
|
||||||
}
|
container_path = "/config"
|
||||||
|
},
|
||||||
|
# Backups stay on spinning disks
|
||||||
|
{
|
||||||
|
host_path = "/mnt/xwing/backups/config/sonarr"
|
||||||
|
container_path = "/config/Backups"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
host_path = "/mnt/xwing/media/DL"
|
||||||
|
container_path = "/downloads"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
host_path = "/mnt/xwing/media/Movies"
|
||||||
|
container_path = "/movies"
|
||||||
|
},
|
||||||
|
]
|
||||||
|
|
||||||
env = [
|
env = [
|
||||||
"PUID=1004",
|
"PUID=1004",
|
||||||
"PGID=1003",
|
"PGID=1003",
|
||||||
"TZ=Asia/Kolkata",
|
"TZ=Asia/Kolkata",
|
||||||
]
|
]
|
||||||
|
|
||||||
links = ["${var.links-emby}", "${var.links-transmission}"]
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
26
media/requestrr.tf
Normal file
26
media/requestrr.tf
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
module "requestrr" {
|
||||||
|
name = "requestrr"
|
||||||
|
source = "../modules/container"
|
||||||
|
image = "darkalfx/requestrr:latest"
|
||||||
|
|
||||||
|
web = {
|
||||||
|
expose = true
|
||||||
|
port = 4545
|
||||||
|
host = "requestrr.${var.domain}"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource = {
|
||||||
|
memory = 256
|
||||||
|
memory_swap = 256
|
||||||
|
}
|
||||||
|
|
||||||
|
volumes = [
|
||||||
|
{
|
||||||
|
host_path = "/mnt/xwing/config/requestrr"
|
||||||
|
container_path = "/root/config"
|
||||||
|
},
|
||||||
|
]
|
||||||
|
|
||||||
|
networks = [docker_network.media.id, data.docker_network.bridge.id]
|
||||||
|
}
|
||||||
|
|
@ -1,41 +1,38 @@
|
|||||||
data "docker_registry_image" "sonarr" {
|
module "sonarr-container" {
|
||||||
name = "linuxserver/sonarr:latest"
|
name = "sonarr"
|
||||||
}
|
source = "../modules/container"
|
||||||
|
image = "linuxserver/sonarr:latest"
|
||||||
|
|
||||||
resource "docker_image" "sonarr" {
|
web = {
|
||||||
name = "${data.docker_registry_image.sonarr.name}"
|
expose = true
|
||||||
pull_triggers = ["${data.docker_registry_image.sonarr.sha256_digest}"]
|
port = 8989
|
||||||
}
|
host = "sonarr.${var.domain}"
|
||||||
|
|
||||||
resource docker_container "sonarr" {
|
|
||||||
name = "sonarr"
|
|
||||||
image = "${docker_image.sonarr.latest}"
|
|
||||||
|
|
||||||
labels = "${merge(
|
|
||||||
var.traefik-labels, map(
|
|
||||||
"traefik.port", 8989,
|
|
||||||
"traefik.frontend.rule","Host:sonarr.${var.domain}"
|
|
||||||
))}"
|
|
||||||
|
|
||||||
memory = 512
|
|
||||||
restart = "unless-stopped"
|
|
||||||
destroy_grace_seconds = 10
|
|
||||||
must_run = true
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
host_path = "/mnt/xwing/config/sonarr"
|
|
||||||
container_path = "/config"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
volumes {
|
resource = {
|
||||||
host_path = "/mnt/xwing/media/DL"
|
memory = 512
|
||||||
container_path = "/downloads"
|
memory_swap = 1024
|
||||||
}
|
}
|
||||||
|
|
||||||
volumes {
|
volumes = [
|
||||||
host_path = "/mnt/xwing/media/TV"
|
{
|
||||||
container_path = "/tv"
|
host_path = "/mnt/zwing/config/sonarr"
|
||||||
}
|
container_path = "/config"
|
||||||
|
},
|
||||||
|
# Backups stay on spinning disks
|
||||||
|
{
|
||||||
|
host_path = "/mnt/xwing/backups/config/sonarr"
|
||||||
|
container_path = "/config/Backups"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
host_path = "/mnt/xwing/media/DL"
|
||||||
|
container_path = "/downloads"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
host_path = "/mnt/xwing/media/TV"
|
||||||
|
container_path = "/tv"
|
||||||
|
},
|
||||||
|
]
|
||||||
|
|
||||||
env = [
|
env = [
|
||||||
"PUID=1004",
|
"PUID=1004",
|
||||||
@ -43,5 +40,6 @@ resource docker_container "sonarr" {
|
|||||||
"TZ=Asia/Kolkata",
|
"TZ=Asia/Kolkata",
|
||||||
]
|
]
|
||||||
|
|
||||||
