aboutsummaryrefslogtreecommitdiff
path: root/terraform/conflatorio-docker
diff options
context:
space:
mode:
authorTrygve Laugstøl <trygvis@inamo.no>2023-02-27 11:35:40 +0100
committerTrygve Laugstøl <trygvis@inamo.no>2023-02-27 11:35:40 +0100
commitf05b5689f86243b227068cf9331d8146fbc33cf8 (patch)
tree8671383b7e364e2083cc7e16420cfb4d80d7d8ef /terraform/conflatorio-docker
parentfd13d07d83fd124064d625206bcca97d6a386df3 (diff)
downloadinfra-f05b5689f86243b227068cf9331d8146fbc33cf8.tar.gz
infra-f05b5689f86243b227068cf9331d8146fbc33cf8.tar.bz2
infra-f05b5689f86243b227068cf9331d8146fbc33cf8.tar.xz
infra-f05b5689f86243b227068cf9331d8146fbc33cf8.zip
unifi-controller
Diffstat (limited to 'terraform/conflatorio-docker')
-rw-r--r--terraform/conflatorio-docker/traefik.tf42
1 files changed, 28 insertions, 14 deletions
diff --git a/terraform/conflatorio-docker/traefik.tf b/terraform/conflatorio-docker/traefik.tf
index 46d4671..a1cedec 100644
--- a/terraform/conflatorio-docker/traefik.tf
+++ b/terraform/conflatorio-docker/traefik.tf
@@ -1,20 +1,20 @@
resource "docker_network" "traefik" {
name = "traefik"
-# ipv6 = true
+ # ipv6 = true
ipam_config {
gateway = "172.20.0.1"
subnet = "172.20.0.0/16"
}
-# ipam_config {
-# subnet = "fd00:dead:beef::/48"
-# gateway = "fd00:dead:beef::1"
-# }
+ # ipam_config {
+ # subnet = "fd00:dead:beef::/48"
+ # gateway = "fd00:dead:beef::1"
+ # }
}
resource "docker_image" "traefik" {
- name = "traefik:2.9"
+ name = "traefik:2.9.8"
}
resource "docker_container" "traefik" {
@@ -47,7 +47,10 @@ resource "docker_container" "traefik" {
command = [
"--log.level=DEBUG",
- "--api.insecure=true",
+ "--api=true",
+ "--api.dashboard=true",
+ "--api.debug=true",
+ # "--api.insecure=true",
"--providers.docker=true",
"--providers.docker.exposedbydefault=false",
"--entrypoints.websecure.address=:443",
@@ -58,15 +61,26 @@ resource "docker_container" "traefik" {
"--certificatesresolvers.linode.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53",
"--certificatesresolvers.linode.acme.email=root@trygvis.io",
"--certificatesresolvers.linode.acme.storage=/letsencrypt/acme.json",
- ]
- # labels {
- # label = "traefik.enable"
- # value = "true"
- # }
+ # There doesn't seem to be a way to define a specific
+ # serversTransport through the CLI or lables, to here backend
+ # certificate checks are globally disabled.
+ "--serverstransport.insecureskipverify",
+ ]
- # - "{{ docker_service__root }}/traefik/letsencrypt:/letsencrypt"
- # - "/var/run/docker.sock:/var/run/docker.sock:ro"
+ dynamic "labels" {
+ for_each = [
+ { label = "traefik.enable", value = "true" },
+ { label = "traefik.http.routers.traefik.service", value = "api@internal" },
+ { label = "traefik.http.routers.traefik.rule", value = "Host(`conflatorio.vpn.trygvis.io`)" },
+ { label = "traefik.http.routers.traefik.entrypoints", value = "websecure" },
+ { label = "traefik.http.routers.traefik.tls.certresolver", value = "linode" },
+ ]
+ content {
+ label = labels.value["label"]
+ value = labels.value["value"]
+ }
+ }
env = [
"LINODE_TOKEN=${data.sops_file_entry.linode_token.data}"