From a2a6897e3736413d585ed2d53bf198d0d730aded Mon Sep 17 00:00:00 2001 From: Nemo Date: Thu, 28 Dec 2017 20:50:21 +0530 Subject: [PATCH 1/5] lychee is delicious --- docker/data.tf | 4 ++++ docker/images.tf | 5 +++++ docker/lychee.tf | 37 +++++++++++++++++++++++++++++++++++++ 3 files changed, 46 insertions(+) create mode 100644 docker/lychee.tf diff --git a/docker/data.tf b/docker/data.tf index 65e8a68..b63b735 100644 --- a/docker/data.tf +++ b/docker/data.tf @@ -62,3 +62,7 @@ data "docker_registry_image" "headerdebug" { data "docker_registry_image" "cadvisor" { name = "google/cadvisor:latest" } + +data "docker_registry_image" "lychee" { + name = "linuxserver/lychee:latest" +} diff --git a/docker/images.tf b/docker/images.tf index 54b6c8b..638a2a5 100644 --- a/docker/images.tf +++ b/docker/images.tf @@ -75,3 +75,8 @@ resource "docker_image" "cadvisor" { name = "${data.docker_registry_image.cadvisor.name}" pull_triggers = ["${data.docker_registry_image.cadvisor.sha256_digest}"] } + +resource "docker_image" "lychee" { + name = "${data.docker_registry_image.lychee.name}" + pull_triggers = ["${data.docker_registry_image.lychee.sha256_digest}"] +} diff --git a/docker/lychee.tf b/docker/lychee.tf new file mode 100644 index 0000000..c57e31e --- /dev/null +++ b/docker/lychee.tf @@ -0,0 +1,37 @@ +resource "docker_container" "lychee" { + name = "lychee" + image = "${docker_image.lychee.latest}" + + restart = "unless-stopped" + destroy_grace_seconds = 10 + must_run = true + + volumes { + host_path = "/mnt/xwing/config/lychee" + container_path = "/config" + } + + volumes { + host_path = "/mnt/xwing/data/lychee" + container_path = "/pictures" + } + + labels { + "traefik.port" = 80 + "traefik.frontend.passHostHeader" = "false" + "traefik.enable" = "true" + "traefik.frontend.headers.SSLTemporaryRedirect" = "true" + "traefik.frontend.headers.STSIncludeSubdomains" = "false" + "traefik.frontend.headers.contentTypeNosniff" = "true" + "traefik.frontend.headers.browserXSSFilter" = "true" + "traefik.frontend.headers.STSSeconds" = "2592000" + "traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}" + "traefik.frontend.auth.basic" = "${var.basic_auth}" + "traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}" + } + + env = [ + "PUID=986", + "PGID=984", + ] +} -- 2.40.1 From 7adef5e80d2b28ec78f0d15e6a21844893354dd7 Mon Sep 17 00:00:00 2001 From: Nemo Date: Thu, 28 Dec 2017 21:52:11 +0530 Subject: [PATCH 2/5] Start using custom build of mysql provider - Using https://github.com/terraform-providers/terraform-provider-mysql/pull/27 --- docker/db.tf | 10 +++++++++ docker/lychee.tf | 3 +++ main.tf | 10 --------- mysql/main.tf | 55 ++++++++++++++++++++++++++++-------------------- providers.tf | 15 +++++++++++++ 5 files changed, 60 insertions(+), 33 deletions(-) create mode 100644 providers.tf diff --git a/docker/db.tf b/docker/db.tf index b1b39ec..b3ce5d0 100644 --- a/docker/db.tf +++ b/docker/db.tf @@ -30,12 +30,22 @@ resource "docker_container" "mariadb" { host_path = "${docker_volume.mariadb_volume.mountpoint}" } + // This is so that other host-only services can share this ports { internal = 3306 external = 3306 ip = "${var.ips["eth0"]}" } + + // This is a not-so-great idea + // TODO: Figure out a better way to make terraform SSH and then connect to localhost + ports { + internal = 3306 + external = 3306 + ip = "${var.ips["tun0"]}" + } + memory = 512 restart = "unless-stopped" destroy_grace_seconds = 10 diff --git a/docker/lychee.tf b/docker/lychee.tf index c57e31e..9f47603 100644 --- a/docker/lychee.tf +++ b/docker/lychee.tf @@ -28,10 +28,13 @@ resource "docker_container" "lychee" { "traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}" "traefik.frontend.auth.basic" = "${var.basic_auth}" "traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}" + "traefik.frontend.rule" = "Host:airsonic.in.${var.domain},airsonic.${var.domain}" } env = [ "PUID=986", "PGID=984", ] + + links = ["mariadb"] } diff --git a/main.tf b/main.tf index ae4739c..0d1d743 100644 --- a/main.tf +++ b/main.tf @@ -1,13 +1,3 @@ -provider "docker" { - host = "tcp://docker.vpn.bb8.fun:2376" - cert_path = "./secrets" -} - -provider "cloudflare" { - email = "bb8@captnemo.in" - token = "${var.cloudflare_key}" -} - module "cloudflare" { source = "cloudflare" domain = "bb8.fun" diff --git a/mysql/main.tf b/mysql/main.tf index 7466e12..40393aa 100644 --- a/mysql/main.tf +++ b/mysql/main.tf @@ -1,25 +1,34 @@ # # This is pending on https://github.com/hashicorp/go-version/pull/34 -# provider "mysql" { -# endpoint = "docker.in.captnemo.in:3306" -# username = "root" -# password = "${var.mysql_root_password}" -# } -# # Create a Database -# resource "mysql_database" "kodi" { -# name = "kodi" -# lifecycle { -# prevent_destroy = true -# } -# } -# resource "mysql_user" "kodi" { -# user = "kodi" -# host = "127.0.0.1" -# plaintext_password = "testing" -# } -# resource "mysql_grant" "kodi" { -# user = "${mysql_user.kodi.user}" -# host = "${mysql_user.kodi.host}" -# database = "kodi" -# privileges = ["SUPER"] -# } + +# Create a Database +resource "mysql_database" "kodi" { + name = "kodi" + lifecycle { + prevent_destroy = true + } +} + +resource "mysql_user" "kodi" { + user = "kodi" + plaintext_password = "testing" +} + +resource "mysql_grant" "kodi" { + user = "${mysql_user.kodi.user}" + host = "${mysql_user.kodi.host}" + database = "kodi" + privileges = ["SUPER"] +} + +resource "mysql_user" "lychee" { + user = "lychee" + plaintext_password = "testing" +} + +resource "mysql_grant" "lychee" { + user = "${mysql_user.lychee.user}" + host = "${mysql_user.lychee.host}" + database = "lychee" + privileges = ["SUPER"] +} diff --git a/providers.tf b/providers.tf new file mode 100644 index 0000000..681734e --- /dev/null +++ b/providers.tf @@ -0,0 +1,15 @@ +provider "docker" { + host = "tcp://docker.vpn.bb8.fun:2376" + cert_path = "./secrets" +} + +provider "cloudflare" { + email = "bb8@captnemo.in" + token = "${var.cloudflare_key}" +} + +provider "mysql" { + endpoint = "mysql.vpn.bb8.fun:3306" + username = "root" + password = "${var.mysql_root_password}" +} -- 2.40.1 From b745498004d0616a1e8930f4f9beb374e69dc0c1 Mon Sep 17 00:00:00 2001 From: Nemo Date: Thu, 28 Dec 2017 22:12:21 +0530 Subject: [PATCH 3/5] Creates the mysql database cleanly --- docker/db.tf | 1 - docker/outputs.tf | 3 +++ main.tf | 7 +++++-- mysql/main.tf | 30 +++++++++--------------------- mysql/variables.tf | 10 ++++++++++ variables.tf | 4 ++++ 6 files changed, 31 insertions(+), 24 deletions(-) create mode 100644 docker/outputs.tf diff --git a/docker/db.tf b/docker/db.tf index b3ce5d0..a630259 100644 --- a/docker/db.tf +++ b/docker/db.tf @@ -37,7 +37,6 @@ resource "docker_container" "mariadb" { ip = "${var.ips["eth0"]}" } - // This is a not-so-great idea // TODO: Figure out a better way to make terraform SSH and then connect to localhost ports { diff --git a/docker/outputs.tf b/docker/outputs.tf new file mode 100644 index 0000000..2cdad4b --- /dev/null +++ b/docker/outputs.tf @@ -0,0 +1,3 @@ +output "lychee-ip" { + value = "${docker_container.lychee.ip_address}" +} diff --git a/main.tf b/main.tf index 0d1d743..c40336a 100644 --- a/main.tf +++ b/main.tf @@ -5,8 +5,11 @@ module "cloudflare" { } module "mysql" { - source = "mysql" - mysql_root_password = "${var.mysql_root_password}" + source = "mysql" + mysql_root_password = "${var.mysql_root_password}" + mysql_lychee_password = "${var.mysql_lychee_password}" + mysql_kodi_password = "${var.mysql_kodi_password}" + lychee_ip = "${module.docker.lychee-ip}" } module "docker" { diff --git a/mysql/main.tf b/mysql/main.tf index 40393aa..47d3416 100644 --- a/mysql/main.tf +++ b/mysql/main.tf @@ -1,34 +1,22 @@ # # This is pending on https://github.com/hashicorp/go-version/pull/34 # Create a Database -resource "mysql_database" "kodi" { - name = "kodi" +resource "mysql_database" "lychee" { + name = "lychee" lifecycle { prevent_destroy = true } } -resource "mysql_user" "kodi" { - user = "kodi" - plaintext_password = "testing" -} - -resource "mysql_grant" "kodi" { - user = "${mysql_user.kodi.user}" - host = "${mysql_user.kodi.host}" - database = "kodi" - privileges = ["SUPER"] -} - resource "mysql_user" "lychee" { - user = "lychee" - plaintext_password = "testing" + user = "lychee" + host = "${var.lychee_ip}" + plaintext_password = "${var.mysql_lychee_password}" } resource "mysql_grant" "lychee" { - user = "${mysql_user.lychee.user}" - host = "${mysql_user.lychee.host}" - database = "lychee" - privileges = ["SUPER"] + user = "${mysql_user.lychee.user}" + host = "${mysql_user.lychee.host}" + database = "${mysql_database.lychee.name}" + privileges = ["ALL"] } - diff --git a/mysql/variables.tf b/mysql/variables.tf index 2c69125..2990d8d 100644 --- a/mysql/variables.tf +++ b/mysql/variables.tf @@ -1,3 +1,13 @@ variable "mysql_root_password" { type = "string" } + +variable "mysql_lychee_password" { + type = "string" +} + +variable "mysql_kodi_password" { + type = "string" +} + +variable "lychee_ip" {} diff --git a/variables.tf b/variables.tf index 257c268..1028573 100644 --- a/variables.tf +++ b/variables.tf @@ -15,6 +15,10 @@ variable "mysql_root_password" { type = "string" } +variable "mysql_lychee_password" {} + +variable "mysql_kodi_password" {} + variable "wiki_session_secret" { type = "string" } -- 2.40.1 From 8bcb5b166fb7582f669bb3e66f1d1847624d2a69 Mon Sep 17 00:00:00 2001 From: Nemo Date: Thu, 28 Dec 2017 22:37:19 +0530 Subject: [PATCH 4/5] add more