diff options
Diffstat (limited to 'terraform/conflatorio-docker/traefik.tf')
-rw-r--r-- | terraform/conflatorio-docker/traefik.tf | 107 |
1 files changed, 107 insertions, 0 deletions
diff --git a/terraform/conflatorio-docker/traefik.tf b/terraform/conflatorio-docker/traefik.tf new file mode 100644 index 0000000..281d94f --- /dev/null +++ b/terraform/conflatorio-docker/traefik.tf @@ -0,0 +1,107 @@ +resource "docker_network" "traefik" { + name = "traefik" +} + +resource "docker_image" "traefik" { + name = "traefik:2.9" +} + +resource "docker_container" "traefik" { + image = docker_image.traefik.image_id + name = "traefik" + privileged = false + must_run = false + + networks_advanced { + name = docker_network.traefik.name + } + + ports { + internal = 80 + external = 80 + ip = "192.168.10.147" + } + + ports { + internal = 443 + external = 443 + ip = "192.168.10.147" + } + + ports { + internal = 443 + external = 443 + ip = "fdf3:aad9:a885:b3a::3" + } + + command = [ + "--log.level=DEBUG", + "--api.insecure=true", + "--providers.docker=true", + "--providers.docker.exposedbydefault=false", + "--entrypoints.websecure.address=:443", + "--entrypoints.web.address=:80", + "--entrypoints.web.http.redirections.entrypoint.to=websecure", + "--entrypoints.web.http.redirections.entrypoint.scheme=https", + "--certificatesresolvers.bitraf.acme.dnschallenge.provider=linode", + "--certificatesresolvers.bitraf.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53", + "--certificatesresolvers.bitraf.acme.email=itavdelingen@bitraf.no", + "--certificatesresolvers.bitraf.acme.storage=/letsencrypt/acme.json", + ] + + # labels { + # label = "traefik.enable" + # value = "true" + # } + + # - "{{ docker_service__root }}/traefik/letsencrypt:/letsencrypt" + # - "/var/run/docker.sock:/var/run/docker.sock:ro" + + env = [ + # LINODE_TOKEN: "{{ linode_itavdelingen_pat }}" + ] + + mounts { + source = "/etc/docker-service/traefik/letsencrypt" + target = "/letsencrypt" + type = "bind" + read_only = true + } + + mounts { + source = "/var/run/docker.sock" + target = "/var/run/docker.sock" + type = "bind" + read_only = true + } + + depends_on = [ + resource.null_resource.letsencrypt, + ] +} + +locals { + path = "/etc/docker-service/traefik/letsencrypt" +} + +resource "null_resource" "letsencrypt" { + triggers = { + path = local.path + } + + provisioner "local-exec" { + command = "ssh conflatorio.vpn.trygvis.io sudo mkdir -p ${local.path}" + } +} + +# provisioner "file" { +# source = "conf/myapp.conf" +# destination = "/etc/myapp.conf" +# +# connection { +# type = "ssh" +# user = "root" +# password = "${var.root_password}" +# host = "${var.host}" +# } +# } |