diff options
| -rw-r--r-- | terraform/unifi-controller/.terraform.lock.hcl | 19 | ||||
| -rw-r--r-- | terraform/unifi-controller/main.tf | 15 | ||||
| -rw-r--r-- | terraform/unifi-controller/mongo.tf | 31 | ||||
| -rw-r--r-- | terraform/unifi-controller/sops.yml | 21 | ||||
| -rw-r--r-- | terraform/unifi-controller/unifi.tf | 2 |
5 files changed, 86 insertions, 2 deletions
diff --git a/terraform/unifi-controller/.terraform.lock.hcl b/terraform/unifi-controller/.terraform.lock.hcl index b96b3f3..9fa446f 100644 --- a/terraform/unifi-controller/.terraform.lock.hcl +++ b/terraform/unifi-controller/.terraform.lock.hcl @@ -66,3 +66,22 @@ provider "registry.terraform.io/linode/linode" { "zh:ee653d5d08cb331ce2d8dc1010e68d363470ae87be62c0515e5d2418727cd02b", ] } + +provider "registry.terraform.io/lokkersp/sops" { + version = "0.6.10" + constraints = "0.6.10" + hashes = [ + "h1:atU8NIBxpNTWY+qBubvEOfjOn4K1aCDoq1iUFocgIHQ=", + "zh:0f053a26392a581b1f1ce6316cb7ed8ec4cc75e7f5f1cf7cfd45050b6b3c87ea", + "zh:207bb96c4471fce9aeb1b3c217d772692c3d865d294cf4d2501dad41de36a15e", + "zh:28506e8f1f3b9eaa95d99043440328044ee6340143535e5751538328a529d001", + "zh:3cae3bcea9e35fdc5b3f2af1b4580cd625c996448ad0c676c772260e46b25289", + "zh:3e44daaf82986c2b0028aeb17b867f3c68ed5dd8ac8625ba0406cf2a5fd3d92e", + "zh:457fb8ca2e677af24f9a4bdd8b613b1d7b604ad7133541657e5757c19268da71", + "zh:473d727c228f021a3df8cc8dcc6231ad7f90ed63f9e47c36b597d591e76228da", + "zh:48c4c1df39fd76ec8bd5fe9ac70cdc0927ac8be95582dbe46458b3442ce0fcd9", + "zh:728b19cb5c07e5e9d8b78fd94cc57d4c13582ecd24b7eb7c4cc2bf73b12fe4d1", + "zh:c51ed9af591779bb0910b82addeebb10f53428b994f8db653dd1dedcec60916c", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/terraform/unifi-controller/main.tf b/terraform/unifi-controller/main.tf index 760e67c..915685a 100644 --- a/terraform/unifi-controller/main.tf +++ b/terraform/unifi-controller/main.tf @@ -14,6 +14,10 @@ terraform { source = "cyrilgdn/postgresql" version = "1.18.0" } + sops = { + source = "lokkersp/sops" + version = "0.6.10" + } } } @@ -24,5 +28,14 @@ provider "docker" { locals { domain_name = "unifi.vpn.trygvis.io" - docker_image = "lscr.io/linuxserver/unifi-controller:8.0.24" + docker_image_controller = "lscr.io/linuxserver/unifi-controller:8.0.24" + docker_image_mongo = "mongo:3.6" + + mongo_username = "unifi" + mongo_password = data.sops_file_entry.mongo_password +} + +data "sops_file_entry" "mongo_password" { + source_file = "../../sops.yml" + data_key = "mongo_password" } diff --git a/terraform/unifi-controller/mongo.tf b/terraform/unifi-controller/mongo.tf new file mode 100644 index 0000000..747b3b1 --- /dev/null +++ b/terraform/unifi-controller/mongo.tf @@ -0,0 +1,31 @@ +resource "docker_network" "unifi-mongo" { + name = "unifi-mongo" +} + +data "docker_registry_image" "mongo" { + name = local.docker_image_mongo +} + +resource "docker_image" "mongo" { + name = data.docker_registry_image.mongo.name + pull_triggers = [data.docker_registry_image.mongo.sha256_digest] +} + +resource "docker_volume" "unifi-mongo" { + name = "unifi-mongo" +} + +resource "docker_container" "unifi-mongo" { + image = docker_image.mongo.image_id + name = "unifi-mongo" + hostname = "unifi-mongo" + + networks_advanced { + name = docker_network.unifi-mongo.name + } + + volumes { + volume_name = docker_volume.unifi-mongo.name + container_path = "/data/db" + } +} diff --git a/terraform/unifi-controller/sops.yml b/terraform/unifi-controller/sops.yml new file mode 100644 index 0000000..daf5231 --- /dev/null +++ b/terraform/unifi-controller/sops.yml @@ -0,0 +1,21 @@ +mongo_password: ENC[AES256_GCM,data:4GK/9eCD/tuhDTgAnvn4nim6zB8q476MG4SYzp4SuxcTK0uUdPKdMj0uWAUySYnFI+hNINSMm5ujZ6PXUdLxE2X04t52Dtm5DoVXgZTrP8WHXz2RHGrVElJ6LABVji3mmh4+Ug==,iv:5j89FCkB9sr85tRzo9qeVUjrqvgZOEihBstXNWgbTOA=,tag:V27pawBT6NqX3V0iAeu7NA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age13wv3rp0varlg4nvt3tca48fq8u9q3mc6yfdekjeapcmc7kaq4dysrzcmv3 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlRFptMlVVRWFQbjlwb2tj + NmtEV29HMm82SjdKTDE4N2pSOUpvRzBOcDAwCnBOcnlKS0dCQjRxc0VzY3pEVyt1 + K2hRZGpqL3p1ejZJM2xyTDFocnFSMW8KLS0tIEx0cVpOUHVrZTErTXBGKyt2Rmx5 + Q3NYajIxUFNwUDZ6bW1XT1NWak8vaVkK0IoF+EoQA7AAXmfVICs8wIxJrhlTDKkc + cRc2o70ARquivCo/SuYg1f/097BhOucm1lLXfCATvzi5GvMwqXvcTg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-05-20T04:48:47Z" + mac: ENC[AES256_GCM,data:BbX2yJsTcmgoY1lL+isa85eBN8OK4BM7wZsuwAJtOsxMDEHYmzJiF4AjKnSoTWqdCLy2PhpUPfLmsunfODhfoiCmfjqr69WHP+fktPK9RRaa+bBGGXAc6/GBWBuvlhmgvy0LKRa9DrCPLOF0lwrEvmur89THCUu6HW60aguO3E0=,iv:C3VFYOdMGh8M4KbS1K0zq8cwmsrjZFkih74use0omdQ=,tag:arLY4XlgJ3Z8fFdXeHBAHw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/terraform/unifi-controller/unifi.tf b/terraform/unifi-controller/unifi.tf index 76f6448..699628b 100644 --- a/terraform/unifi-controller/unifi.tf +++ b/terraform/unifi-controller/unifi.tf @@ -3,7 +3,7 @@ data "docker_network" "traefik" { } data "docker_registry_image" "unifi-controller" { - name = local.docker_image + name = local.docker_image_controller } resource "docker_image" "unifi-controller" { |