nebula/docker/traefik.tf

126 lines
2.5 KiB
HCL

resource "docker_container" "traefik" {
name = "traefik"
image = docker_image.traefik17.image_id
labels {
label = "traefik.enable"
value = "true"
}
labels {
label = "traefik.http.routers.api.rule"
value = "Host('traefik.in.bb8.fun')"
}
labels {
label = "traefik.http.routers.api.service"
value = "api@internal"
}
# Local Web Server
ports {
internal = 80
external = 80
ip = var.ips["eth0"]
}
# Local Web Server (HTTPS)
ports {
internal = 443
external = 443
ip = var.ips["eth0"]
}
# Proxied via sydney.captnemo.in
ports {
internal = 443
external = 443
ip = var.ips["tun0"]
}
ports {
internal = 80
external = 80
ip = var.ips["tun0"]
}
upload {
content = file("${path.module}/conf/traefik.toml")
file = "/etc/traefik/traefik.toml"
}
upload {
content = file(
"/home/nemo/projects/personal/certs/git.captnemo.in/fullchain.pem",
)
file = "/etc/traefik/git.captnemo.in.crt"
}
upload {
content = file(
"/home/nemo/projects/personal/certs/git.captnemo.in/privkey.pem",
)
file = "/etc/traefik/git.captnemo.in.key"
}
upload {
content = file(
"/home/nemo/projects/personal/certs/lego/certificates/tatooine.club.key",
)
file = "/etc/traefik/tatooine.club.key"
}
upload {
content = file(
"/home/nemo/projects/personal/certs/lego/certificates/tatooine.club.crt",
)
file = "/etc/traefik/tatooine.club.crt"
}
upload {
content = file(
"/home/nemo/projects/personal/certs/rss.captnemo.in/fullchain.pem",
)
file = "/etc/traefik/rss.captnemo.in.crt"
}
upload {
content = file(
"/home/nemo/projects/personal/certs/rss.captnemo.in/privkey.pem",
)
file = "/etc/traefik/rss.captnemo.in.key"
}
volumes {
host_path = "/var/run/docker.sock"
container_path = "/var/run/docker.sock"
read_only = true
}
volumes {
host_path = "/mnt/xwing/config/acme"
container_path = "/acme"
}
memory = 256
restart = "always"
destroy_grace_seconds = 10
must_run = true
// `bridge` is auto-connected for now
// https://github.com/terraform-providers/terraform-provider-docker/issues/10
networks_advanced {
name = "traefik"
}
networks_advanced {
name = "bridge"
}
env = [
"CLOUDFLARE_EMAIL=${var.cloudflare_email}",
"CLOUDFLARE_API_KEY=${var.cloudflare_key}",
]
}