domains on SSL --- docker/conf/traefik.toml | 9 ++++++++- docker/lychee.tf | 2 +- mysql/main.tf | 15 ++++++++------- 3 files changed, 17 insertions(+), 9 deletions(-) diff --git a/docker/conf/traefik.toml b/docker/conf/traefik.toml index 92c3146..46541e4 100644 --- a/docker/conf/traefik.toml +++ b/docker/conf/traefik.toml @@ -75,23 +75,30 @@ sans = [ "airsonic.in.bb8.fun", "cadvisor.bb8.fun", "couchpotato.bb8.fun", + "debug.in.bb8.fun", "ebooks.bb8.fun", "ebooks.in.bb8.fun", "emby.bb8.fun", "emby.in.bb8.fun", - "debug.in.bb8.fun", "flexget.bb8.fun", "git.bb8.fun", "gitea.bb8.fun", + "grafana.bb8.fun", "headphones.bb8.fun", "home.bb8.fun", "home.in.bb8.fun", "library.bb8.fun", + "luke.bb8.fun", + "monitoring.bb8.fun", "muximux.bb8.fun", "muximux.in.bb8.fun", + "pics.bb8.fun", + "pics.in.bb8.fun", "read.bb8.fun", "read.in.bb8.fun", + "rey.bb8.fun", "scan.bb8.fun", + "tatooine.bb8.fun", "traefik.bb8.fun", "transmission.bb8.fun", "wiki.bb8.fun" diff --git a/docker/lychee.tf b/docker/lychee.tf index 9f47603..32f268c 100644 --- a/docker/lychee.tf +++ b/docker/lychee.tf @@ -28,7 +28,7 @@ resource "docker_container" "lychee" { "traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}" "traefik.frontend.auth.basic" = "${var.basic_auth}" "traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}" - "traefik.frontend.rule" = "Host:airsonic.in.${var.domain},airsonic.${var.domain}" + "traefik.frontend.rule" = "Host:lychee.${var.domain},lychee.in.${var.domain}" } env = [ diff --git a/mysql/main.tf b/mysql/main.tf index 47d3416..763a396 100644 --- a/mysql/main.tf +++ b/mysql/main.tf @@ -3,20 +3,21 @@ # Create a Database resource "mysql_database" "lychee" { name = "lychee" + lifecycle { prevent_destroy = true } } resource "mysql_user" "lychee" { - user = "lychee" - host = "${var.lychee_ip}" - plaintext_password = "${var.mysql_lychee_password}" + user = "lychee" + host = "${var.lychee_ip}" + plaintext_password = "${var.mysql_lychee_password}" } resource "mysql_grant" "lychee" { - user = "${mysql_user.lychee.user}" - host = "${mysql_user.lychee.host}" - database = "${mysql_database.lychee.name}" - privileges = ["ALL"] + user = "${mysql_user.lychee.user}" + host = "${mysql_user.lychee.host}" + database = "${mysql_database.lychee.name}" + privileges = ["ALL"] } -- 2.40.1 From 8cba47dd0ceb5d0d75ba981e30270c36e4d16d50 Mon Sep 17 00:00:00 2001 From: Nemo Date: Thu, 28 Dec 2017 22:44:19 +0530 Subject: [PATCH 5/5] Switch to pics.bb8.fun --- docker/lychee.tf | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docker/lychee.tf b/docker/lychee.tf index 32f268c..0494212 100644 --- a/docker/lychee.tf +++ b/docker/lychee.tf @@ -26,9 +26,8 @@ resource "docker_container" "lychee" { "traefik.frontend.headers.browserXSSFilter" = "true" "traefik.frontend.headers.STSSeconds" = "2592000" "traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}" - "traefik.frontend.auth.basic" = "${var.basic_auth}" "traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}" - "traefik.frontend.rule" = "Host:lychee.${var.domain},lychee.in.${var.domain}" + "traefik.frontend.rule" = "Host:pics.${var.domain},pics.in.${var.domain}" } env = [ -- 2.40.1