126 lines
2.5 KiB
HCL
126 lines
2.5 KiB
HCL
resource "docker_container" "traefik" {
|
|
name = "traefik"
|
|
image = docker_image.traefik17.image_id
|
|
|
|
|
|
labels {
|
|
label = "traefik.enable"
|
|
value = "true"
|
|
}
|
|
|
|
labels {
|
|
label = "traefik.http.routers.api.rule"
|
|
value = "Host('traefik.in.bb8.fun')"
|
|
}
|
|
|
|
labels {
|
|
label = "traefik.http.routers.api.service"
|
|
value = "api@internal"
|
|
}
|
|
|
|
# Local Web Server
|
|
ports {
|
|
internal = 80
|
|
external = 80
|
|
ip = var.ips["eth0"]
|
|
}
|
|
|
|
# Local Web Server (HTTPS)
|
|
ports {
|
|
internal = 443
|
|
external = 443
|
|
ip = var.ips["eth0"]
|
|
}
|
|
|
|
# Proxied via sydney.captnemo.in
|
|
ports {
|
|
internal = 443
|
|
external = 443
|
|
ip = var.ips["tun0"]
|
|
}
|
|
|
|
ports {
|
|
internal = 80
|
|
external = 80
|
|
ip = var.ips["tun0"]
|
|
}
|
|
|
|
upload {
|
|
content = file("${path.module}/conf/traefik.toml")
|
|
file = "/etc/traefik/traefik.toml"
|
|
}
|
|
|
|
upload {
|
|
content = file(
|
|
"/home/nemo/projects/personal/certs/git.captnemo.in/fullchain.pem",
|
|
)
|
|
file = "/etc/traefik/git.captnemo.in.crt"
|
|
}
|
|
|
|
upload {
|
|
content = file(
|
|
"/home/nemo/projects/personal/certs/git.captnemo.in/privkey.pem",
|
|
)
|
|
file = "/etc/traefik/git.captnemo.in.key"
|
|
}
|
|
|
|
upload {
|
|
content = file(
|
|
"/home/nemo/projects/personal/certs/lego/certificates/tatooine.club.key",
|
|
)
|
|
file = "/etc/traefik/tatooine.club.key"
|
|
}
|
|
|
|
upload {
|
|
content = file(
|
|
"/home/nemo/projects/personal/certs/lego/certificates/tatooine.club.crt",
|
|
)
|
|
file = "/etc/traefik/tatooine.club.crt"
|
|
}
|
|
|
|
upload {
|
|
content = file(
|
|
"/home/nemo/projects/personal/certs/rss.captnemo.in/fullchain.pem",
|
|
)
|
|
file = "/etc/traefik/rss.captnemo.in.crt"
|
|
}
|
|
|
|
upload {
|
|
content = file(
|
|
"/home/nemo/projects/personal/certs/rss.captnemo.in/privkey.pem",
|
|
)
|
|
file = "/etc/traefik/rss.captnemo.in.key"
|
|
}
|
|
|
|
volumes {
|
|
host_path = "/var/run/docker.sock"
|
|
container_path = "/var/run/docker.sock"
|
|
read_only = true
|
|
}
|
|
|
|
volumes {
|
|
host_path = "/mnt/xwing/config/acme"
|
|
container_path = "/acme"
|
|
}
|
|
|
|
memory = 256
|
|
restart = "always"
|
|
destroy_grace_seconds = 10
|
|
must_run = true
|
|
|
|
// `bridge` is auto-connected for now
|
|
// https://github.com/terraform-providers/terraform-provider-docker/issues/10
|
|
networks_advanced {
|
|
name = "traefik"
|
|
}
|
|
|
|
networks_advanced {
|
|
name = "bridge"
|
|
}
|
|
|
|
env = [
|
|
"CLOUDFLARE_EMAIL=${var.cloudflare_email}",
|
|
"CLOUDFLARE_API_KEY=${var.cloudflare_key}",
|
|
]
|
|
}
|