summaryrefslogtreecommitdiff
path: root/terraform/conflatorio-docker/traefik.tf
diff options
context:
space:
mode:
Diffstat (limited to 'terraform/conflatorio-docker/traefik.tf')
-rw-r--r--terraform/conflatorio-docker/traefik.tf107
1 files changed, 107 insertions, 0 deletions
diff --git a/terraform/conflatorio-docker/traefik.tf b/terraform/conflatorio-docker/traefik.tf
new file mode 100644
index 0000000..281d94f
--- /dev/null
+++ b/terraform/conflatorio-docker/traefik.tf
@@ -0,0 +1,107 @@
+resource "docker_network" "traefik" {
+ name = "traefik"
+}
+
+resource "docker_image" "traefik" {
+ name = "traefik:2.9"
+}
+
+resource "docker_container" "traefik" {
+ image = docker_image.traefik.image_id
+ name = "traefik"
+ privileged = false
+ must_run = false
+
+ networks_advanced {
+ name = docker_network.traefik.name
+ }
+
+ ports {
+ internal = 80
+ external = 80
+ ip = "192.168.10.147"
+ }
+
+ ports {
+ internal = 443
+ external = 443
+ ip = "192.168.10.147"
+ }
+
+ ports {
+ internal = 443
+ external = 443
+ ip = "fdf3:aad9:a885:b3a::3"
+ }
+
+ command = [
+ "--log.level=DEBUG",
+ "--api.insecure=true",
+ "--providers.docker=true",
+ "--providers.docker.exposedbydefault=false",
+ "--entrypoints.websecure.address=:443",
+ "--entrypoints.web.address=:80",
+ "--entrypoints.web.http.redirections.entrypoint.to=websecure",
+ "--entrypoints.web.http.redirections.entrypoint.scheme=https",
+ "--certificatesresolvers.bitraf.acme.dnschallenge.provider=linode",
+ "--certificatesresolvers.bitraf.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53",
+ "--certificatesresolvers.bitraf.acme.email=itavdelingen@bitraf.no",
+ "--certificatesresolvers.bitraf.acme.storage=/letsencrypt/acme.json",
+ ]
+
+ # labels {
+ # label = "traefik.enable"
+ # value = "true"
+ # }
+
+ # - "{{ docker_service__root }}/traefik/letsencrypt:/letsencrypt"
+ # - "/var/run/docker.sock:/var/run/docker.sock:ro"
+
+ env = [
+ # LINODE_TOKEN: "{{ linode_itavdelingen_pat }}"
+ ]
+
+ mounts {
+ source = "/etc/docker-service/traefik/letsencrypt"
+ target = "/letsencrypt"
+ type = "bind"
+ read_only = true
+ }
+
+ mounts {
+ source = "/var/run/docker.sock"
+ target = "/var/run/docker.sock"
+ type = "bind"
+ read_only = true
+ }
+
+ depends_on = [
+ resource.null_resource.letsencrypt,
+ ]
+}
+
+locals {
+ path = "/etc/docker-service/traefik/letsencrypt"
+}
+
+resource "null_resource" "letsencrypt" {
+ triggers = {
+ path = local.path
+ }
+
+ provisioner "local-exec" {
+ command = "ssh conflatorio.vpn.trygvis.io sudo mkdir -p ${local.path}"
+ }
+}
+
+# provisioner "file" {
+# source = "conf/myapp.conf"
+# destination = "/etc/myapp.conf"
+#
+# connection {
+# type = "ssh"
+# user = "root"
+# password = "${var.root_password}"
+# host = "${var.host}"
+# }
+# }
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-11 17:59:34 +0000