links = ["${var.links-emby}", "${var.links-transmission}"]
|
networks = [docker_network.media.id, data.docker_network.bridge.id]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
74
media/transmission.tf
Normal file
74
media/transmission.tf
Normal file
@ -0,0 +1,74 @@
|
|||||||
|
locals {
|
||||||
|
transmission_labels = merge(var.traefik-labels, {
|
||||||
|
"traefik.frontend.auth.basic" = var.basic_auth
|
||||||
|
"traefik.port" = 9091
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "docker_container" "transmission" {
|
||||||
|
name = "transmission"
|
||||||
|
image = docker_image.transmission.image_id
|
||||||
|
|
||||||
|
dynamic "labels" {
|
||||||
|
for_each = local.transmission_labels
|
||||||
|
content {
|
||||||
|
label = labels.key
|
||||||
|
value = labels.value
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
ports {
|
||||||
|
internal = 51413
|
||||||
|
external = 51413
|
||||||
|
ip = var.ips["eth0"]
|
||||||
|
protocol = "udp"
|
||||||
|
}
|
||||||
|
|
||||||
|
volumes {
|
||||||
|
host_path = "/mnt/xwing/config/transmission"
|
||||||
|
container_path = "/config"
|
||||||
|
}
|
||||||
|
|
||||||
|
volumes {
|
||||||
|
host_path = "/mnt/xwing/media/DL"
|
||||||
|
container_path = "/downloads"
|
||||||
|
}
|
||||||
|
|
||||||
|
volumes {
|
||||||
|
host_path = "/mnt/xwing/media/Music/Audiobooks"
|
||||||
|
container_path = "/audiobooks"
|
||||||
|
}
|
||||||
|
|
||||||
|
volumes {
|
||||||
|
host_path = "/mnt/xwing/data/watch/transmission"
|
||||||
|
container_path = "/watch"
|
||||||
|
}
|
||||||
|
|
||||||
|
upload {
|
||||||
|
content = file("${path.module}/conf/transmission.json")
|
||||||
|
file = "/config/settings.json"
|
||||||
|
}
|
||||||
|
|
||||||
|
env = [
|
||||||
|
"PGID=1003",
|
||||||
|
"PUID=1000",
|
||||||
|
"TZ=Asia/Kolkata",
|
||||||
|
]
|
||||||
|
|
||||||
|
networks = [docker_network.media.id, var.traefik-network-id]
|
||||||
|
|
||||||
|
memory = 1024
|
||||||
|
restart = "unless-stopped"
|
||||||
|
destroy_grace_seconds = 10
|
||||||
|
must_run = true
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "docker_image" "transmission" {
|
||||||
|
name = data.docker_registry_image.transmission.name
|
||||||
|
pull_triggers = [data.docker_registry_image.transmission.sha256_digest]
|
||||||
|
}
|
||||||
|
|
||||||
|
data "docker_registry_image" "transmission" {
|
||||||
|
name = "linuxserver/transmission:latest"
|
||||||
|
}
|
||||||
|
|
@ -1,13 +1,42 @@
|
|||||||
variable "domain" {
|
variable "domain" {
|
||||||
type = "string"
|
type = string
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "links-emby" {}
|
# variable "airsonic-smtp-password" {}
|
||||||
variable "links-transmission" {}
|
|
||||||
variable "links-mariadb" {}
|
|
||||||
variable "airsonic-smtp-password" {}
|
|
||||||
variable "airsonic-db-password" {}
|
|
||||||
|
|
||||||
variable "traefik-labels" {
|
variable "traefik-labels" {
|
||||||
type = "map"
|
type = map(string)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TODO: Remove duplication
|
||||||
|
variable "basic_auth" {
|
||||||
|
default = "tatooine:$2y$05$iPbatint3Gulbs6kUtyALO9Yq5sBJ..aiF82bcIziH4ytz9nFoPr6,reddit:$2y$05$ghKxSydYCpAT8r2VVMDmWO/BBecghGfLsRJUkr3ii7XxPyxBqp8Oy"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "ips" {
|
||||||
|
type = map(string)
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "traefik-network-id" {
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "lastfm_api_key" {
|
||||||
|
description = "Navidrome Configuration for lastfm_api_key"
|
||||||
|
type = string
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "lastfm_secret" {
|
||||||
|
description = "Navidrome Configuration for lastfm_secret"
|
||||||
|
type = string
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "spotify_id" {
|
||||||
|
description = "Navidrome Configuration for spotify_id"
