diff options
author | Trygve Laugstøl <trygvis@inamo.no> | 2022-12-23 09:05:17 +0100 |
---|---|---|
committer | Trygve Laugstøl <trygvis@inamo.no> | 2022-12-23 09:05:17 +0100 |
commit | 19d2406d9a51f41ba70c1b9d503fa4cc3bf2af24 (patch) | |
tree | 2139741a45e82d6d9b79b6b27d6a0c7841b8f0e9 /terraform/conflatorio-docker | |
parent | 3fc34994497058635777df5b048eac980d6b4d4b (diff) | |
download | infra-19d2406d9a51f41ba70c1b9d503fa4cc3bf2af24.tar.gz infra-19d2406d9a51f41ba70c1b9d503fa4cc3bf2af24.tar.bz2 infra-19d2406d9a51f41ba70c1b9d503fa4cc3bf2af24.tar.xz infra-19d2406d9a51f41ba70c1b9d503fa4cc3bf2af24.zip |
concourse
Diffstat (limited to 'terraform/conflatorio-docker')
-rw-r--r-- | terraform/conflatorio-docker/.terraform.lock.hcl | 19 | ||||
-rw-r--r-- | terraform/conflatorio-docker/main.tf | 13 | ||||
-rw-r--r-- | terraform/conflatorio-docker/traefik.tf | 11 |
3 files changed, 37 insertions, 6 deletions
diff --git a/terraform/conflatorio-docker/.terraform.lock.hcl b/terraform/conflatorio-docker/.terraform.lock.hcl index 33dd88d..3ac9963 100644 --- a/terraform/conflatorio-docker/.terraform.lock.hcl +++ b/terraform/conflatorio-docker/.terraform.lock.hcl @@ -41,3 +41,22 @@ provider "registry.terraform.io/kreuzwerker/docker" { "zh:f6238eee53124aae4896a57e92c6ad7ce35adb946662e864abf3c8cc154e3498", ] } + +provider "registry.terraform.io/meilleursagents/ansiblevault" { + version = "2.2.0" + constraints = "2.2.0" + hashes = [ + "h1:BdAWPYZ+cwkGuc9Hy0zZfyvbRL9f3naXpcUaOnoZee8=", + "zh:06faf88f2a6f2e9aabadb0d50565f4804636039042d37984463f0ca647f52189", + "zh:15053cceec8b24d9b62598e9e6860607603c2ecc7871705720a0753ef297d79f", + "zh:525f261f35d58151b4c51301cc1ae98a592c9b3400449361a91f2d84c467e2ac", + "zh:8bfe3b2c2b975792987d0642e8525efbf436ae08b1cebb1fa266b8954cb1915e", + "zh:93a943b494b0f70ef644334bf7646bf203ca087873385ab8ff89d406b9448771", + "zh:c651248189d297321a48feb775907de0ba2b9a100cb35f7364357b0af0e55931", + "zh:ccbee95f3c264c663fcddac8c8c921ec9f4fde95f15196838a73a9bf215a4020", + "zh:d3226f7b3a3013fceeef3392f54708b976daa0f43767bc24ff8c420c8a48a1a9", + "zh:f236d34596a51f64163eb5d13c3bcea4e10023f7e65f777b7267c463c427aad2", + "zh:f79f848b9c4b67879c2c25f2ef5b654eaafcfd7568f442eea2566bb580519c4f", + "zh:fbe2363c1c6a32df6443e650b53b5004a4d6f9431d23935ed98c500bed1552bd", + ] +} diff --git a/terraform/conflatorio-docker/main.tf b/terraform/conflatorio-docker/main.tf index ce46e60..21081ac 100644 --- a/terraform/conflatorio-docker/main.tf +++ b/terraform/conflatorio-docker/main.tf @@ -16,9 +16,22 @@ terraform { source = "kreuzwerker/docker" version = "2.23.1" } + ansiblevault = { + source = "MeilleursAgents/ansiblevault" + version = "2.2.0" + } } } provider "docker" { host = "ssh://conflatorio.vpn.trygvis.io" } + +provider "ansiblevault" { + root_folder = "../.." +} + +data "ansiblevault_path" "linode_token" { + path = "terraform-vault.yml" + key = "linode_token" +} diff --git a/terraform/conflatorio-docker/traefik.tf b/terraform/conflatorio-docker/traefik.tf index 281d94f..42442be 100644 --- a/terraform/conflatorio-docker/traefik.tf +++ b/terraform/conflatorio-docker/traefik.tf @@ -43,10 +43,10 @@ resource "docker_container" "traefik" { "--entrypoints.web.address=:80", "--entrypoints.web.http.redirections.entrypoint.to=websecure", "--entrypoints.web.http.redirections.entrypoint.scheme=https", - "--certificatesresolvers.bitraf.acme.dnschallenge.provider=linode", - "--certificatesresolvers.bitraf.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53", - "--certificatesresolvers.bitraf.acme.email=itavdelingen@bitraf.no", - "--certificatesresolvers.bitraf.acme.storage=/letsencrypt/acme.json", + "--certificatesresolvers.linode.acme.dnschallenge.provider=linode", + "--certificatesresolvers.linode.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53", + "--certificatesresolvers.linode.acme.email=root@trygvis.io", + "--certificatesresolvers.linode.acme.storage=/letsencrypt/acme.json", ] # labels { @@ -58,14 +58,13 @@ resource "docker_container" "traefik" { # - "/var/run/docker.sock:/var/run/docker.sock:ro" env = [ - # LINODE_TOKEN: "{{ linode_itavdelingen_pat }}" + "LINODE_TOKEN=${data.ansiblevault_path.linode_token.value}" ] mounts { source = "/etc/docker-service/traefik/letsencrypt" target = "/letsencrypt" type = "bind" - read_only = true } mounts { |