|
||||||
|
type = string
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "spotify_secret" {
|
||||||
|
description = "Navidrome Configuration for spotify_secret"
|
||||||
|
type = string
|
||||||
|
}
|
||||||
|
|
||||||
|
30
miniflux.tf
Normal file
30
miniflux.tf
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
module "miniflux-container" {
|
||||||
|
name = "miniflux"
|
||||||
|
source = "./modules/container"
|
||||||
|
image = "miniflux/miniflux:2.0.50"
|
||||||
|
|
||||||
|
web = {
|
||||||
|
expose = true
|
||||||
|
port = 8080
|
||||||
|
host = "rss.captnemo.in"
|
||||||
|
}
|
||||||
|
|
||||||
|
networks = ["bridge", "postgres"]
|
||||||
|
|
||||||
|
env = [
|
||||||
|
"DATABASE_URL=postgres://miniflux:${data.pass_password.miniflux-db-password.password}@postgres/miniflux?sslmode=disable",
|
||||||
|
"RUN_MIGRATIONS=1",
|
||||||
|
]
|
||||||
|
|
||||||
|
resource = {
|
||||||
|
memory = 512
|
||||||
|
memory_swap = 1024
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
module "miniflux-db" {
|
||||||
|
source = "./modules/postgres"
|
||||||
|
name = "miniflux"
|
||||||
|
password = data.pass_password.miniflux-db-password.password
|
||||||
|
}
|
||||||
|
|
9
modules/container/image.tf
Normal file
9
modules/container/image.tf
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
data "docker_registry_image" "image" {
|
||||||
|
name = var.image
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "docker_image" "image" {
|
||||||
|
name = var.image
|
||||||
|
pull_triggers = [data.docker_registry_image.image.sha256_digest]
|
||||||
|
keep_locally = var.keep_image
|
||||||
|
}
|
49
modules/container/locals.tf
Normal file
49
modules/container/locals.tf
Normal file
@ -0,0 +1,49 @@
|
|||||||
|
locals {
|
||||||
|
default_labels = {
|
||||||
|
"managed.by" = "nebula"
|
||||||
|
}
|
||||||
|
|
||||||
|
web = {
|
||||||
|
"traefik.port" = var.web.port != null ? var.web.port : 80
|
||||||
|
"traefik.frontend.rule" = var.web.host != null ? "Host:${var.web.host}" : "Host:example.invalid"
|
||||||
|
"traefik.protocol" = var.web.protocol != null ? var.web.protocol : "http"
|
||||||
|
}
|
||||||
|
|
||||||
|
traefik_common_labels = {
|
||||||
|
"traefik.enable" = "true"
|
||||||
|
// HSTS
|
||||||
|
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
||||||
|
"traefik.frontend.headers.STSSeconds" = "2592000"
|
||||||
|
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||||
|
// X-Powered-By, Server headers
|
||||||
|
"traefik.frontend.headers.customResponseHeaders" = var.xpoweredby
|
||||||
|
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
||||||
|
"traefik.frontend.headers.browserXSSFilter" = "true"
|
||||||
|
"traefik.docker.network" = "traefik"
|
||||||
|
}
|
||||||
|
|
||||||
|
# if var.web.auth == true
|
||||||
|
traefik_auth_labels = {
|
||||||
|
"traefik.frontend.auth.basic" = var.auth_header
|
||||||
|
}
|
||||||
|
|
||||||
|
resource = {
|
||||||
|
memory = lookup(var.resource, "memory", 64)
|
||||||
|
memory_swap = lookup(var.resource, "memory_swap", 128)
|
||||||
|
}
|
||||||
|
|
||||||
|
labels = merge(
|
||||||
|
# Default labels are applied to every container
|
||||||
|
local.default_labels,
|
||||||
|
# Add the common traefik labels
|
||||||
|
var.web.expose ? local.traefik_common_labels : null,
|
||||||
|
# Apply the overwritten web labels only if the container is exposed
|
||||||
|
var.web.expose ? local.web : null,
|
||||||
|
# And finally a label for Basic Authentication if the service wants it
|
||||||
|
var.web.auth != null ? (var.web.auth ? local.traefik_auth_labels : null) : null,
|
||||||
|
|
||||||
|
var.labels,
|
||||||
|
)
|
||||||
|
|
||||||
|
networks = concat(var.networks, var.web.expose ? ["traefik"] : [])
|
||||||
|
}
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user